Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

The GCC build fails with this error:

`OPENSSL_ia32cap_P' referenced in section `.text.OPENSSL_cpuid_setup' of 
/tmp/ccIIRAYs.ltrans20.ltrans.o: defined in discarded section `COMMON' of 
/mnt/c/mssql/tiano/Build/OvmfX64/DEBUG_GCC5/X64/CryptoPkg/Library/OpensslLib/OpensslLibX64/OUTPUT/OpensslLibX64.lib(x86_64cpuid.obj)

The code in question is here:
> section .CRT$XCU rdata align=8
> DQ  OPENSSL_cpuid_setup
>
> common  OPENSSL_ia32cap_P 16

I have tried disabling LTO with -fno-lto and setting -O0 but I still get this 
error. At this point I don't know what else to try.

Thanks,
Christopher Zurcher

> -Original Message-
> From: Yao, Jiewen 
> Sent: Tuesday, September 22, 2020 19:35
> To: Zurcher, Christopher J ; Jiang, Guomin
> ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Ard Biesheuvel 
> Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> instruction support for X64
> 
> For GCC, please refer to
> https://github.com/tianocore/tianocore.github.io/wiki/Using-EDK-II-with-
> Native-GCC
> 
> For LLVM, please refer to
> https://github.com/tianocore/tianocore.github.io/wiki/CLANG9-Tools-Chain
> 
> Thank you
> Yao Jiewen
> 
> > -Original Message-
> > From: Zurcher, Christopher J 
> > Sent: Tuesday, September 22, 2020 11:22 PM
> > To: Jiang, Guomin ; devel@edk2.groups.io; Yao,
> > Jiewen 
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> ;
> > Ard Biesheuvel 
> > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > instruction support for X64
> >
> > I have unit tested SHA1, SHA512, and AES as well.
> > I do not have the build environment available to test GCC and LLVM.
> >
> > --
> > Christopher Zurcher
> >
> > > -Original Message-
> > > From: Jiang, Guomin 
> > > Sent: Wednesday, September 16, 2020 02:17
> > > To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher,
> > > Christopher J 
> > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ;
> > > Ard Biesheuvel 
> > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > > instruction support for X64
> > >
> > > Hi Zurcher,
> > >
> > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think
> > > those
> > > > need unit test for them too.
> > >
> > > Can you update the status about it?
> > >
> > > > [Jiewen] I think we need support build with GCC and LLVM, and with X64.
> > >
> > > It is better to support the GCC and LLVM.
> > >
> > > Thanks
> > > Guomin
> > >
> > > > -Original Message-
> > > > From: devel@edk2.groups.io  On Behalf Of Yao,
> > > > Jiewen
> > > > Sent: Tuesday, August 25, 2020 7:36 AM
> > > > To: Zurcher, Christopher J ;
> > > > devel@edk2.groups.io
> > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > > ; Ard Biesheuvel 
> > > > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> native
> > > > instruction support for X64
> > > >
> > > > Below:
> > > >
> > > > > -Original Message-
> > > > > From: Zurcher, Christopher J 
> > > > > Sent: Tuesday, August 25, 2020 5:26 AM
> > > > > To: devel@edk2.groups.io; Zurcher, Christopher J
> > > > > ; Yao, Jiewen 
> > > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > > ;
> > > > > Ard Biesheuvel 
> > > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> native
> > > > > instruction support for X64
> > > > >
> > > > > 1) I have confirmed that the ApiHooks.c file is still required even
> > > without
> > > > the AVX
> > > > > instructions included. The x86_64 assembly files in OpenSSL set a
> flag
> > > called
> > > > > $win64 and automatically include calls to the RtlVirtualUnwind
> function
> > > if
> > > > NASM
> > > > > is selected as the assembler scheme.
> > > > >
> > > > > https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-
> > > > > rtlvirtualunwind
> > > > >
> > > > > I have submitted an issue against OpenSSL since I don't think using
> the
> > > > NASM
> > > > > assembler should force the inclusion of Windows-specific API hooks,
> but
> > > > that
> > &

Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

I've discovered the failure was because CryptoPkg includes its own stddef.h 
which is a wrapper for CrtLibSupport.h
I have added the required definitions to this file and have resolved the error:
typedef INTN   ptrdiff_t;
typedef UINT32 wchar_t;

Thanks,
Christopher Zurcher

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of gaoliming
> Sent: Thursday, September 24, 2020 17:49
> To: devel@edk2.groups.io; Zurcher, Christopher J
> ; Yao, Jiewen ; Jiang,
> Guomin 
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> 'Ard Biesheuvel' 
> Subject: 回复: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> instruction support for X64
> 
> Zurcher:
>   Can you specify the detail build step to reproduce the build error with
> CLANGPDB tool chain?
> 
> Thanks
> Liming
> > -邮件原件-
> > 发件人: bounce+27952+65588+4905953+8761...@groups.io
> >  代表 Zurcher,
> > Christopher J
> > 发送时间: 2020年9月25日 8:28
> > 收件人: Yao, Jiewen ; Jiang, Guomin
> > ; devel@edk2.groups.io
> > 抄送: Wang, Jian J ; Lu, XiaoyuX
> > ; Ard Biesheuvel 
> > 主题: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > instruction support for X64
> >
> > I was able to successfully build and run the non-optimized code with LLVM,
> > but the optimized version returns this error during build:
> >
> > C:\Program Files\LLVM\lib\clang\9.0.0\include\stdatomic.h:91:17: error:
> > unknown type name 'wchar_t'
> > typedef _Atomic(wchar_t)atomic_wchar_t;
> >
> > Is there a known build issue with CLANGPDB and the stdatomic.h file?
> >
> > Thanks,
> > Christopher Zurcher
> >
> > > -Original Message-
> > > From: Yao, Jiewen 
> > > Sent: Tuesday, September 22, 2020 19:35
> > > To: Zurcher, Christopher J ; Jiang,
> Guomin
> > > ; devel@edk2.groups.io
> > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ;
> > > Ard Biesheuvel 
> > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> native
> > > instruction support for X64
> > >
> > > For GCC, please refer to
> > > https://github.com/tianocore/tianocore.github.io/wiki/Using-EDK-II-with-
> > > Native-GCC
> > >
> > > For LLVM, please refer to
> > > https://github.com/tianocore/tianocore.github.io/wiki/CLANG9-Tools-Chain
> > >
> > > Thank you
> > > Yao Jiewen
> > >
> > > > -Original Message-
> > > > From: Zurcher, Christopher J 
> > > > Sent: Tuesday, September 22, 2020 11:22 PM
> > > > To: Jiang, Guomin ; devel@edk2.groups.io; Yao,
> > > > Jiewen 
> > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > ;
> > > > Ard Biesheuvel 
> > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> > native
> > > > instruction support for X64
> > > >
> > > > I have unit tested SHA1, SHA512, and AES as well.
> > > > I do not have the build environment available to test GCC and LLVM.
> > > >
> > > > --
> > > > Christopher Zurcher
> > > >
> > > > > -Original Message-
> > > > > From: Jiang, Guomin 
> > > > > Sent: Wednesday, September 16, 2020 02:17
> > > > > To: devel@edk2.groups.io; Yao, Jiewen ;
> > Zurcher,
> > > > > Christopher J 
> > > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > > ;
> > > > > Ard Biesheuvel 
> > > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> > native
> > > > > instruction support for X64
> > > > >
> > > > > Hi Zurcher,
> > > > >
> > > > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I
> think
> > > > > those
> > > > > > need unit test for them too.
> > > > >
> > > > > Can you update the status about it?
> > > > >
> > > > > > [Jiewen] I think we need support build with GCC and LLVM, and with
> > X64.
> > > > >
> > > > > It is better to support the GCC and LLVM.
> > > > >
> > > > > Thanks
> > > > > Guomin
> > > > >
> > > > > > -Original Message-
> > > > > > From: devel@edk2.groups.io  On Behalf Of
> > Yao,
> > > > > > Jiewen
> > > > > > Sent: Tuesday, August 25, 2020 7:36 AM
> > > > > > T

Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

I was able to successfully build and run the non-optimized code with LLVM, but 
the optimized version returns this error during build:

C:\Program Files\LLVM\lib\clang\9.0.0\include\stdatomic.h:91:17: error: unknown 
type name 'wchar_t'
typedef _Atomic(wchar_t)atomic_wchar_t;

Is there a known build issue with CLANGPDB and the stdatomic.h file?

Thanks,
Christopher Zurcher

> -Original Message-
> From: Yao, Jiewen 
> Sent: Tuesday, September 22, 2020 19:35
> To: Zurcher, Christopher J ; Jiang, Guomin
> ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Ard Biesheuvel 
> Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> instruction support for X64
> 
> For GCC, please refer to
> https://github.com/tianocore/tianocore.github.io/wiki/Using-EDK-II-with-
> Native-GCC
> 
> For LLVM, please refer to
> https://github.com/tianocore/tianocore.github.io/wiki/CLANG9-Tools-Chain
> 
> Thank you
> Yao Jiewen
> 
> > -Original Message-
> > From: Zurcher, Christopher J 
> > Sent: Tuesday, September 22, 2020 11:22 PM
> > To: Jiang, Guomin ; devel@edk2.groups.io; Yao,
> > Jiewen 
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> ;
> > Ard Biesheuvel 
> > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > instruction support for X64
> >
> > I have unit tested SHA1, SHA512, and AES as well.
> > I do not have the build environment available to test GCC and LLVM.
> >
> > --
> > Christopher Zurcher
> >
> > > -Original Message-
> > > From: Jiang, Guomin 
> > > Sent: Wednesday, September 16, 2020 02:17
> > > To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher,
> > > Christopher J 
> > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ;
> > > Ard Biesheuvel 
> > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > > instruction support for X64
> > >
> > > Hi Zurcher,
> > >
> > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think
> > > those
> > > > need unit test for them too.
> > >
> > > Can you update the status about it?
> > >
> > > > [Jiewen] I think we need support build with GCC and LLVM, and with X64.
> > >
> > > It is better to support the GCC and LLVM.
> > >
> > > Thanks
> > > Guomin
> > >
> > > > -Original Message-
> > > > From: devel@edk2.groups.io  On Behalf Of Yao,
> > > > Jiewen
> > > > Sent: Tuesday, August 25, 2020 7:36 AM
> > > > To: Zurcher, Christopher J ;
> > > > devel@edk2.groups.io
> > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > > ; Ard Biesheuvel 
> > > > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> native
> > > > instruction support for X64
> > > >
> > > > Below:
> > > >
> > > > > -Original Message-
> > > > > From: Zurcher, Christopher J 
> > > > > Sent: Tuesday, August 25, 2020 5:26 AM
> > > > > To: devel@edk2.groups.io; Zurcher, Christopher J
> > > > > ; Yao, Jiewen 
> > > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > > ;
> > > > > Ard Biesheuvel 
> > > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> native
> > > > > instruction support for X64
> > > > >
> > > > > 1) I have confirmed that the ApiHooks.c file is still required even
> > > without
> > > > the AVX
> > > > > instructions included. The x86_64 assembly files in OpenSSL set a
> flag
> > > called
> > > > > $win64 and automatically include calls to the RtlVirtualUnwind
> function
> > > if
> > > > NASM
> > > > > is selected as the assembler scheme.
> > > > >
> > > > > https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-
> > > > > rtlvirtualunwind
> > > > >
> > > > > I have submitted an issue against OpenSSL since I don't think using
> the
> > > > NASM
> > > > > assembler should force the inclusion of Windows-specific API hooks,
> but
> > > > that
> > > > > change cannot be made in OpenSSL 1.1.1 and we will have to wait for
> > > > OpenSSL 3
> > > > > or later to remove the stub function.
> > > > >
> > > > > https://github.com/openssl/openssl/issues/12712

Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

I have unit tested SHA1, SHA512, and AES as well.
I do not have the build environment available to test GCC and LLVM.

--
Christopher Zurcher

> -Original Message-
> From: Jiang, Guomin 
> Sent: Wednesday, September 16, 2020 02:17
> To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher,
> Christopher J 
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Ard Biesheuvel 
> Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> instruction support for X64
> 
> Hi Zurcher,
> 
> > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think
> those
> > need unit test for them too.
> 
> Can you update the status about it?
> 
> > [Jiewen] I think we need support build with GCC and LLVM, and with X64.
> 
> It is better to support the GCC and LLVM.
> 
> Thanks
> Guomin
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Yao,
> > Jiewen
> > Sent: Tuesday, August 25, 2020 7:36 AM
> > To: Zurcher, Christopher J ;
> > devel@edk2.groups.io
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ; Ard Biesheuvel 
> > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > instruction support for X64
> >
> > Below:
> >
> > > -Original Message-
> > > From: Zurcher, Christopher J 
> > > Sent: Tuesday, August 25, 2020 5:26 AM
> > > To: devel@edk2.groups.io; Zurcher, Christopher J
> > > ; Yao, Jiewen 
> > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ;
> > > Ard Biesheuvel 
> > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > > instruction support for X64
> > >
> > > 1) I have confirmed that the ApiHooks.c file is still required even
> without
> > the AVX
> > > instructions included. The x86_64 assembly files in OpenSSL set a flag
> called
> > > $win64 and automatically include calls to the RtlVirtualUnwind function
> if
> > NASM
> > > is selected as the assembler scheme.
> > >
> > > https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-
> > > rtlvirtualunwind
> > >
> > > I have submitted an issue against OpenSSL since I don't think using the
> > NASM
> > > assembler should force the inclusion of Windows-specific API hooks, but
> > that
> > > change cannot be made in OpenSSL 1.1.1 and we will have to wait for
> > OpenSSL 3
> > > or later to remove the stub function.
> > >
> > > https://github.com/openssl/openssl/issues/12712
> > >
> >
> > [Jiewen] Thanks.
> >
> > > 2) So far I have only built with VS.
> > >
> >
> > [Jiewen] I think we need support build with GCC and LLVM, and with X64.
> >
> >
> > > 3) The X64 SHA256 implementation was successfully exercised across a
> > large
> > > number of devices in a production environment as a verification step in a
> > multi-
> > > GB data transfer scenario.
> > >
> >
> > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think
> those
> > need unit test for them too.
> >
> >
> > > Thanks,
> > > Christopher Zurcher
> > >
> > > > -Original Message-
> > > > From: devel@edk2.groups.io  On Behalf Of
> > Zurcher,
> > > > Christopher J
> > > > Sent: Tuesday, August 18, 2020 15:50
> > > > To: Yao, Jiewen ; devel@edk2.groups.io
> > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > ;
> > > > Ard Biesheuvel 
> > > > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
> > native
> > > > instruction support for X64
> > > >
> > > > After further review, the ApiHooks.c file may no longer be needed since
> > we
> > > > are no longer including the AVX instructions. I will look over the
> > > > dependencies and send a new patch set if I can eliminate the API hooks
> > file.
> > > >
> > > > Thanks,
> > > > Christopher Zurcher
> > > >
> > > > > -Original Message-
> > > > > From: Yao, Jiewen 
> > > > > Sent: Thursday, August 13, 2020 08:04
> > > > > To: Zurcher, Christopher J ;
> > > > > devel@edk2.groups.io
> > > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > > ;
> > > > > Ard Biesheuvel 
> > > > > Subject: RE: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> > instruction
> > > > > support for X64
&

Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

OK, abandoning this patch set.

