Re: [edk2-devel] [Patch 1/1] Maintainers.txt: Update based on active community members

2023-10-28 Thread Pedro Falcato 
On Sat, Oct 28, 2023 at 8:23 PM Michael D Kinney
 wrote:
>
> Over the past few months, all the of the Maintainers and
> Reviewers listed in Maintainers.txt have been contacted to make
> sure Maintainers.txt accurately represents the TianoCore
> community members that are actively participating in their
> roles.  Based on specific feedback, bounced emails, and no
> responses, updates have been made.
>
> * RISCV64: Daniel Schaefer replaced with Andrei Warkentin
> * ArmVirtPkg Xen has no remaining reviewers and review
>   responsibility defaults to ArmVirtPkg Maintainers/Reviewers.
> * ACPI modules related to S3 has no remaining reviewers and
>   review responsibility defaults to MdeModulePkg Maintainers/
>   Reviewers.
> * OVMF CSM modules has no remaining reviewers and review
>   responsibility defaults to OvmfPkg Maintainers/Reviewers.
> * Bounce: Chan Laura 
> * Many smaller updates removing individuals that are no
>   longer involved or have replacement coverage.

Mike,

Thank you so much for doing this thankless task. Some comments:

> diff --git a/Maintainers.txt b/Maintainers.txt
> index 3f40cdeb5554..2b03ccbe54aa 100644
> --- a/Maintainers.txt
> +++ b/Maintainers.txt
> @@ -93,7 +93,7 @@ M: Sami Mujawar  [samimujawar]
>  RISCV64
>  F: */RiscV64/
>  M: Sunil V L  [vlsunil]
> -R: Daniel Schaefer  [JohnAZoidberg]
> +R: Andrei Warkentin  [andreiw]
>
>  LOONGARCH64
>  F: */LoongArch64/
> @@ -157,16 +157,6 @@ R: Leif Lindholm  
> [leiflindholm]
>  R: Sami Mujawar  [samimujawar]
>  R: Gerd Hoffmann  [kraxel]
>
> -ArmVirtPkg: modules used on Xen
> -F: ArmVirtPkg/ArmVirtXen.*
> -F: ArmVirtPkg/Library/XenArmGenericTimerVirtCounterLib/
> -F: ArmVirtPkg/Library/XenVirtMemInfoLib/
> -F: ArmVirtPkg/PrePi/
> -F: ArmVirtPkg/XenAcpiPlatformDxe/
> -F: ArmVirtPkg/XenPlatformHasAcpiDtDxe/
> -F: ArmVirtPkg/XenioFdtDxe/
> -R: Julien Grall  [jgrall]

ArmVirtPkg Xen modules seize to have a dedicated maintainer. Can the
generic ArmVirtPkg maintainers handle *more code* (particularly,
functionality that's not trivial to test, unless you actively use
Xen)?

>  BaseTools
>  F: BaseTools/
>  W: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
> @@ -187,8 +177,7 @@ F: CryptoPkg/
>  W: https://github.com/tianocore/tianocore.github.io/wiki/CryptoPkg
>  M: Jiewen Yao  [jyao1]
>  M: Yi Li  [liyi77]
> -R: Xiaoyu Lu  [xiaoyuxlu]
> -R: Guomin Jiang  [guominjia]
> +R: Wenxing Hou  [Wenxing-hou]
>
>  DynamicTablesPkg
>  F: DynamicTablesPkg/
> @@ -202,7 +191,6 @@ W: 
> https://github.com/tianocore/tianocore.github.io/wiki/EmbeddedPkg
>  M: Leif Lindholm  [leiflindholm]
>  M: Ard Biesheuvel  [ardbiesheuvel]
>  M: Abner Chang  [changab]
> -R: Daniel Schaefer  [JohnAZoidberg]
>
>  EmulatorPkg
>  F: EmulatorPkg/
> @@ -228,7 +216,6 @@ F: FmpDevicePkg/
>  W: https://github.com/tianocore/tianocore.github.io/wiki/FmpDevicePkg
>  M: Liming Gao  [lgao4]
>  M: Michael D Kinney  [mdkinney]
> -R: Guomin Jiang  [guominjia]
>  R: Wei6 Xu  [xuweiintel]
>
>  IntelFsp2Pkg
> @@ -237,7 +224,6 @@ W: 
> https://github.com/tianocore/tianocore.github.io/wiki/IntelFsp2Pkg
>  M: Chasel Chiu  [ChaselChiu]
>  M: Nate DeSimone  [nate-desimone]
>  M: Duggapu Chinni B  [cbduggap]
> -M: Ray Han Lim Ng  [rayhanlimng]
>  R: Star Zeng  [lzeng14]
>  R: Ted Kuo  [tedkuo1]
>  R: Ashraf Ali S  [AshrafAliS]
> @@ -258,7 +244,6 @@ R: Susovan Mohapatra  
> [susovanmohapatra]
>  MdeModulePkg
>  F: MdeModulePkg/
>  W: https://github.com/tianocore/tianocore.github.io/wiki/MdeModulePkg
> -M: Jian J Wang  [jwang36]
>  M: Liming Gao  [lgao4]

MdeModulePkg now only has a single maintainer (Liming, who also
handles a myriad of other tasks and packages)
>
>  MdeModulePkg: ACPI modules
> @@ -268,15 +253,6 @@ R: Zhiguang Liu  [LiuZhiguang001]
>  R: Dandan Bi  [dandanbi]
>  R: Liming Gao  [lgao4]
>
> -MdeModulePkg: ACPI modules related to S3
> -F: MdeModulePkg/*LockBox*/
> -F: MdeModulePkg/Include/*BootScript*.h
> -F: MdeModulePkg/Include/*LockBox*.h
> -F: MdeModulePkg/Include/*S3*.h
> -F: MdeModulePkg/Library/*S3*/
> -R: Hao A Wu  [hwu25]
> -R: Eric Dong  [ydong10]
> -
>  MdeModulePkg: BDS modules
>  F: MdeModulePkg/*BootManager*/
>  F: MdeModulePkg/Include/Library/UefiBootManagerLib.h
> @@ -326,7 +302,6 @@ F: MdeModulePkg/Library/DxeSecurityManagementLib/
>  F: MdeModulePkg/Universal/PCD/
>  F: MdeModulePkg/Universal/PlatformDriOverrideDxe/
>  F: MdeModulePkg/Universal/SecurityStubDxe/SecurityStub.c
> -R: Dandan Bi  [dandanbi]
>  R: Liming Gao  [lgao4]

Down to one reviewer.

>
>  MdeModulePkg: Device and Peripheral modules
> @@ -346,12 +321,10 @@ F: MdeModulePkg/Include/Ppi/StorageSecurityCommand.h
>  F: MdeModulePkg/Include/Protocol/Ps2Policy.h
>  F: MdeModulePkg/Library/NonDiscoverableDeviceRegistrationLib/
>  F: MdeModulePkg/Universal/PcatSingleSegmentPciCfg2Pei/
> -R: Hao A Wu  [hwu25]
>  R: Ray Ni  [niruiyu]

Device and bus related code is down to one reviewer.

>
>  MdeModulePkg: Disk modules
>  F: MdeModulePkg/Universal/Disk/
> -R: Hao A Wu  [hwu25]
>  R: Ray Ni

Re: [edk2-devel] [edk2-platforms][PATCH 2/2] OutOfBandManagement/IpmiFeaturePKg: Remove IpmiCommandLib.h from IpmiFeaturePkg

2023-10-28 Thread Chang, Abner via groups.io 
[AMD Official Use Only - General]

Please ignore this, Liming already gave RB. 
(https://edk2.groups.io/g/devel/message/109510)

