Re: [edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions

[Li, Yi]

Hi Chris,

1. Please create a feature request BugZilla to introduce the background of the 
new API, such as purpose and application scenarios.
2. I took a quick look, the new API will make Pkcs1v2De/Encrypt support 
RsaContext input and the rest is same as old API right?

Regards,
Yi

-Original Message-
From: Chris Ruffin  
Sent: Tuesday, March 19, 2024 5:52 AM
To: devel@edk2.groups.io
Cc: Chris Ruffin ; Yao, Jiewen 
; Li, Yi1 ; Hou, Wenxing 

Subject: [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto 
functions

From: Chris Ruffin 

Expand the availability of the RSAEP-OAEP crypto capability in BaseCryptLib.  
Applications using RSA crypto functions directly from OpensslLib can transition 
to BaseCryptLib to take advantage of the shared crypto feature in CryptoDxe.

Pkcs1v2Decrypt(): decryption using DER-encoded private key
RsaOaepEncrypt(): encryption using RSA contexts
RsaOaepDecrypt(): decryption using RSA contexts

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 CryptoPkg/Include/Library/BaseCryptLib.h  | 102 
 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c  | 506 --
 .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c  | 114 
 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c  | 114 
 4 files changed, 789 insertions(+), 47 deletions(-)

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index a52bd91ad6..7ad2bf21fe 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt (
   OUT  UINTN*EncryptedDataSize   ); +/**+  Encrypts a blob using 
PKCS1v2 (RSAES-OAEP) schema. On success, will return the+  encrypted message in 
a newly allocated buffer.++  Things that can cause a failure include:+  - X509 
key size does not match any known key size.+  - Fail to allocate an 
intermediate buffer.+  - Null pointer provided for a non-optional parameter.+  
- Data size is too large for the provided key size (max size is a function of 
key size+and hash digest size).++  @param[in]  RsaContext  A 
pointer to an RSA context created by RsaNew() and+  
provisioned with a public key using RsaSetKey().+  @param[in]  InData   
   Data to be encrypted.+  @param[in]  InDataSize  Size of the data 
buffer.+  @param[in]  PrngSeed[Optional] If provided, a pointer to 
a random seed buffer+  to be used when 
initializing the PRNG. NULL otherwise.+  @param[in]  PrngSeedSize
[Optional] If provided, size of the random seed buffer.+
  0 otherwise.+  @param[out] EncryptedData   Pointer to an 
allocated buffer containing the encrypted+  
message.+  @param[out] EncryptedDataSize   Size of the encrypted message 
buffer.++  @retval TRUEEncryption was successful.+  @retval 
FALSE   Encryption failed.++**/+BOOLEAN+EFIAPI+RsaOaepEncrypt 
(+  IN   VOID *RsaContext,+  IN   UINT8*InData,+  IN   UINTN
InDataSize,+  IN   CONST UINT8  *PrngSeed   OPTIONAL,+  IN   UINTN
PrngSeedSize   OPTIONAL,+  OUT  UINT8**EncryptedData,+  OUT  UINTN  
  *EncryptedDataSize+  );++/**+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) 
schema. On success, will return the+  decrypted message in a newly allocated 
buffer.++  Things that can cause a failure include:+  - Fail to parse private 
key.+  - Fail to allocate an intermediate buffer.+  - Null pointer provided for 
a non-optional parameter.++  @param[in]  PrivateKey  A pointer to the 
DER-encoded private key.+  @param[in]  PrivateKeySize  Size of the private 
key buffer.+  @param[in]  EncryptedData   Data to be decrypted.+  
@param[in]  EncryptedDataSize   Size of the encrypted buffer.+  @param[out] 
OutData Pointer to an allocated buffer containing the encrypted+
  message.+  @param[out] OutDataSize Size 
of the encrypted message buffer.++  @retval TRUEEncryption 
was successful.+  @retval FALSE   Encryption 
failed.++**/+BOOLEAN+EFIAPI+Pkcs1v2Decrypt (+  IN   CONST UINT8  *PrivateKey,+  
IN   UINTNPrivateKeySize,+  IN   UINT8*EncryptedData,+  IN   
UINTNEncryptedDataSize,+  OUT  UINT8**OutData,+  OUT  UINTN 
   *OutDataSize+  );++/**+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. 
On success, will return the+  decrypted message in a newly allocated buffer.++  
Things that can cause a failure include:+  - Fail to parse private key.+  - 
Fail to allocate an intermediate buffer.+  - Null pointer provided for a 
non-optional parameter.++  @param[in]  RsaContext  A pointer to an RSA 
context created by RsaNew() and+  provisioned 
with a private key using RsaSetKey().+  

Re: [edk2-devel] [PATCH v1 21/26] OvmfPkg/LoongArchVirt: Add FdtQemuFwCfgLib

[Chao Li]

Hi Gerd,


Thanks,
Chao
On 2024/3/18 23:28, Gerd Hoffmann wrote:

On Sat, Mar 16, 2024 at 10:17:00AM +0800, lixianglai wrote:

Hi Gerd:

On Mon, Mar 11, 2024 at 02:39:31AM -0700, Chao Li wrote:

This library for PEI phase, and obtains the QemuFwCfg base address by
directly parsing the FDT, reads and writes the data in QemuFwCfg by
operating on the QemuFwCfg base address.
  create mode 100644 
OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.c
  create mode 100644 
OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.inf
  create mode 100644 
OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgLibInternal.h
  create mode 100644 
OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgPei.c

Is there anything LoongArch-specific in there?

No,The main function of this lib library is to obtain the fwcfg base address by 
parsing fdt in the pei stage,
  and provide access to fwcfg through mmio mode,
  the difference between it and the existing library is that the fwcfg base 
address is not hard-coded in the compilation stage,
  and is accessed through mmio rather than io port.

That would be the case for risc-v and aarch64 too, although I think they
don't need fw_cfg right now (they get all info needed via fdt).

I think we should add this as OvmfPkg/Library/FdtQemuFwCfgLib.
Ok, I will commit this change under OvmfPkg/Library next time. Same to 
patch 20, I will try to adjust and verify in risc-v and aarch64 after 
merging this change.



Another point that needs to be explained is that because loongarch virtual 
machine runs on flash in pei phase,
it cannot assign the pcd global variable, so we use Hob as the global variable 
to store the fwcfg base address.

I think the dynamic PCD database is stored in a HOB and you should be
able to set PCDs them even when running from (read-only) flash.

Let's me try.


take care,
   Gerd








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116876): https://edk2.groups.io/g/devel/message/116876
Mute This Topic: https://groups.io/mt/104859897/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 20/26] OvmfPkg/LoongArchVirt: Add NorFlashQemuLib

[Chao Li]

Hi Gerd,


Thanks,
Chao
On 2024/3/18 23:21, Gerd Hoffmann wrote:

On Sat, Mar 16, 2024 at 06:19:00PM +0800, lixianglai wrote:

Hi Gerd:

On Mon, Mar 11, 2024 at 02:39:24AM -0700, Chao Li wrote:

Add NorFlashQemuLib for LoongArch, it is referenced from ArmVirtPkg.

What are the differences to the ArmVirtPkg version?

In this lib we have assigned the following three pcd variables:
PcdFlashNvStorageVariableBase
PcdFlashNvStorageFtwWorkingBase
PcdFlashNvStorageFtwSpareBase
Instead of hardcoding these three variables in the VarStore.fdf.inc file as arm 
does,
the benefit is that when the flash base address changes in the qemu 
implementation,
there is no need to re-adapt and compile UEFI.

The flash memory layout (address + size) for the aarch64 virt machine
has never changed.  So while it sounds nice in theory to have that
option it could very well be that this will never ever needed in
practice.

Having sayed that I'd also note that I think it should also be possible
to switch the aarch64 builds to set the PCDs at runtime instead of
compile time.


When I tried to implement the current patch scheme on aarch64,
I found that the FaultTolerantWriteDxe driver loaded earlier than 
VirtNorFlashDxe.
And It requires the PcdFlashNvStorageFtwWorkingSize and 
PcdFlashNvStorageFtwSpareSize variables for initialization,
However the initialization of these two variables is completed in 
VirtNorFlashDxe,
The fdf file specifies that VirtNorFlashDxe is loaded first and then 
FaultTolerantWriteDxe is loaded in loongarch64.
So this is going to be a problem if we want to apply the current solution to 
aarch64 or risc-v.

There is a non-obvious twist:

VirtNorFlashDxe registers the gEdkiiNvVarStoreFormattedGuid protocol.

There is the
EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf
library, which only purpose is to add a dependency to
gEdkiiNvVarStoreFormattedGuid to depex.

NvVarStoreFormattedLib.inf is used this way ...

   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
 A
   [ ... ]
   
NULL|EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf
   [ ... ]
   }

... to make sure VariableRuntimeDxe is scheduled after VirtNorFlashDxe.

I think you can apply the same idea to FaultTolerantWriteDxe.


I can't tell the implementation scheme of the current lib and existing
lib implementation scheme which one is better, Could you give we some
advice?

I'd suggest to merge your code as OvmfPkg/Library/FdtNorFlashQemuLib as
it is not really loongarch-specific.

If you want try switch aarch64 to use the same code that'll be great,
but sorting that out later is also fine with me.


If you think this design is looks better, then I'm prepare to commit 
this change under the OvmfPkg/Library as a public library. And I will 
enable it in aarch64 after merging this change, because I think it may 
be tweaked and validated in aarch64 for many platforms. Do you think 
that is good?




take care,
   Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116875): https://edk2.groups.io/g/devel/message/116875
Mute This Topic: https://groups.io/mt/104859896/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - Tuesday, March 19, 2024 #cal-reminder

[Group Notification]

*Reminder: TianoCore Bug Triage - APAC / NAMO*

*When:*
Tuesday, March 19, 2024
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles

*Where:*
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d

*Organizer:* Liming Gao gaolim...@byosoft.com.cn ( 
gaolim...@byosoft.com.cn?subject=Re:%20Event:%20TianoCore%20Bug%20Triage%20-%20APAC%20%2F%20NAMO
 )

View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=2159770 )

*Description:*

TianoCore Bug Triage - APAC / NAMO

Hosted by Liming Gao



Microsoft Teams meeting

*Join on your computer or mobile app*

Click here to join the meeting ( 
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%226e4ce4c4-1242-431b-9a51-92cd01a5df3c%22%7d
 )

*Join with a video conferencing device*

te...@conf.intel.com

Video Conference ID: 116 062 094 0

Alternate VTC dialing instructions ( 
https://conf.intel.com/teams/?conf=1160620940=teams=conf.intel.com=test_call
 )

*Or call in (audio only)*

+1 916-245-6934,,77463821# ( tel:+19162456934,,77463821# ) United States, 
Sacramento

Phone Conference ID: 774 638 21#

Find a local number ( 
https://dialin.teams.microsoft.com/d195d438-2daa-420e-b9ea-da26f9d1d6d5?id=77463821
 ) | Reset PIN ( https://mysettings.lync.com/pstnconferencing )

Learn More ( https://aka.ms/JoinTeamsMeeting ) | Meeting options ( 
https://teams.microsoft.com/meetingOptions/?organizerId=b286b53a-1218-4db3-bfc9-3d4c5aa7669e=46c98d88-e344-4ed4-8496-4ed7712e255d=19_meeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh@thread.v2=0=en-US
 )


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116874): https://edk2.groups.io/g/devel/message/116874
Mute This Topic: https://groups.io/mt/105016832/21656
Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Now: Tools, CI, Code base construction meeting series - Monday, March 18, 2024 #cal-notice

[Group Notification]

*Tools, CI, Code base construction meeting series*

*When:*
Monday, March 18, 2024
4:30pm to 5:30pm
(UTC-07:00) America/Los Angeles

*Where:*
https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDI2ZDg4NmMtMjI1My00MzI5LWFmYjAtMGQyNjUzNTBjZGYw%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2223af6561-6e1c-450d-b917-d9d674eb3cb6%22%7d

View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=2159775 )

*Description:*

TianoCore community,

Microsoft and Intel will be hosting a series of open meetings to discuss build, 
CI, tools, and other related topics. If you are interested, have ideas/opinions 
please join us. These meetings will be Monday 4:30pm Pacific Time on Microsoft 
Teams.

MS Teams Link in following discussion: * 
https://github.com/tianocore/edk2/discussions/2614

Anyone is welcome to join.

* tianocore/edk2: EDK II (github.com)
* tianocore/edk2-basetools: EDK II BaseTools Python tools as a PIP module 
(github.com) https://github.com/tianocore/edk2-basetools
* tianocore/edk2-pytool-extensions: Extensions to the edk2 build system 
allowing for a more robust and plugin based build system and tool execution 
environment (github.com) https://github.com/tianocore/edk2-pytool-extensions
* tianocore/edk2-pytool-library: Python library package that supports UEFI 
development (github.com) https://github.com/tianocore/edk2-pytool-library

MS Teams Browser Clients * 
https://docs.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116873): https://edk2.groups.io/g/devel/message/116873
Mute This Topic: https://groups.io/mt/105015041/21656
Mute #cal-notice:https://edk2.groups.io/g/devel/mutehashtag/cal-notice
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 3/3] CryptoPkg/BaseCryptLibUnitTest: add unit test functions

[Chris Ruffin via groups.io]

From: Chris Ruffin 

Add unit test functions:
TestVerifyPkcs1v2Decrypt()
TestVerifyTestRsaOaepEncrypt()
TestVerifyTestRsaOaepDecrypt()

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 .../Library/BaseCryptLib/OaepEncryptTests.c   | 184 +-
 1 file changed, 182 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c 
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c
index 22a4ea7e46..2b5c6d04da 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c
@@ -153,9 +153,42 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  PrivateKey[] = {
   0x86, 0x10, 0x09, 0x88, 0x6C, 0x35, 0x60, 0xF2,
 };
 
+//
+// Public Modulus of RSA Key
+//
+GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8  RsaN[] = {
+  0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 
0x9D, 0xA8, 0x71, 0xF7,
+  0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 
0x74, 0x54, 0xF5, 0x1F,
+  0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 
0xEB, 0x6F, 0xCD, 0x48,
+  0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 
0x5B, 0x8B, 0x80, 0x7F,
+  0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 
0xD9, 0x3A, 0x25, 0x84,
+  0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 
0x45, 0x98, 0x39, 0x4E,
+  0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 
0xF6, 0xC1, 0x68, 0x7F,
+  0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 
0x09, 0x1D, 0xBD, 0xCB
+};
+
+//
+// Public Exponent of RSA Key
+//
+GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8  RsaE[] = { 0x11 };
+
+//
+// Private Exponent of RSA Key
+//
+GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8  RsaD[] = {
+  0xA5, 0xDA, 0xFC, 0x53, 0x41, 0xFA, 0xF2, 0x89, 0xC4, 0xB9, 0x88, 0xDB, 
0x30, 0xC1, 0xCD, 0xF8,
+  0x3F, 0x31, 0x25, 0x1E, 0x06, 0x68, 0xB4, 0x27, 0x84, 0x81, 0x38, 0x01, 
0x57, 0x96, 0x41, 0xB2,
+  0x94, 0x10, 0xB3, 0xC7, 0x99, 0x8D, 0x6B, 0xC4, 0x65, 0x74, 0x5E, 0x5C, 
0x39, 0x26, 0x69, 0xD6,
+  0x87, 0x0D, 0xA2, 0xC0, 0x82, 0xA9, 0x39, 0xE3, 0x7F, 0xDC, 0xB8, 0x2E, 
0xC9, 0x3E, 0xDA, 0xC9,
+  0x7F, 0xF3, 0xAD, 0x59, 0x50, 0xAC, 0xCF, 0xBC, 0x11, 0x1C, 0x76, 0xF1, 
0xA9, 0x52, 0x94, 0x44,
+  0xE5, 0x6A, 0xAF, 0x68, 0xC5, 0x6C, 0x09, 0x2C, 0xD3, 0x8D, 0xC3, 0xBE, 
0xF5, 0xD2, 0x0A, 0x93,
+  0x99, 0x26, 0xED, 0x4F, 0x74, 0xA1, 0x3E, 0xDD, 0xFB, 0xE1, 0xA1, 0xCE, 
0xCC, 0x48, 0x94, 0xAF,
+  0x94, 0x28, 0xC2, 0xB7, 0xB8, 0x88, 0x3F, 0xE4, 0x46, 0x3A, 0x4B, 0xC8, 
0x5B, 0x1C, 0xB3, 0xC1
+};
+
 UNIT_TEST_STATUS
 EFIAPI
-TestVerifyOaepEncrypt (
+TestVerifyPkcs1v2Encrypt (
   IN UNIT_TEST_CONTEXT  Context
   )
 {
@@ -296,11 +329,158 @@ TestVerifyOaepEncrypt (
   return UNIT_TEST_PASSED;
 }
 