The BZ can stay open as we will still have to migrate the existing files to EVP 
eventually.

--
Christopher Zurcher

> -Original Message-
> From: Yao, Jiewen 
> Sent: Wednesday, September 16, 2020 18:34
> To: Zurcher, Christopher J ; Laszlo Ersek 
> ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Lu, XiaoyuX 
> Subject: RE: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP 
> (Envelope) Digest interface
> 
> Thanks to ask this question Christopher.
> 
> When we create the CryptoPkg, our goal is to pick openssl as implementation 
> choice. We don’t want to mandate any
> EDKII consumer use openssl.
> 
> The EDKII consumer shall have freedom to choose whatever crypto library they 
> want to use. Even Intel IPP and mebdTLS
> are options. A vendor may choose a GPL wolfssl, or vendor proprietary close 
> source implementation. We choose openssl
> just because it is the BSD license and it is used widely when we make 
> decision.
> 
> That is why we spend effort to design BaseCryptoLib API to abstract the 
> crypto action, instead of calling openssl
> function directly in our code.
> Whenever we add new API, we need evaluate if it is applicable for any other 
> crypto implantation and have negative
> impact.
> 
> That assumption that EDKII must link openssl is NOT our original intent.
> Feel free to drop the patch or reject the Bugzilla, if you want.
> 
> Thank you
> Yao Jiewen
> 
> > -Original Message-
> > From: Zurcher, Christopher J 
> > Sent: Thursday, September 17, 2020 9:21 AM
> > To: Laszlo Ersek ; Yao, Jiewen ;
> > devel@edk2.groups.io
> > Cc: Wang, Jian J ; Lu, XiaoyuX 
> > Subject: RE: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP
> > (Envelope) Digest interface
> >
> > Jiewen,
> >
> > This patch set assumes that EDK2 is linked with OpenSSL for the foreseeable
> > future. The end goal would be to move all applicable Crypto access to the 
> > EVP
> > interface and remove the individual modules we maintain for each algorithm.
> > The primary benefit here is reducing complexity and code duplication. 
> > Without
> > this end goal, this patch set will not be particularly useful.
> >
> > If the design goal of BaseCryptLib is to allow OpenSSL to be replaced by 
> > other
> > crypto providers, I should abandon this patch set, and we can save the EVP
> > transition for when moving to OpenSSL 3 becomes mandatory. At that time, the
> > CryptX.c family can be modified to call EVP functions.
> > (This could even be done transparently, by returning UINTN from 
> > GetContextSize
> > and using the user-supplied "context" to store the OpenSSL-supplied context
> > pointer.)
> > Delaying EVP adoption in this case would also allow more time for platforms 
> > to
> > adopt the Crypto Services model, which should help offset the size impact.
> >
> > Please let me know which path should be taken.
> >
> > Thanks,
> > Christopher Zurcher
> >
> > > -Original Message-
> > > From: Laszlo Ersek 
> > > Sent: Wednesday, September 16, 2020 09:05
> > > To: Yao, Jiewen ; devel@edk2.groups.io; Zurcher,
> > Christopher J
> > > 
> > > Cc: Wang, Jian J ; Lu, XiaoyuX 
> > > 
> > > Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP
> > (Envelope) Digest interface
> > >
> > > On 09/16/20 16:17, Yao, Jiewen wrote:
> > > > Thank you Laszlo.
> > > > You forced me to read the code again and more carefully. :-)
> > > >
> > > > I believe I understand why you use NULL to free the context now - to 
> > > > support
> > error path.
> > > >
> > > > First, I did have some new thought for EVP API. Let’s consider 3 cases, 
> > > > 1)
> > Hash all data one time, 2) Hash update
> > > data multiple times, 3) Error during update.
> > > >
> > > > A. In current design, the API sequence is:
> > > > 1) EvpMdHashAll (Digest)
> > > > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest)
> > > > 3) EvpMdInit, EvpMdUpdate->ERROR, EvpMdFinal (NULL)
> > > >
> > > > B. We can auto free context in EvpMdUpdate in error path  - the API
> > sequence is:
> > > > 1) EvpMdHashAll (Digest)
> > > > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest)
> > > > 3) EvpMdInit, EvpMdUpdate->ERROR
> > >
> > > I don't like "B" because in the loop body 

Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

Jiewen,

This patch set assumes that EDK2 is linked with OpenSSL for the foreseeable 
future. The end goal would be to move all applicable Crypto access to the EVP 
interface and remove the individual modules we maintain for each algorithm. The 
primary benefit here is reducing complexity and code duplication. Without this 
end goal, this patch set will not be particularly useful.

If the design goal of BaseCryptLib is to allow OpenSSL to be replaced by other 
crypto providers, I should abandon this patch set, and we can save the EVP 
transition for when moving to OpenSSL 3 becomes mandatory. At that time, the 
CryptX.c family can be modified to call EVP functions.
(This could even be done transparently, by returning UINTN from GetContextSize 
and using the user-supplied "context" to store the OpenSSL-supplied context 
pointer.)
Delaying EVP adoption in this case would also allow more time for platforms to 
adopt the Crypto Services model, which should help offset the size impact.

Please let me know which path should be taken.

