Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions
Hi Chris, 1. Please create a feature request BugZilla to introduce the background of the new API, such as purpose and application scenarios. 2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support RsaContext input and the rest is same as old API right? Regards, Yi -Original Message- From: Chris Ruffin Sent: Tuesday, March 19, 2024 5:52 AM To: devel@edk2.groups.io Cc: Chris Ruffin ; Yao, Jiewen ; Li, Yi1 ; Hou, Wenxing Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions From: Chris Ruffin Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib. Applications using RSA crypto functions directly from OpensslLib can transition to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 102 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 506 -- .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 114 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 114 4 files changed, 789 insertions(+), 47 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index a52bd91ad6..7ad2bf21fe 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt ( OUT UINTN*EncryptedDataSize ); +/**+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ encrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - X509 key size does not match any known key size.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.+ - Data size is too large for the provided key size (max size is a function of key size+and hash digest size).++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a public key using RsaSetKey().+ @param[in] InData Data to be encrypted.+ @param[in] InDataSize Size of the data buffer.+ @param[in] PrngSeed[Optional] If provided, a pointer to a random seed buffer+ to be used when initializing the PRNG. NULL otherwise.+ @param[in] PrngSeedSize [Optional] If provided, size of the random seed buffer.+ 0 otherwise.+ @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] EncryptedDataSize Size of the encrypted message buffer.++ @retval TRUEEncryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt (+ IN VOID *RsaContext,+ IN UINT8*InData,+ IN UINTN InDataSize,+ IN CONST UINT8 *PrngSeed OPTIONAL,+ IN UINTN PrngSeedSize OPTIONAL,+ OUT UINT8**EncryptedData,+ OUT UINTN *EncryptedDataSize+ );++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] PrivateKey A pointer to the DER-encoded private key.+ @param[in] PrivateKeySize Size of the private key buffer.+ @param[in] EncryptedData Data to be decrypted.+ @param[in] EncryptedDataSize Size of the encrypted buffer.+ @param[out] OutData Pointer to an allocated buffer containing the encrypted+ message.+ @param[out] OutDataSize Size of the encrypted message buffer.++ @retval TRUEEncryption was successful.+ @retval FALSE Encryption failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+ IN CONST UINT8 *PrivateKey,+ IN UINTNPrivateKeySize,+ IN UINT8*EncryptedData,+ IN UINTNEncryptedDataSize,+ OUT UINT8**OutData,+ OUT UINTN *OutDataSize+ );++/**+ Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the+ decrypted message in a newly allocated buffer.++ Things that can cause a failure include:+ - Fail to parse private key.+ - Fail to allocate an intermediate buffer.+ - Null pointer provided for a non-optional parameter.++ @param[in] RsaContext A pointer to an RSA context created by RsaNew() and+ provisioned with a private key using RsaSetKey().+
Re: [edk2-devel] [PATCH v1 21/26] OvmfPkg/LoongArchVirt: Add FdtQemuFwCfgLib
Hi Gerd, Thanks, Chao On 2024/3/18 23:28, Gerd Hoffmann wrote: On Sat, Mar 16, 2024 at 10:17:00AM +0800, lixianglai wrote: Hi Gerd: On Mon, Mar 11, 2024 at 02:39:31AM -0700, Chao Li wrote: This library for PEI phase, and obtains the QemuFwCfg base address by directly parsing the FDT, reads and writes the data in QemuFwCfg by operating on the QemuFwCfg base address. create mode 100644 OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.c create mode 100644 OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.inf create mode 100644 OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgLibInternal.h create mode 100644 OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgPei.c Is there anything LoongArch-specific in there? No,The main function of this lib library is to obtain the fwcfg base address by parsing fdt in the pei stage, and provide access to fwcfg through mmio mode, the difference between it and the existing library is that the fwcfg base address is not hard-coded in the compilation stage, and is accessed through mmio rather than io port. That would be the case for risc-v and aarch64 too, although I think they don't need fw_cfg right now (they get all info needed via fdt). I think we should add this as OvmfPkg/Library/FdtQemuFwCfgLib. Ok, I will commit this change under OvmfPkg/Library next time. Same to patch 20, I will try to adjust and verify in risc-v and aarch64 after merging this change. Another point that needs to be explained is that because loongarch virtual machine runs on flash in pei phase, it cannot assign the pcd global variable, so we use Hob as the global variable to store the fwcfg base address. I think the dynamic PCD database is stored in a HOB and you should be able to set PCDs them even when running from (read-only) flash. Let's me try. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116876): https://edk2.groups.io/g/devel/message/116876 Mute This Topic: https://groups.io/mt/104859897/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v1 20/26] OvmfPkg/LoongArchVirt: Add NorFlashQemuLib
Hi Gerd, Thanks, Chao On 2024/3/18 23:21, Gerd Hoffmann wrote: On Sat, Mar 16, 2024 at 06:19:00PM +0800, lixianglai wrote: Hi Gerd: On Mon, Mar 11, 2024 at 02:39:24AM -0700, Chao Li wrote: Add NorFlashQemuLib for LoongArch, it is referenced from ArmVirtPkg. What are the differences to the ArmVirtPkg version? In this lib we have assigned the following three pcd variables: PcdFlashNvStorageVariableBase PcdFlashNvStorageFtwWorkingBase PcdFlashNvStorageFtwSpareBase Instead of hardcoding these three variables in the VarStore.fdf.inc file as arm does, the benefit is that when the flash base address changes in the qemu implementation, there is no need to re-adapt and compile UEFI. The flash memory layout (address + size) for the aarch64 virt machine has never changed. So while it sounds nice in theory to have that option it could very well be that this will never ever needed in practice. Having sayed that I'd also note that I think it should also be possible to switch the aarch64 builds to set the PCDs at runtime instead of compile time. When I tried to implement the current patch scheme on aarch64, I found that the FaultTolerantWriteDxe driver loaded earlier than VirtNorFlashDxe. And It requires the PcdFlashNvStorageFtwWorkingSize and PcdFlashNvStorageFtwSpareSize variables for initialization, However the initialization of these two variables is completed in VirtNorFlashDxe, The fdf file specifies that VirtNorFlashDxe is loaded first and then FaultTolerantWriteDxe is loaded in loongarch64. So this is going to be a problem if we want to apply the current solution to aarch64 or risc-v. There is a non-obvious twist: VirtNorFlashDxe registers the gEdkiiNvVarStoreFormattedGuid protocol. There is the EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf library, which only purpose is to add a dependency to gEdkiiNvVarStoreFormattedGuid to depex. NvVarStoreFormattedLib.inf is used this way ... MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { A [ ... ] NULL|EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf [ ... ] } ... to make sure VariableRuntimeDxe is scheduled after VirtNorFlashDxe. I think you can apply the same idea to FaultTolerantWriteDxe. I can't tell the implementation scheme of the current lib and existing lib implementation scheme which one is better, Could you give we some advice? I'd suggest to merge your code as OvmfPkg/Library/FdtNorFlashQemuLib as it is not really loongarch-specific. If you want try switch aarch64 to use the same code that'll be great, but sorting that out later is also fine with me. If you think this design is looks better, then I'm prepare to commit this change under the OvmfPkg/Library as a public library. And I will enable it in aarch64 after merging this change, because I think it may be tweaked and validated in aarch64 for many platforms. Do you think that is good? take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116875): https://edk2.groups.io/g/devel/message/116875 Mute This Topic: https://groups.io/mt/104859896/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - Tuesday, March 19, 2024 #cal-reminder
*Reminder: TianoCore Bug Triage - APAC / NAMO* *When:* Tuesday, March 19, 2024 6:30pm to 7:30pm (UTC-07:00) America/Los Angeles *Where:* https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d *Organizer:* Liming Gao gaolim...@byosoft.com.cn ( gaolim...@byosoft.com.cn?subject=Re:%20Event:%20TianoCore%20Bug%20Triage%20-%20APAC%20%2F%20NAMO ) View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=2159770 ) *Description:* TianoCore Bug Triage - APAC / NAMO Hosted by Liming Gao Microsoft Teams meeting *Join on your computer or mobile app* Click here to join the meeting ( https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d ) *Join with a video conferencing device* te...@conf.intel.com Video Conference ID: 116 062 094 0 Alternate VTC dialing instructions ( https://conf.intel.com/teams/?conf=1160620940=teams=conf.intel.com=test_call ) *Or call in (audio only)* +1 916-245-6934,,77463821# ( tel:+19162456934,,77463821# ) United States, Sacramento Phone Conference ID: 774 638 21# Find a local number ( https://dialin.teams.microsoft.com/d195d438-2daa-420e-b9ea-da26f9d1d6d5?id=77463821 ) | Reset PIN ( https://mysettings.lync.com/pstnconferencing ) Learn More ( https://aka.ms/JoinTeamsMeeting ) | Meeting options ( https://teams.microsoft.com/meetingOptions/?organizerId=b286b53a-1218-4db3-bfc9-3d4c5aa7669e=46c98d88-e344-4ed4-8496-4ed7712e255d=19_meeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh@thread.v2=0=en-US ) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116874): https://edk2.groups.io/g/devel/message/116874 Mute This Topic: https://groups.io/mt/105016832/21656 Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] Now: Tools, CI, Code base construction meeting series - Monday, March 18, 2024 #cal-notice
*Tools, CI, Code base construction meeting series* *When:* Monday, March 18, 2024 4:30pm to 5:30pm (UTC-07:00) America/Los Angeles *Where:* https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDI2ZDg4NmMtMjI1My00MzI5LWFmYjAtMGQyNjUzNTBjZGYw%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2223af6561-6e1c-450d-b917-d9d674eb3cb6%22%7d View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=2159775 ) *Description:* TianoCore community, Microsoft and Intel will be hosting a series of open meetings to discuss build, CI, tools, and other related topics. If you are interested, have ideas/opinions please join us. These meetings will be Monday 4:30pm Pacific Time on Microsoft Teams. MS Teams Link in following discussion: * https://github.com/tianocore/edk2/discussions/2614 Anyone is welcome to join. * tianocore/edk2: EDK II (github.com) * tianocore/edk2-basetools: EDK II BaseTools Python tools as a PIP module (github.com) https://github.com/tianocore/edk2-basetools * tianocore/edk2-pytool-extensions: Extensions to the edk2 build system allowing for a more robust and plugin based build system and tool execution environment (github.com) https://github.com/tianocore/edk2-pytool-extensions * tianocore/edk2-pytool-library: Python library package that supports UEFI development (github.com) https://github.com/tianocore/edk2-pytool-library MS Teams Browser Clients * https://docs.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116873): https://edk2.groups.io/g/devel/message/116873 Mute This Topic: https://groups.io/mt/105015041/21656 Mute #cal-notice:https://edk2.groups.io/g/devel/mutehashtag/cal-notice Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 3/3] CryptoPkg/BaseCryptLibUnitTest: add unit test functions
