Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi
Hi The change in MdeModulePkg have been merged now. Could you please help to review the patch in IntelFsp2WrapperPkg. I had sent the patch on Apr 30. I can send it again if you need. This is the PR link for IntelFsp2WrapperPkg: https://github.com/tianocore/edk2/pull/5601/commits/290d3347c45d359da3ff1ccd50f290a45767d43a Thanks a lot. BR, Zhihao -Original Message- From: gaoliming Sent: Saturday, June 15, 2024 11:16 AM To: Li, Zhihao ; devel@edk2.groups.io Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Duggapu, Chinni B ; Chen, Gang C Subject: 回复: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi Zhihao: I have no other comment for the change in MdeModulePkg. Please create pull request for it. Thanks Liming > -邮件原件- > 发件人: Li, Zhihao > 发送时间: 2024年6月11日 15:36 > 收件人: gaoliming ; devel@edk2.groups.io > 抄送: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > 主题: RE: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install > MigrateTempRamPpi > > Hi Liming > > If there are no concerns about it, could you please help to review the > patch in MdeModulePkg scope and check in? > And then, I contact with the maintainers of IntelFsp2WrapperPkg for > another patch review. > > BR, > Zhihao > > -Original Message- > From: Li, Zhihao > Sent: Thursday, May 30, 2024 2:32 PM > To: gaoliming ; devel@edk2.groups.io > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > Subject: RE: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: > Install MigrateTempRamPpi > > Yes, they are used. > Refer to https://bugzilla.tianocore.org/show_bug.cgi?id=2376 , Fsp > binary measurement has been implemented and controlled by > PcdFspMeasurementConfig. > Current defect: > 1. FSP-T/FSP-M may not be migrated. > 2. Even if FSP-M has been migrated, its measurement still used the > original address. > Corresponding modifications: > In MdeModulePkg scope: > 1. Add the gEdkiiPeiMigrateTempRamPpiGuid and install it after > EvacuateTempRam is called. > In IntelFsp2WrapperPkg scope: > 1. Add MigrateTempRamPpi notification which will check the migration > of FSP-T/M and migrate them if they are not migrated but need to be measured. > 2. Fix Tcg notification to use migrated address if the binaries had been > migrated. > > BR, > Zhihao > > -Original Message- > From: gaoliming > Sent: Thursday, May 30, 2024 1:12 PM > To: devel@edk2.groups.io; Li, Zhihao > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > Subject: 回复: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: > Install MigrateTempRamPpi > > Zhihao: > If Fsp-T/M is not installed, are they still used in PEI boot? If > they are used, I agree they should be measured. > > Thanks > Liming > > -邮件原件- > > 发件人: devel@edk2.groups.io 代表 Li, Zhihao > > 发送时间: 2024年5月29日 11:36 > > 收件人: gaoliming ; devel@edk2.groups.io > > 抄送: Chiu, Chasel ; Desimone, Nathaniel L > > ; Duggapu, Chinni B > > ; Chen, Gang C > > 主题: Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install > > MigrateTempRamPpi > > > > Issue description: > > 1. PeiCore only migrates Fsp-M in dispatch mode and doesn't migrate > > Fsp-T and Fsp-M in Api mode. > > 2. Fsp-T and Fsp-M will be measured in post-mem PEI and the > > measurement uses original addresses. > > RootCause: > > PeiCore only migrates installed FVs and Fsp-T/M may not be installed. > > > > Defect in implementation: > > In MdeModulePkg/Core/Pei/PeiMain/PeiMain.c line 450: > > EvacuateTempRam will migrate installed content from Temporary RAM to > > Permanent RAM because of BootGuard TOCTOU > > vulnerability(https://bugzilla.tianocore.org/show_bug.cgi?id=1614). > > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 220: > > FspmWrapperInit will install Fspm in dispatch mode or directly call > > PeiFspMemoryInit function in api mode. > > ==> > > Api mode: Fsp-T and Fsp-M are not migrated because they are not installed. > > Dispatch mode: Fsp-T is not migrated because it is not installed. > > > > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 291, > 300: > > TcgPpiNotify transmits original addresses(PcdFsptBaseAddress, > > PcdFspmBaseAddress) to MeasureFspFirmwareBlob which will trigger > > HashLogExtendEvent. > > In SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c line 966: > > TcgPpi will be installed in PeimEntryMP which will be called when > > the PEI Foundation discovers permanent memory(line 1059 > > mImageInMemory = > TR
Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi
Hi Liming If there are no concerns about it, could you please help to review the patch in MdeModulePkg scope and check in? And then, I contact with the maintainers of IntelFsp2WrapperPkg for another patch review. BR, Zhihao -Original Message- From: Li, Zhihao Sent: Thursday, May 30, 2024 2:32 PM To: gaoliming ; devel@edk2.groups.io Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Duggapu, Chinni B ; Chen, Gang C Subject: RE: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi Yes, they are used. Refer to https://bugzilla.tianocore.org/show_bug.cgi?id=2376 , Fsp binary measurement has been implemented and controlled by PcdFspMeasurementConfig. Current defect: 1. FSP-T/FSP-M may not be migrated. 2. Even if FSP-M has been migrated, its measurement still used the original address. Corresponding modifications: In MdeModulePkg scope: 1. Add the gEdkiiPeiMigrateTempRamPpiGuid and install it after EvacuateTempRam is called. In IntelFsp2WrapperPkg scope: 1. Add MigrateTempRamPpi notification which will check the migration of FSP-T/M and migrate them if they are not migrated but need to be measured. 2. Fix Tcg notification to use migrated address if the binaries had been migrated. BR, Zhihao -Original Message- From: gaoliming Sent: Thursday, May 30, 2024 1:12 PM To: devel@edk2.groups.io; Li, Zhihao Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Duggapu, Chinni B ; Chen, Gang C Subject: 回复: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi Zhihao: If Fsp-T/M is not installed, are they still used in PEI boot? If they are used, I agree they should be measured. Thanks Liming > -邮件原件- > 发件人: devel@edk2.groups.io 代表 Li, Zhihao > 发送时间: 2024年5月29日 11:36 > 收件人: gaoliming ; devel@edk2.groups.io > 抄送: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > 主题: Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install > MigrateTempRamPpi > > Issue description: > 1. PeiCore only migrates Fsp-M in dispatch mode and doesn't migrate > Fsp-T and Fsp-M in Api mode. > 2. Fsp-T and Fsp-M will be measured in post-mem PEI and the > measurement uses original addresses. > RootCause: > PeiCore only migrates installed FVs and Fsp-T/M may not be installed. > > Defect in implementation: > In MdeModulePkg/Core/Pei/PeiMain/PeiMain.c line 450: > EvacuateTempRam will migrate installed content from Temporary RAM to > Permanent RAM because of BootGuard TOCTOU > vulnerability(https://bugzilla.tianocore.org/show_bug.cgi?id=1614). > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 220: > FspmWrapperInit will install Fspm in dispatch mode or directly call > PeiFspMemoryInit function in api mode. > ==> > Api mode: Fsp-T and Fsp-M are not migrated because they are not installed. > Dispatch mode: Fsp-T is not migrated because it is not installed. > > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 291, 300: > TcgPpiNotify transmits original addresses(PcdFsptBaseAddress, > PcdFspmBaseAddress) to MeasureFspFirmwareBlob which will trigger > HashLogExtendEvent. > In SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c line 966: > TcgPpi will be installed in PeimEntryMP which will be called when the > PEI Foundation discovers permanent memory(line 1059 mImageInMemory = TRUE). > ==> > Original addresses of Fsp-T and Fsp-M will be used for measurement > after permanent memory is ready and installed FVs are migrated. > > > Solution: > MdeModulePkg: PeiCore Installs MigrateTempRamPpi if > PcdMigrateTemporaryRamFirmwareVolumes is True. > IntelFsp2WrapperPkg : 1. MigrateTempRamPpi nitification in > FspmWrapperPeim migrates FspT/M binary to permanent memory and build > MigatedFvInfoHob. > 2. TCG notification checks > MigatedFvInfoHob and transmits DRAM address for measurement. > > BR, > Zhihao > > > -Original Message- > From: gaoliming > Sent: Tuesday, May 28, 2024 5:44 PM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > Subject: 回复: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install > MigrateTempRamPpi > > Zhihao: > Could you explain the situation that FSP-T/M is not migrated by PeiCore? > > Thanks > Liming > > -邮件原件- > > 发件人: Zhihao Li > > 发送时间: 2024年4月29日 11:20 > > 收件人: devel@edk2.groups.io > > 抄送: Chasel Chiu ; Nate DeSimone > > ; Duggapu Chinni B > > ; Chen Gang C ; > > Liming Gao > > 主题: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4716 > > > > Migrate FSP-T/M binary from temporary RAM to permane
Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi
Yes, they are used. Refer to https://bugzilla.tianocore.org/show_bug.cgi?id=2376 , Fsp binary measurement has been implemented and controlled by PcdFspMeasurementConfig. Current defect: 1. FSP-T/FSP-M may not be migrated. 2. Even if FSP-M has been migrated, its measurement still used the original address. Corresponding modifications: In MdeModulePkg scope: 1. Add the gEdkiiPeiMigrateTempRamPpiGuid and install it after EvacuateTempRam is called. In IntelFsp2WrapperPkg scope: 1. Add MigrateTempRamPpi notification which will check the migration of FSP-T/M and migrate them if they are not migrated but need to be measured. 2. Fix Tcg notification to use migrated address if the binaries had been migrated. BR, Zhihao -Original Message- From: gaoliming Sent: Thursday, May 30, 2024 1:12 PM To: devel@edk2.groups.io; Li, Zhihao Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Duggapu, Chinni B ; Chen, Gang C Subject: 回复: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi Zhihao: If Fsp-T/M is not installed, are they still used in PEI boot? If they are used, I agree they should be measured. Thanks Liming > -邮件原件- > 发件人: devel@edk2.groups.io 代表 Li, Zhihao > 发送时间: 2024年5月29日 11:36 > 收件人: gaoliming ; devel@edk2.groups.io > 抄送: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > 主题: Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install > MigrateTempRamPpi > > Issue description: > 1. PeiCore only migrates Fsp-M in dispatch mode and doesn't migrate > Fsp-T and Fsp-M in Api mode. > 2. Fsp-T and Fsp-M will be measured in post-mem PEI and the > measurement uses original addresses. > RootCause: > PeiCore only migrates installed FVs and Fsp-T/M may not be installed. > > Defect in implementation: > In MdeModulePkg/Core/Pei/PeiMain/PeiMain.c line 450: > EvacuateTempRam will migrate installed content from Temporary RAM to > Permanent RAM because of BootGuard TOCTOU > vulnerability(https://bugzilla.tianocore.org/show_bug.cgi?id=1614). > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 220: > FspmWrapperInit will install Fspm in dispatch mode or directly call > PeiFspMemoryInit function in api mode. > ==> > Api mode: Fsp-T and Fsp-M are not migrated because they are not installed. > Dispatch mode: Fsp-T is not migrated because it is not installed. > > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 291, 300: > TcgPpiNotify transmits original addresses(PcdFsptBaseAddress, > PcdFspmBaseAddress) to MeasureFspFirmwareBlob which will trigger > HashLogExtendEvent. > In SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c line 966: > TcgPpi will be installed in PeimEntryMP which will be called when the > PEI Foundation discovers permanent memory(line 1059 mImageInMemory = TRUE). > ==> > Original addresses of Fsp-T and Fsp-M will be used for measurement > after permanent memory is ready and installed FVs are migrated. > > > Solution: > MdeModulePkg: PeiCore Installs MigrateTempRamPpi if > PcdMigrateTemporaryRamFirmwareVolumes is True. > IntelFsp2WrapperPkg : 1. MigrateTempRamPpi nitification in > FspmWrapperPeim migrates FspT/M binary to permanent memory and build > MigatedFvInfoHob. > 2. TCG notification checks > MigatedFvInfoHob and transmits DRAM address for measurement. > > BR, > Zhihao > > > -Original Message- > From: gaoliming > Sent: Tuesday, May 28, 2024 5:44 PM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > Subject: 回复: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install > MigrateTempRamPpi > > Zhihao: > Could you explain the situation that FSP-T/M is not migrated by PeiCore? > > Thanks > Liming > > -邮件原件- > > 发件人: Zhihao Li > > 发送时间: 2024年4月29日 11:20 > > 收件人: devel@edk2.groups.io > > 抄送: Chasel Chiu ; Nate DeSimone > > ; Duggapu Chinni B > > ; Chen Gang C ; > > Liming Gao > > 主题: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4716 > > > > Migrate FSP-T/M binary from temporary RAM to permanent RAM before > > NEM tear down. Tcg module will use permanent address of FSP-T/M for > > measurement. > > 1. PeiCore installs mMigrateTempRamPpi if > > PcdMigrateTemporaryRamFirmwareVolumes is True 2. FspmWrapperPeim > > migrate FspT/M binary to permanent memory and build MigatedFvInfoHob > > 3. TCG notification checks MigatedFvInfoHob and transmits DRAM > > address for measurement > > > > Cc: Chasel Chiu > > Cc: Nate DeSimone > > Cc: Dugga
Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi
Issue description: 1. PeiCore only migrates Fsp-M in dispatch mode and doesn't migrate Fsp-T and Fsp-M in Api mode. 2. Fsp-T and Fsp-M will be measured in post-mem PEI and the measurement uses original addresses. RootCause: PeiCore only migrates installed FVs and Fsp-T/M may not be installed. Defect in implementation: In MdeModulePkg/Core/Pei/PeiMain/PeiMain.c line 450: EvacuateTempRam will migrate installed content from Temporary RAM to Permanent RAM because of BootGuard TOCTOU vulnerability(https://bugzilla.tianocore.org/show_bug.cgi?id=1614). In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 220: FspmWrapperInit will install Fspm in dispatch mode or directly call PeiFspMemoryInit function in api mode. ==> Api mode: Fsp-T and Fsp-M are not migrated because they are not installed. Dispatch mode: Fsp-T is not migrated because it is not installed. In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 291, 300: TcgPpiNotify transmits original addresses(PcdFsptBaseAddress, PcdFspmBaseAddress) to MeasureFspFirmwareBlob which will trigger HashLogExtendEvent. In SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c line 966: TcgPpi will be installed in PeimEntryMP which will be called when the PEI Foundation discovers permanent memory(line 1059 mImageInMemory = TRUE). ==> Original addresses of Fsp-T and Fsp-M will be used for measurement after permanent memory is ready and installed FVs are migrated. Solution: MdeModulePkg: PeiCore Installs MigrateTempRamPpi if PcdMigrateTemporaryRamFirmwareVolumes is True. IntelFsp2WrapperPkg : 1. MigrateTempRamPpi nitification in FspmWrapperPeim migrates FspT/M binary to permanent memory and build MigatedFvInfoHob. 2. TCG notification checks MigatedFvInfoHob and transmits DRAM address for measurement. BR, Zhihao -Original Message- From: gaoliming Sent: Tuesday, May 28, 2024 5:44 PM To: Li, Zhihao ; devel@edk2.groups.io Cc: Chiu, Chasel ; Desimone, Nathaniel L ; Duggapu, Chinni B ; Chen, Gang C Subject: 回复: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi Zhihao: Could you explain the situation that FSP-T/M is not migrated by PeiCore? Thanks Liming > -邮件原件- > 发件人: Zhihao Li > 发送时间: 2024年4月29日 11:20 > 收件人: devel@edk2.groups.io > 抄送: Chasel Chiu ; Nate DeSimone > ; Duggapu Chinni B > ; Chen Gang C ; > Liming Gao > 主题: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4716 > > Migrate FSP-T/M binary from temporary RAM to permanent RAM before NEM > tear down. Tcg module will use permanent address of FSP-T/M for > measurement. > 1. PeiCore installs mMigrateTempRamPpi if > PcdMigrateTemporaryRamFirmwareVolumes is True 2. FspmWrapperPeim > migrate FspT/M binary to permanent memory and build MigatedFvInfoHob > 3. TCG notification checks MigatedFvInfoHob and transmits DRAM address > for measurement > > Cc: Chasel Chiu > Cc: Nate DeSimone > Cc: Duggapu Chinni B > Cc: Chen Gang C > Cc: Liming Gao > > Signed-off-by: Zhihao Li > --- > MdeModulePkg/Core/Pei/PeiMain/PeiMain.c| 10 - > MdeModulePkg/Core/Pei/PeiMain.h| 3 ++- > MdeModulePkg/Core/Pei/PeiMain.inf | 3 ++- > MdeModulePkg/Include/Guid/MigratedFvInfo.h | 4 ++-- > MdeModulePkg/Include/Ppi/MigrateTempRam.h | 23 > > MdeModulePkg/MdeModulePkg.dec | 5 - > 6 files changed, 42 insertions(+), 6 deletions(-) > > diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > index bf1719d7941a..0e3d9a843816 100644 > --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > @@ -1,7 +1,7 @@ > /** @file >Pei Core Main Entry Point > > -Copyright (c) 2006 - 2019, Intel Corporation. All rights > reserved. > +Copyright (c) 2006 - 2024, Intel Corporation. All rights > +reserved. > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -13,6 +13,11 @@ EFI_PEI_PPI_DESCRIPTOR mMemoryDiscoveredPpi = { >, >NULL > }; > +EFI_PEI_PPI_DESCRIPTOR mMigrateTempRamPpi = { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | > EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + , > + NULL > +}; > > /// > /// Pei service instance > @@ -449,6 +454,9 @@ PeiCore ( >// >EvacuateTempRam (, SecCoreData); > > + Status = PeiServicesInstallPpi (); > + ASSERT_EFI_ERROR (Status); > + >DEBUG ((DEBUG_VERBOSE, "PPI lists after temporary RAM > evacuation:\n")); >DumpPpiList (); > } > diff --git a/MdeModulePkg/Core/Pei/PeiMain.h > b/MdeModulePkg/Core/Pei/PeiMain.h index 46b6c23014a3..8df0c2d561f7 > 100644 > --- a/MdeM
[edk2-devel] [PATCH v1 2/2] IntelFsp2WrapperPkg/FspmWrapperPeim: Migrate FspT/M to permanent memory
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4716 Migrate FSP-T/M binary from temporary RAM to permanent RAM before NEM tear down. Tcg module will use permanent address of FSP-T/M for measurement. 1. PeiCore installs mMigrateTempRamPpi if PcdMigrateTemporaryRamFirmwareVolumes is True 2. FspmWrapperPeim migrate FspT/M binary to permanent memory and build MigatedFvInfoHob 3. TCG notification checks MigatedFvInfoHob and transmits DRAM address for measurement Cc: Chasel Chiu Cc: Nate DeSimone Cc: Duggapu Chinni B Cc: Chen Gang C Cc: Liming Gao Signed-off-by: Zhihao Li --- IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c | 181 +++- IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf | 4 +- 2 files changed, 177 insertions(+), 8 deletions(-) diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c index 7f1deb95426f..101514ee4d17 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi notify to call FspSiliconInit API. - Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. + Copyright (c) 2014 - 2024, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,14 +33,19 @@ #include #include #include +#include #include #include #include #include #include +#include extern EFI_GUID gFspHobGuid; +#define FSP_MIGRATED_FSPT BIT0 +#define FSP_MIGRATED_FSPM BIT1 + /** Get the FSP M UPD Data address @@ -260,6 +265,30 @@ EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = { TcgPpiNotify }; +/** + This function is called after temporary ram migration. + + @param[in] PeiServicesPointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification event that +caused this function to execute. + @param[in] PpiPointer to the PPI data associated with this function. + + @retval EFI_STATUSAlways return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +MigrateTempRamNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mMigrateTempRamNotifyDesc = { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + , + MigrateTempRamNotify +}; + /** This function is called after TCG installed PPI. @@ -278,18 +307,41 @@ TcgPpiNotify ( IN VOID *Ppi ) { - UINT32 FspMeasureMask; + UINT32 FspMeasureMask; + EFI_PHYSICAL_ADDRESSFsptBaseAddress; + EFI_PHYSICAL_ADDRESSFspmBaseAddress; + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; + EFI_PEI_HOB_POINTERSHob; DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n")); - FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig); + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig); + FsptBaseAddress = (EFI_PHYSICAL_ADDRESS)PcdGet32 (PcdFsptBaseAddress); + FspmBaseAddress = (EFI_PHYSICAL_ADDRESS)PcdGet32 (PcdFspmBaseAddress); + Hob.Raw = GetFirstGuidHob (); + while (Hob.Raw != NULL) { +MigratedFvInfo = GET_GUID_HOB_DATA (Hob); +if ((MigratedFvInfo->FvOrgBase == (UINT32)(UINTN)PcdGet32 (PcdFsptBaseAddress)) && (MigratedFvInfo->FvDataBase != 0)) { + // + // Found the migrated FspT raw data + // + FsptBaseAddress = MigratedFvInfo->FvDataBase; +} + +if ((MigratedFvInfo->FvOrgBase == (UINT32)(UINTN)PcdGet32 (PcdFspmBaseAddress)) && (MigratedFvInfo->FvDataBase != 0)) { + FspmBaseAddress = MigratedFvInfo->FvDataBase; +} + +Hob.Raw = GET_NEXT_HOB (Hob); +Hob.Raw = GetNextGuidHob (, Hob.Raw); + } if ((FspMeasureMask & FSP_MEASURE_FSPT) != 0) { MeasureFspFirmwareBlob ( 0, "FSPT", - PcdGet32 (PcdFsptBaseAddress), - (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)PcdGet32 (PcdFsptBaseAddress))->FvLength + FsptBaseAddress, + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FsptBaseAddress)->FvLength ); } @@ -297,14 +349,126 @@ TcgPpiNotify ( MeasureFspFirmwareBlob ( 0, "FSPM", - PcdGet32 (PcdFspmBaseAddress), - (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)PcdGet32 (PcdFspmBaseAddress))->FvLength + FspmBaseAddress, + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FspmBaseAddress)->FvLength ); } return EFI_SUCCESS; } +/** + This function is called after temporary ram migration. + + @param[in] PeiServicesPointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification event that +caused this function to execute. + @param[in] PpiPointer to the PPI data associated with this function. +
[edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4716 Migrate FSP-T/M binary from temporary RAM to permanent RAM before NEM tear down. Tcg module will use permanent address of FSP-T/M for measurement. 1. PeiCore installs mMigrateTempRamPpi if PcdMigrateTemporaryRamFirmwareVolumes is True 2. FspmWrapperPeim migrate FspT/M binary to permanent memory and build MigatedFvInfoHob 3. TCG notification checks MigatedFvInfoHob and transmits DRAM address for measurement Cc: Chasel Chiu Cc: Nate DeSimone Cc: Duggapu Chinni B Cc: Chen Gang C Cc: Liming Gao Signed-off-by: Zhihao Li --- MdeModulePkg/Core/Pei/PeiMain/PeiMain.c| 10 - MdeModulePkg/Core/Pei/PeiMain.h| 3 ++- MdeModulePkg/Core/Pei/PeiMain.inf | 3 ++- MdeModulePkg/Include/Guid/MigratedFvInfo.h | 4 ++-- MdeModulePkg/Include/Ppi/MigrateTempRam.h | 23 MdeModulePkg/MdeModulePkg.dec | 5 - 6 files changed, 42 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c index bf1719d7941a..0e3d9a843816 100644 --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c @@ -1,7 +1,7 @@ /** @file Pei Core Main Entry Point -Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -13,6 +13,11 @@ EFI_PEI_PPI_DESCRIPTOR mMemoryDiscoveredPpi = { , NULL }; +EFI_PEI_PPI_DESCRIPTOR mMigrateTempRamPpi = { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + , + NULL +}; /// /// Pei service instance @@ -449,6 +454,9 @@ PeiCore ( // EvacuateTempRam (, SecCoreData); + Status = PeiServicesInstallPpi (); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_VERBOSE, "PPI lists after temporary RAM evacuation:\n")); DumpPpiList (); } diff --git a/MdeModulePkg/Core/Pei/PeiMain.h b/MdeModulePkg/Core/Pei/PeiMain.h index 46b6c23014a3..8df0c2d561f7 100644 --- a/MdeModulePkg/Core/Pei/PeiMain.h +++ b/MdeModulePkg/Core/Pei/PeiMain.h @@ -1,7 +1,7 @@ /** @file Definition of Pei Core Structures and Services -Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -26,6 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include #include diff --git a/MdeModulePkg/Core/Pei/PeiMain.inf b/MdeModulePkg/Core/Pei/PeiMain.inf index 893bdc052798..4e545ddab2ab 100644 --- a/MdeModulePkg/Core/Pei/PeiMain.inf +++ b/MdeModulePkg/Core/Pei/PeiMain.inf @@ -6,7 +6,7 @@ # 2) Dispatch PEIM from discovered FV. # 3) Handoff control to DxeIpl to load DXE core and enter DXE phase. # -# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -101,6 +101,7 @@ gEfiPeiReset2PpiGuid ## SOMETIMES_CONSUMES gEfiSecHobDataPpiGuid ## SOMETIMES_CONSUMES gEfiPeiCoreFvLocationPpiGuid ## SOMETIMES_CONSUMES + gEdkiiPeiMigrateTempRamPpiGuid## PRODUCES [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeiStackSize ## CONSUMES diff --git a/MdeModulePkg/Include/Guid/MigratedFvInfo.h b/MdeModulePkg/Include/Guid/MigratedFvInfo.h index 1c8b0dfefc49..255e278235b1 100644 --- a/MdeModulePkg/Include/Guid/MigratedFvInfo.h +++ b/MdeModulePkg/Include/Guid/MigratedFvInfo.h @@ -1,7 +1,7 @@ /** @file Migrated FV information -Copyright (c) 2020, Intel Corporation. All rights reserved. +Copyright (c) 2020 - 2024, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -50,7 +50,7 @@ typedef struct { typedef struct { UINT32FvOrgBase; // original FV address - UINT32FvNewBase; // new FV address + UINT32FvNewBase; // new FV address, 0 means rebased data is not copied UINT32FvDataBase;// original FV data, 0 means raw data is not copied UINT32FvLength; // Fv Length } EDKII_MIGRATED_FV_INFO; diff --git a/MdeModulePkg/Include/Ppi/MigrateTempRam.h b/MdeModulePkg/Include/Ppi/MigrateTempRam.h new file mode 100644 index ..9bbb55d5cf86 --- /dev/null +++ b/MdeModulePkg/Include/Ppi/MigrateTempRam.h @@ -0,0 +1,23 @@ +/** @file + This file declares Migrate Temporary Memory PPI. + + This PPI is published by the PEI Foundation when temporary RAM needs to evacuate. + Its purpose is to be used as a signal for other PEIMs who can register for a + notification on its installation. + + Copyright (c) 2024, Intel Corporation. All rights reserved. + SPDX-License-Identifier:
[edk2-devel] [PATCH v1] MdeModulePkg/Core/Pei: Improve the copy performance
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4697 EvacuateTempRam function will copy the temporary memory context to the rebased pages and the raw pages. Migrations of rebased PEIMs is from cache to memory, while raw PEIMs is from memory to memory. So the migrations of raw PEIMs is slower than rebased PEIMs. Experimental data indicates that changing the source address of raw PEIMs migration will improve performance by 35%. Cc: Liming Gao Signed-off-by: Zhihao Li --- MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c index 4cd8c843cd..ca37bde482 100644 --- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c @@ -1,7 +1,7 @@ /** @file EFI PEI Core dispatch services -Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved. (C) Copyright 2016 Hewlett Packard Enterprise Development LP SPDX-License-Identifier: BSD-2-Clause-Patent @@ -1305,7 +1305,7 @@ EvacuateTempRam ( ); ASSERT_EFI_ERROR (Status); RawDataFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvHeaderAddress; -CopyMem (RawDataFvHeader, MigratedFvHeader, (UINTN)FvHeader->FvLength); +CopyMem (RawDataFvHeader, FvHeader, (UINTN)FvHeader->FvLength); MigratedFvInfo.FvDataBase = (UINT32)(UINTN)RawDataFvHeader; } -- 2.26.2.windows.1
Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/VariableSmm.c: add Ap rendezvous check before SmmSetVariable.