Thanks,
Christopher Zurcher

> -Original Message-
> From: Laszlo Ersek 
> Sent: Wednesday, September 16, 2020 09:05
> To: Yao, Jiewen ; devel@edk2.groups.io; Zurcher, 
> Christopher J
> 
> Cc: Wang, Jian J ; Lu, XiaoyuX 
> Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP 
> (Envelope) Digest interface
> 
> On 09/16/20 16:17, Yao, Jiewen wrote:
> > Thank you Laszlo.
> > You forced me to read the code again and more carefully. :-)
> >
> > I believe I understand why you use NULL to free the context now - to 
> > support error path.
> >
> > First, I did have some new thought for EVP API. Let’s consider 3 cases, 1) 
> > Hash all data one time, 2) Hash update
> data multiple times, 3) Error during update.
> >
> > A. In current design, the API sequence is:
> > 1) EvpMdHashAll (Digest)
> > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest)
> > 3) EvpMdInit, EvpMdUpdate->ERROR, EvpMdFinal (NULL)
> >
> > B. We can auto free context in EvpMdUpdate in error path  - the API 
> > sequence is:
> > 1) EvpMdHashAll (Digest)
> > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest)
> > 3) EvpMdInit, EvpMdUpdate->ERROR
> 
> I don't like "B" because in the loop body where you call EvpMdUpdate(),
> you may encounter an error from a different source than EvpMdUpdate()
> itself. For example, you may be reading data from the network or a disk
> file. If fetching the next chunk fails, we'd still want to clean up the
> EVP MD context. Therefore, if EvpMdUpdate() would itself invalidate the
> context, if it failed, then that would *complicate* the error path. (=
> Clean up the context after the loop body *only* if something different
> from EvpMdUpdate() failed.)
> 
> >
> > C: We can use New/Free style - similar to HMAC
> > 1) EvpMdHashAll (Digest)
> > 2) EvpMdNew, EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal 
> > (Digest), EvpMdFree
> > 3) EvpMdNew, EvpMdInit, EvpMdUpdate->ERROR, EvpMdFree
> 
> Yes, this was the first pattern, the one that caused me to say "please
> don't do this". In this pattern, the context may exist between "New" and
> "Init", and also between "Final" and "Free". Those two states are
> useless and only good for causing confusion.
> 
> For example, are you allowed to Duplicate a context in those states?
> It's best to prevent even the *asking* of that question.
> 
> >
> > I checked below APIs:
> > 1) openssl (EVP_MD_CTX_new, EVP_DigestInit_ex, EVP_DigestUpdate, 
> > EVP_DigestFinal_ex, EVP_MD_CTX_free)
> > 2) mbedtls (mbedtls_sha256_init, mbedtls_sha256_starts_ret, 
> > mbedtls_sha256_update_ret, mbedtls_sha256_finish_ret,
> mbedtls_sha256_free)
> > 3) BaseCryptoLib HMAC (HmacSha256New, HmacSha256SetKey, HmacSha256Update, 
> > HmacSha256Final, HmacSha256Free)
> >
> > All APIs include free function to free the context, I don’t think it is a 
> > bad idea to have EvpMdFree() API.
> > I would like to propose option - C.
> 
> - I cannot comment on mbedtls (2).
> 
> - I think the current BaseCryptLib HMAC APIs (3) are not great, and we
> should use this opportunity to improve upon them.
> 
> - Regarding openssl (1), as I understand it, the situation is different
> from edk2. In OpenSSL, EVP_MD_CTX is *not* an opaque type (expressed in
> C language terms, it is not an "incomplete" type, but a "complete"
> type). Therefore, an expression such as sizeof(EVP_MD_CTX) works.
> 
> The consequence is that OpenSSL code itself can use the following style:
> 
> void func(void)
> {

[edk2-devel] [PATCH v3 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

V3 changes:
Added list of valid Digest Names to EvpMdInit() header
Added missing copy of CryptEvpMdNull.c in BaseCryptLibNull folder

V2 changes:
Added NullLib implementation
Added Crypto Service implementation
Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions
Removed unnecessary casts
Added "HashAll" utility function
Merged "New" and "Init" functions as well as "Final" and "Free" functions
  Retained "Init/Update/Final" naming instead of "New/Update/Free" as this
  conforms with common usage

Low-level interfaces to message digest (hash) functions have been deprecated
in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
be replaced by EVP inteface calls.

References:
  https://www.openssl.org/docs/manmaster/man7/evp.html
  https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 

Christopher J Zurcher (3):
  CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
  CryptoPkg: Add EVP to Crypto Service driver interface
  SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP
interface

 CryptoPkg/CryptoPkg.dsc |   3 +
 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf |   1 +
 CryptoPkg/Include/Library/BaseCryptLib.h| 129 
 CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h|  10 +
 CryptoPkg/Private/Protocol/Crypto.h | 131 
 SecurityPkg/Hash2DxeCrypto/Driver.h |   1 -
 CryptoPkg/Driver/Crypto.c   | 152 -
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257 +++
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 
 CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c  | 144 
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 
++--
 16 files changed, 1117 insertions(+), 316 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c

-- 
2.28.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#65291): https://edk2.groups.io/g/devel/message/65291
Mute This Topic: https://groups.io/mt/76878641/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 3/3] SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Signed-off-by: Christopher J Zurcher 
---
 SecurityPkg/Hash2DxeCrypto/Driver.h |   1 -
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++--
 2 files changed, 31 insertions(+), 315 deletions(-)

diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.h 
b/SecurityPkg/Hash2DxeCrypto/Driver.h
index 7b8996912a..ac811b3977 100644
--- a/SecurityPkg/Hash2DxeCrypto/Driver.h
+++ b/SecurityPkg/Hash2DxeCrypto/Driver.h
@@ -50,7 +50,6 @@ typedef struct {
   LIST_ENTRY   InstEntry;
   EFI_HASH2_PROTOCOL   Hash2Protocol;
   VOID *HashContext;
-  VOID *HashInfoContext;
   BOOLEAN  Updated;
 } HASH2_INSTANCE_DATA;
 
diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c 
b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
index d96bc136e2..f31bc79f04 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
@@ -2,7 +2,7 @@
   This module implements Hash2 Protocol.
 
 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -18,241 +18,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #include "Driver.h"
 
-/**
-  Retrieves the size, in bytes, of the context buffer required for hash 
operations.
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for hash 
operations.
-  @retval  0   This interface is not supported.
-
-**/
-typedef
-UINTN
-(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) (
-  VOID
-  );
-
-/**
-  Initializes user-supplied memory pointed by Sha1Context as hash context for
-  subsequent use.
-
-  If HashContext is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[out]  HashContext  Pointer to Hashcontext being initialized.
-
-  @retval TRUE   Hash context initialization succeeded.
-  @retval FALSE  Hash context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_INIT) (
-  OUT  VOID  *HashContext
-  );
-
-/**
-  Digests the input data and updates Hash context.
-
-  This function performs Hash digest on a data buffer of the specified size.
-  It can be called multiple times to compute the digest of long or 
discontinuous data streams.
-  Hash context should be already correctly initialized by HashInit(), and 
should not be finalized
-  by HashFinal(). Behavior with invalid context is undefined.
-
-  If HashContext is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HashContext  Pointer to the Hash context.
-  @param[in]   Data Pointer to the buffer containing the data to 
be hashed.
-  @param[in]   DataSize Size of Data buffer in bytes.
-
-  @retval TRUE   SHA-1 data digest succeeded.
-  @retval FALSE  SHA-1 data digest failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_UPDATE) (
-  IN OUT  VOID*HashContext,
-  IN  CONST VOID  *Data,
-  IN  UINTN   DataSize
-  );
-
-/**
-  Completes computation of the Hash digest value.
-
-  This function completes hash computation and retrieves the digest value into
-  the specified memory. After this function has been called, the Hash context 
cannot
-  be used again.
-  Hash context should be already correctly initialized by HashInit(), and 
should not be
-  finalized by HashFinal(). Behavior with invalid Hash context is undefined.
-
-  If HashContext is NULL, then return FALSE.
-  If HashValue is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HashContext  Pointer to the Hash context.
-  @param[out]  HashValuePointer to a buffer that receives the Hash 
digest
-value.
-
-  @retval TRUE   Hash digest computation succeeded.
-  @retval FALSE  Hash digest computation failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_FINAL) (
-  IN OUT  VOID   *HashContext,
-  OUT UINT8  *HashValue
-  );
-
 typedef struct {
-  EFI_GUID   *Guid;
-  UINT32 HashSize;
-  EFI_HASH_GET_CONTEXT_SIZE  GetContextSize;
-  EFI_HASH_INIT  Init;
-  EFI_HASH_UPDATEUpdate;
-  EFI_HASH_FINAL Final;
+  EFI_GUID  *Guid;
+  UINT32HashSize;
+  CONST CHAR8   *DigestName;
 } EFI_HASH_INFO;
 
