Re: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries
Hi I am going to merge this. However, I realize that my mailbox filtered patch 6/11 and 10/11. So I am going to merge the one in https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3 Please double confirm: 1) the latest one 256220d82191effae32d91897ab0f65a4fa0641b is identical to the one you submitted to EDKII mailing list. 2) the latest one passed the EDKII CI. Once you confirm above, I will start merging process. Thank you Yao Jiewen > -Original Message- > From: devel@edk2.groups.io On Behalf Of Kun Qin > Sent: Friday, July 1, 2022 7:54 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Sean Brogan ; > Ard Biesheuvel ; Justen, Jordan L > ; Gerd Hoffmann ; Rebecca > Cran ; Peter Grehan ; Boeuf, > Sebastien ; Andrew Fish ; Ni, > Ray > Subject: [edk2-devel] [PATCH v3 00/11] Enhance Secure Boot Variable Libraries > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 > > This is a follow-up of a previously submitted patch series based on top > of master branch: https://edk2.groups.io/g/devel/message/90491. > > The main changes between v2 and v3 patches are: > - Added reviewed-by and acked-by tags collected from previous iteration > - Updated default timestamp for default secure boot variable enrollment > > The updated changes are verified on QEMU based Q35 virtual platform as > well as proprietary physical platforms. > > Patch v3 branch: > https://github.com/kuqin12/edk2/tree/secure_boot_enhance_v3 > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Sean Brogan > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Gerd Hoffmann > Cc: Rebecca Cran > Cc: Peter Grehan > Cc: Sebastien Boeuf > Cc: Andrew Fish > Cc: Ray Ni > > Kun Qin (8): > SecurityPkg: UefiSecureBoot: Definitions of cert and payload > structures > SecurityPkg: PlatformPKProtectionLib: Added PK protection interface > SecurityPkg: SecureBootVariableLib: Updated time based payload creator > SecurityPkg: SecureBootVariableProvisionLib: Updated implementation > SecurityPkg: Secure Boot Drivers: Added common header files > SecurityPkg: SecureBootConfigDxe: Updated invocation pattern > OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency > EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency > > kuqin (3): > SecurityPkg: SecureBootVariableLib: Updated signature list creator > SecurityPkg: SecureBootVariableLib: Added newly supported interfaces > SecurityPkg: SecureBootVariableLib: Added unit tests > > SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c > |1 + > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib > VarPolicy.c | 51 + > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c > | 485 - > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio > nLib.c | 36 + > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiLib.c > | 201 ++ > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockUefiRuntimeServices > TableLib.c | 13 + > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/SecureBootVariableLibUnit > Test.c| 2037 > > SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisi > onLib.c | 145 +- > > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigIm > pl.c | 128 +- > > SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefa > ultKeysDxe.c |1 + > EmulatorPkg/EmulatorPkg.dsc > |1 + > OvmfPkg/Bhyve/BhyveX64.dsc > |1 + > OvmfPkg/CloudHv/CloudHvX64.dsc > |1 + > OvmfPkg/IntelTdx/IntelTdxX64.dsc > |1 + > OvmfPkg/OvmfPkgIa32.dsc > |1 + > OvmfPkg/OvmfPkgIa32X64.dsc > |1 + > OvmfPkg/OvmfPkgX64.dsc > |1 + > SecurityPkg/Include/Library/PlatformPKProtectionLib.h > | > 31 + > SecurityPkg/Include/Library/SecureBootVariableLib.h > | > 103 +- > SecurityPkg/Include/UefiSecureBoot.h > | 94 + > > SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLib > VarPolicy.inf | 36 + > SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf > | 14 +- > > SecurityPkg/Library/SecureBootVariableLib/UnitTest/MockPlatformPKProtectio > nLib.inf| 33 +
[edk2-devel] [PATCH v2] SecurityPkg: Add TPM NVIndex Extend support.
code: https://github.com/qizhangz/edk2/tree/NvIndexExtend
Signed-off-by: Qi Zhang
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Rahul Kumar
Cc: Qi Zhang
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 21 +++
.../HashLibBaseCryptoRouterDxe.c | 86 +++--
.../Library/Tpm2CommandLib/Tpm2NVStorage.c| 120 ++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 25 +++-
4 files changed, 238 insertions(+), 14 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index a2fb97f18d..f2ff3a5c0c 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -467,6 +467,27 @@ Tpm2NvGlobalWriteLock (
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
);
+/**
+ This command extends a value to an area in NV memory that was previously
defined by TPM2_NV_DefineSpace().
+
+ @param[in] AuthHandle the handle indicating the source of the
authorization value.
+ @param[in] NvIndexThe NV Index of the area to extend.
+ @param[in] AuthSessionAuth Session context
+ @param[in] InData The data to extend.
+
+ @retval EFI_SUCCESSOperation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+ @retval EFI_NOT_FOUND The command was returned successfully, but
NvIndex is not found.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2NvExtend (
+ IN TPMI_RH_NV_AUTHAuthHandle,
+ IN TPMI_RH_NV_INDEX NvIndex,
+ IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
+ IN TPM2B_MAX_BUFFER *InData
+ );
+
/**
This command is used to cause an update to the indicated PCR.
The digests parameter contains one or more tagged digest value identified by
an algorithm ID.
diff --git
a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
index ee8fe6e06e..591cbfcb79 100644
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
@@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#include
#include
+#include
#include "HashLibBaseCryptoRouterCommon.h"
@@ -128,6 +129,49 @@ HashUpdate (
return EFI_SUCCESS;
}
+/**
+ extend Data to NvIndex.
+
+ @param NvIndex NvIndex to be extended.
+ @param DataSize Data size.
+ @param Data Data to be extended.
+
+ @retval EFI_SUCCESS Data is extended to NvIndex successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2ExtendNvIndex (
+ TPMI_RH_NV_INDEX NvIndex,
+ UINT16DataSize,
+ BYTE *Data
+ )
+{
+ EFI_STATUSStatus;
+ TPMI_RH_NV_AUTH AuthHandle;
+ TPM2B_MAX_BUFFER NvExtendData;
+
+ AuthHandle = TPM_RH_PLATFORM;
+ ZeroMem (, sizeof (NvExtendData));
+ CopyMem (NvExtendData.buffer, Data, DataSize);
+ NvExtendData.size = DataSize;
+ Status= Tpm2NvExtend (
+AuthHandle,
+NvIndex,
+NULL,
+
+);
+ if (EFI_ERROR (Status)) {
+DEBUG ((
+ DEBUG_ERROR,
+ "Extend TPM NV index failed, Index: 0x%x Status: %d\n",
+ NvIndex,
+ Status
+ ));
+ }
+
+ return Status;
+}
+
/**
Hash sequence complete and extend to PCR.