Hi Liming In Ap-Relaxed mode, Bsp will not wait for all ap arrive and call the SMI handlers. But some SMI handlers need all Aps arrive in smm mode such as SmmSetVariable. As the design, SetVariable need to let all aps arrive because it will write flash. Half year ago, I send the patch that calling SmmCpuRendezvous() before SmmSetVariable. It was reviewed but hasn't merged. SmmCpuRendezvous() will return immediately in traditional-AP mode. I'm not sure what returns EFI_ACCESS_DENIED. Calling SmmCpuRendezvous() before SmmSetVariable is our original design but haven't implemented. -Original Message- From: gaoliming Sent: Thursday, May 18, 2023 5:38 PM To: Li, Zhihao ; devel@edk2.groups.io; Ni, Ray ; kra...@redhat.com Cc: Wang, Jian J Subject: 回复: [PATCH v1 1/1] MdeModulePkg/VariableSmm.c: add Ap rendezvous check before SmmSetVariable. Zhihao: Have you root cause this issue that SmmVariableSetVariable may return EFI_ACCESS_DENIED? I am not sure whether this fix is proper. I also add UefiCpuPkg maintainers Ray and Gerd in the mail loop for this discussion. Thanks Liming > -邮件原件- > 发件人: Zhihao Li > 发送时间: 2023年5月10日 18:57 > 收件人: devel@edk2.groups.io > 抄送: Jian J Wang ; Liming Gao > > 主题: [PATCH v1 1/1] MdeModulePkg/VariableSmm.c: add Ap rendezvous check > before SmmSetVariable. > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4429 > > For Ap-Relaxed sync mode, SmmVariableSetVariable() need to let all Aps > arrive to smm before it set the variable. If not, it would return > EFI_ACCESS_DENIED. > > Cc: Jian J Wang > Cc: Liming Gao > > Signed-off-by: Zhihao Li > --- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > | 10 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > | 3 ++- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > | 3 ++- > 3 files changed, 13 insertions(+), 3 deletions(-) > > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > index 5253c328dcd9..4944903e64d4 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > @@ -14,7 +14,7 @@ >VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), > ReclaimForOS(), > >SmmVariableGetStatistics() should also do validation based on its > own knowledge. > > > > -Copyright (c) 2010 - 2019, Intel Corporation. All rights > reserved. > > +Copyright (c) 2010 - 2023, Intel Corporation. All rights > +reserved. > > Copyright (c) 2018, Linaro, Ltd. All rights reserved. > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > #include > > #include > > +#include > > > > #include > > #include "Variable.h" > > @@ -87,6 +88,13 @@ SmmVariableSetVariable ( { > >EFI_STATUS Status; > > > > + // > > + // Need to wait for all Aps to arrive in Relaxed-AP Sync Mode > > + // > > + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { > > +DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP check > + in > SMM!\n")); > > + } > > + > >// > >// Disable write protection when the calling SetVariable() through > EFI_SMM_VARIABLE_PROTOCOL. > >// > > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > index 8c552b87e080..1cf0d051e6c9 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > @@ -18,7 +18,7 @@ > # may not be modified without authorization. If platform fails to protect > these resources, > > # the authentication service provided in this driver will be broken, > and the > behavior is undefined. > > # > > -# Copyright (c) 2010 - 2019, Intel Corporation. All rights > reserved. > > +# Copyright (c) 2010 - 2023, Intel Corporation. All rights > +reserved. > > # Copyright (c) Microsoft Corporation. > > # SPDX-License-Identifier: BSD-2-Clause-Patent > > # > > @@ -84,6 +84,7 @@ >VariablePolicyLib > >VariablePolicyHelperLib > >SafeIntLib > > + SmmCpuRendezvousLib > > > > [Protocols] > >gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES > > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.in > f > b/MdeModulePkg/Universal/Variable/RuntimeDxe/Vari
[edk2-devel] [PATCH v1 1/1] MdeModulePkg/VariableSmm.c: add Ap rendezvous check before SmmSetVariable.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4429 For Ap-Relaxed sync mode, SmmVariableSetVariable() need to let all Aps arrive to smm before it set the variable. If not, it would return EFI_ACCESS_DENIED. Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Zhihao Li --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 10 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 ++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 ++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 5253c328dcd9..4944903e64d4 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), SmmVariableGetStatistics() should also do validation based on its own knowledge. -Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2023, Intel Corporation. All rights reserved. Copyright (c) 2018, Linaro, Ltd. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include "Variable.h" @@ -87,6 +88,13 @@ SmmVariableSetVariable ( { EFI_STATUS Status; + // + // Need to wait for all Aps to arrive in Relaxed-AP Sync Mode + // + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP check in SMM!\n")); + } + // // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL. // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index 8c552b87e080..1cf0d051e6c9 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2023, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -84,6 +84,7 @@ VariablePolicyLib VariablePolicyHelperLib SafeIntLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index f09bed40cf51..89187456ca25 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2023, Intel Corporation. All rights reserved. # Copyright (c) 2018, Linaro, Ltd. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent @@ -80,6 +80,7 @@ VariableFlashInfoLib VariablePolicyLib VariablePolicyHelperLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104539): https://edk2.groups.io/g/devel/message/104539 Mute This Topic: https://groups.io/mt/98803013/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiCpuPkg/CpuService.c:check cpu sync mode in SmmCpuRendezvous()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4431 In Ap relaxed mode, some SMI handlers should call SmmWaitForApArrival() to let all ap arrive in SmmCpuRendezvous(). But in traditional mode, these SMI handlers don't need to call SmmWaitForApArrival() again. So it need to be check cpu sync mode before calling SmmWaitForApArrival(). Cc: Eric Dong Cc: Ray Ni Signed-off-by: Zhihao Li --- UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 19 +-- 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 2ebf4543c3ed..391b64e9f222 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2023, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -421,11 +421,18 @@ SmmCpuRendezvous ( goto ON_EXIT; } - // - // There are some APs outside SMM, Wait for all avaiable APs to arrive. - // - SmmWaitForApArrival (); - Status = mSmmMpSyncData->AllApArrivedWithException ? EFI_SUCCESS : EFI_TIMEOUT; + if ((mSmmMpSyncData->EffectiveSyncMode != SmmCpuSyncModeTradition) && !SmmCpuFeaturesNeedConfigureMtrrs ()) { +// +// There are some APs outside SMM, Wait for all avaiable APs to arrive. +// +SmmWaitForApArrival (); +Status = mSmmMpSyncData->AllApArrivedWithException ? EFI_SUCCESS : EFI_TIMEOUT; + } else { +// +// BSP has already waitted for APs to arrive SMM if SmmCpuSyncMode selected or need config MTRR. +// +Status = EFI_TIMEOUT; + } ON_EXIT: if (!mSmmMpSyncData->AllApArrivedWithException) { -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104520): https://edk2.groups.io/g/devel/message/104520 Mute This Topic: https://groups.io/mt/98801800/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 1/1] UefiCpuPkg/PiSmmCpuDxeSmm:add Ap Rendezvous check in PerformRemainingTasks.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4424 In Relaxed-AP Sync Mode, BSP will not wait for all Aps arrive. However, PerformRemainingTasks() needs to wait all Aps arrive before calling SetMemMapAttributes and ConfigSmmCodeAccessCheck() when mSmmReadyToLock is true. In SetMemMapAttributes(), SmmSetMemoryAttributesEx() will call FlushTlbForAll() that need to start up the aps. So it need to let all aps arrive. Same as SetMemMapAttributes(), ConfigSmmCodeAccessCheck() also will start up the aps. Cc: Eric Dong Cc: Ray Ni Signed-off-by: Zhihao Li --- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 15 ++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c index 655175a2c6db..1e210beb0e06 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c @@ -1,7 +1,7 @@ /** @file Agent Module to load other modules to deploy SMM Entry Vector for X86 CPU. -Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved. Copyright (c) 2017, AMD Incorporated. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -1441,6 +1441,19 @@ PerformRemainingTasks ( ) { if (mSmmReadyToLock) { +// +// Check if all Aps enter SMM. In Relaxed-AP Sync Mode, BSP will not wait for +// all Aps arrive. However,PerformRemainingTasks() needs to wait all Aps arrive before calling +// SetMemMapAttributes() and ConfigSmmCodeAccessCheck() when mSmmReadyToLock +// is true. In SetMemMapAttributes(), SmmSetMemoryAttributesEx() will call +// FlushTlbForAll() that need to start up the aps. So it need to let all +// aps arrive. Same as SetMemMapAttributes(), ConfigSmmCodeAccessCheck() +// also will start up the aps. +// +if (EFI_ERROR (SmmCpuRendezvous (NULL, TRUE))) { + DEBUG ((DEBUG_ERROR, "PerformRemainingTasks: fail to wait for all AP check in SMM!\n")); +} + // // Start SMM Profile feature // -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#103972): https://edk2.groups.io/g/devel/message/103972 Mute This Topic: https://groups.io/mt/98679265/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiCpuPkg/PiSmmCpuDxeSmm:add Ap Rendezvous check in PerformRemainingTasks.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4424 In Relaxed-AP Sync Mode, BSP will not wait for all Aps arrive. However, SmmReadyToLock needs all Aps to arrive to set memory map Attributes and check config Smm code access in PerformRemainingTasks. Cc: Eric Dong Cc: Ray Ni Signed-off-by: Zhihao Li --- UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 19 +-- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 10 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 3 ++- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 ++- 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 2ebf4543c3ed..391b64e9f222 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2023, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -421,11 +421,18 @@ SmmCpuRendezvous ( goto ON_EXIT; } - // - // There are some APs outside SMM, Wait for all avaiable APs to arrive. - // - SmmWaitForApArrival (); - Status = mSmmMpSyncData->AllApArrivedWithException ? EFI_SUCCESS : EFI_TIMEOUT; + if ((mSmmMpSyncData->EffectiveSyncMode != SmmCpuSyncModeTradition) && !SmmCpuFeaturesNeedConfigureMtrrs ()) { +// +// There are some APs outside SMM, Wait for all avaiable APs to arrive. +// +SmmWaitForApArrival (); +Status = mSmmMpSyncData->AllApArrivedWithException ? EFI_SUCCESS : EFI_TIMEOUT; + } else { +// +// BSP has already waitted for APs to arrive SMM if SmmCpuSyncMode selected or need config MTRR. +// +Status = EFI_TIMEOUT; + } ON_EXIT: if (!mSmmMpSyncData->AllApArrivedWithException) { diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c index 655175a2c6db..71c143069e41 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c @@ -1,7 +1,7 @@ /** @file Agent Module to load other modules to deploy SMM Entry Vector for X86 CPU. -Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved. Copyright (c) 2017, AMD Incorporated. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -1441,6 +1441,14 @@ PerformRemainingTasks ( ) { if (mSmmReadyToLock) { +// +// Check if all Aps enter SMM. In Relaxed-AP Sync Mode, BSP will not wait for +// all Aps arrive. Howawever, SmmReadyToLock needs all Aps to arrive. +// +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "PerformRemainingTasks: fail to wait for all AP check in SMM!\n")); +} + // // Start SMM Profile feature // diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h index 5f0a38e4002d..cc1b42661bda 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h @@ -1,7 +1,7 @@ /** @file Agent Module to load other modules to deploy SMM Entry Vector for X86 CPU. -Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved. +Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved. Copyright (c) 2017, AMD Incorporated. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -50,6 +50,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf index b4b327f60c81..c0bdb931bfac 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf @@ -4,7 +4,7 @@ # This SMM driver performs SMM initialization, deploy SMM Entry Vector, # provides CPU specific services in SMM. # -# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved. +# Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved. # Copyright (c) 2017, AMD Incorporated. All rights reserved. # # SPDX-License-Identifier: BSD-2-Clause-Patent @@ -98,6 +98,7 @@ ReportStatusCodeLib SmmCpuFeaturesLib PeCoffGetEntryPointLib + SmmCpuRendezvousLib [Protocols] gEfiSmmAccess2ProtocolGuid ## CONSUMES -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#103643): https://edk2.groups.io/g/devel/message/103643 Mute This Topic: https://groups.io/mt/98512355/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] CryptPkg: Enable CryptoPkg BaseCryptLib ParallelHash for PEI and DXE
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4097 The BaseCryptLib in the CryptoPkg currently supports ParallelHash algorithm for SMM. The MP Services PPI and MP Services Protocol could be used to enable ParallelHash in PEI and DXE versions of the BaseCryptLib. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Zhihao Li --- CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApDxe.c | 49 ++ CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApMm.c | 35 + CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApPei.c | 54 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 26 +- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 11 +++- CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h | 23 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 11 +++- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + 8 files changed, 183 insertions(+), 27 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApDxe.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApDxe.c new file mode 100644 index ..607aa7cd48d2 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApDxe.c @@ -0,0 +1,49 @@ +/** @file + Dispatch Block to Aps in Dxe phase for parallelhash algorithm. + +Copyright (c) 2022, Intel Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CryptParallelHash.h" +#include +#include + +/** + Dispatch the block task to each AP in PEI phase. + +**/ +VOID +EFIAPI +DispatchBlockToAp ( + VOID + ) +{ + EFI_STATUSStatus; + EFI_MP_SERVICES_PROTOCOL *MpServices; + + Status = gBS->LocateProtocol ( + , + NULL, + (VOID **) + ); + if (EFI_ERROR (Status)) { +// +// Failed to locate MpServices Protocol, do parallel hash by one core. +// +DEBUG ((DEBUG_ERROR, "[DispatchBlockToApDxe] Failed to locate MpServices Protocol. Status = %r\n", Status)); +return; + } + + Status = MpServices->StartupAllAPs ( + MpServices, + ParallelHashApExecute, + FALSE, + NULL, + 0, + NULL, + NULL + ); + return; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApMm.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApMm.c new file mode 100644 index ..0237fb38bcb6 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApMm.c @@ -0,0 +1,35 @@ +/** @file + Dispatch the block task to each AP in Smm mode for parallelhash algorithm. + +Copyright (c) 2022, Intel Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CryptParallelHash.h" +#include + +/** + Dispatch the block task to each AP in SMM mode. + +**/ +VOID +EFIAPI +DispatchBlockToAp ( + VOID + ) +{ + UINTN Index; + + if (gMmst == NULL) { +return; + } + + for (Index = 0; Index < gMmst->NumberOfCpus; Index++) { +if (Index != gMmst->CurrentlyExecutingCpu) { + gMmst->MmStartupThisAp (ParallelHashApExecute, Index, NULL); +} + } + + return; +} diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApPei.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApPei.c new file mode 100644 index ..9ddd23d32048 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptDispatchApPei.c @@ -0,0 +1,54 @@ +/** @file + Dispatch Block to Aps in Pei phase for parallelhash algorithm. + +Copyright (c) 2022, Intel Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CryptParallelHash.h" +#include +#include +#include +#include + +/** + Dispatch the block task to each AP in PEI phase. + +**/ +VOID +EFIAPI +DispatchBlockToAp ( + VOID + ) +{ + EFI_STATUS Status; + CONST EFI_PEI_SERVICES **PeiServices; + EFI_PEI_MP_SERVICES_PPI *MpServicesPpi; + + PeiServices = GetPeiServicesTablePointer (); + Status = (*PeiServices)->LocatePpi ( + PeiServices, + , + 0, + NULL, + (VOID **) + ); + if (EFI_ERROR (Status)) { +// +// Failed to locate MpServices Ppi, do parallel hash by one core. +// +DEBUG ((DEBUG_ERROR, "[DispatchBlockToApPei] Failed to locate MpServices Ppi. Status = %r\n", Status)); +return; + } + + Status = MpServicesPpi->StartupAllAPs ( +(CONST EFI_PEI_SERVICES **)PeiServices, +MpServicesPpi, +ParallelHashApExecute, +FALSE, +
[edk2-devel] [PATCH v2 1/1] UefiCpuPkg: Reset a parameter when BSP Exit in CPU relaxed mode.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4083 In CPU relaxed mode, it doesn't reset the value of mSmmMpSyncData->AllApArrivedWithException when BSP exit smm mode. So this patch will reset this variable. Modified the flow of SmmCpuRendezvous to avoid enter SmmWaitForApArrival repeatedly. Cc: Eric Dong Cc: Ray Ni Signed-off-by: Zhihao Li --- UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 17 - UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 5 +++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 2ebf4543c3ed..368bacd29ea1 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -421,11 +421,18 @@ SmmCpuRendezvous ( goto ON_EXIT; } - // - // There are some APs outside SMM, Wait for all avaiable APs to arrive. - // - SmmWaitForApArrival (); - Status = mSmmMpSyncData->AllApArrivedWithException ? EFI_SUCCESS : EFI_TIMEOUT; + if ((mSmmMpSyncData->EffectiveSyncMode != SmmCpuSyncModeTradition) && !SmmCpuFeaturesNeedConfigureMtrrs ()) { +// +// There are some APs outside SMM, Wait for all avaiable APs to arrive. +// +SmmWaitForApArrival (); +Status = mSmmMpSyncData->AllApArrivedWithException ? EFI_SUCCESS : EFI_TIMEOUT; + } else { +// +// BSP has already waitted for APs to arrive SMM if SmmCpuSyncMode selected or need config MTRR. +// +Status = EFI_TIMEOUT; + } ON_EXIT: if (!mSmmMpSyncData->AllApArrivedWithException) { diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c index 13c2cb8da4c3..c79da418e37c 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c @@ -696,8 +696,9 @@ BSPHandler ( // // Allow APs to check in from this point on // - *mSmmMpSyncData->Counter = 0; - *mSmmMpSyncData->AllCpusInSync = FALSE; + *mSmmMpSyncData->Counter = 0; + *mSmmMpSyncData->AllCpusInSync= FALSE; + mSmmMpSyncData->AllApArrivedWithException = FALSE; } /** -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94841): https://edk2.groups.io/g/devel/message/94841 Mute This Topic: https://groups.io/mt/94195356/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiCpuPkg: Reset a parameter when BSP Exit in CPU relaxed mode.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4083 In CPU relaxed mode, it doesn't reset the value of mSmmMpSyncData->AllApArrivedWithException when BSP exit smm mode. So this patch will reset this variable. Cc: Eric Dong Cc: Ray Ni Signed-off-by: Zhihao Li --- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c index 13c2cb8da4c3..c79da418e37c 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c @@ -696,8 +696,9 @@ BSPHandler ( // // Allow APs to check in from this point on // - *mSmmMpSyncData->Counter = 0; - *mSmmMpSyncData->AllCpusInSync = FALSE; + *mSmmMpSyncData->Counter = 0; + *mSmmMpSyncData->AllCpusInSync= FALSE; + mSmmMpSyncData->AllApArrivedWithException = FALSE; } /** -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94430): https://edk2.groups.io/g/devel/message/94430 Mute This Topic: https://groups.io/mt/93948933/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] MdePkg: Remove the restriction of SmmCpuRendezvousLibNull.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4034 In the implementation of SmmCpuRendezvousLib null version, there is a restriction in [LIBRARY_CLASS] section. So removing the restriction that other type driver can use SmmCpuRendezvousLib null version implemented. Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Zhihao Li --- MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | 2 +- MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c index 769f4c673802..23284caee0f2 100644 --- a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -6,7 +6,7 @@ **/ -#include +#include #include /** diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf index 7c9bac9af2ff..bc513d432a21 100644 --- a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf @@ -13,8 +13,8 @@ [Defines] INF_VERSION= 0x00010005 BASE_NAME = SmmCpuRendezvousLibNull FILE_GUID = 1e5790ea-d013-4d7b-9047-b4342a762027 - MODULE_TYPE= DXE_SMM_DRIVER - LIBRARY_CLASS = SmmCpuRendezvousLib|MM_STANDALONE DXE_SMM_DRIVER + MODULE_TYPE= BASE + LIBRARY_CLASS = SmmCpuRendezvousLib [Sources] SmmCpuRendezvousLibNull.c -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#92897): https://edk2.groups.io/g/devel/message/92897 Mute This Topic: https://groups.io/mt/93309350/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] SecurityPkg: use SmmWaitForAllProcessor in TcgSmm and Tcg2Smm driver.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3855 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let TcgSmm and Tcg2Smm driver work normally in relaxed AP mode. Cc: Jiewen Yao Cc: Jian J Wang Cc: Rahul Kumar Cc: Qi Zhang Signed-off-by: Zhihao Li --- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c| 21 ++-- SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 15 -- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h| 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 1 + SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 3 ++- SecurityPkg/Tcg/TcgSmm/TcgSmm.inf| 3 ++- 7 files changed, 41 insertions(+), 8 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index 498fb626bd9c..4367102fbd49 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -9,7 +9,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved. Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -42,6 +42,7 @@ EFI_HANDLE mReadyToLockHandle; should still be called. @retval EFI_UNSUPPORTED An unknown test function was requested. @retval EFI_ACCESS_DENIED Part of the communication buffer lies in an invalid region. + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS @@ -78,6 +79,11 @@ TpmNvsCommunciate ( return EFI_ACCESS_DENIED; } + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmNvsCommunciate: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + // // Farm out the job to individual functions based on what was requested. // @@ -116,7 +122,7 @@ TpmNvsCommunciate ( @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. - + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS EFIAPI @@ -132,6 +138,11 @@ PhysicalPresenceCallback ( UINT32 OperationRequest; UINT32 RequestParameter; + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmPhysicalPresent: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( , @@ -173,6 +184,7 @@ PhysicalPresenceCallback ( @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS @@ -217,6 +229,11 @@ MemoryClearCallback ( return EFI_SUCCESS; } + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmMemoryClear: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + DataSize = sizeof (UINT8); Status = mSmmVariable->SmmSetVariable ( MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 96327a483ba9..e91567ca3169 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -8,7 +8,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,7 +33,7 @@ TCG_NVS*mTcgNvs; @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. - + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS EFIAPI @@ -92,6 +92,11 @@ PhysicalPresenceCallback ( return EFI_SUCCESS; } +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "TPMPhysicalPresent: fail to wait for all AP check in SMM!\n")); + return EFI_ABORTED; +} + if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) { PpData.PPRequest = (UINT8)mTcgNvs->PhysicalPresence.Request;
[edk2-devel] [PATCH 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let VariableSmm driver work normally in relaxed AP mode. Due to MdeModulePkg can not depend on UefiCpuPkg, use null version implementation in MdePkg. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Zhihao Li --- .../Universal/Variable/RuntimeDxe/VariableSmm.c| 10 +- .../Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 ++- .../Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 ++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 5253c328dcd9..265934c56a11 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), SmmVariableGetStatistics() should also do validation based on its own knowledge. -Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. Copyright (c) 2018, Linaro, Ltd. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include "Variable.h" @@ -656,6 +657,13 @@ SmmVariableHandler ( goto EXIT; } + if ((SmmVariableHeader->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP check in SMM!\n")); + goto EXIT; +} + } + Status = VariableServiceSetVariable ( SmmVariableHeader->Name, >Guid, diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index 8c552b87e080..e2a59d90586b 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -84,6 +84,7 @@ [LibraryClasses] VariablePolicyLib VariablePolicyHelperLib SafeIntLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index f09bed40cf51..e473a12cd80e 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. # Copyright (c) 2018, Linaro, Ltd. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent @@ -80,6 +80,7 @@ [LibraryClasses] VariableFlashInfoLib VariablePolicyLib VariablePolicyHelperLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90622): https://edk2.groups.io/g/devel/message/90622 Mute This Topic: https://groups.io/mt/91873451/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/1] MdePkg: add SmmCpuRendezvousLib.h and SmmCpuRendezvousLibNull implement.
From: "Li, Zhihao" REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3912 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm and VariableStandaloneMM driver in MdeModulePkg need to use this services but MdeModulePkg can't depend on UefiCpuPkg. Thus, the solution is moving SmmCpuRendezvouslib.h from UefiCpuPkg to MdePkg and creating SmmCpuRendezvousLib NullLib version implementation in MdePkg as dependency for the pkg that can't depend on UefiCpuPkg. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Zhihao Li Acked-by: Liming Gao --- .../SmmCpuRendezvousLibNull.c | 29 +++ .../Include/Library/SmmCpuRendezvousLib.h | 0 .../SmmCpuRendezvousLibNull.inf | 26 + MdePkg/MdeLibs.dsc.inc| 3 +- MdePkg/MdePkg.dec | 5 +++- MdePkg/MdePkg.dsc | 3 +- UefiCpuPkg/UefiCpuPkg.dec | 3 -- 7 files changed, 63 insertions(+), 6 deletions(-) create mode 100644 MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c rename {UefiCpuPkg => MdePkg}/Include/Library/SmmCpuRendezvousLib.h (100%) create mode 100644 MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c new file mode 100644 index ..474195bbb374 --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -0,0 +1,29 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + ASSERT (FALSE); + return EFI_SUCCESS; +} diff --git a/UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h b/MdePkg/Include/Library/SmmCpuRendezvousLib.h similarity index 100% rename from UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h rename to MdePkg/Include/Library/SmmCpuRendezvousLib.h diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf new file mode 100644 index ..7c9bac9af2ff --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf @@ -0,0 +1,26 @@ +## @file +# SMM CPU Rendezvous service lib. +# +# This is SMM CPU rendezvous service lib that wait for all +# APs to enter SMM mode. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = SmmCpuRendezvousLibNull + FILE_GUID = 1e5790ea-d013-4d7b-9047-b4342a762027 + MODULE_TYPE= DXE_SMM_DRIVER + LIBRARY_CLASS = SmmCpuRendezvousLib|MM_STANDALONE DXE_SMM_DRIVER + +[Sources] + SmmCpuRendezvousLibNull.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + DebugLib diff --git a/MdePkg/MdeLibs.dsc.inc b/MdePkg/MdeLibs.dsc.inc index 015ce46f7d3b..fc6f385b304d 100644 --- a/MdePkg/MdeLibs.dsc.inc +++ b/MdePkg/MdeLibs.dsc.inc @@ -5,7 +5,7 @@ # by using "!include MdePkg/MdeLibs.dsc.inc" to specify the library instances # of some EDKII basic/common library classes. # -# Copyright (c) 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. # #SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -14,3 +14,4 @@ [LibraryClasses] RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf + SmmCpuRendezvousLib|MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index faeb28c80cbd..f1ebf9e251c1 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -4,7 +4,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of # EFI1.10/UEFI2.7/PI1.7 and some Industry Standards. # -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved. # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved. # (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP # @@ -272,6 +2
[edk2-devel] [PATCH 1/1] MdePkg: Remove "assert" from SmmCpuRendevousLibNull.c
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3931 Some drivers will break down when they use SmmWaitForAllProcessor() which from SmmCpuRendezvousLibNull.c. Removing the code "ASSERT(False)" will make consumer work normally if they keep default setting for sync mode. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Zhihao Li Reviewed-by: Liming Gao --- MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | 1 - 1 file changed, 1 deletion(-) diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c index 474195bbb374..769f4c673802 100644 --- a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -24,6 +24,5 @@ SmmWaitForAllProcessor ( IN BOOLEAN BlockingMode ) { - ASSERT (FALSE); return EFI_SUCCESS; } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90621): https://edk2.groups.io/g/devel/message/90621 Mute This Topic: https://groups.io/mt/91873449/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/1] OvmfPkg: Add dependency of VariableSmm driver to make it work normally.