 EFI_HASH_INFO  mHashInfo[] = {
-  {, sizeof(EFI_MD5_HASH2),Md5GetContextSize, 
   Md5Init,Md5Update,Md5Final  },
-  {,sizeof(EFI_SHA1_HASH2),   

[edk2-devel] [PATCH v3 2/3] CryptoPkg: Add EVP to Crypto Service driver interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/CryptoPkg.dsc|   3 +
 CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h   |  10 ++
 CryptoPkg/Private/Protocol/Crypto.h| 131 +
 CryptoPkg/Driver/Crypto.c  | 152 
+++-
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 144 
+++
 5 files changed, 439 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 1af78468a1..af3fceb99f 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -159,6 +159,7 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family  
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family   
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family   
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
 !endif
 
 !if $(CRYPTO_SERVICES) == MIN_PEI
@@ -173,6 +174,7 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free   
| TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey 
| TRUE
   
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword
 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
 !endif
 
 !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
@@ -203,6 +205,7 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init   
 | TRUE
   
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt
  | TRUE
   
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt
  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
 !endif
 
 
###
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h 
b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 44fb0262f4..b79c98d679 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -288,6 +288,16 @@ typedef struct {
 } Services;
 UINT32Family;
   } TlsGet;
+  union {
+struct {
+  UINT8  Init:1;
+  UINT8  Duplicate:1;
+  UINT8  Update:1;
+  UINT8  Final:1;
+  UINT8  HashAll:1;
+} Services;
+UINT32Family;
+  } EvpMd;
 } PCD_CRYPTO_SERVICE_FAMILY_ENABLE;
 
 #endif
diff --git a/CryptoPkg/Private/Protocol/Crypto.h 
b/CryptoPkg/Private/Protocol/Crypto.h
index c399e0d67a..a3dffc0ce0 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -3434,6 +3434,131 @@ EFI_STATUS
   IN OUT UINTN*DataSize
   );
 
+/**
+  Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+  If DigestName is NULL, then return FALSE.
+
+  @param[in]DigestNamePointer to the digest name as a NULL-terminated 
ASCII string.
+  Valid digest names are:
+  MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+  SHA3-224, SHA3-256, SHA3-384, SHA3-512
+  SM3
+
+  @return  Pointer to the EVP_MD_CTX context that has been allocated and 
initialized.
+   If DigestName is invalid, returns NULL.
+   If the allocations fails, returns NULL.
+   If initialization fails, returns NULL.
+
+**/
+typedef
+VOID *
+(EFIAPI* EDKII_CRYPTO_EVPMD_INIT)(
+  IN  CONST CHAR8   *DigestName
+  );
+
+/**
+  Makes a copy of an existing EVP_MD context.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If NewEvpMdContext is NULL, then return FALSE.
+
+  @param[in]  EvpMdContext Pointer to EVP_MD context being copied.
+  @param[out] NewEvpMdContext  Pointer to new EVP_MD context.
+
+  @retval TRUE   EVP_MD context copy succeeded.
+  @retval FALSE  EVP_MD context copy failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI* EDKII_CRYPTO_EVPMD_DUPLICATE)(
+  IN  CONST VOID*EvpMdContext,
+  OUT VOID  *NewEvpMdContext
+  );
+
+/**
+  Digests the input data and updates EVP_MD context.
+
+  This function performs EVP digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or 
discontinuous data streams.
+  EVP_MD context should be already correctly 

[edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

The EVP interface should be used in place of discrete digest function
calls.

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf |   1 +
 CryptoPkg/Include/Library/BaseCryptLib.h| 129 ++
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257 

 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 ++
 CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 ++
 9 files changed, 647 insertions(+)

diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 4aae2aba95..3968f29412 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -50,6 +50,7 @@
   Pk/CryptAuthenticode.c
   Pk/CryptTs.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index dc28e3a11d..d0b91716d0 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -57,6 +57,7 @@
   Pk/CryptTsNull.c
   Pem/CryptPemNull.c
   Rand/CryptRandNull.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 5005beed02..9f3accd35b 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -56,6 +56,7 @@
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91ec3e03bf..420623cdc6 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -54,6 +54,7 @@
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf 
b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 689af4fedd..542ac2e2e1 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -50,6 +50,7 @@
   Pk/CryptTsNull.c
   Pem/CryptPemNull.c
   Rand/CryptRandNull.c
+  Evp/CryptEvpMdNull.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index ae9bde9e37..5e1b408b54 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1012,6 +1012,135 @@ HmacSha256Final (
   OUT UINT8  *HmacValue
   );
 
+//=
+//EVP (Envelope) Primitive
+//=
+
+/**
+  Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+  If DigestName is NULL, then return FALSE.
+
+  @param[in]DigestNamePointer to the digest name as a NULL-terminated 
ASCII string.
+  Valid digest names are:
+  MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+  SHA3-224, SHA3-256, SHA3-384, SHA3-512
+  SM3
+
+  @return  Pointer to the EVP_MD_CTX context that has been allocated and 
initialized.
+   If DigestName is invalid, returns NULL.
+   If the allocations fails, returns NULL.
+   If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+  IN  CONST CHAR8   *DigestName
+  );
+
+/**
+  Makes a copy of an existing EVP_MD context.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If NewEvpMdContext is NULL, then return FALSE.
+
+  @param[in]  EvpMdContext Pointer to EVP_MD context being copied.
+  @param[out] NewEvpMdContext  Pointer to new EVP_MD context.
+
+  @retval TRUE   EVP_MD context copy succeeded.
+  @retval FALSE  EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+  IN  CONST VOID*EvpMdContext,
+  OUT VOID  *NewEvpMdContext
+  );
+
+/**
+  Digests the input data and updates EVP_MD context.
+
+  This function performs EVP digest on a data buffer of the specified size.
+  It can be called multiple times to compute 

Re: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

Replies inline

> -Original Message-
> From: Yao, Jiewen 
> Sent: Monday, September 14, 2020 18:22
> To: Zurcher, Christopher J ;
> devel@edk2.groups.io
> Cc: Laszlo Ersek ; Wang, Jian J ;
> Lu, XiaoyuX 
> Subject: RE: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest
> interface
> 
> Hi Zurcher:
> Thanks for your work.
> 1) Please share with us what unit test you have done for all new APIs.

I unit tested both the native and Crypto Service implementations through the 
modified Hash2DxeCrypto protocol.
I tested the Init/Update/Final flow as well as the HashAll function.

> 
> 2) Please add comment on what is the valid DigestName in EvpMdInit().
> Otherwise, people will have no idea on that.