@@ -149,11 +193,16 @@ HashCompleteAndExtend (
OUT TPML_DIGEST_VALUES *DigestList
)
{
- TPML_DIGEST_VALUES Digest;
- HASH_HANDLE *HashCtx;
- UINTN Index;
- EFI_STATUS Status;
- UINT32 HashMask;
+ TPML_DIGEST_VALUES Digest;
+ HASH_HANDLE *HashCtx;
+ UINTNIndex;
+ EFI_STATUS Status;
+ UINT32 HashMask;
+ TPML_DIGEST_VALUES TcgPcrEvent2Digest;
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
+ UINT32 ActivePcrBanks;
+ UINT32 *BufferPtr;
+ UINT32 DigestListBinSize;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -175,10 +224,29 @@ HashCompleteAndExtend (
FreePool (HashCtx);
- Status = Tpm2PcrExtend (
- PcrIndex,
- DigestList
- );
+ if (PcrIndex <= MAX_PCR_INDEX) {
+Status = Tpm2PcrExtend (
+ PcrIndex,
+ DigestList
+ );
+ } else {
+Status = Tpm2GetCapabilitySupportedAndActivePcrs (,
);
+ASSERT_EFI_ERROR (Status);
+ActivePcrBanks = ActivePcrBanks & mSupportedHashMaskCurrent;
+ZeroMem (, sizeof (TcgPcrEvent2Digest));
+BufferPtr = CopyDigestListToBuffer (,
DigestList, ActivePcrBanks);
+DigestListBinSize = (UINT32)((UINT8 *)BufferPtr - (UINT8
*));
+
+//
+// Extend to TPM NvIndex
+
[edk2-devel] [edk2-staging][PATCH v1 6/7] SecurityPkg: TcgPei: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change replaces the references of PcdStatusCodeSubClassTpmDevice with newly defined EFI_PERIPHERAL_TPM. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Tcg/TcgPei/TcgPei.c | 4 ++-- SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index 5aa80511aa81..dd9f996df9fe 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -355,7 +355,7 @@ HashLogExtendEvent ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); Status = EFI_DEVICE_ERROR; } @@ -922,7 +922,7 @@ PeimEntryMA ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index 2e3e7e0575d5..f49bb09062e3 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -78,7 +78,6 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice## SOMETIMES_CONSUMES [Depex] gEfiPeiMasterBootModePpiGuid AND -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91081): https://edk2.groups.io/g/devel/message/91081 Mute This Topic: https://groups.io/mt/92200218/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 7/7] SecurityPkg: SubClassTpm: Updated default value
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change updated the default value of TPM device subclass PCD to `0x010E` in order to match the definition of EFI_PERIPHERAL_TPM from PI specification. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/SecurityPkg.dec | 6 +++--- SecurityPkg/SecurityPkg.uni | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0ee75efc1a97..cc93ebb54f99 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -310,10 +310,10 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x0006 ## Progress Code for TPM device subclass definitions. - # EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D) = 0x010D + # EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000E) = 0x010E # @Prompt Status Code for TPM device definitions - # @ValidList 0x8003 | 0x010D - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D|UINT32|0x0007 + # @ValidList 0x8003 | 0x010E + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010E|UINT32|0x0007 ## Defines the IO port used to trigger a software System Management Interrupt (SMI). # Used as the SMI Command IO port by security functionality that triggers a software SMI such diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index 68587304d779..6c28b8021333 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -169,7 +169,7 @@ #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_PROMPT #language en-US "Status Code for TPM device definitions" #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_HELP #language en-US "Progress Code for TPM device subclass definitions.\n" - "EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D) = 0x010D" + "EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000E) = 0x010E" #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_PROMPT #language en-US "One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images" -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91082): https://edk2.groups.io/g/devel/message/91082 Mute This Topic: https://groups.io/mt/92200219/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 3/7] SecurityPkg: Tcg2Dxe: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966
This change replaces the references of PcdStatusCodeSubClassTpmDevice
with newly defined EFI_PERIPHERAL_TPM.
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Cc: Rahul Kumar
Signed-off-by: Kun Qin
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 4 ++--
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 -
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index f6ea8b2bbf18..d6d2994f400b 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -1256,7 +1256,7 @@ TcgDxeHashLogExtendEvent (
mTcgDxeData.BsCap.TPMPresentFlag = FALSE;
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
- (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
+ (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR)
);
}
@@ -1342,7 +1342,7 @@ Tcg2HashLogExtendEvent (
mTcgDxeData.BsCap.TPMPresentFlag = FALSE;
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
-(PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
+(BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR)
);
}
} else {
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 7dc7a2683d71..b40bdfc1c975 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -98,7 +98,6 @@ [Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ##
SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized ##
SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ##
CONSUMES
- gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ##
SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ##
CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks ##
CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ##
CONSUMES
--
2.35.1.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#91078): https://edk2.groups.io/g/devel/message/91078
Mute This Topic: https://groups.io/mt/92200215/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 5/7] SecurityPkg: TcgDxe: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change replaces the references of PcdStatusCodeSubClassTpmDevice with newly defined EFI_PERIPHERAL_TPM. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 2 +- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index ee6c6273033b..779125b1beb4 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -593,7 +593,7 @@ TcgDxeHashLogExtendEventI ( TcgData->BsCap.TPMPresentFlag = FALSE; REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); Status = EFI_DEVICE_ERROR; } diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index c93b377b34ff..be0f4a64958c 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -70,7 +70,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91080): https://edk2.groups.io/g/devel/message/91080 Mute This Topic: https://groups.io/mt/92200217/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 1/7] EDK2 Code First: PI Specification: New peripheral subclass for TPM