Thanks

> -Original Message-
> From: Chang, Abner 
> Sent: Wednesday, October 18, 2023 12:53 PM
> To: devel@edk2.groups.io; Chang, Abner 
> Cc: Attar, AbdulLateef (Abdul Lateef) ; Isaac
> Oram ; Nickle Wang ; Nate
> DeSimone ; Liming Gao
> 
> Subject: RE: [edk2-devel] [edk2-platforms][PATCH 2/2]
> OutOfBandManagement/IpmiFeaturePKg: Remove IpmiCommandLib.h from
> IpmiFeaturePkg
>
> [AMD Official Use Only - General]
>
> Hi Nate and Liming,
> Please help to review this patch.
>
> Thanks
> Abner
>
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Chang,
> > Abner via groups.io
> > Sent: Tuesday, October 10, 2023 4:22 PM
> > To: devel@edk2.groups.io
> > Cc: Attar, AbdulLateef (Abdul Lateef) ; Isaac
> > Oram ; Nickle Wang ; Nate
> > DeSimone 
> > Subject: [edk2-devel] [edk2-platforms][PATCH 2/2]
> > OutOfBandManagement/IpmiFeaturePKg: Remove IpmiCommandLib.h
> from
> > IpmiFeaturePkg
> >
> > Caution: This message originated from an External Source. Use proper
> caution
> > when opening attachments, clicking links, or responding.
> >
> >
> > From: Abner Chang 
> >
> > Remove duplicate IpmiCommandLib.h and use the one
> > under MdeModulePKg instead.
> >
> > Signed-off-by: Abner Chang 
> > Cc: Abdul Lateef Attar 
> > Cc: Isaac Oram 
> > Cc: Nickle Wang 
> > Cc: Isaac Oram 
> > Cc: Nate DeSimone 
> > ---
> >  .../IpmiFeaturePkg/BmcElog/BmcElog.inf|   1 +
> >  .../IpmiFeaturePkg/Frb/FrbPei.inf |   1 +
> >  .../GenericIpmi/Dxe/GenericIpmi.inf   |   1 +
> >  .../GenericIpmi/Pei/PeiGenericIpmi.inf|   1 +
> >  .../GenericIpmi/Smm/SmmGenericIpmi.inf|   1 +
> >  .../IpmiFeaturePkg/IpmiFru/IpmiFru.inf|   1 +
> >  .../IpmiFeaturePkg/OsWdt/OsWdt.inf|   1 +
> >  .../IpmiFeaturePkg/SolStatus/SolStatus.inf|   1 +
> >  .../Include/Library/IpmiCommandLib.h  | 314 --
> >  9 files changed, 8 insertions(+), 314 deletions(-)
> >  delete mode 100644
> >
> Features/Intel/OutOfBandManagement/IpmiFeaturePkg/Include/Library/Ipm
> > iCommandLib.h
> >
> > diff --git
> >
> a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/BmcElog/BmcElo
> > g.inf
> >
> b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/BmcElog/BmcElo
> > g.inf
> > index 388dd2740c..1e7a7658b7 100644
> > ---
> >
> a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/BmcElog/BmcElo
> > g.inf
> > +++
> >
> b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/BmcElog/BmcElo
> > g.inf
> > @@ -21,6 +21,7 @@
> >
> >  [Packages]
> >MdePkg/MdePkg.dec
> > +  MdeModulePkg/MdeModulePkg.dec
> >IpmiFeaturePkg/IpmiFeaturePkg.dec
> >
> >  [LibraryClasses]
> > diff --git
> > a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/Frb/FrbPei.inf
> > b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/Frb/FrbPei.inf
> > index 797dbe6a07..bfd80d4a98 100644
> > ---
> a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/Frb/FrbPei.inf
> > +++
> > b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/Frb/FrbPei.inf
> > @@ -20,6 +20,7 @@
> >
> >  [Packages]
> >MdePkg/MdePkg.dec
> > +  MdeModulePkg/MdeModulePkg.dec
> >IpmiFeaturePkg/IpmiFeaturePkg.dec
> >
> >  [LibraryClasses]
> > diff --git
> >
> a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Dxe/
> > GenericIpmi.inf
> >
> b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Dxe/
> > GenericIpmi.inf
> > index 1564ceb08a..d37d1c5046 100644
> > ---
> >
> a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Dxe/
> > GenericIpmi.inf
> > +++
> >
> b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Dxe/
> > GenericIpmi.inf
> > @@ -37,6 +37,7 @@
> >
> >  [Packages]
> >MdePkg/MdePkg.dec
> > +  MdeModulePkg/MdeModulePkg.dec
> >IpmiFeaturePkg/IpmiFeaturePkg.dec
> >
> >  [LibraryClasses]
> > diff --git
> >
> a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Pei/
> P
> > eiGenericIpmi.inf
> >
> b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Pei/
> > PeiGenericIpmi.inf
> > index 3a73180ce6..d7fb7f1c5b 100644
> > ---
> >
> a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Pei/
> P
> > eiGenericIpmi.inf
> > +++
> >
> b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Pei/
> > PeiGenericIpmi.inf
> > @@ -36,6 +36,7 @@
> >
> >  [Packages]
> >MdePkg/MdePkg.dec
> > +  MdeModulePkg/MdeModulePkg.dec
> >IpmiFeaturePkg/IpmiFeaturePkg.dec
> >
> >  [LibraryClasses]
> > diff --git
> > a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Sm
> > m/SmmGenericIpmi.inf
> > b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Sm
> > m/SmmGenericIpmi.inf
> > index 12dc17ae84..75162007ce 100644
> > ---
> > a/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Sm
> > m/SmmGenericIpmi.inf
> > +++
> > b/Features/Intel/OutOfBandManagement/IpmiFeaturePkg/GenericIpmi/Sm
>

Re: [edk2-devel] [PATCH edk2-platforms 0/4] IpmiFeaturePkg: Add server management features

2023-10-28 Thread Chang, Abner via groups.io 
[AMD Official Use Only - General]

Hi Gong,
Please note that your code may have conflict as IpmiCommandLib was removed 
(please check  https://edk2.groups.io/g/devel/message/109510), now we are using 
the one under MdeModulePKg.
Second, I had cleaned up those server management feature drivers and migrated 
those to under ManageabilityPkg with Issac RB, please check commit ID from 
b6a5124e to d6f18259. That would be not good if Intel keeps updating 
IpmiFeaturePkg. As those drivers are higher level applications on top of 
transport, It shouldn't have a problem to just update the changes against 
ManageabilityPkg. Is there any issues Intel met if uses IPMI feature drivers 
from Manageability? If yes, we can address the issue instead of making them 
diverging.