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyPkcs1v2Decrypt (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  BOOLEAN  Status;
+  UINT8PlaintextBuffer[4];
+  UINT8*EncryptedBuffer;
+  UINTNEncryptedBufferSize;
+  UINT8*DecryptedBuffer;
+  UINTNDecryptedBufferSize;
+
+  // Create a file and add content '123' in it
+  PlaintextBuffer[0] = '1';
+  PlaintextBuffer[1] = '2';
+  PlaintextBuffer[2] = '3';
+  PlaintextBuffer[3] = 0;
+
+  Status = Pkcs1v2Encrypt (
+ SelfTestCert,
+ (UINTN)sizeof (SelfTestCert),
+ PlaintextBuffer,
+ (UINTN)sizeof (PlaintextBuffer),
+ NULL,
+ 0,
+ ,
+ (UINTN *)
+ );
+  UT_ASSERT_TRUE (Status);
+
+  Status = Pkcs1v2Decrypt (
+ PrivateKey,
+ (UINTN)sizeof (PrivateKey),
+ EncryptedBuffer,
+ EncryptedBufferSize,
+ ,
+ (UINTN *)
+ );
+  UT_ASSERT_TRUE (Status);
+
+  UT_ASSERT_TRUE ((CompareMem (PlaintextBuffer, DecryptedBuffer, 
DecryptedBufferSize) == 0));
+
+  return UNIT_TEST_PASSED;
+}
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyRsaOaepEncrypt (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  BOOLEAN  Status;
+  UINT8PlaintextBuffer[4];
+  UINT8*EncryptedBuffer;
+  UINTNEncryptedBufferSize;
+  VOID *RsaContext = NULL;
+
+  // Create a file and add content '123' in it
+  PlaintextBuffer[0] = '1';
+  PlaintextBuffer[1] = '2';
+  PlaintextBuffer[2] = '3';
+  PlaintextBuffer[3] = 0;
+
+  RsaContext = RsaNew ();
+  UT_ASSERT_FALSE (RsaContext == NULL);
+
+  Status = RsaSetKey (RsaContext, RsaKeyN, RsaN, sizeof (RsaN));
+  UT_ASSERT_TRUE (Status);
+
+  Status = RsaSetKey (RsaContext, RsaKeyE, RsaE, sizeof (RsaE));
+  UT_ASSERT_TRUE (Status);
+
+  Status = RsaOaepEncrypt (
+ RsaContext,
+ PlaintextBuffer,
+ sizeof (PlaintextBuffer),
+ NULL,
+ 0,
+ ,
+ 
+ );
+  UT_ASSERT_TRUE (Status);
+
+  return UNIT_TEST_PASSED;
+}
+

[edk2-devel] [PATCH 2/3] CryptoPkg/Driver: add additional RSAEP-OAEP crypto functions

[Chris Ruffin via groups.io]

From: Chris Ruffin 

Add new library members to CryptoPkg/Driver.

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 CryptoPkg/Driver/Crypto.c | 116 +-
 .../Pcd/PcdCryptoServiceFamilyEnable.h|   3 +
 .../BaseCryptLibOnProtocolPpi/CryptLib.c  | 100 +++
 CryptoPkg/Private/Protocol/Crypto.h   |  97 ++-
 4 files changed, 314 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index bdbb4863a9..3bfce16fa6 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3589,6 +3589,117 @@ CryptoServicePkcs1v2Encrypt (
   return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Encrypt, Pkcs1v2Encrypt, 
(PublicKey, PublicKeySize, InData, InDataSize, PrngSeed, PrngSeedSize, 
EncryptedData, EncryptedDataSize), FALSE);
 }
 
+/**
+  Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  encrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - X509 key size does not match any known key size.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+  - Data size is too large for the provided key size (max size is a function 
of key size
+and hash digest size).
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a public key using 
RsaSetKey().
+  @param[in]  InData  Data to be encrypted.
+  @param[in]  InDataSize  Size of the data buffer.
+  @param[in]  PrngSeed[Optional] If provided, a pointer to a 
random seed buffer
+  to be used when initializing the PRNG. NULL 
otherwise.
+  @param[in]  PrngSeedSize[Optional] If provided, size of the random 
seed buffer.
+  0 otherwise.
+  @param[out] EncryptedData   Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] EncryptedDataSize   Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceRsaOaepEncrypt (
+  IN   VOID *RsaContext,
+  IN   UINT8*InData,
+  IN   UINTNInDataSize,
+  IN   CONST UINT8  *PrngSeed   OPTIONAL,
+  IN   UINTNPrngSeedSize   OPTIONAL,
+  OUT  UINT8**EncryptedData,
+  OUT  UINTN*EncryptedDataSize
+  )
+{
+  return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepEncrypt, RsaOaepEncrypt, 
(RsaContext, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, 
EncryptedDataSize), FALSE);
+}
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  PrivateKey  A pointer to the DER-encoded private key.
+  @param[in]  PrivateKeySize  Size of the private key buffer.
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServicePkcs1v2Decrypt (
+  IN   CONST UINT8  *PrivateKey,
+  IN   UINTNPrivateKeySize,
+  IN   UINT8*EncryptedData,
+  IN   UINTNEncryptedDataSize,
+  OUT  UINT8**OutData,
+  OUT  UINTN*OutDataSize
+  )
+{
+  return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Decrypt, Pkcs1v2Decrypt, 
(PrivateKey, PrivateKeySize, EncryptedData, EncryptedDataSize, OutData, 
OutDataSize), FALSE);
+}
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a private key using 
RsaSetKey().
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval   

[edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions

[Chris Ruffin via groups.io]

From: Chris Ruffin 

Expand the availability of the RSAEP-OAEP crypto capability in
BaseCryptLib.  Applications using RSA crypto functions directly from
OpensslLib can transition to BaseCryptLib to take advantage of the
shared crypto feature in CryptoDxe.

Pkcs1v2Decrypt(): decryption using DER-encoded private key
RsaOaepEncrypt(): encryption using RSA contexts
RsaOaepDecrypt(): decryption using RSA contexts

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 CryptoPkg/Include/Library/BaseCryptLib.h  | 102 
 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c  | 506 --
 .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c  | 114 
 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c  | 114 
 4 files changed, 789 insertions(+), 47 deletions(-)

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index a52bd91ad6..7ad2bf21fe 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt (
   OUT  UINTN*EncryptedDataSize
   );
 
+/**
+  Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  encrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - X509 key size does not match any known key size.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+  - Data size is too large for the provided key size (max size is a function 
of key size
+and hash digest size).
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a public key using 
RsaSetKey().
+  @param[in]  InData  Data to be encrypted.
+  @param[in]  InDataSize  Size of the data buffer.
+  @param[in]  PrngSeed[Optional] If provided, a pointer to a 
random seed buffer
+  to be used when initializing the PRNG. NULL 
otherwise.
+  @param[in]  PrngSeedSize[Optional] If provided, size of the random 
seed buffer.
+  0 otherwise.
+  @param[out] EncryptedData   Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] EncryptedDataSize   Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+RsaOaepEncrypt (
+  IN   VOID *RsaContext,
+  IN   UINT8*InData,
+  IN   UINTNInDataSize,
+  IN   CONST UINT8  *PrngSeed   OPTIONAL,
+  IN   UINTNPrngSeedSize   OPTIONAL,
+  OUT  UINT8**EncryptedData,
+  OUT  UINTN*EncryptedDataSize
+  );
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  PrivateKey  A pointer to the DER-encoded private key.
+  @param[in]  PrivateKeySize  Size of the private key buffer.
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs1v2Decrypt (
+  IN   CONST UINT8  *PrivateKey,
+  IN   UINTNPrivateKeySize,
+  IN   UINT8*EncryptedData,
+  IN   UINTNEncryptedDataSize,
+  OUT  UINT8**OutData,
+  OUT  UINTN*OutDataSize
+  );
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a private key using 
RsaSetKey().
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+RsaOaepDecrypt (
+  IN   

[edk2-devel] [PATCH] Package/Module: edk2-platforms\Features\Intel\UserInterface\UserAuthFeaturePkg

[Nayana Patel]

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4645

Clear out the variable SmmCommunicateSetPassword which contains password before 
goto Exit.
To avoid vulnerability.

Signed-off-by: Nayana Patel 
---
 .../UserAuthenticationDxeSmm/UserAuthenticationSmm.c| 2 ++
 1 file changed, 2 insertions(+)

diff --git 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
index 98f40c1812..8d7c018688 100644
--- 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
+++ 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
@@ -499,6 +499,7 @@ SmmPasswordHandler (
 if (PasswordLen == sizeof(SmmCommunicateSetPassword.OldPassword)) {
   DEBUG ((DEBUG_ERROR, "SmmPasswordHandler: OldPassword invalid!\n"));
   Status = EFI_INVALID_PARAMETER;
+  ZeroMem (, sizeof (SmmCommunicateSetPassword));
   goto EXIT;
 }
 
@@ -510,6 +511,7 @@ SmmPasswordHandler (
   } else {
 Status = EFI_SECURITY_VIOLATION;
   }
+  ZeroMem (, sizeof (SmmCommunicateSetPassword));
   goto EXIT;
 }
 
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116869): https://edk2.groups.io/g/devel/message/116869
Mute This Topic: https://groups.io/mt/105014793/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH] REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4650

[V V, Pranav]

sPasswordStrong checks for password complexity requirements. It does bare 
minimal
checking for existence of uppercase, lowercase, numeral, and symbol. A password 
with repeating characters
would be an acceptable password, such as 1!Aa.IsPasswordInHistory checks if 
the password hash of the password being entered matches the hash of the
previous 5 passwords.

Added a check for preventing each character repeat more than twice consecutively

Signed-off-by: V V Pranav 
---
 .../UserAuthenticationDxeStrings.uni | 4 ++--
 .../UserAuthenticationDxeSmm/UserAuthenticationSmm.c | 5 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni
 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni
index 1e3a179677..8c4d8528ee 100644
--- 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni
+++ 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni
@@ -19,8 +19,8 @@
#language fr-FR "Password Management 
Form"
 #string STR_ADMIN_PASSWORD_PROMPT  #language en-US "Change Admin Password"
#language fr-FR "Change Admin Password"
-#string STR_ADMIN_PASSWORD_HELP#language en-US "Input old admin 
password if it was set, then you can change the password to a new one. After 
the change action, you may need input the new password when you enter UI. The 
new password must be between 8 and 32 chars include lowercase, uppercase 
alphabetic, number, and symbol. Input an empty password can clean old admin 
password, then no need input password to enter UI."
-   #language fr-FR "Input old admin 
password if it was set, then you can change the password to a new one. After 
the change action, you may need input the new password when you enter UI. The 
new password must be between 8 and 32 chars include lowercase, uppercase 
alphabetic, number, and symbol. Input an empty password can clean old admin 
password, then no need input password to enter UI."
+#string STR_ADMIN_PASSWORD_HELP#language en-US "Input old admin 
password if it was set, then you can change the password to a new one. After 
the change action, you may need input the new password when you enter UI. The 
new password must be between 8 and 32 chars include lowercase, uppercase 
alphabetic, number, symbol and each character should not repeat more than twice 
consecutively. Input an empty password can clean old admin password, then no 
need input password to enter UI."
+   #language fr-FR "Input old admin 
password if it was set, then you can change the password to a new one. After 
the change action, you may need input the new password when you enter UI. The 
new password must be between 8 and 32 chars include lowercase, uppercase 
alphabetic, number, symbol and each character should not repeat more than twice 
consecutively. Input an empty password can clean old admin password, then no 
need input password to enter UI."
 #string STR_ADMIN_PASSWORD_STS_HELP#language en-US "Current Admin Password 
status: Installed or Not Installed."
#language fr-FR "Current Admin Password 
status: Installed or Not Installed."
 #string STR_ADMIN_PASSWORD_STS_PROMPT  #language en-US "Admin Password Status"
diff --git 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
index 98f40c1812..d5e1488162 100644
--- 
a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
+++ 
b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
@@ -362,6 +362,11 @@ IsPasswordStrong (
 } else {
   HasSymbol = TRUE;
 }
+if ((Index+2) <= (PasswordSize - 1)) {
+  if (Password[Index] == Password[Index+1] && Password[Index+1] == 
Password[Index+2]) {
+return FALSE;
+  }
+}
   }
   if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) {
 return FALSE;
-- 
2.39.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116868): https://edk2.groups.io/g/devel/message/116868
Mute This Topic: https://groups.io/mt/105014792/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Revert "ProcessLibraryConstructorList()"

[brucex . wang]

From: Bruce Wang 

This reverts commit 1c0db2315109233e77e6b5a52704d14550dcba3c

That commit cause a build error "ProcessLibraryConstructorList undefined"
in FitUniversalPayloadEntry.c

Cc: Gua Guo 
Cc: Guo Dong 
Cc: James Lu 
Cc: Sean Rhodes 

Signed-off-by: BruceX Wang 
---
 .../UefiPayloadEntry/FitUniversalPayloadEntry.inf  |  2 +-
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 10 ++
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf   |  2 +-
 .../UefiPayloadEntry/UniversalPayloadEntry.inf |  2 +-
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf 
b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf
index b87a0989ee..01fb3aceb3 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.inf
@@ -8,7 +8,7 @@
 ##
 
 [Defines]
-  INF_VERSION= 1.30
+  INF_VERSION= 0x00010005
   BASE_NAME  = FitUniversalPayloadEntry
   FILE_GUID  = CED5A8A9-B6EA-4D5A-8689-577EE88566CF
   MODULE_TYPE= SEC
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h 
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
index 80ccc5072c..ad8a9fd22b 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
@@ -51,6 +51,16 @@
 #define E820_PMEM   7
 #define E820_UNDEFINED  8
 
+/**
+  Auto-generated function that calls the library constructors for all of the 
module's
+  dependent libraries.
+**/
+VOID
+EFIAPI
+ProcessLibraryConstructorList (
+  VOID
+  );
+
 /**
   Add a new HOB to the HOB List.
 
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf 
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
index a3ff4b86ea..e2af8a4b7c 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
@@ -9,7 +9,7 @@
 ##
 
 [Defines]
-  INF_VERSION= 1.30
+  INF_VERSION= 0x00010005
   BASE_NAME  = PayloadEntry
   FILE_GUID  = 2119BBD7-9432-4f47-B5E2-5C4EA31B6BDC
   MODULE_TYPE= SEC
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf 
b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
index a62da5c705..5112cdc1e5 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
@@ -8,7 +8,7 @@
 ##
 
 [Defines]
-  INF_VERSION= 1.30
+  INF_VERSION= 0x00010005
   BASE_NAME  = UniversalPayloadEntry
   FILE_GUID  = D4F0F269-1209-4A66-8039-C4D5A700EA4E
   MODULE_TYPE= SEC
-- 
2.39.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116867): https://edk2.groups.io/g/devel/message/116867
Mute This Topic: https://groups.io/mt/105014786/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 0/1] Revert "ProcessLibraryConstructorList()

[brucex . wang]

From: Bruce Wang 

This reverts commit 1c0db2315109233e77e6b5a52704d14550dcba3c

That commit caused debug messages to be missing in FitUniversalPayload.c.

Bruce Wang (1):
  UefiPayloadPkg: Revert "ProcessLibraryConstructorList()"

 .../UefiPayloadEntry/FitUniversalPayloadEntry.inf  |  2 +-
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 10 ++
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf   |  2 +-
 .../UefiPayloadEntry/UniversalPayloadEntry.inf |  2 +-
 4 files changed, 13 insertions(+), 3 deletions(-)

-- 
2.39.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116866): https://edk2.groups.io/g/devel/message/116866
Mute This Topic: https://groups.io/mt/105014784/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Cleanup ProcessLibraryConstructorList()

[brucex . wang]

From: Bruce Wang 

ProcessLibraryConstructorList() no needs to be called manually
after INF version greater or equal to 1.30.

Cc: Guo Dong 
Cc: Sean Rhodes 
Cc: James Lu 
Cc: Gua Guo 

Signed-off-by: BruceX Wang 
---
 UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c | 2 --
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c | 2 --
 UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c| 2 --
 3 files changed, 6 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c 
b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c
index eb0b325369..58a7e8190f 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c
@@ -616,8 +616,6 @@ _ModuleEntryPoint (
 
   mHobList = (VOID *)BootloaderParameter;
   DxeFv= NULL;
-  // Call constructor for all libraries
-  ProcessLibraryConstructorList ();
 
   DEBUG ((DEBUG_INFO, "Entering Universal Payload...\n"));
   DEBUG ((DEBUG_INFO, "sizeof(UINTN) = 0x%x\n", sizeof (UINTN)));
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c 
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
index 030a5baed9..7c65869563 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
@@ -434,8 +434,6 @@ _ModuleEntryPoint (
 UniversalSerialPort->RegisterStride  = (UINT8)SerialPortInfo.RegWidth;
   }
 
-  // The library constructors might depend on serial port, so call it after 
serial port hob
-  ProcessLibraryConstructorList ();
   DEBUG ((DEBUG_INFO, "sizeof(UINTN) = 0x%x\n", sizeof (UINTN)));
 
   // Build HOB based on information from Bootloader
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c 
b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c
index f37c00fad7..019b6b3d8b 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c
@@ -462,8 +462,6 @@ _ModuleEntryPoint (
 
   mHobList = (VOID *)BootloaderParameter;
   DxeFv= NULL;
-  // Call constructor for all libraries
-  ProcessLibraryConstructorList ();
 
   DEBUG ((DEBUG_INFO, "Entering Universal Payload...\n"));
   DEBUG ((DEBUG_INFO, "sizeof(UINTN) = 0x%x\n", sizeof (UINTN)));
-- 
2.39.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116865): https://edk2.groups.io/g/devel/message/116865
Mute This Topic: https://groups.io/mt/105014773/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 0/1] Cleanup ProcessLibraryConstructorList()

[brucex . wang]

From: Bruce Wang 

ProcessLibraryConstructorList() no needs to be called manually
after INF version greater or equal to 1.30.