From: Chris Ruffin Add unit test functions: TestVerifyPkcs1v2Decrypt() TestVerifyTestRsaOaepEncrypt() TestVerifyTestRsaOaepDecrypt() Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- .../Library/BaseCryptLib/OaepEncryptTests.c | 184 +- 1 file changed, 182 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c index 22a4ea7e46..2b5c6d04da 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c @@ -153,9 +153,42 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 PrivateKey[] = { 0x86, 0x10, 0x09, 0x88, 0x6C, 0x35, 0x60, 0xF2, }; +// +// Public Modulus of RSA Key +// +GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8 RsaN[] = { + 0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 0x9D, 0xA8, 0x71, 0xF7, + 0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 0x74, 0x54, 0xF5, 0x1F, + 0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 0xEB, 0x6F, 0xCD, 0x48, + 0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 0x5B, 0x8B, 0x80, 0x7F, + 0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 0xD9, 0x3A, 0x25, 0x84, + 0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 0x45, 0x98, 0x39, 0x4E, + 0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 0xF6, 0xC1, 0x68, 0x7F, + 0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 0x09, 0x1D, 0xBD, 0xCB +}; + +// +// Public Exponent of RSA Key +// +GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8 RsaE[] = { 0x11 }; + +// +// Private Exponent of RSA Key +// +GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8 RsaD[] = { + 0xA5, 0xDA, 0xFC, 0x53, 0x41, 0xFA, 0xF2, 0x89, 0xC4, 0xB9, 0x88, 0xDB, 0x30, 0xC1, 0xCD, 0xF8, + 0x3F, 0x31, 0x25, 0x1E, 0x06, 0x68, 0xB4, 0x27, 0x84, 0x81, 0x38, 0x01, 0x57, 0x96, 0x41, 0xB2, + 0x94, 0x10, 0xB3, 0xC7, 0x99, 0x8D, 0x6B, 0xC4, 0x65, 0x74, 0x5E, 0x5C, 0x39, 0x26, 0x69, 0xD6, + 0x87, 0x0D, 0xA2, 0xC0, 0x82, 0xA9, 0x39, 0xE3, 0x7F, 0xDC, 0xB8, 0x2E, 0xC9, 0x3E, 0xDA, 0xC9, + 0x7F, 0xF3, 0xAD, 0x59, 0x50, 0xAC, 0xCF, 0xBC, 0x11, 0x1C, 0x76, 0xF1, 0xA9, 0x52, 0x94, 0x44, + 0xE5, 0x6A, 0xAF, 0x68, 0xC5, 0x6C, 0x09, 0x2C, 0xD3, 0x8D, 0xC3, 0xBE, 0xF5, 0xD2, 0x0A, 0x93, + 0x99, 0x26, 0xED, 0x4F, 0x74, 0xA1, 0x3E, 0xDD, 0xFB, 0xE1, 0xA1, 0xCE, 0xCC, 0x48, 0x94, 0xAF, + 0x94, 0x28, 0xC2, 0xB7, 0xB8, 0x88, 0x3F, 0xE4, 0x46, 0x3A, 0x4B, 0xC8, 0x5B, 0x1C, 0xB3, 0xC1 +}; + UNIT_TEST_STATUS EFIAPI -TestVerifyOaepEncrypt ( +TestVerifyPkcs1v2Encrypt ( IN UNIT_TEST_CONTEXT Context ) { @@ -296,11 +329,158 @@ TestVerifyOaepEncrypt ( return UNIT_TEST_PASSED; } +UNIT_TEST_STATUS +EFIAPI +TestVerifyPkcs1v2Decrypt ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8PlaintextBuffer[4]; + UINT8*EncryptedBuffer; + UINTNEncryptedBufferSize; + UINT8*DecryptedBuffer; + UINTNDecryptedBufferSize; + + // Create a file and add content '123' in it + PlaintextBuffer[0] = '1'; + PlaintextBuffer[1] = '2'; + PlaintextBuffer[2] = '3'; + PlaintextBuffer[3] = 0; + + Status = Pkcs1v2Encrypt ( + SelfTestCert, + (UINTN)sizeof (SelfTestCert), + PlaintextBuffer, + (UINTN)sizeof (PlaintextBuffer), + NULL, + 0, + , + (UINTN *) + ); + UT_ASSERT_TRUE (Status); + + Status = Pkcs1v2Decrypt ( + PrivateKey, + (UINTN)sizeof (PrivateKey), + EncryptedBuffer, + EncryptedBufferSize, + , + (UINTN *) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_TRUE ((CompareMem (PlaintextBuffer, DecryptedBuffer, DecryptedBufferSize) == 0)); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyRsaOaepEncrypt ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8PlaintextBuffer[4]; + UINT8*EncryptedBuffer; + UINTNEncryptedBufferSize; + VOID *RsaContext = NULL; + + // Create a file and add content '123' in it + PlaintextBuffer[0] = '1'; + PlaintextBuffer[1] = '2'; + PlaintextBuffer[2] = '3'; + PlaintextBuffer[3] = 0; + + RsaContext = RsaNew (); + UT_ASSERT_FALSE (RsaContext == NULL); + + Status = RsaSetKey (RsaContext, RsaKeyN, RsaN, sizeof (RsaN)); + UT_ASSERT_TRUE (Status); + + Status = RsaSetKey (RsaContext, RsaKeyE, RsaE, sizeof (RsaE)); + UT_ASSERT_TRUE (Status); + + Status = RsaOaepEncrypt ( + RsaContext, + PlaintextBuffer, + sizeof (PlaintextBuffer), + NULL, + 0, + , + + ); + UT_ASSERT_TRUE (Status); + + return UNIT_TEST_PASSED; +} +
[edk2-devel] [PATCH 2/3] CryptoPkg/Driver: add additional RSAEP-OAEP crypto functions
From: Chris Ruffin Add new library members to CryptoPkg/Driver. Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Driver/Crypto.c | 116 +- .../Pcd/PcdCryptoServiceFamilyEnable.h| 3 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 100 +++ CryptoPkg/Private/Protocol/Crypto.h | 97 ++- 4 files changed, 314 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index bdbb4863a9..3bfce16fa6 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3589,6 +3589,117 @@ CryptoServicePkcs1v2Encrypt ( return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Encrypt, Pkcs1v2Encrypt, (PublicKey, PublicKeySize, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize), FALSE); } +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size +and hash digest size). + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a public key using RsaSetKey(). + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed[Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize[Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceRsaOaepEncrypt ( + IN VOID *RsaContext, + IN UINT8*InData, + IN UINTNInDataSize, + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTNPrngSeedSize OPTIONAL, + OUT UINT8**EncryptedData, + OUT UINTN*EncryptedDataSize + ) +{ + return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepEncrypt, RsaOaepEncrypt, (RsaContext, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize), FALSE); +} + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] PrivateKey A pointer to the DER-encoded private key. + @param[in] PrivateKeySize Size of the private key buffer. + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +CryptoServicePkcs1v2Decrypt ( + IN CONST UINT8 *PrivateKey, + IN UINTNPrivateKeySize, + IN UINT8*EncryptedData, + IN UINTNEncryptedDataSize, + OUT UINT8**OutData, + OUT UINTN*OutDataSize + ) +{ + return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Decrypt, Pkcs1v2Decrypt, (PrivateKey, PrivateKeySize, EncryptedData, EncryptedDataSize, OutData, OutDataSize), FALSE); +} + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a private key using RsaSetKey(). + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval
[edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions
From: Chris Ruffin Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib. Applications using RSA crypto functions directly from OpensslLib can transition to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 102 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 506 -- .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 114 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 114 4 files changed, 789 insertions(+), 47 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index a52bd91ad6..7ad2bf21fe 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt ( OUT UINTN*EncryptedDataSize ); +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size +and hash digest size). + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a public key using RsaSetKey(). + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed[Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize[Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +RsaOaepEncrypt ( + IN VOID *RsaContext, + IN UINT8*InData, + IN UINTNInDataSize, + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTNPrngSeedSize OPTIONAL, + OUT UINT8**EncryptedData, + OUT UINTN*EncryptedDataSize + ); + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] PrivateKey A pointer to the DER-encoded private key. + @param[in] PrivateKeySize Size of the private key buffer. + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +Pkcs1v2Decrypt ( + IN CONST UINT8 *PrivateKey, + IN UINTNPrivateKeySize, + IN UINT8*EncryptedData, + IN UINTNEncryptedDataSize, + OUT UINT8**OutData, + OUT UINTN*OutDataSize + ); + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a private key using RsaSetKey(). + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +RsaOaepDecrypt ( + IN
[edk2-devel] [PATCH] Package/Module: edk2-platforms\Features\Intel\UserInterface\UserAuthFeaturePkg
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4645 Clear out the variable SmmCommunicateSetPassword which contains password before goto Exit. To avoid vulnerability. Signed-off-by: Nayana Patel --- .../UserAuthenticationDxeSmm/UserAuthenticationSmm.c| 2 ++ 1 file changed, 2 insertions(+) diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c index 98f40c1812..8d7c018688 100644 --- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c +++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c @@ -499,6 +499,7 @@ SmmPasswordHandler ( if (PasswordLen == sizeof(SmmCommunicateSetPassword.OldPassword)) { DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: OldPassword invalid!\n")); Status = EFI_INVALID_PARAMETER; + ZeroMem (, sizeof (SmmCommunicateSetPassword)); goto EXIT; } @@ -510,6 +511,7 @@ SmmPasswordHandler ( } else { Status = EFI_SECURITY_VIOLATION; } + ZeroMem (, sizeof (SmmCommunicateSetPassword)); goto EXIT; } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116869): https://edk2.groups.io/g/devel/message/116869 Mute This Topic: https://groups.io/mt/105014793/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4650
sPasswordStrong checks for password complexity requirements. It does bare minimal checking for existence of uppercase, lowercase, numeral, and symbol. A password with repeating characters would be an acceptable password, such as 1!Aa.IsPasswordInHistory checks if the password hash of the password being entered matches the hash of the previous 5 passwords. Added a check for preventing each character repeat more than twice consecutively Signed-off-by: V V Pranav --- .../UserAuthenticationDxeStrings.uni | 4 ++-- .../UserAuthenticationDxeSmm/UserAuthenticationSmm.c | 5 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni index 1e3a179677..8c4d8528ee 100644 --- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni +++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni @@ -19,8 +19,8 @@ #language fr-FR "Password Management Form" #string STR_ADMIN_PASSWORD_PROMPT #language en-US "Change Admin Password" #language fr-FR "Change Admin Password" -#string STR_ADMIN_PASSWORD_HELP#language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." - #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." +#string STR_ADMIN_PASSWORD_HELP#language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, symbol and each character should not repeat more than twice consecutively. Input an empty password can clean old admin password, then no need input password to enter UI." + #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, symbol and each character should not repeat more than twice consecutively. Input an empty password can clean old admin password, then no need input password to enter UI." #string STR_ADMIN_PASSWORD_STS_HELP#language en-US "Current Admin Password status: Installed or Not Installed." #language fr-FR "Current Admin Password status: Installed or Not Installed." #string STR_ADMIN_PASSWORD_STS_PROMPT #language en-US "Admin Password Status" diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c index 98f40c1812..d5e1488162 100644 --- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c +++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c @@ -362,6 +362,11 @@ IsPasswordStrong ( } else { HasSymbol = TRUE; } +if ((Index+2) <= (PasswordSize - 1)) { + if (Password[Index] == Password[Index+1] && Password[Index+1] == Password[Index+2]) { +return FALSE; + } +} } if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) { return FALSE; -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116868): https://edk2.groups.io/g/devel/message/116868 Mute This Topic: https://groups.io/mt/105014792/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Revert "ProcessLibraryConstructorList()"
From: Bruce Wang This reverts commit 1c0db2315109233e77e6b5a52704d14550dcba3c That commit cause a build error "ProcessLibraryConstructorList undefined" in FitUniversalPayloadEntry.c Cc: Gua Guo Cc: Guo Dong Cc: James Lu Cc: Sean Rhodes Signed-off-by: BruceX Wang --- .../UefiPayloadEntry/FitUniversalPayloadEntry.inf | 2 +- UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 10 ++ UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf | 2 +- .../UefiPayloadEntry/UniversalPayloadEntry.inf | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf index b87a0989ee..01fb3aceb3 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf +++ b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf @@ -8,7 +8,7 @@ ## [Defines] - INF_VERSION= 1.30 + INF_VERSION= 0x00010005 BASE_NAME = FitUniversalPayloadEntry FILE_GUID = CED5A8A9-B6EA-4D5A-8689-577EE88566CF MODULE_TYPE= SEC diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h index 80ccc5072c..ad8a9fd22b 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h +++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h @@ -51,6 +51,16 @@ #define E820_PMEM 7 #define E820_UNDEFINED 8 +/** + Auto-generated function that calls the library constructors for all of the module's + dependent libraries. +**/ +VOID +EFIAPI +ProcessLibraryConstructorList ( + VOID + ); + /** Add a new HOB to the HOB List. diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf index a3ff4b86ea..e2af8a4b7c 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf +++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf @@ -9,7 +9,7 @@ ## [Defines] - INF_VERSION= 1.30 + INF_VERSION= 0x00010005 BASE_NAME = PayloadEntry FILE_GUID = 2119BBD7-9432-4f47-B5E2-5C4EA31B6BDC MODULE_TYPE= SEC diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf index a62da5c705..5112cdc1e5 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf +++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf @@ -8,7 +8,7 @@ ## [Defines] - INF_VERSION= 1.30 + INF_VERSION= 0x00010005 BASE_NAME = UniversalPayloadEntry FILE_GUID = D4F0F269-1209-4A66-8039-C4D5A700EA4E MODULE_TYPE= SEC -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116867): https://edk2.groups.io/g/devel/message/116867 Mute This Topic: https://groups.io/mt/105014786/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 0/1] Revert "ProcessLibraryConstructorList()
From: Bruce Wang This reverts commit 1c0db2315109233e77e6b5a52704d14550dcba3c That commit caused debug messages to be missing in FitUniversalPayload.c. Bruce Wang (1): UefiPayloadPkg: Revert "ProcessLibraryConstructorList()" .../UefiPayloadEntry/FitUniversalPayloadEntry.inf | 2 +- UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 10 ++ UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf | 2 +- .../UefiPayloadEntry/UniversalPayloadEntry.inf | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116866): https://edk2.groups.io/g/devel/message/116866 Mute This Topic: https://groups.io/mt/105014784/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Cleanup ProcessLibraryConstructorList()