I will add valid options in a comment.
I have to send another patch anyway to add a file in my commit (missed the 
second copy of CryptEvpMdNull.c in the NullLib folder).

> 
> 3) I assume the size will be unchanged if a module does not use the new EVPMD
> API, such as UEFI secure boot, TCG trusted boot. Please double confirm if
> that is right understanding.

Yes, if a module does not call the EVPMD API, it should not grow in size.
The Crypto Service build output CryptoDxe.efi grew less than 1% after enabling 
the EvpMd function family through PcdCryptoServiceFamilyEnable.
I suspect this is because the HmacSha256 Family was already enabled, and inside 
OpenSSL the HMAC functions are wrappers for EVP functions.
So even with library-mode BaseCryptLib, any module that already calls the HMAC 
functions should not see any size change by adding EVP.

> 
> Hi all:
> I would like collect feedback on below:
> -- "I replaced the MD5 and SHAx functions with EVP functions in
> Hash2DxeCrypto, and it grew from ~26k to ~253k."
> 
> If there is negative size impact for the platform BIOS that is using
> Hash2DxeCrypto, please share with the community.

The size change in Hash2DxeCrypto was seen while using the library-mode 
BaseCryptLib implementation, not the Crypto Services driver.
We cannot move to OpenSSL 3 without replacing all low-level algorithm functions 
with EVP calls, so platforms using Hash2DxeCrypto will have to eat the size 
increase eventually.
For platforms using Hash2DxeCrypto, moving to the Crypto Services model should 
help offset this increase.

Thanks,
Christopher Zurcher

> 
> Thank you
> Yao Jiewen
> 
> > -Original Message-
> > From: Christopher J Zurcher 
> > Sent: Tuesday, September 15, 2020 8:58 AM
> > To: devel@edk2.groups.io
> > Cc: Laszlo Ersek ; Yao, Jiewen ;
> > Wang, Jian J ; Lu, XiaoyuX 
> > Subject: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest
> > interface
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545
> >
> > V2 changes:
> > Added NullLib implementation
> > Added Crypto Service implementation
> > Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions
> > Removed unnecessary casts
> > Added "HashAll" utility function
> > Merged "New" and "Init" functions as well as "Final" and "Free" functions
> >   Retained "Init/Update/Final" naming instead of "New/Update/Free" as this
> >   conforms with common usage
> >
> > Low-level interfaces to message digest (hash) functions have been
> deprecated
> > in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
> > low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
> > be replaced by EVP inteface calls.
> >
> > References:
> >   https://www.openssl.org/docs/manmaster/man7/evp.html
> >   https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html
> >
> > Cc: Laszlo Ersek 
> > Cc: Jiewen Yao 
> > Cc: Jian J Wang 
> > Cc: Xiaoyu Lu 
> >
> > Christopher J Zurcher (3):
> >   CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
> >   CryptoPkg: Add EVP to Crypto Service driver interface
> >   SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP
> > interface
> >
> >  CryptoPkg/CryptoPkg.dsc |   3 +
> >  CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf |   1 +
> >  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf  |   1 +
> >  CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf  |   1 +
> >  CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf  |   1 +
> >  CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf |   1 +
> >  CryptoPkg/Include/Library/BaseCryptLib.h| 125 +++
> >  CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h|  10 +
> >  CryptoPkg/Private/Protocol/Crypto.h   

[edk2-devel] [PATCH v2 3/3] SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Signed-off-by: Christopher J Zurcher 
---
 SecurityPkg/Hash2DxeCrypto/Driver.h |   1 -
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++--
 2 files changed, 31 insertions(+), 315 deletions(-)

diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.h 
b/SecurityPkg/Hash2DxeCrypto/Driver.h
index 7b8996912a..ac811b3977 100644
--- a/SecurityPkg/Hash2DxeCrypto/Driver.h
+++ b/SecurityPkg/Hash2DxeCrypto/Driver.h
@@ -50,7 +50,6 @@ typedef struct {
   LIST_ENTRY   InstEntry;
   EFI_HASH2_PROTOCOL   Hash2Protocol;
   VOID *HashContext;
-  VOID *HashInfoContext;
   BOOLEAN  Updated;
 } HASH2_INSTANCE_DATA;
 
diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c 
b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
index d96bc136e2..f31bc79f04 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
@@ -2,7 +2,7 @@
   This module implements Hash2 Protocol.
 
 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -18,241 +18,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #include "Driver.h"
 
-/**
-  Retrieves the size, in bytes, of the context buffer required for hash 
operations.
-
-  If this interface is not supported, then return zero.
-
-  @return  The size, in bytes, of the context buffer required for hash 
operations.
-  @retval  0   This interface is not supported.
-
-**/
-typedef
-UINTN
-(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) (
-  VOID
-  );
-
-/**
-  Initializes user-supplied memory pointed by Sha1Context as hash context for
-  subsequent use.
-
-  If HashContext is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[out]  HashContext  Pointer to Hashcontext being initialized.
-
-  @retval TRUE   Hash context initialization succeeded.
-  @retval FALSE  Hash context initialization failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_INIT) (
-  OUT  VOID  *HashContext
-  );
-
-/**
-  Digests the input data and updates Hash context.
-
-  This function performs Hash digest on a data buffer of the specified size.
-  It can be called multiple times to compute the digest of long or 
discontinuous data streams.
-  Hash context should be already correctly initialized by HashInit(), and 
should not be finalized
-  by HashFinal(). Behavior with invalid context is undefined.
-
-  If HashContext is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HashContext  Pointer to the Hash context.
-  @param[in]   Data Pointer to the buffer containing the data to 
be hashed.
-  @param[in]   DataSize Size of Data buffer in bytes.
-
-  @retval TRUE   SHA-1 data digest succeeded.
-  @retval FALSE  SHA-1 data digest failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_UPDATE) (
-  IN OUT  VOID*HashContext,
-  IN  CONST VOID  *Data,
-  IN  UINTN   DataSize
-  );
-
-/**
-  Completes computation of the Hash digest value.
-
-  This function completes hash computation and retrieves the digest value into
-  the specified memory. After this function has been called, the Hash context 
cannot
-  be used again.
-  Hash context should be already correctly initialized by HashInit(), and 
should not be
-  finalized by HashFinal(). Behavior with invalid Hash context is undefined.
-
-  If HashContext is NULL, then return FALSE.
-  If HashValue is NULL, then return FALSE.
-  If this interface is not supported, then return FALSE.
-
-  @param[in, out]  HashContext  Pointer to the Hash context.
-  @param[out]  HashValuePointer to a buffer that receives the Hash 
digest
-value.
-
-  @retval TRUE   Hash digest computation succeeded.
-  @retval FALSE  Hash digest computation failed.
-  @retval FALSE  This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_FINAL) (
-  IN OUT  VOID   *HashContext,
-  OUT UINT8  *HashValue
-  );
-
 typedef struct {
-  EFI_GUID   *Guid;
-  UINT32 HashSize;
-  EFI_HASH_GET_CONTEXT_SIZE  GetContextSize;
-  EFI_HASH_INIT  Init;
-  EFI_HASH_UPDATEUpdate;
-  EFI_HASH_FINAL Final;
+  EFI_GUID  *Guid;
+  UINT32HashSize;
+  CONST CHAR8   *DigestName;
 } EFI_HASH_INFO;
 
 EFI_HASH_INFO  mHashInfo[] = {
-  {, sizeof(EFI_MD5_HASH2),Md5GetContextSize, 
   Md5Init,Md5Update,Md5Final  },
-  {,sizeof(EFI_SHA1_HASH2),   

[edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

V2 changes:
Added NullLib implementation
Added Crypto Service implementation
Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions
Removed unnecessary casts
Added "HashAll" utility function
Merged "New" and "Init" functions as well as "Final" and "Free" functions
  Retained "Init/Update/Final" naming instead of "New/Update/Free" as this
  conforms with common usage

Low-level interfaces to message digest (hash) functions have been deprecated
in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
be replaced by EVP inteface calls.