From: Zhihao Li REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3861 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib in OvmfPkg. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Zhihao Li Acked-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc| 3 ++- OvmfPkg/OvmfPkgIa32X64.dsc | 3 ++- OvmfPkg/OvmfPkgX64.dsc | 3 ++- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 380438e0dc0e..20f3bc340807 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -432,6 +432,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 2495d7786420..e4218b01f0fc 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -429,6 +429,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 4e3104833871..a80cdaacb8bc 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -435,6 +435,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f72f8c2e48fe..fb2899f8a1be 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -444,6 +444,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90619): https://edk2.groups.io/g/devel/message/90619 Mute This Topic: https://groups.io/mt/91873447/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
From: "Li, Zhihao" REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Zhihao Li Reviewed-by: Guo Dong --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index e2ea48348257..17b30589e77c 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -354,6 +354,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90618): https://edk2.groups.io/g/devel/message/90618 Mute This Topic: https://groups.io/mt/91873446/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
From: "Li, Zhihao" REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Cc: Jiewen Yao Cc: Jian J Wang Reviewed-by: Ray Ni Signed-off-by: Zhihao Li --- .../SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 103 ++ UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c| 69 +++- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 20 +++- .../Include/Library/SmmCpuRendezvousLib.h | 27 + UefiCpuPkg/Include/Protocol/SmmCpuService.h | 36 +- .../SmmCpuRendezvousLib.inf | 35 ++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 29 - UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/UefiCpuPkg.dec | 8 +- UefiCpuPkg/UefiCpuPkg.dsc | 2 + 10 files changed, 322 insertions(+), 12 deletions(-) create mode 100644 UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c create mode 100644 UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h create mode 100644 UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index ..e573c2ecfb51 --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,103 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL *mSmmCpuRendezvous = NULL; +STATIC VOID *mRegistration = NULL; + +/** + Callback function to wait Smm cpu rendezvous service located. + + SmmCpuRendezvousLib need to support MM_STANDALONE and DXE_SMM_DRIVER driver. + So do not use library constructor to locate the protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuRendezvousProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID*Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + Status = gMmst->MmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + EFI_STATUS Status; + + if ((mRegistration == NULL) && (mSmmCpuRendezvous == NULL)) { +// +// Locate SMM cpu rendezvous protocol for the first time execute the function. +// +Status = gMmst->MmLocateProtocol ( + , + NULL, + (VOID **) + ); +if (EFI_ERROR (Status)) { + Status = gMmst->MmRegisterProtocolNotify ( +, +SmmCpuRendezvousProtocolNotify, + +); + if (EFI_ERROR (Status)) { +return Status; + } +} + } + + // + // The platform have not set up. It doesn't need smm cpu rendezvous. + // + if (mSmmCpuRendezvous == NULL) { +return EFI_SUCCESS; + } + + Status = mSmmCpuRendezvous->WaitForAllProcessor ( +mSmmCpuRendezvous, +BlockingMode +); + return Status; +} diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 5d624f8e9ed6..2ebf4543c3ed 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -20,6 +20,13 @@ EFI_SMM_CPU_SERVICE_PROTOCOL mSmmCpuService = { SmmRegisterExceptionHandler }; +// +// EDKII SMM CPU Rendez
[edk2-devel] [PATCH 1/1] MdePkg: Remove "assert" from SmmCpuRendevousLibNull.c
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3931 Some drivers will break down when they use SmmWaitForAllProcessor() which from SmmCpuRendezvousLibNull.c. Removing the code "ASSERT(False)" will make consumer work normally if they keep default setting for sync mode. Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Zhihao Li Reviewed-by: Liming Gao --- MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | 1 - 1 file changed, 1 deletion(-) diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c index 474195bbb374..769f4c673802 100644 --- a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -24,6 +24,5 @@ SmmWaitForAllProcessor ( IN BOOLEAN BlockingMode ) { - ASSERT (FALSE); return EFI_SUCCESS; } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90616): https://edk2.groups.io/g/devel/message/90616 Mute This Topic: https://groups.io/mt/91873301/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] SecurityPkg: use SmmWaitForAllProcessor in TcgSmm and Tcg2Smm driver.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3855 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let TcgSmm and Tcg2Smm driver work normally in relaxed AP mode. Cc: Jiewen Yao Cc: Jian J Wang Cc: Rahul Kumar Cc: Qi Zhang Signed-off-by: Zhihao Li --- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c| 21 ++-- SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 15 -- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h| 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 1 + SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 3 ++- SecurityPkg/Tcg/TcgSmm/TcgSmm.inf| 3 ++- 7 files changed, 41 insertions(+), 8 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index 498fb626bd9c..4367102fbd49 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -9,7 +9,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved. Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -42,6 +42,7 @@ EFI_HANDLE mReadyToLockHandle; should still be called. @retval EFI_UNSUPPORTED An unknown test function was requested. @retval EFI_ACCESS_DENIED Part of the communication buffer lies in an invalid region. + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS @@ -78,6 +79,11 @@ TpmNvsCommunciate ( return EFI_ACCESS_DENIED; } + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmNvsCommunciate: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + // // Farm out the job to individual functions based on what was requested. // @@ -116,7 +122,7 @@ TpmNvsCommunciate ( @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. - + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS EFIAPI @@ -132,6 +138,11 @@ PhysicalPresenceCallback ( UINT32 OperationRequest; UINT32 RequestParameter; + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmPhysicalPresent: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( , @@ -173,6 +184,7 @@ PhysicalPresenceCallback ( @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS @@ -217,6 +229,11 @@ MemoryClearCallback ( return EFI_SUCCESS; } + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmMemoryClear: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + DataSize = sizeof (UINT8); Status = mSmmVariable->SmmSetVariable ( MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 96327a483ba9..e91567ca3169 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -8,7 +8,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,7 +33,7 @@ TCG_NVS*mTcgNvs; @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. - + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS EFIAPI @@ -92,6 +92,11 @@ PhysicalPresenceCallback ( return EFI_SUCCESS; } +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "TPMPhysicalPresent: fail to wait for all AP check in SMM!\n")); + return EFI_ABORTED; +} + if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) { PpData.PPRequest = (UINT8)mTcgNvs->PhysicalPresence.Request;
[edk2-devel] [PATCH 1/1] MdePkg: add SmmCpuRendezvousLib.h and SmmCpuRendezvousLibNull implement.
From: "Li, Zhihao" REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3912 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm and VariableStandaloneMM driver in MdeModulePkg need to use this services but MdeModulePkg can't depend on UefiCpuPkg. Thus, the solution is moving SmmCpuRendezvouslib.h from UefiCpuPkg to MdePkg and creating SmmCpuRendezvousLib NullLib version implementation in MdePkg as dependency for the pkg that can't depend on UefiCpuPkg. Cc: Michael D Kinney Cc: Liming Gao Cc: Eric Dong Cc: Ray Ni Cc: Michael Kubacki Cc: Siyuan Fu Signed-off-by: Zhihao Li Acked-by: Liming Gao --- .../SmmCpuRendezvousLibNull.c | 29 +++ .../Include/Library/SmmCpuRendezvousLib.h | 0 .../SmmCpuRendezvousLibNull.inf | 26 + MdePkg/MdeLibs.dsc.inc| 3 +- MdePkg/MdePkg.dec | 5 +++- MdePkg/MdePkg.dsc | 3 +- UefiCpuPkg/UefiCpuPkg.dec | 3 -- 7 files changed, 63 insertions(+), 6 deletions(-) create mode 100644 MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c rename {UefiCpuPkg => MdePkg}/Include/Library/SmmCpuRendezvousLib.h (100%) create mode 100644 MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c new file mode 100644 index ..474195bbb374 --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -0,0 +1,29 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + ASSERT (FALSE); + return EFI_SUCCESS; +} diff --git a/UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h b/MdePkg/Include/Library/SmmCpuRendezvousLib.h similarity index 100% rename from UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h rename to MdePkg/Include/Library/SmmCpuRendezvousLib.h diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf new file mode 100644 index ..7c9bac9af2ff --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf @@ -0,0 +1,26 @@ +## @file +# SMM CPU Rendezvous service lib. +# +# This is SMM CPU rendezvous service lib that wait for all +# APs to enter SMM mode. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = SmmCpuRendezvousLibNull + FILE_GUID = 1e5790ea-d013-4d7b-9047-b4342a762027 + MODULE_TYPE= DXE_SMM_DRIVER + LIBRARY_CLASS = SmmCpuRendezvousLib|MM_STANDALONE DXE_SMM_DRIVER + +[Sources] + SmmCpuRendezvousLibNull.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + DebugLib diff --git a/MdePkg/MdeLibs.dsc.inc b/MdePkg/MdeLibs.dsc.inc index 015ce46f7d3b..fc6f385b304d 100644 --- a/MdePkg/MdeLibs.dsc.inc +++ b/MdePkg/MdeLibs.dsc.inc @@ -5,7 +5,7 @@ # by using "!include MdePkg/MdeLibs.dsc.inc" to specify the library instances # of some EDKII basic/common library classes. # -# Copyright (c) 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. # #SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -14,3 +14,4 @@ [LibraryClasses] RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf + SmmCpuRendezvousLib|MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index faeb28c80cbd..f1ebf9e251c1 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -4,7 +4,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of # EFI1.10/UEFI2.7/PI1.7 and some Industry Standards. # -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved. # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved. # (C) Copyright 2016 - 2021 Hew
[edk2-devel] [PATCH 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
From: "Li, Zhihao" REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Guo Dong Cc: Ray Ni Cc: Benjamin You Cc: Sean Rhodes Cc: Siyuan Fu Signed-off-by: Zhihao Li Reviewed-by: Guo Dong --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index e2ea48348257..17b30589e77c 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -354,6 +354,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90613): https://edk2.groups.io/g/devel/message/90613 Mute This Topic: https://groups.io/mt/91873298/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
From: "Li, Zhihao" REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Cc: Eric Dong Reviewed-by: Ray Ni Cc: Rahul Kumar Cc: Siyuan Fu Cc: Zhihao Li Signed-off-by: Zhihao Li --- .../SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 103 ++ UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c| 69 +++- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 20 +++- .../Include/Library/SmmCpuRendezvousLib.h | 27 + UefiCpuPkg/Include/Protocol/SmmCpuService.h | 36 +- .../SmmCpuRendezvousLib.inf | 35 ++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 29 - UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/UefiCpuPkg.dec | 8 +- UefiCpuPkg/UefiCpuPkg.dsc | 2 + 10 files changed, 322 insertions(+), 12 deletions(-) create mode 100644 UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c create mode 100644 UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h create mode 100644 UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index ..e573c2ecfb51 --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,103 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL *mSmmCpuRendezvous = NULL; +STATIC VOID *mRegistration = NULL; + +/** + Callback function to wait Smm cpu rendezvous service located. + + SmmCpuRendezvousLib need to support MM_STANDALONE and DXE_SMM_DRIVER driver. + So do not use library constructor to locate the protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuRendezvousProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID*Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + Status = gMmst->MmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + EFI_STATUS Status; + + if ((mRegistration == NULL) && (mSmmCpuRendezvous == NULL)) { +// +// Locate SMM cpu rendezvous protocol for the first time execute the function. +// +Status = gMmst->MmLocateProtocol ( + , + NULL, + (VOID **) + ); +if (EFI_ERROR (Status)) { + Status = gMmst->MmRegisterProtocolNotify ( +, +SmmCpuRendezvousProtocolNotify, + +); + if (EFI_ERROR (Status)) { +return Status; + } +} + } + + // + // The platform have not set up. It doesn't need smm cpu rendezvous. + // + if (mSmmCpuRendezvous == NULL) { +return EFI_SUCCESS; + } + + Status = mSmmCpuRendezvous->WaitForAllProcessor ( +mSmmCpuRendezvous, +BlockingMode +); + return Status; +} diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 5d624f8e9ed6..2ebf4543c3ed 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -20,6 +20,13 @@ EFI_SMM_CPU_SERVICE_PROTOCOL mSmmCpuService = { SmmRegisterExceptionHandler }; +// +// ED
[edk2-devel] [PATCH 1/1] OvmfPkg: Add dependency of VariableSmm driver to make it work normally.
From: Zhihao Li REF? https://bugzilla.tianocore.org/show_bug.cgi?id=3861 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib in OvmfPkg. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Sebastien Boeuf Signed-off-by: Zhihao Li Acked-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc| 3 ++- OvmfPkg/OvmfPkgIa32X64.dsc | 3 ++- OvmfPkg/OvmfPkgX64.dsc | 3 ++- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 380438e0dc0e..20f3bc340807 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -432,6 +432,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 2495d7786420..e4218b01f0fc 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -429,6 +429,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 4e3104833871..a80cdaacb8bc 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -435,6 +435,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f72f8c2e48fe..fb2899f8a1be 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -444,6 +444,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90612): https://edk2.groups.io/g/devel/message/90612 Mute This Topic: https://groups.io/mt/91873297/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 0/1] *** SUBJECT HERE ***
*** BLURB HERE *** Zhihao Li (1): SecurityPkg: use SmmWaitForAllProcessor in TcgSmm and Tcg2Smm driver. SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c| 21 ++-- SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 15 -- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h| 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 1 + SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 3 ++- SecurityPkg/Tcg/TcgSmm/TcgSmm.inf| 3 ++- 7 files changed, 41 insertions(+), 8 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90610): https://edk2.groups.io/g/devel/message/90610 Mute This Topic: https://groups.io/mt/91873295/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] SecurityPkg: use SmmWaitForAllProcessor in TcgSmm and Tcg2Smm driver.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3855 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let TcgSmm and Tcg2Smm driver work normally in relaxed AP mode. Cc: Jiewen Yao Cc: Jian J Wang Cc: Rahul Kumar Cc: Qi Zhang Signed-off-by: Zhihao Li --- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c| 21 ++-- SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 15 -- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h| 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 3 ++- SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf | 1 + SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 3 ++- SecurityPkg/Tcg/TcgSmm/TcgSmm.inf| 3 ++- 7 files changed, 41 insertions(+), 8 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index 498fb626bd9c..4367102fbd49 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -9,7 +9,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved. Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -42,6 +42,7 @@ EFI_HANDLE mReadyToLockHandle; should still be called. @retval EFI_UNSUPPORTED An unknown test function was requested. @retval EFI_ACCESS_DENIED Part of the communication buffer lies in an invalid region. + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS @@ -78,6 +79,11 @@ TpmNvsCommunciate ( return EFI_ACCESS_DENIED; } + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmNvsCommunciate: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + // // Farm out the job to individual functions based on what was requested. // @@ -116,7 +122,7 @@ TpmNvsCommunciate ( @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. - + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS EFIAPI @@ -132,6 +138,11 @@ PhysicalPresenceCallback ( UINT32 OperationRequest; UINT32 RequestParameter; + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmPhysicalPresent: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( , @@ -173,6 +184,7 @@ PhysicalPresenceCallback ( @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS @@ -217,6 +229,11 @@ MemoryClearCallback ( return EFI_SUCCESS; } + if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { +DEBUG ((DEBUG_ERROR, "TpmMemoryClear: fail to wait for all AP check in SMM!\n")); +return EFI_ABORTED; + } + DataSize = sizeof (UINT8); Status = mSmmVariable->SmmSetVariable ( MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 96327a483ba9..e91567ca3169 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -8,7 +8,7 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -33,7 +33,7 @@ TCG_NVS*mTcgNvs; @param[in, out] CommBufferSize The size of the CommBuffer. @retval EFI_SUCCESS The interrupt was handled successfully. - + @retval EFI_ABORTED Fail to wait for all AP check in SMM. **/ EFI_STATUS EFIAPI @@ -92,6 +92,11 @@ PhysicalPresenceCallback ( return EFI_SUCCESS; } +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "TPMPhysicalPresent: fail to wait for all AP check in SMM!\n")); + return EFI_ABORTED; +} + if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) { PpData.PPRequest = (UINT8)mTcgNvs->PhysicalPresence.Request;
[edk2-devel] [PATCH v4 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let VariableSmm driver work normally in relaxed AP mode. Due to MdeModulePkg can not depend on UefiCpuPkg, use null version implementation in MdePkg. Cc: Jian J Wang Cc: Liming Gao Cc: Ni Ray Signed-off-by: Zhihao Li --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 10 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 ++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 ++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 5253c328dcd9..265934c56a11 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), SmmVariableGetStatistics() should also do validation based on its own knowledge. -Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. Copyright (c) 2018, Linaro, Ltd. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include "Variable.h" @@ -656,6 +657,13 @@ SmmVariableHandler ( goto EXIT; } + if ((SmmVariableHeader->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP check in SMM!\n")); + goto EXIT; +} + } + Status = VariableServiceSetVariable ( SmmVariableHeader->Name, >Guid, diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index 8c552b87e080..e2a59d90586b 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -84,6 +84,7 @@ [LibraryClasses] VariablePolicyLib VariablePolicyHelperLib SafeIntLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index f09bed40cf51..e473a12cd80e 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. # Copyright (c) 2018, Linaro, Ltd. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent @@ -80,6 +80,7 @@ [LibraryClasses] VariableFlashInfoLib VariablePolicyLib VariablePolicyHelperLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90473): https://edk2.groups.io/g/devel/message/90473 Mute This Topic: https://groups.io/mt/91721375/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v3 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let VariableSmm driver work normally in relaxed AP mode. Due to MdeModulePkg can not depend on UefiCpuPkg, use null version implementation in MdePkg. Cc: Jian J Wang Cc: Liming Gao Cc: Ni Ray Signed-off-by: Zhihao Li --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 10 +- MdeModulePkg/MdeModulePkg.dsc | 4 +++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 ++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 ++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 517cae7b00f8..52a9b0e6b202 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), SmmVariableGetStatistics() should also do validation based on its own knowledge. -Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. Copyright (c) 2018, Linaro, Ltd. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include "Variable.h" @@ -656,6 +657,13 @@ SmmVariableHandler ( goto EXIT; } + if ((SmmVariableHeader->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP check in SMM!\n")); + goto EXIT; +} + } + Status = VariableServiceSetVariable ( SmmVariableHeader->Name, >Guid, diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index b1d83461865e..1a3cf191bb5c 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -2,7 +2,7 @@ # EFI/PI Reference Module Package for All Architectures # # (C) Copyright 2014 Hewlett-Packard Development Company, L.P. -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # #SPDX-License-Identifier: BSD-2-Clause-Patent @@ -152,6 +152,7 @@ [LibraryClasses.common.DXE_SMM_DRIVER] SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf + SmmCpuRendezvousLib|MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf [LibraryClasses.common.UEFI_DRIVER] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf @@ -172,6 +173,7 @@ [LibraryClasses.common.MM_STANDALONE] MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.inf MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf + SmmCpuRendezvousLib|MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index eaa97a01c6e5..0bebd92b1626 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -82,6 +82,7 @@ [LibraryClasses] UefiBootServicesTableLib VariablePolicyLib VariablePolicyHelperLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index d8c4f77e7f1f..595baaf70164 100644 ---
[edk2-devel] [PATCH v1 1/1] MdePkg: Remove "assert" from SmmCpuRendevousLibNull.c
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3931 Some drivers will break down when they use SmmWaitForAllProcessor() which from SmmCpuRendezvousLibNull.c. Removing the code "ASSERT(False)" will make consumer work normally if they keep default setting for sync mode. Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Zhihao Li --- MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | 1 - 1 file changed, 1 deletion(-) diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c index 474195bbb374..769f4c673802 100644 --- a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -24,6 +24,5 @@ SmmWaitForAllProcessor ( IN BOOLEAN BlockingMode ) { - ASSERT (FALSE); return EFI_SUCCESS; } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89886): https://edk2.groups.io/g/devel/message/89886 Mute This Topic: https://groups.io/mt/91184411/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 1/1] MdePkg: add SmmCpuRendezvousLib.h and SmmCpuRendezvousLibNull implement.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3912 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm and VariableStandaloneMM driver in MdeModulePkg need to use this services but MdeModulePkg can't depend on UefiCpuPkg. Thus, the solution is moving SmmCpuRendezvouslib.h from UefiCpuPkg to MdePkg and creating SmmCpuRendezvousLib NullLib version implementation in MdePkg as dependency for the pkg that can't depend on UefiCpuPkg. Cc: Michael D Kinney Cc: Liming Gao Cc: Eric Dong Cc: Ray Ni Cc: Michael Kubacki Cc: Siyuan Fu Signed-off-by: Zhihao Li --- MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | 29 {UefiCpuPkg => MdePkg}/Include/Library/SmmCpuRendezvousLib.h | 0 MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf | 26 ++ MdePkg/MdeLibs.dsc.inc | 3 +- MdePkg/MdePkg.dec | 5 +++- MdePkg/MdePkg.dsc | 3 +- UefiCpuPkg/UefiCpuPkg.dec | 3 -- 7 files changed, 63 insertions(+), 6 deletions(-) diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c new file mode 100644 index ..474195bbb374 --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -0,0 +1,29 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + ASSERT (FALSE); + return EFI_SUCCESS; +} diff --git a/UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h b/MdePkg/Include/Library/SmmCpuRendezvousLib.h similarity index 100% rename from UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h rename to MdePkg/Include/Library/SmmCpuRendezvousLib.h diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf new file mode 100644 index ..7c9bac9af2ff --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf @@ -0,0 +1,26 @@ +## @file +# SMM CPU Rendezvous service lib. +# +# This is SMM CPU rendezvous service lib that wait for all +# APs to enter SMM mode. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = SmmCpuRendezvousLibNull + FILE_GUID = 1e5790ea-d013-4d7b-9047-b4342a762027 + MODULE_TYPE= DXE_SMM_DRIVER + LIBRARY_CLASS = SmmCpuRendezvousLib|MM_STANDALONE DXE_SMM_DRIVER + +[Sources] + SmmCpuRendezvousLibNull.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + DebugLib diff --git a/MdePkg/MdeLibs.dsc.inc b/MdePkg/MdeLibs.dsc.inc index 3c70daf87a0c..9d7b234b8565 100644 --- a/MdePkg/MdeLibs.dsc.inc +++ b/MdePkg/MdeLibs.dsc.inc @@ -5,7 +5,7 @@ # by using "!include MdePkg/MdeLibs.dsc.inc" to specify the library instances # of some EDKII basic/common library classes. # -# Copyright (c) 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. # #SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -13,3 +13,4 @@ [LibraryClasses] RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf + SmmCpuRendezvousLib|MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index faeb28c80cbd..f1ebf9e251c1 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -4,7 +4,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of # EFI1.10/UEFI2.7/PI1.7 and some Industry Standards. # -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved. # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved. # (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP # @@ -272,6 +272,9 @@ # CcProbeLib|Include/Library/CcProbeLib.h + ## @libraryclass