From: Bruce Wang ProcessLibraryConstructorList() no needs to be called manually after INF version greater or equal to 1.30. Cc: Guo Dong Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: BruceX Wang --- UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c | 2 -- UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c | 2 -- UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c| 2 -- 3 files changed, 6 deletions(-) diff --git a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c index eb0b325369..58a7e8190f 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c +++ b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c @@ -616,8 +616,6 @@ _ModuleEntryPoint ( mHobList = (VOID *)BootloaderParameter; DxeFv= NULL; - // Call constructor for all libraries - ProcessLibraryConstructorList (); DEBUG ((DEBUG_INFO, "Entering Universal Payload...\n")); DEBUG ((DEBUG_INFO, "sizeof(UINTN) = 0x%x\n", sizeof (UINTN))); diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c index 030a5baed9..7c65869563 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c +++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c @@ -434,8 +434,6 @@ _ModuleEntryPoint ( UniversalSerialPort->RegisterStride = (UINT8)SerialPortInfo.RegWidth; } - // The library constructors might depend on serial port, so call it after serial port hob - ProcessLibraryConstructorList (); DEBUG ((DEBUG_INFO, "sizeof(UINTN) = 0x%x\n", sizeof (UINTN))); // Build HOB based on information from Bootloader diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c index f37c00fad7..019b6b3d8b 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c +++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c @@ -462,8 +462,6 @@ _ModuleEntryPoint ( mHobList = (VOID *)BootloaderParameter; DxeFv= NULL; - // Call constructor for all libraries - ProcessLibraryConstructorList (); DEBUG ((DEBUG_INFO, "Entering Universal Payload...\n")); DEBUG ((DEBUG_INFO, "sizeof(UINTN) = 0x%x\n", sizeof (UINTN))); -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116865): https://edk2.groups.io/g/devel/message/116865 Mute This Topic: https://groups.io/mt/105014773/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 0/1] Cleanup ProcessLibraryConstructorList()
From: Bruce Wang ProcessLibraryConstructorList() no needs to be called manually after INF version greater or equal to 1.30. Bruce Wang (1): UefiPayloadPkg: Cleanup ProcessLibraryConstructorList() UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c | 2 -- UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c | 2 -- UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c| 2 -- 3 files changed, 6 deletions(-) -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116864): https://edk2.groups.io/g/devel/message/116864 Mute This Topic: https://groups.io/mt/105014770/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 3/3] CryptoPkg/BaseCryptLibUnitTest: add unit test functions
From: Chris Ruffin Add unit test functions: TestVerifyPkcs1v2Decrypt() TestVerifyTestRsaOaepEncrypt() TestVerifyTestRsaOaepDecrypt() Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- .../Library/BaseCryptLib/OaepEncryptTests.c | 184 +- 1 file changed, 182 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c index 22a4ea7e46..2b5c6d04da 100644 --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c @@ -153,9 +153,42 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 PrivateKey[] = { 0x86, 0x10, 0x09, 0x88, 0x6C, 0x35, 0x60, 0xF2, }; +// +// Public Modulus of RSA Key +// +GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8 RsaN[] = { + 0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 0x9D, 0xA8, 0x71, 0xF7, + 0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 0x74, 0x54, 0xF5, 0x1F, + 0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 0xEB, 0x6F, 0xCD, 0x48, + 0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 0x5B, 0x8B, 0x80, 0x7F, + 0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 0xD9, 0x3A, 0x25, 0x84, + 0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 0x45, 0x98, 0x39, 0x4E, + 0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 0xF6, 0xC1, 0x68, 0x7F, + 0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 0x09, 0x1D, 0xBD, 0xCB +}; + +// +// Public Exponent of RSA Key +// +GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8 RsaE[] = { 0x11 }; + +// +// Private Exponent of RSA Key +// +GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8 RsaD[] = { + 0xA5, 0xDA, 0xFC, 0x53, 0x41, 0xFA, 0xF2, 0x89, 0xC4, 0xB9, 0x88, 0xDB, 0x30, 0xC1, 0xCD, 0xF8, + 0x3F, 0x31, 0x25, 0x1E, 0x06, 0x68, 0xB4, 0x27, 0x84, 0x81, 0x38, 0x01, 0x57, 0x96, 0x41, 0xB2, + 0x94, 0x10, 0xB3, 0xC7, 0x99, 0x8D, 0x6B, 0xC4, 0x65, 0x74, 0x5E, 0x5C, 0x39, 0x26, 0x69, 0xD6, + 0x87, 0x0D, 0xA2, 0xC0, 0x82, 0xA9, 0x39, 0xE3, 0x7F, 0xDC, 0xB8, 0x2E, 0xC9, 0x3E, 0xDA, 0xC9, + 0x7F, 0xF3, 0xAD, 0x59, 0x50, 0xAC, 0xCF, 0xBC, 0x11, 0x1C, 0x76, 0xF1, 0xA9, 0x52, 0x94, 0x44, + 0xE5, 0x6A, 0xAF, 0x68, 0xC5, 0x6C, 0x09, 0x2C, 0xD3, 0x8D, 0xC3, 0xBE, 0xF5, 0xD2, 0x0A, 0x93, + 0x99, 0x26, 0xED, 0x4F, 0x74, 0xA1, 0x3E, 0xDD, 0xFB, 0xE1, 0xA1, 0xCE, 0xCC, 0x48, 0x94, 0xAF, + 0x94, 0x28, 0xC2, 0xB7, 0xB8, 0x88, 0x3F, 0xE4, 0x46, 0x3A, 0x4B, 0xC8, 0x5B, 0x1C, 0xB3, 0xC1 +}; + UNIT_TEST_STATUS EFIAPI -TestVerifyOaepEncrypt ( +TestVerifyPkcs1v2Encrypt ( IN UNIT_TEST_CONTEXT Context ) { @@ -296,11 +329,158 @@ TestVerifyOaepEncrypt ( return UNIT_TEST_PASSED; } +UNIT_TEST_STATUS +EFIAPI +TestVerifyPkcs1v2Decrypt ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8PlaintextBuffer[4]; + UINT8*EncryptedBuffer; + UINTNEncryptedBufferSize; + UINT8*DecryptedBuffer; + UINTNDecryptedBufferSize; + + // Create a file and add content '123' in it + PlaintextBuffer[0] = '1'; + PlaintextBuffer[1] = '2'; + PlaintextBuffer[2] = '3'; + PlaintextBuffer[3] = 0; + + Status = Pkcs1v2Encrypt ( + SelfTestCert, + (UINTN)sizeof (SelfTestCert), + PlaintextBuffer, + (UINTN)sizeof (PlaintextBuffer), + NULL, + 0, + , + (UINTN *) + ); + UT_ASSERT_TRUE (Status); + + Status = Pkcs1v2Decrypt ( + PrivateKey, + (UINTN)sizeof (PrivateKey), + EncryptedBuffer, + EncryptedBufferSize, + , + (UINTN *) + ); + UT_ASSERT_TRUE (Status); + + UT_ASSERT_TRUE ((CompareMem (PlaintextBuffer, DecryptedBuffer, DecryptedBufferSize) == 0)); + + return UNIT_TEST_PASSED; +} + +UNIT_TEST_STATUS +EFIAPI +TestVerifyRsaOaepEncrypt ( + IN UNIT_TEST_CONTEXT Context + ) +{ + BOOLEAN Status; + UINT8PlaintextBuffer[4]; + UINT8*EncryptedBuffer; + UINTNEncryptedBufferSize; + VOID *RsaContext = NULL; + + // Create a file and add content '123' in it + PlaintextBuffer[0] = '1'; + PlaintextBuffer[1] = '2'; + PlaintextBuffer[2] = '3'; + PlaintextBuffer[3] = 0; + + RsaContext = RsaNew (); + UT_ASSERT_FALSE (RsaContext == NULL); + + Status = RsaSetKey (RsaContext, RsaKeyN, RsaN, sizeof (RsaN)); + UT_ASSERT_TRUE (Status); + + Status = RsaSetKey (RsaContext, RsaKeyE, RsaE, sizeof (RsaE)); + UT_ASSERT_TRUE (Status); + + Status = RsaOaepEncrypt ( + RsaContext, + PlaintextBuffer, + sizeof (PlaintextBuffer), + NULL, + 0, + , + + ); + UT_ASSERT_TRUE (Status); + + return UNIT_TEST_PASSED; +} +
[edk2-devel] [PATCH 2/3] CryptoPkg/Driver: add additional RSAEP-OAEP crypto functions
From: Chris Ruffin Add new library members to CryptoPkg/Driver. Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Driver/Crypto.c | 116 +- .../Pcd/PcdCryptoServiceFamilyEnable.h| 3 + .../BaseCryptLibOnProtocolPpi/CryptLib.c | 100 +++ CryptoPkg/Private/Protocol/Crypto.h | 97 ++- 4 files changed, 314 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index bdbb4863a9..3bfce16fa6 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3589,6 +3589,117 @@ CryptoServicePkcs1v2Encrypt ( return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Encrypt, Pkcs1v2Encrypt, (PublicKey, PublicKeySize, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize), FALSE); } +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size +and hash digest size). + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a public key using RsaSetKey(). + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed[Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize[Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +CryptoServiceRsaOaepEncrypt ( + IN VOID *RsaContext, + IN UINT8*InData, + IN UINTNInDataSize, + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTNPrngSeedSize OPTIONAL, + OUT UINT8**EncryptedData, + OUT UINTN*EncryptedDataSize + ) +{ + return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepEncrypt, RsaOaepEncrypt, (RsaContext, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, EncryptedDataSize), FALSE); +} + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] PrivateKey A pointer to the DER-encoded private key. + @param[in] PrivateKeySize Size of the private key buffer. + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +CryptoServicePkcs1v2Decrypt ( + IN CONST UINT8 *PrivateKey, + IN UINTNPrivateKeySize, + IN UINT8*EncryptedData, + IN UINTNEncryptedDataSize, + OUT UINT8**OutData, + OUT UINTN*OutDataSize + ) +{ + return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Decrypt, Pkcs1v2Decrypt, (PrivateKey, PrivateKeySize, EncryptedData, EncryptedDataSize, OutData, OutDataSize), FALSE); +} + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a private key using RsaSetKey(). + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval
[edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions
From: Chris Ruffin Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib. Applications using RSA crypto functions directly from OpensslLib can transition to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe. Pkcs1v2Decrypt(): decryption using DER-encoded private key RsaOaepEncrypt(): encryption using RSA contexts RsaOaepDecrypt(): decryption using RSA contexts Signed-off-by: Chris Ruffin Cc: Jiewen Yao Cc: Yi Li Cc: Wenxing Hou --- CryptoPkg/Include/Library/BaseCryptLib.h | 102 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 506 -- .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 114 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c | 114 4 files changed, 789 insertions(+), 47 deletions(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index a52bd91ad6..7ad2bf21fe 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt ( OUT UINTN*EncryptedDataSize ); +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size +and hash digest size). + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a public key using RsaSetKey(). + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed[Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize[Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +RsaOaepEncrypt ( + IN VOID *RsaContext, + IN UINT8*InData, + IN UINTNInDataSize, + IN CONST UINT8 *PrngSeed OPTIONAL, + IN UINTNPrngSeedSize OPTIONAL, + OUT UINT8**EncryptedData, + OUT UINTN*EncryptedDataSize + ); + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] PrivateKey A pointer to the DER-encoded private key. + @param[in] PrivateKeySize Size of the private key buffer. + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +Pkcs1v2Decrypt ( + IN CONST UINT8 *PrivateKey, + IN UINTNPrivateKeySize, + IN UINT8*EncryptedData, + IN UINTNEncryptedDataSize, + OUT UINT8**OutData, + OUT UINTN*OutDataSize + ); + +/** + Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + decrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - Fail to parse private key. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + + @param[in] RsaContext A pointer to an RSA context created by RsaNew() and + provisioned with a private key using RsaSetKey(). + @param[in] EncryptedData Data to be decrypted. + @param[in] EncryptedDataSize Size of the encrypted buffer. + @param[out] OutData Pointer to an allocated buffer containing the encrypted + message. + @param[out] OutDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +RsaOaepDecrypt ( + IN
Re: [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver
On Thu, Mar 14, 2024 at 12:28 PM Yao, Jiewen wrote: > Question: What is the value to provide an *empty* HSTI table? > > IMHO, If the goal is to perform some security check, I think we need > provide a *real* HSTI table. > HSTI is very vendor-specific and depends on features that a vendor supports. Looking at the HSTI spec a lot of the bits don't make sense for virtual machines. Some feature depends on hardware configuration and this check is a dummy in a virtual environment. So, the main goal is to pass Microsoft SVVP with OVMF+QEMU. Best Regards, Konstantin Kostiuk. > > Thank you > Yao, Jiewen > > > -Original Message- > > From: Konstantin Kostiuk > > Sent: Thursday, March 14, 2024 6:25 PM > > To: devel@edk2.groups.io > > Cc: Yan Vugenfirer ; Ard Biesheuvel > > ; Yao, Jiewen ; Gerd > > Hoffmann > > Subject: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver > > > > The driver provides empty HSTI table. > > > > Signed-off-by: Konstantin Kostiuk > > --- > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 + > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 > > 2 files changed, 139 insertions(+) > > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > new file mode 100644 > > index 00..b9ed189f33 > > --- /dev/null > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > @@ -0,0 +1,75 @@ > > +/** @file > > > > + This file contains DXE driver for publishing empty HSTI table > > > > + > > > > +Copyright (c) 2017, Intel Corporation. All rights reserved. > > > > +Copyright (c) 2024, Red Hat. Inc > > > > + > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1" > > > > +#define HSTI_SECURITY_FEATURE_SIZE 1 > > > > + > > > > +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase = { > > > > + PLATFORM_SECURITY_VERSION_VNEXTCS, > > > > + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE, > > > > + { HSTI_PLATFORM_NAME }, > > > > + HSTI_SECURITY_FEATURE_SIZE, > > > > +}; > > > > + > > > > +/** > > > > + The driver's entry point. > > > > + > > > > + @param[in] ImageHandle The firmware allocated handle for the EFI > image. > > > > + @param[in] SystemTable A pointer to the EFI System Table. > > > > + > > > > + @retval EFI_SUCCESS The entry point is executed successfully. > > > > + @retval other Some error occurs when executing this entry > point. > > > > +**/ > > > > +EFI_STATUS > > > > +EFIAPI > > > > +VirtHstiDxeEntrypoint ( > > > > + IN EFI_HANDLEImageHandle, > > > > + IN EFI_SYSTEM_TABLE *SystemTable > > > > + ) > > > > +{ > > > > + EFI_STATUS Status; > > > > + > > > > + // Allocate memory for HSTI struct > > > > + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays > > > > + // UINT8 SecurityFeaturesRequired[]; > > > > + // UINT8 SecurityFeaturesImplemented[]; > > > > + // UINT8 SecurityFeaturesVerified[]; > > > > + // sizeof (CHAR16) is for the NULL terminator of ErrorString > > > > + // CHAR16 ErrorString[] > > > > + UINTN HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) + > > > > +3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE + > > > > +sizeof (CHAR16); > > > > + VOID *HstiStruct = AllocateZeroPool (HstiSize); > > > > + > > > > + if (HstiStruct == NULL) { > > > > +return EFI_OUT_OF_RESOURCES; > > > > + } > > > > + > > > > + CopyMem (HstiStruct, , sizeof > > (ADAPTER_INFO_PLATFORM_SECURITY)); > > > > + > > > > + Status = HstiLibSetTable (HstiStruct, HstiSize); > > > > + if (EFI_ERROR (Status)) { > > > > +if (Status != EFI_ALREADY_STARTED) { > > > > + ASSERT_EFI_ERROR (Status); > > > > +} > > > > + } > > > > + > > > > + return EFI_SUCCESS; > > > > +} > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > new file mode 100644 > > index 00..270aa60026 > > --- /dev/null > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > @@ -0,0 +1,64 @@ > > +## @file > > > > +# Component description file for Virt Hsti Driver > > > > +# > > > > +# Copyright (c) 2017, Intel Corporation. All rights reserved. > > > > +# Copyright (c) Microsoft Corporation. > > > > +# Copyright (c) 2024, Red Hat. Inc > > > > +# > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +# > > > > +## > > > > + > > > > +[Defines] > > > > + INF_VERSION= 0x00010005 > > > > + BASE_NAME = VirtHstiDxe > > > > + FILE_GUID = 60740CF3-D428-4500-80E6-04A5798241ED > > > > + MODULE_TYPE= DXE_DRIVER > > > > +