Bruce Wang (1):
  UefiPayloadPkg: Cleanup ProcessLibraryConstructorList()

 UefiPayloadPkg/UefiPayloadEntry/FitUniversalPayloadEntry.c | 2 --
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c | 2 --
 UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c| 2 --
 3 files changed, 6 deletions(-)

-- 
2.39.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116864): https://edk2.groups.io/g/devel/message/116864
Mute This Topic: https://groups.io/mt/105014770/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 3/3] CryptoPkg/BaseCryptLibUnitTest: add unit test functions

[Chris Ruffin via groups.io]

From: Chris Ruffin 

Add unit test functions:
TestVerifyPkcs1v2Decrypt()
TestVerifyTestRsaOaepEncrypt()
TestVerifyTestRsaOaepDecrypt()

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 .../Library/BaseCryptLib/OaepEncryptTests.c   | 184 +-
 1 file changed, 182 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c 
b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c
index 22a4ea7e46..2b5c6d04da 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/OaepEncryptTests.c
@@ -153,9 +153,42 @@ GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8  PrivateKey[] = {
   0x86, 0x10, 0x09, 0x88, 0x6C, 0x35, 0x60, 0xF2,
 };
 
+//
+// Public Modulus of RSA Key
+//
+GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8  RsaN[] = {
+  0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 
0x9D, 0xA8, 0x71, 0xF7,
+  0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 
0x74, 0x54, 0xF5, 0x1F,
+  0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 
0xEB, 0x6F, 0xCD, 0x48,
+  0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 
0x5B, 0x8B, 0x80, 0x7F,
+  0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 
0xD9, 0x3A, 0x25, 0x84,
+  0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 
0x45, 0x98, 0x39, 0x4E,
+  0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 
0xF6, 0xC1, 0x68, 0x7F,
+  0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 
0x09, 0x1D, 0xBD, 0xCB
+};
+
+//
+// Public Exponent of RSA Key
+//
+GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8  RsaE[] = { 0x11 };
+
+//
+// Private Exponent of RSA Key
+//
+GLOBAL_REMOVE_IF_UNREFERENCED STATIC CONST UINT8  RsaD[] = {
+  0xA5, 0xDA, 0xFC, 0x53, 0x41, 0xFA, 0xF2, 0x89, 0xC4, 0xB9, 0x88, 0xDB, 
0x30, 0xC1, 0xCD, 0xF8,
+  0x3F, 0x31, 0x25, 0x1E, 0x06, 0x68, 0xB4, 0x27, 0x84, 0x81, 0x38, 0x01, 
0x57, 0x96, 0x41, 0xB2,
+  0x94, 0x10, 0xB3, 0xC7, 0x99, 0x8D, 0x6B, 0xC4, 0x65, 0x74, 0x5E, 0x5C, 
0x39, 0x26, 0x69, 0xD6,
+  0x87, 0x0D, 0xA2, 0xC0, 0x82, 0xA9, 0x39, 0xE3, 0x7F, 0xDC, 0xB8, 0x2E, 
0xC9, 0x3E, 0xDA, 0xC9,
+  0x7F, 0xF3, 0xAD, 0x59, 0x50, 0xAC, 0xCF, 0xBC, 0x11, 0x1C, 0x76, 0xF1, 
0xA9, 0x52, 0x94, 0x44,
+  0xE5, 0x6A, 0xAF, 0x68, 0xC5, 0x6C, 0x09, 0x2C, 0xD3, 0x8D, 0xC3, 0xBE, 
0xF5, 0xD2, 0x0A, 0x93,
+  0x99, 0x26, 0xED, 0x4F, 0x74, 0xA1, 0x3E, 0xDD, 0xFB, 0xE1, 0xA1, 0xCE, 
0xCC, 0x48, 0x94, 0xAF,
+  0x94, 0x28, 0xC2, 0xB7, 0xB8, 0x88, 0x3F, 0xE4, 0x46, 0x3A, 0x4B, 0xC8, 
0x5B, 0x1C, 0xB3, 0xC1
+};
+
 UNIT_TEST_STATUS
 EFIAPI
-TestVerifyOaepEncrypt (
+TestVerifyPkcs1v2Encrypt (
   IN UNIT_TEST_CONTEXT  Context
   )
 {
@@ -296,11 +329,158 @@ TestVerifyOaepEncrypt (
   return UNIT_TEST_PASSED;
 }
 
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyPkcs1v2Decrypt (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  BOOLEAN  Status;
+  UINT8PlaintextBuffer[4];
+  UINT8*EncryptedBuffer;
+  UINTNEncryptedBufferSize;
+  UINT8*DecryptedBuffer;
+  UINTNDecryptedBufferSize;
+
+  // Create a file and add content '123' in it
+  PlaintextBuffer[0] = '1';
+  PlaintextBuffer[1] = '2';
+  PlaintextBuffer[2] = '3';
+  PlaintextBuffer[3] = 0;
+
+  Status = Pkcs1v2Encrypt (
+ SelfTestCert,
+ (UINTN)sizeof (SelfTestCert),
+ PlaintextBuffer,
+ (UINTN)sizeof (PlaintextBuffer),
+ NULL,
+ 0,
+ ,
+ (UINTN *)
+ );
+  UT_ASSERT_TRUE (Status);
+
+  Status = Pkcs1v2Decrypt (
+ PrivateKey,
+ (UINTN)sizeof (PrivateKey),
+ EncryptedBuffer,
+ EncryptedBufferSize,
+ ,
+ (UINTN *)
+ );
+  UT_ASSERT_TRUE (Status);
+
+  UT_ASSERT_TRUE ((CompareMem (PlaintextBuffer, DecryptedBuffer, 
DecryptedBufferSize) == 0));
+
+  return UNIT_TEST_PASSED;
+}
+
+UNIT_TEST_STATUS
+EFIAPI
+TestVerifyRsaOaepEncrypt (
+  IN UNIT_TEST_CONTEXT  Context
+  )
+{
+  BOOLEAN  Status;
+  UINT8PlaintextBuffer[4];
+  UINT8*EncryptedBuffer;
+  UINTNEncryptedBufferSize;
+  VOID *RsaContext = NULL;
+
+  // Create a file and add content '123' in it
+  PlaintextBuffer[0] = '1';
+  PlaintextBuffer[1] = '2';
+  PlaintextBuffer[2] = '3';
+  PlaintextBuffer[3] = 0;
+
+  RsaContext = RsaNew ();
+  UT_ASSERT_FALSE (RsaContext == NULL);
+
+  Status = RsaSetKey (RsaContext, RsaKeyN, RsaN, sizeof (RsaN));
+  UT_ASSERT_TRUE (Status);
+
+  Status = RsaSetKey (RsaContext, RsaKeyE, RsaE, sizeof (RsaE));
+  UT_ASSERT_TRUE (Status);
+
+  Status = RsaOaepEncrypt (
+ RsaContext,
+ PlaintextBuffer,
+ sizeof (PlaintextBuffer),
+ NULL,
+ 0,
+ ,
+ 
+ );
+  UT_ASSERT_TRUE (Status);
+
+  return UNIT_TEST_PASSED;
+}
+

[edk2-devel] [PATCH 2/3] CryptoPkg/Driver: add additional RSAEP-OAEP crypto functions

[Chris Ruffin via groups.io]

From: Chris Ruffin 

Add new library members to CryptoPkg/Driver.

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 CryptoPkg/Driver/Crypto.c | 116 +-
 .../Pcd/PcdCryptoServiceFamilyEnable.h|   3 +
 .../BaseCryptLibOnProtocolPpi/CryptLib.c  | 100 +++
 CryptoPkg/Private/Protocol/Crypto.h   |  97 ++-
 4 files changed, 314 insertions(+), 2 deletions(-)

diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index bdbb4863a9..3bfce16fa6 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -3589,6 +3589,117 @@ CryptoServicePkcs1v2Encrypt (
   return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Encrypt, Pkcs1v2Encrypt, 
(PublicKey, PublicKeySize, InData, InDataSize, PrngSeed, PrngSeedSize, 
EncryptedData, EncryptedDataSize), FALSE);
 }
 
+/**
+  Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  encrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - X509 key size does not match any known key size.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+  - Data size is too large for the provided key size (max size is a function 
of key size
+and hash digest size).
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a public key using 
RsaSetKey().
+  @param[in]  InData  Data to be encrypted.
+  @param[in]  InDataSize  Size of the data buffer.
+  @param[in]  PrngSeed[Optional] If provided, a pointer to a 
random seed buffer
+  to be used when initializing the PRNG. NULL 
otherwise.
+  @param[in]  PrngSeedSize[Optional] If provided, size of the random 
seed buffer.
+  0 otherwise.
+  @param[out] EncryptedData   Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] EncryptedDataSize   Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceRsaOaepEncrypt (
+  IN   VOID *RsaContext,
+  IN   UINT8*InData,
+  IN   UINTNInDataSize,
+  IN   CONST UINT8  *PrngSeed   OPTIONAL,
+  IN   UINTNPrngSeedSize   OPTIONAL,
+  OUT  UINT8**EncryptedData,
+  OUT  UINTN*EncryptedDataSize
+  )
+{
+  return CALL_BASECRYPTLIB (Rsa.Services.RsaOaepEncrypt, RsaOaepEncrypt, 
(RsaContext, InData, InDataSize, PrngSeed, PrngSeedSize, EncryptedData, 
EncryptedDataSize), FALSE);
+}
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  PrivateKey  A pointer to the DER-encoded private key.
+  @param[in]  PrivateKeySize  Size of the private key buffer.
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServicePkcs1v2Decrypt (
+  IN   CONST UINT8  *PrivateKey,
+  IN   UINTNPrivateKeySize,
+  IN   UINT8*EncryptedData,
+  IN   UINTNEncryptedDataSize,
+  OUT  UINT8**OutData,
+  OUT  UINTN*OutDataSize
+  )
+{
+  return CALL_BASECRYPTLIB (Pkcs.Services.Pkcs1v2Decrypt, Pkcs1v2Decrypt, 
(PrivateKey, PrivateKeySize, EncryptedData, EncryptedDataSize, OutData, 
OutDataSize), FALSE);
+}
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a private key using 
RsaSetKey().
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval   

[edk2-devel] [PATCH 1/3] CryptoPkg/BaseCryptLib: add additional RSAEP-OAEP crypto functions

[Chris Ruffin via groups.io]

From: Chris Ruffin 

Expand the availability of the RSAEP-OAEP crypto capability in
BaseCryptLib.  Applications using RSA crypto functions directly from
OpensslLib can transition to BaseCryptLib to take advantage of the
shared crypto feature in CryptoDxe.

Pkcs1v2Decrypt(): decryption using DER-encoded private key
RsaOaepEncrypt(): encryption using RSA contexts
RsaOaepDecrypt(): decryption using RSA contexts

Signed-off-by: Chris Ruffin 
Cc: Jiewen Yao 
Cc: Yi Li 
Cc: Wenxing Hou 
---
 CryptoPkg/Include/Library/BaseCryptLib.h  | 102 
 .../Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c  | 506 --
 .../BaseCryptLib/Pk/CryptPkcs1OaepNull.c  | 114 
 .../BaseCryptLibNull/Pk/CryptPkcs1OaepNull.c  | 114 
 4 files changed, 789 insertions(+), 47 deletions(-)

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index a52bd91ad6..7ad2bf21fe 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2147,6 +2147,108 @@ Pkcs1v2Encrypt (
   OUT  UINTN*EncryptedDataSize
   );
 
+/**
+  Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  encrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - X509 key size does not match any known key size.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+  - Data size is too large for the provided key size (max size is a function 
of key size
+and hash digest size).
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a public key using 
RsaSetKey().
+  @param[in]  InData  Data to be encrypted.
+  @param[in]  InDataSize  Size of the data buffer.
+  @param[in]  PrngSeed[Optional] If provided, a pointer to a 
random seed buffer
+  to be used when initializing the PRNG. NULL 
otherwise.
+  @param[in]  PrngSeedSize[Optional] If provided, size of the random 
seed buffer.
+  0 otherwise.
+  @param[out] EncryptedData   Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] EncryptedDataSize   Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+RsaOaepEncrypt (
+  IN   VOID *RsaContext,
+  IN   UINT8*InData,
+  IN   UINTNInDataSize,
+  IN   CONST UINT8  *PrngSeed   OPTIONAL,
+  IN   UINTNPrngSeedSize   OPTIONAL,
+  OUT  UINT8**EncryptedData,
+  OUT  UINTN*EncryptedDataSize
+  );
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  PrivateKey  A pointer to the DER-encoded private key.
+  @param[in]  PrivateKeySize  Size of the private key buffer.
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs1v2Decrypt (
+  IN   CONST UINT8  *PrivateKey,
+  IN   UINTNPrivateKeySize,
+  IN   UINT8*EncryptedData,
+  IN   UINTNEncryptedDataSize,
+  OUT  UINT8**OutData,
+  OUT  UINTN*OutDataSize
+  );
+
+/**
+  Decrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  decrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - Fail to parse private key.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+
+  @param[in]  RsaContext  A pointer to an RSA context created by 
RsaNew() and
+  provisioned with a private key using 
RsaSetKey().
+  @param[in]  EncryptedData   Data to be decrypted.
+  @param[in]  EncryptedDataSize   Size of the encrypted buffer.
+  @param[out] OutData Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] OutDataSize Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+RsaOaepDecrypt (
+  IN   

Re: [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver

[Konstantin Kostiuk]

On Thu, Mar 14, 2024 at 12:28 PM Yao, Jiewen  wrote:

> Question: What is the value to provide an *empty* HSTI table?
>
> IMHO, If the goal is to perform some security check, I think we need
> provide a *real* HSTI table.
>

HSTI is very vendor-specific and depends on features that a vendor
supports. Looking at
the HSTI spec a lot of the bits don't make sense for virtual machines. Some
feature depends on
hardware configuration and this check is a dummy in a virtual environment.

So, the main goal is to pass Microsoft SVVP with OVMF+QEMU.

Best Regards,
Konstantin Kostiuk.