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change includes specification update markdown file that describes the proposed PI Specification v1.7 Errata A in detail and potential impact to the existing codebase. Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Signed-off-by: Kun Qin --- CodeFirst/BZ3966-SpecChange.md | 60 1 file changed, 60 insertions(+) diff --git a/CodeFirst/BZ3966-SpecChange.md b/CodeFirst/BZ3966-SpecChange.md new file mode 100644 index ..8a1541bdd577 --- /dev/null +++ b/CodeFirst/BZ3966-SpecChange.md @@ -0,0 +1,60 @@ +# Title: Introduction of `EFI_PERIPHERAL_TPM` Peripheral Subclass Definition + +## Status: Draft + +## Document: UEFI Platform Initialization Specification Version 1.7 Errata A + +## License + +SPDX-License-Identifier: CC-BY-4.0 + +## Submitter: [TianoCore Community](https://www.tianocore.org) + +## Summary of the change + +Add `EFI_PERIPHERAL_TPM` into Peripheral Subclass definition. + +## Benefits of the change + +Current status code covered various [peripheral subclass definitions](https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Pi/PiStatusCode.h). + +As Trusted Platform Module (TPM) becomes more available on the modern systems, status reports from such peripheral are playing more important roles in anaylzing the secruity state and healthiness of a system. However, peripheral subclass definitions do not cover TPM as of today. + +Standardizing the TPM peripheral subclass definition could facilitate the parsing of peripheral reported errors and avoid potential definition collisions from implementation based subclass usages. + +The request of this change intends to expand definitions of `EFI_PERIPHERAL_**` under Periperhal Subclass definitions to cover the TPM subclass. + +## Impact of the change + +Occupy a new macro definitions of subclass under `Defined Subclasses: User-Accessible Peripheral Class`. + +## Detailed description of the change [normative updates] + +### Specification Changes + +1. In PI Specification v1.7 Errata A: Vol. 3, Table 3-30: Defined Subclasses: User-Accessible Peripheral Class, add one new rows below `EFI_PERIPHERAL_DOCKING` definition and adjust the rest of reserved definitions accordingly: + +| Subclass | Code Name | Description | +| --- | --- | --- | +| Trusted Platform Module | EFI_PERIPHERAL_TPM | The peripheral referred to is a Trusted Platform Module | +| 0x0F–0x7F | Reserved for future use by this specification | | + +1. In PI Specification v1.7 Errata A: Vol. 3, Table 3-84: Defined Subclasses: User-Accessible Peripheral Class, add one new rows below `EFI_PERIPHERAL_DOCKING` definition and adjust the rest of reserved definitions accordingly: + +| Subclass | Code Name | +| --- | --- | +| Trusted Platform Module | EFI_PERIPHERAL_TPM | +| 0x0F–0x7F | Reserved for future use by this specification. | + +1. In PI Specification v1.7 Errata A: Vol. 3, Section 6.7.2.1 Subclass Definitions: Prototype, add one new definitions below `EFI_PERIPHERAL_DOCKING` definition: + +```c +#define EFI_PERIPHERAL_TPM \ + (EFI_PERIPHERAL | 0x000E) +``` + +### Code Changes + +1. Add macro definitions in `MdePkg/Include/Pi/PiStatusCode.h` to match new specification. +1. Replace existing references of `gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice` from SecurityPkg with new definition. +1. Updated the default value of `gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice` to `(EFI_PERIPHERAL | 0x000E)` for consistency and backwards compatibility outside of SecurityPkg. -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91076): https://edk2.groups.io/g/devel/message/91076 Mute This Topic: https://groups.io/mt/92200212/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 4/7] SecurityPkg: Tcg2Pei: Replace PcdStatusCodeSubClassTpmDevice
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change replaces the references of PcdStatusCodeSubClassTpmDevice with newly defined EFI_PERIPHERAL_TPM. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Kun Qin --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 4 ++-- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 26bb5282a58b..4fe474aade49 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -501,7 +501,7 @@ HashLogExtendEvent ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } @@ -1150,7 +1150,7 @@ PeimEntryMA ( BuildGuidHob (, 0); REPORT_STATUS_CODE ( EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + (BZ3966_EFI_PERIPHERAL_TPM | EFI_P_EC_INTERFACE_ERROR) ); } diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf index 17ad1161265d..98a26b0ad87c 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -82,7 +82,6 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES ## SOMETIMES_CONSUMES ## SOMETIMES_PRODUCES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91079): https://edk2.groups.io/g/devel/message/91079 Mute This Topic: https://groups.io/mt/92200216/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 0/7] Add TPM subclass definition
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 >From PI Specification v1.7 Errata A, EFI_PERIPHERAL_DOCKING is defined as 0xD (as well as included in PiStatusCode.h). However, subclass employed as PCD for TPM peripheral in SecurityPkg is also defined as 0xD. The TPM subclass code was used in TcgPei.c when reporting error codes. The collision of subclass definition could cause the parsing of reported errors being ambiguous. This patch series add EFI_PERIPHERAL_TPM as a spec-defined value and removed potential usages in the SecurityPkg. Patch v1 branch: https://github.com/kuqin12/edk2/tree/BZ3966-add_tpm_subclass Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Kun Qin (7): EDK2 Code First: PI Specification: New peripheral subclass for TPM MdePkg: MmCommunication: Add TPM subclass definition to MdePkg SecurityPkg: Tcg2Dxe: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: Tcg2Pei: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: TcgDxe: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: TcgPei: Replace PcdStatusCodeSubClassTpmDevice SecurityPkg: SubClassTpm: Updated default value SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 4 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 4 +- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 2 +- SecurityPkg/Tcg/TcgPei/TcgPei.c | 4 +- CodeFirst/BZ3966-SpecChange.md | 60 MdePkg/Include/Pi/PiStatusCode.h| 1 + SecurityPkg/SecurityPkg.dec | 6 +- SecurityPkg/SecurityPkg.uni | 2 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 1 - SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 - 12 files changed, 72 insertions(+), 15 deletions(-) create mode 100644 CodeFirst/BZ3966-SpecChange.md -- 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91075): https://edk2.groups.io/g/devel/message/91075 Mute This Topic: https://groups.io/mt/92200211/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-staging][PATCH v1 2/7] MdePkg: MmCommunication: Add TPM subclass definition to MdePkg
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966
This change introduces a new peripheral subclass definition.
The new subclass definition will cover system reboot events under the
status reports from Trusted Platform Modules (TPMs).
These definition could provide helpful datapoints to OEMs to analyze
system security state and healthiness, as well as avoid definition
collision with other existing peripheral subclass definitions.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Kun Qin
---
MdePkg/Include/Pi/PiStatusCode.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/MdePkg/Include/Pi/PiStatusCode.h b/MdePkg/Include/Pi/PiStatusCode.h
index ef2aea7364bc..d65b65654053 100644
--- a/MdePkg/Include/Pi/PiStatusCode.h
+++ b/MdePkg/Include/Pi/PiStatusCode.h
@@ -363,6 +363,7 @@ typedef struct {
#define EFI_PERIPHERAL_LCD_DEVICE (EFI_PERIPHERAL | 0x000B)
#define EFI_PERIPHERAL_NETWORK (EFI_PERIPHERAL | 0x000C)
#define EFI_PERIPHERAL_DOCKING (EFI_PERIPHERAL | 0x000D)
+#define BZ3966_EFI_PERIPHERAL_TPM (EFI_PERIPHERAL | 0x000E)
///@}
///
--
2.35.1.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#91077): https://edk2.groups.io/g/devel/message/91077
Mute This Topic: https://groups.io/mt/92200214/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] ArmVirtPkg: boot fail on numa system
When qemu aarch64 is configured as NUMA, the EDK2 boot fail.