[edk2-devel] [PATCH 2/2] OvmfPkg: Add VirtHstiDxe to OVMF firmware build
Signed-off-by: Konstantin Kostiuk --- OvmfPkg/OvmfPkgIa32.dsc| 2 ++ OvmfPkg/OvmfPkgIa32.fdf| 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.fdf | 1 + 6 files changed, 9 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 28379961a7..371c0b63fe 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -188,6 +188,7 @@ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf + HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -830,6 +831,7 @@ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf # # ISA Support diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 501b4de469..3fdf4c807f 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -325,6 +325,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf +INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf !if $(SMM_REQUIRE) == TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 5e9eee628a..46fb925025 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -193,6 +193,7 @@ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf + HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -844,6 +845,7 @@ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf # # ISA Support diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 74cfb58f06..8f01f9b06a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -332,6 +332,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf +INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf !if $(SMM_REQUIRE) == TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index bf4c7906c4..cbdc07fc4d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -205,6 +205,7 @@ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf + HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf @@ -912,6 +913,7 @@ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf # # ISA Support diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index f47ab1727e..206739a029 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -359,6 +359,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf +INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf !if $(SMM_REQUIRE) == TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116859): https://edk2.groups.io/g/devel/message/116859 Mute This Topic: https://groups.io/mt/105014745/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver
The driver provides empty HSTI table. Signed-off-by: Konstantin Kostiuk --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 2 files changed, 139 insertions(+) create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c new file mode 100644 index 00..b9ed189f33 --- /dev/null +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c @@ -0,0 +1,75 @@ +/** @file + This file contains DXE driver for publishing empty HSTI table + +Copyright (c) 2017, Intel Corporation. All rights reserved. +Copyright (c) 2024, Red Hat. Inc + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1" +#define HSTI_SECURITY_FEATURE_SIZE 1 + +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase = { + PLATFORM_SECURITY_VERSION_VNEXTCS, + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE, + { HSTI_PLATFORM_NAME }, + HSTI_SECURITY_FEATURE_SIZE, +}; + +/** + The driver's entry point. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. +**/ +EFI_STATUS +EFIAPI +VirtHstiDxeEntrypoint ( + IN EFI_HANDLEImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // Allocate memory for HSTI struct + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays + // UINT8 SecurityFeaturesRequired[]; + // UINT8 SecurityFeaturesImplemented[]; + // UINT8 SecurityFeaturesVerified[]; + // sizeof (CHAR16) is for the NULL terminator of ErrorString + // CHAR16 ErrorString[] + UINTN HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) + +3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE + +sizeof (CHAR16); + VOID *HstiStruct = AllocateZeroPool (HstiSize); + + if (HstiStruct == NULL) { +return EFI_OUT_OF_RESOURCES; + } + + CopyMem (HstiStruct, , sizeof (ADAPTER_INFO_PLATFORM_SECURITY)); + + Status = HstiLibSetTable (HstiStruct, HstiSize); + if (EFI_ERROR (Status)) { +if (Status != EFI_ALREADY_STARTED) { + ASSERT_EFI_ERROR (Status); +} + } + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf new file mode 100644 index 00..270aa60026 --- /dev/null +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf @@ -0,0 +1,64 @@ +## @file +# Component description file for Virt Hsti Driver +# +# Copyright (c) 2017, Intel Corporation. All rights reserved. +# Copyright (c) Microsoft Corporation. +# Copyright (c) 2024, Red Hat. Inc +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = VirtHstiDxe + FILE_GUID = 60740CF3-D428-4500-80E6-04A5798241ED + MODULE_TYPE= DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT= VirtHstiDxeEntrypoint + + +# +# Sources Section - list of files that are required for the build to succeed. +# + + +[Sources] + VirtHstiDxe.c + + +# +# Package Dependency Section - list of Package files that are required for +# this module. +# + + +[Packages] + MdePkg/MdePkg.dec + + +# +# Library Class Section - list of Library Classes that are required for +# this module. +# + + +[LibraryClasses] + UefiDriverEntryPoint + UefiLib + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + HstiLib + UefiBootServicesTableLib + + +# +# Protocol C Name Section - list of Protocol and Protocol Notify C Names +# that this module uses or produces. +# + + +[Depex] + TRUE -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group.
[edk2-devel] [PATCH 0/2] OvmfPkg: Implement minimal HSTI driver
Resolve: https://issues.redhat.com/browse/RHEL-28751 HSTI (Hardware Security Test Interface) table is a requiremnt for ont test [1] from Microsoft Server Virtualization Validation Program. HSTI is a UEFI driver that provides a way to query the platform for the presence of security features. Current implementation does not have any security checks. [1] https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/13292c6c-a807-4916-80ac-fea6de9af552 Konstantin Kostiuk (2): OvmfPkg: Add VirtHstiDxe driver OvmfPkg: Add VirtHstiDxe to OVMF firmware build OvmfPkg/OvmfPkgIa32.dsc | 2 + OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/OvmfPkgX64.fdf | 1 + OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 8 files changed, 148 insertions(+) create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116857): https://edk2.groups.io/g/devel/message/116857 Mute This Topic: https://groups.io/mt/105014742/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] NanhuDev:Add BOSC NanhuDev platform
Add Leif and Michael to cc list Hi Sunil, On 2024/3/14 13:28, Sunil V L wrote: Hi Ran, On Mon, Mar 11, 2024 at 12:29:53PM +0800, Ran Wang wrote: Hi Sunil, On 2024/3/8 19:44, Sunil V L wrote: On Fri, Mar 08, 2024 at 12:31:26AM -0800, WangYang wrote: Hi,Sunil V L How about this status. -原始邮件- 发件人: WangYang 发送时间: 2024-02-28 14:34:11 (星期三) 收件人: devel@edk2.groups.io, suni...@ventanamicro.com 抄送: "Yang Wang" , "Ran Wang" , "YunFeng Yang" , "YaXing Guo" , "Bamvor Jian ZHANG" 主题: [edk2-devel] [PATCH] NanhuDev:Add BOSC NanhuDev platform This commit adds the initial support for BOSC's nanhu platform which provides up to 2 RISC-V RV64 processor cores. Somehow I missed this when you sent first. What do you mean by "initial support" here? The "initial" means so far we only support minimal system (CPU + UART), will integrate more periphrals in the future. Okay. Can you boot an OS with this minimal support? Why not add full support itself? Since the structure needs to be reviewed, it would be better to have complete picture IMO. Currently we could boot Linux kernel image which is integraed as a FV (declared in *.fdf, but not inclued in this patch). I guess this solution cannot be accepted by upstream, right?. Or we could also add an PCIE controller driver patch to load kernel from NVME card. Regards, Ran Looks like you are following old integrated opensbi approach. If so, I recommend you to look at payload design. You can see Sophgo board as reference. Thanks for advices, so we need to rebase our work on Silicon/Sophgo/SG2042Pkg/Sec/Sec* rather than RISC-V/PlatformPkg/Universal/Sec/Riscv64/Sec*, right? Yes. It is better to use edk2 as a payload for opensbi. Also, please remember to CC all maintainers as per Maintainers.txt. Does the "all maintainers" mean all mentioned in Maintainers.txt, or just RISC-V related? You need to copy the overall maintainers for edk2-platforms repo (Mike and Leif). They need to approve the structure for your platforms. Then you can copy RISC-V maintainers. Add one patch to update the maintainers for your platform as well. Thanks, Sunil -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116856): https://edk2.groups.io/g/devel/message/116856 Mute This Topic: https://groups.io/mt/104619268/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V1] MdePkg: Update GetImage , GetImageInfo description details
Hi Mike , I had raised new code review addressing the coding standard errors and those were not part of my change any way .. Thanks, P. Madhan -Original Message- From: Kinney, Michael D Sent: Sunday, March 10, 2024 1:47 AM To: devel@edk2.groups.io; Pethaiyan, Madhan Cc: Liming Gao ; Liu, Zhiguang ; Li, Yi1 ; GuoX Xu ; Kinney, Michael D Subject: RE: [edk2-devel] [PATCH V1] MdePkg: Update GetImage , GetImageInfo description details Hi Madhan, I created a PR with all 3 related patches to run through EDK II CI. https://github.com/tianocore/edk2/pull/5453 There are CI failures. Please resolve and send updated patches. Thanks, Mike > -Original Message- > From: devel@edk2.groups.io On Behalf Of > Pethaiyan Madhan > Sent: Friday, March 8, 2024 3:17 PM > To: devel@edk2.groups.io > Cc: Pethaiyan, Madhan ; Kinney, Michael D > ; Liming Gao ; > Liu, Zhiguang ; Li, Yi1 ; > GuoX Xu > Subject: [edk2-devel] [PATCH V1] MdePkg: Update GetImage , > GetImageInfo description details > > 1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage(): > Add the following sentence at the end of the Image parameter > description. "May be NULL with a zero ImageSize in order to determine > the size of the buffer needed". > > Modify the description of "EFI_INVALID_PARAMETER" return code as "The > ImageSize is not too small and Image is NULL." > > 2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo(): > Add the following sentence at the end of the ImageInfo parameter > description."May be NULL with a zero ImageInfoSize in order to > determine the size of the buffer needed". > > Modify the description of "EFI_INVALID_PARAMETER" return code as "The > ImageInfoSize is not too small and Image is NULL." and add new > descriptions for "EFI_INVALID_PARAMETER" return code. > > REF: UEFI spec v2.10 23.1.2 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660 > > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Yi Li > Cc: GuoX Xu > Signed-off-by: Pethaiyan Madhan > --- > MdePkg/Include/Protocol/FirmwareManagement.h | 14 -- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/MdePkg/Include/Protocol/FirmwareManagement.h > b/MdePkg/Include/Protocol/FirmwareManagement.h > index e535bb697d..90b7d83c8f 100644 > --- a/MdePkg/Include/Protocol/FirmwareManagement.h > +++ b/MdePkg/Include/Protocol/FirmwareManagement.h > @@ -294,6 +294,8 @@ EFI_STATUS > to contain the image(s) > information if the buffer was too small. >@param[in, out] ImageInfo A pointer to the buffer in which > firmware places the current image(s) > information. The information is > an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs. > + May be NULL with a zero > ImageInfoSize in order to determine the size of the > + buffer needed. >@param[out] DescriptorVersion A pointer to the location in > which firmware returns the version number > associated with the > EFI_FIRMWARE_IMAGE_DESCRIPTOR. >@param[out] DescriptorCountA pointer to the location in > which firmware returns the number of > @@ -314,7 +316,12 @@ EFI_STATUS >@retval EFI_SUCCESSThe device was successfully > updated with the new image. >@retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too > small. The current buffer size > needed to hold the image(s) > information is returned in ImageInfoSize. > - @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. > + @retval EFI_INVALID_PARAMETER ImageInfoSize is not too small > and ImageInfo is NULL. > + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and > DescriptorVersion is NULL. > + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and > DescriptorCount is NULL. > + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and > DescriptorSize is NULL. > + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and > PackageVersion is NULL. > + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and > PackageVersionName is NULL. >@retval EFI_DEVICE_ERROR Valid information could not be > returned. Possible corrupted image. > > **/ > @@ -341,6 +348,9 @@ EFI_STATUS >@param[in] ImageIndex A unique number identifying the > firmware image(s) within the device. > The number is between 1 and > DescriptorCount. >@param[out] Image Points to the buffer where the > current image is copied to. > + May be NULL with a zero ImageSize in > order to determine the size of the > + buffer needed. > + >@param[in, out] ImageSize On entry, points to the size of the > buffer pointed to by Image, in bytes. >