>
> Thank you
> Yao, Jiewen
>
> > -Original Message-
> > From: Konstantin Kostiuk 
> > Sent: Thursday, March 14, 2024 6:25 PM
> > To: devel@edk2.groups.io
> > Cc: Yan Vugenfirer ; Ard Biesheuvel
> > ; Yao, Jiewen ; Gerd
> > Hoffmann 
> > Subject: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver
> >
> > The driver provides empty HSTI table.
> >
> > Signed-off-by: Konstantin Kostiuk 
> > ---
> >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 75 +
> >  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 
> >  2 files changed, 139 insertions(+)
> >  create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> >  create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> >
> > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > new file mode 100644
> > index 00..b9ed189f33
> > --- /dev/null
> > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> > @@ -0,0 +1,75 @@
> > +/** @file
> >
> > +  This file contains DXE driver for publishing empty HSTI table
> >
> > +
> >
> > +Copyright (c) 2017, Intel Corporation. All rights reserved.
> >
> > +Copyright (c) 2024, Red Hat. Inc
> >
> > +
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +#include 
> >
> > +
> >
> > +#define HSTI_PLATFORM_NAME  L"Intel(R) 9-Series v1"
> >
> > +#define HSTI_SECURITY_FEATURE_SIZE  1
> >
> > +
> >
> > +ADAPTER_INFO_PLATFORM_SECURITY  mHstiBase = {
> >
> > +  PLATFORM_SECURITY_VERSION_VNEXTCS,
> >
> > +  PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
> >
> > +  { HSTI_PLATFORM_NAME },
> >
> > +  HSTI_SECURITY_FEATURE_SIZE,
> >
> > +};
> >
> > +
> >
> > +/**
> >
> > +  The driver's entry point.
> >
> > +
> >
> > +  @param[in] ImageHandle  The firmware allocated handle for the EFI
> image.
> >
> > +  @param[in] SystemTable  A pointer to the EFI System Table.
> >
> > +
> >
> > +  @retval EFI_SUCCESS The entry point is executed successfully.
> >
> > +  @retval other   Some error occurs when executing this entry
> point.
> >
> > +**/
> >
> > +EFI_STATUS
> >
> > +EFIAPI
> >
> > +VirtHstiDxeEntrypoint (
> >
> > +  IN EFI_HANDLEImageHandle,
> >
> > +  IN EFI_SYSTEM_TABLE  *SystemTable
> >
> > +  )
> >
> > +{
> >
> > +  EFI_STATUS  Status;
> >
> > +
> >
> > +  // Allocate memory for HSTI struct
> >
> > +  // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays
> >
> > +  //   UINT8   SecurityFeaturesRequired[];
> >
> > +  //   UINT8   SecurityFeaturesImplemented[];
> >
> > +  //   UINT8   SecurityFeaturesVerified[];
> >
> > +  // sizeof (CHAR16) is for the NULL terminator of ErrorString
> >
> > +  //   CHAR16 ErrorString[]
> >
> > +  UINTN  HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) +
> >
> > +3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE +
> >
> > +sizeof (CHAR16);
> >
> > +  VOID  *HstiStruct = AllocateZeroPool (HstiSize);
> >
> > +
> >
> > +  if (HstiStruct == NULL) {
> >
> > +return EFI_OUT_OF_RESOURCES;
> >
> > +  }
> >
> > +
> >
> > +  CopyMem (HstiStruct, , sizeof
> > (ADAPTER_INFO_PLATFORM_SECURITY));
> >
> > +
> >
> > +  Status = HstiLibSetTable (HstiStruct, HstiSize);
> >
> > +  if (EFI_ERROR (Status)) {
> >
> > +if (Status != EFI_ALREADY_STARTED) {
> >
> > +  ASSERT_EFI_ERROR (Status);
> >
> > +}
> >
> > +  }
> >
> > +
> >
> > +  return EFI_SUCCESS;
> >
> > +}
> >
> > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > new file mode 100644
> > index 00..270aa60026
> > --- /dev/null
> > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> > @@ -0,0 +1,64 @@
> > +## @file
> >
> > +#  Component description file for Virt Hsti Driver
> >
> > +#
> >
> > +# Copyright (c) 2017, Intel Corporation. All rights reserved.
> >
> > +# Copyright (c) Microsoft Corporation.
> >
> > +# Copyright (c) 2024, Red Hat. Inc
> >
> > +#
> >
> > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +#
> >
> > +##
> >
> > +
> >
> > +[Defines]
> >
> > +  INF_VERSION= 0x00010005
> >
> > +  BASE_NAME  = VirtHstiDxe
> >
> > +  FILE_GUID  = 60740CF3-D428-4500-80E6-04A5798241ED
> >
> > +  MODULE_TYPE= DXE_DRIVER
> >
> > + 

[edk2-devel] [PATCH 2/2] OvmfPkg: Add VirtHstiDxe to OVMF firmware build

[Konstantin Kostiuk]

Signed-off-by: Konstantin Kostiuk 
---
 OvmfPkg/OvmfPkgIa32.dsc| 2 ++
 OvmfPkg/OvmfPkgIa32.fdf| 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++
 OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
 OvmfPkg/OvmfPkgX64.dsc | 2 ++
 OvmfPkg/OvmfPkgX64.fdf | 1 +
 6 files changed, 9 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 28379961a7..371c0b63fe 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -188,6 +188,7 @@
   PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf

   DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf

   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf

+  HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf

 !if $(SMM_REQUIRE) == FALSE

   LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf

 !endif

@@ -830,6 +831,7 @@
   OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf

   OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf

   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf

+  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

 

   #

   # ISA Support

diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 501b4de469..3fdf4c807f 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -325,6 +325,7 @@ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf

 INF  OvmfPkg/PlatformDxe/Platform.inf

 INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf

+INF  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

 

 !if $(SMM_REQUIRE) == TRUE

 INF  OvmfPkg/SmmAccess/SmmAccess2Dxe.inf

diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 5e9eee628a..46fb925025 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -193,6 +193,7 @@
   PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf

   DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf

   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf

+  HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf

 !if $(SMM_REQUIRE) == FALSE

   LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf

 !endif

@@ -844,6 +845,7 @@
   OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf

   OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf

   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf

+  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

 

   #

   # ISA Support

diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 74cfb58f06..8f01f9b06a 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -332,6 +332,7 @@ INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
 INF  OvmfPkg/PlatformDxe/Platform.inf

 INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf

 INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf

+INF  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

 

 !if $(SMM_REQUIRE) == TRUE

 INF  OvmfPkg/SmmAccess/SmmAccess2Dxe.inf

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index bf4c7906c4..cbdc07fc4d 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -205,6 +205,7 @@
   PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf

   DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf

   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf

+  HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf

 

 !if $(SMM_REQUIRE) == FALSE

   LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf

@@ -912,6 +913,7 @@
   OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf

   OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf

   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf

+  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

 

   #

   # ISA Support

diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index f47ab1727e..206739a029 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -359,6 +359,7 @@ INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
 INF  OvmfPkg/PlatformDxe/Platform.inf

 INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf

 INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf

+INF  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

 

 !if $(SMM_REQUIRE) == TRUE

 INF  OvmfPkg/SmmAccess/SmmAccess2Dxe.inf

-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116859): https://edk2.groups.io/g/devel/message/116859
Mute This Topic: https://groups.io/mt/105014745/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver

[Konstantin Kostiuk]

The driver provides empty HSTI table.

Signed-off-by: Konstantin Kostiuk 
---
 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 75 +
 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 
 2 files changed, 139 insertions(+)
 create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
 create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c 
b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
new file mode 100644
index 00..b9ed189f33
--- /dev/null
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
@@ -0,0 +1,75 @@
+/** @file

+  This file contains DXE driver for publishing empty HSTI table

+

+Copyright (c) 2017, Intel Corporation. All rights reserved.

+Copyright (c) 2024, Red Hat. Inc

+

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include 

+#include 

+#include 

+#include 

+#include 

+#include 

+#include 

+#include 

+#include 

+

+#define HSTI_PLATFORM_NAME  L"Intel(R) 9-Series v1"

+#define HSTI_SECURITY_FEATURE_SIZE  1

+

+ADAPTER_INFO_PLATFORM_SECURITY  mHstiBase = {

+  PLATFORM_SECURITY_VERSION_VNEXTCS,

+  PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,

+  { HSTI_PLATFORM_NAME },

+  HSTI_SECURITY_FEATURE_SIZE,

+};

+

+/**

+  The driver's entry point.

+

+  @param[in] ImageHandle  The firmware allocated handle for the EFI image.

+  @param[in] SystemTable  A pointer to the EFI System Table.

+

+  @retval EFI_SUCCESS The entry point is executed successfully.

+  @retval other   Some error occurs when executing this entry point.

+**/

+EFI_STATUS

+EFIAPI

+VirtHstiDxeEntrypoint (

+  IN EFI_HANDLEImageHandle,

+  IN EFI_SYSTEM_TABLE  *SystemTable

+  )

+{

+  EFI_STATUS  Status;

+

+  // Allocate memory for HSTI struct

+  // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays

+  //   UINT8   SecurityFeaturesRequired[];

+  //   UINT8   SecurityFeaturesImplemented[];

+  //   UINT8   SecurityFeaturesVerified[];

+  // sizeof (CHAR16) is for the NULL terminator of ErrorString

+  //   CHAR16 ErrorString[]

+  UINTN  HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) +

+3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE +

+sizeof (CHAR16);

+  VOID  *HstiStruct = AllocateZeroPool (HstiSize);

+

+  if (HstiStruct == NULL) {

+return EFI_OUT_OF_RESOURCES;

+  }

+

+  CopyMem (HstiStruct, , sizeof (ADAPTER_INFO_PLATFORM_SECURITY));

+

+  Status = HstiLibSetTable (HstiStruct, HstiSize);

+  if (EFI_ERROR (Status)) {

+if (Status != EFI_ALREADY_STARTED) {

+  ASSERT_EFI_ERROR (Status);

+}

+  }

+

+  return EFI_SUCCESS;

+}

diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf 
b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
new file mode 100644
index 00..270aa60026
--- /dev/null
+++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
@@ -0,0 +1,64 @@
+## @file

+#  Component description file for Virt Hsti Driver

+#

+# Copyright (c) 2017, Intel Corporation. All rights reserved.

+# Copyright (c) Microsoft Corporation.

+# Copyright (c) 2024, Red Hat. Inc

+#

+# SPDX-License-Identifier: BSD-2-Clause-Patent

+#

+##

+

+[Defines]

+  INF_VERSION= 0x00010005

+  BASE_NAME  = VirtHstiDxe

+  FILE_GUID  = 60740CF3-D428-4500-80E6-04A5798241ED

+  MODULE_TYPE= DXE_DRIVER

+  VERSION_STRING = 1.0

+  ENTRY_POINT= VirtHstiDxeEntrypoint

+

+

+#

+# Sources Section - list of files that are required for the build to succeed.

+#

+

+

+[Sources]

+  VirtHstiDxe.c

+

+

+#

+# Package Dependency Section - list of Package files that are required for

+#  this module.

+#

+

+

+[Packages]

+  MdePkg/MdePkg.dec

+

+

+#

+# Library Class Section - list of Library Classes that are required for

+# this module.

+#

+

+

+[LibraryClasses]

+  UefiDriverEntryPoint

+  UefiLib

+  BaseLib

+  BaseMemoryLib

+  MemoryAllocationLib

+  DebugLib

+  HstiLib

+  UefiBootServicesTableLib

+

+

+#

+# Protocol C Name Section - list of Protocol and Protocol Notify C Names

+#   that this module uses or produces.

+#

+

+

+[Depex]

+  TRUE

-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

[edk2-devel] [PATCH 0/2] OvmfPkg: Implement minimal HSTI driver

[Konstantin Kostiuk]

Resolve: https://issues.redhat.com/browse/RHEL-28751

HSTI (Hardware Security Test Interface) table is a requiremnt for
ont test [1] from Microsoft Server Virtualization Validation Program.

HSTI is a UEFI driver that provides a way to query the platform for
the presence of security features. Current implementation does not have
any security checks.

[1] 
https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/13292c6c-a807-4916-80ac-fea6de9af552

Konstantin Kostiuk (2):
  OvmfPkg: Add VirtHstiDxe driver
  OvmfPkg: Add VirtHstiDxe to OVMF firmware build

 OvmfPkg/OvmfPkgIa32.dsc |  2 +
 OvmfPkg/OvmfPkgIa32.fdf |  1 +
 OvmfPkg/OvmfPkgIa32X64.dsc  |  2 +
 OvmfPkg/OvmfPkgIa32X64.fdf  |  1 +
 OvmfPkg/OvmfPkgX64.dsc  |  2 +
 OvmfPkg/OvmfPkgX64.fdf  |  1 +
 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c   | 75 +
 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 
 8 files changed, 148 insertions(+)
 create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
 create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

--
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116857): https://edk2.groups.io/g/devel/message/116857
Mute This Topic: https://groups.io/mt/105014742/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] NanhuDev:Add BOSC NanhuDev platform

[Ran Wang]

Add Leif and Michael to cc list

Hi Sunil,

On 2024/3/14 13:28, Sunil V L wrote:

Hi Ran,

On Mon, Mar 11, 2024 at 12:29:53PM +0800, Ran Wang wrote:

Hi Sunil,

On 2024/3/8 19:44, Sunil V L wrote:

On Fri, Mar 08, 2024 at 12:31:26AM -0800, WangYang wrote:

Hi,Sunil V L

  How about this status.



-原始邮件-
发件人: WangYang 
发送时间: 2024-02-28 14:34:11 (星期三)
收件人: devel@edk2.groups.io, suni...@ventanamicro.com
抄送: "Yang Wang" , "Ran Wang" , "YunFeng Yang" 
, "YaXing Guo" , "Bamvor Jian ZHANG" 
主题: [edk2-devel] [PATCH] NanhuDev:Add BOSC NanhuDev platform

This commit adds the initial support for BOSC's
nanhu platform which provides up to 2 RISC-V RV64
processor cores.


Somehow I missed this when you sent first. What do you mean by "initial
support" here?



The "initial" means so far we only support minimal system (CPU + UART), will
integrate more periphrals in the future.


Okay. Can you boot an OS with this minimal support? Why not add full
support itself? Since the structure needs to be reviewed, it would be
better to have complete picture IMO.



Currently we could boot Linux kernel image which is integraed as a FV 
(declared in *.fdf, but not inclued in this patch). I guess this 
solution cannot be accepted by upstream, right?.


Or we could also add an PCIE controller driver patch to load kernel from 
NVME card.


Regards,
Ran


Looks like you are following old integrated opensbi approach.
If so, I recommend you to look at payload design. You can see Sophgo
board as reference.


Thanks for advices, so we need to rebase our work on
Silicon/Sophgo/SG2042Pkg/Sec/Sec* rather than
RISC-V/PlatformPkg/Universal/Sec/Riscv64/Sec*, right?


Yes. It is better to use edk2 as a payload for opensbi.


Also, please remember to CC all maintainers as per Maintainers.txt.


Does the "all maintainers" mean all mentioned in Maintainers.txt, or just
RISC-V related?


You need to copy the overall maintainers for edk2-platforms repo (Mike
and Leif). They need to approve the structure for your platforms. Then
you can copy RISC-V maintainers. Add one patch to update the maintainers
for your platform as well.

Thanks,
Sunil




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116856): https://edk2.groups.io/g/devel/message/116856
Mute This Topic: https://groups.io/mt/104619268/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH V1] MdePkg: Update GetImage , GetImageInfo description details

[Pethaiyan, Madhan]

Hi Mike ,

I had raised new code review addressing the coding standard errors and those 
were not part of my change any way .. 

Thanks,
P. Madhan

-Original Message-
From: Kinney, Michael D  
Sent: Sunday, March 10, 2024 1:47 AM
To: devel@edk2.groups.io; Pethaiyan, Madhan 
Cc: Liming Gao ; Liu, Zhiguang 
; Li, Yi1 ; GuoX Xu 
; Kinney, Michael D 
Subject: RE: [edk2-devel] [PATCH V1] MdePkg: Update GetImage , GetImageInfo 
description details

Hi Madhan,

I created a PR with all 3 related patches to run through EDK II CI.

https://github.com/tianocore/edk2/pull/5453

There are CI failures.  Please resolve and send updated patches.

Thanks,

Mike

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of 
> Pethaiyan Madhan
> Sent: Friday, March 8, 2024 3:17 PM
> To: devel@edk2.groups.io
> Cc: Pethaiyan, Madhan ; Kinney, Michael D 
> ; Liming Gao ; 
> Liu, Zhiguang ; Li, Yi1 ; 
> GuoX Xu 
> Subject: [edk2-devel] [PATCH V1] MdePkg: Update GetImage , 
> GetImageInfo description details
> 
> 1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage():
> Add the following sentence at the end of the Image parameter 
> description. "May be NULL with a zero ImageSize in order to determine 
> the size of the buffer needed".
> 
> Modify the description of "EFI_INVALID_PARAMETER" return code as "The 
> ImageSize is not too small and Image is NULL."
> 
> 2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo():
> Add the following sentence at the end of the ImageInfo parameter 
> description."May be NULL with a zero ImageInfoSize in order to 
> determine the size of the buffer needed".
> 
> Modify the description of "EFI_INVALID_PARAMETER" return code as "The 
> ImageInfoSize is not too small and Image is NULL." and add new 
> descriptions for "EFI_INVALID_PARAMETER" return code.
> 
>  REF: UEFI spec v2.10 23.1.2
>  REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660
> 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Zhiguang Liu 
> Cc: Yi Li 
> Cc: GuoX Xu 
> Signed-off-by: Pethaiyan Madhan 
> ---
>  MdePkg/Include/Protocol/FirmwareManagement.h | 14 --
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/MdePkg/Include/Protocol/FirmwareManagement.h
> b/MdePkg/Include/Protocol/FirmwareManagement.h
> index e535bb697d..90b7d83c8f 100644
> --- a/MdePkg/Include/Protocol/FirmwareManagement.h
> +++ b/MdePkg/Include/Protocol/FirmwareManagement.h
> @@ -294,6 +294,8 @@ EFI_STATUS
>   to contain the image(s) 
> information if the buffer was too small.
>@param[in, out] ImageInfo  A pointer to the buffer in which
> firmware places the current image(s)
>   information. The information is 
> an array of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
> + May be NULL with a zero
> ImageInfoSize in order to determine the size of the
> + buffer needed.
>@param[out] DescriptorVersion  A pointer to the location in
> which firmware returns the version number
>   associated with the 
> EFI_FIRMWARE_IMAGE_DESCRIPTOR.
>@param[out] DescriptorCountA pointer to the location in
> which firmware returns the number of
> @@ -314,7 +316,12 @@ EFI_STATUS
>@retval EFI_SUCCESSThe device was successfully
> updated with the new image.
>@retval EFI_BUFFER_TOO_SMALL   The ImageInfo buffer was too
> small. The current buffer size
>   needed to hold the image(s) 
> information is returned in ImageInfoSize.
> -  @retval EFI_INVALID_PARAMETER  ImageInfoSize is NULL.
> +  @retval EFI_INVALID_PARAMETER  ImageInfoSize is not too small
> and ImageInfo is NULL.
> +  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and
> DescriptorVersion is NULL.
> +  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and
> DescriptorCount is NULL.
> +  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and
> DescriptorSize is NULL.
> +  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and
> PackageVersion is NULL.
> +  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and
> PackageVersionName is NULL.
>@retval EFI_DEVICE_ERROR   Valid information could not be
> returned. Possible corrupted image.
> 
>  **/
> @@ -341,6 +348,9 @@ EFI_STATUS
>@param[in]  ImageIndex A unique number identifying the
> firmware image(s) within the device.
>   The number is between 1 and 
> DescriptorCount.
>@param[out] Image  Points to the buffer where the
> current image is copied to.
> + May be NULL with a zero ImageSize in
> order to determine the size of the
> + buffer needed.
> +
>@param[in, out] ImageSize  On entry, points to the size of the
> buffer pointed to by Image, in bytes.
>

[edk2-devel] [PATCH V1 1/3] FmpDevicePkg: GetImageInfo Add missing conditions

[Pethaiyan Madhan]

1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage():
Add the following sentence at the end of the Image parameter
description. "May be NULL with a zero ImageSize in order to determine
the size of the buffer needed".