Below is my test command:
```
qemu-system-aarch64 \
-nographic \
-serial tcp:localhost:54320 -serial tcp:localhost:54321 \
-smp 4 \
-s -S -machine virt,secure=on,mte=off,gic-version=3,virtualization=false \
-cpu max,sve=off \
-d unimp -semihosting-config enable=on,target=native \
-m 2048 \
-bios bl1.bin\
-initrd rootfs.cpio.gz \
-kernel Image -no-acpi \
-append 'console=ttyAMA0,38400 keep_bootcon root=/dev/vda2 ' \
-machine virt,iommu=smmuv3 -device
virtio-scsi-pci,disable-legacy=on,id=scsi0,iommu_platform=on,addr=0x2 \
-object memory-backend-ram,id=mem0,size=1G \
-object memory-backend-ram,id=mem1,size=1G \
-numa node,memdev=mem0,cpus=0-1,nodeid=0 \
-numa node,memdev=mem1,cpus=2-3,nodeid=1
```
Then I found that ArmVirtPkg always take the first memory node as system memory,
but when I configure qemu, the memory node in qemu dtb is as following.
```
memory@8000 {
numa-node-id = <0x01>;
reg = <0x00 0x8000 0x00 0x4000>;
device_type = "memory";
};
memory@4000 {
numa-node-id = <0x00>;
reg = <0x00 0x4000 0x00 0x4000>;
device_type = "memory";
};
```
Then edk2 use 'memory@8000' as system memory which is NUMA node 1.
And the memory node order is implement in qemu: arm_load_dtb() which add memory
from node 0 to N.
https://gitlab.com/qemu-project/qemu/-/blob/master/hw/arm/boot.c#L618
As I understand it, loader should take node 0.
Should I modify ArmVirtPkg/PrePi/FdtParser.c: FindMemnode() for the NUMA case ?
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#91074): https://edk2.groups.io/g/devel/message/91074
Mute This Topic: https://groups.io/mt/92198841/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 07/05/2022 #cal-reminder
*Reminder: TianoCore Bug Triage - APAC / NAMO* *When:* 07/05/2022 6:30pm to 7:30pm (UTC-07:00) America/Los Angeles *Where:* https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d *Organizer:* Liming Gao gaolim...@byosoft.com.cn ( gaolim...@byosoft.com.cn?subject=Re:%20Event:%20TianoCore%20Bug%20Triage%20-%20APAC%20%2F%20NAMO ) View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1262372 ) *Description:* TianoCore Bug Triage - APAC / NAMO Hosted by Liming Gao Microsoft Teams meeting *Join on your computer or mobile app* Click here to join the meeting ( https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d ) *Join with a video conferencing device* te...@conf.intel.com Video Conference ID: 116 062 094 0 Alternate VTC dialing instructions ( https://conf.intel.com/teams/?conf=1160620940=teams=conf.intel.com=test_call ) *Or call in (audio only)* +1 916-245-6934,,77463821# ( tel:+19162456934,,77463821# ) United States, Sacramento Phone Conference ID: 774 638 21# Find a local number ( https://dialin.teams.microsoft.com/d195d438-2daa-420e-b9ea-da26f9d1d6d5?id=77463821 ) | Reset PIN ( https://mysettings.lync.com/pstnconferencing ) Learn More ( https://aka.ms/JoinTeamsMeeting ) | Meeting options ( https://teams.microsoft.com/meetingOptions/?organizerId=b286b53a-1218-4db3-bfc9-3d4c5aa7669e=46c98d88-e344-4ed4-8496-4ed7712e255d=19_meeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh@thread.v2=0=en-US ) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91073): https://edk2.groups.io/g/devel/message/91073 Mute This Topic: https://groups.io/mt/92177453/21656 Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [edk2-platforms] [PATCH 1/1] Platform/Sgi: Add support to disable isolated cpus
Hi Team, Is there any comment on this patch? Thanks, Nishant -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91071): https://edk2.groups.io/g/devel/message/91071 Mute This Topic: https://groups.io/mt/91816363/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication
Thanks Maciej. I've sent out a patch v2 which fixes the memory leak. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91070): https://edk2.groups.io/g/devel/message/91070 Mute This Topic: https://groups.io/mt/91829185/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 1/1] NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2504
Add support for TLS Client Authentication using Basic Authentication
for HTTP Boot
Cc: Maciej Rabeda
Cc: Wu Jiaxin
Cc: Siyuan Fu
Signed-off-by: Saloni Kasbekar
---
MdePkg/Include/IndustryStandard/Http11.h | 8 ++
MdePkg/Include/Protocol/HttpBootCallback.h | 6 +-
NetworkPkg/HttpBootDxe/HttpBootClient.c| 91 +-
NetworkPkg/HttpBootDxe/HttpBootClient.h| 6 +-
NetworkPkg/HttpBootDxe/HttpBootDxe.h | 6 ++
NetworkPkg/HttpBootDxe/HttpBootImpl.c | 23 +-
6 files changed, 135 insertions(+), 5 deletions(-)
diff --git a/MdePkg/Include/IndustryStandard/Http11.h
b/MdePkg/Include/IndustryStandard/Http11.h
index f1f113e04b69..2137ef1f1ac3 100644
--- a/MdePkg/Include/IndustryStandard/Http11.h
+++ b/MdePkg/Include/IndustryStandard/Http11.h
@@ -204,6 +204,14 @@
///
#define HTTP_HEADER_IF_NONE_MATCH "If-None-Match"
+///
+/// The WWW-Authenticate Response Header
+/// If a server receives a request for an access-protected object, and an
+/// acceptable Authorization header is not sent, the server responds with
+/// a "401 Unauthorized" status code, and a WWW-Authenticate header.
+///
+#define HTTP_HEADER_WWW_AUTHENTICATE "WWW-Authenticate"
+
///
/// Authorization Request Header
/// The Authorization field value consists of credentials
diff --git a/MdePkg/Include/Protocol/HttpBootCallback.h
b/MdePkg/Include/Protocol/HttpBootCallback.h
index 926f6c1b3076..b56c631b1f4f 100644
--- a/MdePkg/Include/Protocol/HttpBootCallback.h
+++ b/MdePkg/Include/Protocol/HttpBootCallback.h
@@ -32,7 +32,7 @@ typedef enum {
///
HttpBootDhcp6,
///
- /// Data points to an EFI_HTTP_MESSAGE structure, whichcontians a HTTP
request message
+ /// Data points to an EFI_HTTP_MESSAGE structure, which contains a HTTP
request message
/// to be transmitted.