Thanks
Abner

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Zhen
> Gong via groups.io
> Sent: Saturday, October 28, 2023 4:11 AM
> To: devel@edk2.groups.io
> Cc: Zhen Gong 
> Subject: [edk2-devel] [PATCH edk2-platforms 0/4] IpmiFeaturePkg: Add
> server management features
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> This patch set adds serveral IPMI features to support server management:
>
> BmcAcpiState: A DXE driver to notify BMC of S0 power state.
> BmcAcpiSwChild: An SMM driver to notify BMC of ACPI power state changes
> and add
>  SEL records.
> BmcElog: PEI, DXE, and SMM drivers to support BMC event log functions.
> GenericElog: DXE and SMM drivers to support generic event log functions.
> GenericFru: A runtime driver to support generic FRU functions.
> IpmiRedirFru: A DXE driver to support BMC FRU functions and generate data
> based
>  on SMBIOS data.
> ServerManagementLib: A library to provide essential functions for server
>  management drivers.
>
>
> Zhen Gong (4):
>   IpmiFeaturePkg: Add Elog drivers
>   IpmiFeaturePkg: Add ServerManagementLib
>   IpmiFeaturePkg: Add ACPI power state drivers
>   IpmiFeaturePkg: Add FRU drivers
>
>  .../IpmiFeaturePkg/IpmiFeaturePkg.dec |  10 +
>  .../IpmiFeaturePkg/Include/IpmiFeature.dsc|  13 +-
>  .../IpmiFeaturePkg/Include/PostMemory.fdf |  10 +-
>  .../IpmiFeaturePkg/Include/PreMemory.fdf  |   1 +
>  .../BmcAcpiState/BmcAcpiState.inf |  40 +
>  .../BmcAcpiSwChild/BmcAcpiSwChild.inf |  39 +
>  .../BmcElog/{BmcElog.inf => DxeBmcElog.inf}   |  25 +-
>  .../IpmiFeaturePkg/BmcElog/PeiBmcElog.inf |  43 ++
>  .../IpmiFeaturePkg/BmcElog/SmmBmcElog.inf |  44 ++
>  .../GenericElog/Dxe/GenericElog.inf   |  38 +
>  .../GenericElog/Smm/GenericElog.inf   |  38 +
>  .../IpmiFeaturePkg/GenericFru/GenericFru.inf  |  42 ++
>  .../IpmiFeaturePkg/IpmiFru/IpmiFru.inf|  35 -
>  .../IpmiRedirFru/IpmiRedirFru.inf |  51 ++
>  .../ServerManagementLib.inf   |  35 +
>  .../ServerManagementLibNull.inf   |  38 +
>  .../BmcAcpiState/BmcAcpiState.h   |  26 +
>  .../BmcAcpiSwChild/BmcAcpiSwChild.h   |  82 +++
>  .../BmcElog/Common/BmcElogCommon.h| 144 
>  .../IpmiFeaturePkg/BmcElog/Dxe/BmcElog.h  |  42 ++
>  .../IpmiFeaturePkg/BmcElog/Pei/BmcElog.h  |  44 ++
>  .../IpmiFeaturePkg/BmcElog/Smm/BmcElog.h  |  43 ++
>  .../GenericElog/Dxe/GenericElog.h | 194 +
>  .../GenericElog/Smm/GenericElog.h | 216 ++
>  .../GenericFru/GenericFruDriver.h | 178 +
>  .../Include/Library/ServerMgmtRtLib.h | 147 
>  .../IpmiFeaturePkg/Include/Ppi/GenericElog.h  |  84 +++
>  .../Include/Protocol/BmcAcpiSwChildPolicy.h   |  31 +
>  .../Include/Protocol/GenericElog.h|  99 +++
>  .../Include/Protocol/GenericFru.h | 103 +++
>  .../Include/Protocol/RedirFru.h   |  81 ++
>  .../IpmiRedirFru/IpmiRedirFru.h   | 149 
>  .../BmcAcpiState/BmcAcpiState.c   |  93 +++
>  .../BmcAcpiSwChild/BmcAcpiSwChild.c   | 189 +
>  .../IpmiFeaturePkg/BmcElog/BmcElog.c  | 236 --
>  .../BmcElog/Common/BmcElogCommon.c| 465 
>  .../IpmiFeaturePkg/BmcElog/Dxe/BmcElog.c  | 287 
>  .../IpmiFeaturePkg/BmcElog/Pei/BmcElog.c  | 297 
>  .../IpmiFeaturePkg/BmcElog/Smm/BmcElog.c  | 288 
>  .../GenericElog/Dxe/GenericElog.c | 576 +++
>  .../GenericElog/Smm/GenericElog.c | 558 ++
>  .../IpmiFeaturePkg/GenericFru/GenericFru.c|  68 ++
>  .../GenericFru/GenericFruDriver.c | 513 +
>  .../IpmiFeaturePkg/IpmiFru/IpmiFru.c  |  67 --
>  .../IpmiFeaturePkg/IpmiRedirFru/FruSmbios.c   | 469 
>  .../IpmiRedirFru/IpmiRedirFru.c   | 479 
>  .../ServerManagementLib/ServerManagementLib.c | 696
> ++
>  .../ServerManagementLibNull.c | 144 
>  48 files changed, 7242

[edk2-devel] [Patch 1/1] Maintainers.txt: Update based on active community members

2023-10-28 Thread Michael D Kinney 
Over the past few months, all the of the Maintainers and
Reviewers listed in Maintainers.txt have been contacted to make
sure Maintainers.txt accurately represents the TianoCore
community members that are actively participating in their
roles.  Based on specific feedback, bounced emails, and no
responses, updates have been made.

* RISCV64: Daniel Schaefer replaced with Andrei Warkentin
* ArmVirtPkg Xen has no remaining reviewers and review
  responsibility defaults to ArmVirtPkg Maintainers/Reviewers.
* ACPI modules related to S3 has no remaining reviewers and
  review responsibility defaults to MdeModulePkg Maintainers/
  Reviewers.
* OVMF CSM modules has no remaining reviewers and review
  responsibility defaults to OvmfPkg Maintainers/Reviewers.
* Bounce: Chan Laura 
* Many smaller updates removing individuals that are no
  longer involved or have replacement coverage.

Cc: Andrew Fish 
Cc: Leif Lindholm 
Cc: Andrei Warkentin 
Cc: Catharine West 
Cc: Dandan Bi 
Cc: Daniel Schaefer 
Cc: David Woodhouse 
Cc: Debkumar De 
Cc: Eric Dong 
Cc: Guomin Jiang 
Cc: Hao A Wu 
Cc: James Bottomley 
Cc: Jian J Wang 
Cc: Jordan Justen 
Cc: Julien Grall 
Cc: Peter Grehan 
Cc: Qi Zhang 
Cc: Ray Han Lim Ng 
Cc: Stefan Berger 
Cc: Wenxing Hou 
Cc: Xiaoyu Lu 
Signed-off-by: Michael D Kinney 
---
 Maintainers.txt | 53 ++---
 1 file changed, 2 insertions(+), 51 deletions(-)

diff --git a/Maintainers.txt b/Maintainers.txt
index 3f40cdeb5554..2b03ccbe54aa 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -93,7 +93,7 @@ M: Sami Mujawar  [samimujawar]
 RISCV64
 F: */RiscV64/
 M: Sunil V L  [vlsunil]
-R: Daniel Schaefer  [JohnAZoidberg]
+R: Andrei Warkentin  [andreiw]
 
 LOONGARCH64
 F: */LoongArch64/
@@ -157,16 +157,6 @@ R: Leif Lindholm  [leiflindholm]
 R: Sami Mujawar  [samimujawar]
 R: Gerd Hoffmann  [kraxel]
 
-ArmVirtPkg: modules used on Xen
-F: ArmVirtPkg/ArmVirtXen.*
-F: ArmVirtPkg/Library/XenArmGenericTimerVirtCounterLib/
-F: ArmVirtPkg/Library/XenVirtMemInfoLib/
-F: ArmVirtPkg/PrePi/
-F: ArmVirtPkg/XenAcpiPlatformDxe/
-F: ArmVirtPkg/XenPlatformHasAcpiDtDxe/
-F: ArmVirtPkg/XenioFdtDxe/
-R: Julien Grall  [jgrall]
-
 BaseTools
 F: BaseTools/
 W: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
@@ -187,8 +177,7 @@ F: CryptoPkg/
 W: https://github.com/tianocore/tianocore.github.io/wiki/CryptoPkg
 M: Jiewen Yao  [jyao1]
 M: Yi Li  [liyi77]
-R: Xiaoyu Lu  [xiaoyuxlu]
-R: Guomin Jiang  [guominjia]
+R: Wenxing Hou  [Wenxing-hou]
 
 DynamicTablesPkg
 F: DynamicTablesPkg/
@@ -202,7 +191,6 @@ W: 
https://github.com/tianocore/tianocore.github.io/wiki/EmbeddedPkg
 M: Leif Lindholm  [leiflindholm]
 M: Ard Biesheuvel  [ardbiesheuvel]
 M: Abner Chang  [changab]
-R: Daniel Schaefer  [JohnAZoidberg]
 
 EmulatorPkg
 F: EmulatorPkg/
@@ -228,7 +216,6 @@ F: FmpDevicePkg/
 W: https://github.com/tianocore/tianocore.github.io/wiki/FmpDevicePkg
 M: Liming Gao  [lgao4]
 M: Michael D Kinney  [mdkinney]
-R: Guomin Jiang  [guominjia]
 R: Wei6 Xu  [xuweiintel]
 
 IntelFsp2Pkg
@@ -237,7 +224,6 @@ W: 
https://github.com/tianocore/tianocore.github.io/wiki/IntelFsp2Pkg
 M: Chasel Chiu  [ChaselChiu]
 M: Nate DeSimone  [nate-desimone]
 M: Duggapu Chinni B  [cbduggap]
-M: Ray Han Lim Ng  [rayhanlimng]
 R: Star Zeng  [lzeng14]
 R: Ted Kuo  [tedkuo1]
 R: Ashraf Ali S  [AshrafAliS]
@@ -258,7 +244,6 @@ R: Susovan Mohapatra  
[susovanmohapatra]
 MdeModulePkg
 F: MdeModulePkg/
 W: https://github.com/tianocore/tianocore.github.io/wiki/MdeModulePkg
-M: Jian J Wang  [jwang36]
 M: Liming Gao  [lgao4]
 
 MdeModulePkg: ACPI modules
@@ -268,15 +253,6 @@ R: Zhiguang Liu  [LiuZhiguang001]
 R: Dandan Bi  [dandanbi]
 R: Liming Gao  [lgao4]
 