[edk2-devel] [PATCH V1 1/3] FmpDevicePkg: GetImageInfo Add missing conditions
1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage(): Add the following sentence at the end of the Image parameter description. "May be NULL with a zero ImageSize in order to determine the size of the buffer needed". Modify the description of "EFI_INVALID_PARAMETER" return code as "The ImageSize is not too small and Image is NULL." 2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo(): Add the following sentence at the end of the ImageInfo parameter description."May be NULL with a zero ImageInfoSize in order to determine the size of the buffer needed". Modify the description of "EFI_INVALID_PARAMETER" return code as "The ImageInfoSize is not too small and Image is NULL." and add new descriptions for "EFI_INVALID_PARAMETER" return code. REF: UEFI spec v2.10 23.1.2 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660 Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Yi Li Cc: GuoX Xu Signed-off-by: Pethaiyan Madhan --- FmpDevicePkg/FmpDxe/FmpDxe.c | 52 +--- FmpDevicePkg/FmpDxe/FmpDxe.h | 15 --- 2 files changed, 43 insertions(+), 24 deletions(-) diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.c b/FmpDevicePkg/FmpDxe/FmpDxe.c index 1e7ec4a09e..4111b7cb8e 100644 --- a/FmpDevicePkg/FmpDxe/FmpDxe.c +++ b/FmpDevicePkg/FmpDxe/FmpDxe.c @@ -43,20 +43,20 @@ const FIRMWARE_MANAGEMENT_PRIVATE_DATA mFirmwareManagementPrivateDataTemplate = FIRMWARE_MANAGEMENT_PRIVATE_DATA_SIGNATURE, // Signature NULL, // Handle {// Fmp -GetTheImageInfo, +GetImageInfo, GetTheImage, SetTheImage, CheckTheImage, GetPackageInfo, SetPackageInfo }, - FALSE,// DescriptorPopulated - { // Desc -1, // ImageIndex + FALSE, // DescriptorPopulated + {// Desc +1, // ImageIndex // // ImageTypeId // -{ 0x, 0x,0x, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } +{ 0x, 0x,0x, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, 1, // ImageId NULL, // ImageIdName @@ -71,18 +71,18 @@ const FIRMWARE_MANAGEMENT_PRIVATE_DATA mFirmwareManagementPrivateDataTemplate = 0, // LastAttemptStatus 0 // HardwareInstance }, - NULL, // ImageIdName - NULL, // VersionName - TRUE, // RuntimeVersionSupported - NULL, // FmpDeviceLockEvent - FALSE,// FmpDeviceLocked - NULL, // FmpDeviceContext - NULL, // VersionVariableName - NULL, // LsvVariableName - NULL, // LastAttemptStatusVariableName - NULL, // LastAttemptVersionVariableName - NULL, // FmpStateVariableName - TRUE // DependenciesSatisfied + NULL,// ImageIdName + NULL,// VersionName + TRUE,// RuntimeVersionSupported + NULL,// FmpDeviceLockEvent + FALSE, // FmpDeviceLocked + NULL,// FmpDeviceContext + NULL,// VersionVariableName + NULL,// LsvVariableName + NULL,// LastAttemptStatusVariableName + NULL,// LastAttemptVersionVariableName + NULL,// FmpStateVariableName + TRUE // DependenciesSatisfied }; /// @@ -417,6 +417,8 @@ PopulateDescriptor ( to contain the image(s) information if the buffer was too small. @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s) information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs. + May be NULL with a zero ImageInfoSize in order to determine the size of the + buffer needed. @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR. @param[out] DescriptorCountA pointer to the location in which firmware returns the number of @@ -437,13 +439,18 @@ PopulateDescriptor ( @retval EFI_SUCCESSThe device was successfully updated with the new image. @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size needed to hold the image(s) information is returned in ImageInfoSize. - @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is not too small and ImageInfo is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorVersion is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorCount is NULL. + @retval EFI_INVALID_PARAMETER
[edk2-devel] [PATCH V1 3/3] SignedCapsulePkg: Update GetImage and GetImageInfo description details
1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage(): Add the following sentence at the end of the Image parameter description. "May be NULL with a zero ImageSize in order to determine the size of the buffer needed". Modify the description of "EFI_INVALID_PARAMETER" return code as "The ImageSize is not too small and Image is NULL." 2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo(): Add the following sentence at the end of the ImageInfo parameter description."May be NULL with a zero ImageInfoSize in order to determine the size of the buffer needed". Modify the description of "EFI_INVALID_PARAMETER" return code as "The ImageInfoSize is not too small and Image is NULL." and add new descriptions for "EFI_INVALID_PARAMETER" return code. REF: UEFI spec v2.10 23.1.2 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660 Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Yi Li Cc: GuoX Xu Signed-off-by: Pethaiyan Madhan --- .../SystemFirmwareUpdate/SystemFirmwareCommonDxe.c | 13 +++-- .../SystemFirmwareUpdate/SystemFirmwareDxe.h| 13 +++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c index 077bd0cb31..6e394d85d4 100644 --- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c +++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c @@ -34,6 +34,8 @@ EFI_FIRMWARE_MANAGEMENT_PROTOCOL mFirmwareManagementProtocol = { to contain the image(s) information if the buffer was too small. @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s) information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs. + May be NULL with a zero ImageInfoSize in order to determine the size of the + buffer needed. @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR. @param[out] DescriptorCountA pointer to the location in which firmware returns the number of @@ -54,7 +56,12 @@ EFI_FIRMWARE_MANAGEMENT_PROTOCOL mFirmwareManagementProtocol = { @retval EFI_SUCCESSThe device was successfully updated with the new image. @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size needed to hold the image(s) information is returned in ImageInfoSize. - @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is not too small and ImageInfo is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorVersion is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorCount is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorSize is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and PackageVersion is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and PackageVersionName is NULL. @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image. **/ @@ -153,6 +160,8 @@ FmpGetImageInfo ( @param[in] ImageIndex A unique number identifying the firmware image(s) within the device. The number is between 1 and DescriptorCount. @param[in,out] Image Points to the buffer where the current image is copied to. + May be NULL with a zero ImageSize in order to determine the size of the + buffer needed. @param[in,out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes. On return, points to the length of the image, in bytes. @@ -160,7 +169,7 @@ FmpGetImageInfo ( @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the image. The current buffer size needed to hold the image is returned in ImageSize. - @retval EFI_INVALID_PARAMETER The Image was NULL. + @retval EFI_INVALID_PARAMETER The ImageSize is not too small and Image is NULL @retval EFI_NOT_FOUND The current image is not copied to the buffer. @retval EFI_UNSUPPORTEDThe operation is not supported. @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure. diff --git a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareDxe.h
[edk2-devel] [PATCH V1 2/3] MdePkg: Update GetImage , GetImageInfo description details
1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage(): Add the following sentence at the end of the Image parameter description. "May be NULL with a zero ImageSize in order to determine the size of the buffer needed". Modify the description of "EFI_INVALID_PARAMETER" return code as "The ImageSize is not too small and Image is NULL." 2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo(): Add the following sentence at the end of the ImageInfo parameter description."May be NULL with a zero ImageInfoSize in order to determine the size of the buffer needed". Modify the description of "EFI_INVALID_PARAMETER" return code as "The ImageInfoSize is not too small and Image is NULL." and add new descriptions for "EFI_INVALID_PARAMETER" return code. REF: UEFI spec v2.10 23.1.2 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660 Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Yi Li Cc: GuoX Xu Signed-off-by: Pethaiyan Madhan --- MdePkg/Include/Protocol/FirmwareManagement.h | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/MdePkg/Include/Protocol/FirmwareManagement.h b/MdePkg/Include/Protocol/FirmwareManagement.h index e535bb697d..90b7d83c8f 100644 --- a/MdePkg/Include/Protocol/FirmwareManagement.h +++ b/MdePkg/Include/Protocol/FirmwareManagement.h @@ -294,6 +294,8 @@ EFI_STATUS to contain the image(s) information if the buffer was too small. @param[in, out] ImageInfo A pointer to the buffer in which firmware places the current image(s) information. The information is an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs. + May be NULL with a zero ImageInfoSize in order to determine the size of the + buffer needed. @param[out] DescriptorVersion A pointer to the location in which firmware returns the version number associated with the EFI_FIRMWARE_IMAGE_DESCRIPTOR. @param[out] DescriptorCountA pointer to the location in which firmware returns the number of @@ -314,7 +316,12 @@ EFI_STATUS @retval EFI_SUCCESSThe device was successfully updated with the new image. @retval EFI_BUFFER_TOO_SMALL The ImageInfo buffer was too small. The current buffer size needed to hold the image(s) information is returned in ImageInfoSize. - @retval EFI_INVALID_PARAMETER ImageInfoSize is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is not too small and ImageInfo is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorVersion is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorCount is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and DescriptorSize is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and PackageVersion is NULL. + @retval EFI_INVALID_PARAMETER ImageInfoSize is non-zero and PackageVersionName is NULL. @retval EFI_DEVICE_ERROR Valid information could not be returned. Possible corrupted image. **/ @@ -341,6 +348,9 @@ EFI_STATUS @param[in] ImageIndex A unique number identifying the firmware image(s) within the device. The number is between 1 and DescriptorCount. @param[out] Image Points to the buffer where the current image is copied to. + May be NULL with a zero ImageSize in order to determine the size of the + buffer needed. + @param[in, out] ImageSize On entry, points to the size of the buffer pointed to by Image, in bytes. On return, points to the length of the image, in bytes. @@ -348,7 +358,7 @@ EFI_STATUS @retval EFI_BUFFER_TOO_SMALL The buffer specified by ImageSize is too small to hold the image. The current buffer size needed to hold the image is returned in ImageSize. - @retval EFI_INVALID_PARAMETER The Image was NULL. + @retval EFI_INVALID_PARAMETER The ImageSize is not too small and Image is NULL. @retval EFI_NOT_FOUND The current image is not copied to the buffer. @retval EFI_UNSUPPORTEDThe operation is not supported. @retval EFI_SECURITY_VIOLATION The operation could not be performed due to an authentication failure. -- 2.38.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116853): https://edk2.groups.io/g/devel/message/116853 Mute This Topic: https://groups.io/mt/105014730/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] Event: Tools, CI, Code base construction meeting series - Monday, March 18, 2024 #cal-reminder
*Reminder: Tools, CI, Code base construction meeting series* *When:* Monday, March 18, 2024 4:30pm to 5:30pm (UTC-07:00) America/Los Angeles *Where:* https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDI2ZDg4NmMtMjI1My00MzI5LWFmYjAtMGQyNjUzNTBjZGYw%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2223af6561-6e1c-450d-b917-d9d674eb3cb6%22%7d View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=2159775 ) *Description:* TianoCore community, Microsoft and Intel will be hosting a series of open meetings to discuss build, CI, tools, and other related topics. If you are interested, have ideas/opinions please join us. These meetings will be Monday 4:30pm Pacific Time on Microsoft Teams. MS Teams Link in following discussion: * https://github.com/tianocore/edk2/discussions/2614 Anyone is welcome to join. * tianocore/edk2: EDK II (github.com) * tianocore/edk2-basetools: EDK II BaseTools Python tools as a PIP module (github.com) https://github.com/tianocore/edk2-basetools * tianocore/edk2-pytool-extensions: Extensions to the edk2 build system allowing for a more robust and plugin based build system and tool execution environment (github.com) https://github.com/tianocore/edk2-pytool-extensions * tianocore/edk2-pytool-library: Python library package that supports UEFI development (github.com) https://github.com/tianocore/edk2-pytool-library MS Teams Browser Clients * https://docs.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116851): https://edk2.groups.io/g/devel/message/116851 Mute This Topic: https://groups.io/mt/104993555/21656 Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 6/6] uefi-sct/SctPkg: TCG2 Protocol: add SubmitCommand test