///
HttpBootHttpRequest,
@@ -46,6 +46,10 @@ typedef enum {
/// buffer of the entity body data.
///
HttpBootHttpEntityBody,
+ ///
+ /// Data points to the authentication information to provide to the HTTP
server.
+ ///
+ HttpBootHttpAuthInfo,
HttpBootTypeMax
} EFI_HTTP_BOOT_CALLBACK_DATA_TYPE;
diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.c
b/NetworkPkg/HttpBootDxe/HttpBootClient.c
index 62e87238fef7..deeea6f38669 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootClient.c
+++ b/NetworkPkg/HttpBootDxe/HttpBootClient.c
@@ -922,6 +922,7 @@ HttpBootGetBootFileCallback (
@retval EFI_BUFFER_TOO_SMALL The BufferSize is too small to read the
current directory entry.
BufferSize has been updated with the size
needed to complete
the request.
+ @retval EFI_ACCESS_DENIEDThe server needs to authenticate the client.
@retval Others Unexpected error happened.
**/
@@ -951,6 +952,9 @@ HttpBootGetBootFile (
CHAR16 *Url;
BOOLEAN IdentityMode;
UINTNReceivedSize;
+ CHAR8BaseAuthValue[80];
+ EFI_HTTP_HEADER *HttpHeader;
+ CHAR8*Data;
ASSERT (Private != NULL);
ASSERT (Private->HttpCreated);
@@ -1009,8 +1013,9 @@ HttpBootGetBootFile (
// Host
// Accept
// User-Agent
+ // [Authorization]
//
- HttpIoHeader = HttpIoCreateHeader (3);
+ HttpIoHeader = HttpIoCreateHeader ((Private->AuthData != NULL) ? 4 : 3);
if (HttpIoHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ERROR_2;
@@ -1063,6 +1068,35 @@ HttpBootGetBootFile (
goto ERROR_3;
}
+ //
+ // Add HTTP header field 4: Authorization
+ //
+ if (Private->AuthData != NULL) {
+ASSERT (HttpIoHeader->MaxHeaderCount == 4);
+
+if ((Private->AuthScheme != NULL) && (CompareMem (Private->AuthScheme,
"Basic", 5) != 0)) {
+ Status = EFI_UNSUPPORTED;
+ goto ERROR_3;
+}
+
+AsciiSPrint (
+ BaseAuthValue,
+ sizeof (BaseAuthValue),
+ "%a %a",
+ "Basic",
+ Private->AuthData
+ );
+
+Status = HttpIoSetHeader (
+ HttpIoHeader,
+ HTTP_HEADER_AUTHORIZATION,
+ BaseAuthValue
+ );
+if (EFI_ERROR (Status)) {
+ goto ERROR_3;
+}
+ }
+
//
// 2.2 Build the rest of HTTP request info.
//
@@ -,6 +1145,7 @@ HttpBootGetBootFile (
goto ERROR_4;
}
+ Data = NULL;
Status = HttpIoRecvResponse (
>HttpIo,
TRUE,
@@ -1121,6 +1156,60 @@ HttpBootGetBootFile (
StatusCode = HttpIo->RspToken.Message->Data.Response->StatusCode;
HttpBootPrintErrorMessage (StatusCode);
Status = ResponseData->Status;
+ if ((StatusCode == HTTP_STATUS_401_UNAUTHORIZED) || \
+ (StatusCode == HTTP_STATUS_407_PROXY_AUTHENTICATION_REQUIRED))
+ {
+if (Private->AuthData != NULL) {
+ FreePool (Private->AuthData);
+ Private->AuthData = NULL;
+
[edk2-devel] [PATCH] ArmVirtPkg: Fix boot fail on numa system.
If "numa-node-id" is specified in a memory node,
take node 0 as system memory instead of taking
the first memory node.
Cc: YJ Chiang
Signed-off-by: Mark-PK Tsai
---
ArmVirtPkg/PrePi/FdtParser.c | 32
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/ArmVirtPkg/PrePi/FdtParser.c b/ArmVirtPkg/PrePi/FdtParser.c
index 5a91f7e62d..5c7de3bc31 100644
--- a/ArmVirtPkg/PrePi/FdtParser.c
+++ b/ArmVirtPkg/PrePi/FdtParser.c
@@ -19,19 +19,43 @@ FindMemnode (
INT32SizeCells;
INT32Length;
CONST INT32 *Prop;
+ INT32NumaId;
+ INT32Node, Prev;
+ CONST CHAR8 *Type;
if (fdt_check_header (DeviceTreeBlob) != 0) {
return FALSE;
}
//
- // Look for a node called "memory" at the lowest level of the tree
+ // Look for the lowest memory node.
+ // On Numa system, use node 0 as system memory.
//
- MemoryNode = fdt_path_offset (DeviceTreeBlob, "/memory");
- if (MemoryNode <= 0) {
-return FALSE;
+ MemoryNode = -1;
+ NumaId = -1;
+
+ for (Prev = 0; ; Prev = Node) {
+Node = fdt_next_node (DeviceTreeBlob, Prev, NULL);
+if (Node < 0)
+ break;
+
+Type = fdt_getprop (DeviceTreeBlob, Node, "device_type", );
+if (Type && (AsciiStrnCmp (Type, "memory", Length) == 0)) {
+ Prop = fdt_getprop (DeviceTreeBlob, Node, "numa-node-id", );
+ if (Prop && Length == 4) {
+NumaId = fdt32_to_cpu (*Prop);
+ }
+
+ if (!Prop || (Prop && NumaId == 0)) {
+MemoryNode = Node;
+break;
+ }
+}
}
+ if (MemoryNode < 0)
+return FALSE;
+
//
// Retrieve the #address-cells and #size-cells properties
// from the root node, or use the default if not provided.
--
2.32.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#91068): https://edk2.groups.io/g/devel/message/91068
Mute This Topic: https://groups.io/mt/92188181/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] MdeModulePkg/Variable: SCT run AuthVar_conf is failed
From: Lijun10x
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3969
Attr are EFI_VARIABLE_NON_VOLATILE|VARIABLE_AUTHENTICATED_WRITE_ACCESS,
will return EFI_INVALID_PARAMETER.
Added one case, only when one attribute is EFI_VARIABLE_NON_VOLATILE
will EFI_INVALID_PARAMETER be returned.
If attr are EFI_VARIABLE_NON_VOLATILE|VARIABLE_AUTHENTICATED_WRITE_ACCESS
will return EFI_UNSUPPORTED.
In the UEFI2.7 spec, there is a description as below:
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should not be
used. Platforms should return EFI_UNSUPPORTED if a caller to
SetVariable() specifies this attribute.