-MdeModulePkg: ACPI modules related to S3
-F: MdeModulePkg/*LockBox*/
-F: MdeModulePkg/Include/*BootScript*.h
-F: MdeModulePkg/Include/*LockBox*.h
-F: MdeModulePkg/Include/*S3*.h
-F: MdeModulePkg/Library/*S3*/
-R: Hao A Wu  [hwu25]
-R: Eric Dong  [ydong10]
-
 MdeModulePkg: BDS modules
 F: MdeModulePkg/*BootManager*/
 F: MdeModulePkg/Include/Library/UefiBootManagerLib.h
@@ -326,7 +302,6 @@ F: MdeModulePkg/Library/DxeSecurityManagementLib/
 F: MdeModulePkg/Universal/PCD/
 F: MdeModulePkg/Universal/PlatformDriOverrideDxe/
 F: MdeModulePkg/Universal/SecurityStubDxe/SecurityStub.c
-R: Dandan Bi  [dandanbi]
 R: Liming Gao  [lgao4]
 
 MdeModulePkg: Device and Peripheral modules
@@ -346,12 +321,10 @@ F: MdeModulePkg/Include/Ppi/StorageSecurityCommand.h
 F: MdeModulePkg/Include/Protocol/Ps2Policy.h
 F: MdeModulePkg/Library/NonDiscoverableDeviceRegistrationLib/
 F: MdeModulePkg/Universal/PcatSingleSegmentPciCfg2Pei/
-R: Hao A Wu  [hwu25]
 R: Ray Ni  [niruiyu]
 
 MdeModulePkg: Disk modules
 F: MdeModulePkg/Universal/Disk/
-R: Hao A Wu  [hwu25]
 R: Ray Ni  [niruiyu]
 R: Zhichao Gao  [ZhichaoGao]
 
@@ -366,7 +339,6 @@ F: MdeModulePkg/Library/DisplayUpdateProgressLib*/
 F: MdeModulePkg/Library/FmpAuthenticationLibNull/
 F: MdeModulePkg/Universal/Esrt*/
 R: Liming Gao  [lgao4]
-R: Guomin

[edk2-devel] [PATCH v2 0/1] UefiPayloadPkg: Fix Add FV broken on fit format and remove clang dependency for version check

2023-10-28 Thread brucex . wang 
From: Gua Guo 

V2: Fix FIT Add FV failure broken.
V1: Remove clang dependency.

BruceX Wang (1):
  UefiPayloadPkg: Fix incorrect code on Fit function.

 UefiPayloadPkg/Tools/MkFitImage.py  |  7 ++-
 UefiPayloadPkg/UniversalPayloadBuild.py | 10 --
 2 files changed, 6 insertions(+), 11 deletions(-)

--
2.39.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110251): https://edk2.groups.io/g/devel/message/110251
Mute This Topic: https://groups.io/mt/102244779/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 1/1] UefiPayloadPkg: Fix incorrect code on Fit function.

2023-10-28 Thread brucex . wang 
From: BruceX Wang 

1. Add firmware volume need to check firmware volume exist or not.
2. Remove clang version check dependency.

Cc: Guo Dong 
Cc: Sean Rhodes 
Cc: James Lu 
Cc: Gua Guo 

Signed-off-by: BruceX Wang 
---
 UefiPayloadPkg/Tools/MkFitImage.py  |  7 ++-
 UefiPayloadPkg/UniversalPayloadBuild.py | 10 --
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/UefiPayloadPkg/Tools/MkFitImage.py 
b/UefiPayloadPkg/Tools/MkFitImage.py
index 82ab933d6d..41a259960b 100644
--- a/UefiPayloadPkg/Tools/MkFitImage.py
+++ b/UefiPayloadPkg/Tools/MkFitImage.py
@@ -10,6 +10,7 @@ from os.path import exists
 import libfdt
 from ctypes import *
 import time
+import os
 
 class FIT_IMAGE_INFO_HEADER:
 """Class for user setting data to use MakeFitImage()
@@ -139,6 +140,8 @@ def BuildFitImage(Fdt, InfoHeader):
 ImageNode = libfdt.fdt_add_subnode(Fdt, 0, 'images')
 for Item in reversed (MultiImage):
 Name, Path, BuildFvNode, Description, BinaryData, DataOffset = Item
+if os.path.exists (Item[1]) == False:
+continue
 FvNode = libfdt.fdt_add_subnode(Fdt, ImageNode, Name)
 BuildFvNode (Fdt, InfoHeader, FvNode, DataOffset, len(BinaryData), 
Description)
 
@@ -149,7 +152,9 @@ def BuildFitImage(Fdt, InfoHeader):
 DtbFile.truncate()
 DtbFile.write(Fdt)
 for Item in MultiImage:
-_, _, _, _, BinaryData, _ = Item
+_, FilePath, _, _, BinaryData, _ = Item
+if os.path.exists (Item[1]) == False:
+continue
 DtbFile.write(BinaryData)
 DtbFile.close()
 
diff --git a/UefiPayloadPkg/UniversalPayloadBuild.py 
b/UefiPayloadPkg/UniversalPayloadBuild.py
index 6f57fa6df6..046c62e21c 100644
--- a/UefiPayloadPkg/UniversalPayloadBuild.py
+++ b/UefiPayloadPkg/UniversalPayloadBuild.py
@@ -146,16 +146,6 @@ def BuildUniversalPayload(Args):
 ModuleReportPath = os.path.join(BuildDir, "UefiUniversalPayloadEntry.txt")
 UpldInfoFile = os.path.join(BuildDir, "UniversalPayloadInfo.bin")
 
-if "CLANG_BIN" in os.environ:
-LlvmObjcopyPath = os.path.join(os.environ["CLANG_BIN"], "llvm-objcopy")
-else:
-LlvmObjcopyPath = "llvm-objcopy"
-try:
-RunCommand('"%s" --version'%LlvmObjcopyPath)
-except:
-print("- Failed - Please check if LLVM is installed or if CLANG_BIN is 
set correctly")
-sys.exit(1)
-
 Pcds = ""
 if (Args.pcd != None):
 for PcdItem in Args.pcd:
-- 
2.39.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110252): https://edk2.groups.io/g/devel/message/110252
Mute This Topic: https://groups.io/mt/102244780/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] Maintainers.txt: update Gary's email address

2023-10-28 Thread Michael D Kinney 
Merged: https://github.com/tianocore/edk2/pull/4973


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110250): https://edk2.groups.io/g/devel/message/110250
Mute This Topic: https://groups.io/mt/93267348/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 0/2] Upgrade edk2-pytools to latest

2023-10-28 Thread Laszlo Ersek 
On 10/28/23 16:20, Laszlo Ersek wrote:
> On 10/27/23 19:41, Joey Vagedes via groups.io wrote:
>> Thank you for the reviews. Pending any reviews other maintainers of these 
>> packages would like to do, this patch series is ready to merge. I've updated 
>> the PR with the reviewed-by tags:
>>
>> https://github.com/tianocore/edk2/pull/4966
> 
> I figured I could try just adding the push label to your PR, but the
> master branch had advanced meanwhile... So I've now picked up your
> patches from the list, added the R-b tags, compared the new branch
> against yours from the PR, and then created a new PR, with the "push"
> label set:
> 
> https://github.com/tianocore/edk2/pull/4972
> 
> Hopefully this will complete.

It did: commit range 7ff6ab2b3e09..7806713f00e9.

Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110249): https://edk2.groups.io/g/devel/message/110249
Mute This Topic: https://groups.io/mt/102223493/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] SSL handshake in HTTPS boot if the certificate was signed with a root certificate

2023-10-28 Thread Laszlo Ersek 
On 10/26/23 14:37, jacopo.r0...@gmail.com wrote:
> Hi there,
>
> I was trying to HTTPs boot a virtual machine with the following
> scenario:
>
> 1) I have a self signed root CA /root.crt /and then I use it to sign
> another self signed certificate /myip.crt /for the IP address X.X.X.X
> 2) I have an NGINX server configured to use SSL with the /myip.crt
> /certificate and its key.
> 3) I have a UEFI virtual machine configured to HTTPs boot and trust
> the CA certificate /root.crt /.
>
> Unfortunately the machine fails in the SSL handshake step and then the
> UEFI config page is shown again. Using for example /curl --cacert
> root.crt X.X.X.X /it works perfectly fine (also forcing curl to use
> tls 1.2).
>
> In addition to that, if I do not use a root certificate for the
> server's IP (i.e. I do not build a chain of certificates), the machine
> boots fine.
>
> Unfortunately I don't have a physical server to make a real test. Is
> this a missing feature, a bug, or am I doing it completely wrong?