Modify the description of "EFI_INVALID_PARAMETER" return code as "The
ImageSize is not too small and Image is NULL."

2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo():
Add the following sentence at the end of the ImageInfo parameter
description."May be NULL with a zero ImageInfoSize in order to
determine the size of the buffer needed".

Modify the description of "EFI_INVALID_PARAMETER" return code as "The
ImageInfoSize is not too small and Image is NULL." and add new
descriptions for "EFI_INVALID_PARAMETER" return code.

 REF: UEFI spec v2.10 23.1.2
 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Yi Li 
Cc: GuoX Xu 
Signed-off-by: Pethaiyan Madhan 
---
 FmpDevicePkg/FmpDxe/FmpDxe.c | 52 +---
 FmpDevicePkg/FmpDxe/FmpDxe.h | 15 ---
 2 files changed, 43 insertions(+), 24 deletions(-)

diff --git a/FmpDevicePkg/FmpDxe/FmpDxe.c b/FmpDevicePkg/FmpDxe/FmpDxe.c
index 1e7ec4a09e..4111b7cb8e 100644
--- a/FmpDevicePkg/FmpDxe/FmpDxe.c
+++ b/FmpDevicePkg/FmpDxe/FmpDxe.c
@@ -43,20 +43,20 @@ const FIRMWARE_MANAGEMENT_PRIVATE_DATA  
mFirmwareManagementPrivateDataTemplate =
   FIRMWARE_MANAGEMENT_PRIVATE_DATA_SIGNATURE, // Signature
   NULL,   // Handle
   {// Fmp
-GetTheImageInfo,
+GetImageInfo,
 GetTheImage,
 SetTheImage,
 CheckTheImage,
 GetPackageInfo,
 SetPackageInfo
   },
-  FALSE,// DescriptorPopulated
-  { // Desc
-1,  // ImageIndex
+  FALSE,   // DescriptorPopulated
+  {// Desc
+1, // ImageIndex
 //
 // ImageTypeId
 //
-{ 0x,   0x,0x, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
0x00 }
+{ 0x,  0x,0x, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
0x00 }
 },
 1, // ImageId
 NULL,  // ImageIdName
@@ -71,18 +71,18 @@ const FIRMWARE_MANAGEMENT_PRIVATE_DATA  
mFirmwareManagementPrivateDataTemplate =
 0, // LastAttemptStatus
 0  // HardwareInstance
   },
-  NULL, // ImageIdName
-  NULL, // VersionName
-  TRUE, // RuntimeVersionSupported
-  NULL, // FmpDeviceLockEvent
-  FALSE,// FmpDeviceLocked
-  NULL, // FmpDeviceContext
-  NULL, // VersionVariableName
-  NULL, // LsvVariableName
-  NULL, // LastAttemptStatusVariableName
-  NULL, // LastAttemptVersionVariableName
-  NULL, // FmpStateVariableName
-  TRUE  // DependenciesSatisfied
+  NULL,// ImageIdName
+  NULL,// VersionName
+  TRUE,// RuntimeVersionSupported
+  NULL,// FmpDeviceLockEvent
+  FALSE,   // FmpDeviceLocked
+  NULL,// FmpDeviceContext
+  NULL,// VersionVariableName
+  NULL,// LsvVariableName
+  NULL,// LastAttemptStatusVariableName
+  NULL,// LastAttemptVersionVariableName
+  NULL,// FmpStateVariableName
+  TRUE // DependenciesSatisfied
 };
 
 ///
@@ -417,6 +417,8 @@ PopulateDescriptor (
  to contain the image(s) information if 
the buffer was too small.
   @param[in, out] ImageInfo  A pointer to the buffer in which firmware 
places the current image(s)
  information. The information is an array 
of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
+ May be NULL with a zero ImageInfoSize in 
order to determine the size of the
+ buffer needed.
   @param[out] DescriptorVersion  A pointer to the location in which 
firmware returns the version number
  associated with the 
EFI_FIRMWARE_IMAGE_DESCRIPTOR.
   @param[out] DescriptorCountA pointer to the location in which 
firmware returns the number of
@@ -437,13 +439,18 @@ PopulateDescriptor (
   @retval EFI_SUCCESSThe device was successfully updated with 
the new image.
   @retval EFI_BUFFER_TOO_SMALL   The ImageInfo buffer was too small. The 
current buffer size
  needed to hold the image(s) information 
is returned in ImageInfoSize.
-  @retval EFI_INVALID_PARAMETER  ImageInfoSize is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is not too small and 
ImageInfo is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorVersion is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorCount is NULL.
+  @retval EFI_INVALID_PARAMETER

[edk2-devel] [PATCH V1 3/3] SignedCapsulePkg: Update GetImage and GetImageInfo description details

[Pethaiyan Madhan]

1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage():
Add the following sentence at the end of the Image parameter
description. "May be NULL with a zero ImageSize in order to determine
the size of the buffer needed".

Modify the description of "EFI_INVALID_PARAMETER" return code as "The
ImageSize is not too small and Image is NULL."

2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo():
Add the following sentence at the end of the ImageInfo parameter
description."May be NULL with a zero ImageInfoSize in order to
determine the size of the buffer needed".

Modify the description of "EFI_INVALID_PARAMETER" return code as "The
ImageInfoSize is not too small and Image is NULL." and add new
descriptions for "EFI_INVALID_PARAMETER" return code.

 REF: UEFI spec v2.10 23.1.2
 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Yi Li 
Cc: GuoX Xu 
Signed-off-by: Pethaiyan Madhan 
---
 .../SystemFirmwareUpdate/SystemFirmwareCommonDxe.c  | 13 +++--
 .../SystemFirmwareUpdate/SystemFirmwareDxe.h| 13 +++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git 
a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c 
b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c
index 077bd0cb31..6e394d85d4 100644
--- a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c
+++ b/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareCommonDxe.c
@@ -34,6 +34,8 @@ EFI_FIRMWARE_MANAGEMENT_PROTOCOL  mFirmwareManagementProtocol 
= {
  to contain the image(s) information if 
the buffer was too small.
   @param[in, out] ImageInfo  A pointer to the buffer in which firmware 
places the current image(s)
  information. The information is an array 
of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
+ May be NULL with a zero ImageInfoSize in 
order to determine the size of the
+ buffer needed.
   @param[out] DescriptorVersion  A pointer to the location in which 
firmware returns the version number
  associated with the 
EFI_FIRMWARE_IMAGE_DESCRIPTOR.
   @param[out] DescriptorCountA pointer to the location in which 
firmware returns the number of
@@ -54,7 +56,12 @@ EFI_FIRMWARE_MANAGEMENT_PROTOCOL  
mFirmwareManagementProtocol = {
   @retval EFI_SUCCESSThe device was successfully updated with 
the new image.
   @retval EFI_BUFFER_TOO_SMALL   The ImageInfo buffer was too small. The 
current buffer size
  needed to hold the image(s) information 
is returned in ImageInfoSize.
-  @retval EFI_INVALID_PARAMETER  ImageInfoSize is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is not too small and 
ImageInfo is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorVersion is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorCount is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorSize is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
PackageVersion is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
PackageVersionName is NULL.
   @retval EFI_DEVICE_ERROR   Valid information could not be returned. 
Possible corrupted image.
 
 **/
@@ -153,6 +160,8 @@ FmpGetImageInfo (
   @param[in] ImageIndex  A unique number identifying the firmware 
image(s) within the device.
  The number is between 1 and DescriptorCount.
   @param[in,out] Image   Points to the buffer where the current image 
is copied to.
+ May be NULL with a zero ImageSize in order to 
determine the size of the
+ buffer needed.
   @param[in,out] ImageSize   On entry, points to the size of the buffer 
pointed to by Image, in bytes.
  On return, points to the length of the image, 
in bytes.
 
@@ -160,7 +169,7 @@ FmpGetImageInfo (
   @retval EFI_BUFFER_TOO_SMALL   The buffer specified by ImageSize is too 
small to hold the
  image. The current buffer size needed to hold 
the image is returned
  in ImageSize.
-  @retval EFI_INVALID_PARAMETER  The Image was NULL.
+  @retval EFI_INVALID_PARAMETER  The ImageSize is not too small and Image is 
NULL
   @retval EFI_NOT_FOUND  The current image is not copied to the buffer.
   @retval EFI_UNSUPPORTEDThe operation is not supported.
   @retval EFI_SECURITY_VIOLATION The operation could not be performed due to 
an authentication failure.
diff --git 
a/SignedCapsulePkg/Universal/SystemFirmwareUpdate/SystemFirmwareDxe.h 

[edk2-devel] [PATCH V1 2/3] MdePkg: Update GetImage , GetImageInfo description details

[Pethaiyan Madhan]

1.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImage():
Add the following sentence at the end of the Image parameter
description. "May be NULL with a zero ImageSize in order to determine
the size of the buffer needed".

Modify the description of "EFI_INVALID_PARAMETER" return code as "The
ImageSize is not too small and Image is NULL."

2.For EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo():
Add the following sentence at the end of the ImageInfo parameter
description."May be NULL with a zero ImageInfoSize in order to
determine the size of the buffer needed".

Modify the description of "EFI_INVALID_PARAMETER" return code as "The
ImageInfoSize is not too small and Image is NULL." and add new
descriptions for "EFI_INVALID_PARAMETER" return code.

 REF: UEFI spec v2.10 23.1.2
 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4660

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Cc: Yi Li 
Cc: GuoX Xu 
Signed-off-by: Pethaiyan Madhan 
---
 MdePkg/Include/Protocol/FirmwareManagement.h | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/Protocol/FirmwareManagement.h 
b/MdePkg/Include/Protocol/FirmwareManagement.h
index e535bb697d..90b7d83c8f 100644
--- a/MdePkg/Include/Protocol/FirmwareManagement.h
+++ b/MdePkg/Include/Protocol/FirmwareManagement.h
@@ -294,6 +294,8 @@ EFI_STATUS
  to contain the image(s) information if 
the buffer was too small.
   @param[in, out] ImageInfo  A pointer to the buffer in which firmware 
places the current image(s)
  information. The information is an array 
of EFI_FIRMWARE_IMAGE_DESCRIPTORs.
+ May be NULL with a zero ImageInfoSize in 
order to determine the size of the
+ buffer needed.
   @param[out] DescriptorVersion  A pointer to the location in which 
firmware returns the version number
  associated with the 
EFI_FIRMWARE_IMAGE_DESCRIPTOR.
   @param[out] DescriptorCountA pointer to the location in which 
firmware returns the number of
@@ -314,7 +316,12 @@ EFI_STATUS
   @retval EFI_SUCCESSThe device was successfully updated with 
the new image.
   @retval EFI_BUFFER_TOO_SMALL   The ImageInfo buffer was too small. The 
current buffer size
  needed to hold the image(s) information 
is returned in ImageInfoSize.
-  @retval EFI_INVALID_PARAMETER  ImageInfoSize is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is not too small and 
ImageInfo is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorVersion is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorCount is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
DescriptorSize is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
PackageVersion is NULL.
+  @retval EFI_INVALID_PARAMETER  ImageInfoSize is non-zero and 
PackageVersionName is NULL.
   @retval EFI_DEVICE_ERROR   Valid information could not be returned. 
Possible corrupted image.
 
 **/
@@ -341,6 +348,9 @@ EFI_STATUS
   @param[in]  ImageIndex A unique number identifying the firmware 
image(s) within the device.
  The number is between 1 and DescriptorCount.
   @param[out] Image  Points to the buffer where the current image 
is copied to.
+ May be NULL with a zero ImageSize in order to 
determine the size of the
+ buffer needed.
+
   @param[in, out] ImageSize  On entry, points to the size of the buffer 
pointed to by Image, in bytes.
  On return, points to the length of the image, 
in bytes.
 
@@ -348,7 +358,7 @@ EFI_STATUS
   @retval EFI_BUFFER_TOO_SMALL   The buffer specified by ImageSize is too 
small to hold the
  image. The current buffer size needed to hold 
the image is returned
  in ImageSize.
-  @retval EFI_INVALID_PARAMETER  The Image was NULL.
+  @retval EFI_INVALID_PARAMETER  The ImageSize is not too small and Image is 
NULL.
   @retval EFI_NOT_FOUND  The current image is not copied to the buffer.
   @retval EFI_UNSUPPORTEDThe operation is not supported.
   @retval EFI_SECURITY_VIOLATION The operation could not be performed due to 
an authentication failure.
-- 
2.38.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116853): https://edk2.groups.io/g/devel/message/116853
Mute This Topic: https://groups.io/mt/105014730/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Event: Tools, CI, Code base construction meeting series - Monday, March 18, 2024 #cal-reminder

[Group Notification]

*Reminder: Tools, CI, Code base construction meeting series*

*When:*
Monday, March 18, 2024
4:30pm to 5:30pm
(UTC-07:00) America/Los Angeles

*Where:*
https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDI2ZDg4NmMtMjI1My00MzI5LWFmYjAtMGQyNjUzNTBjZGYw%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2223af6561-6e1c-450d-b917-d9d674eb3cb6%22%7d

View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=2159775 )

*Description:*

TianoCore community,

Microsoft and Intel will be hosting a series of open meetings to discuss build, 
CI, tools, and other related topics. If you are interested, have ideas/opinions 
please join us. These meetings will be Monday 4:30pm Pacific Time on Microsoft 
Teams.

MS Teams Link in following discussion: * 
https://github.com/tianocore/edk2/discussions/2614

Anyone is welcome to join.

* tianocore/edk2: EDK II (github.com)
* tianocore/edk2-basetools: EDK II BaseTools Python tools as a PIP module 
(github.com) https://github.com/tianocore/edk2-basetools
* tianocore/edk2-pytool-extensions: Extensions to the edk2 build system 
allowing for a more robust and plugin based build system and tool execution 
environment (github.com) https://github.com/tianocore/edk2-pytool-extensions
* tianocore/edk2-pytool-library: Python library package that supports UEFI 
development (github.com) https://github.com/tianocore/edk2-pytool-library

MS Teams Browser Clients * 
https://docs.microsoft.com/en-us/microsoftteams/get-clients?tabs=Windows#browser-client


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116851): https://edk2.groups.io/g/devel/message/116851
Mute This Topic: https://groups.io/mt/104993555/21656
Mute #cal-reminder:https://edk2.groups.io/g/devel/mutehashtag/cal-reminder
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 6/6] uefi-sct/SctPkg: TCG2 Protocol: add SubmitCommand test

[Sunny Wang]

Looks good to me.
For others' reference, the change has been already verified by running 
SystemReady SIE (Security Interface extension) tests on multiple SystemReady 
certified Arm systems.
Reviewed-by: Sunny Wang 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Stuart Yoder via 
groups.io
Sent: Tuesday, January 9, 2024 12:21 PM
To: devel@edk2.groups.io; G Edhaya Chandran ; 
gao...@byosoft.com.cn
Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer 
El-Haj-Mahmoud ; jiewen@intel.com
Subject: [edk2-devel] [PATCH v2 6/6] uefi-sct/SctPkg: TCG2 Protocol: add 
SubmitCommand test

From: Joseph Hemann 

Add test verifying the functionality of the SubmitCommand function
using the TPM command TPM2_HASH_COMMAND.