[edk2-devel] [PATCH v1 1/1] MdePkg: add SmmCpuRendezvousLib.h and SmmCpuRendezvousLibNull implement.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3912 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm and VariableStandaloneMM driver in MdeModulePkg need to use this services but MdeModulePkg can't depend on UefiCpuPkg. Thus, the solution is moving SmmCpuRendezvouslib.h from UefiCpuPkg to MdePkg and creating SmmCpuRendezvousLib NullLib version implementation in MdePkg as dependency for the pkg that can't depend on UefiCpuPkg. Cc: Michael D Kinney Cc: Liming Gao Cc: Eric Dong Cc: Ray Ni Cc: Michael Kubacki Cc: Siyuan Fu Signed-off-by: Zhihao Li --- MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | 29 {UefiCpuPkg => MdePkg}/Include/Library/SmmCpuRendezvousLib.h | 0 MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf | 26 ++ MdePkg/MdePkg.dec | 3 ++ MdePkg/MdePkg.dsc | 1 + UefiCpuPkg/UefiCpuPkg.dec | 3 -- 6 files changed, 59 insertions(+), 3 deletions(-) diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c new file mode 100644 index ..474195bbb374 --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -0,0 +1,29 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + ASSERT (FALSE); + return EFI_SUCCESS; +} diff --git a/UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h b/MdePkg/Include/Library/SmmCpuRendezvousLib.h similarity index 100% rename from UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h rename to MdePkg/Include/Library/SmmCpuRendezvousLib.h diff --git a/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf new file mode 100644 index ..7c9bac9af2ff --- /dev/null +++ b/MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf @@ -0,0 +1,26 @@ +## @file +# SMM CPU Rendezvous service lib. +# +# This is SMM CPU rendezvous service lib that wait for all +# APs to enter SMM mode. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = SmmCpuRendezvousLibNull + FILE_GUID = 1e5790ea-d013-4d7b-9047-b4342a762027 + MODULE_TYPE= DXE_SMM_DRIVER + LIBRARY_CLASS = SmmCpuRendezvousLib|MM_STANDALONE DXE_SMM_DRIVER + +[Sources] + SmmCpuRendezvousLibNull.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + DebugLib diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index faeb28c80cbd..85a4398e8f65 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -272,6 +272,9 @@ # CcProbeLib|Include/Library/CcProbeLib.h + ## @libraryclass Provides function for SMM CPU Rendezvous Library. + SmmCpuRendezvousLib|Include/Library/SmmCpuRendezvousLib.h + [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64] ## @libraryclass Provides services to generate random number. # diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index c8d282882ec1..5e2ea32088fa 100644 --- a/MdePkg/MdePkg.dsc +++ b/MdePkg/MdePkg.dsc @@ -131,6 +131,7 @@ MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf + MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] # diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 525cde463435..1951eb294c6c 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -62,9 +62,6 @@ ## @libraryclass Provides function for loading microcode. MicrocodeLib|Include/Library/MicrocodeLib.h - ## @libraryclass Provides function for SMM CPU Rendezvous Library. - SmmCpuRendezvousLib|Include/Library/SmmCpuRendezvousLib.h - [Guids] gUefiCpuPkgTokenSpaceGuid = { 0xac05bf33, 0x995a, 0x4ed4, { 0xaa, 0xb8, 0xef, 0x7a, 0xe8,
Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
Thank you for your comment. I will move the SmmCpuRendezvousLib.h file and NullLib implementation to MdePkg. Thanks Zhihao -Original Message- From: Michael Kubacki Sent: Thursday, April 21, 2022 2:42 AM To: devel@edk2.groups.io; Li, Zhihao Cc: Wang, Jian J ; Gao, Liming ; Fu, Siyuan ; Ni, Ray ; Sami Mujawar ; Ilias Apalodimas ; Ard Biesheuvel ; Leif Lindholm Subject: Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver. If I understand this patch correctly, it is exactly duplicating the SmmCpuRendezvousLib library class/interface in ModeModulePkg because code there cannot depend on the library class/interface definition currently in UefiCpuPkg: https://github.com/tianocore/edk2/blob/master/UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h If that's the case, this is creating maintenance debt by requiring the two interfaces always be kept in sync and developer confusion. It is okay to have an interface defined in a more broadly scoped package (e.g. MdePkg) with instances implemented in other packages. For example, the HobLib interface is defined in MdePkg: https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Library/HobLib.h But, instances are described in many other packages including a NULL instance in MdeModulePkg: https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Library/BaseHobLibNull/BaseHobLibNull.inf And a Standalone MM instance in StandaloneMmPkg: https://github.com/tianocore/edk2/blob/master/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf If this interface is actually consumed by MdeModulePkg, the interface should be defined in a single package that is allowed to be a dependency for MdeModulePkg. The NULL library instance referenced in the MdeModulePkg build should also be implemented in an allowed package. The library interface should be removed from other packages (UefiCpuPkg). Other library instances can then be implemented elsewhere using the library class interface from the singly defined location. Regards, Michael On 4/20/2022 1:32 PM, Li, Zhihao wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 > > In UefiCpuPkg, there are a new Protocol with the new service > SmmWaitForAllProcessor(), which can be used by SMI handler to > optionally wait for other APs to complete SMM rendezvous in relaxed AP > mode. > > This patch use the new service to let VariableSmm driver work normally > in relaxed AP mode. > > Due to MdeModulePkg can not depend on UefiCpuPkg, use null version > implementation in MdeModulePkg.dsc. > > Cc: Jian J Wang > Cc: Liming Gao > Cc: Siyuan Fu > Cc: Ni Ray > Cc: Sami Mujawar > Cc: Ilias Apalodimas > Cc: Ard Biesheuvel > Cc: Leif Lindholm > > Signed-off-by: Zhihao Li > --- > MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | > 29 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | > 10 ++- > MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h | > 27 ++ > MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf | > 27 ++ > MdeModulePkg/MdeModulePkg.dec| > 5 +++- > MdeModulePkg/MdeModulePkg.dsc| > 5 +++- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | > 3 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | > 3 +- > 8 files changed, 104 insertions(+), 5 deletions(-) > > diff --git > a/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull > .c > b/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull > .c > new file mode 100644 > index ..474195bbb374 > --- /dev/null > +++ b/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLib > +++ Null.c > @@ -0,0 +1,29 @@ > +/** @file > > + SMM CPU Rendezvous sevice implement. > > + > > + Copyright (c) 2022, Intel Corporation. All rights reserved. > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include > > +#include > > + > > +/** > > + This routine wait for all AP processors to arrive in SMM. > > + > > + @param[in] BlockingMode Blocking mode or non-blocking mode. > > + > > + @retval EFI_SUCCESS All avaiable APs arrived. > > + @retval EFI_TIMEOUT Wait for all APs until timeout. > > + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +SmmWaitForAllProcessor ( > > + IN BOOLEAN BlockingMode > &
[edk2-devel] [PATCH v2 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let VariableSmm driver work normally in relaxed AP mode. Due to MdeModulePkg can not depend on UefiCpuPkg, use null version implementation in MdeModulePkg.dsc. Cc: Jian J Wang Cc: Liming Gao Cc: Siyuan Fu Cc: Ni Ray Cc: Sami Mujawar Cc: Ilias Apalodimas Cc: Ard Biesheuvel Cc: Leif Lindholm Signed-off-by: Zhihao Li --- MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c | 29 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 10 ++- MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h | 27 ++ MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf | 27 ++ MdeModulePkg/MdeModulePkg.dec| 5 +++- MdeModulePkg/MdeModulePkg.dsc| 5 +++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 +- 8 files changed, 104 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c b/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c new file mode 100644 index ..474195bbb374 --- /dev/null +++ b/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.c @@ -0,0 +1,29 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + ASSERT (FALSE); + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 517cae7b00f8..52a9b0e6b202 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), SmmVariableGetStatistics() should also do validation based on its own knowledge. -Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. Copyright (c) 2018, Linaro, Ltd. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include "Variable.h" @@ -656,6 +657,13 @@ SmmVariableHandler ( goto EXIT; } + if ((SmmVariableHeader->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP check in SMM!\n")); + goto EXIT; +} + } + Status = VariableServiceSetVariable ( SmmVariableHeader->Name, >Guid, diff --git a/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h b/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h new file mode 100644 index ..82e459e9106e --- /dev/null +++ b/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h @@ -0,0 +1,27 @@ +/** @file + SMM CPU Rendezvous library header file. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SMM_CPU_RENDEZVOUS_H_ +#define SMM_CPU_RENDEZVOUS_H_ + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All processors checked in to SMM. + @retval EFI_TIMEOUT Wait for all APs until timeout. + +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ); + +#endif diff --git a/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf b/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf new file mode 100644 index ..0bd4f39e7277 --- /dev/null +++ b/MdeModulePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf @@ -0,0 +1,27 @@ +## @file +# SMM CPU Rendezvous service
Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
Hi As Liming's mail below, PlatformStandaloneMm.fdf, DeveloperBoxMm.fdf and PlatformStandaloneMmRpmb.fdf consume VariableStandaloneMm module. I send the patch that made VariableStandaloneMm driver use SmmWaitForAllProcessor function and depend on SmmCpuRendezvousLib. In MdeModulePkg, it will be a NullLib version. The patch_V2 using nulllib version will send later and will cc you. If any problem in it, please give me some comments. Thanks a lot Best Regard Zhihao > -Original Message- > From: gaoliming > Sent: Sunday, April 17, 2022 11:28 AM > To: devel@edk2.groups.io; Li, Zhihao ; 'Michael Kubacki' > ; 'Ard Biesheuvel' > ; 'Leif Lindholm' ; 'Sean > Brogan' > Cc: Wang, Jian J ; Fu, Siyuan ; > Ni, > Ray ; Kinney, Michael D ; Yao, > Jiewen > Subject: 回复: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > SmmWaitForAllProcessor() in VariableSmm driver. > > Zhihao: > I see three platforms in edk2-platforms to consume VariableStandaloneMm > module. So, I think this change will impact them. Can you confirm this change > with those platform owners? > > Platform\ARM\SgiPkg\PlatformStandaloneMm.fdf > Platform\Socionext\DeveloperBox\DeveloperBoxMm.fdf > Platform\StandaloneMm\PlatformStandaloneMmPkg\PlatformStandaloneMmR > pmb.fdf > > Thanks > Liming > > -邮件原件- > > 发件人: devel@edk2.groups.io 代表 Li, Zhihao > > 发送时间: 2022年4月15日 17:12 > > 收件人: Gao, Liming ; devel@edk2.groups.io; > > 'Michael Kubacki' ; 'Ard Biesheuvel' > > ; 'Leif Lindholm' ; > > 'Sean Brogan' > > 抄送: Wang, Jian J ; Fu, Siyuan > > ; Ni, Ray ; Kinney, Michael D > > ; Yao, Jiewen > > 主题: Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > > SmmWaitForAllProcessor() in VariableSmm driver. > > > > I see the configuration in MdeModulePkg\MdeModulePkg.ci.yaml. I add > > SmmCpuRendezvousLib.h in MdeModulePkg/Include/Library folder so that > > it doesn't need add UefiCpuPkg.dec in [Packages] and bypass the check. > > > > For the second point, due to the patch pass the CI test, it also pass > > the PlatformCI_ArmVirtPkg. I don't realize that any problem in Arm > > platform build. > > Leif and Ard > > Does the patch has any influence on arm platform build? > > > > Liming: > > If the solution is not acceptable, how about I create NULL version of > > SmmCpuRendezvousLib in MdeModulePkg and use it in MdeModulePkg.dsc? > > Is that a acceptable solution for you? > > > > > -Original Message- > > > From: gaoliming > > > Sent: Wednesday, April 13, 2022 9:30 AM > > > To: Li, Zhihao ; devel@edk2.groups.io; 'Michael > > Kubacki' > > > ; 'Ard Biesheuvel' > > > ; 'Leif Lindholm' ; > > > 'Sean Brogan' > > > Cc: Wang, Jian J ; Fu, Siyuan > > > ; > > Ni, > > > Ray ; Kinney, Michael D > > > ; > > Yao, > > > Jiewen > > > Subject: 回复: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > > > SmmWaitForAllProcessor() in VariableSmm driver. > > > > > > Zhihao: > > > I remember CI has the check for the package dependency. If this > > > patch > > passes > > > CI, seemly this checker doesn't do. You can see DependencyCheck in > > > MdeModulePkg\MdeModulePkg.ci.yaml. > > > And, this patch introduces new dependency in VariableStandaloneMm. > > > It > > has > > > been used in edk2 platform ARM platform. This change will break > > > these > > platform > > > build. Please notify the platform owners. > > > > > > Sean and Michael: > > > This patch adds UefiCpuPkg library instance SmmCpuRendezvousLib > > > into MdeModulePkg.dsc. But, CI can pass. Is this the expected behavior? > > > > > > Thanks > > > Liming > > > > -邮件原件- > > > > 发件人: Li, Zhihao > > > > 发送时间: 2022年4月13日 2:14 > > > > 收件人: Gao, Liming ; > > devel@edk2.groups.io > > > > 抄送: Wang, Jian J ; Fu, Siyuan > > > > ; Ni, Ray ; Kinney, Michael > > > > D > > > > 主题: RE: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > > > > SmmWaitForAllProcessor() in VariableSmm driver. > > > > > > > > 1. Although SmmCpuRendezvousLib in UefiCpuPkg, add > > SmmRendezvousLib.h > > > > into MdeModulePkg/Include/Library folder bypass the check. > > > > 2. The SmmRendezvousLib is a standalone MM library and doesn’t > > > > have any DXE service dependency. It can be used by SMM variable > > > > module and MM variable module. > > > > > > &g
Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
I see the configuration in MdeModulePkg\MdeModulePkg.ci.yaml. I add SmmCpuRendezvousLib.h in MdeModulePkg/Include/Library folder so that it doesn't need add UefiCpuPkg.dec in [Packages] and bypass the check. For the second point, due to the patch pass the CI test, it also pass the PlatformCI_ArmVirtPkg. I don't realize that any problem in Arm platform build. Leif and Ard Does the patch has any influence on arm platform build? Liming: If the solution is not acceptable, how about I create NULL version of SmmCpuRendezvousLib in MdeModulePkg and use it in MdeModulePkg.dsc? Is that a acceptable solution for you? > -Original Message- > From: gaoliming > Sent: Wednesday, April 13, 2022 9:30 AM > To: Li, Zhihao ; devel@edk2.groups.io; 'Michael Kubacki' > ; 'Ard Biesheuvel' > ; 'Leif Lindholm' ; 'Sean > Brogan' > Cc: Wang, Jian J ; Fu, Siyuan ; > Ni, > Ray ; Kinney, Michael D ; Yao, > Jiewen > Subject: 回复: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > SmmWaitForAllProcessor() in VariableSmm driver. > > Zhihao: > I remember CI has the check for the package dependency. If this patch passes > CI, seemly this checker doesn't do. You can see DependencyCheck in > MdeModulePkg\MdeModulePkg.ci.yaml. > And, this patch introduces new dependency in VariableStandaloneMm. It has > been used in edk2 platform ARM platform. This change will break these platform > build. Please notify the platform owners. > > Sean and Michael: > This patch adds UefiCpuPkg library instance SmmCpuRendezvousLib into > MdeModulePkg.dsc. But, CI can pass. Is this the expected behavior? > > Thanks > Liming > > -邮件原件- > > 发件人: Li, Zhihao > > 发送时间: 2022年4月13日 2:14 > > 收件人: Gao, Liming ; devel@edk2.groups.io > > 抄送: Wang, Jian J ; Fu, Siyuan > > ; Ni, Ray ; Kinney, Michael D > > > > 主题: RE: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > > SmmWaitForAllProcessor() in VariableSmm driver. > > > > 1. Although SmmCpuRendezvousLib in UefiCpuPkg, add SmmRendezvousLib.h > > into MdeModulePkg/Include/Library folder bypass the check. > > 2. The SmmRendezvousLib is a standalone MM library and doesn’t have > > any DXE service dependency. It can be used by SMM variable module and > > MM variable module. > > > > As the patch following, it have passed the Edk2 CI test. The code can > > run successfully in practice, but I'm not sure if this is acceptable > > in terms of the standard. > > > > -Original Message- > > From: gaoliming > > Sent: Tuesday, April 12, 2022 9:00 AM > > To: devel@edk2.groups.io; Li, Zhihao > > Cc: Wang, Jian J ; Fu, Siyuan > > ; Ni, Ray ; Kinney, Michael D > > > > Subject: 回复: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > > SmmWaitForAllProcessor() in VariableSmm driver. > > > > Zhihao: > > This patch breaks two things. One is to let MdeModulePkg depend on > > UefiCpuPkg, another is to let VariableStandaloneMm depend on > > UefiCpuPkg SmmCpuRendezvousLib. Please provide your proposal to > > resolve these two dependency first. > > > > Thanks > > Liming > > > -邮件原件- > > > 发件人: devel@edk2.groups.io 代表 Li, Zhihao > > > 发送时间: 2022年4月11日 15:07 > > > 收件人: devel@edk2.groups.io > > > 抄送: Jian J Wang ; Liming Gao > > > ; Siyuan Fu ; Ni Ray > > > ; Michael D Kinney > > > 主题: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > > > SmmWaitForAllProcessor() in VariableSmm driver. > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 > > > > > > In UefiCpuPkg, there are a new Protocol with the new service > > > SmmWaitForAllProcessor(), which can be used by SMI handler to > > > optionally wait for other APs to complete SMM rendezvous in relaxed > > > AP mode. > > > > > > This patch use the new service to let VariableSmm driver work > > > normally in relaxed AP mode. > > > > > > Cc: Jian J Wang > > > Cc: Liming Gao > > > Cc: Siyuan Fu > > > Cc: Ni Ray > > > Cc: Michael D Kinney > > > > > > Signed-off-by: Zhihao Li > > > --- > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > > > | 10 +++- > > > MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h > > > | 27 > > > MdeModulePkg/MdeModulePkg.dec > > > | 5 +++- > > > MdeModulePkg/MdeModulePkg.dsc > > > | 4 ++- > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > > > | 3 ++- > > > > > MdeModulePkg/Universal/Variab
Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
1. Although SmmCpuRendezvousLib in UefiCpuPkg, add SmmRendezvousLib.h into MdeModulePkg/Include/Library folder bypass the check. 2. The SmmRendezvousLib is a standalone MM library and doesn’t have any DXE service dependency. It can be used by SMM variable module and MM variable module. As the patch following, it have passed the Edk2 CI test. The code can run successfully in practice, but I'm not sure if this is acceptable in terms of the standard. -Original Message- From: gaoliming Sent: Tuesday, April 12, 2022 9:00 AM To: devel@edk2.groups.io; Li, Zhihao Cc: Wang, Jian J ; Fu, Siyuan ; Ni, Ray ; Kinney, Michael D Subject: 回复: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver. Zhihao: This patch breaks two things. One is to let MdeModulePkg depend on UefiCpuPkg, another is to let VariableStandaloneMm depend on UefiCpuPkg SmmCpuRendezvousLib. Please provide your proposal to resolve these two dependency first. Thanks Liming > -邮件原件- > 发件人: devel@edk2.groups.io 代表 Li, Zhihao > 发送时间: 2022年4月11日 15:07 > 收件人: devel@edk2.groups.io > 抄送: Jian J Wang ; Liming Gao > ; Siyuan Fu ; Ni Ray > ; Michael D Kinney > 主题: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use > SmmWaitForAllProcessor() in VariableSmm driver. > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 > > In UefiCpuPkg, there are a new Protocol with the new service > SmmWaitForAllProcessor(), which can be used by SMI handler to > optionally wait for other APs to complete SMM rendezvous in relaxed AP > mode. > > This patch use the new service to let VariableSmm driver work normally > in relaxed AP mode. > > Cc: Jian J Wang > Cc: Liming Gao > Cc: Siyuan Fu > Cc: Ni Ray > Cc: Michael D Kinney > > Signed-off-by: Zhihao Li > --- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > | 10 +++- > MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h > | 27 > MdeModulePkg/MdeModulePkg.dec > | 5 +++- > MdeModulePkg/MdeModulePkg.dsc > | 4 ++- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > | 3 ++- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > | 3 ++- > 6 files changed, 47 insertions(+), 5 deletions(-) > > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > index 517cae7b00f8..52a9b0e6b202 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > @@ -14,7 +14,7 @@ >VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), > ReclaimForOS(), > >SmmVariableGetStatistics() should also do validation based on its > own knowledge. > > > > -Copyright (c) 2010 - 2019, Intel Corporation. All rights > reserved. > > +Copyright (c) 2010 - 2022, Intel Corporation. All rights > +reserved. > > Copyright (c) 2018, Linaro, Ltd. All rights reserved. > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > #include > > #include > > +#include > > > > #include > > #include "Variable.h" > > @@ -656,6 +657,13 @@ SmmVariableHandler ( > goto EXIT; > >} > > > > + if ((SmmVariableHeader->Attributes & > EFI_VARIABLE_NON_VOLATILE) != 0) { > > +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { > > + DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP > check in SMM!\n")); > > + goto EXIT; > > +} > > + } > > + > >Status = VariableServiceSetVariable ( > > SmmVariableHeader->Name, > > >Guid, > > diff --git a/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h > b/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h > new file mode 100644 > index ..82e459e9106e > --- /dev/null > +++ b/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h > @@ -0,0 +1,27 @@ > +/** @file > > + SMM CPU Rendezvous library header file. > > + > > + Copyright (c) 2022, Intel Corporation. All rights reserved. > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#ifndef SMM_CPU_RENDEZVOUS_H_ > > +#define SMM_CPU_RENDEZVOUS_H_ > > + > > +/** > > + This routine wait for all AP processors to arrive in SMM. > > + > > + @param[in] BlockingMode Blocking mode or non-blocking mode. > > + > > + @retval EFI_SUCCESS Al
[edk2-devel] [PATCH v1 1/1] MdeModulePkg: Use SmmWaitForAllProcessor() in VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3854 In UefiCpuPkg, there are a new Protocol with the new service SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. This patch use the new service to let VariableSmm driver work normally in relaxed AP mode. Cc: Jian J Wang Cc: Liming Gao Cc: Siyuan Fu Cc: Ni Ray Cc: Michael D Kinney Signed-off-by: Zhihao Li --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 10 +++- MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h | 27 MdeModulePkg/MdeModulePkg.dec | 5 +++- MdeModulePkg/MdeModulePkg.dsc | 4 ++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 3 ++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 3 ++- 6 files changed, 47 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 517cae7b00f8..52a9b0e6b202 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), SmmVariableGetStatistics() should also do validation based on its own knowledge. -Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved. Copyright (c) 2018, Linaro, Ltd. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include "Variable.h" @@ -656,6 +657,13 @@ SmmVariableHandler ( goto EXIT; } + if ((SmmVariableHeader->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { +if (EFI_ERROR (SmmWaitForAllProcessor (TRUE))) { + DEBUG ((DEBUG_ERROR, "SetVariable: fail to wait for all AP check in SMM!\n")); + goto EXIT; +} + } + Status = VariableServiceSetVariable ( SmmVariableHeader->Name, >Guid, diff --git a/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h b/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h new file mode 100644 index ..82e459e9106e --- /dev/null +++ b/MdeModulePkg/Include/Library/SmmCpuRendezvousLib.h @@ -0,0 +1,27 @@ +/** @file + SMM CPU Rendezvous library header file. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SMM_CPU_RENDEZVOUS_H_ +#define SMM_CPU_RENDEZVOUS_H_ + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All processors checked in to SMM. + @retval EFI_TIMEOUT Wait for all APs until timeout. + +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ); + +#endif diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 463e889e9a68..06ada41b7344 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -4,7 +4,7 @@ # and libraries instances, which are used for those modules. # # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved. -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved. # Copyright (c) 2016, Linaro Ltd. All rights reserved. # (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP # Copyright (c) 2017, AMD Incorporated. All rights reserved. @@ -154,6 +154,9 @@ # VariablePolicyHelperLib|Include/Library/VariablePolicyHelperLib.h + ## @libraryclass Provides function for SMM CPU Rendezvous Library. + SmmCpuRendezvousLib|Include/Library/SmmCpuRendezvousLib.h + [Guids] ## MdeModule package token space guid # Include/Guid/MdeModulePkgTokenSpace.h diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index b1d83461865e..a15dd5d7b23d 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -2,7 +2,7 @@ # EFI/PI Reference Module Package for All Architectures # # (C) Copyright 2014 Hewlett-Packard Development Company, L.P. -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # #SPDX-License-Identifier: BSD-2-Clause-Patent @@ -152,6 +152,7 @@ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf
Re: [edk2-devel] [PATCH v1 1/1] OvmfPkg: Add dependency of VariableSmm driver to make it work normally.