I'm responding here, because it would be difficult to answer under your
further individual thread additions.


(1) Please don't trim the OVMF debug log. I need to see the whole thing,
from start to finish. In particular, OVMF contains fw_cfg integration
with the host for setting the accepted CA certificates. By the time
HTTPS boot is attempted, that may or may not have been done already. So
I need to look at both parts of the log -- it's possible that your CA
certificate is right, but OVMF is not considering it at all, from the
time you enroll the certificate on the setup TUI. The best general
approach for logs is to just attach them in whole (preferably
compressed), because you don't know what I'll have to look at in it. If
you don't feel comfortable sharing the full log with the list, you can
send it to me off-list.


(2) Your certificate generation commands look *superficially* right to
me, but that's exactly where the issue may be, and I don't have to time
to reproduce your exact setup.

A few years ago we had an issue (a security issue) exactly around the
binary IP address "subject alt name". You can read more about it here:

  [edk2-devel] [PATCH v2 0/8] support server identity validation in HTTPS Boot 
(CVE-2019-14553)

  
https://listman.redhat.com/archives/edk2-devel-archive/2019-October/009601.html

(See also  and
onward.)

I *think* your server certificate setup satisfies row number 5 in the
test matrix, and so it should work, but I can't tell without trying it
myself (and I don't have time for that). So, instead I suggest that you
take the certificate generator script from that comment, and go through
all the test cases yourself.

If you find behavior that differs from the penultimate column (that is,
the "edk2 patched status" column), then we have a regression. (In
particular, on row #5, the status is "accept".)

If all those test cases still work fine (and your own certs don't), then
your certificate setup probably contains the problem.


(3) You didn't include a textual dump of your *server* certificate; that
certificate could be quite relevant.


(4) Your SSL error code is "L14:R86"; that just stands for ERR_LIB_SSL
(decimal 20, from "include/openssl/err.h.in") and
SSL_R_CERTIFICATE_VERIFY_FAILED (decimal 134, "certificate verify
failed", from "crypto/err/openssl.txt"). Unfortunately, this doesn't
tell us much.


(5) Using cURL as the baseline is -- surprisingly -- precisely the
*wrong* thing to do here. When we were working on the CVE-2019-14553
bugfix (see above), we found that the issue affected cURL as well. David
Woodhouse suggested that I report it to the cURL maintainer, and I did,
at . Ultimately, the maintainer
decided this wasn't a security issue, but sort of a bug compatibility
feature. Namely, Windows HTTPS clients older than -- if memory serves --
Windows 10 *never* consider "subjectAltName.iPAddress". Thus, HTTPS
server operators that (i) have no DNS domain names assigned, yet (b)
intend to serve such older Windows clients, have no choice but to put
their IP addresses in *at least* their certs' Common Names -- and then
they frequently don't care for setting "subjectAltName.iPAddress" at
all. In turn, cURL wants to accept such server certificates (if they are
otherwise valid), for compatibility. (In the test matrix, you can see
these cases marked with "COMPAT/1".)

Thus, edk2 is stricter than cURL, and so it's quite possible that your
*server* certificate satisfies cURL, but does not satisfy edk2.

In the cURL log, we find "common name: 10.0.2.254 (matched)", but that
alone will not satisfy edk2. Edk2 will look for the binary "iPAddress
subjectAltName" in the certificate. Now, I do see, in your "openssl"
config file, the v3_req -> alt_names -> IP.1 setting, and indeed that
should suffice. I expect some nuance around those parts goes wrong,
though.

Again, if the original test cases still work

Re: [edk2-devel] [PATCH v1 0/2] Upgrade edk2-pytools to latest

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 19:41, Joey Vagedes via groups.io wrote:
> Thank you for the reviews. Pending any reviews other maintainers of these 
> packages would like to do, this patch series is ready to merge. I've updated 
> the PR with the reviewed-by tags:
> 
> https://github.com/tianocore/edk2/pull/4966

I figured I could try just adding the push label to your PR, but the
master branch had advanced meanwhile... So I've now picked up your
patches from the list, added the R-b tags, compared the new branch
against yours from the PR, and then created a new PR, with the "push"
label set:

https://github.com/tianocore/edk2/pull/4972

Hopefully this will complete.

Laszlo

> 
> Joey
> 
> -Original Message-
> From: Michael Kubacki  
> Sent: Friday, October 27, 2023 10:32 AM
> To: devel@edk2.groups.io; Joey Vagedes 
> Cc: Sean Brogan ; Kinney, Michael D 
> ; Liming Gao 
> Subject: Re: [edk2-devel] [PATCH v1 0/2] Upgrade edk2-pytools to latest
> 
> Series:
> 
> Reviewed-by: Michael Kubacki 
> 
> On 10/27/2023 11:15 AM, Joey Vagedes via groups.io wrote:
>> Upgrades edk2-pytool-library to v0.19.3 and edk2-pytool-extensions to 
>> v0.25.1 and performs all necessary integrations as noted in the 
>> individual package commits.
>>
>> Cc: Sean Brogan 
>> Cc: Michael Kubacki 
>> Cc: Michael D Kinney 
>> Cc: Liming Gao 
>>
>> Joey Vagedes (2):
>>.pytool: Integration of edk2-pytools
>>BaseTools: Plugin: Integration of edk2-pytools
>>
>>   
>> .pytool/Plugin/HostUnitTestDscCompleteCheck/HostUnitTestDscCompleteCheck.py 
>> |  7 ---
>>   .pytool/Plugin/UncrustifyCheck/UncrustifyCheck.py  
>>  | 12 ++--
>>   BaseTools/Plugin/DebugMacroCheck/BuildPlugin/DebugMacroCheckBuildPlugin.py 
>>  | 10 +-
>>   pip-requirements.txt   
>>  |  4 ++--
>>   4 files changed, 17 insertions(+), 16 deletions(-)
>>
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110247): https://edk2.groups.io/g/devel/message/110247
Mute This Topic: https://groups.io/mt/102223493/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/2] Add Platform Hook Lib into StandaloneMmCore

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 18:08, Michael Kubacki wrote:
> This allows ambiguous "platform" code in the critical path of the MM
> core. Is this necessary?
> 
> Do you need this for one feature that others might too and can be
> abstracted? Or, do you plan to perform an unknown and arbitrary number
> of changes behind the hook over time?

Not sure if it's necessary, but it's somewhat "customary". Platform hook
libs are not uncommon; for example PiSmmCpuDxeSmm consumes
SmmCpuPlatformHookLib and SmmCpuFeaturesLib.

My request would be for Wei to file a TianoCore Feature Request
bugzilla, with a bit more information than "We need this library to
implement our feature". Reference the BZ in the commit messages, then
add the BZ to the
.

Laszlo

> 
> Thanks,
> Michael
> 
> On 10/26/2023 11:28 PM, Xu, Wei6 wrote:
>> This patch set is to add StandaloneMmCorePlatformHookLib into
>> StandaloneMmCore.
>>
>> This library class defines a set of platform hooks called by the
>> Standalone Mm Core. With this library, platform can perform specific
>> tasks before and after invoking registered MMI handlers.
>> We need this library to implement our feature.
>>
>> PR: https://github.com/tianocore/edk2/pull/4949
>>
>>
>>
>> Cc: Ard Biesheuvel 
>>
>> Cc: Sami Mujawar 
>>
>> Cc: Ray Ni 
>>
>>
>> Wei6 Xu (2):
>>    StandaloneMmPkg: Add Standalone Mm Core platform hook lib.
>>    StandaloneMmPkg/Core: Consumes Standalone Mm Core Platform Hook Lib.
>>
>>   StandaloneMmPkg/Core/StandaloneMmCore.c   |  7 ++-
>>   .../StandaloneMmCorePlatformHookLibNull.c | 45 +++
>>   StandaloneMmPkg/Core/StandaloneMmCore.h   |  1 +
>>   StandaloneMmPkg/Core/StandaloneMmCore.inf |  1 +
>>   .../Library/StandaloneMmCorePlatformHookLib.h | 44 ++
>>   .../StandaloneMmCorePlatformHookLibNull.inf   | 30 +
>>   StandaloneMmPkg/StandaloneMmPkg.dec   |  4 ++
>>   StandaloneMmPkg/StandaloneMmPkg.dsc   |  2 +
>>   8 files changed, 133 insertions(+), 1 deletion(-)
>>   create mode 100644
>> StandaloneMmPkg/Library/StandaloneMmCorePlatformHookLibNull/StandaloneMmCorePlatformHookLibNull.c
>>   create mode 100644
>> StandaloneMmPkg/Include/Library/StandaloneMmCorePlatformHookLib.h
>>   create mode 100644
>> StandaloneMmPkg/Library/StandaloneMmCorePlatformHookLibNull/StandaloneMmCorePlatformHookLibNull.inf
>>
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110246): https://edk2.groups.io/g/devel/message/110246
Mute This Topic: https://groups.io/mt/102214566/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-platforms PATCH] Maintainers.txt: remove Isaac Oram's email address