Signed-off-by: Joseph Hemann 
Signed-off-by: Stuart Yoder 
---
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
  |   5 +
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
|  71 
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
  |   2 +
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c
 | 173 
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c
|   9 +
 5 files changed, 260 insertions(+)

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
index 746ff83f899c..044e549ce8f0 100644
--- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
+++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
@@ -105,3 +105,8 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid015;
 { 0x126a789a, 0x1932, 0x3234, {0x21, 0xab, 0x42, 0x64, 0x8a, 0x7b, 0x63, 0x76 
}}



 extern EFI_GUID gTcg2ConformanceTestAssertionGuid016;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_017_GUID \

+{ 0x3aac8b9a, 0x312a, 0x4dcf, {0x12, 0x76, 0x54, 0x55, 0x32, 0xcd, 0x3a, 0xea 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid017;

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
index 5ce275dc6258..f8880599f150 100644
--- 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
+++ 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
@@ -54,6 +54,64 @@ Abstract:


 #define PE_COFF_IMAGE 0x0010



+// ST_NO_SESSION as defined in Table 19 of TPM Library Part 2: Structures

+#define ST_NO_SESSIONS (UINT16) 0x8001

+

+// TPM_RC_SUCCESS as defined in Table 16 of TPM Library Spec Part 2: Structures

+#define TPM_RC_SUCCESS (UINT32) 0x000

+

+// TPM_CC_Hash as defined in Table 12 of TPM Library Spec Part 2: Structures

+#define TPM_CC_Hash(UINT32)(0x017D)

+

+#define TPM_RH_NULL(UINT32) 0x4007

+

+#define TPM_ALG_SHA256 (UINT16) 0x000B

+

+#define SHA256_LENGTH (UINT16) 0x0020

+

+#pragma pack(1)

+// TPM2B_MAX_BUFFER as defined in Table 86 of TPM Library Spec Part 2: 
Structures

+// Size of buffer in spec is variable length, but hash test will always use a 
fixed length string

+// of length 43

+#define TEST_STRING_LEN 43

+typedef struct {

+  UINT16 size;

+  UINT8  buffer[TEST_STRING_LEN];

+} TPM2B_MAX_BUFFER;

+

+#pragma pack(1)

+// TPM2B_DIGEST as defined in Table 73 of TPM Library Spec Part 2: Structures

+typedef struct {

+  UINT16 size;

+  UINT8  digest[32];  // Size of buffer in spec is defined to be variable 
length but for this test will always be 32

+} TPM2B_DIGEST;

+

+typedef struct {

+  UINT16   tag;

+  UINT32   hierarchy;

+  UINT16   digest;  // Size of buffer in spec is defined to be 
variable length but for this test will always be UINT16

+} TPMT_TK_HASHCHECK;

+

+// TPM2_Hash command Structure as defined in Section 15.4 of TPM Spec Part 3: 
Commands

+typedef struct {

+  UINT16 Tag;

+  UINT32 CommandSize;

+  UINT32 CommandCode;

+  TPM2B_MAX_BUFFER data;

+  UINT16 hashAlg;

+  UINT32 hierarchy;

+} TPM2_HASH_COMMAND;

+

+// TPM2_Hash Response Structure as defined in Section 15.4 of TPM Spec Part 3: 
Commands

+typedef struct {

+  UINT16 Tag;

+  UINT32 ResponseSize;

+  UINT32 ResponseCode;

+  TPM2B_DIGEST data;

+  TPMT_TK_HASHCHECK validation;

+} TPM2_HASH_RESPONSE;

+#pragma

+

 EFI_STATUS

 EFIAPI

 BBTestTCG2ProtocolUnload (

@@ -120,6 +178,12 @@ BBTestGetEventLogConformanceTestCheckpoint2 (
   IN EFI_TCG2_PROTOCOL *TCG2

   );



+EFI_STATUS

+BBTestSubmitCommandConformanceTestCheckpoint1 (

+  IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib,

+  IN EFI_TCG2_PROTOCOL *TCG2

+  );

+

 EFI_STATUS

 BBTestGetCapabilityConformanceTest (

   IN EFI_BB_TEST_PROTOCOL   *This,

Re: [edk2-devel] [PATCH v2 5/6] uefi-sct/SctPkg: TCG2 Protocol: add GetEventLog test

[Sunny Wang]

Looks good to me.
For others' reference, the change has been already verified by running 
SystemReady SIE (Security Interface extension) tests on multiple SystemReady 
certified Arm systems.
Reviewed-by: Sunny Wang 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Stuart Yoder via 
groups.io
Sent: Tuesday, January 9, 2024 12:21 PM
To: devel@edk2.groups.io; G Edhaya Chandran ; 
gao...@byosoft.com.cn
Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer 
El-Haj-Mahmoud ; jiewen@intel.com
Subject: [edk2-devel] [PATCH v2 5/6] uefi-sct/SctPkg: TCG2 Protocol: add 
GetEventLog test

From: Joseph Hemann 

-add test for GetEventLog()
  -test for valid and invalid event log format
  -test event log header
  -verify expected event log entry

Signed-off-by: Joseph Hemann 
Signed-off-by: Stuart Yoder 
---
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
  |  20 ++
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
|  17 ++
 uefi-sct/SctPkg/UEFI/Protocol/TCG2.h   
  |  46 +
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
  |   8 +
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c
 | 207 +++-
 5 files changed, 297 insertions(+), 1 deletion(-)

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
index dcfd5919acda..746ff83f899c 100644
--- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
+++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
@@ -85,3 +85,23 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid011;
 { 0x9cd6d636, 0x603a, 0x4b78, {0x80, 0xa3, 0xa3, 0xb9, 0xcc, 0x6a, 0x0b, 0x08 
}}



 extern EFI_GUID gTcg2ConformanceTestAssertionGuid012;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_013_GUID \

+{ 0xfc80408e, 0x9a3c, 0x4054, {0x96, 0xf9, 0x31, 0x23, 0x35, 0xc2, 0x31, 0x35 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid013;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_014_GUID \

+{ 0x45fa1a42, 0x912a, 0x5124, {0x84, 0xf4, 0x41, 0x67, 0xab, 0xb5, 0x89, 0x90 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid014;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_015_GUID \

+{ 0x1689bc3a, 0x2298, 0xa116, {0x28, 0x4c, 0xc1, 0xdd, 0xaa, 0xd8, 0xef, 0x51 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid015;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_016_GUID \

+{ 0x126a789a, 0x1932, 0x3234, {0x21, 0xab, 0x42, 0x64, 0x8a, 0x7b, 0x63, 0x76 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid016;

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
index cbbadef4a5c7..5ce275dc6258 100644
--- 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
+++ 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
@@ -43,8 +43,13 @@ Abstract:
 #define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0103 \

  {0x907a7878, 0xb294, 0xf147, {0xe9, 0x0a, 0x65, 0x43, 0xab, 0x55, 0x76, 0x46} 
}



+#define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0104 \

+ {0x9087ad78, 0x9ad2, 0x4172, {0x9a, 0xbc, 0x98, 0x23, 0x08, 0xf5, 0x6d, 0x26} 
}

+

 #define EV_POST_CODE 0x01



+#define EV_NO_ACTION 0x03

+

 #define EFI_TCG2_EXTEND_ONLY 0x0001



 #define PE_COFF_IMAGE 0x0010

@@ -103,6 +108,18 @@ BBTestHashLogExtendEventConformanceTestCheckpoint2 (
   IN EFI_TCG2_PROTOCOL *TCG2

   );



+EFI_STATUS

+BBTestGetEventLogConformanceTestCheckpoint1 (

+  IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib,

+  IN EFI_TCG2_PROTOCOL *TCG2

+  );

+

+EFI_STATUS

+BBTestGetEventLogConformanceTestCheckpoint2 (

+  IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib,

+  IN EFI_TCG2_PROTOCOL *TCG2

+  );

+

 EFI_STATUS

 BBTestGetCapabilityConformanceTest (

   IN EFI_BB_TEST_PROTOCOL   *This,

diff --git a/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h 
b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h
index e62ecd85cbe9..fd31204a9299 100644
--- a/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h
+++ b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h
@@ -50,6 +50,8 @@ Abstract:


 #define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x0002



+#define HASH_NUMBER 0x04

+

 typedef struct _EFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;



 typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP;

@@ -115,6 +117,50 @@ typedef struct tdEFI_TCG2_EVENT {
   UINT8 Event[];

 } EFI_TCG2_EVENT;



+typedef struct {

+  UINT16 hashAlg;

+  UINT8  digest[];

+} TPMT_HA;

+

+typedef struct tdTPML_DIGEST_VALUES {

+  UINT32 Count;// number of digests

+  TPMT_HA Digests[HASH_NUMBER];

Re: [edk2-devel] [PATCH v2 4/6] uefi-sct/SctPkg: TCG2 Protocol: add HashLogExtendEvent test

[Sunny Wang]

Looks good to me.
For others' reference, the change has been already verified by running 
SystemReady SIE (Security Interface extension) tests on multiple SystemReady 
certified Arm systems.
Reviewed-by: Sunny Wang 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Stuart Yoder via 
groups.io
Sent: Tuesday, January 9, 2024 12:21 PM
To: devel@edk2.groups.io; G Edhaya Chandran ; 
gao...@byosoft.com.cn
Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer 
El-Haj-Mahmoud ; jiewen@intel.com
Subject: [edk2-devel] [PATCH v2 4/6] uefi-sct/SctPkg: TCG2 Protocol: add 
HashLogExtendEvent test

From: Joseph Hemann 

-add tests for HashLogExtendEvent()
  -tests with valid, invalid, and out of range parameters
  -do extend of data to PCR 16

Signed-off-by: Joseph Hemann 
Signed-off-by: Stuart Yoder 
---
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
  |  29 ++
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
|  29 ++
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
  |  12 +
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c
 | 283 
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c
|   9 +
 5 files changed, 362 insertions(+)

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
index d6797f5287f4..dcfd5919acda 100644
--- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
+++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
@@ -56,3 +56,32 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid005;


 extern EFI_GUID gTcg2ConformanceTestAssertionGuid006;



+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_007_GUID \

+{ 0xa8e1b5e6, 0xfc09, 0x461c, {0xb0, 0xe9, 0x2a, 0x49, 0xcd, 0x25, 0xc1, 0x24 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid007;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_008_GUID \

+{ 0x26f04a9b, 0x7b7a, 0x4f47, {0xbe, 0xa8, 0xb1, 0xa6, 0x02, 0x65, 0x19, 0x8a 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid008;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_009_GUID \

+{ 0x4d1d9985, 0x91e2, 0x4948, {0x89, 0x16, 0xbb, 0x98, 0x13, 0x62, 0x39, 0x1d 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid009;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_010_GUID \

+{ 0xfb59cab7, 0x4f8c, 0x4ded, {0xa4, 0x1c, 0xc8, 0x41, 0x20, 0x1c, 0x37, 0x22 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid010;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_011_GUID \

+{ 0x0363d22f, 0xc66a, 0x4872, {0xa5, 0x46, 0x06, 0x7f, 0x6a, 0x0d, 0xdb, 0xcd 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid011;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_012_GUID \

+{ 0x9cd6d636, 0x603a, 0x4b78, {0x80, 0xa3, 0xa3, 0xb9, 0xcc, 0x6a, 0x0b, 0x08 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid012;

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
index 80c02d9ed2d2..cbbadef4a5c7 100644
--- 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
+++ 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
@@ -40,6 +40,15 @@ Abstract:
 #define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0102 \

  {0x847f1ae0, 0xb429, 0x49f1, {0x9e, 0x0c, 0x8f, 0x43, 0xfb, 0x55, 0x34, 0x54} 
}



+#define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0103 \

+ {0x907a7878, 0xb294, 0xf147, {0xe9, 0x0a, 0x65, 0x43, 0xab, 0x55, 0x76, 0x46} 
}

+

+#define EV_POST_CODE 0x01

+

+#define EFI_TCG2_EXTEND_ONLY 0x0001

+

+#define PE_COFF_IMAGE 0x0010

+

 EFI_STATUS

 EFIAPI

 BBTestTCG2ProtocolUnload (

@@ -82,6 +91,18 @@ BBTestGetActivePcrBanksConformanceTestCheckpoint2 (
   IN EFI_TCG2_PROTOCOL *TCG2

   );



+EFI_STATUS

+BBTestHashLogExtendEventConformanceTestCheckpoint1 (

+  IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib,

+  IN EFI_TCG2_PROTOCOL *TCG2

+  );

+

+EFI_STATUS

+BBTestHashLogExtendEventConformanceTestCheckpoint2 (

+  IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib,

+  IN EFI_TCG2_PROTOCOL *TCG2

+  );

+

 EFI_STATUS

 BBTestGetCapabilityConformanceTest (

   IN EFI_BB_TEST_PROTOCOL   *This,

@@ -98,3 +119,11 @@ BBTestGetActivePcrBanksConformanceTest (
   IN EFI_HANDLE SupportHandle

   );



+EFI_STATUS

+BBTestHashLogExtendEventConformanceTest (

+  IN EFI_BB_TEST_PROTOCOL   *This,

+  IN VOID   *ClientInterface,

+  IN EFI_TEST_LEVEL TestLevel,

+  IN EFI_HANDLE SupportHandle

+  );

+

diff --git 

Re: [edk2-devel] [PATCH v2 3/6] uefi-sct/SctPkg: TCG2 Protocol: add GetActivePcrBanks test

[Sunny Wang]

Looks good to me.
For others' reference, the change has been already verified by running 
SystemReady SIE (Security Interface extension) tests on multiple SystemReady 
certified Arm systems.
Reviewed-by: Sunny Wang 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Stuart Yoder via 
groups.io
Sent: Tuesday, January 9, 2024 12:21 PM
To: devel@edk2.groups.io; G Edhaya Chandran ; 
gao...@byosoft.com.cn
Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer 
El-Haj-Mahmoud ; jiewen@intel.com
Subject: [edk2-devel] [PATCH v2 3/6] uefi-sct/SctPkg: TCG2 Protocol: add 
GetActivePcrBanks test

From: Joseph Hemann 

-add test for GetActivePcrBanks()
  -checkpoint for NULL pointer passed for buffer
  -checkpoint for test of function with proper input

Signed-off-by: Joseph Hemann 
Signed-off-by: Stuart Yoder 
---
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
  |  11 ++
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
|  23 +++
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
  |   4 +
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c
 | 159 
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c
|   9 ++
 5 files changed, 206 insertions(+)

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
index 50b14272939f..d6797f5287f4 100644
--- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
+++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
@@ -45,3 +45,14 @@ extern EFI_GUID gTcg2ConformanceTestAssertionGuid003;
 { 0x8ddb031b, 0x7448, 0x40ee, {0xb1, 0xa2, 0xe6, 0xf8, 0xe8, 0xc4, 0xe5, 0x5f 
}}



 extern EFI_GUID gTcg2ConformanceTestAssertionGuid004;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_005_GUID \

+{ 0x7a1e79a3, 0x4064, 0x4372, {0xbb, 0x64, 0x55, 0xb8, 0xf2, 0xa5, 0xa3, 0x26 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid005;

+

+#define EFI_TEST_TCG2CONFORMANCE_ASSERTION_006_GUID \

+{ 0xb0e717c4, 0xb1e2, 0x49f7, {0xb2, 0xd7, 0x60, 0x58, 0x97, 0x7d, 0x09, 0x2c 
}}

+

+extern EFI_GUID gTcg2ConformanceTestAssertionGuid006;

+

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
index a7ce2db322d9..80c02d9ed2d2 100644
--- 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
+++ 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
@@ -37,6 +37,9 @@ Abstract:
 #define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0101 \

  {0x39ff9c71, 0x4b41, 0x4e5b, {0xae, 0xd7, 0x87, 0xc7, 0x94, 0x18, 0x7d, 0x67} 
}



+#define EFI_TCG2_PROTOCOL_TEST_ENTRY_GUID0102 \

+ {0x847f1ae0, 0xb429, 0x49f1, {0x9e, 0x0c, 0x8f, 0x43, 0xfb, 0x55, 0x34, 0x54} 
}

+

 EFI_STATUS

 EFIAPI

 BBTestTCG2ProtocolUnload (

@@ -67,6 +70,18 @@ BBTestGetCapabilityConformanceTestCheckpoint4 (
   IN EFI_TCG2_PROTOCOL *TCG2

   );



+EFI_STATUS

+BBTestGetActivePcrBanksConformanceTestCheckpoint1 (

+  IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib,

+  IN EFI_TCG2_PROTOCOL *TCG2

+  );

+

+EFI_STATUS

+BBTestGetActivePcrBanksConformanceTestCheckpoint2 (

+  IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL*StandardLib,

+  IN EFI_TCG2_PROTOCOL *TCG2

+  );

+

 EFI_STATUS

 BBTestGetCapabilityConformanceTest (

   IN EFI_BB_TEST_PROTOCOL   *This,

@@ -75,3 +90,11 @@ BBTestGetCapabilityConformanceTest (
   IN EFI_HANDLE SupportHandle

   );



+EFI_STATUS

+BBTestGetActivePcrBanksConformanceTest (

+  IN EFI_BB_TEST_PROTOCOL   *This,

+  IN VOID   *ClientInterface,

+  IN EFI_TEST_LEVEL TestLevel,

+  IN EFI_HANDLE SupportHandle

+  );

+

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
index 3e75ffdc0a60..0dc2cfddfcbf 100644
--- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
+++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
@@ -35,3 +35,7 @@ EFI_GUID gTcg2ConformanceTestAssertionGuid002 = 
EFI_TEST_TCG2CONFORMANCE_ASSERTI
 EFI_GUID gTcg2ConformanceTestAssertionGuid003 = 
EFI_TEST_TCG2CONFORMANCE_ASSERTION_003_GUID;



 EFI_GUID gTcg2ConformanceTestAssertionGuid004 = 
EFI_TEST_TCG2CONFORMANCE_ASSERTION_004_GUID;

+

+EFI_GUID gTcg2ConformanceTestAssertionGuid005 = 
EFI_TEST_TCG2CONFORMANCE_ASSERTION_005_GUID;

+

+EFI_GUID gTcg2ConformanceTestAssertionGuid006 = 
EFI_TEST_TCG2CONFORMANCE_ASSERTION_006_GUID;

diff --git 

Re: [edk2-devel] [PATCH v2 2/6] uefi-sct/SctPkg: TCG2 Protocol: add test infrastructure and GetCapability Test

[Sunny Wang]

Looks good to me.
For others' reference, the change has been already verified by running 
SystemReady SIE (Security Interface extension) tests on multiple SystemReady 
certified Arm systems.
Reviewed-by: Sunny Wang 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Stuart Yoder via 
groups.io
Sent: Tuesday, January 9, 2024 12:21 PM
To: devel@edk2.groups.io; G Edhaya Chandran ; 
gao...@byosoft.com.cn
Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer 
El-Haj-Mahmoud ; jiewen@intel.com
Subject: [edk2-devel] [PATCH v2 2/6] uefi-sct/SctPkg: TCG2 Protocol: add test 
infrastructure and GetCapability Test

From: Joseph Hemann 

-implement initial infrastructure for the TCG2 protocol test
 including updates to .dsc file, inf file, GUID source files,
 update to Category.ini.