Signed-off-by: JunX1 Li
Reviewed-by: Liming Gao
Reviewed-by: G Edhaya Chandran
Reviewed-by: Samer El-Haj-Mahmoud
Reviewed-by: Sunny Wang
---
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index 6c1a3440ac..14c176887a 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -2676,7 +2676,11 @@ VariableServiceSetVariable (
//
// Only EFI_VARIABLE_NON_VOLATILE attribute is invalid
//
-return EFI_INVALID_PARAMETER;
+if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ return EFI_UNSUPPORTED;
+} else {
+ return EFI_INVALID_PARAMETER;
+}
} else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {
//
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#91067): https://edk2.groups.io/g/devel/message/91067
Mute This Topic: https://groups.io/mt/92188170/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] UEFI & RISC-V
Hi Abner, This is Nill, how are you? I found you have lots of work on UEFI on RISC-V, we are interesting in the area as well. Do you have time? I'd like to have talk with you-:). Thanks, -Nill -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91066): https://edk2.groups.io/g/devel/message/91066 Mute This Topic: https://groups.io/mt/92188167/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 1/3] [edk2-platforms] Silicon/Intel/FitGen: Support multiple Startup ACM Type 2 entries in FitGen tool
This patch series was pushed.
Thanks,
Bob
-Original Message-
From: Lin, Jason1
Sent: Friday, July 1, 2022 11:10 PM
To: devel@edk2.groups.io
Cc: Lin, Jason1 ; Feng, Bob C ;
Gao, Liming ; Chen, Christine ;
Oram, Isaac W ; Chaganty, Rangasai V
; Chiang, Dakota
Subject: [PATCH v3 1/3] [edk2-platforms] Silicon/Intel/FitGen: Support multiple
Startup ACM Type 2 entries in FitGen tool
From: Jason1 Lin
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3958
Within current FitGen tool there had limitation only allow one S-ACM to
generate the Type 2 entry.
This code change is used to support multiple type 2 entries up to 0x20.
Signed-off-by: Jason1 Lin
Cc: Bob Feng
Cc: Liming Gao
Cc: Yuwei Chen
Cc: Isaac W Oram
Cc: Rangasai V Chaganty
Cc: Dakota Chiang
---
Silicon/Intel/Tools/FitGen/FitGen.c | 89 +++-
Silicon/Intel/Tools/FitGen/FitGen.h | 4 +-
2 files changed, 50 insertions(+), 43 deletions(-)
diff --git a/Silicon/Intel/Tools/FitGen/FitGen.c
b/Silicon/Intel/Tools/FitGen/FitGen.c
index 4de72ea422..eac8fa8715 100644
--- a/Silicon/Intel/Tools/FitGen/FitGen.c
+++ b/Silicon/Intel/Tools/FitGen/FitGen.c
@@ -2,7 +2,7 @@
This utility is part of build process for IA32/X64 FD. It generates FIT table.
-Copyright (c) 2010-2021, Intel Corporation. All rights reserved.+Copyright
(c) 2010-2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -204,6 +204,7 @@ typedef
struct {
#define MAX_BIOS_MODULE_ENTRY 0x20 #define MAX_MICROCODE_ENTRY
0x20+#define MAX_STARTUP_ACM_ENTRY 0x20 #define MAX_OPTIONAL_ENTRY 0x20
#define MAX_PORT_ENTRY 0x20 @@ -255,11 +256,12 @@ typedef struct {
UINT32 FitEntryNumber; UINT32
BiosModuleNumber; UINT32 MicrocodeNumber;+ UINT32
StartupAcmNumber; UINT32
OptionalModuleNumber; UINT32 PortModuleNumber; UINT32
GlobalVersion; UINT32
FitHeaderVersion;- FIT_TABLE_CONTEXT_ENTRYStartupAcm;+
FIT_TABLE_CONTEXT_ENTRYStartupAcm[MAX_STARTUP_ACM_ENTRY]; UINT32
StartupAcmVersion; FIT_TABLE_CONTEXT_ENTRYDiagnstAcm; UINT32
DiagnstAcmVersion;@@ -1149,14 +1151,15 @@ Returns:
Error (NULL, 0, 0, "-I Parameter incorrect, Header Type
unsupported!", NULL); return 0; case
FIT_TABLE_TYPE_STARTUP_ACM:- if (gFitTableContext.StartupAcm.Type !=
0) {-Error (NULL, 0, 0, "-I Parameter incorrect, Duplicated
StartupAcm!", NULL);+ if (gFitTableContext.StartupAcmNumber >=
MAX_STARTUP_ACM_ENTRY) {+Error (NULL, 0, 0, "-I Parameter
incorrect, too many StartupAcm!", NULL); return 0; }-
gFitTableContext.StartupAcm.Type= FIT_TABLE_TYPE_STARTUP_ACM;-
gFitTableContext.StartupAcm.Address =
(UINT32)BiosInfoStruct[BiosInfoIndex].Address;-
gFitTableContext.StartupAcm.Size=
(UINT32)BiosInfoStruct[BiosInfoIndex].Size;-
gFitTableContext.StartupAcmVersion = BiosInfoStruct[BiosInfoIndex].Version;+
gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Type=
FIT_TABLE_TYPE_STARTUP_ACM;+
gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Address =
(UINT32)BiosInfoStruct[BiosInfoIndex].Address;+
gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Size=
(UINT32)BiosInfoStruct[BiosInfoIndex].Size;+
gFitTableContext.StartupAcm[gFitTableContext.StartupAcmNumber].Version =
BiosInfoStruct[BiosInfoIndex].Version;+
gFitTableContext.StartupAcmNumber ++; gFitTableContext.FitEntryNumber
++; break; case FIT_TABLE_TYPE_DIAGNST_ACM:@@ -1351,16
+1354,15 @@ Returns:
// // 1. StartupAcm //- do {+ while (TRUE) { if ((Index + 1 >=
argc) || ((strcmp (argv[Index], "-S") != 0) && (strcmp
(argv[Index], "-s") != 0)) ) {- if (BiosInfoExist &&
(gFitTableContext.StartupAcm.Type == FIT_TABLE_TYPE_STARTUP_ACM)) {-
break;+ if (gFitTableContext.StartupAcmNumber == 0) {+printf ("-S
not found. WARNING!\n"); } // Error (NULL, 0, 0, "-S Parameter
incorrect, expect -S!", NULL); // return 0;- printf ("-S not found.