2023-10-28 Thread Laszlo Ersek 
On 10/25/23 10:35, Laszlo Ersek wrote:
> Email to Isaac's address  bounces ("5.1.0 Address
> rejected"); remove that address.
> 
> Cc: Abdul Lateef Attar 
> Cc: Abner Chang 
> Cc: Ashraf Ali S 
> Cc: Chasel Chiu 
> Cc: Eric Dong 
> Cc: Liming Gao 
> Cc: Nate DeSimone 
> Cc: Nickle Wang 
> Cc: Pedro Falcato 
> Cc: Rangasai V Chaganty 
> Cc: Ray Ni 
> Cc: Sai Chaganty 
> Cc: Theo Jehl 
> Signed-off-by: Laszlo Ersek 
> ---
>  Maintainers.txt | 11 ---
>  1 file changed, 11 deletions(-)

Commit c1d04ecedf32.

Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110245): https://edk2.groups.io/g/devel/message/110245
Mute This Topic: https://groups.io/mt/102174250/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] Remove checking Smm Rev ID in AMD Save State lib when Reading Save State Register EFI_MM_SAVE_STATE_REGISTER_IO

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 07:36, Jacque Lin via groups.io wrote:
> ---
>  UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveState.c | 13 -
>  1 file changed, 13 deletions(-)

Why?

(The commit message is empty.)

Laszlo

> 
> diff --git a/UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveState.c 
> b/UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveState.c
> index 3315a6cc44..c4bf6ad4bb 100644
> --- a/UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveState.c
> +++ b/UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveState.c
> @@ -102,7 +102,6 @@ MmSaveStateReadRegister (
>OUT VOID*Buffer
> 
>)
> 
>  {
> 
> -  UINT32 SmmRevId;
> 
>EFI_MM_SAVE_STATE_IO_INFO  *IoInfo;
> 
>AMD_SMRAM_SAVE_STATE_MAP   *CpuSaveState;
> 
>UINT8  DataWidth;
> 
> @@ -124,18 +123,6 @@ MmSaveStateReadRegister (
>  
> 
>// Check for special EFI_MM_SAVE_STATE_REGISTER_IO
> 
>if (Register == EFI_MM_SAVE_STATE_REGISTER_IO) {
> 
> -//
> 
> -// Get SMM Revision ID
> 
> -//
> 
> -MmSaveStateReadRegisterByIndex (CpuIndex, 
> AMD_MM_SAVE_STATE_REGISTER_SMMREVID_INDEX, sizeof (SmmRevId), );
> 
> -
> 
> -//
> 
> -// See if the CPU supports the IOMisc register in the save state
> 
> -//
> 
> -if (SmmRevId < AMD_SMM_MIN_REV_ID_X64) {
> 
> -  return EFI_NOT_FOUND;
> 
> -}
> 
> -
> 
>  // Check if IO Restart Dword [IO Trap] is valid or not using bit 1.
> 
>  if (!(CpuSaveState->x64.IO_DWord & 0x02u)) {
> 
>return EFI_NOT_FOUND;
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110244): https://edk2.groups.io/g/devel/message/110244
Mute This Topic: https://groups.io/mt/102219140/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] CodeQL and Apache Licensed Files

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 23:11, Michael Kubacki wrote:
> I'd like to bring attention to Apache License 2.0 code in the CodeQL
> series I sent to the mailing list for steward review.
> 
> In particular, the files in the BaseTools/Plugin/CodeQL/analyze
> directory of this patch:
> 
> https://edk2.groups.io/g/devel/message/109696
> 
> Please let me know if any next steps are needed.

(1) I don't know if edk2 accepts contributions under Apache License 2.0;
just want to point out that this license is acceptable in Fedora (and so
RHEL too), per
. Assuming
we're talking about "Apache Software License 2.0".

(2) Should we extend "License Details" and "Code Contributions" in
"ReadMe.rst"?

(3) Should the new files (under Apache License 2.0) use an SPDX
identifier tag, for easy greppability?

(4) With the addition, downstream packages (such as RPMs in Fedora and
RHEL) might want to spell out the short SPDX identifier of the new
license too in their License: tags.

Laszlo



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110243): https://edk2.groups.io/g/devel/message/110243
Mute This Topic: https://groups.io/mt/102230244/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/7] Support Tdx and sev in BaseIoLibIntrinsic and remove BaseIoLibIntrinsicSev

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 23:31, Lendacky, Thomas via groups.io wrote:
> On 10/27/23 03:05, Tan, Dun wrote:
>> Hi all,
>>
>> Could you please help to review this patch set? In this patch set, the
>> IoLib instance BaseIoLibIntrinsic is modified to support AMD SEV
>> feature and the BaseIoLibIntrinsicSev is removed.
>> Also could you help to do a test on AMD processor to make sure that
>> the SEV feature still works good with this patch set?
> 
> I was able to test SEV, SEV-ES and SEV-SNP guests successfully at each
> step of the patchset.
> 
> However, you are unrolling the string I/O for everyone, now, not just
> SEV guests. Is that acceptable to the community?

Thank you for making this comment, Tom, because this is exactly what I
meant to raise immediately, upon reading the cover letter.

No, it is not acceptable.

The FIFO variants exist for a reason. When the guest performs multiple
individual IO Port accesses, those translate to individual traps to the
hypervisor, with significant performance impact. When IO Port string
operations are used instead, with the REP prefix, then there is just
*one* trap, and the hypervisor can perform the whole "string" transfer
in one go (up to a page size, anyways, IIRC). This has very visible
impact on OVMF debug output (via the isa-debugcon QEMU device), and/or
in case fw_cfg is used without DMA support.

(If you search OvmfPkg for IoReadFifo8 and IoWriteFifo8, you'll find the
QemuFwCfgLib and PlatformDebugLibIoPort libraries using them.)

In fact, during initial SEV enablement, the SEV enlightenment was
introduced because SEV does not handle the REP prefix with these
instructions, and so a fallback had to be added.

See commits b6d11d7c4678 ("MdePkg: BaseIoLibIntrinsic (IoLib class)
library", 2017-04-13) and 97353a9c914d ("OvmfPkg: Update dsc to use
IoLib from BaseIoLibIntrinsicSev.inf", 2017-07-10).

Accordingly, there's a *huge* performance (boot time) impact when you
boot OVMF in a SEV guest with DEBUG_VERBOSE messages enabled (and
captured; i.e., when the isa-debugcon device is active).

> I think there need to
> be comments in IoLibFifo.c around the new code about why the access is
> unrolled/looping so that someone down the road doesn't come along and
> try to use string I/O again.

String IO must be preserved for such guests that don't run in
Confidential Virtual Machines ("CVM"s).

In particular patches #6 and #7 would damage OVMF.