Yes, some patches in other Pkg. Patch in UefiCpuPkg have been merged. It provide a mode allow cpu which in SMM mode work without waiting for other APs enter SMM mode. And define a new service that can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous. Patch in UefiPayloadPkg in review. Use VariableSmm driver so that need to add SmmCpuRendezvousLib dependency. Patch in MdeModulePkg is blocked. VariableSmm/VariableStandaloneMM driver needs use new service complete SMM rendezvous. Patch in SecurityPkg is blocked. TcgSmm/Tcg2Smm driver need use new service complete SMM rendezvous. Thanks a lot. -Original Message- From: Yao, Jiewen Sent: Friday, April 1, 2022 7:35 PM To: Li, Zhihao ; devel@edk2.groups.io Cc: Ard Biesheuvel ; Justen, Jordan L ; Gerd Hoffmann ; Boeuf, Sebastien Subject: RE: [PATCH v1 1/1] OvmfPkg: Add dependency of VariableSmm driver to make it work normally. Reviewed-by: Jiewen Yao Is this a standalone patch? Or one of a series patch? I think it should be later. But, please enlighten me. > -Original Message- > From: Li, Zhihao > Sent: Tuesday, March 29, 2022 2:38 PM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel ; Yao, Jiewen > ; Justen, Jordan L ; > Gerd Hoffmann ; Boeuf, Sebastien > > Subject: [PATCH v1 1/1] OvmfPkg: Add dependency of VariableSmm driver > to make it work normally. > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3861 > > UefiCpuPkg define a new Protocol with the new services > SmmWaitForAllProcessor(), which can be used by SMI handler to > optionally wait for other APs to complete SMM rendezvous in relaxed AP > mode. > > VariableSmm driver need use SmmCpuRendezvousLib, So add > SmmCpuRendezvousLib in OvmfPkg. > > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Cc: Jordan Justen > Cc: Gerd Hoffmann > Cc: Sebastien Boeuf > > Signed-off-by: Zhihao Li > --- > OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + > OvmfPkg/OvmfPkgIa32.dsc| 3 ++- > OvmfPkg/OvmfPkgIa32X64.dsc | 3 ++- > OvmfPkg/OvmfPkgX64.dsc | 3 ++- > 4 files changed, 7 insertions(+), 3 deletions(-) > > diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc > b/OvmfPkg/CloudHv/CloudHvX64.dsc index 8ac9227c5f50..c5f8314a37b6 > 100644 > --- a/OvmfPkg/CloudHv/CloudHvX64.dsc > +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc > @@ -429,6 +429,7 @@ > !endif > >BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > >PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf > > + > SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuR > endezvousLib.inf > > > > [LibraryClasses.common.SMM_CORE] > >PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index > 29eea82571c5..e6122118e07e 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -1,7 +1,7 @@ > ## @file > > # EFI/Framework Open Virtual Machine Firmware (OVMF) platform > > # > > -# Copyright (c) 2006 - 2021, Intel Corporation. All rights > reserved. > > +# Copyright (c) 2006 - 2022, Intel Corporation. All rights > +reserved. > > # (C) Copyright 2016 Hewlett Packard Enterprise Development LP > > # Copyright (c) Microsoft Corporation. > > # > > @@ -427,6 +427,7 @@ > !endif > >BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > >PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf > > + > SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuR > endezvousLib.inf > > > > [LibraryClasses.common.SMM_CORE] > >PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 56d3c49ab21a..05c16aa3fd3e 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -1,7 +1,7 @@ > ## @file > > # EFI/Framework Open Virtual Machine Firmware (OVMF) platform > > # > > -# Copyright (c) 2006 - 2021, Intel Corporation. All rights > reserved. > > +# Copyright (c) 2006 - 2022, Intel Corporation. All rights > +reserved. > > # (C) Copyright 2016 Hewlett Packard Enterprise Development LP > > # Copyright (c) Microsoft Corporation. > > # > > @@ -431,6 +431,7 @@ > !endif > >BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > >PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf > > + > SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuR > endezvousLib.inf > > > > [LibraryClasses.common.SMM_CORE] > >PcdLib|MdePkg/Library/DxePcdLib/DxeP
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Guo Dong Cc: Ray Ni Cc: Benjamin You Cc: Sean Rhodes Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 14a8d157a292..a9feba47bbd9 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -352,6 +352,7 @@ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88161): https://edk2.groups.io/g/devel/message/88161 Mute This Topic: https://groups.io/mt/90102732/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 14a8d157a292..a9feba47bbd9 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -352,6 +352,7 @@ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88157): https://edk2.groups.io/g/devel/message/88157 Mute This Topic: https://groups.io/mt/90102732/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Cc: Sean Rhodes Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 14a8d157a292..a9feba47bbd9 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -352,6 +352,7 @@ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88156): https://edk2.groups.io/g/devel/message/88156 Mute This Topic: https://groups.io/mt/90102732/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] OvmfPkg: Add dependency of VariableSmm driver to make it work normally.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3861 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib in OvmfPkg. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Sebastien Boeuf Signed-off-by: Zhihao Li --- OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc| 3 ++- OvmfPkg/OvmfPkgIa32X64.dsc | 3 ++- OvmfPkg/OvmfPkgX64.dsc | 3 ++- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 8ac9227c5f50..c5f8314a37b6 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -429,6 +429,7 @@ !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 29eea82571c5..e6122118e07e 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -427,6 +427,7 @@ !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 56d3c49ab21a..05c16aa3fd3e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -431,6 +431,7 @@ !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f0924c0f9d0a..ea42bee22cb5 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -432,6 +432,7 @@ !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88155): https://edk2.groups.io/g/devel/message/88155 Mute This Topic: https://groups.io/mt/90103054/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Cc: Sean Rhodes Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 14a8d157a292..a9feba47bbd9 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -352,6 +352,7 @@ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88151): https://edk2.groups.io/g/devel/message/88151 Mute This Topic: https://groups.io/mt/90102732/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Cc: Sean Rhodes Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 14a8d157a292..a9feba47bbd9 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -352,6 +352,7 @@ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88150): https://edk2.groups.io/g/devel/message/88150 Mute This Topic: https://groups.io/mt/90102732/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] UefiPayloadPkg: Add dependency of VariableSmm driver.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3882 UefiCpuPkg define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. VariableSmm driver need use SmmCpuRendezvousLib, So add SmmCpuRendezvousLib dependency in UefiPayloadPkg which use VariableSmm driver. Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Cc: Sean Rhodes Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiPayloadPkg/UefiPayloadPkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 14a8d157a292..a9feba47bbd9 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -3,7 +3,7 @@ # # Provides drivers and definitions to create uefi payload for bootloaders. # -# Copyright (c) 2014 - 2021, Intel Corporation. All rights reserved. +# Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved. # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -352,6 +352,7 @@ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + SmmCpuRendezvousLib|UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf !endif -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88149): https://edk2.groups.io/g/devel/message/88149 Mute This Topic: https://groups.io/mt/90102732/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/1] CryptoPkg: Redefinition bug in CrtLibSupport.h.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3885 Parallel hash patch redefines uint_64 type in CrtLibSupport.h which has been defined in openssl/include/openssl/e_os2.h. CryptMd5.c including e_os2.h cause redefinition bug. Cc: Jiewen Yao jiewen@intel.com Cc: Jian J Wang jian.j.w...@intel.com Cc: Xiaoyu Lu xiaoyu1...@intel.com Cc: Guomin Jiang guomin.ji...@intel.com Cc: Siyuan Fu siyuan...@intel.com Signed-off-by: Zhihao Li --- CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h | 2 ++ CryptoPkg/Library/Include/CrtLibSupport.h | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h b/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h index fe08d4928e8d..dcfe200e5829 100644 --- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h @@ -25,6 +25,8 @@ http://creativecommons.org/publicdomain/zero/1.0/ #define KECCAK1600_WIDTH 1600 +typedef UINT64 uint64_t; + // // This struct referring to m_sha3.c from opessl and modified its type name. // diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h index b76b140a7acf..75172b920b67 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h @@ -111,7 +111,6 @@ typedef UINT8 u_char; typedef UINT32 uid_t; typedef UINT32 gid_t; typedef CHAR16 wchar_t; -typedef UINT64 uint64_t; // // File operations are not required for EFI building, -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#88023): https://edk2.groups.io/g/devel/message/88023 Mute This Topic: https://groups.io/mt/90017880/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Passed CI test. Onprotocol version code passed test. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Signed-off-by: Zhihao Li --- CryptoPkg/Driver/Crypto.c | 121 - CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 282 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 278 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHashNull.c | 40 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptParallelHashNull.c | 40 +++ CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c| 34 ++- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 ++ CryptoPkg/CryptoPkg.ci.yaml | 4 +- CryptoPkg/Include/Library/BaseCryptLib.h | 31 ++- CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 15 +- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 3 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h | 201 ++ CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf| 3 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| 3 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| 8 +- CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 3 +- CryptoPkg/Library/Include/CrtLibSupport.h | 3 +- CryptoPkg/Private/Protocol/Crypto.h | 35 ++- CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 4 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 4 + 22 files changed, 1516 insertions(+), 14 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d5d6aa8e5820..76cb9f4da0a4 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3,7 +3,7 @@ from BaseCryptLib and TlsLib. Copyright (C) Microsoft Corporation. All rights reserved. - Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved. + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -4470,6 +4470,118 @@ CryptoServiceTlsGetCertRevocationList ( return CALL_BASECRYPTLIB (TlsGet.Services.CertRevocationList, TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } +/** + Carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme. + + This function carries out the RSA-SSA signature generation with EMSA-PSS encoding scheme defined in + RFC 8017. + Mask generation function is the same as the message digest algorithm. + If the Signature buffer is too small to hold the contents of signature, FALSE + is returned and SigSize is set to the required buffer size to obtain the signature. + + If RsaContext is NULL, then return FALSE. + If Message is NULL, then return FALSE. + If MsgSize is zero or > INT_MAX, then return FALSE. + If DigestLen is NOT 32, 48 or 64, return FALSE. + If SaltLen is not equal to DigestLen, then return FALSE. + If SigSize is large enough but Signature is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in] RsaContext Pointer to RSA context for signature generation. + @param[in] Message Pointer to octet message to be signed. + @param[in] MsgSize Size of the message in bytes. + @param[in] DigestLenLength of the digest in bytes to be used for RSA signature operation. + @param[in] SaltLen Length of the salt in bytes to be used for PSS encoding. + @param[out] SignaturePointer to buffer to receive RSA PSS signature. + @param[in, out] SigSize On input, the size of Signature buffer in bytes. + On output, the size of data returned in Signature buffer in bytes. + + @retval TRUE Signature successfully generated in RSASSA-PSS. + @retval FALSE Signature generation failed. + @retval FALSE SigSize is too small. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceRsaPssSign ( + IN VOID *RsaContext, + IN CONST UINT8 *Message, + IN UINTNMsgSize, + IN UINT16 DigestLen, + IN UINT16 SaltLen, + OUT UINT8*Signature, + IN OUT UINTN*SigSize + ) +{ + return
Re: [edk2-devel] [PATCH v6 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
OK > -Original Message- > From: Yao, Jiewen > Sent: Friday, March 18, 2022 9:59 AM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, Xiaoyu1 ; > Jiang, Guomin ; Fu, Siyuan ; > Yao, Jiewen > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > Yes. It seems we missed RsaPssSign and RsaPssVerify in previous patch. Sigh... > > Would you please help to add them? > > > > > -Original Message- > > From: Li, Zhihao > > Sent: Friday, March 18, 2022 9:53 AM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; > > Jiang, Guomin ; Fu, Siyuan > > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > ParallelHash256HashAll in BaseCryptLib. > > > > Build CryptoPei and CryptoSmm driver report this error. > > > > INFO - /home/vsts/work/1/s/CryptoPkg/Driver/Crypto.c:4707:3: error: > > initialization of 'BOOLEAN (__attribute__((ms_abi)) *)(void *, const UINT8 > > *, > > UINTN, UINT16, UINT16, UINT8 *, UINTN *)' from incompatible pointer type > > 'BOOLEAN (__attribute__((ms_abi)) *)(const void *, UINTN, UINTN, void *, > > UINTN, const void *, UINTN)' [-Werror=incompatible-pointer-types] > > INFO - 4707 | CryptoServiceParallelHash256HashAll > > > > In Crypto.c: > > const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { > > ... > > CryptoServiceTlsGetHostPrivateKey, > > CryptoServiceTlsGetCertRevocationList, > > /// Parallel hash > > CryptoServiceParallelHash256HashAll > > }; > > In Crypto.h > > struct _EDKII_CRYPTO_PROTOCOL { > > ... > > EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST > > TlsGetCertRevocationList; > > /// RSA PSS > > EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign; > > EDKII_CRYPTO_RSA_PSS_VERIFYRsaPssVerify; > > /// Parallel hash > > EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAll; > > }; > > And > > typedef > > BOOLEAN > > (EFIAPI *EDKII_CRYPTO_RSA_PSS_SIGN)( > > IN VOID *RsaContext, > > IN CONST UINT8 *Message, > > IN UINTNMsgSize, > > IN UINT16 DigestLen, > > IN UINT16 SaltLen, > > OUT UINT8*Signature, > > IN OUT UINTN*SigSize > > ); > > > > So I think solve this error need to put ParallelHash256HashAll before > RsaPssSign. > > And test result is successful. > > Is there anything wrong with my judgment? > > > > > > > -Original Message- > > > From: Yao, Jiewen > > > Sent: Friday, March 18, 2022 8:56 AM > > > To: Li, Zhihao ; devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > > ; > > > Jiang, Guomin ; Fu, Siyuan > > > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > What is root cause of failure? > > > > > > I don't understand. > > > > > > > -Original Message- > > > > From: Li, Zhihao > > > > Sent: Friday, March 18, 2022 12:27 AM > > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > > > ; > > > > Jiang, Guomin ; Fu, Siyuan > > > > > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > > > Because it will cause patch to fail in CI test while to succeed if > > > > follow the > > > setting. > > > > Failed test: https://github.com/tianocore/edk2/pull/2535 > > > > > > > > I guess it's because data structure > EDKII_CRYPTO_PROTOCOL( mEdkiiCrypto) > > > > doesn't have /// RSA PSS members in Crypto.c > > > > > > > > > -Original Message- > > > > > From: Yao, Jiewen > > > > > Sent: Thursday, March 17, 2022 10:13 PM > > > > > To: Li, Zhihao ; devel@edk2.groups.io > > > > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > > > > ; > > > > > Jiang, Guomin ; Fu, Siyuan > > > > > > > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > > > > > Hey > > > > > Are you following the guideline - don't put new field in the middle ? > > > > > > >
Re: [edk2-devel] [PATCH v6 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
Build CryptoPei and CryptoSmm driver report this error. INFO - /home/vsts/work/1/s/CryptoPkg/Driver/Crypto.c:4707:3: error: initialization of 'BOOLEAN (__attribute__((ms_abi)) *)(void *, const UINT8 *, UINTN, UINT16, UINT16, UINT8 *, UINTN *)' from incompatible pointer type 'BOOLEAN (__attribute__((ms_abi)) *)(const void *, UINTN, UINTN, void *, UINTN, const void *, UINTN)' [-Werror=incompatible-pointer-types] INFO - 4707 | CryptoServiceParallelHash256HashAll In Crypto.c: const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { ... CryptoServiceTlsGetHostPrivateKey, CryptoServiceTlsGetCertRevocationList, /// Parallel hash CryptoServiceParallelHash256HashAll }; In Crypto.h struct _EDKII_CRYPTO_PROTOCOL { ... EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocationList; /// RSA PSS EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign; EDKII_CRYPTO_RSA_PSS_VERIFYRsaPssVerify; /// Parallel hash EDKII_CRYPTO_PARALLEL_HASH_ALL ParallelHash256HashAll; }; And typedef BOOLEAN (EFIAPI *EDKII_CRYPTO_RSA_PSS_SIGN)( IN VOID *RsaContext, IN CONST UINT8 *Message, IN UINTNMsgSize, IN UINT16 DigestLen, IN UINT16 SaltLen, OUT UINT8*Signature, IN OUT UINTN*SigSize ); So I think solve this error need to put ParallelHash256HashAll before RsaPssSign. And test result is successful. Is there anything wrong with my judgment? > -Original Message- > From: Yao, Jiewen > Sent: Friday, March 18, 2022 8:56 AM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, Xiaoyu1 ; > Jiang, Guomin ; Fu, Siyuan > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > What is root cause of failure? > > I don't understand. > > > -----Original Message- > > From: Li, Zhihao > > Sent: Friday, March 18, 2022 12:27 AM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; > > Jiang, Guomin ; Fu, Siyuan > > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > ParallelHash256HashAll in BaseCryptLib. > > > > Because it will cause patch to fail in CI test while to succeed if follow > > the > setting. > > Failed test: https://github.com/tianocore/edk2/pull/2535 > > > > I guess it's because data structure EDKII_CRYPTO_PROTOCOL( mEdkiiCrypto) > > doesn't have /// RSA PSS members in Crypto.c > > > > > -Original Message- > > > From: Yao, Jiewen > > > Sent: Thursday, March 17, 2022 10:13 PM > > > To: Li, Zhihao ; devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > > ; > > > Jiang, Guomin ; Fu, Siyuan > > > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > Hey > > > Are you following the guideline - don't put new field in the middle ? > > > > > > ParallelHash256HashAll API is still in the middle.. > > > > > > > > > > @@ -3641,6 +3670,8 @@ struct _EDKII_CRYPTO_PROTOCOL { > > > >EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT > TlsGetHostPublicCert; > > > > > > > >EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY > TlsGetHostPrivateKey; > > > > > > > >EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST > > > > TlsGetCertRevocationList; > > > > > > > > + /// Parallel hash > > > > > > > > + EDKII_CRYPTO_PARALLEL_HASH_ALL > > > > ParallelHash256HashAll; > > > > > > > >/// RSA PSS > > > > > > > >EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign; > > > > > > > >EDKII_CRYPTO_RSA_PSS_VERIFYRsaPssVerify; > > > > > > > > > > > > > > -Original Message- > > > > From: Li, Zhihao > > > > Sent: Thursday, March 17, 2022 12:35 PM > > > > To: devel@edk2.groups.io > > > > Cc: Yao, Jiewen ; Wang, Jian J > > > ; > > > > Lu, Xiaoyu1 ; Jiang, Guomin > > > ; > > > > Fu, Siyuan > > > > Subject: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 > > > > > > > > Parallel hash function ParallelHash256HashAll, as defined in NIST's > > > > Special Publication 800-185, published December 2016. It utiliz
Re: [edk2-devel] [PATCH v6 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
Because it will cause patch to fail in CI test while to succeed if follow the setting. Failed test: https://github.com/tianocore/edk2/pull/2535 I guess it's because data structure EDKII_CRYPTO_PROTOCOL( mEdkiiCrypto) doesn't have /// RSA PSS members in Crypto.c > -Original Message- > From: Yao, Jiewen > Sent: Thursday, March 17, 2022 10:13 PM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, Xiaoyu1 ; > Jiang, Guomin ; Fu, Siyuan > Subject: RE: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > Hey > Are you following the guideline - don't put new field in the middle ? > > ParallelHash256HashAll API is still in the middle.. > > > > @@ -3641,6 +3670,8 @@ struct _EDKII_CRYPTO_PROTOCOL { > >EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert; > > > >EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey; > > > >EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST > > TlsGetCertRevocationList; > > > > + /// Parallel hash > > > > + EDKII_CRYPTO_PARALLEL_HASH_ALL > > ParallelHash256HashAll; > > > >/// RSA PSS > > > >EDKII_CRYPTO_RSA_PSS_SIGN RsaPssSign; > > > >EDKII_CRYPTO_RSA_PSS_VERIFYRsaPssVerify; > > > > > > -Original Message- > > From: Li, Zhihao > > Sent: Thursday, March 17, 2022 12:35 PM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > ; > > Lu, Xiaoyu1 ; Jiang, Guomin > ; > > Fu, Siyuan > > Subject: [PATCH v6 1/1] CryptoPkg: Add new hash algorithm > > ParallelHash256HashAll in BaseCryptLib. > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 > > > > Parallel hash function ParallelHash256HashAll, as defined in NIST's > > Special Publication 800-185, published December 2016. It utilizes > > multi-process to calculate the digest. > > > > Passed CI test. > > Onprotocol version code passed test. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Siyuan Fu > > Cc: Zhihao Li > > > > Signed-off-by: Zhihao Li > > --- > > CryptoPkg/Driver/Crypto.c | > > 38 ++- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 282 > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 278 > > +++ > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHashNull.c | > > 40 +++ > > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 > > > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptParallelHashNull.c | 40 > +++ > > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c| > > 34 ++- > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 > > ++ > > CryptoPkg/CryptoPkg.ci.yaml | > > 4 +- > > CryptoPkg/Include/Library/BaseCryptLib.h | > > 31 ++- > > CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | > > 8 +- > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | > > 3 +- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h | 201 > > ++ > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf| > > 3 +- > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| > > 3 +- > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| > > 8 +- > > CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | > > 3 +- > > CryptoPkg/Library/Include/CrtLibSupport.h | > > 3 +- > > CryptoPkg/Private/Protocol/Crypto.h | > > 35 ++- > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | > > 4 + > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 4 > + > > 22 files changed, 1426 insertions(+), 14 deletions(-) > > > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > > index d5d6aa8e5820..5a9245c07cc5 100644 > > --- a/CryptoPk
[edk2-devel] [PATCH v6 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Passed CI test. Onprotocol version code passed test. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Cc: Zhihao Li Signed-off-by: Zhihao Li --- CryptoPkg/Driver/Crypto.c | 38 ++- CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 282 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 278 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHashNull.c | 40 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptParallelHashNull.c | 40 +++ CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c| 34 ++- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 ++ CryptoPkg/CryptoPkg.ci.yaml | 4 +- CryptoPkg/Include/Library/BaseCryptLib.h | 31 ++- CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 8 +- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 3 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h | 201 ++ CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf| 3 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| 3 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| 8 +- CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 3 +- CryptoPkg/Library/Include/CrtLibSupport.h | 3 +- CryptoPkg/Private/Protocol/Crypto.h | 35 ++- CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 4 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 4 + 22 files changed, 1426 insertions(+), 14 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d5d6aa8e5820..5a9245c07cc5 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3,7 +3,7 @@ from BaseCryptLib and TlsLib. Copyright (C) Microsoft Corporation. All rights reserved. - Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved. + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -4470,6 +4470,38 @@ CryptoServiceTlsGetCertRevocationList ( return CALL_BASECRYPTLIB (TlsGet.Services.CertRevocationList, TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED); } +/** + Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185, + published December 2016. + + @param[in] InputPointer to the input message (X). + @param[in] InputByteLen The number(>0) of input bytes provided for the input data. + @param[in] BlockSizeThe size of each block (B). + @param[out] Output Pointer to the output buffer. + @param[in] OutputByteLenThe desired number of output bytes (L). + @param[in] CustomizationPointer to the customization string (S). + @param[in] CustomByteLenThe length of the customization string in bytes. + + @retval TRUE ParallelHash256 digest computation succeeded. + @retval FALSE ParallelHash256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceParallelHash256HashAll ( + IN CONST VOID *Input, + IN UINTN InputByteLen, + IN UINTN BlockSize, + OUT VOID *Output, + IN UINTN OutputByteLen, + IN CONST VOID *Customization, + IN UINTN CustomByteLen + ) +{ + return CALL_BASECRYPTLIB (ParallelHash.Services.HashAll, ParallelHash256HashAll, (Input, InputByteLen, BlockSize, Output, OutputByteLen, Customization, CustomByteLen), FALSE); +} + const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { /// Version CryptoServiceGetCryptoVersion, @@ -4670,5 +4702,7 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { CryptoServiceTlsGetCaCertificate, CryptoServiceTlsGetHostPublicCert, CryptoServiceTlsGetHostPrivateKey, - CryptoServiceTlsGetCertRevocationList + CryptoServiceTlsGetCertRevocationList, + /// Parallel hash + CryptoServiceParallelHash256HashAll }; diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c new file mode 100644 index ..2a9eaf9eec40 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c @@ -0,0 +1,282 @@ +/** @file + cSHAKE-256
Re: [edk2-devel] [PATCH v5 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
Will send patch_v6 with following update soon. 1. adjust the position of new field in the data structure. 2.update the version of data structure if it existing. 3.With the usability test, the CrytoLibOnProtocol version code can be used normally as static version. Best Regard Zhihao -Original Message- From: Yao, Jiewen Sent: Monday, March 14, 2022 1:50 PM To: devel@edk2.groups.io; Li, Zhihao Cc: Wang, Jian J ; Lu, Xiaoyu1 ; Jiang, Guomin ; Fu, Siyuan Subject: RE: [edk2-devel] [PATCH v5 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib. Thanks. It is close to final version, but there are some compatibility issue need to be address. 1) Whenever you add a new field in the data structure, please add it at the end. Don't add them in the middle. E.g. PCD_CRYPTO_SERVICE_FAMILY_ENABLE, _EDKII_CRYPTO_PROTOCOL 2) Whenever you add a new field for a data structure, please remember to increase the version. E.g. EDKII_CRYPTO_VERSION 3) Please clarify if you have tested the CrytoLibOnProtocol version code. Thank you Yao Jiewen > -Original Message- > From: devel@edk2.groups.io On Behalf Of Li, Zhihao > Sent: Wednesday, March 9, 2022 4:44 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Lu, Xiaoyu1 ; Jiang, Guomin ; > Fu, Siyuan > Subject: [edk2-devel] [PATCH v5 1/1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 > > Parallel hash function ParallelHash256HashAll, as defined in NIST's > Special Publication 800-185, published December 2016. It utilizes > multi-process to calculate the digest. > > Some modifications to pass CI test. > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Siyuan Fu > Cc: Zhihao Li > > Signed-off-by: Zhihao Li > --- > CryptoPkg/Driver/Crypto.c | 36 > ++- > CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 282 > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 278 > +++ > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHashNull.c | 40 > +++ > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 > > CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 > > CryptoPkg/Library/BaseCryptLibNull/Hash/CryptParallelHashNull.c | 40 > +++ > CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c| 34 > ++- > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 > ++ > CryptoPkg/CryptoPkg.ci.yaml | 4 > +- > CryptoPkg/Include/Library/BaseCryptLib.h | 31 > ++- > CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 8 > +- > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 3 > +- > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h | 201 > ++ > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf| 3 > +- > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| 3 > +- > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| 8 > +- > CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 3 > +- > CryptoPkg/Library/Include/CrtLibSupport.h | 3 > +- > CryptoPkg/Private/Protocol/Crypto.h | 31 > +++ > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 + > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 4 + > 22 files changed, 1422 insertions(+), 11 deletions(-) > > diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c > index d5d6aa8e5820..35312e0818a0 100644 > --- a/CryptoPkg/Driver/Crypto.c > +++ b/CryptoPkg/Driver/Crypto.c > @@ -3,7 +3,7 @@ >from BaseCryptLib and TlsLib. > > > >Copyright (C) Microsoft Corporation. All rights reserved. > > - Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved. > > + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved. > >SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -1314,6 +1314,38 @@ CryptoServiceSha512HashAll ( >return CALL_BASECRYPTLIB (Sha512.Services.HashAll, Sha512HashAll, (Data, > DataSize, HashValue), FALSE); > > } > > > > +/** > > + Parallel hash function ParallelHash256, as defined in NIST's Special > Publication > 8
[edk2-devel] [PATCH v5 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Some modifications to pass CI test. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Cc: Zhihao Li Signed-off-by: Zhihao Li --- CryptoPkg/Driver/Crypto.c | 36 ++- CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 282 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 278 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHashNull.c | 40 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 CryptoPkg/Library/BaseCryptLibNull/Hash/CryptParallelHashNull.c | 40 +++ CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c| 34 ++- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 ++ CryptoPkg/CryptoPkg.ci.yaml | 4 +- CryptoPkg/Include/Library/BaseCryptLib.h | 31 ++- CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 8 +- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 3 +- CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.h | 201 ++ CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf| 3 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| 3 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| 8 +- CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 3 +- CryptoPkg/Library/Include/CrtLibSupport.h | 3 +- CryptoPkg/Private/Protocol/Crypto.h | 31 +++ CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 4 + 22 files changed, 1422 insertions(+), 11 deletions(-) diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c index d5d6aa8e5820..35312e0818a0 100644 --- a/CryptoPkg/Driver/Crypto.c +++ b/CryptoPkg/Driver/Crypto.c @@ -3,7 +3,7 @@ from BaseCryptLib and TlsLib. Copyright (C) Microsoft Corporation. All rights reserved. - Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved. + Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1314,6 +1314,38 @@ CryptoServiceSha512HashAll ( return CALL_BASECRYPTLIB (Sha512.Services.HashAll, Sha512HashAll, (Data, DataSize, HashValue), FALSE); } +/** + Parallel hash function ParallelHash256, as defined in NIST's Special Publication 800-185, + published December 2016. + + @param[in] InputPointer to the input message (X). + @param[in] InputByteLen The number(>0) of input bytes provided for the input data. + @param[in] BlockSizeThe size of each block (B). + @param[out] Output Pointer to the output buffer. + @param[in] OutputByteLenThe desired number of output bytes (L). + @param[in] CustomizationPointer to the customization string (S). + @param[in] CustomByteLenThe length of the customization string in bytes. + + @retval TRUE ParallelHash256 digest computation succeeded. + @retval FALSE ParallelHash256 digest computation failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CryptoServiceParallelHash256HashAll ( + IN CONST VOID *Input, + IN UINTN InputByteLen, + IN UINTN BlockSize, + OUT VOID *Output, + IN UINTN OutputByteLen, + IN CONST VOID *Customization, + IN UINTN CustomByteLen + ) +{ + return CALL_BASECRYPTLIB (ParallelHash.Services.HashAll, ParallelHash256HashAll, (Input, InputByteLen, BlockSize, Output, OutputByteLen, Customization, CustomByteLen), FALSE); +} + /** Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. @@ -4590,6 +4622,8 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = { CryptoServiceSha512Update, CryptoServiceSha512Final, CryptoServiceSha512HashAll, + /// Parallel hash + CryptoServiceParallelHash256HashAll, /// X509 CryptoServiceX509GetSubjectName, CryptoServiceX509GetCommonName, diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c new file mode 100644 index ..96e3c8eb02e1 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c @@ -0,0 +1,282 @@ +/** @file + cSHAKE-256 Digest Wrapper Implementations. + +Copyright (c) 2022, Intel Corporation.