Looks good to me. For others' reference, the change has been already verified by running SystemReady SIE (Security Interface extension) tests on multiple SystemReady certified Arm systems. Reviewed-by: Sunny Wang -Original Message- From: devel@edk2.groups.io On Behalf Of Stuart Yoder via groups.io Sent: Tuesday, January 9, 2024 12:21 PM To: devel@edk2.groups.io; G Edhaya Chandran ; gao...@byosoft.com.cn Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer El-Haj-Mahmoud ; jiewen@intel.com Subject: [edk2-devel] [PATCH v2 6/6] uefi-sct/SctPkg: TCG2 Protocol: add SubmitCommand test From: Joseph Hemann Add test verifying the functionality of the SubmitCommand function using the TPM command TPM2_HASH_COMMAND. Signed-off-by: Joseph Hemann Signed-off-by: Stuart Yoder --- uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h | 5 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h | 71 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c | 2 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c | 173 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c | 9 + 5 files changed, 260 insertions(+) diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h index 746ff83f899c..044e549ce8f0 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h @@ -105,3 +105,8 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid015; { 0x126a789a, 0x1932, 0x3234, {0x21, 0xab, 0x42, 0x64, 0x8a, 0x7b, 0x63, 0x76 }} extern EFI_GUID gTcg2ConformanceTestAssertionGuid016; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_017_GUID \ +{ 0x3aac8b9a, 0x312a, 0x4dcf, {0x12, 0x76, 0x54, 0x55, 0x32, 0xcd, 0x3a, 0xea }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid017; diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h index 5ce275dc6258..f8880599f150 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h @@ -54,6 +54,64 @@ Abstract: #define PE_COFF_IMAGE 0x0010 +// ST_NO_SESSION as defined in Table 19 of TPM Library Part 2: Structures +#define ST_NO_SESSIONS (UINT16) 0x8001 + +// TPM_RC_SUCCESS as defined in Table 16 of TPM Library Spec Part 2: Structures +#define TPM_RC_SUCCESS (UINT32) 0x000 + +// TPM_CC_Hash as defined in Table 12 of TPM Library Spec Part 2: Structures +#define TPM_CC_Hash(UINT32)(0x017D) + +#define TPM_RH_NULL(UINT32) 0x4007 + +#define TPM_ALG_SHA256 (UINT16) 0x000B + +#define SHA256_LENGTH (UINT16) 0x0020 + +#pragma pack(1) +// TPM2B_MAX_BUFFER as defined in Table 86 of TPM Library Spec Part 2: Structures +// Size of buffer in spec is variable length, but hash test will always use a fixed length string +// of length 43 +#define TEST_STRING_LEN 43 +typedef struct { + UINT16 size; + UINT8 buffer[TEST_STRING_LEN]; +} TPM2B_MAX_BUFFER; + +#pragma pack(1) +// TPM2B_DIGEST as defined in Table 73 of TPM Library Spec Part 2: Structures +typedef struct { + UINT16 size; + UINT8 digest[32]; // Size of buffer in spec is defined to be variable length but for this test will always be 32 +} TPM2B_DIGEST; + +typedef struct { + UINT16 tag; + UINT32 hierarchy; + UINT16 digest; // Size of buffer in spec is defined to be variable length but for this test will always be UINT16 +} TPMT_TK_HASHCHECK; + +// TPM2_Hash command Structure as defined in Section 15.4 of TPM Spec Part 3: Commands +typedef struct { + UINT16 Tag; + UINT32 CommandSize; + UINT32 CommandCode; + TPM2B_MAX_BUFFER data; + UINT16 hashAlg; + UINT32 hierarchy; +} TPM2_HASH_COMMAND; + +// TPM2_Hash Response Structure as defined in Section 15.4 of TPM Spec Part 3: Commands +typedef struct { + UINT16 Tag; + UINT32 ResponseSize; + UINT32 ResponseCode; + TPM2B_DIGEST data; + TPMT_TK_HASHCHECK validation; +} TPM2_HASH_RESPONSE; +#pragma + EFI_STATUS EFIAPI BBTestTCG2ProtocolUnload ( @@ -120,6 +178,12 @@ BBTestGetEventLogConformanceTestCheckpoint2 ( IN EFI_TCG2_PROTOCOL *TCG2 ); +EFI_STATUS +BBTestSubmitCommandConformanceTestCheckpoint1 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + EFI_STATUS BBTestGetCapabilityConformanceTest ( IN EFI_BB_TEST_PROTOCOL *This,
Re: [edk2-devel] [PATCH v2 5/6] uefi-sct/SctPkg: TCG2 Protocol: add GetEventLog test
Looks good to me. For others' reference, the change has been already verified by running SystemReady SIE (Security Interface extension) tests on multiple SystemReady certified Arm systems. Reviewed-by: Sunny Wang -Original Message- From: devel@edk2.groups.io On Behalf Of Stuart Yoder via groups.io Sent: Tuesday, January 9, 2024 12:21 PM To: devel@edk2.groups.io; G Edhaya Chandran ; gao...@byosoft.com.cn Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer El-Haj-Mahmoud ; jiewen@intel.com Subject: [edk2-devel] [PATCH v2 5/6] uefi-sct/SctPkg: TCG2 Protocol: add GetEventLog test From: Joseph Hemann -add test for GetEventLog() -test for valid and invalid event log format -test event log header -verify expected event log entry Signed-off-by: Joseph Hemann Signed-off-by: Stuart Yoder --- uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h | 20 ++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h | 17 ++ uefi-sct/SctPkg/UEFI/Protocol/TCG2.h | 46 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c | 8 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c | 207 +++- 5 files changed, 297 insertions(+), 1 deletion(-) diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h index dcfd5919acda..746ff83f899c 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h @@ -85,3 +85,23 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid011; { 0x9cd6d636, 0x603a, 0x4b78, {0x80, 0xa3, 0xa3, 0xb9, 0xcc, 0x6a, 0x0b, 0x08 }} extern EFI_GUID gTcg2ConformanceTestAssertionGuid012; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_013_GUID \ +{ 0xfc80408e, 0x9a3c, 0x4054, {0x96, 0xf9, 0x31, 0x23, 0x35, 0xc2, 0x31, 0x35 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid013; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_014_GUID \ +{ 0x45fa1a42, 0x912a, 0x5124, {0x84, 0xf4, 0x41, 0x67, 0xab, 0xb5, 0x89, 0x90 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid014; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_015_GUID \ +{ 0x1689bc3a, 0x2298, 0xa116, {0x28, 0x4c, 0xc1, 0xdd, 0xaa, 0xd8, 0xef, 0x51 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid015; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_016_GUID \ +{ 0x126a789a, 0x1932, 0x3234, {0x21, 0xab, 0x42, 0x64, 0x8a, 0x7b, 0x63, 0x76 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid016; diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h index cbbadef4a5c7..5ce275dc6258 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h @@ -43,8 +43,13 @@ Abstract: #define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0103 \ {0x907a7878, 0xb294, 0xf147, {0xe9, 0x0a, 0x65, 0x43, 0xab, 0x55, 0x76, 0x46} } +#define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0104 \ + {0x9087ad78, 0x9ad2, 0x4172, {0x9a, 0xbc, 0x98, 0x23, 0x08, 0xf5, 0x6d, 0x26} } + #define EV_POST_CODE 0x01 +#define EV_NO_ACTION 0x03 + #define EFI_TCG2_EXTEND_ONLY 0x0001 #define PE_COFF_IMAGE 0x0010 @@ -103,6 +108,18 @@ BBTestHashLogExtendEventConformanceTestCheckpoint2 ( IN EFI_TCG2_PROTOCOL *TCG2 ); +EFI_STATUS +BBTestGetEventLogConformanceTestCheckpoint1 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + +EFI_STATUS +BBTestGetEventLogConformanceTestCheckpoint2 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + EFI_STATUS BBTestGetCapabilityConformanceTest ( IN EFI_BB_TEST_PROTOCOL *This, diff --git a/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h index e62ecd85cbe9..fd31204a9299 100644 --- a/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h +++ b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h @@ -50,6 +50,8 @@ Abstract: #define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x0002 +#define HASH_NUMBER 0x04 + typedef struct _EFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL; typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP; @@ -115,6 +117,50 @@ typedef struct tdEFI_TCG2_EVENT { UINT8 Event[]; } EFI_TCG2_EVENT; +typedef struct { + UINT16 hashAlg; + UINT8 digest[]; +} TPMT_HA; + +typedef struct tdTPML_DIGEST_VALUES { + UINT32 Count;// number of digests + TPMT_HA Digests[HASH_NUMBER];
Re: [edk2-devel] [PATCH v2 4/6] uefi-sct/SctPkg: TCG2 Protocol: add HashLogExtendEvent test
Looks good to me. For others' reference, the change has been already verified by running SystemReady SIE (Security Interface extension) tests on multiple SystemReady certified Arm systems. Reviewed-by: Sunny Wang -Original Message- From: devel@edk2.groups.io On Behalf Of Stuart Yoder via groups.io Sent: Tuesday, January 9, 2024 12:21 PM To: devel@edk2.groups.io; G Edhaya Chandran ; gao...@byosoft.com.cn Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer El-Haj-Mahmoud ; jiewen@intel.com Subject: [edk2-devel] [PATCH v2 4/6] uefi-sct/SctPkg: TCG2 Protocol: add HashLogExtendEvent test From: Joseph Hemann -add tests for HashLogExtendEvent() -tests with valid, invalid, and out of range parameters -do extend of data to PCR 16 Signed-off-by: Joseph Hemann Signed-off-by: Stuart Yoder --- uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h | 29 ++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h | 29 ++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c | 12 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c | 283 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c | 9 + 5 files changed, 362 insertions(+) diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h index d6797f5287f4..dcfd5919acda 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h @@ -56,3 +56,32 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid005; extern EFI_GUID gTcg2ConformanceTestAssertionGuid006; +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_007_GUID \ +{ 0xa8e1b5e6, 0xfc09, 0x461c, {0xb0, 0xe9, 0x2a, 0x49, 0xcd, 0x25, 0xc1, 0x24 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid007; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_008_GUID \ +{ 0x26f04a9b, 0x7b7a, 0x4f47, {0xbe, 0xa8, 0xb1, 0xa6, 0x02, 0x65, 0x19, 0x8a }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid008; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_009_GUID \ +{ 0x4d1d9985, 0x91e2, 0x4948, {0x89, 0x16, 0xbb, 0x98, 0x13, 0x62, 0x39, 0x1d }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid009; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_010_GUID \ +{ 0xfb59cab7, 0x4f8c, 0x4ded, {0xa4, 0x1c, 0xc8, 0x41, 0x20, 0x1c, 0x37, 0x22 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid010; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_011_GUID \ +{ 0x0363d22f, 0xc66a, 0x4872, {0xa5, 0x46, 0x06, 0x7f, 0x6a, 0x0d, 0xdb, 0xcd }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid011; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_012_GUID \ +{ 0x9cd6d636, 0x603a, 0x4b78, {0x80, 0xa3, 0xa3, 0xb9, 0xcc, 0x6a, 0x0b, 0x08 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid012; diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h index 80c02d9ed2d2..cbbadef4a5c7 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h @@ -40,6 +40,15 @@ Abstract: #define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0102 \ {0x847f1ae0, 0xb429, 0x49f1, {0x9e, 0x0c, 0x8f, 0x43, 0xfb, 0x55, 0x34, 0x54} } +#define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0103 \ + {0x907a7878, 0xb294, 0xf147, {0xe9, 0x0a, 0x65, 0x43, 0xab, 0x55, 0x76, 0x46} } + +#define EV_POST_CODE 0x01 + +#define EFI_TCG2_EXTEND_ONLY 0x0001 + +#define PE_COFF_IMAGE 0x0010 + EFI_STATUS EFIAPI BBTestTCG2ProtocolUnload ( @@ -82,6 +91,18 @@ BBTestGetActivePcrBanksConformanceTestCheckpoint2 ( IN EFI_TCG2_PROTOCOL *TCG2 ); +EFI_STATUS +BBTestHashLogExtendEventConformanceTestCheckpoint1 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + +EFI_STATUS +BBTestHashLogExtendEventConformanceTestCheckpoint2 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + EFI_STATUS BBTestGetCapabilityConformanceTest ( IN EFI_BB_TEST_PROTOCOL *This, @@ -98,3 +119,11 @@ BBTestGetActivePcrBanksConformanceTest ( IN EFI_HANDLE SupportHandle ); +EFI_STATUS +BBTestHashLogExtendEventConformanceTest ( + IN EFI_BB_TEST_PROTOCOL *This, + IN VOID *ClientInterface, + IN EFI_TEST_LEVEL TestLevel, + IN EFI_HANDLE SupportHandle + ); + diff --git
Re: [edk2-devel] [PATCH v2 3/6] uefi-sct/SctPkg: TCG2 Protocol: add GetActivePcrBanks test
Looks good to me. For others' reference, the change has been already verified by running SystemReady SIE (Security Interface extension) tests on multiple SystemReady certified Arm systems. Reviewed-by: Sunny Wang -Original Message- From: devel@edk2.groups.io On Behalf Of Stuart Yoder via groups.io Sent: Tuesday, January 9, 2024 12:21 PM To: devel@edk2.groups.io; G Edhaya Chandran ; gao...@byosoft.com.cn Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer El-Haj-Mahmoud ; jiewen@intel.com Subject: [edk2-devel] [PATCH v2 3/6] uefi-sct/SctPkg: TCG2 Protocol: add GetActivePcrBanks test From: Joseph Hemann -add test for GetActivePcrBanks() -checkpoint for NULL pointer passed for buffer -checkpoint for test of function with proper input Signed-off-by: Joseph Hemann Signed-off-by: Stuart Yoder --- uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h | 11 ++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h | 23 +++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c | 4 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c | 159 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c | 9 ++ 5 files changed, 206 insertions(+) diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h index 50b14272939f..d6797f5287f4 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h @@ -45,3 +45,14 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid003; { 0x8ddb031b, 0x7448, 0x40ee, {0xb1, 0xa2, 0xe6, 0xf8, 0xe8, 0xc4, 0xe5, 0x5f }} extern EFI_GUID gTcg2ConformanceTestAssertionGuid004; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_005_GUID \ +{ 0x7a1e79a3, 0x4064, 0x4372, {0xbb, 0x64, 0x55, 0xb8, 0xf2, 0xa5, 0xa3, 0x26 }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid005; + +#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_006_GUID \ +{ 0xb0e717c4, 0xb1e2, 0x49f7, {0xb2, 0xd7, 0x60, 0x58, 0x97, 0x7d, 0x09, 0x2c }} + +extern EFI_GUID gTcg2ConformanceTestAssertionGuid006; + diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h index a7ce2db322d9..80c02d9ed2d2 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h @@ -37,6 +37,9 @@ Abstract: #define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0101 \ {0x39ff9c71, 0x4b41, 0x4e5b, {0xae, 0xd7, 0x87, 0xc7, 0x94, 0x18, 0x7d, 0x67} } +#define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0102 \ + {0x847f1ae0, 0xb429, 0x49f1, {0x9e, 0x0c, 0x8f, 0x43, 0xfb, 0x55, 0x34, 0x54} } + EFI_STATUS EFIAPI BBTestTCG2ProtocolUnload ( @@ -67,6 +70,18 @@ BBTestGetCapabilityConformanceTestCheckpoint4 ( IN EFI_TCG2_PROTOCOL *TCG2 ); +EFI_STATUS +BBTestGetActivePcrBanksConformanceTestCheckpoint1 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + +EFI_STATUS +BBTestGetActivePcrBanksConformanceTestCheckpoint2 ( + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib, + IN EFI_TCG2_PROTOCOL *TCG2 + ); + EFI_STATUS BBTestGetCapabilityConformanceTest ( IN EFI_BB_TEST_PROTOCOL *This, @@ -75,3 +90,11 @@ BBTestGetCapabilityConformanceTest ( IN EFI_HANDLE SupportHandle ); +EFI_STATUS +BBTestGetActivePcrBanksConformanceTest ( + IN EFI_BB_TEST_PROTOCOL *This, + IN VOID *ClientInterface, + IN EFI_TEST_LEVEL TestLevel, + IN EFI_HANDLE SupportHandle + ); + diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c index 3e75ffdc0a60..0dc2cfddfcbf 100644 --- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c @@ -35,3 +35,7 @@ EFI_GUID gTcg2ConformanceTestAssertionGuid002 = EFI_TEST_TCG2CONFORMANCE_ASSERTI EFI_GUID gTcg2ConformanceTestAssertionGuid003 = EFI_TEST_TCG2CONFORMANCE_ASSERTION_003_GUID; EFI_GUID gTcg2ConformanceTestAssertionGuid004 = EFI_TEST_TCG2CONFORMANCE_ASSERTION_004_GUID; + +EFI_GUID gTcg2ConformanceTestAssertionGuid005 = EFI_TEST_TCG2CONFORMANCE_ASSERTION_005_GUID; + +EFI_GUID gTcg2ConformanceTestAssertionGuid006 = EFI_TEST_TCG2CONFORMANCE_ASSERTION_006_GUID; diff --git