References:
  https://www.openssl.org/docs/manmaster/man7/evp.html
  https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 

Christopher J Zurcher (3):
  CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
  CryptoPkg: Add EVP to Crypto Service driver interface
  SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP
interface

 CryptoPkg/CryptoPkg.dsc |   3 +
 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf |   1 +
 CryptoPkg/Include/Library/BaseCryptLib.h| 125 +++
 CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h|  10 +
 CryptoPkg/Private/Protocol/Crypto.h | 127 +++
 SecurityPkg/Hash2DxeCrypto/Driver.h |   1 -
 CryptoPkg/Driver/Crypto.c   | 148 -
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 ++
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 +++
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c  | 140 
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 
++--
 15 files changed, 965 insertions(+), 316 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c

-- 
2.28.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#65236): https://edk2.groups.io/g/devel/message/65236
Mute This Topic: https://groups.io/mt/76856051/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 2/3] CryptoPkg: Add EVP to Crypto Service driver interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/CryptoPkg.dsc|   3 +
 CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h   |  10 ++
 CryptoPkg/Private/Protocol/Crypto.h| 127 +
 CryptoPkg/Driver/Crypto.c  | 148 
+++-
 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 140 ++
 5 files changed, 427 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 1af78468a1..af3fceb99f 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -159,6 +159,7 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family  
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family   
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family   
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
 !endif
 
 !if $(CRYPTO_SERVICES) == MIN_PEI
@@ -173,6 +174,7 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free   
| TRUE
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey 
| TRUE
   
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword
 | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family
| PCD_CRYPTO_SERVICE_ENABLE_FAMILY
 !endif
 
 !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
@@ -203,6 +205,7 @@
   gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init   
 | TRUE
   
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt
  | TRUE
   
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt
  | TRUE
+  gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family
 | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
 !endif
 
 
###
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h 
b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 44fb0262f4..b79c98d679 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -288,6 +288,16 @@ typedef struct {
 } Services;
 UINT32Family;
   } TlsGet;
+  union {
+struct {
+  UINT8  Init:1;
+  UINT8  Duplicate:1;
+  UINT8  Update:1;
+  UINT8  Final:1;
+  UINT8  HashAll:1;
+} Services;
+UINT32Family;
+  } EvpMd;
 } PCD_CRYPTO_SERVICE_FAMILY_ENABLE;
 
 #endif
diff --git a/CryptoPkg/Private/Protocol/Crypto.h 
b/CryptoPkg/Private/Protocol/Crypto.h
index c399e0d67a..84f1bc3f50 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -3434,6 +3434,127 @@ EFI_STATUS
   IN OUT UINTN*DataSize
   );
 
+/**
+  Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+  If DigestName is NULL, then return FALSE.
+
+  @param[in]DigestNamePointer to the digest name.
+
+  @return  Pointer to the EVP_MD_CTX context that has been allocated and 
initialized.
+   If DigestName is invalid, returns NULL.
+   If the allocations fails, returns NULL.
+   If initialization fails, returns NULL.
+
+**/
+typedef
+VOID *
+(EFIAPI* EDKII_CRYPTO_EVPMD_INIT)(
+  IN  CONST CHAR8   *DigestName
+  );
+
+/**
+  Makes a copy of an existing EVP_MD context.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If NewEvpMdContext is NULL, then return FALSE.
+
+  @param[in]  EvpMdContext Pointer to EVP_MD context being copied.
+  @param[out] NewEvpMdContext  Pointer to new EVP_MD context.
+
+  @retval TRUE   EVP_MD context copy succeeded.
+  @retval FALSE  EVP_MD context copy failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI* EDKII_CRYPTO_EVPMD_DUPLICATE)(
+  IN  CONST VOID*EvpMdContext,
+  OUT VOID  *NewEvpMdContext
+  );
+
+/**
+  Digests the input data and updates EVP_MD context.
+
+  This function performs EVP digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or 
discontinuous data streams.
+  EVP_MD context should be already correctly initialized by EvpMdInit(), and 
should not
+  be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If Data is NULL and DataSize is not zero, return FALSE.
+
+  @param[in, out]  EvpMdContext   

[edk2-devel] [PATCH v2 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

The EVP interface should be used in place of discrete digest function
calls.

Cc: Laszlo Ersek 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf  |   1 +
 CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf |   1 +
 CryptoPkg/Include/Library/BaseCryptLib.h| 125 ++
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 

 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 ++
 8 files changed, 507 insertions(+)

diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 4aae2aba95..3968f29412 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -50,6 +50,7 @@
   Pk/CryptAuthenticode.c
   Pk/CryptTs.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index dc28e3a11d..d0b91716d0 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -57,6 +57,7 @@
   Pk/CryptTsNull.c
   Pem/CryptPemNull.c
   Rand/CryptRandNull.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 5005beed02..9f3accd35b 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -56,6 +56,7 @@
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91ec3e03bf..420623cdc6 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -54,6 +54,7 @@
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf 
b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 689af4fedd..542ac2e2e1 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -50,6 +50,7 @@
   Pk/CryptTsNull.c
   Pem/CryptPemNull.c
   Rand/CryptRandNull.c
+  Evp/CryptEvpMdNull.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index ae9bde9e37..a92e5e5766 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1012,6 +1012,131 @@ HmacSha256Final (
   OUT UINT8  *HmacValue
   );
 
+//=
+//EVP (Envelope) Primitive
+//=
+
+/**
+  Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+  If DigestName is NULL, then return FALSE.
+
+  @param[in]DigestNamePointer to the digest name.
+
+  @return  Pointer to the EVP_MD_CTX context that has been allocated and 
initialized.
+   If DigestName is invalid, returns NULL.
+   If the allocations fails, returns NULL.
+   If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+  IN  CONST CHAR8   *DigestName
+  );
+
+/**
+  Makes a copy of an existing EVP_MD context.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If NewEvpMdContext is NULL, then return FALSE.
+
+  @param[in]  EvpMdContext Pointer to EVP_MD context being copied.
+  @param[out] NewEvpMdContext  Pointer to new EVP_MD context.
+
+  @retval TRUE   EVP_MD context copy succeeded.
+  @retval FALSE  EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+  IN  CONST VOID*EvpMdContext,
+  OUT VOID  *NewEvpMdContext
+  );
+
+/**
+  Digests the input data and updates EVP_MD context.
+
+  This function performs EVP digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or 
discontinuous data streams.
+  EVP_MD context should be already correctly initialized by EvpMdInit(), and 
should not
+  be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If Data is NULL and DataSize is not zero, return FALSE.
+
+  @param[in, 

Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

1) I have confirmed that the ApiHooks.c file is still required even without the 
AVX instructions included. The x86_64 assembly files in OpenSSL set a flag 
called $win64 and automatically include calls to the RtlVirtualUnwind function 
if NASM is selected as the assembler scheme.

https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-rtlvirtualunwind

I have submitted an issue against OpenSSL since I don't think using the NASM 
assembler should force the inclusion of Windows-specific API hooks, but that 
change cannot be made in OpenSSL 1.1.1 and we will have to wait for OpenSSL 3 
or later to remove the stub function.

https://github.com/openssl/openssl/issues/12712

2) So far I have only built with VS.