Re: [edk2-devel] [PATCH v4 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
Hi, Jiewen Thanks for your comments. I have some confusion. 1.Can I create new .h file in CryptoPkg\Library\BaseCryptLib\Hash\ to place Keccak1600_Ctx and other declarations. Otherwise I put Keccak1600_Ctx define into CryptSha3.c and CryptCShake256.c Repetitively. 2. SHA3_absorb and SHA3_squeeze function from Openssl keccak1600.c(no header file), and they can't pass EFI coding style check. If I re-implement them in CryptSha3.c, I have to re-implement the whole keccak1600.c in BaseCryptlib. There are many Complex define in keccak1600.c need to be concern. So if I can create new .h file and let EFICodeStyleCheck ignore my new .h file. > -Original Message- > From: Yao, Jiewen > Sent: Friday, March 4, 2022 2:06 PM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; Jiang, Guomin ; Fu, > Siyuan > Subject: RE: [PATCH v4 1/1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > Thanks for the update. > > Comments below: > > 1) I don't think we should putting Keccak1600_Ctx in CrtLibSupport.h. It has > nothing to do with CRT lib. > > 2) Same feedback to SHA3_absorb and SHA3_squeeze. They have nothing to > do with CRT lib. > > 3) when you add new lib interfaces, you need add them to all instances. I > found you only changed SmmCryptLib.inf, but miss others. > Please also update PEI, DXE, RuntimeDxe. NULL version implementation is > acceptable. > > 4) I don't see you update CryptoPkg\Private\Protocol and Ppi. > They should be 1:1 mapping with CryptoLib API. > > Thank you > Yao Jiewen > > > > -Original Message- > > From: Li, Zhihao > > Sent: Wednesday, March 2, 2022 5:03 PM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > ; > > Lu, Xiaoyu1 ; Jiang, Guomin > ; > > Fu, Siyuan > > Subject: [PATCH v4 1/1] CryptoPkg: Add new hash algorithm > > ParallelHash256HashAll in BaseCryptLib. > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 > > > > Parallel hash function ParallelHash256HashAll, as defined in NIST's > > Special Publication 800-185, published December 2016. It utilizes > > multi-process to calculate the digest. > > > > Some modifications to pass CI test. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Siyuan Fu > > Cc: Zhihao Li > > > > Signed-off-by: Zhihao Li > > --- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 381 > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 350 > > ++ > > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 > > + > > CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 > ++ > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 > > > > CryptoPkg/Include/Library/BaseCryptLib.h | > > 31 +- > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| > > 8 +- > > CryptoPkg/Library/Include/CrtLibSupport.h | > > 38 +- > > CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | > > 3 + > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | > 4 + > > 10 files changed, 1230 insertions(+), 3 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > new file mode 100644 > > index ..6b26d74d5413 > > --- /dev/null > > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > @@ -0,0 +1,381 @@ > > +/** @file > > > > + cSHAKE-256 Digest Wrapper Implementations. > > > > + > > > > + Copyright (c) 2022, Intel Corporation. All rights reserved. > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include "InternalCryptLib.h" > > > > + > > > > +#define CSHAKE256_SECURITY_STRENGTH 256 > > > > +#define CSHAKE256_RATE_IN_BYTES 136 > > > > + > > > > +const CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = { 0 }; > > > > + > > > > +/** > > > > + Encode function from XKCP. > > > > + > > > > + Encodes the input as a byte string in a way that can be unambiguously > parsed > > > > + from the beginning o
[edk2-devel] [PATCH v4 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Some modifications to pass CI test. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Cc: Zhihao Li Signed-off-by: Zhihao Li --- CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 381 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 350 ++ CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 + CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 ++ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 CryptoPkg/Include/Library/BaseCryptLib.h | 31 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| 8 +- CryptoPkg/Library/Include/CrtLibSupport.h | 38 +- CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 4 + 10 files changed, 1230 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c new file mode 100644 index ..6b26d74d5413 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c @@ -0,0 +1,381 @@ +/** @file + cSHAKE-256 Digest Wrapper Implementations. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +#define CSHAKE256_SECURITY_STRENGTH 256 +#define CSHAKE256_RATE_IN_BYTES 136 + +const CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = { 0 }; + +/** + Encode function from XKCP. + + Encodes the input as a byte string in a way that can be unambiguously parsed + from the beginning of the string by inserting the length of the byte string + before the byte string representation of input. + + @param[out] EncBuf Result of left encode. + @param[in] Value Input of left encode. + + @retval EncLen Size of encode result in bytes. +**/ +UINTN +EFIAPI +LeftEncode ( + OUT UINT8 *EncBuf, + IN UINTN Value + ); + +/** + Encode function from XKCP. + + Encodes the input as a byte string in a way that can be unambiguously parsed + from the end of the string by inserting the length of the byte string after + the byte string representation of input. + + @param[out] EncBuf Result of right encode. + @param[in] Value Input of right encode. + + @retval EncLen Size of encode result in bytes. +**/ +UINTN +EFIAPI +RightEncode ( + OUT UINT8 *EncBuf, + IN UINTN Value + ); + +/** + Keccak initial fuction. + + Set up state with specified capacity. + + @param[out] Context Pointer to the context being initialized. + @param[in] Pad Delimited Suffix. + @param[in] BlockSize Size of context block. + @param[in] MessageDigestLen Size of message digest in bytes. + + @retval 1 Initialize successfully. + @retval 0 Fail to initialize. +**/ +UINT8 +EFIAPI +KeccakInit ( + OUT Keccak1600_Ctx *Context, + IN UINT8 Pad, + IN UINTN BlockSize, + IN UINTN MessageDigstLen + ); + +/** + Sha3 update fuction. + + This function performs Sha3 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + + @param[in,out] Context Pointer to the Keccak context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval 1 Update successfully. +**/ +UINT8 +EFIAPI +Sha3Update ( + IN OUT Keccak1600_Ctx *Context, + IN const VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of Sha3 message digest. + + This function completes sha3 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the keccak context cannot + be used again. + + @param[in, out] ContextPointer to the keccak context. + @param[out] MessageDigest Pointer to a buffer that receives the message digest. + + @retval 1 Meaasge digest computation succeeded. +**/ +UINT8 +EFIAPI +Sha3Final ( + IN OUT Keccak1600_Ctx *Context, + OUTUINT8 *MessageDigest + ); + +/** + CShake256 initial function. + + Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for + subsequent use. + + @param[out] CShake256Context Pointer to cSHAKE-256 context being initialized. + @param[in] OutputLen The desired number of output length in bytes. + @param[in] Name Pointer to
[edk2-devel] [PATCH v3 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Some modifications to pass CI test. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Cc: Zhihao Li Signed-off-by: Zhihao Li --- CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 381 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c | 350 ++ CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c | 166 + CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c | 107 ++ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 CryptoPkg/Include/Library/BaseCryptLib.h | 31 +- CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h | 2 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf| 8 +- CryptoPkg/Library/Include/CrtLibSupport.h | 38 +- CryptoPkg/Test/CryptoPkgHostUnitTest.dsc | 3 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 4 + 11 files changed, 1231 insertions(+), 4 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c new file mode 100644 index ..6b26d74d5413 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c @@ -0,0 +1,381 @@ +/** @file + cSHAKE-256 Digest Wrapper Implementations. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +#define CSHAKE256_SECURITY_STRENGTH 256 +#define CSHAKE256_RATE_IN_BYTES 136 + +const CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = { 0 }; + +/** + Encode function from XKCP. + + Encodes the input as a byte string in a way that can be unambiguously parsed + from the beginning of the string by inserting the length of the byte string + before the byte string representation of input. + + @param[out] EncBuf Result of left encode. + @param[in] Value Input of left encode. + + @retval EncLen Size of encode result in bytes. +**/ +UINTN +EFIAPI +LeftEncode ( + OUT UINT8 *EncBuf, + IN UINTN Value + ); + +/** + Encode function from XKCP. + + Encodes the input as a byte string in a way that can be unambiguously parsed + from the end of the string by inserting the length of the byte string after + the byte string representation of input. + + @param[out] EncBuf Result of right encode. + @param[in] Value Input of right encode. + + @retval EncLen Size of encode result in bytes. +**/ +UINTN +EFIAPI +RightEncode ( + OUT UINT8 *EncBuf, + IN UINTN Value + ); + +/** + Keccak initial fuction. + + Set up state with specified capacity. + + @param[out] Context Pointer to the context being initialized. + @param[in] Pad Delimited Suffix. + @param[in] BlockSize Size of context block. + @param[in] MessageDigestLen Size of message digest in bytes. + + @retval 1 Initialize successfully. + @retval 0 Fail to initialize. +**/ +UINT8 +EFIAPI +KeccakInit ( + OUT Keccak1600_Ctx *Context, + IN UINT8 Pad, + IN UINTN BlockSize, + IN UINTN MessageDigstLen + ); + +/** + Sha3 update fuction. + + This function performs Sha3 digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + + @param[in,out] Context Pointer to the Keccak context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval 1 Update successfully. +**/ +UINT8 +EFIAPI +Sha3Update ( + IN OUT Keccak1600_Ctx *Context, + IN const VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of Sha3 message digest. + + This function completes sha3 hash computation and retrieves the digest value into + the specified memory. After this function has been called, the keccak context cannot + be used again. + + @param[in, out] ContextPointer to the keccak context. + @param[out] MessageDigest Pointer to a buffer that receives the message digest. + + @retval 1 Meaasge digest computation succeeded. +**/ +UINT8 +EFIAPI +Sha3Final ( + IN OUT Keccak1600_Ctx *Context, + OUTUINT8 *MessageDigest + ); + +/** + CShake256 initial function. + + Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for + subsequent use. + + @param[out] CShake256Context Pointer to cSHAKE-256 context being initialized. + @param[in] OutputLen The desired
[edk2-devel] [PATCH v5 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Siyuan Fu Cc: Zhihao Li Signed-off-by: Zhihao Li --- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 103 UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 69 - UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 20 +++- UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 + UefiCpuPkg/Include/Protocol/SmmCpuService.h| 36 ++- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf | 35 +++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 29 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/UefiCpuPkg.dec | 8 +- UefiCpuPkg/UefiCpuPkg.dsc | 2 + 10 files changed, 322 insertions(+), 12 deletions(-) diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index ..e573c2ecfb51 --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,103 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL *mSmmCpuRendezvous = NULL; +STATIC VOID *mRegistration = NULL; + +/** + Callback function to wait Smm cpu rendezvous service located. + + SmmCpuRendezvousLib need to support MM_STANDALONE and DXE_SMM_DRIVER driver. + So do not use library constructor to locate the protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuRendezvousProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID*Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + Status = gMmst->MmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + EFI_STATUS Status; + + if ((mRegistration == NULL) && (mSmmCpuRendezvous == NULL)) { +// +// Locate SMM cpu rendezvous protocol for the first time execute the function. +// +Status = gMmst->MmLocateProtocol ( + , + NULL, + (VOID **) + ); +if (EFI_ERROR (Status)) { + Status = gMmst->MmRegisterProtocolNotify ( +, +SmmCpuRendezvousProtocolNotify, + +); + if (EFI_ERROR (Status)) { +return Status; + } +} + } + + // + // The platform have not set up. It doesn't need smm cpu rendezvous. + // + if (mSmmCpuRendezvous == NULL) { +return EFI_SUCCESS; + } + + Status = mSmmCpuRendezvous->WaitForAllProcessor ( +mSmmCpuRendezvous, +BlockingMode +); + return Status; +} diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 5d624f8e9ed6..2ebf4543c3ed 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -20,6 +20,13 @@ EFI_SMM_CPU_SERVICE_PROTOCOL mSmmCpuService = { SmmRegisterExceptionHandler }; +// +// EDKII
FW: [edk2-devel] [PATCH v4 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
1. InitializeSmmCpuServices(): please keep the ASSERT_EFI_ERROR (Status) for CpuService protocol installation. Will add assert. 2. SmmWaitForApArrival (): Can you remove the BlockingMode parameter because I cannot find any invocation using FALSE as parameter. Have removed in patchv4. 3. mSmmMpSyncData->AllApArrivedWithException: where is this variable assigned to TRUE? Have added in patchv4. 4. SmmCpuRendezvousProtocolNotify(): Function header is incorrect (I saw "Report Status Code"). Can you add comments to explain why protocol notification is needed instead of using library constructor to locate the protocol? Feature need to support MM_STANDALONE and DXE_SMM_DRIVER driver. They have different entry function parameter. Will add comment in function header. 5. Lib: SmmWaitForAllProcessor(): Can you add comments to explain why (mSmmCpuRendezvous == NULL) is a success? And this API is the same as the internal function name in PiSmmCpuDxe driver. It may cause confusing. Can you change that internal function to use a different name? 1) If SmmCpuRendezvous service do not locate, it means the platform have not setup and influence cpu rendezvous. Will add comment in function header. 2) For this, I plan to modified name of SmmWaitForAllProcessor in SmmCpuRendezvousLib to be SmmCpuRendezvous() and keep PiSmmCpuDxe driver the same. -Original Message- From: Fu, Siyuan Sent: Tuesday, March 1, 2022 3:46 PM To: Li, Zhihao Subject: FW: [edk2-devel] [PATCH v4 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support. Best Regards Siyuan -Original Message- From: devel@edk2.groups.io On Behalf Of Li, Zhihao Sent: 2022年2月23日 20:59 To: devel@edk2.groups.io Cc: Dong, Eric ; Ni, Ray ; Kumar, Rahul1 ; Fu, Siyuan Subject: [edk2-devel] [PATCH v4 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Patch_v3 modified to pass CI test. (1)Add SmmCpuRendezvousLib.inf into UefiCpuPkg.dsc / (2)Add SmmCpuRendezvousLib.h in UefiCpuPkg.dec [Libraryclasses.IA32, Libraryclasses.x64] (3) Some UncrustifyCheck modifications. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 98 UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 68 +- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 20 +++- UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 ++ UefiCpuPkg/Include/Protocol/SmmCpuService.h| 36 ++- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf | 35 +++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 29 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/UefiCpuPkg.dec | 8 +- UefiCpuPkg/UefiCpuPkg.dsc | 2 + 10 files changed, 316 insertions(+), 12 deletions(-) diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index ..22f694b77d51 --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,98 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL *mSmmCpuRendezvous = NULL; +STATIC VOID *mRegistration = NULL; + +/** + Register status code callback function only when Report Status Code + protocol + is installed. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuRendezvousProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID*Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + Status = gMmst->MmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Bloc
Re: [edk2-devel] [PATCH v2 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
Send patch v4 following Siyuan comments. > -Original Message- > From: Fu, Siyuan > Sent: Wednesday, February 23, 2022 6:20 PM > To: devel@edk2.groups.io; Li, Zhihao > Cc: Dong, Eric ; Ni, Ray ; Kumar, > Rahul1 > Subject: RE: [edk2-devel] [PATCH v2 1/1] UefiCpuPkg: Extend SMM CPU > Service with rendezvous support. > > Hi, Zhihao > > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of Li, > > Zhihao > > Sent: 2022年2月23日 14:42 > > To: devel@edk2.groups.io > > Cc: Dong, Eric ; Ni, Ray ; > > Kumar, > > Rahul1 ; Fu, Siyuan > > Subject: [edk2-devel] [PATCH v2 1/1] UefiCpuPkg: Extend SMM CPU > > Service with rendezvous support. > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 > > > > This patch define a new Protocol with the new services > > SmmWaitForAllProcessor(), which can be used by SMI handler to > > optionally wait for other APs to complete SMM rendezvous in relaxed AP > > mode. > > > > A new library SmmCpuRendezvousLib is provided to abstract the service > > into library API to simple SMI handler code. > > > > Patch_v3 modified to pass CI test. (1)Add SmmCpuRendezvousLib.inf into > > UefiCpuPkg.dsc / (2)Add > > SmmCpuRendezvousLib.h in UefiCpuPkg.dec [Libraryclasses.IA32, > > Libraryclasses.x64] (3) Some UncrustifyCheck modifications. > > > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Rahul Kumar > > Cc: Siyuan Fu > > > > Signed-off-by: Zhihao Li > > --- > > UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | > 98 > > > > UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 68 > > +- > > UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 15 ++- > > UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 ++ > > UefiCpuPkg/Include/Protocol/SmmCpuService.h| 36 ++- > > UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf | > 35 > > +++ > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 30 > +- > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- > > UefiCpuPkg/UefiCpuPkg.dec | 8 +- > > UefiCpuPkg/UefiCpuPkg.dsc | 2 + > > 10 files changed, 314 insertions(+), 10 deletions(-) > > > > diff --git > > a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c > > b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c > > new file mode 100644 > > index ..a53a5a8f301a > > --- /dev/null > > +++ > b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c > > @@ -0,0 +1,98 @@ > > +/** @file > > > > + SMM CPU Rendezvous sevice implement. > > > > + > > > > + Copyright (c) 2021 - 2022, Intel Corporation. All rights > > + reserved. > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL > *mSmmCpuRendezvous = > > NULL; > > > > +STATIC VOID *mRegistration = NULL; > > > > + > > > > +/** > > > > + Register status code callback function only when Report Status Code > > + protocol > > > > + is installed. > > > > + > > > > + @param[in] Protocol Points to the protocol's unique identifier. > > > > + @param[in] Interface Points to the interface instance. > > > > + @param[in] Handle The handle on which the interface was installed. > > > > + > > > > + @retval EFI_SUCCESS Notification runs successfully. > > > > + > > > > +**/ > > > > +EFI_STATUS > > > > +EFIAPI > > > > +SmmCpuRendezvousProtocolNotify ( > > > > + IN CONST EFI_GUID*Protocol, > > > > + IN VOID*Interface, > > > > + IN EFI_HANDLE Handle > > > > + ) > > > > +{ > > > > + EFI_STATUS Status; > > > > + > > > > + Status = gMmst->MmLocateProtocol ( > > > > +, > > > > +NULL, > > > &
[edk2-devel] [PATCH v4 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Patch_v3 modified to pass CI test. (1)Add SmmCpuRendezvousLib.inf into UefiCpuPkg.dsc / (2)Add SmmCpuRendezvousLib.h in UefiCpuPkg.dec [Libraryclasses.IA32, Libraryclasses.x64] (3) Some UncrustifyCheck modifications. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 98 UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 68 +- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 20 +++- UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 ++ UefiCpuPkg/Include/Protocol/SmmCpuService.h| 36 ++- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf | 35 +++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 29 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/UefiCpuPkg.dec | 8 +- UefiCpuPkg/UefiCpuPkg.dsc | 2 + 10 files changed, 316 insertions(+), 12 deletions(-) diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index ..22f694b77d51 --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,98 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL *mSmmCpuRendezvous = NULL; +STATIC VOID *mRegistration = NULL; + +/** + Register status code callback function only when Report Status Code protocol + is installed. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuRendezvousProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID*Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + Status = gMmst->MmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + EFI_STATUS Status; + + if ((mRegistration == NULL) && (mSmmCpuRendezvous == NULL)) { +// +// Locate SMM cpu rendezvous protocol for the first time execute the function. +// +Status = gMmst->MmLocateProtocol ( + , + NULL, + (VOID **) + ); +if (EFI_ERROR (Status)) { + Status = gMmst->MmRegisterProtocolNotify ( +, +SmmCpuRendezvousProtocolNotify, + +); + if (EFI_ERROR (Status)) { +return Status; + } +} + } + + if (mSmmCpuRendezvous == NULL) { +return EFI_SUCCESS; + } + + Status = mSmmCpuRendezvous->WaitForAllProcessor ( +mSmmCpuRendezvous, +BlockingMode +); + return Status; +} diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 5d624f8e9ed6..e096970ac62e 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -20,6 +20,13 @@ EFI_SMM_CPU_SERVICE_PROTOCOL mSmmCpuService = { SmmRegisterExceptionHandler }; +// +// EDKII SMM CPU
[edk2-devel] [PATCH v2 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Patch_v3 modified to pass CI test. (1)Add SmmCpuRendezvousLib.inf into UefiCpuPkg.dsc / (2)Add SmmCpuRendezvousLib.h in UefiCpuPkg.dec [Libraryclasses.IA32, Libraryclasses.x64] (3) Some UncrustifyCheck modifications. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 98 UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 68 +- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 15 ++- UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 ++ UefiCpuPkg/Include/Protocol/SmmCpuService.h| 36 ++- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf | 35 +++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 30 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/UefiCpuPkg.dec | 8 +- UefiCpuPkg/UefiCpuPkg.dsc | 2 + 10 files changed, 314 insertions(+), 10 deletions(-) diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index ..a53a5a8f301a --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,98 @@ +/** @file + SMM CPU Rendezvous sevice implement. + + Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL *mSmmCpuRendezvous = NULL; +STATIC VOID *mRegistration = NULL; + +/** + Register status code callback function only when Report Status Code protocol + is installed. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuRendezvousProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID*Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + Status = gMmst->MmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + This routine wait for all AP processors to arrive in SMM. + + @param[in] BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESS All avaiable APs arrived. + @retval EFI_TIMEOUT Wait for all APs until timeout. + @retval OTHERFail to register SMM CPU Rendezvous service Protocol. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + EFI_STATUS Status; + + if ((mRegistration == NULL) && (mSmmCpuRendezvous == NULL)) { +// +// Locate SMM cpu rendezvous protocol for the first time execute the function. +// +Status = gMmst->MmLocateProtocol ( + , + NULL, + (VOID **) + ); +if (EFI_ERROR (Status)) { + Status = gMmst->MmRegisterProtocolNotify ( +, +SmmCpuRendezvousProtocolNotify, + +); + if (EFI_ERROR (Status)) { +return Status; + } +} + } + + if (mSmmCpuRendezvous == NULL) { +return EFI_SUCCESS; + } + + Status = mSmmCpuRendezvous->WaitForAllProcessor ( +mSmmCpuRendezvous, +BlockingMode +); + return Status; +} diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 5d624f8e9ed6..fceb663fb74f 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -20,6 +20,13 @@ EFI_SMM_CPU_SERVICE_PROTOCOL mSmmCpuService = { SmmRegisterExceptionHandler }; +// +// EDKII
[edk2-devel] [PATCH v2 1/1] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch define a new Protocol with the new services SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Siyuan Fu Signed-off-by: Zhihao Li --- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 95 UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 66 +- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 14 ++- UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 ++ UefiCpuPkg/Include/Protocol/SmmCpuService.h| 36 +++- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf | 32 +++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 30 ++- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 5 +- UefiCpuPkg/UefiCpuPkg.dec | 5 +- 9 files changed, 300 insertions(+), 10 deletions(-) diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index ..03e507bf6b52 --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,95 @@ +/** @file +SMM CPU Rendezvous library header file. + +Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL *mSmmCpuRendezvous = NULL; +STATIC VOID *mSmmCpuRendezvousRegistration = NULL; + +/** + Register status code callback function only when Report Status Code protocol + is installed. + + @param Protocol Points to the protocol's unique identifier. + @param Interface Points to the interface instance. + @param Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuServiceProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID *Interface, + IN EFI_HANDLEHandle + ) +{ + EFI_STATUS Status; + + Status = gMmst->MmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + This routine wait for all AP processors to arrive in SMM. + + @param BlockingMode Blocking mode or non-blocking mode. + + @retval EFI_SUCCESSAll avaiable APs arrived. + @retval EFI_TIMEOUTWait for all APs until timeout. + @retval Other Fail to register Smm cpu rendezvous services notify. +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + EFI_STATUS Status; + + if (mSmmCpuRendezvousRegistration == NULL && mSmmCpuRendezvous == NULL) { +// +// locate Smm cpu rendezvous protocol for the first time execute the function. +// +Status = gMmst->MmLocateProtocol (, NULL, (VOID **) ); +if (EFI_ERROR (Status)) { + Status = gMmst->MmRegisterProtocolNotify ( +, +SmmCpuServiceProtocolNotify, + +); + if (EFI_ERROR (Status)) { +return Status; + } +} + } + + if (mSmmCpuRendezvous == NULL) { +return EFI_SUCCESS; + } + + Status = mSmmCpuRendezvous->WaitForAllProcessor ( + mSmmCpuRendezvous, + BlockingMode + ); + return Status; +} diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 5d624f8e9ed6..85c3c5c15a26 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -1,7 +1,7 @@ /** @file Implementation of SMM CPU Services Protocol. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -20,6 +20,13 @@ EFI_SMM_CPU_SERVICE_PROTOCOL mSmmCpuService = { SmmRegisterExceptionHandler }; +// +// EDKII SMM CPU Rendezvous Service Protocol instance +// +EDKII_SMM_CPU_RENDEZVOUS_PROTOCOL mEdkiiSmmCpuRendezvousService = { + SmmWaitForAllProcessor +}; + /** Gets processor information on the requested processor at the instant this call is made. @@ -350,6 +357,7 @@ SmmRegisterExceptionHandler ( @param ImageHandle The firmware allocated handle for the EFI image.