Nacked-by: Laszlo Ersek 

Laszlo

> 
> From a commit message standpoint, you have up to 74 characters per line
> to use and I see most of your messages do not make use of that. Also,
> you use sev when it should be SEV. Using SEV will make grep'ing commit
> messages simpler.
> 
> Thanks,
> Tom
> 
>>
>> Thanks,
>> Dun
>>
>> -Original Message-
>> From: Tan, Dun
>> Sent: Friday, October 27, 2023 3:35 PM
>> To: Yao, Jiewen ; devel@edk2.groups.io
>> Subject: RE: [edk2-devel] [PATCH 0/7] Support Tdx and sev in
>> BaseIoLibIntrinsic and remove BaseIoLibIntrinsicSev
>>
>> Thanks for the suggestion.
>> I'll update the test result once I finished the test. Also the
>> abstract message in this patch has been modified to mention that this
>> patch should not be merged now.
>>
>> Thanks,
>> Dun
>>
>> -Original Message-
>> From: Yao, Jiewen 
>> Sent: Friday, October 27, 2023 3:07 PM
>> To: Tan, Dun ; devel@edk2.groups.io
>> Subject: RE: [edk2-devel] [PATCH 0/7] Support Tdx and sev in
>> BaseIoLibIntrinsic and remove BaseIoLibIntrinsicSev
>>
>> Here is my suggestion:
>>
>> 1) Please perform the test to ensure the functional part is correct.
>>
>> Without that, how can people know you are doing things right?
>>
>> 2) If you do not run any test, before you send out patch, please call
>> out that clearly.
>> That is important to reminder the maintainer: Don't merge, even if it
>> pass review.
>>
>> Otherwise, once the review passed, the maintainer may merge it.
>> I don't think that is the intention.
>>
>>
>>
>> Thank you
>> Yao, Jiewen
>>  
>>> -Original Message-
>>> From: Tan, Dun 
>>> Sent: Friday, October 27, 2023 2:32 PM
>>> To: Yao, Jiewen ; devel@edk2.groups.io
>>> Subject: RE: [edk2-devel] [PATCH 0/7] Support Tdx and sev in
>>> BaseIoLibIntrinsic and remove BaseIoLibIntrinsicSev
>>>
>>> Hi Jiewen,
>>>
>>> Currently I'm working on the Tdx test. Since the patch set doesn't
>>> change the code logic when Tdx or SEV is enabled, so I want to send
>>> out the patch as soon as possible to see if there is any comments
>>> from community.
>>>
>>> I will include AMD SEV reviewer in this patch series. Thanks for
>>> reminding.
>>>
>>> Thanks,
>>> Dun
>>>
>>> -Original Message-
>>> From: Yao, Jiewen 
>>> Sent: Friday, October 27, 2023 1:49 PM
>>> To: devel@edk2.groups.io; Tan, Dun 
>>> Subject: RE: [edk2-devel] [PATCH 0/7] Support Tdx and sev in
>>> BaseIoLibIntrinsic and remove BaseIoLibIntrinsicSev
>>>
>>> HI
>>> Since this impact TDX and SEV, would you please let me know what kind
>>> of test you have done?
>>> Have you validated

Re: [edk2-devel] [PATCH v2 0/1] StandaloneMmCore finds drivers in uncompressed inner fv.

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 07:49, Ni, Ray wrote:
> Wei,
> Thanks for fixing the 3 issues.
> Can you kindly separate the one patch to at least 2 patches?
> One patch is to fix minor issues.
> The other is to add support of nested uncompressed FV.

Yes please!

I'd even prefer a separate patch per individual issue fix (especially if
you count the recursion limiting too).

Thanks!
Laszlo

> 
> Thanks,
> Ray
> 
> *From:* Xu, Wei6 
> *Sent:* Friday, October 27, 2023 8:59 AM
> *To:* devel@edk2.groups.io 
> *Cc:* Xu, Wei6 ; Laszlo Ersek ;
> Ard Biesheuvel ; Sami Mujawar
> ; Ni, Ray 
> *Subject:* [PATCH v2 0/1] StandaloneMmCore finds drivers in uncompressed
> inner fv.
>  
> V1:
> This patch is to fix the issue that StandaloneMmCore fails to detect
> uncompressed inner FV.
> PR: https://github.com/tianocore/edk2/pull/4943
> 
> 
> V2:
> Based on V1, fix some other issues
> 1. Add Missing object size checks before casting pointers to header types
>   a. InnerFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)SectionData;
>  This is introduced in V1, add the size check on SectionDataSize
> against EFI_FIRMWARE_VOLUME_HEADER
>   b. Section = (EFI_COMMON_SECTION_HEADER *)(FileHeader + 1);
>  Use FfsFindSection instead of FfsFindSectionData to avoid pointer
> casting.
> 2. Fix potential memory leak issue that ScratchBuffer is not freed when
> page allocation for DstBuffer fails.
> PR: https://github.com/tianocore/edk2/pull/4965
> 
> 
> Cc: Laszlo Ersek 
> Cc: Ard Biesheuvel 
> Cc: Sami Mujawar 
> Cc: Ray Ni 
> 
> Wei6 Xu (1):
>   StandaloneMmPkg: Fix some issues in function MmCoreFfsFindMmDriver.
> 
>  StandaloneMmPkg/Core/FwVol.c | 34 ++
>  1 file changed, 26 insertions(+), 8 deletions(-)
> 
> -- 
> 2.29.2.windows.2
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110241): https://edk2.groups.io/g/devel/message/110241
Mute This Topic: https://groups.io/mt/102212657/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] StandaloneMmPkg: Fix the failure to find uncompressed inner FV.

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 04:21, Xu, Wei6 wrote:
> Hi Laszlo,
> 
> Thanks a lot for the review.
> 
> I send review the patch v2 to fix:
> - memory leaks on error paths
> - missing object size checks before casting pointers to header types
> (https://edk2.groups.io/g/devel/message/110160)

Thanks, will check it.

> 
> Regarding to 'unbounded recursion', I couldn't come up with a good solution 
> to fix the problem, let's fix the others first.

We've had the same issue in both the PEI Core and the DXE Core.

The PEI core issue was CVE-2018-12183. We have two TianoCore BZs related
to that, #1137 and #1126. I don't know / remember how the issue was
ultimately fixed. Presumably with the PEI Stack Guard. I don't think
that's a great solution, but either way, the issue seems hardly
exploitable (because it's arguably not easy for an attacker to inject
FVs in the PEI phase).

The DXE Core issue was CVE-2021-28210 -- TianoCore BZ#1743. The fix for
that was commit range 6c8dd15c4ae4..47343af30435. We introduced
PcdFwVolDxeMaxEncapsulationDepth to arbitrarily limit the depth of
recursion. It's a practical fix. I think the same approach could be
taken in the Standalone MM Core as well.

Laszlo

> 
> 
> BR,
> Wei
> 
> -Original Message-
> From: Laszlo Ersek  
> Sent: Tuesday, October 24, 2023 8:03 PM
> To: devel@edk2.groups.io; Xu, Wei6 
> Cc: Ard Biesheuvel ; Sami Mujawar 
> ; Ni, Ray 
> Subject: Re: [edk2-devel] [PATCH 1/1] StandaloneMmPkg: Fix the failure to 
> find uncompressed inner FV.
> 
> On 10/24/23 07:53, Xu, Wei6 wrote:
>> The MmCoreFfsFindMmDriver only checks for encapsulated compressed FVs.
>> When an inner FV is uncompressed, StandaloneMmCore will miss the FV 
>> and all the MM drivers in the FV will not be dispatched.
>> Add checks for uncompressed inner FV to fix this issue.
>>
>> Cc: Ard Biesheuvel 
>> Cc: Sami Mujawar 
>> Cc: Ray Ni 
>> Signed-off-by: Wei6 Xu 
>> ---
>>  StandaloneMmPkg/Core/FwVol.c | 11 +++
>>  1 file changed, 11 insertions(+)
>>
>> diff --git a/StandaloneMmPkg/Core/FwVol.c 
>> b/StandaloneMmPkg/Core/FwVol.c index 1f6d7714ba97..1a85d80eb9f7 100644
>> --- a/StandaloneMmPkg/Core/FwVol.c
>> +++ b/StandaloneMmPkg/Core/FwVol.c
>> @@ -104,6 +104,17 @@ MmCoreFfsFindMmDriver (
>>break;
>>  }
>>  
>> +Status = FfsFindSectionData (
>> +   EFI_SECTION_FIRMWARE_VOLUME_IMAGE,
>> +   FileHeader,
>> +   ,
>> +   
>> +   );
>> +if (!EFI_ERROR (Status)) {
>> +  InnerFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)SectionData;
>> +  MmCoreFfsFindMmDriver (InnerFvHeader);
>> +}
>> +
>>  Status = FfsFindSectionData (
>> EFI_SECTION_GUID_DEFINED,
>> FileHeader,
> 
> I'd recommend fixing other, more foundational issues first, in this function, 
> such as:
> 
> - memory leaks on error paths
> 
> - unbounded recursion
> 
> - missing object size checks before casting pointers to header types
> 
> At the same time I agree that this change doesn't seem to make things worse 
> than they are.
> 
> Laszlo
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110240): https://edk2.groups.io/g/devel/message/110240
Mute This Topic: https://groups.io/mt/102152694/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: 
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-libc Patch 1/1] ek2-libc: Sample python scripts for socket client capabilities on UEFI shell