-add test case for GetCapability(), as defined in the TCG EFI
 Protocol Spec 6.4.4.

-add checkpoint for NULL pointer passed for buffer

-add checkpoint for validating fields of the struct returned by GetCapability()

Signed-off-by: Joseph Hemann 
Signed-off-by: Stuart Yoder 
---
 uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc  
  |   1 +
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf
  |  51 +++
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
  |  47 +++
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.h
|  77 +
 uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.c
  |  37 ++
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestConformance.c
 | 361 
 
uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTestMain.c
| 102 ++
 uefi-sct/SctPkg/CommonGenFramework.sh  
  |   1 +
 uefi-sct/SctPkg/Config/Data/Category.ini   
  |   7 +
 9 files changed, 684 insertions(+)

diff --git a/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc 
b/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc
index 155490fa39d3..96c93e73992c 100644
--- a/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc
+++ b/uefi-sct/SctPkg/UEFI/UEFI_SCT.dsc
@@ -301,6 +301,7 @@ 
SctPkg/TestCase/UEFI/EFI/Protocol/StorageSecurityCommand/BlackBoxTest/StorageSec
 
SctPkg/TestCase/UEFI/EFI/Protocol/AdapterInfo/BlackBoxTest/AdapterInfoProtocolBBTest.inf

 
SctPkg/TestCase/UEFI/EFI/Protocol/TimeStamp/BlackBoxTest/TimeStampProtocolBBTest.inf

 
SctPkg/TestCase/UEFI/EFI/Protocol/RandomNumber/BlackBoxTest/RandomNumberBBTest.inf

+SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf



 SctPkg/TestCase/UEFI/EFI/Protocol/Hash2/BlackBoxTest/Hash2BBTest.inf

 SctPkg/TestCase/UEFI/EFI/Protocol/PKCS7Verify/BlackBoxTest/Pkcs7BBTest.inf

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf
 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf
new file mode 100644
index ..563d81b7e859
--- /dev/null
+++ 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTest.inf
@@ -0,0 +1,51 @@
+## @file

+#

+#  Copyright 2006 - 2015 Unified EFI, Inc.

+#  Copyright (c) 2013, Intel Corporation. All rights reserved.

+#  Copyright (c) 2021 - 2023, Arm Inc. All rights reserved.

+#

+#  This program and the accompanying materials

+#  are licensed and made available under the terms and conditions of the BSD 
License

+#  which accompanies this distribution.  The full text of the license may be 
found at

+#  http://opensource.org/licenses/bsd-license.php

+#

+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR 
IMPLIED.

+#

+##

+#/*++

+#

+# Module Name:

+#

+#   TCG2ProtocolBBTest.inf

+#

+# Abstract:

+#

+#   Component description file for TCG2 Protocol Black-Box Test.

+#

+#--*/

+

+[defines]

+  INF_VERSION  = 0x00010005

+  BASE_NAME= TCG2ProtocolBBTest

+  FILE_GUID= BD8CB762-3935-434C-AC3F-462244910A2D

+  MODULE_TYPE  = UEFI_DRIVER

+  VERSION_STRING   = 1.0

+  ENTRY_POINT  = InitializeBBTestTCG2Protocol

+

+[sources.common]

+  Guid.c

+  TCG2ProtocolBBTestMain.c

+  TCG2ProtocolBBTestConformance.c

+

+[Packages]

+  MdePkg/MdePkg.dec

+  SctPkg/SctPkg.dec

+  SctPkg/UEFI/UEFI.dec

+

+[LibraryClasses]

+  UefiDriverEntryPoint

+  SctLib

+  EfiTestLib

+

+[Protocols]

diff --git 
a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h 
b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
new file mode 100644
index ..50b14272939f
--- /dev/null
+++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/Guid.h
@@ -0,0 +1,47 @@
+/** @file

+

+  Copyright 2006 - 2016 Unified EFI, 

Re: [edk2-devel] [PATCH v2 1/6] uefi-sct/SctPkg: TCG2 Protocol: add header with TCG2 protocol definitions

[Sunny Wang]

Looks good to me.
For others' reference, the change has been already verified by running 
SystemReady SIE (Security Interface extension) tests on multiple SystemReady 
certified Arm systems.
Reviewed-by: Sunny Wang 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Stuart Yoder via 
groups.io
Sent: Tuesday, January 9, 2024 12:21 PM
To: devel@edk2.groups.io; G Edhaya Chandran ; 
gao...@byosoft.com.cn
Cc: ilias.apalodi...@linaro.org; heinrich.schucha...@canonical.com; Samer 
El-Haj-Mahmoud ; jiewen@intel.com
Subject: [edk2-devel] [PATCH v2 1/6] uefi-sct/SctPkg: TCG2 Protocol: add header 
with TCG2 protocol definitions

From: Joseph Hemann 

Define constants and data structure specified in the TCG EFI Protocol
specification.

Signed-off-by: Joseph Hemann 
Signed-off-by: Stuart Yoder 
---
 uefi-sct/SctPkg/UEFI/Protocol/TCG2.h | 177 
 1 file changed, 177 insertions(+)

diff --git a/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h 
b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h
new file mode 100644
index ..e62ecd85cbe9
--- /dev/null
+++ b/uefi-sct/SctPkg/UEFI/Protocol/TCG2.h
@@ -0,0 +1,177 @@
+/** @file

+

+  Copyright 2006 - 2016 Unified EFI, Inc.

+  Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.

+  Copyright (c) 2021 - 2023, Arm Inc. All rights reserved.

+

+  This program and the accompanying materials

+  are licensed and made available under the terms and conditions of the BSD 
License

+  which accompanies this distribution.  The full text of the license may be 
found at

+  http://opensource.org/licenses/bsd-license.php

+

+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+/*++

+

+Module Name:

+

+  TCG2.h

+

+Abstract:

+

+  EFI TCG Protocol

+

+--*/

+

+

+#ifndef __TCG2_PROTOCOL_H__

+#define __TCG2_PROTOCOL_H__

+

+//

+// Global ID for the TCG2 Protocol

+//

+#define EFI_TCG2_PROTOCOL_GUID\

+   {0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 
0x0f}}

+

+// Following defintions come from TCG2 Efi Protocol Spec

+#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x0001

+

+#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x0002

+

+#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x0004

+

+#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x0008

+

+#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x0010

+

+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x0001

+

+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x0002

+

+typedef struct _EFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;

+

+typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP;

+

+typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT;

+

+typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP;

+

+typedef UINT32 TCG_PCRINDEX;

+

+typedef UINT32 TCG_EVENTTYPE;

+

+// Following struct defintions come from TCG2 Efi Protocol Spec

+typedef struct {

+  UINT8 Major;

+  UINT8 Minor;

+} EFI_TCG2_VERSION;

+

+typedef struct {

+  UINT8 Size;

+  EFI_TCG2_VERSION StructureVersion;

+  EFI_TCG2_VERSION ProtocolVersion;

+  EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;

+  EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;

+  BOOLEAN TPMPresentFlag;

+  UINT16 MaxCommandSize;

+  UINT16 MaxResponseSize;

+  UINT32 ManufacturerID;

+  UINT32 NumberOfPcrBanks;

+  EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;

+} EFI_TCG2_BOOT_SERVICE_CAPABILITY;

+

+typedef

+EFI_STATUS

+(EFIAPI *EFI_TCG2_GET_CAPABILITY) (

+  IN EFI_TCG2_PROTOCOL *This,

+  IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability

+);

+

+typedef

+EFI_STATUS

+(EFIAPI *EFI_TCG2_GET_EVENT_LOG) (

+  IN EFI_TCG2_PROTOCOL *This,

+  IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,

+  OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,

+  OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry,

+  OUT BOOLEAN *EventLogTruncated

+);

+

+// all structs except EFI_TCG2_BOOT_SERVICE_CAPABILITY are packed

+#pragma pack(1)

+

+typedef struct tdEFI_TCG2_EVENT_HEADER {

+  UINT32 HeaderSize;

+  UINT16 HeaderVersion;

+  TCG_PCRINDEX PCRIndex;

+  TCG_EVENTTYPE EventType;

+} EFI_TCG2_EVENT_HEADER;

+

+typedef struct tdEFI_TCG2_EVENT {

+  UINT32 Size;

+  EFI_TCG2_EVENT_HEADER Header;

+  UINT8 Event[];

+} EFI_TCG2_EVENT;

+

+#pragma pack()

+

+typedef

+EFI_STATUS

+(EFIAPI * EFI_TCG2_HASH_LOG_EXTEND_EVENT) (

+  IN EFI_TCG2_PROTOCOL *This,

+  IN UINT64 Flags,

+  IN EFI_PHYSICAL_ADDRESS DataToHash,

+  IN UINT64 DataToHashLen,

+  IN EFI_TCG2_EVENT *EfiTcgEvent

+);

+

+typedef

+EFI_STATUS

+(EFIAPI *EFI_TCG2_SUBMIT_COMMAND) (

+  IN EFI_TCG2_PROTOCOL *This,

+  IN UINT32 InputParameterBlockSize,

+  IN UINT8 *InputParameterBlock,

+  IN UINT32 OutputParameterBlockSize,

+  IN UINT8 *OutputParameterBlock

+);

+

+typedef

+EFI_STATUS

+(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS) (

+  IN EFI_TCG2_PROTOCOL *This,

+  OUT UINT32 *ActivePcrBanks

+);

+

+typedef

+EFI_STATUS

+(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS) (

+  IN EFI_TCG2_PROTOCOL *This,

[edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI

[Xu, Wei6]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731

TCG2 configuration UI shows all the hash algorithms that TPM hardware
supports in the checkbox. If user only selects one algorithm that is
supported by TPM hardware but not supported by BIOS and uncheck the
others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able
to decide a viable PCR to activate, then an assert occurs.

Add check against PcdTcg2HashAlgorithmBitmap when deciding whether
to suppress the hash algorithm checkbox to avoid user to select the
hash algorithm which may cause an assert.

Cc: Rahul Kumar 
Cc: Jiewen Yao 
Signed-off-by: Wei6 Xu 
---
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++---
 1 file changed, 41 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c 
b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
index 6eb04c014448..39b639039525 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -722,33 +722,50 @@ FillBufferWithBootHashAlg (
 }
 
 /**
-  Set ConfigInfo according to TpmAlgHash.
+  Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap.
 
   @param[in,out] Tcg2ConfigInfo   TCG2 config info.
   @param[in] TpmAlgHash   TpmAlgHash.
+  @param[in] BiosHashAlgBitmapBios Hash Algorithm Bitmap.
 
 **/
 VOID
 SetConfigInfo (
   IN OUT TCG2_CONFIGURATION_INFO  *Tcg2ConfigInfo,
-  IN UINT32   TpmAlgHash
+  IN UINT32   TpmAlgHash,
+  IN UINT32   BiosHashAlgBitmap
   )
 {
   switch (TpmAlgHash) {
 case TPM_ALG_SHA1:
-  Tcg2ConfigInfo->Sha1Supported = TRUE;
+  if ((BiosHashAlgBitmap & HASH_ALG_SHA1) != 0) {
+Tcg2ConfigInfo->Sha1Supported = TRUE;
+  }
+
   break;
 case TPM_ALG_SHA256:
-  Tcg2ConfigInfo->Sha256Supported = TRUE;
+  if ((BiosHashAlgBitmap & HASH_ALG_SHA256) != 0) {
+Tcg2ConfigInfo->Sha256Supported = TRUE;
+  }
+
   break;
 case TPM_ALG_SHA384:
-  Tcg2ConfigInfo->Sha384Supported = TRUE;
+  if ((BiosHashAlgBitmap & HASH_ALG_SHA384) != 0) {
+Tcg2ConfigInfo->Sha384Supported = TRUE;
+  }
+
   break;
 case TPM_ALG_SHA512:
-  Tcg2ConfigInfo->Sha512Supported = TRUE;
+  if ((BiosHashAlgBitmap & HASH_ALG_SHA512) != 0) {
+Tcg2ConfigInfo->Sha512Supported = TRUE;
+  }
+
   break;
 case TPM_ALG_SM3_256:
-  Tcg2ConfigInfo->Sm3Supported = TRUE;
+  if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) != 0) {
+Tcg2ConfigInfo->Sm3Supported = TRUE;
+  }
+
   break;
   }
 }
@@ -809,16 +826,17 @@ InstallTcg2ConfigForm (
   IN OUT TCG2_CONFIG_PRIVATE_DATA  *PrivateData
   )
 {
-  EFI_STATUS  Status;
-  EFI_HII_HANDLE  HiiHandle;
-  EFI_HANDLE  DriverHandle;
-  EFI_HII_CONFIG_ACCESS_PROTOCOL  *ConfigAccess;
-  UINTN   Index;
-  TPML_PCR_SELECTION  Pcrs;
-  CHAR16  TempBuffer[1024];
-  TCG2_CONFIGURATION_INFO Tcg2ConfigInfo;
-  TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected;
-  BOOLEAN IsCmdImp = FALSE;
+  EFI_STATUS   Status;
+  EFI_HII_HANDLE   HiiHandle;
+  EFI_HANDLE   DriverHandle;
+  EFI_HII_CONFIG_ACCESS_PROTOCOL   *ConfigAccess;
+  UINTNIndex;
+  TPML_PCR_SELECTION   Pcrs;
+  CHAR16   TempBuffer[1024];
+  TCG2_CONFIGURATION_INFO  Tcg2ConfigInfo;
+  TPM2_PTP_INTERFACE_TYPE  TpmDeviceInterfaceDetected;
+  BOOLEAN  IsCmdImp;
+  EFI_TCG2_EVENT_ALGORITHM_BITMAP  BiosHashAlgorithmBitmap;
 
   DriverHandle = NULL;
   ConfigAccess = >ConfigAccess;
@@ -879,6 +897,8 @@ InstallTcg2ConfigForm (
   break;
   }
 
+  BiosHashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+
   ZeroMem (, sizeof (Tcg2ConfigInfo));
   Status = Tpm2GetCapabilityPcrs ();
   if (EFI_ERROR (Status)) {
@@ -897,20 +917,21 @@ InstallTcg2ConfigForm (
 TempBuffer[0] = 0;
 for (Index = 0; Index < Pcrs.count; Index++) {
   AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), 
Pcrs.pcrSelections[Index].hash);
-  SetConfigInfo (, Pcrs.pcrSelections[Index].hash);
+  SetConfigInfo (, Pcrs.pcrSelections[Index].hash, 
BiosHashAlgorithmBitmap);
 }
 
 HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
   }
 
-  Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, );
+  IsCmdImp = FALSE;
+  Status   = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, 
);
   if (EFI_ERROR (Status)) {
 DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status));
   }
 
   Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp;
 
-  FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 

Re: [edk2-devel] [PATCH v1 21/26] OvmfPkg/LoongArchVirt: Add FdtQemuFwCfgLib

[Gerd Hoffmann]

On Sat, Mar 16, 2024 at 10:17:00AM +0800, lixianglai wrote:
> Hi Gerd:
> > On Mon, Mar 11, 2024 at 02:39:31AM -0700, Chao Li wrote:
> >> This library for PEI phase, and obtains the QemuFwCfg base address by
> >> directly parsing the FDT, reads and writes the data in QemuFwCfg by
> >> operating on the QemuFwCfg base address.
> >>  create mode 100644 
> >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.c
> >>  create mode 100644 
> >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/FdtQemuFwCfgPeiLib.inf
> >>  create mode 100644 
> >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgLibInternal.h
> >>  create mode 100644 
> >> OvmfPkg/LoongArchVirt/Library/FdtQemuFwCfgLib/QemuFwCfgPei.c
> > Is there anything LoongArch-specific in there?
> No,The main function of this lib library is to obtain the fwcfg base address 
> by parsing fdt in the pei stage,
>  and provide access to fwcfg through mmio mode,
>  the difference between it and the existing library is that the fwcfg base 
> address is not hard-coded in the compilation stage,
>  and is accessed through mmio rather than io port.