Re: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
Hi, Michael With your comment: 1. Decide to define a new Protocol with just the new services(gEdkiiSmmCpuRedezvousProtocolGuid) 2. Modified it to 0x00. 3. keep v1 4. keep v1 Other modification: 1. SmmCpuRendezvousLib.inf: add MM_STANDALONE support 2. SmmCpuRendezvousLib.c: remove *constructor function, move its action into SmmWaitForAllProcessor function. > -Original Message- > From: Fu, Siyuan > Sent: Thursday, February 10, 2022 4:19 PM > To: devel@edk2.groups.io; Kinney, Michael D ; > Li, Zhihao ; Ni, Ray > Cc: Dong, Eric ; Kumar, Rahul1 > > Subject: RE: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg: Extend SMM CPU > Service with rendezvous support. > > Hi, Mike > > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of > Michael > > D Kinney > > Sent: 2022年2月9日 0:31 > > To: devel@edk2.groups.io; Li, Zhihao ; Kinney, > > Michael D > > Cc: Dong, Eric ; Ni, Ray ; > > Kumar, > > Rahul1 > > Subject: Re: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg: Extend SMM CPU > > Service with rendezvous support. > > > > Hi Zhihao, > > > > gEfiSmmCpuServiceProtocolGuid is defined in the UefiCpuPkg and is > > already an EDK II specific feature protocol. Adding an Edkii names > > version of the protocol does not make it clear that there is a > > relationship between the two versions of this protocol. You have > > added one new service to the existing protocol. The existing protocol > > does not have a Revision field so we do have to create a new Protocol > > Name/Protocol GUID. Based on previous use cases, we have a few options: > > > > 1) If Revision field is present, add to end and increase Revision > > value > > 2) If Revision field not present > > a) Define an _2 or _Ex version of the protocol with new service(s) added > > to end of structure and implement original version of the protocol on > > top of the _2 version of the protocol. > > b) Define a new Protocol with just the new services. (e.g. > > gEdkiiSmmCpuRedezvousProtocolGuid) > We previously discussed with Ray when deciding the protocol name and > choose the edk2 prefix. > @Ni, Ray > Any opinion on using an _Ex version protocol name or a separate protocol? Decide to define a new Protocol with just the new services(gEdkiiSmmCpuRedezvousProtocolGuid) > > > > > The patch also changes the DEC default value of > > gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode > > from 0x00 to 0x01. Changing the default value of a PCD in a DEC file > > is a non backwards compatible change. This should not be done. > > Instead, platforms that need the different sync mode should set that > > PCD in their DSC file. Modified it to 0x00. > > > > Is a new lib class really required at this time. The reason to add a > > new lib class is if there are multiple consumers. > There are lots of consumers but no in edk2 repo, mostly inside platform code > like edk2platforms. > Technically the SMI handler which require all processors in SMM mode to > complete its task (either due to security consideration or hardware/silicon > restriction) will need to consume this library interface to complete the > rendezvous in relax AP mode. > > > > > I see the lib instance uses a RegisterProtocolNotify in its > > constructor. Is it possible to use a Depex instead and eliminate the > > additional complexity of a constructor and RegisterProtocolNotify? > We can't use Depex since this is an optional protocol. It's not required to > those platforms which only have traditional sync mode support. > > Thanks, > Siyuan > > > > > Best regards, > > > > Mike > > > > > -Original Message- > > > From: devel@edk2.groups.io On Behalf Of Li, > > > Zhihao > > > Sent: Monday, February 7, 2022 9:36 PM > > > To: devel@edk2.groups.io > > > Cc: Dong, Eric ; Ni, Ray ; > > > Kumar, > > Rahul1 > > > Subject: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg: Extend SMM CPU > > > Service > > with rendezvous support. > > > > > > From: Zhihao Li > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 > > > > > > This patch extends the SMM CPU Service protocol with new interface > > > SmmWaitForAllProcessor(), which can be used by SMI handler to > > > optionally wait for other APs to complete SMM rendezvous in relaxed AP > mode. > > > > > > A new library SmmCpuRendezvousLib is provided to abstract the > > > service into library API to simple SMI handler code. > > > > > > Cc: Eric Dong &
Re: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
Hi Marvin With your comments: 1. According to granular of prototype (EFI_STATUS). 2. will delete assert and return status 3. Will delete assert and return first error(if so). Other modification: 1. SmmCpuRendezvousLib.inf: add MM_STANDALONE support 2. SmmCpuRendezvousLib.c: remove *constructor function, move its action into SmmWaitForAllProcessor function. > -Original Message- > From: Marvin Häuser > Sent: Friday, February 11, 2022 6:30 PM > To: devel@edk2.groups.io; Li, Zhihao > Cc: Dong, Eric ; Ni, Ray ; Kumar, > Rahul1 > Subject: Re: [edk2-devel] [PATCH v1 1/2] UefiCpuPkg: Extend SMM CPU > Service with rendezvous support. > > Good day, > > On 08.02.22 06:35, Li, Zhihao wrote: > > From: Zhihao Li > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 > > > > This patch extends the SMM CPU Service protocol with new interface > > SmmWaitForAllProcessor(), which can be used by SMI handler to > > optionally wait for other APs to complete SMM rendezvous in relaxed AP > mode. > > > > A new library SmmCpuRendezvousLib is provided to abstract the service > > into library API to simple SMI handler code. > > > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Rahul Kumar > > > > Signed-off-by: Zhihao Li > > --- > > UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | > 109 > > UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 65 > > > UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 14 ++- > > UefiCpuPkg/PiSmmCpuDxeSmm/SyncTimer.c | 2 +- > > UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 + > > UefiCpuPkg/Include/Protocol/SmmCpuService.h| 40 > > +++ > > UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf > | 32 ++ > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 28 > + > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 +- > > UefiCpuPkg/UefiCpuPkg.dec | 5 +- > > 10 files changed, 318 insertions(+), 7 deletions(-) > > > > diff --git > > a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c > > b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c > > new file mode 100644 > > index 00..3c5cd51d0c > > --- /dev/null > > +++ > b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c > > @@ -0,0 +1,109 @@ > > +/** @file > > > > +SMM CPU Rendezvous library header file. > > > > + > > > > +Copyright (c) 2021, Intel Corporation. All rights reserved. > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +STATIC EDKII_SMM_CPU_SERVICE_PROTOCOL *mSmmCpuService = > NULL; > > > > + > > > > +/** > > > > + This routine wait for all AP processors to arrive in SMM. > > > > + > > > > + @param BlockingMode Blocking mode or non-blocking mode. > > > > + > > > > + @retval TRUE All processors checked in to SMM > > > > + @retval FALSE Some processor not checked in to SMM > > > > + > > > > +**/ > > > > +EFI_STATUS > > > > +EFIAPI > > > > +SmmWaitForAllProcessor ( > > > > + IN BOOLEAN BlockingMode > > > > + ) > > > > +{ > > > > + EFI_STATUS Status; > > > > + > > > > + if (mSmmCpuService == NULL) { > > > > +return TRUE; > > > > + } > > > > + > > > > + Status = mSmmCpuService->WaitForAllProcessor ( > > > > + mSmmCpuService, > > > > + BlockingMode > > > > + ); > > > > + return EFI_ERROR(Status) ? FALSE : TRUE; > > Hmm, if there is a granular error code, why make it less granular by > conversion? Also the prototype says EFI_STATUS, and the docs say BOOLEAN. According to granular of prototype (EFI_STATUS). > > > > > +} > > > > + > > > > +/** > > > > + Register status code callback function only when Report Status Code > > + protocol > > > &
[edk2-devel] [PATCH v2 1/1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Signed-off-by: Zhihao Li --- CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 317 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c| 273 + CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c| 102 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c| 53 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 145 + CryptoPkg/Include/Library/BaseCryptLib.h | 31 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 8 +- CryptoPkg/Library/Include/CrtLibSupport.h | 16 +- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 2 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf | 2 + 10 files changed, 946 insertions(+), 3 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c new file mode 100644 index ..60d89ecfe43b --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c @@ -0,0 +1,317 @@ +/** @file + cSHAKE-256 Digest Wrapper Implementations. + +Copyright (c) 2022, Intel Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" + +#define CSHAKE256_SECURITY_STRENGTH256 +#define CSHAKE256_RATE_IN_BYTES136 + +const CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = {0}; + +unsigned int left_encode(unsigned char * encbuf, size_t value); +unsigned int right_encode(unsigned char * encbuf, size_t value); +int init (struct KECCAK1600_CTX *ctx, unsigned char pad, size_t bsz, size_t md_size); +int sha3_update (struct KECCAK1600_CTX *ctx, const void *_inp, size_t len); +int sha3_final (struct KECCAK1600_CTX *ctx, unsigned char *md); + +UINTN +EFIAPI +LeftEncode ( + OUT UINT8 *Encbuf, + IN UINTN Value + ) +{ + return left_encode (Encbuf, Value); +} + +UINTN +EFIAPI +RightEncode ( + OUT UINT8 *Encbuf, + IN UINTN Value + ) +{ + return right_encode (Encbuf, Value); +} + +/** + Retrieves the size, in bytes, of the context buffer required for cSHAKE-256 hash operations. + + @return The size, in bytes, of the context buffer required for cSHAKE-256 hash operations. + +**/ +UINTN +EFIAPI +CShake256GetContextSize ( + VOID + ) +{ + return (UINTN) (sizeof (struct KECCAK1600_CTX)); +} + +/** + Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for + subsequent use. + + @param[out] CShake256Context Pointer to cSHAKE-256 context being initialized. + @param[in] OutputLen The desired number of output length in bytes. + @param[in] Name Pointer to the function name string. + @param[in] NameLenThe length of the function name in bytes. + @param[in] Customization Pointer to the customization string. + @param[in] CustomizationLen The length of the customization string in bytes. + + @retval TRUE cSHAKE-256 context initialization succeeded. + @retval FALSE cSHAKE-256 context initialization failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CShake256Init ( + OUT VOID *CShake256Context, + INUINTN OutputLen, + INCONST VOID*Name, + INUINTN NameLen, + INCONST VOID*Customization, + INUINTN CustomizationLen + ) +{ + BOOLEAN Status; + unsigned char EncBuf[sizeof(size_t)+1]; + UINTN EncLen; + UINTN AbsorbLen; + UINTN PadLen; + + // + // Check input parameters. + // + if (CShake256Context == NULL || + OutputLen == 0 || + (NameLen != 0 && Name == NULL) || + (CustomizationLen != 0 && Customization == NULL)) { +return FALSE; + } + + // + // Initialize KECCAK context with pad value and block size. + // + if (NameLen == 0 && CustomizationLen == 0) { +// +// When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to +// SHAKE as defined in FIPS 202. +// +return (BOOLEAN) init ( + (struct KECCAK1600_CTX *) CShake256Context, + '\x1f', + (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8, + OutputLen + ); + } + + Status = (BOOLEAN) init ( + (struct KECCAK1600_CTX *) CShake256Context, + '\x04',
Re: [edk2-devel] [PATCH v1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
We try to make proper attribution for the code in openssl_sha3 and in xkcp. We separated their implementation into CryptSha3.c and CryptXkcp.c, Separated their declaration into sha3.h and xkcp.h. With the comment, we plan to delete these header files and put the declaration and Structure define into CryptCshake256.c. > -Original Message- > From: Yao, Jiewen > Sent: Wednesday, February 16, 2022 3:52 PM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; Jiang, Guomin ; Fu, > Siyuan > Subject: RE: [PATCH v1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > But I don’t understand why we need sha3.h and xkcp.h at all. > > > > -----Original Message- > > From: Li, Zhihao > > Sent: Wednesday, February 16, 2022 3:43 PM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; > > Jiang, Guomin ; Fu, Siyuan > > > Subject: RE: [PATCH v1] CryptoPkg: Add new hash algorithm > > ParallelHash256HashAll in BaseCryptLib. > > > > With your comment, we plan do some modification for parallelhash. > > 1. Plan to add a parameter (BlockSize) on ParallelHash256HashAll function > to > > replace PcdParallelHashBlockNumber. > > 2. Plan to move sha3.h and xkcp.h to CryptoPkg\Library\BaseCryptLib\Hash > > folder. > > > > > > > -Original Message- > > > From: Yao, Jiewen > > > Sent: Tuesday, February 15, 2022 2:09 PM > > > To: Li, Zhihao ; devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > > > ; Jiang, Guomin ; Fu, > > > Siyuan > > > Subject: RE: [PATCH v1] CryptoPkg: Add new hash algorithm > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > Thanks for the update. > > > > > > Feedback below: > > > > > > 1) How block size is determined for below API? > > > > > > BOOLEAN > > > EFIAPI > > > ParallelHash256HashAll ( > > > IN CONST VOID*Input, > > > IN UINTN InputByteLen, > > > OUT VOID*Output, > > > IN UINTN OutputByteLen, > > > IN CONST VOID*Customization, > > > IN UINTN CustomByteLen > > > ); > > > > > > Is that determined by PcdParallelHashBlockNumber ? > > > > > > I don’t think it is good idea to let a crypto library determine a platform > PCD. > > > For example, how do you support binary crypto module ? > > Plan to add a parameter (BlockSize) to replace > PcdParallelHashBlockNumber. > > > > > > 2) Why we need "sha3.h" and "xkcp.h" ? > > > These are openssl specific structure. It shall not be put to EDKII file > header. > > > > > > CryptoPkg\Library\Include shall only contain generic dependency header. > > Plan to move sha3.h and xkcp.h to CryptoPkg\Library\BaseCryptLib\Hash > folder. > > > > > > > > > > > > > > > Thank you > > > Yao, Jiewen > > > > > > > -Original Message- > > > > From: Li, Zhihao > > > > Sent: Friday, February 11, 2022 5:05 PM > > > > To: devel@edk2.groups.io > > > > Cc: Yao, Jiewen ; Wang, Jian J > > > > ; Lu, Xiaoyu1 ; Jiang, > > > > Guomin ; Fu, Siyuan > > > > Subject: [PATCH v1] CryptoPkg: Add new hash algorithm > > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 > > > > > > > > Parallel hash function ParallelHash256HashAll, as defined in NIST's > > > > Special Publication 800-185, published December 2016. It utilizes > > > > multi-process to calculate the digest. > > > > > > > > Cc: Jiewen Yao > > > > Cc: Jian J Wang > > > > Cc: Xiaoyu Lu > > > > Cc: Guomin Jiang > > > > Cc: Siyuan Fu > > > > > > > > Signed-off-by: Zhihao Li > > > > --- > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > > > | 313 > > > > > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c > > > > | 275 > > > > + > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c > > > > | 102 > > > +++ > > > > CryptoPkg/Library/BaseCryptLib/Hash/Cr
[edk2-devel] Recall: [PATCH v1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
Li, Zhihao would like to recall the message, "[PATCH v1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.". -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86703): https://edk2.groups.io/g/devel/message/86703 Mute This Topic: https://groups.io/mt/89181603/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
In CT 46 review result, it require that the code in openssl_sha3 and in xkcp need to be made proper attribution. We separated their implementation into CryptSha3.c and CryptXkcp.c, separated their header files into sha3.h and xkcp.h. Now we plan to delete these header files and put the declaration and structure define into CryptCshake256.c if head file not within the scope of CT46 suggestion. > -Original Message- > From: Yao, Jiewen > Sent: Wednesday, February 16, 2022 3:52 PM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; Jiang, Guomin ; Fu, > Siyuan > Subject: RE: [PATCH v1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > But I don’t understand why we need sha3.h and xkcp.h at all. > > > > -----Original Message- > > From: Li, Zhihao > > Sent: Wednesday, February 16, 2022 3:43 PM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; > > Jiang, Guomin ; Fu, Siyuan > > > Subject: RE: [PATCH v1] CryptoPkg: Add new hash algorithm > > ParallelHash256HashAll in BaseCryptLib. > > > > With your comment, we plan do some modification for parallelhash. > > 1. Plan to add a parameter (BlockSize) on ParallelHash256HashAll function > to > > replace PcdParallelHashBlockNumber. > > 2. Plan to move sha3.h and xkcp.h to CryptoPkg\Library\BaseCryptLib\Hash > > folder. > > > > > > > -Original Message- > > > From: Yao, Jiewen > > > Sent: Tuesday, February 15, 2022 2:09 PM > > > To: Li, Zhihao ; devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, Xiaoyu1 > > > ; Jiang, Guomin ; Fu, > > > Siyuan > > > Subject: RE: [PATCH v1] CryptoPkg: Add new hash algorithm > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > Thanks for the update. > > > > > > Feedback below: > > > > > > 1) How block size is determined for below API? > > > > > > BOOLEAN > > > EFIAPI > > > ParallelHash256HashAll ( > > > IN CONST VOID*Input, > > > IN UINTN InputByteLen, > > > OUT VOID*Output, > > > IN UINTN OutputByteLen, > > > IN CONST VOID*Customization, > > > IN UINTN CustomByteLen > > > ); > > > > > > Is that determined by PcdParallelHashBlockNumber ? > > > > > > I don’t think it is good idea to let a crypto library determine a platform > PCD. > > > For example, how do you support binary crypto module ? > > Plan to add a parameter (BlockSize) to replace > PcdParallelHashBlockNumber. > > > > > > 2) Why we need "sha3.h" and "xkcp.h" ? > > > These are openssl specific structure. It shall not be put to EDKII file > header. > > > > > > CryptoPkg\Library\Include shall only contain generic dependency header. > > Plan to move sha3.h and xkcp.h to CryptoPkg\Library\BaseCryptLib\Hash > folder. > > > > > > > > > > > > > > > Thank you > > > Yao, Jiewen > > > > > > > -Original Message- > > > > From: Li, Zhihao > > > > Sent: Friday, February 11, 2022 5:05 PM > > > > To: devel@edk2.groups.io > > > > Cc: Yao, Jiewen ; Wang, Jian J > > > > ; Lu, Xiaoyu1 ; Jiang, > > > > Guomin ; Fu, Siyuan > > > > Subject: [PATCH v1] CryptoPkg: Add new hash algorithm > > > > ParallelHash256HashAll in BaseCryptLib. > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 > > > > > > > > Parallel hash function ParallelHash256HashAll, as defined in NIST's > > > > Special Publication 800-185, published December 2016. It utilizes > > > > multi-process to calculate the digest. > > > > > > > > Cc: Jiewen Yao > > > > Cc: Jian J Wang > > > > Cc: Xiaoyu Lu > > > > Cc: Guomin Jiang > > > > Cc: Siyuan Fu > > > > > > > > Signed-off-by: Zhihao Li > > > > --- > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > > > | 313 > > > > > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c > > > > | 275 > > > > + > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c > > > > | 102 > >
Re: [edk2-devel] [PATCH v1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
With your comment, we plan do some modification for parallelhash. 1. Plan to add a parameter (BlockSize) on ParallelHash256HashAll function to replace PcdParallelHashBlockNumber. 2. Plan to move sha3.h and xkcp.h to CryptoPkg\Library\BaseCryptLib\Hash folder. > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, February 15, 2022 2:09 PM > To: Li, Zhihao ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, Xiaoyu1 > ; Jiang, Guomin ; Fu, > Siyuan > Subject: RE: [PATCH v1] CryptoPkg: Add new hash algorithm > ParallelHash256HashAll in BaseCryptLib. > > Thanks for the update. > > Feedback below: > > 1) How block size is determined for below API? > > BOOLEAN > EFIAPI > ParallelHash256HashAll ( > IN CONST VOID*Input, > IN UINTN InputByteLen, > OUT VOID*Output, > IN UINTN OutputByteLen, > IN CONST VOID*Customization, > IN UINTN CustomByteLen > ); > > Is that determined by PcdParallelHashBlockNumber ? > > I don’t think it is good idea to let a crypto library determine a platform > PCD. > For example, how do you support binary crypto module ? Plan to add a parameter (BlockSize) to replace PcdParallelHashBlockNumber. > > 2) Why we need "sha3.h" and "xkcp.h" ? > These are openssl specific structure. It shall not be put to EDKII file > header. > > CryptoPkg\Library\Include shall only contain generic dependency header. Plan to move sha3.h and xkcp.h to CryptoPkg\Library\BaseCryptLib\Hash folder. > > > > > Thank you > Yao, Jiewen > > > -Original Message- > > From: Li, Zhihao > > Sent: Friday, February 11, 2022 5:05 PM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > > ; Lu, Xiaoyu1 ; Jiang, > > Guomin ; Fu, Siyuan > > Subject: [PATCH v1] CryptoPkg: Add new hash algorithm > > ParallelHash256HashAll in BaseCryptLib. > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 > > > > Parallel hash function ParallelHash256HashAll, as defined in NIST's > > Special Publication 800-185, published December 2016. It utilizes > > multi-process to calculate the digest. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Siyuan Fu > > > > Signed-off-by: Zhihao Li > > --- > > CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | > > 313 > > > > CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c| > > 275 > > + > > CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c| > > 102 > +++ > > CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c| > > 53 > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | > 152 > > ++ > > CryptoPkg/CryptoPkg.dec| > > 9 +- > > CryptoPkg/Include/Library/BaseCryptLib.h | > > 29 +- > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | > > 12 +- > > CryptoPkg/Library/Include/CrtLibSupport.h | > > 5 +- > > CryptoPkg/Library/Include/sha3.h | > > 32 ++ > > CryptoPkg/Library/Include/xkcp.h | > > 23 ++ > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h| > > 3 > +- > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf > | 7 + > > CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf | > 6 + > > 14 files changed, 1016 insertions(+), 5 deletions(-) > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > new file mode 100644 > > index 00..5efced3f46 > > --- /dev/null > > +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c > > @@ -0,0 +1,313 @@ > > +/** @file > > > > + cSHAKE-256 Digest Wrapper Implementations. > > > > + > > > > +Copyright (c) 2022, Intel Corporation. All rights reserved. > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include "InternalCryptLib.h" > > > > +#include "sha3.h" > > > > +#include "xkcp.h" > > > &
[edk2-devel] [PATCH v1] CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 Parallel hash function ParallelHash256HashAll, as defined in NIST's Special Publication 800-185, published December 2016. It utilizes multi-process to calculate the digest. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Siyuan Fu Signed-off-by: Zhihao Li --- CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c | 313 CryptoPkg/Library/BaseCryptLib/Hash/CryptParallelHash.c| 275 + CryptoPkg/Library/BaseCryptLib/Hash/CryptSha3.c| 102 +++ CryptoPkg/Library/BaseCryptLib/Hash/CryptXkcp.c| 53 CryptoPkg/Test/UnitTest/Library/BaseCryptLib/ParallelhashTests.c | 152 ++ CryptoPkg/CryptoPkg.dec| 9 +- CryptoPkg/Include/Library/BaseCryptLib.h | 29 +- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 12 +- CryptoPkg/Library/Include/CrtLibSupport.h | 5 +- CryptoPkg/Library/Include/sha3.h | 32 ++ CryptoPkg/Library/Include/xkcp.h | 23 ++ CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLib.h| 3 +- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibHost.inf | 7 + CryptoPkg/Test/UnitTest/Library/BaseCryptLib/TestBaseCryptLibShell.inf | 6 + 14 files changed, 1016 insertions(+), 5 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c new file mode 100644 index 00..5efced3f46 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptCShake256.c @@ -0,0 +1,313 @@ +/** @file + cSHAKE-256 Digest Wrapper Implementations. + +Copyright (c) 2022, Intel Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "InternalCryptLib.h" +#include "sha3.h" +#include "xkcp.h" + +#define CSHAKE256_SECURITY_STRENGTH256 +#define CSHAKE256_RATE_IN_BYTES136 + +const CHAR8 mZeroPadding[CSHAKE256_RATE_IN_BYTES] = {0}; + +UINTN +EFIAPI +LeftEncode ( + OUT UINT8 *Encbuf, + IN UINTN Value + ) +{ + return left_encode (Encbuf, Value); +} + +UINTN +EFIAPI +RightEncode ( + OUT UINT8 *Encbuf, + IN UINTN Value + ) +{ + return right_encode (Encbuf, Value); +} + +/** + Retrieves the size, in bytes, of the context buffer required for cSHAKE-256 hash operations. + + @return The size, in bytes, of the context buffer required for cSHAKE-256 hash operations. + +**/ +UINTN +EFIAPI +CShake256GetContextSize ( + VOID + ) +{ + return (UINTN) (sizeof (KECCAK1600_CTX)); +} + +/** + Initializes user-supplied memory pointed by CShake256Context as cSHAKE-256 hash context for + subsequent use. + + @param[out] CShake256Context Pointer to cSHAKE-256 context being initialized. + @param[in] OutputLen The desired number of output length in bytes. + @param[in] Name Pointer to the function name string. + @param[in] NameLenThe length of the function name in bytes. + @param[in] Customization Pointer to the customization string. + @param[in] CustomizationLen The length of the customization string in bytes. + + @retval TRUE cSHAKE-256 context initialization succeeded. + @retval FALSE cSHAKE-256 context initialization failed. + @retval FALSE This interface is not supported. + +**/ +BOOLEAN +EFIAPI +CShake256Init ( + OUT VOID *CShake256Context, + INUINTN OutputLen, + INCONST VOID*Name, + INUINTN NameLen, + INCONST VOID*Customization, + INUINTN CustomizationLen + ) +{ + BOOLEAN Status; + unsigned char EncBuf[sizeof(size_t)+1]; + UINTN EncLen; + UINTN AbsorbLen; + UINTN PadLen; + + // + // Check input parameters. + // + if (CShake256Context == NULL || + OutputLen == 0 || + (NameLen != 0 && Name == NULL) || + (CustomizationLen != 0 && Customization == NULL)) { +return FALSE; + } + + // + // Initialize KECCAK context with pad value and block size. + // + if (NameLen == 0 && CustomizationLen == 0) { +// +// When N and S are both empty strings, cSHAKE(X, L, N, S) is equivalent to +// SHAKE as defined in FIPS 202. +// +return (BOOLEAN) init ( + (KECCAK1600_CTX *) CShake256Context, + '\x1f', + (KECCAK1600_WIDTH - CSHAKE256_SECURITY_STRENGTH * 2) / 8, + OutputLen + ); + } + + Status = (BOOLEAN) init ( + (KECCAK1600_CTX *) CShake256Context, + '\x04', +
[edk2-devel] [PATCH v1 1/2] UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 This patch extends the SMM CPU Service protocol with new interface SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Signed-off-by: Zhihao Li --- UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c | 109 UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c | 65 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 14 ++- UefiCpuPkg/PiSmmCpuDxeSmm/SyncTimer.c | 2 +- UefiCpuPkg/Include/Library/SmmCpuRendezvousLib.h | 27 + UefiCpuPkg/Include/Protocol/SmmCpuService.h| 40 +++ UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.inf | 32 ++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 28 + UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 +- UefiCpuPkg/UefiCpuPkg.dec | 5 +- 10 files changed, 318 insertions(+), 7 deletions(-) diff --git a/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c new file mode 100644 index 00..3c5cd51d0c --- /dev/null +++ b/UefiCpuPkg/Library/SmmCpuRendezvousLib/SmmCpuRendezvousLib.c @@ -0,0 +1,109 @@ +/** @file +SMM CPU Rendezvous library header file. + +Copyright (c) 2021, Intel Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include +#include +#include +#include +#include +#include +#include +#include + +STATIC EDKII_SMM_CPU_SERVICE_PROTOCOL *mSmmCpuService = NULL; + +/** + This routine wait for all AP processors to arrive in SMM. + + @param BlockingMode Blocking mode or non-blocking mode. + + @retval TRUE All processors checked in to SMM + @retval FALSE Some processor not checked in to SMM + +**/ +EFI_STATUS +EFIAPI +SmmWaitForAllProcessor ( + IN BOOLEAN BlockingMode + ) +{ + EFI_STATUS Status; + + if (mSmmCpuService == NULL) { +return TRUE; + } + + Status = mSmmCpuService->WaitForAllProcessor ( + mSmmCpuService, + BlockingMode + ); + return EFI_ERROR(Status) ? FALSE : TRUE; +} + +/** + Register status code callback function only when Report Status Code protocol + is installed. + + @param Protocol Points to the protocol's unique identifier. + @param Interface Points to the interface instance. + @param Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +SmmCpuServiceProtocolNotify ( + IN CONST EFI_GUID*Protocol, + IN VOID *Interface, + IN EFI_HANDLEHandle + ) +{ + EFI_STATUS Status; + + Status = gSmst->SmmLocateProtocol ( +, +NULL, +(VOID **) +); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + The constructor function + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +SmmCpuRendezvousLibConstructor ( + IN EFI_HANDLEImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + VOID*Registration; + + Status = gSmst->SmmLocateProtocol (, NULL, (VOID **) ); + if (EFI_ERROR (Status)) { +Status = gSmst->SmmRegisterProtocolNotify ( +, +SmmCpuServiceProtocolNotify, + +); +ASSERT_EFI_ERROR (Status); + } + return EFI_SUCCESS; +} \ No newline at end of file diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c index 5d624f8e9e..34019c24ff 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/CpuService.c @@ -20,6 +20,19 @@ EFI_SMM_CPU_SERVICE_PROTOCOL mSmmCpuService = { SmmRegisterExceptionHandler }; +// +// EDKII SMM CPU Service Protocol instance +// +EDKII_SMM_CPU_SERVICE_PROTOCOL mEdkiiSmmCpuService = { + SmmGetProcessorInfo, + SmmSwitchBsp, + SmmAddProcessor, + SmmRemoveProcessor, + SmmWhoAmI, + SmmRegisterExceptionHandler, + SmmWaitForAllProcessor +}; + /** Gets processor information on the requested processor at the instant this call is made. @@ -365,5 +378,57 @@ InitializeSmmCpuServices ( );
[edk2-devel] [PATCH v1 2/2] MdeModulePkg: Modified VariableSmm driver to use new interface SmmWaitForAllProcessor().