2023-10-28 Thread Laszlo Ersek 
On 10/27/23 18:27, Jayaprakash, N wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4580
> 
> This BZ has been created to provide the sample python scripts
> to demonstrate the socket client capabilities using http library
> on UEFI shell with the help of Python UEFI interpreter.
> The http_echo_client.py and http_echo_server.py scripts
> are provided as sample scripts to exercise the python http library
> from UEFI shell.
> 
> Cc: Rebecca Cran 
> Cc: Michael D Kinney 
> Cc: Jayaprakash N 
> Signed-off-by: Jayaprakash Nevara 
> ---
>  .../PyMod-3.6.8/Lib/http_echo_client.py   | 81 +++
>  .../PyMod-3.6.8/Lib/http_echo_server.py   | 61 ++
>  2 files changed, 142 insertions(+)
>  create mode 100644 
> AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_client.py
>  create mode 100644 
> AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_server.py
> 
> diff --git 
> a/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_client.py 
> b/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_client.py
> new file mode 100644
> index 000..ea0368d
> --- /dev/null
> +++ 
> b/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_client.py
> @@ -0,0 +1,81 @@
> +"""
> +This is a sample HTTP echo client sends data to the server
> +and gets echoed data from the server in response body 
> +and prints the same to the console.
> +
> +Note: This application needs to be run from UEFI shell using
> +the Python UEFI interpreter.
> +"""
> +
> +import sys
> +import time
> +from http import client
> +from http.client import HTTPException
> +import traceback
> +
> +_max_retries = 10
> +_retry_count = 0
> +
> +
> +def _print_usage():
> +print("Sample http echo client application")
> +print("Usage:")
> +print("python.efi http_echo_client.py ")
> +
> +
> +if len(sys.argv) != 2:
> +_print_usage()
> +sys.exit(0)
> +
> +if sys.argv[1] == "-h":
> +_print_usage()
> +sys.exit(0)
> +
> +http_server = sys.argv[1]
> +while True:
> +try:
> +name = input("Enter the parameter name:")
> +value = input("Enter parameter value:")
> +print("Connecting to server to send a get request with following 
> parameter")
> +print("{}={}".format(name, value))
> +# replace space with %20

Better use
 here,
I'd think.

Laszlo

> +value = value.replace(" ", "%20")
> +conn = client.HTTPConnection(http_server)
> +# Send GET request with some data
> +conn.request("GET", "/echo?{}={}".format(name, value))
> +rsp = conn.getresponse()
> +if rsp.status == 204:
> +print("No content")
> +break
> +elif rsp.status == 200:
> +data_received = rsp.read()
> +# replace %20 with space character before displaying to console
> +data_received = data_received.replace(b"%20", b" ")
> +print("from server:{}".format(data_received))
> +conn.close()
> +print("Closing the connection")
> +break
> +else:
> +print("Invalid response code {}".format(rsp.status))
> +conn.close()
> +print("Closing the connection")
> +break
> +except HTTPException as exp:
> +print("Got exception while connecting to server : {}".format(exp))
> +traceback.print_exc()
> +break
> +except ConnectionRefusedError as exp:
> +print("Got exception while connecting to server : {}".format(exp))
> +print("Check & start the server, if it is not started")
> +print(
> +"Retrying connection after 10 seconds, retry count = {}".format(
> +_retry_count + 1
> +)
> +)
> +if _retry_count == _max_retries:
> +print(
> +"Exceeded max retries {} exiting the 
> application".format(_max_retries)
> +)
> +break
> +time.sleep(10)
> +_retry_count += 1
> diff --git 
> a/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_server.py 
> b/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_server.py
> new file mode 100644
> index 000..eebdf33
> --- /dev/null
> +++ 
> b/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Lib/http_echo_server.py
> @@ -0,0 +1,61 @@
> +"""
> +This is a sample HTTP echo server that echos the command / data
> +coming from the client.
> +Here the data is received from client through GET request in the 
> +form of parameter of GET request.
> +The parameter is extracted and sent back to the client 
> +in the response body.
> +
> +Note that this server sample application needs to be run 
> +on a system booted to OS. 
> +"""
> +
> +import os
> +import socket
> +import sys
> +from http.server import BaseHTTPRequestHandler, HTTPServer
> +from http.client

Re: [edk2-devel] [PATCH v2 0/3] Add Variable Policy Audit App and Shell Command

2023-10-28 Thread Ard Biesheuvel 
On Sat, 28 Oct 2023 at 03:18, Michael Kubacki
 wrote:
>
> From: Michael Kubacki 
>
> Adds a new module (dynamic shell command) to ShellPkg that lists
> variable policy information for all UEFI variables on the system.
>
> Some other UEFI variable related functionality is also included to
> give a greater sense of platform UEFI variable state.
>

Thanks, this looks usefu.

For the series,

Reviewed-by: Ard Biesheuvel 

Could we add it to ArmVirtPkg as well please?

> Like all dynamic shell commands, a platform only needs to include
> VariablePolicyDynamicCommand.inf in their flash image to have
> the command registered in their UEFI shell.
>
> The shell command is added to OvmfPkg so it is available in an
> easily obtainable virtual platform.
>
> The code can also be built as a standalone EFI application.
>
> This is being made available to ease auditing and enabling of UEFI
> variable policy to encourage its adoption for securing UEFI
> variables.
>
> ---
>
> Command Help:
>
> Lists UEFI variable policy information.
>
> VARPOLICY [-p] [-s] [-v]
>
>   -p - The policy flag will print variable policy info for each variable.
>
>   -s - The stats flag will print overall UEFI variable policy statistics.
>
>   -v - The verbose flag indicates all known information should be printed.
>
>This includes a dump of the corresponding UEFI variable data in
>addition to all other UEFI variable policy information.
>
> EXAMPLES:
>
>   * To dump all active UEFI variables:
> fs0:\> varpolicy
>
>   * To include UEFI variable policy information:
> varpolicy -p
>
>   * To include UEFI variable statistics:
> varpolicy -s
>
> Press ENTER to continue or 'Q' break:
>
> ---
>
> v2 changes:
>
> - Allow the variable policy dynamic command to also be built as a
>   standalone EFI app.
>
> Images showing example output are available in the PR:
> https://github.com/tianocore/edk2/pull/4835
>
> Cc: Anatol Belski 
> Cc: Anthony Perard 
> Cc: Dandan Bi 
> Cc: Gerd Hoffmann 
> Cc: Hao A Wu 
> Cc: Jian J Wang 
> Cc: Jianyong Wu 
> Cc: Jiewen Yao 
> Cc: Jordan Justen 
> Cc: Julien Grall 
> Cc: Liming Gao 
> Cc: Michael D Kinney 
> Cc: Zhichao Gao 
>
> Michael Kubacki (3):
>   MdeModulePkg/VariablePolicy: Add more granular variable policy
> querying
>   ShellPkg: Add varpolicy dynamic shell command and app
>   OvmfPkg: Add varpolicy shell command
>
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c   
>  | 174 +++-
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c   
>  | 304 +++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c 
>  |   4 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>  | 346 +++-
>  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.c
>  | 877 
>  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.c 
>  |  59 ++
>  
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.c
>| 157 
>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>  |  39 +-
>  MdeModulePkg/Include/Library/VariablePolicyLib.h 
>  | 107 +++
>  MdeModulePkg/Include/Protocol/VariablePolicy.h   
>  | 133 ++-
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf 
>  |   1 +
>  OvmfPkg/CloudHv/CloudHvX64.dsc   
>  |   4 +
>  OvmfPkg/Microvm/MicrovmX64.dsc   
>  |   4 +
>  OvmfPkg/OvmfPkgIa32.dsc  
>  |   4 +
>  OvmfPkg/OvmfPkgIa32X64.dsc   
>  |   4 +
>  OvmfPkg/OvmfPkgX64.dsc   
>  |   4 +
>  OvmfPkg/OvmfXen.dsc  
>  |   4 +
>  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.h
>  | 126 +++
>  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.uni  
>  |  86 ++
>  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.inf   
>  |  58 ++
>  
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
>  |  57 ++
>  ShellPkg/ShellPkg.dsc
>  |   5 +
>  22 files changed, 2511 insertions(+), 46 deletions(-)
>  create mode 100644 
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicy.c
>  create mode 100644 
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyApp.c
>  create mode 100644 
> ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.c
>