That would be the case for risc-v and aarch64 too, although I think they
don't need fw_cfg right now (they get all info needed via fdt).

I think we should add this as OvmfPkg/Library/FdtQemuFwCfgLib.

> Another point that needs to be explained is that because loongarch virtual 
> machine runs on flash in pei phase,
> it cannot assign the pcd global variable, so we use Hob as the global 
> variable to store the fwcfg base address.

I think the dynamic PCD database is stored in a HOB and you should be
able to set PCDs them even when running from (read-only) flash.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116843): https://edk2.groups.io/g/devel/message/116843
Mute This Topic: https://groups.io/mt/104859897/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 20/26] OvmfPkg/LoongArchVirt: Add NorFlashQemuLib

[Gerd Hoffmann]

On Sat, Mar 16, 2024 at 06:19:00PM +0800, lixianglai wrote:
> Hi Gerd:
> > On Mon, Mar 11, 2024 at 02:39:24AM -0700, Chao Li wrote:
> >> Add NorFlashQemuLib for LoongArch, it is referenced from ArmVirtPkg.
> > What are the differences to the ArmVirtPkg version?
> In this lib we have assigned the following three pcd variables:
> PcdFlashNvStorageVariableBase
> PcdFlashNvStorageFtwWorkingBase
> PcdFlashNvStorageFtwSpareBase
> Instead of hardcoding these three variables in the VarStore.fdf.inc file as 
> arm does,
> the benefit is that when the flash base address changes in the qemu 
> implementation,
> there is no need to re-adapt and compile UEFI.

The flash memory layout (address + size) for the aarch64 virt machine
has never changed.  So while it sounds nice in theory to have that
option it could very well be that this will never ever needed in
practice.

Having sayed that I'd also note that I think it should also be possible
to switch the aarch64 builds to set the PCDs at runtime instead of
compile time.

> When I tried to implement the current patch scheme on aarch64,
> I found that the FaultTolerantWriteDxe driver loaded earlier than 
> VirtNorFlashDxe.
> And It requires the PcdFlashNvStorageFtwWorkingSize and 
> PcdFlashNvStorageFtwSpareSize variables for initialization,
> However the initialization of these two variables is completed in 
> VirtNorFlashDxe,
> The fdf file specifies that VirtNorFlashDxe is loaded first and then 
> FaultTolerantWriteDxe is loaded in loongarch64.
> So this is going to be a problem if we want to apply the current solution to 
> aarch64 or risc-v.

There is a non-obvious twist:

VirtNorFlashDxe registers the gEdkiiNvVarStoreFormattedGuid protocol.

There is the
EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf
library, which only purpose is to add a dependency to
gEdkiiNvVarStoreFormattedGuid to depex.

NvVarStoreFormattedLib.inf is used this way ...

  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
A
  [ ... ]
  NULL|EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf
  [ ... ]
  }

... to make sure VariableRuntimeDxe is scheduled after VirtNorFlashDxe.

I think you can apply the same idea to FaultTolerantWriteDxe.

> I can't tell the implementation scheme of the current lib and existing
> lib implementation scheme which one is better, Could you give we some
> advice?

I'd suggest to merge your code as OvmfPkg/Library/FdtNorFlashQemuLib as
it is not really loongarch-specific.

If you want try switch aarch64 to use the same code that'll be great,
but sorting that out later is also fine with me.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116842): https://edk2.groups.io/g/devel/message/116842
Mute This Topic: https://groups.io/mt/104859896/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 1/4] MdePkg.dec: RISC-V: Define override bit for Svpbmt extension

[Sunil V L]

On Thu, Mar 14, 2024 at 01:19:14PM -0700, Tuan Phan wrote:
> Define the BIT 2 as the override bit for Svpbmt extension. This will
> be used by RISC-V MMU library to support EFI_MEMORY_UC and
> EFI_MEMORY_WC.
> 
Reviewed-by: Sunil V L 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116841): https://edk2.groups.io/g/devel/message/116841
Mute This Topic: https://groups.io/mt/104934687/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 4/4] OvmfPkg/RiscVVirt: Disable Svpbmt extension

[Sunil V L]

On Thu, Mar 14, 2024 at 01:19:17PM -0700, Tuan Phan wrote:
> Disable Svpbmt extension as QEMU not enables it in default config.
> 
Reviewed-by: Sunil V L 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116840): https://edk2.groups.io/g/devel/message/116840
Mute This Topic: https://groups.io/mt/104934689/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 3/4] UefiCpuPkg: RISC-V: MMU: Support Svpbmt extension

[Sunil V L]

Hi Tuan,

On Thu, Mar 14, 2024 at 01:19:16PM -0700, Tuan Phan wrote:
> The GCD EFI_MEMORY_UC and EFI_MEMORY_WC memory attributes will be
> supported when Svpbmt extension available.
> 
> Cc: Gerd Hoffmann 
> Cc: Laszlo Ersek 
> Cc: Rahul Kumar 
> Cc: Ray Ni 
> Signed-off-by: Tuan Phan 
> ---
>  .../Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c | 106 ++
>  .../BaseRiscVMmuLib/BaseRiscVMmuLib.inf   |   1 +
>  2 files changed, 86 insertions(+), 21 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c 
> b/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c
> index 46ba4b4709b1..34300dca5c34 100644
> --- a/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c
> +++ b/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c
> @@ -36,6 +36,11 @@
>  #define PTE_PPN_SHIFT 10
>  #define RISCV_MMU_PAGE_SHIFT  12
>  
> +#define RISCV_CPU_FEATURE_PBMT_BITMASK  BIT2
> +#define PTE_PBMT_NC BIT61
> +#define PTE_PBMT_IO BIT62
> +#define PTE_PBMT_MASK   (PTE_PBMT_NC | PTE_PBMT_IO)
> +
>  STATIC UINTN  mModeSupport[] = { SATP_MODE_SV57, SATP_MODE_SV48, 
> SATP_MODE_SV39, SATP_MODE_OFF };
>  STATIC UINTN  mMaxRootTableLevel;
>  STATIC UINTN  mBitPerLevel;
> @@ -487,32 +492,82 @@ UpdateRegionMapping (
>  /**
>Convert GCD attribute to RISC-V page attribute.
>  
> -  @param  GcdAttributes The GCD attribute.
> +  @param  GcdAttributes   The GCD attribute.
> +  @param  RiscVAttributes The pointer of RISC-V page attribute.
>  
> -  @return   The RISC-V page attribute.
> +  @retval EFI_INVALID_PARAMETER   The RiscVAttributes is NULL or cache type 
> mask not valid.
> +  @retval EFI_SUCCESS The operation succesfully.
>  
>  **/
>  STATIC
> -UINT64
> +EFI_STATUS
>  GcdAttributeToPageAttribute (
> -  IN UINT64  GcdAttributes
> +  IN UINT64   GcdAttributes,
> +  OUT UINT64  *RiscVAttributes
>)
>  {
> -  UINT64  RiscVAttributes;
> +  UINT64   CacheTypeMask;
> +  BOOLEAN  PmbtExtEnabled;
>  
Why not read the PCD once and save in a static variable?

> -  RiscVAttributes = RISCV_PG_R | RISCV_PG_W | RISCV_PG_X;
> +  if (RiscVAttributes == NULL) {
> +return EFI_INVALID_PARAMETER;
> +  }
> +
> +  *RiscVAttributes = RISCV_PG_R | RISCV_PG_W | RISCV_PG_X;
> +
> +  PmbtExtEnabled = FALSE;
> +  if ((PcdGet64 (PcdRiscVFeatureOverride) & RISCV_CPU_FEATURE_PBMT_BITMASK) 
> != 0) {
> +PmbtExtEnabled = TRUE;
> +  }
>  
>// Determine protection attributes
>if ((GcdAttributes & EFI_MEMORY_RO) != 0) {
> -RiscVAttributes &= ~(UINT64)(RISCV_PG_W);
> +*RiscVAttributes &= ~(UINT64)(RISCV_PG_W);
>}
>  
>// Process eXecute Never attribute
>if ((GcdAttributes & EFI_MEMORY_XP) != 0) {
> -RiscVAttributes &= ~(UINT64)RISCV_PG_X;
> +*RiscVAttributes &= ~(UINT64)RISCV_PG_X;
> +  }
> +
> +  CacheTypeMask = GcdAttributes & EFI_CACHE_ATTRIBUTE_MASK;
> +  if ((CacheTypeMask != 0) &&
> +  (((CacheTypeMask - 1) & CacheTypeMask) != 0))
> +  {
> +DEBUG ((
> +  DEBUG_ERROR,
> +  "%a: More than one bit set in cache type mask (0x%LX)\n",
> +  __func__,
> +  CacheTypeMask
> +  ));
> +return EFI_INVALID_PARAMETER;
> +  }
> +
> +  switch (CacheTypeMask) {
> +case EFI_MEMORY_UC:
> +  if (PmbtExtEnabled) {
> +*RiscVAttributes |= PTE_PBMT_IO;
> +  }
> +
> +  break;
> +case EFI_MEMORY_WC:
> +  if (PmbtExtEnabled) {
> +*RiscVAttributes |= PTE_PBMT_NC;
> +  } else {
> +DEBUG ((
> +  DEBUG_VERBOSE,
> +  "%a: EFI_MEMORY_WC set but Pmbt extension not available\n",
> +  __func__
> +  ));
> +  }
> +
> +  break;
> +default:
> +  // Default PMA mode
> +  break;
>}
>  
> -  return RiscVAttributes;
> +  return EFI_SUCCESS;
>  }
>  
>  /**
> @@ -535,29 +590,38 @@ RiscVSetMemoryAttributes (
>IN UINT64Attributes
>)
>  {
> -  UINT64  PageAttributesSet;
> +  UINT64  PageAttributesSet;
> +  UINT64  PageAttributesClear;
> +  EFI_STATUS  Status;
>  
> -  PageAttributesSet = GcdAttributeToPageAttribute (Attributes);
> +  Status = GcdAttributeToPageAttribute (Attributes, );
> +  if (EFI_ERROR (Status)) {
> +return Status;
> +  }
>
Is there a reason to do this prior to checking RiscVMmuEnabled()?

>if (!RiscVMmuEnabled ()) {
>  return EFI_SUCCESS;
>}
>  
> -  DEBUG (
> -(
> - DEBUG_VERBOSE,
> - "%a: Set %llX page attribute 0x%X\n",
> - __func__,
> - BaseAddress,
> - PageAttributesSet
> -)
> -);
> +  PageAttributesClear = PTE_ATTRIBUTES_MASK;
> +  if ((PcdGet64 (PcdRiscVFeatureOverride) & RISCV_CPU_FEATURE_PBMT_BITMASK) 
> != 0) {
> +PageAttributesClear |= PTE_PBMT_MASK;
> +  }
> +
I think static variable would be better.

> +  DEBUG ((
> +DEBUG_VERBOSE,
> +"%a: %LX: set attributes 0x%LX, clear attributes 0x%LX\n",
> +__func__,
> +BaseAddress,
> +PageAttributesSet,
> +

Re: [edk2-devel] [PATCH] uefi-sct/SctPkg:Enhance BBTestReadKeyStrokeExFunctionAutoTestCheckpoint1()

[G Edhaya Chandran]

The patch is up streamed by the below commit:
https://github.com/tianocore/edk2-test/commit/032822757792c5d4d0bfed1fd8524e69ef4f2d17


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116838): https://edk2.groups.io/g/devel/message/116838
Mute This Topic: https://groups.io/mt/87274606/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] MdePkg/BaseLib: Fix AARCH64 compilation error

[levi.yun]

I think it would be nice if you add

diff --git a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S 
b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S
index 3e58119b25d2..505d3765c522 100644
--- a/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S
+++ b/MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S
@@ -9,6 +9,7 @@

GCC_ASM_EXPORT(SetJump)
GCC_ASM_EXPORT(InternalLongJump)
+GCC_ASM_IMPORT(InternalAssertJumpBuffer)

#define GPR_LAYOUT                         \
REG_PAIR (x19, x20,  0);           \

Thou, the gcc doesn't raise compile error
(in ASM_FLAG, there's no option set "-Werror-implicit-function-declaration")

Otherwise,

Reviewed-by: levi.yun 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116837): https://edk2.groups.io/g/devel/message/116837
Mute This Topic: https://groups.io/mt/104997022/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH] IntelFsp2Pkg/Tools: Updated iterator usage for Python 3 compatibility

[Zhiguang Liu]

Updated iterator usage for Python 3 compatibility
Cc: Chasel Chiu 
Cc: Nate DeSimone 
Cc: Duggapu Chinni B 
Cc: Star Zeng 
Cc: Ted Kuo 
Cc: Ashraf Ali S 
Cc: Susovan Mohapatra 
Signed-off-by: Zhiguang Liu 
---
 IntelFsp2Pkg/Tools/PatchFv.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IntelFsp2Pkg/Tools/PatchFv.py b/IntelFsp2Pkg/Tools/PatchFv.py
index 0cab73255d..fd7476d576 100644
--- a/IntelFsp2Pkg/Tools/PatchFv.py
+++ b/IntelFsp2Pkg/Tools/PatchFv.py
@@ -720,7 +720,7 @@ class Symbols:
 def getModGuid(self, var):
 guid = (guid for guid,name in self.dictGuidNameXref.items() if 
name==var)
 try:
-value = guid.next()
+value = next(guid)
 except Exception:
 raise Exception("Unknown module name %s !" % var)
 return value
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116836): https://edk2.groups.io/g/devel/message/116836
Mute This Topic: https://groups.io/mt/104999189/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH] IntelFsp2Pkg/Tools: Let PatchFv support to get Image Base.

[Zhiguang Liu]

Now, the value params of PatchFv support below value getting from map
file:
  ModuleName:FunctionName
  ModuleName:GlobalVariableName
  ModuleGuid:Offset
This patch add a new type ModuleName:KeyWord
KeyWord now supports "BASE", indicating the address of the Image base.
For example, ModuleName:BASE will be the address of the Image base.
This will simplify the flow when user want to patch the Image base in
the binary.

In the future, we can let the KeyWord support more based on future
usage.

Cc: Chasel Chiu 
Cc: Nate DeSimone 
Cc: Duggapu Chinni B 
Cc: Star Zeng 
Cc: Ted Kuo 
Cc: Ashraf Ali S 
Cc: Susovan Mohapatra 
Signed-off-by: Zhiguang Liu 
---
 IntelFsp2Pkg/Tools/PatchFv.py   | 1 +
 IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/IntelFsp2Pkg/Tools/PatchFv.py b/IntelFsp2Pkg/Tools/PatchFv.py
index 73ab877c71..0cab73255d 100644
--- a/IntelFsp2Pkg/Tools/PatchFv.py
+++ b/IntelFsp2Pkg/Tools/PatchFv.py
@@ -384,6 +384,7 @@ class Symbols:
 if len(modName) == 36:
modName = self.dictGuidNameXref[modName.upper()]
 self.dictModBase['%s:BASE'  % modName] = int 
(match.group(2), 16)
+self.dictSymbolAddress['%s:BASE'  % modName] = 
match.group(2)
 self.dictModBase['%s:ENTRY' % modName] = int 
(match.group(3), 16)
 #(GUID=86D70125-BAA3-4296-A62F-602BEBBB9081 
.textbaseaddress=0x00fffb4398 .databaseaddress=0x00fffb4178)
 match = 
re.match("\(GUID=([A-Z0-9\-]+)\s+\.textbaseaddress=(0x[0-9a-fA-F]+)\s+\.databaseaddress=(0x[0-9a-fA-F]+)\)",
 rptLine)
diff --git a/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md 
b/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md
index 205ad57773..b59e82c872 100644
--- a/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md
+++ b/IntelFsp2Pkg/Tools/UserManuals/PatchFvUserManual.md
@@ -89,9 +89,10 @@ The entire argument includes the quote marks like in the 
example argument below:
 | 0x00BC   | 0xFFA2   | 188  | -94 
 |
 
 ```
-ModuleName:FunctionName | ModuleName:GlobalVariableName
+ModuleName:FunctionName | ModuleName:GlobalVariableName | ModuleName:KeyWord
 ModuleGuid:Offset
 ```
+Note: KeyWord only supports "BASE" now, indicating the address of the PE Image 
base.
 
 ### Operators:
 
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116835): https://edk2.groups.io/g/devel/message/116835
Mute This Topic: https://groups.io/mt/104999188/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-