From: Zhihao Li REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3815 Last patch extends the SMM CPU Service protocol with new interface SmmWaitForAllProcessor(), which can be used by SMI handler to optionally wait for other APs to complete SMM rendezvous in relaxed AP mode. A new library SmmCpuRendezvousLib is provided to abstract the service into library API to simple SMI handler code. This patch modified VariableSmm driver in MdeModulePkg to let the SMI handler wait for all APs complete SMM rendezvous when policy is AP relaxed mode. Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Zhihao Li --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 8 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 2 ++ 2 files changed, 10 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 517cae7b00..1109f06833 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#include #include #include "Variable.h" @@ -656,6 +657,13 @@ SmmVariableHandler ( goto EXIT; } + if ((SmmVariableHeader->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { +if (!SmmWaitForAllProcessor (TRUE)) { + DEBUG ((EFI_D_ERROR, "SetVariable: fail to wait for all AP check in SMM!\n")); + goto EXIT; +} + } + Status = VariableServiceSetVariable ( SmmVariableHeader->Name, >Guid, diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index eaa97a01c6..206a5a7e2d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -63,6 +63,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + UefiCpuPkg/UefiCpuPkg.dec [LibraryClasses] UefiDriverEntryPoint @@ -82,6 +83,7 @@ UefiBootServicesTableLib VariablePolicyLib VariablePolicyHelperLib + SmmCpuRendezvousLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86441): https://edk2.groups.io/g/devel/message/86441 Mute This Topic: https://groups.io/mt/88991120/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.
Hi, Jiewen Thanks for your suggestions. In view of your advice, this RFC only talk about the new featureParallel hash. Mainly modification in https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c Others will be designed anew. From: Yao, Jiewen Sent: Thursday, September 9, 2021 6:04 PM To: Li, Zhihao ; Andrew Fish ; Ethin Probst ; Kinney, Michael D ; edk2-devel-groups-io Cc: Wang, Jian J ; Wu, Hao A ; Lu, XiaoyuX ; Jiang, Guomin ; gaolim...@byosoft.com.cn; Fu, Siyuan ; Wu, Yidong ; Li, Aaron Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Hi AllowList and DenyList are *secure boot* concept. FMP auth lib is for *signed capsule* and it does not consider secure boot – allow list and deny list. In my mind, neither secure boot and FSP auth shall know the existence of parallel hash. The verification logic shall be isolated. Sorry, I don’t understand the design. I am worried that you put too many concept together. Adding parallel hash is one thing. Adding allow list and deny list to FMP is another thing. Please don’t mix them together. I would like to request a design review for this feature. Thank you Yao Jiewen From: Li, Zhihao mailto:zhihao...@intel.com>> Sent: Thursday, September 9, 2021 5:49 PM To: Yao, Jiewen mailto:jiewen@intel.com>>; Andrew Fish mailto:af...@apple.com>>; Ethin Probst mailto:harlydavid...@gmail.com>>; Kinney, Michael D mailto:michael.d.kin...@intel.com>>; edk2-devel-groups-io mailto:devel@edk2.groups.io>> Cc: Wang, Jian J mailto:jian.j.w...@intel.com>>; Wu, Hao A mailto:hao.a...@intel.com>>; Lu, XiaoyuX mailto:xiaoyux...@intel.com>>; Jiang, Guomin mailto:guomin.ji...@intel.com>>; gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>; Fu, Siyuan mailto:siyuan...@intel.com>>; Wu, Yidong mailto:yidong...@intel.com>>; Li, Aaron mailto:aaron...@intel.com>> Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. I send this mail for asking that if there are any comments about parallel hash feature. Mainly modification: CryptoPkg: https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c MdeMoudulePkg: https://github.com/zhihaoli1064/edk2/blob/master/MdeModulePkg/Include/Library/FmpAuthenticationLib.h line59-67 SecurityPkg: https://github.com/zhihaoli1064/edk2/blob/master/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c line119-188,287-350 From: Li, Zhihao Sent: Friday, September 3, 2021 4:44 PM To: Yao, Jiewen mailto:jiewen@intel.com>>; Andrew Fish mailto:af...@apple.com>>; edk2-devel-groups-io mailto:devel@edk2.groups.io>>; Kinney, Michael D mailto:michael.d.kin...@intel.com>> Cc: Wang, Jian J mailto:jian.j.w...@intel.com>>; Wu, Hao A mailto:hao.a...@intel.com>>; Lu, XiaoyuX mailto:xiaoyux...@intel.com>>; Jiang, Guomin mailto:guomin.ji...@intel.com>>; gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>; Fu, Siyuan mailto:siyuan...@intel.com>>; Wu, Yidong mailto:yidong...@intel.com>>; Li, Aaron mailto:aaron...@intel.com>> Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Hi, Jiewen I try to explant what means “more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist)”. When we confirm the image is effective, we have to confirm not only that image certificate is on the whitelist, but also that it is not on the blacklist. So it have two steps in verification process(only talk about FmpAuthentication)- VerifyImageWithDenylist and VerifyImageWithAllowlist. VerifyImageWithDenylist confirms it not in blacklist while VerifyImageWithAllowlist confirms it in whitelist. ==>VerifyImageWithDenylist should do FmpAuthentication and failed. VerifyImageWithAllowlist Should do FmpAuthentication and success. In our design: Result=parallelhash256(image);--① Status1= VerifyImageWithDenylist(image,result);-② Status2= VerifyImageWithAllowlist(image,result);-③ Status1 is failed, status2 is success==>image is effective. If do it inside of AuthenticateFmpImage In step ②,it need do parallelhash256(image) . And in step ③,it also need do parallelhash256(image) . Because AuthenticateFmpImage Function is inside of VerifyImageWithDenylist And VerifyImageWithAllowlist. Poc code link of edk2: https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c From: Yao, Jiewen mailto:jiewen@intel.com>> Sent: Friday, September 3, 2021 3:07 PM To: Li, Zhihao mailto:zhihao...@intel.com>>; Andrew Fish mailto:af...@apple.com>>; edk2-devel-groups-io mailto:devel@edk2.groups.io>>; Kinney, Michael D mailto:michael.d.kin...@int
Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.
I send this mail for asking that if there are any comments about parallel hash feature. Mainly modification: CryptoPkg: https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c MdeMoudulePkg: https://github.com/zhihaoli1064/edk2/blob/master/MdeModulePkg/Include/Library/FmpAuthenticationLib.h line59-67 SecurityPkg: https://github.com/zhihaoli1064/edk2/blob/master/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c line119-188,287-350 From: Li, Zhihao Sent: Friday, September 3, 2021 4:44 PM To: Yao, Jiewen ; Andrew Fish ; edk2-devel-groups-io ; Kinney, Michael D Cc: Wang, Jian J ; Wu, Hao A ; Lu, XiaoyuX ; Jiang, Guomin ; gaolim...@byosoft.com.cn; Fu, Siyuan ; Wu, Yidong ; Li, Aaron Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Hi, Jiewen I try to explant what means “more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist)”. When we confirm the image is effective, we have to confirm not only that image certificate is on the whitelist, but also that it is not on the blacklist. So it have two steps in verification process(only talk about FmpAuthentication)- VerifyImageWithDenylist and VerifyImageWithAllowlist. VerifyImageWithDenylist confirms it not in blacklist while VerifyImageWithAllowlist confirms it in whitelist. ==>VerifyImageWithDenylist should do FmpAuthentication and failed. VerifyImageWithAllowlist Should do FmpAuthentication and success. In our design: Result=parallelhash256(image);--① Status1= VerifyImageWithDenylist(image,result);-② Status2= VerifyImageWithAllowlist(image,result);-③ Status1 is failed, status2 is success==>image is effective. If do it inside of AuthenticateFmpImage In step ②,it need do parallelhash256(image) . And in step ③,it also need do parallelhash256(image) . Because AuthenticateFmpImage Function is inside of VerifyImageWithDenylist And VerifyImageWithAllowlist. Poc code link of edk2: https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c From: Yao, Jiewen mailto:jiewen@intel.com>> Sent: Friday, September 3, 2021 3:07 PM To: Li, Zhihao mailto:zhihao...@intel.com>>; Andrew Fish mailto:af...@apple.com>>; edk2-devel-groups-io mailto:devel@edk2.groups.io>>; Kinney, Michael D mailto:michael.d.kin...@intel.com>> Cc: Wang, Jian J mailto:jian.j.w...@intel.com>>; Wu, Hao A mailto:hao.a...@intel.com>>; Lu, XiaoyuX mailto:xiaoyux...@intel.com>>; Jiang, Guomin mailto:guomin.ji...@intel.com>>; gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>; Fu, Siyuan mailto:siyuan...@intel.com>>; Wu, Yidong mailto:yidong...@intel.com>>; Li, Aaron mailto:aaron...@intel.com>> Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Sorry, I hardly understand the explanation. Do you have a URL for the POC code? From: Li, Zhihao mailto:zhihao...@intel.com>> Sent: Friday, September 3, 2021 2:58 PM To: Yao, Jiewen mailto:jiewen@intel.com>>; Andrew Fish mailto:af...@apple.com>>; edk2-devel-groups-io mailto:devel@edk2.groups.io>>; Kinney, Michael D mailto:michael.d.kin...@intel.com>> Cc: Wang, Jian J mailto:jian.j.w...@intel.com>>; Wu, Hao A mailto:hao.a...@intel.com>>; Lu, XiaoyuX mailto:xiaoyux...@intel.com>>; Jiang, Guomin mailto:guomin.ji...@intel.com>>; gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>; Fu, Siyuan mailto:siyuan...@intel.com>>; Wu, Yidong mailto:yidong...@intel.com>>; Li, Aaron mailto:aaron...@intel.com>> Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Hi Some explanation for confusion. 1. Is the result of the parallel hash identical to the current hash? The result of parallelhash256 do not identical to the current hash. And we are not intention to let parallelhash256 replace the current hash(SHA-256). But doing the parallel hash before the current hash to reduce the size of current hash input. Otherwise, the parallel hash effect is compressing the size of FmpAuthentication input and the use of MP Services is the inseparable part of this algorithm. It’s a new hash algorithm. So it should not move to FmpAuthenticationLib. 1. Why we cannot do it inside of AuthenticateFmpImage? Because of more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist), if we do the parallel hash inside of AuthenticateFmpImage(Denylist auth), we have to do another parallel hash for Allowlist’s AuthenticateFmpImage. It’s repeat operation. Poc code in branch named dev/sfu5/parallel_hash_ossl The verify flow is: ImageParaHash = ParallelHash-256 (Image) PKCS7_Verify (PublicKey, ImageParaHash) In FmpAuthenticationLibPkcs7 ,th
Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.
Hi, Ethin. Thanks for your reminder. We have considered what you said. In poc code https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c for (Index = 0; Index < gSmst->NumberOfCpus; Index++) { if (Index != gSmst->CurrentlyExecutingCpu) { Status = gSmst->SmmStartupThisAp (ParallelHashApExecute, Index, NULL); if (!EFI_ERROR(Status)) { StartedApNum++; } } } VOID EFIAPI ParallelHashApExecute ( IN VOID *ProcedureArgument ) { UINTN Index; for (Index = 0; Index < mBlockNum; Index++) { // // Acquire lock for a target block. // if (!AcquireSpinLockOrFail ([Index])) { // // Failed, try next one. // continue; } // // Calculate cSHAKE256 for this block // CShake256HashAll ( mInput + Index * mBlockSize, (Index == (mBlockNum - 1)) ? mLastBlockSize : mBlockSize, mBlockResultSize, NULL, 0, NULL, 0, mBlockHashResult + Index * mBlockResultSize ); mBlockIsCompleted[Index] = TRUE; } } The code start ap to run the function ParallelHashApExecute, the parallelHashApExecute running result will fill in the corresponding block. And each ap running ParallelHashApExecute will not block. The performance test result is ideal. From: Ethin Probst Sent: Friday, September 3, 2021 3:48 PM To: edk2-devel-groups-io ; Yao, Jiewen Cc: Andrew Fish ; Kinney, Michael D ; Li, Zhihao ; Wang, Jian J ; Wu, Hao A ; Lu, XiaoyuX ; Jiang, Guomin ; Liming Gao (Byosoft address) ; Fu, Siyuan ; Wu, Yidong ; Li, Aaron Subject: Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. I think another problem that we need to consider is that to my knowledge, the MP services do not allow for thread scheduling at all. You can run a call back on multiple processors, but that won't increase the performance of the function you're calling because the function will be executed independently of all other processors doing the work, so you would need to intelligently write the function to determine what processor it's on and that in turn would determine what work the function does. This would also bring in the requirement for synchronization primitives like mutexes and locks. I'm not sure how exactly that could be accomplished without changing the API, or at least adding new functionality to it. But I may be missing something and this may be possible. But last time I checked, UEFI did not contain a thread-based scheduler. On Thu, Sep 2, 2021, 20:02 Yao, Jiewen mailto:jiewen@intel.com>> wrote: > > Hi > > Comment on 2/3. > > > > I am not sure if the a new function AuthenticateFmpImageWithParallelhash() is > absolutely necessary. > > Why you do the parallel hash before authentication and transfer the result to > AuthenticateFmpImage? > > Why we cannot do it inside of AuthenticateFmpImage? > > > > Ideally, we hope to hide *algorithm* from *business logic*. > > Do you have any POC link? > > > > Thank you > > Yao Jiewen > > > > From: Andrew Fish mailto:af...@apple.com>> > Sent: Friday, September 3, 2021 7:16 AM > To: edk2-devel-groups-io mailto:devel@edk2.groups.io>>; > Kinney, Michael D > mailto:michael.d.kin...@intel.com>> > Cc: Li, Zhihao mailto:zhihao...@intel.com>>; Yao, Jiewen > mailto:jiewen@intel.com>>; Wang, Jian J > mailto:jian.j.w...@intel.com>>; Wu, Hao A > mailto:hao.a...@intel.com>>; Lu, XiaoyuX > mailto:xiaoyux...@intel.com>>; Jiang, Guomin > mailto:guomin.ji...@intel.com>>; > gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>; Fu, Siyuan > mailto:siyuan...@intel.com>>; Wu, Yidong > mailto:yidong...@intel.com>>; Li, Aaron > mailto:aaron...@intel.com>> > Subject: Re: [edk2-devel] [RFC] Add parallel hash feature into > CryptoPkg.BaseCryptLib. > > > > > > > >> On Sep 2, 2021, at 8:50 AM, Michael D Kinney >> mailto:michael.d.kin...@intel.com>> wrote: >> >> >> >> Hi Zhihao, >> >> >> >> Is the result of the parallel hash identical to the current hash? If so, >> then can we simply have a new instance of the FmpAuthenticationLib and hide >> the ParallelHash256 digest inside this implementation of this new instance? >> >> >> >> I do not think BaseCryptLib should depend on CPU MP Services Protocol. Can >> the use of MP Services be moved up into the implementation of the new >> FmpAuthenticationLib? If new BASE compatible primitives need to be added to >> BaseCryptLib to support parallel hash, then those likely make sense. >> >> > > > > > > Mike, &g
Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.
Hi, Jiewen I try to explant what means “more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist)”. When we confirm the image is effective, we have to confirm not only that image certificate is on the whitelist, but also that it is not on the blacklist. So it have two steps in verification process(only talk about FmpAuthentication)- VerifyImageWithDenylist and VerifyImageWithAllowlist. VerifyImageWithDenylist confirms it not in blacklist while VerifyImageWithAllowlist confirms it in whitelist. ==>VerifyImageWithDenylist should do FmpAuthentication and failed. VerifyImageWithAllowlist Should do FmpAuthentication and success. In our design: Result=parallelhash256(image);--① Status1= VerifyImageWithDenylist(image,result);-② Status2= VerifyImageWithAllowlist(image,result);-③ Status1 is failed, status2 is success==>image is effective. If do it inside of AuthenticateFmpImage In step ②,it need do parallelhash256(image) . And in step ③,it also need do parallelhash256(image) . Because AuthenticateFmpImage Function is inside of VerifyImageWithDenylist And VerifyImageWithAllowlist. Poc code link of edk2: https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c From: Yao, Jiewen Sent: Friday, September 3, 2021 3:07 PM To: Li, Zhihao ; Andrew Fish ; edk2-devel-groups-io ; Kinney, Michael D Cc: Wang, Jian J ; Wu, Hao A ; Lu, XiaoyuX ; Jiang, Guomin ; gaolim...@byosoft.com.cn; Fu, Siyuan ; Wu, Yidong ; Li, Aaron Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Sorry, I hardly understand the explanation. Do you have a URL for the POC code? From: Li, Zhihao mailto:zhihao...@intel.com>> Sent: Friday, September 3, 2021 2:58 PM To: Yao, Jiewen mailto:jiewen@intel.com>>; Andrew Fish mailto:af...@apple.com>>; edk2-devel-groups-io mailto:devel@edk2.groups.io>>; Kinney, Michael D mailto:michael.d.kin...@intel.com>> Cc: Wang, Jian J mailto:jian.j.w...@intel.com>>; Wu, Hao A mailto:hao.a...@intel.com>>; Lu, XiaoyuX mailto:xiaoyux...@intel.com>>; Jiang, Guomin mailto:guomin.ji...@intel.com>>; gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>; Fu, Siyuan mailto:siyuan...@intel.com>>; Wu, Yidong mailto:yidong...@intel.com>>; Li, Aaron mailto:aaron...@intel.com>> Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Hi Some explanation for confusion. 1. Is the result of the parallel hash identical to the current hash? The result of parallelhash256 do not identical to the current hash. And we are not intention to let parallelhash256 replace the current hash(SHA-256). But doing the parallel hash before the current hash to reduce the size of current hash input. Otherwise, the parallel hash effect is compressing the size of FmpAuthentication input and the use of MP Services is the inseparable part of this algorithm. It’s a new hash algorithm. So it should not move to FmpAuthenticationLib. 1. Why we cannot do it inside of AuthenticateFmpImage? Because of more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist), if we do the parallel hash inside of AuthenticateFmpImage(Denylist auth), we have to do another parallel hash for Allowlist’s AuthenticateFmpImage. It’s repeat operation. Poc code in branch named dev/sfu5/parallel_hash_ossl The verify flow is: ImageParaHash = ParallelHash-256 (Image) PKCS7_Verify (PublicKey, ImageParaHash) In FmpAuthenticationLibPkcs7 ,the parameter Output of FmpAuthenticatedHandlerPkcs7WithParallelhash is image digest. It replace the original image. FmpAuthenticatedHandlerPkcs7WithParallelhash ( IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, IN UINTN ImageSize, IN CONST UINT8*PublicKeyData, IN UINTN PublicKeyDataLength, IN UINT8 *Output ) { RETURN_STATUS Status; BOOLEAN CryptoStatus; VOID *P7Data; UINTN P7Length; VOID *TempBuffer; UINTN PayloadHeaderSize = 69; UINTN ParallelhashSize = 64; P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)); P7Data = Image->AuthInfo.CertData; // It is a signature across the variable data and the Monotonic Count value. TempBuffer = AllocatePool(sizeof(Image->MonotonicCount) + ParallelhashSize + PayloadHeaderSize); CopyMem( (UINT8 *)TempBuffer, (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, PayloadHeaderSize ); CopyMem( (UI
Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.
Hi Some explanation for confusion. 1. Is the result of the parallel hash identical to the current hash? The result of parallelhash256 do not identical to the current hash. And we are not intention to let parallelhash256 replace the current hash(SHA-256). But doing the parallel hash before the current hash to reduce the size of current hash input. Otherwise, the parallel hash effect is compressing the size of FmpAuthentication input and the use of MP Services is the inseparable part of this algorithm. It’s a new hash algorithm. So it should not move to FmpAuthenticationLib. 1. Why we cannot do it inside of AuthenticateFmpImage? Because of more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist), if we do the parallel hash inside of AuthenticateFmpImage(Denylist auth), we have to do another parallel hash for Allowlist’s AuthenticateFmpImage. It’s repeat operation. Poc code in branch named dev/sfu5/parallel_hash_ossl The verify flow is: ImageParaHash = ParallelHash-256 (Image) PKCS7_Verify (PublicKey, ImageParaHash) In FmpAuthenticationLibPkcs7 ,the parameter Output of FmpAuthenticatedHandlerPkcs7WithParallelhash is image digest. It replace the original image. FmpAuthenticatedHandlerPkcs7WithParallelhash ( IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, IN UINTN ImageSize, IN CONST UINT8*PublicKeyData, IN UINTN PublicKeyDataLength, IN UINT8 *Output ) { RETURN_STATUS Status; BOOLEAN CryptoStatus; VOID *P7Data; UINTN P7Length; VOID *TempBuffer; UINTN PayloadHeaderSize = 69; UINTN ParallelhashSize = 64; P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)); P7Data = Image->AuthInfo.CertData; // It is a signature across the variable data and the Monotonic Count value. TempBuffer = AllocatePool(sizeof(Image->MonotonicCount) + ParallelhashSize + PayloadHeaderSize); CopyMem( (UINT8 *)TempBuffer, (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, PayloadHeaderSize ); CopyMem( (UINT8 *)TempBuffer + PayloadHeaderSize, Output, ParallelhashSize ); CopyMem( (UINT8 *)TempBuffer + PayloadHeaderSize + ParallelhashSize, >MonotonicCount, sizeof(Image->MonotonicCount) ); CryptoStatus = Pkcs7Verify( P7Data, P7Length, PublicKeyData, PublicKeyDataLength, (UINT8 *)TempBuffer, PayloadHeaderSize + ParallelhashSize + sizeof(Image->MonotonicCount) ); FreePool(TempBuffer); From: Yao, Jiewen Sent: Friday, September 3, 2021 9:02 AM To: Andrew Fish ; edk2-devel-groups-io ; Kinney, Michael D Cc: Li, Zhihao ; Wang, Jian J ; Wu, Hao A ; Lu, XiaoyuX ; Jiang, Guomin ; gaolim...@byosoft.com.cn; Fu, Siyuan ; Wu, Yidong ; Li, Aaron Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. Hi Comment on 2/3. I am not sure if the a new function AuthenticateFmpImageWithParallelhash() is absolutely necessary. Why you do the parallel hash before authentication and transfer the result to AuthenticateFmpImage? Why we cannot do it inside of AuthenticateFmpImage? Ideally, we hope to hide *algorithm* from *business logic*. Do you have any POC link? Thank you Yao Jiewen From: Andrew Fish mailto:af...@apple.com>> Sent: Friday, September 3, 2021 7:16 AM To: edk2-devel-groups-io mailto:devel@edk2.groups.io>>; Kinney, Michael D mailto:michael.d.kin...@intel.com>> Cc: Li, Zhihao mailto:zhihao...@intel.com>>; Yao, Jiewen mailto:jiewen@intel.com>>; Wang, Jian J mailto:jian.j.w...@intel.com>>; Wu, Hao A mailto:hao.a...@intel.com>>; Lu, XiaoyuX mailto:xiaoyux...@intel.com>>; Jiang, Guomin mailto:guomin.ji...@intel.com>>; gaolim...@byosoft.com.cn<mailto:gaolim...@byosoft.com.cn>; Fu, Siyuan mailto:siyuan...@intel.com>>; Wu, Yidong mailto:yidong...@intel.com>>; Li, Aaron mailto:aaron...@intel.com>> Subject: Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib. On Sep 2, 2021, at 8:50 AM, Michael D Kinney mailto:michael.d.kin...@intel.com>> wrote: Hi Zhihao, Is the result of the parallel hash identical to the current hash? If so, then can we simply have a new instance of the FmpAuthenticationLib and hide the ParallelHash256 digest inside this implementation of this new instance? I do not think BaseCryptLib should depend on CPU MP Services Protocol. Can the use of MP Servi
[edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib
Hi, everyone. We want to add new hash algorithm-cSHAKE256/ParallelHash256 defined by NIST SP 800-185-into BaseCryptLib of CryptoPkg. This feature can be applied for digital authentication functions like Capsule Update. It utilizes multi-processor to calculate the image digest in parallel for update capsule authentication so that lessen the time of capsule authentication. Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3596 [Background] The intention of this change is to improve the capsule authentication performance. Currently, the image is calculated to a hash value (usually by SHA-256), then the hash value be signed by a certificate. The header, certificate, and image binary be sealed to the capsule. In authentication phase, the program should calculate the hash using image binary in capsule and then perform authentication procedures. [Proposal] Now, we propose a new authentication flow, which firstly pre-calculates the ParallelHash256 digest of the image binary in parallel with multi-processors, then use the ParallelHash256 digest (instead of original image binary) in subsequent SHA-256 hash for sign/authentication. Since the big size image be compressed to the ParallelHash256 digest that only have 256 bytes, the time of SHA-256 running would be less. [Required Changes] Mainly in CryptoPkg, MdeModulePkg, SecurityPkg: 1. CryptoPkg: need to add the new hash algorithm named cSHAKE256/ParallelHash256 in BaseCrypLib. The ParallelHash function will consume CPU MP Service Protocol, not sure if this is allowed in BaseCryptLib? 2. MdeMoudulePkg: Add new authenticate function AuthenticateFmpImageWithParallelhash() to FmpAuthenticationLib. This is because original AuthenticateFmpImage() interface only have 4 parameters while the new have 5 parameters. The 5th parameter is ParallelHash256 digest raised above. We try to do the parallel hash before authentication and transfer the result to AuthenticateFmpImage function as parameter. So that we can do only once parallel hash externally in the case of multiple authentication which saves more time. 3. SecurityPkg: Add new function named FmpAuthenticatedHandlerPkcs7WithParallelhash() and AuthenticateFmpImageWithParallelhash() to FmpAuthenticationLibPkcs7. This is because original interfaces not have the formal parameter (ParallelHash256 digest) we need. We try to do the parallel hash before authentication and transfer the result to AuthenticateFmpImage and FmpAuthenticatedHandlerPkcs7 function as parameter. So that we can do only once parallel hash externally in the case of multiple authentication which saves more time. Please let me know if you have any comment or concern on this proposed change. Thanks for your time and feedback! Best regards, Zhihao -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80162): https://edk2.groups.io/g/devel/message/80162 Mute This Topic: https://groups.io/mt/85329270/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-