WARNING!\n"); break; } if (IsGuidData (argv[Index + 1], ))
{@@ -1381,14 +1383,13 @@ Returns:
FileSize = xtoi (argv[Index + 2]); Index += 3; }-if
(gFitTableContext.StartupAcm.Type != 0) {- Error (NULL, 0, 0, "-S
Parameter incorrect, Duplicated StartupAcm!", NULL);+if
(gFitTableContext.StartupAcmNumber >= MAX_STARTUP_ACM_ENTRY) {+ Error
(NULL, 0, 0, "-S Parameter incorrect, too many StartupAcm!", NULL);
return 0; }-gFitTableContext.StartupAcm.Type =
FIT_TABLE_TYPE_STARTUP_ACM;-
Re: [edk2-devel] [PATCH] UefiPayloadPkg: Set console rows and columns to 100
Reviewed-by: Lean Sheng Tan< sheng@9elements.com > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91064): https://edk2.groups.io/g/devel/message/91064 Mute This Topic: https://groups.io/mt/92120219/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] UefiPayloadPkg: Hook up PCIE_BASE build option
Reviewed-by: Lean Sheng Tan< sheng@9elements.com > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91063): https://edk2.groups.io/g/devel/message/91063 Mute This Topic: https://groups.io/mt/92160855/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 1/3] UefiPayloadPkg: Allow full screen setup mode
Reviewed-by: Lean Sheng Tan< sheng@9elements.com > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91062): https://edk2.groups.io/g/devel/message/91062 Mute This Topic: https://groups.io/mt/92172172/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] How to get FrontPage to fill screen
Hi Liming Thanks - I managed to get it working with two patches: https://edk2.groups.io/g/devel/message/91046 https://review.coreboot.org/c/coreboot/+/65643 Sean On Tue, 5 Jul 2022 at 01:56, gaoliming via groups.io wrote: > Please try below setting. > > > > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn | 128 > > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow | 40 > > gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution | 1024 > > gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution | 768 > > > > Thanks > > Liming > > *发件人:* devel@edk2.groups.io *代表 *Sean Rhodes > *发送时间:* 2022年7月5日 2:44 > *收件人:* Gerd Hoffmann > *抄送:* devel@edk2.groups.io > *主题:* Re: [edk2-devel] How to get FrontPage to fill screen > > > > Hi Gerd > > > > Thank you very much :) > > > > > > On Mon, 4 Jul 2022 at 10:40, Gerd Hoffmann wrote: > > On Mon, Jul 04, 2022 at 10:03:40AM +0100, Sean Rhodes wrote: > > Hi > > > > Would anyone have any suggestions on getting the Front Page to fill the > > screen? As far as I can see, configuring the below PCDs should allow it > to > > fill the screen - which is being correctly detected as 1920x1080. > > Depends on whenever the system has a serial console or not ... > > ConSplitterDxe uses the intersection of all outputs as final list of > supported text modes. > > > However, it ends up in a rather strange shape: > > [image: UiApp.jpg] > > 80x50? > > take care, > Gerd > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91061): https://edk2.groups.io/g/devel/message/91061 Mute This Topic: https://groups.io/mt/92181096/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2] UefiPayloadPkg: Add macro to support selective driver in UPL
From: James Lu
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3967
Add macros to decide modules built into UPL.elf.
Macro list:
- GENERIC_MEMORY_TEST_ENABLE: GenericMemoryTestDxe
- MEMORY_TEST: NullMemoryTestDxe or GenericMemoryDxe
- ATA_ENABLE: SataControllerDxe, AtaBusDxe, AtaAtapiPassThruDxe
- SD_ENABLE: SdMmcPciDxe, EmmcDxe, SdDxe
- PS2_MOUSE_ENABLE: Ps2MouseDxe
Cc: Guo Dong
Cc: Ray Ni
Cc: Gua Guo
Signed-off-by: James Lu
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 21
UefiPayloadPkg/UefiPayloadPkg.fdf | 14 -
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc
b/UefiPayloadPkg/UefiPayloadPkg.dsc
index cfcf38578d..25443139a6 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -36,7 +36,16 @@
DEFINE PLATFORM_BOOT_TIMEOUT= 3
DEFINE ABOVE_4G_MEMORY = TRUE
DEFINE BOOT_MANAGER_ESCAPE = FALSE
+ DEFINE ATA_ENABLE = TRUE
+ DEFINE SD_ENABLE= TRUE
+ DEFINE PS2_MOUSE_ENABLE = TRUE
DEFINE SD_MMC_TIMEOUT = 100
+
+ #
+ # NULL:NullMemoryTestDxe
+ # GENERIC: GenericMemoryTestDxe
+ #
+ DEFINE MEMORY_TEST = NULL
#
# SBL: UEFI payload for Slim Bootloader
# COREBOOT: UEFI payload for coreboot
@@ -596,7 +605,11 @@
MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
+!if $(MEMORY_TEST) == "GENERIC"
+
MdeModulePkg/Universal/MemoryTest/GenericMemoryTestDxe/GenericMemoryTestDxe.inf
+!elseif $(MEMORY_TEST) == "NULL"