Re: [edk2-devel] [PATCH v2 2/6] uefi-sct/SctPkg: TCG2 Protocol: add test infrastructure and GetCapability Test
Looks good to me. For others' reference, the change has been already verified by running SystemReady SIE (Security Interface extension) tests on multiple SystemReady certified Arm systems. Reviewed-by: Sunny Wang -Original Message- From: devel@edk2.groups.io On Behalf Of Stuart Yoder via groups.io Sent: Tuesday, January 9, 2024 12:21 PM To: devel@edk2.groups.io; G Edhaya Chandran ; gao...@byosoft.com.cn Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer El-Haj-Mahmoud ; jiewen@intel.com Subject: [edk2-devel] [PATCH v2 2/6] uefi-sct/SctPkg: TCG2 Protocol: add test infrastructure and GetCapability Test From: Joseph Hemann -implement initial infrastructure for the TCG2 protocol test including updates to .dsc file, inf file, GUID source files, update to Category.ini. -add test case for GetCapability(), as defined in the TCG EFI Protocol Spec 6.4.4. -add checkpoint for NULL pointer passed for buffer -add checkpoint for validating fields of the struct returned by GetCapability() Signed-off-by: Joseph Hemann Signed-off-by: Stuart Yoder --- uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc | 1 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf | 51 +++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h | 47 +++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h | 77 + uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c | 37 ++ uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c | 361 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c | 102 ++ uefi-sct/SctPkg/CommonGenFramework.sh | 1 + uefi-sct/SctPkg/Config/Data/Category.ini | 7 + 9 files changed, 684 insertions(+) diff --git a/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc b/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc index 155490fa39d3..96c93e73992c 100644 --- a/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc +++ b/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc @@ -301,6 +301,7 @@ SctPkg/TestCase/UEFI/EFI/Protocol/StorageSecurityCommand/BlackBoxTest/StorageSec SctPkg/TestCase/UEFI/EFI/Protocol/AdapterInfo/BlackBoxTest/AdapterInfoProtocolBBTest.inf SctPkg/TestCase/UEFI/EFI/Protocol/TimeStamp/BlackBoxTest/TimeStampProtocolBBTest.inf SctPkg/TestCase/UEFI/EFI/Protocol/RandomNumber/BlackBoxTest/RandomNumberBBTest.inf +SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf SctPkg/TestCase/UEFI/EFI/Protocol/Hash2/BlackBoxTest/Hash2BBTest.inf SctPkg/TestCase/UEFI/EFI/Protocol/PKCS7Verify/BlackBoxTest/Pkcs7BBTest.inf diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf new file mode 100644 index ..563d81b7e859 --- /dev/null +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf @@ -0,0 +1,51 @@ +## @file +# +# Copyright 2006 - 2015 Unified EFI, Inc. +# Copyright (c) 2013, Intel Corporation. All rights reserved. +# Copyright (c) 2021 - 2023, Arm Inc. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## +#/*++ +# +# Module Name: +# +# TCG2ProtocolBBTest.inf +# +# Abstract: +# +# Component description file for TCG2 Protocol Black-Box Test. +# +#--*/ + +[defines] + INF_VERSION = 0x00010005 + BASE_NAME= TCG2ProtocolBBTest + FILE_GUID= BD8CB762-3935-434C-AC3F-462244910A2D + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = InitializeBBTestTCG2Protocol + +[sources.common] + Guid.c + TCG2ProtocolBBTestMain.c + TCG2ProtocolBBTestConformance.c + +[Packages] + MdePkg/MdePkg.dec + SctPkg/SctPkg.dec + SctPkg/UEFI/UEFI.dec + +[LibraryClasses] + UefiDriverEntryPoint + SctLib + EfiTestLib + +[Protocols] diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h new file mode 100644 index ..50b14272939f --- /dev/null +++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h @@ -0,0 +1,47 @@ +/** @file + + Copyright 2006 - 2016 Unified EFI,
Re: [edk2-devel] [PATCH v2 1/6] uefi-sct/SctPkg: TCG2 Protocol: add header with TCG2 protocol definitions
Looks good to me. For others' reference, the change has been already verified by running SystemReady SIE (Security Interface extension) tests on multiple SystemReady certified Arm systems. Reviewed-by: Sunny Wang -Original Message- From: devel@edk2.groups.io On Behalf Of Stuart Yoder via groups.io Sent: Tuesday, January 9, 2024 12:21 PM To: devel@edk2.groups.io; G Edhaya Chandran ; gao...@byosoft.com.cn Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer El-Haj-Mahmoud ; jiewen@intel.com Subject: [edk2-devel] [PATCH v2 1/6] uefi-sct/SctPkg: TCG2 Protocol: add header with TCG2 protocol definitions From: Joseph Hemann Define constants and data structure specified in the TCG EFI Protocol specification. Signed-off-by: Joseph Hemann Signed-off-by: Stuart Yoder --- uefi-sct/SctPkg/UEFI/Protocol/TCG2.h | 177 1 file changed, 177 insertions(+) diff --git a/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h new file mode 100644 index ..e62ecd85cbe9 --- /dev/null +++ b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h @@ -0,0 +1,177 @@ +/** @file + + Copyright 2006 - 2016 Unified EFI, Inc. + Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. + Copyright (c) 2021 - 2023, Arm Inc. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +/*++ + +Module Name: + + TCG2.h + +Abstract: + + EFI TCG Protocol + +--*/ + + +#ifndef __TCG2_PROTOCOL_H__ +#define __TCG2_PROTOCOL_H__ + +// +// Global ID for the TCG2 Protocol +// +#define EFI_TCG2_PROTOCOL_GUID\ + {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f}} + +// Following defintions come from TCG2 Efi Protocol Spec +#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x0001 + +#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x0002 + +#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x0004 + +#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x0008 + +#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x0010 + +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x0001 + +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x0002 + +typedef struct _EFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL; + +typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP; + +typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT; + +typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP; + +typedef UINT32 TCG_PCRINDEX; + +typedef UINT32 TCG_EVENTTYPE; + +// Following struct defintions come from TCG2 Efi Protocol Spec +typedef struct { + UINT8 Major; + UINT8 Minor; +} EFI_TCG2_VERSION; + +typedef struct { + UINT8 Size; + EFI_TCG2_VERSION StructureVersion; + EFI_TCG2_VERSION ProtocolVersion; + EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; + EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs; + BOOLEAN TPMPresentFlag; + UINT16 MaxCommandSize; + UINT16 MaxResponseSize; + UINT32 ManufacturerID; + UINT32 NumberOfPcrBanks; + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks; +} EFI_TCG2_BOOT_SERVICE_CAPABILITY; + +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_CAPABILITY) ( + IN EFI_TCG2_PROTOCOL *This, + IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability +); + +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_EVENT_LOG) ( + IN EFI_TCG2_PROTOCOL *This, + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + OUT BOOLEAN *EventLogTruncated +); + +// all structs except EFI_TCG2_BOOT_SERVICE_CAPABILITY are packed +#pragma pack(1) + +typedef struct tdEFI_TCG2_EVENT_HEADER { + UINT32 HeaderSize; + UINT16 HeaderVersion; + TCG_PCRINDEX PCRIndex; + TCG_EVENTTYPE EventType; +} EFI_TCG2_EVENT_HEADER; + +typedef struct tdEFI_TCG2_EVENT { + UINT32 Size; + EFI_TCG2_EVENT_HEADER Header; + UINT8 Event[]; +} EFI_TCG2_EVENT; + +#pragma pack() + +typedef +EFI_STATUS +(EFIAPI * EFI_TCG2_HASH_LOG_EXTEND_EVENT) ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT64 Flags, + IN EFI_PHYSICAL_ADDRESS DataToHash, + IN UINT64 DataToHashLen, + IN EFI_TCG2_EVENT *EfiTcgEvent +); + +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SUBMIT_COMMAND) ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN UINT32 OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock +); + +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS) ( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *ActivePcrBanks +); + +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS) ( + IN EFI_TCG2_PROTOCOL *This,
[edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731 TCG2 configuration UI shows all the hash algorithms that TPM hardware supports in the checkbox. If user only selects one algorithm that is supported by TPM hardware but not supported by BIOS and uncheck the others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able to decide a viable PCR to activate, then an assert occurs. Add check against PcdTcg2HashAlgorithmBitmap when deciding whether to suppress the hash algorithm checkbox to avoid user to select the hash algorithm which may cause an assert. Cc: Rahul Kumar Cc: Jiewen Yao Signed-off-by: Wei6 Xu --- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++--- 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index 6eb04c014448..39b639039525 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -722,33 +722,50 @@ FillBufferWithBootHashAlg ( } /** - Set ConfigInfo according to TpmAlgHash. + Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap. @param[in,out] Tcg2ConfigInfo TCG2 config info. @param[in] TpmAlgHash TpmAlgHash. + @param[in] BiosHashAlgBitmapBios Hash Algorithm Bitmap. **/ VOID SetConfigInfo ( IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, - IN UINT32 TpmAlgHash + IN UINT32 TpmAlgHash, + IN UINT32 BiosHashAlgBitmap ) { switch (TpmAlgHash) { case TPM_ALG_SHA1: - Tcg2ConfigInfo->Sha1Supported = TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA1) != 0) { +Tcg2ConfigInfo->Sha1Supported = TRUE; + } + break; case TPM_ALG_SHA256: - Tcg2ConfigInfo->Sha256Supported = TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA256) != 0) { +Tcg2ConfigInfo->Sha256Supported = TRUE; + } + break; case TPM_ALG_SHA384: - Tcg2ConfigInfo->Sha384Supported = TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA384) != 0) { +Tcg2ConfigInfo->Sha384Supported = TRUE; + } + break; case TPM_ALG_SHA512: - Tcg2ConfigInfo->Sha512Supported = TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA512) != 0) { +Tcg2ConfigInfo->Sha512Supported = TRUE; + } + break; case TPM_ALG_SM3_256: - Tcg2ConfigInfo->Sm3Supported = TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) != 0) { +Tcg2ConfigInfo->Sm3Supported = TRUE; + } + break; } } @@ -809,16 +826,17 @@ InstallTcg2ConfigForm ( IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData ) { - EFI_STATUS Status; - EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; - EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; - UINTN Index; - TPML_PCR_SELECTION Pcrs; - CHAR16 TempBuffer[1024]; - TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; - TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; - BOOLEAN IsCmdImp = FALSE; + EFI_STATUS Status; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; + UINTNIndex; + TPML_PCR_SELECTION Pcrs; + CHAR16 TempBuffer[1024]; + TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; + TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; + BOOLEAN IsCmdImp; + EFI_TCG2_EVENT_ALGORITHM_BITMAP BiosHashAlgorithmBitmap; DriverHandle = NULL; ConfigAccess = >ConfigAccess; @@ -879,6 +897,8 @@ InstallTcg2ConfigForm ( break; } + BiosHashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap); + ZeroMem (, sizeof (Tcg2ConfigInfo)); Status = Tpm2GetCapabilityPcrs (); if (EFI_ERROR (Status)) { @@ -897,20 +917,21 @@ InstallTcg2ConfigForm ( TempBuffer[0] = 0; for (Index = 0; Index < Pcrs.count; Index++) { AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash); - SetConfigInfo (, Pcrs.pcrSelections[Index].hash); + SetConfigInfo (, Pcrs.pcrSelections[Index].hash, BiosHashAlgorithmBitmap); } HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); } - Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, ); + IsCmdImp = FALSE; + Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status)); } Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp; - FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32
Re: [edk2-devel] [PATCH v1 21/26] OvmfPkg/LoongArchVirt: Add FdtQemuFwCfgLib
On Sat, Mar 16, 2024 at 10:17:00AM +0800, lixianglai wrote: > Hi Gerd: > > On Mon, Mar 11, 2024 at 02:39:31AM -0700, Chao Li wrote: > >> This library for PEI phase, and obtains the QemuFwCfg base address by > >> directly parsing the FDT, reads and writes the data in QemuFwCfg by > >> operating on the QemuFwCfg base address. > >> create mode 100644 > >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.c > >> create mode 100644 > >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.inf > >> create mode 100644 > >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgLibInternal.h > >> create mode 100644 > >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgPei.c > > Is there anything LoongArch-specific in there? > No,The main function of this lib library is to obtain the fwcfg base address > by parsing fdt in the pei stage, > and provide access to fwcfg through mmio mode, > the difference between it and the existing library is that the fwcfg base > address is not hard-coded in the compilation stage, > and is accessed through mmio rather than io port. That would be the case for risc-v and aarch64 too, although I think they don't need fw_cfg right now (they get all info needed via fdt). I think we should add this as OvmfPkg/Library/FdtQemuFwCfgLib. > Another point that needs to be explained is that because loongarch virtual > machine runs on flash in pei phase, > it cannot assign the pcd global variable, so we use Hob as the global > variable to store the fwcfg base address. I think the dynamic PCD database is stored in a HOB and you should be able to set PCDs them even when running from (read-only) flash. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116843): https://edk2.groups.io/g/devel/message/116843 Mute This Topic: https://groups.io/mt/104859897/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v1 20/26] OvmfPkg/LoongArchVirt: Add NorFlashQemuLib
On Sat, Mar 16, 2024 at 06:19:00PM +0800, lixianglai wrote: > Hi Gerd: > > On Mon, Mar 11, 2024 at 02:39:24AM -0700, Chao Li wrote: > >> Add NorFlashQemuLib for LoongArch, it is referenced from ArmVirtPkg. > > What are the differences to the ArmVirtPkg version? > In this lib we have assigned the following three pcd variables: > PcdFlashNvStorageVariableBase > PcdFlashNvStorageFtwWorkingBase > PcdFlashNvStorageFtwSpareBase > Instead of hardcoding these three variables in the VarStore.fdf.inc file as > arm does, > the benefit is that when the flash base address changes in the qemu > implementation, > there is no need to re-adapt and compile UEFI. The flash memory layout (address + size) for the aarch64 virt machine has never changed. So while it sounds nice in theory to have that option it could very well be that this will never ever needed in practice. Having sayed that I'd also note that I think it should also be possible to switch the aarch64 builds to set the PCDs at runtime instead of compile time. > When I tried to implement the current patch scheme on aarch64, > I found that the FaultTolerantWriteDxe driver loaded earlier than > VirtNorFlashDxe. > And It requires the PcdFlashNvStorageFtwWorkingSize and > PcdFlashNvStorageFtwSpareSize variables for initialization, > However the initialization of these two variables is completed in > VirtNorFlashDxe, > The fdf file specifies that VirtNorFlashDxe is loaded first and then > FaultTolerantWriteDxe is loaded in loongarch64. > So this is going to be a problem if we want to apply the current solution to > aarch64 or risc-v. There is a non-obvious twist: VirtNorFlashDxe registers the gEdkiiNvVarStoreFormattedGuid protocol. There is the EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf library, which only purpose is to add a dependency to gEdkiiNvVarStoreFormattedGuid to depex. NvVarStoreFormattedLib.inf is used this way ... MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { A [ ... ] NULL|EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf [ ... ] } ... to make sure VariableRuntimeDxe is scheduled after VirtNorFlashDxe. I think you can apply the same idea to FaultTolerantWriteDxe. > I can't tell the implementation scheme of the current lib and existing > lib implementation scheme which one is better, Could you give we some > advice? I'd suggest to merge your code as OvmfPkg/Library/FdtNorFlashQemuLib as it is not really loongarch-specific. If you want try switch aarch64 to use the same code that'll be great, but sorting that out later is also fine with me. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116842): https://edk2.groups.io/g/devel/message/116842 Mute This Topic: https://groups.io/mt/104859896/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 1/4] MdePkg.dec: RISC-V: Define override bit for Svpbmt extension
On Thu, Mar 14, 2024 at 01:19:14PM -0700, Tuan Phan wrote: > Define the BIT 2 as the override bit for Svpbmt extension. This will > be used by RISC-V MMU library to support EFI_MEMORY_UC and > EFI_MEMORY_WC. > Reviewed-by: Sunil V L -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116841): https://edk2.groups.io/g/devel/message/116841 Mute This Topic: https://groups.io/mt/104934687/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 4/4] OvmfPkg/RiscVVirt: Disable Svpbmt extension
On Thu, Mar 14, 2024 at 01:19:17PM -0700, Tuan Phan wrote: > Disable Svpbmt extension as QEMU not enables it in default config. > Reviewed-by: Sunil V L -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116840): https://edk2.groups.io/g/devel/message/116840 Mute This Topic: https://groups.io/mt/104934689/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 3/4] UefiCpuPkg: RISC-V: MMU: Support Svpbmt extension
Hi Tuan, On Thu, Mar 14, 2024 at 01:19:16PM -0700, Tuan Phan wrote: > The GCD EFI_MEMORY_UC and EFI_MEMORY_WC memory attributes will be > supported when Svpbmt extension available. > > Cc: Gerd Hoffmann > Cc: Laszlo Ersek > Cc: Rahul Kumar > Cc: Ray Ni > Signed-off-by: Tuan Phan > --- > .../Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c | 106 ++ > .../BaseRiscVMmuLib/BaseRiscVMmuLib.inf | 1 + > 2 files changed, 86 insertions(+), 21 deletions(-) > > diff --git a/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c > b/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c > index 46ba4b4709b1..34300dca5c34 100644 > --- a/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c > +++ b/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c > @@ -36,6 +36,11 @@ > #define PTE_PPN_SHIFT 10 > #define RISCV_MMU_PAGE_SHIFT 12 > > +#define RISCV_CPU_FEATURE_PBMT_BITMASK BIT2 > +#define PTE_PBMT_NC BIT61 > +#define PTE_PBMT_IO BIT62 > +#define PTE_PBMT_MASK (PTE_PBMT_NC | PTE_PBMT_IO) > + > STATIC UINTN mModeSupport[] = { SATP_MODE_SV57, SATP_MODE_SV48, > SATP_MODE_SV39, SATP_MODE_OFF }; > STATIC UINTN mMaxRootTableLevel; > STATIC UINTN mBitPerLevel; > @@ -487,32 +492,82 @@ UpdateRegionMapping ( > /** >Convert GCD attribute to RISC-V page attribute. > > - @param GcdAttributes The GCD attribute. > + @param GcdAttributes The GCD attribute. > + @param RiscVAttributes The pointer of RISC-V page attribute. > > - @return The RISC-V page attribute. > + @retval EFI_INVALID_PARAMETER The RiscVAttributes is NULL or cache type > mask not valid. > + @retval EFI_SUCCESS The operation succesfully. > > **/ > STATIC > -UINT64 > +EFI_STATUS > GcdAttributeToPageAttribute ( > - IN UINT64 GcdAttributes > + IN UINT64 GcdAttributes, > + OUT UINT64 *RiscVAttributes >) > { > - UINT64 RiscVAttributes; > + UINT64 CacheTypeMask; > + BOOLEAN PmbtExtEnabled; > Why not read the PCD once and save in a static variable? > - RiscVAttributes = RISCV_PG_R | RISCV_PG_W | RISCV_PG_X; > + if (RiscVAttributes == NULL) { > +return EFI_INVALID_PARAMETER; > + } > + > + *RiscVAttributes = RISCV_PG_R | RISCV_PG_W | RISCV_PG_X; > + > + PmbtExtEnabled = FALSE; > + if ((PcdGet64 (PcdRiscVFeatureOverride) & RISCV_CPU_FEATURE_PBMT_BITMASK) > != 0) { > +PmbtExtEnabled = TRUE; > + } > >// Determine protection attributes >if ((GcdAttributes & EFI_MEMORY_RO) != 0) { > -RiscVAttributes &= ~(UINT64)(RISCV_PG_W); > +*RiscVAttributes &= ~(UINT64)(RISCV_PG_W); >} > >// Process eXecute Never attribute >if ((GcdAttributes & EFI_MEMORY_XP) != 0) { > -RiscVAttributes &= ~(UINT64)RISCV_PG_X; > +*RiscVAttributes &= ~(UINT64)RISCV_PG_X; > + } > + > + CacheTypeMask = GcdAttributes & EFI_CACHE_ATTRIBUTE_MASK; > + if ((CacheTypeMask != 0) && > + (((CacheTypeMask - 1) & CacheTypeMask) != 0)) > + { > +DEBUG (( > + DEBUG_ERROR, > + "%a: More than one bit set in cache type mask (0x%LX)\n", > + __func__, > + CacheTypeMask > + )); > +return EFI_INVALID_PARAMETER; > + } > + > + switch (CacheTypeMask) { > +case EFI_MEMORY_UC: > + if (PmbtExtEnabled) { > +*RiscVAttributes |= PTE_PBMT_IO; > + } > + > + break; > +case EFI_MEMORY_WC: > + if (PmbtExtEnabled) { > +*RiscVAttributes |= PTE_PBMT_NC; > + } else { > +DEBUG (( > + DEBUG_VERBOSE, > + "%a: EFI_MEMORY_WC set but Pmbt extension not available\n", > + __func__ > + )); > + } > + > + break; > +default: > + // Default PMA mode > + break; >} > > - return RiscVAttributes; > + return EFI_SUCCESS; > } > > /** > @@ -535,29 +590,38 @@ RiscVSetMemoryAttributes ( >IN UINT64Attributes >) > { > - UINT64 PageAttributesSet; > + UINT64 PageAttributesSet; > + UINT64 PageAttributesClear; > + EFI_STATUS Status; > > - PageAttributesSet = GcdAttributeToPageAttribute (Attributes); > + Status = GcdAttributeToPageAttribute (Attributes, ); > + if (EFI_ERROR (Status)) { > +return Status; > + } > Is there a reason to do this prior to checking RiscVMmuEnabled()? >if (!RiscVMmuEnabled ()) { > return EFI_SUCCESS; >} > > - DEBUG ( > -( > - DEBUG_VERBOSE, > - "%a: Set %llX page attribute 0x%X\n", > - __func__, > - BaseAddress, > - PageAttributesSet > -) > -); > + PageAttributesClear = PTE_ATTRIBUTES_MASK; > + if ((PcdGet64 (PcdRiscVFeatureOverride) & RISCV_CPU_FEATURE_PBMT_BITMASK) > != 0) { > +PageAttributesClear |= PTE_PBMT_MASK; > + } > + I think static variable would be better. > + DEBUG (( > +DEBUG_VERBOSE, > +"%a: %LX: set attributes 0x%LX, clear attributes 0x%LX\n", > +__func__, > +BaseAddress, > +PageAttributesSet, > +
Re: [edk2-devel] [PATCH] uefi-sct/SctPkg:Enhance BBTestReadKeyStrokeExFunctionAutoTestCheckpoint1()
The patch is up streamed by the below commit: https://github.com/tianocore/edk2-test/commit/032822757792c5d4d0bfed1fd8524e69ef4f2d17 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116838): https://edk2.groups.io/g/devel/message/116838 Mute This Topic: https://groups.io/mt/87274606/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v1 1/1] MdePkg/BaseLib: Fix AARCH64 compilation error
I think it would be nice if you add diff --git a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S index 3e58119b25d2..505d3765c522 100644 --- a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S +++ b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S @@ -9,6 +9,7 @@ GCC_ASM_EXPORT(SetJump) GCC_ASM_EXPORT(InternalLongJump) +GCC_ASM_IMPORT(InternalAssertJumpBuffer) #define GPR_LAYOUT \ REG_PAIR (x19, x20, 0); \ Thou, the gcc doesn't raise compile error (in ASM_FLAG, there's no option set "-Werror-implicit-function-declaration") Otherwise, Reviewed-by: levi.yun -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116837): https://edk2.groups.io/g/devel/message/116837 Mute This Topic: https://groups.io/mt/104997022/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] IntelFsp2Pkg/Tools: Updated iterator usage for Python 3 compatibility
Updated iterator usage for Python 3 compatibility Cc: Chasel Chiu Cc: Nate DeSimone Cc: Duggapu Chinni B Cc: Star Zeng Cc: Ted Kuo Cc: Ashraf Ali S Cc: Susovan Mohapatra Signed-off-by: Zhiguang Liu --- IntelFsp2Pkg/Tools/PatchFv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/IntelFsp2Pkg/Tools/PatchFv.py b/IntelFsp2Pkg/Tools/PatchFv.py index 0cab73255d..fd7476d576 100644 --- a/IntelFsp2Pkg/Tools/PatchFv.py +++ b/IntelFsp2Pkg/Tools/PatchFv.py @@ -720,7 +720,7 @@ class Symbols: def getModGuid(self, var): guid = (guid for guid,name in self.dictGuidNameXref.items() if name==var) try: -value = guid.next() +value = next(guid) except Exception: raise Exception("Unknown module name %s !" % var) return value -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116836): https://edk2.groups.io/g/devel/message/116836 Mute This Topic: https://groups.io/mt/104999189/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] IntelFsp2Pkg/Tools: Let PatchFv support to get Image Base.
Now, the value params of PatchFv support below value getting from map file: ModuleName:FunctionName ModuleName:GlobalVariableName ModuleGuid:Offset This patch add a new type ModuleName:KeyWord KeyWord now supports "BASE", indicating the address of the Image base. For example, ModuleName:BASE will be the address of the Image base. This will simplify the flow when user want to patch the Image base in the binary. In the future, we can let the KeyWord support more based on future usage. Cc: Chasel Chiu Cc: Nate DeSimone Cc: Duggapu Chinni B Cc: Star Zeng Cc: Ted Kuo Cc: Ashraf Ali S Cc: Susovan Mohapatra Signed-off-by: Zhiguang Liu --- IntelFsp2Pkg/Tools/PatchFv.py | 1 + IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/IntelFsp2Pkg/Tools/PatchFv.py b/IntelFsp2Pkg/Tools/PatchFv.py index 73ab877c71..0cab73255d 100644 --- a/IntelFsp2Pkg/Tools/PatchFv.py +++ b/IntelFsp2Pkg/Tools/PatchFv.py @@ -384,6 +384,7 @@ class Symbols: if len(modName) == 36: modName = self.dictGuidNameXref[modName.upper()] self.dictModBase['%s:BASE' % modName] = int (match.group(2), 16) +self.dictSymbolAddress['%s:BASE' % modName] = match.group(2) self.dictModBase['%s:ENTRY' % modName] = int (match.group(3), 16) #(GUID=86D70125-BAA3-4296-A62F-602BEBBB9081 .textbaseaddress=0x00fffb4398 .databaseaddress=0x00fffb4178) match = re.match("\(GUID=([A-Z0-9\-]+)\s+\.textbaseaddress=(0x[0-9a-fA-F]+)\s+\.databaseaddress=(0x[0-9a-fA-F]+)\)", rptLine) diff --git a/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md b/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md index 205ad57773..b59e82c872 100644 --- a/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md +++ b/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md @@ -89,9 +89,10 @@ The entire argument includes the quote marks like in the example argument below: | 0x00BC | 0xFFA2 | 188 | -94 | ``` -ModuleName:FunctionName | ModuleName:GlobalVariableName +ModuleName:FunctionName | ModuleName:GlobalVariableName | ModuleName:KeyWord ModuleGuid:Offset ``` +Note: KeyWord only supports "BASE" now, indicating the address of the PE Image base. ### Operators: -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116835): https://edk2.groups.io/g/devel/message/116835 Mute This Topic: https://groups.io/mt/104999188/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-