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+!endif
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@@ -631,9 +644,11 @@
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
+!if $(ATA_ENABLE) == TRUE
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
+!endif
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -644,9 +659,11 @@
#
# SD/eMMC Support
#
+!if $(SD_ENABLE) == TRUE
MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf
MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf
MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf
+!endif
#
# Usb Support
@@ -671,7 +688,9 @@
!if $(PS2_KEYBOARD_ENABLE) == TRUE
MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf
!endif
+!if $(PS2_MOUSE_ENABLE) == TRUE
MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf
+!endif
#
# Console Support
@@ -742,12 +761,14 @@
# This should be FALSE for compiling the dynamic command.
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
+!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE
ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf {
## This flag is used to control initialization of the shell library
# This should be FALSE for compiling the dynamic command.
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
+!endif
ShellPkg/Application/Shell/Shell.inf {
## This flag is used to control initialization of the shell library
diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf
b/UefiPayloadPkg/UefiPayloadPkg.fdf
index c7b04978ad..92afc13b9c 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -149,7 +149,11 @@ INF
PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+!if $(MEMORY_TEST) == "GENERIC"
+INF
MdeModulePkg/Universal/MemoryTest/GenericMemoryTestDxe/GenericMemoryTestDxe.inf
+!elseif $(MEMORY_TEST) == "NULL"
+INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+!endif
INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@@ -176,7 +180,9 @@ INF OvmfPkg/SioBusDxe/SioBusDxe.inf
!if $(PS2_KEYBOARD_ENABLE) == TRUE
INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf
!endif
+!if $(PS2_MOUSE_ENABLE) == TRUE
INF MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf
+!endif
#
# Console Support
@@ -195,9 +201,11 @@ INF UefiPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf
INF
Re: [edk2-devel] [PATCH] UefiPayloadPkg: Add macro to support selective driver in UPL
Replied as below Thanks, James -Original Message- From: Ni, Ray Sent: Monday, July 4, 2022 11:34 AM To: Lu, James ; devel@edk2.groups.io Cc: Dong, Guo ; Guo, Gua Subject: RE: [PATCH] UefiPayloadPkg: Add macro to support selective driver in UPL > > +!if $(GENERIC_MEMORY_TEST_ENABLE) == TRUE > > + > MdeModulePkg/Universal/MemoryTest/GenericMemoryTestDxe/Generic > MemoryTestDxe.inf > > +!endif > > +!if $(NULL_MEMORY_TEST_ENABLE) == TRUE > > > MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryT > estDxe.inf > > +!endif 1. Is there a configuration that both GENERIC and NULL memory test is FALSE? If no, can we add a macro like "MEMORY_TEST" and its value could be "GENERIC" or "NULL"? [James] Will resolve in patch v2 > +!if $(ATA_ENABLE) == TRUE > >MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf > >MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf > >MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf 2. AtaAtapiPassThru also produces "gEfiExtScsiPassThruProtocolGuid" which is used by ScsiBusDxe. So, maybe we need to always include AtaAtapiPassThru driver. [James] This is to align client case that AtaAtapiPassThru.inf will not be included while ATA_ENABLE == FALSE And ScsiBusDxe is taken care the flow while gEfiExtScsiPassThruProtocolGuid not existing > ># > ># Usb Support > > @@ -671,7 +685,9 @@ > !if $(PS2_KEYBOARD_ENABLE) == TRUE > >MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf > > !endif > > +!if $(PS2_MOUSE_ENABLE) == TRUE > >MdeModulePkg/Bus/Isa/Ps2MouseDxe/Ps2MouseDxe.inf > > +!endif > > > ># > ># Console Support > > @@ -742,12 +758,14 @@ ># This should be FALSE for compiling the dynamic command. > >gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE > >} > > +!if $(PERFORMANCE_MEASUREMENT_ENABLE) == TRUE 3. Thanks for catching that. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91059): https://edk2.groups.io/g/devel/message/91059 Mute This Topic: https://groups.io/mt/92047211/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg: Add TPM NVIndex Extend support.
Signed-off-by: Qi Zhang
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Rahul Kumar
Cc: Qi Zhang
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 21 +++
.../HashLibBaseCryptoRouterDxe.c | 77 +--
.../Library/Tpm2CommandLib/Tpm2NVStorage.c| 120 ++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 26 +++-
4 files changed, 229 insertions(+), 15 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index a2fb97f18d..f2ff3a5c0c 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -467,6 +467,27 @@ Tpm2NvGlobalWriteLock (
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
);
+/**
+ This command extends a value to an area in NV memory that was previously
defined by TPM2_NV_DefineSpace().
+
+ @param[in] AuthHandle the handle indicating the source of the
authorization value.
+ @param[in] NvIndexThe NV Index of the area to extend.
+ @param[in] AuthSessionAuth Session context
+ @param[in] InData The data to extend.
+
+ @retval EFI_SUCCESSOperation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+ @retval EFI_NOT_FOUND The command was returned successfully, but
NvIndex is not found.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2NvExtend (
+ IN TPMI_RH_NV_AUTHAuthHandle,
+ IN TPMI_RH_NV_INDEX NvIndex,
+ IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
+ IN TPM2B_MAX_BUFFER *InData
+ );
+
/**
This command is used to cause an update to the indicated PCR.
The digests parameter contains one or more tagged digest value identified by
an algorithm ID.
diff --git
a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
index ee8fe6e06e..264f500dc6 100644
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
@@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#include
#include
+#include
#include "HashLibBaseCryptoRouterCommon.h"
@@ -128,6 +129,40 @@ HashUpdate (
return EFI_SUCCESS;
}
+EFI_STATUS
+EFIAPI
+Tpm2ExtendNvIndex (
+ TPMI_RH_NV_INDEX NvIndex,
+ UINT16DataSize,
+ BYTE *Data
+ )
+{
+ EFI_STATUSStatus;
+ TPMI_RH_NV_AUTH AuthHandle;
+ TPM2B_MAX_BUFFER NvExtendData;
+
+ AuthHandle = TPM_RH_PLATFORM;
+ ZeroMem (, sizeof (NvExtendData));
+ CopyMem (NvExtendData.buffer, Data, DataSize);
+ NvExtendData.size = DataSize;
+ Status= Tpm2NvExtend (
+AuthHandle,
+NvIndex,
+NULL,
+
+);
+ if (EFI_ERROR (Status)) {
+DEBUG ((
+ DEBUG_ERROR,
+ "Extend TPM NV index failed, Index: 0x%x Status: %d\n",
+ NvIndex,
+ Status
+ ));
+ }
+
+ return Status;
+}
+
/**
Hash sequence complete and extend to PCR.
@@ -149,11 +184,16 @@ HashCompleteAndExtend (
OUT TPML_DIGEST_VALUES *DigestList
)
{
- TPML_DIGEST_VALUES Digest;
- HASH_HANDLE *HashCtx;
- UINTN Index;
- EFI_STATUS Status;
- UINT32 HashMask;
+ TPML_DIGEST_VALUES Digest;
+ HASH_HANDLE *HashCtx;
+ UINTNIndex;
+ EFI_STATUS Status;
+ UINT32 HashMask;
+ TPML_DIGEST_VALUES TcgPcrEvent2Digest;
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
+ UINT32 ActivePcrBanks;
+ UINT32 *BufferPtr;
+ UINT32 DigestListBinSize;
if (mHashInterfaceCount == 0) {
return EFI_UNSUPPORTED;
@@ -175,10 +215,29 @@ HashCompleteAndExtend (
FreePool (HashCtx);
- Status = Tpm2PcrExtend (
- PcrIndex,
- DigestList
- );
+ if (PcrIndex <= MAX_PCR_INDEX) {
+Status = Tpm2PcrExtend (
+ PcrIndex,
+ DigestList
+ );
+ } else {
+Status = Tpm2GetCapabilitySupportedAndActivePcrs (,
);
+ASSERT_EFI_ERROR (Status);
+ActivePcrBanks = ActivePcrBanks & mSupportedHashMaskCurrent;
+ZeroMem (, sizeof (TcgPcrEvent2Digest));
+BufferPtr = CopyDigestListToBuffer (,
DigestList, ActivePcrBanks);
+DigestListBinSize = (UINT32)((UINT8 *)BufferPtr - (UINT8
*));
+
+//
+// Extend to TPM NvIndex
+//
+Status = Tpm2ExtendNvIndex (
+ PcrIndex,
+ (UINT16)DigestListBinSize,
+ (BYTE *)
+ );
+ }
+
return Status;
}
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