3) The X64 SHA256 implementation was successfully exercised across a large 
number of devices in a production environment as a verification step in a 
multi-GB data transfer scenario.

Thanks,
Christopher Zurcher

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Zurcher,
> Christopher J
> Sent: Tuesday, August 18, 2020 15:50
> To: Yao, Jiewen ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Ard Biesheuvel 
> Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
> instruction support for X64
> 
> After further review, the ApiHooks.c file may no longer be needed since we
> are no longer including the AVX instructions. I will look over the
> dependencies and send a new patch set if I can eliminate the API hooks file.
> 
> Thanks,
> Christopher Zurcher
> 
> > -Original Message-
> > From: Yao, Jiewen 
> > Sent: Thursday, August 13, 2020 08:04
> > To: Zurcher, Christopher J ;
> > devel@edk2.groups.io
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> ;
> > Ard Biesheuvel 
> > Subject: RE: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction
> > support for X64
> >
> > Hi Christopher
> > Thanks.
> >
> > 1) Would you please help me understand more on "ApiHooks.c contains a stub
> > function for a Windows API call" ?
> > Why we need this?
> > If it is compiler specific in openssl, should we submit patch to openssl to
> > exclude this with OPENSSL_SYS_UEFI? That should be a cleaner solution for
> > UEFI.
> >
> > 2) Would you please describe what compiler you have tried? VS? GCC? LLVM?
> >
> > 3) Would you please describe what unit test you have done?
> >
> > Thank you
> > Yao Jiewen
> >
> >
> > > -Original Message-
> > > From: Zurcher, Christopher J 
> > > Sent: Tuesday, August 4, 2020 8:24 AM
> > > To: devel@edk2.groups.io
> > > Cc: Yao, Jiewen ; Wang, Jian J
> > ;
> > > Lu, XiaoyuX ; Ard Biesheuvel
> > 
> > > Subject: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction
> > support
> > > for X64
> > >
> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
> > >
> > > Adding OpensslLibX64.inf and modifying process_files.pl to process this
> > > file and generate the necessary assembly files.
> > > ApiHooks.c contains a stub function for a Windows API call.
> > > uefi-asm.conf contains the limited assembly configurations for OpenSSL.
> > >
> > > Cc: Jiewen Yao 
> > > Cc: Jian J Wang 
> > > Cc: Xiaoyu Lu 
> > > Cc: Ard Biesheuvel 
> > > Signed-off-by: Christopher J Zurcher 
> > > ---
> > >  CryptoPkg/Library/OpensslLib/OpensslLib.inf  |   2 +-
> > >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|   2 +-
> > >  CryptoPkg/Library/OpensslLib/OpensslLibX64.inf   | 656
> > > 
> > >  CryptoPkg/Library/Include/openssl/opensslconf.h  |   3 -
> > >  CryptoPkg/Library/OpensslLib/ApiHooks.c  |  18 +
> > >  CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c |  34 +
> > >  CryptoPkg/Library/OpensslLib/process_files.pl| 223 +--
> > >  CryptoPkg/Library/OpensslLib/uefi-asm.conf   |  15 +
> > >  8 files changed, 903 insertions(+), 50 deletions(-)
> > >
> > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > > index dbbe5386a1..bd62d86936 100644
> > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > > @@ -16,7 +16,7 @@
> > >VERSION_STRING = 1.0
> > >
> > >LIBRARY_CLASS  = OpensslLib
> > >
> > >DEFINE OPENSSL_PATH= openssl
> > >
> > > - 

Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

After further review, the ApiHooks.c file may no longer be needed since we are 
no longer including the AVX instructions. I will look over the dependencies and 
send a new patch set if I can eliminate the API hooks file.

Thanks,
Christopher Zurcher

> -Original Message-
> From: Yao, Jiewen 
> Sent: Thursday, August 13, 2020 08:04
> To: Zurcher, Christopher J ;
> devel@edk2.groups.io
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Ard Biesheuvel 
> Subject: RE: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction
> support for X64
> 
> Hi Christopher
> Thanks.
> 
> 1) Would you please help me understand more on "ApiHooks.c contains a stub
> function for a Windows API call" ?
> Why we need this?
> If it is compiler specific in openssl, should we submit patch to openssl to
> exclude this with OPENSSL_SYS_UEFI? That should be a cleaner solution for
> UEFI.
> 
> 2) Would you please describe what compiler you have tried? VS? GCC? LLVM?
> 
> 3) Would you please describe what unit test you have done?
> 
> Thank you
> Yao Jiewen
> 
> 
> > -Original Message-
> > From: Zurcher, Christopher J 
> > Sent: Tuesday, August 4, 2020 8:24 AM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen ; Wang, Jian J
> ;
> > Lu, XiaoyuX ; Ard Biesheuvel
> 
> > Subject: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction
> support
> > for X64
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
> >
> > Adding OpensslLibX64.inf and modifying process_files.pl to process this
> > file and generate the necessary assembly files.
> > ApiHooks.c contains a stub function for a Windows API call.
> > uefi-asm.conf contains the limited assembly configurations for OpenSSL.
> >
> > Cc: Jiewen Yao 
> > Cc: Jian J Wang 
> > Cc: Xiaoyu Lu 
> > Cc: Ard Biesheuvel 
> > Signed-off-by: Christopher J Zurcher 
> > ---
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf  |   2 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|   2 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLibX64.inf   | 656
> > 
> >  CryptoPkg/Library/Include/openssl/opensslconf.h  |   3 -
> >  CryptoPkg/Library/OpensslLib/ApiHooks.c  |  18 +
> >  CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c |  34 +
> >  CryptoPkg/Library/OpensslLib/process_files.pl| 223 +--
> >  CryptoPkg/Library/OpensslLib/uefi-asm.conf   |  15 +
> >  8 files changed, 903 insertions(+), 50 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > index dbbe5386a1..bd62d86936 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > @@ -16,7 +16,7 @@
> >VERSION_STRING = 1.0
> >
> >LIBRARY_CLASS  = OpensslLib
> >
> >DEFINE OPENSSL_PATH= openssl
> >
> > -  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT
> > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> >
> > +  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT
> > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -
> > DOPENSSL_NO_ASM
> >
> >
> >
> >  #
> >
> >  #  VALID_ARCHITECTURES   = IA32 X64 ARM AARCH64
> >
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > index 616ccd9f62..2b7324a990 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > @@ -16,7 +16,7 @@
> >VERSION_STRING = 1.0
> >
> >LIBRARY_CLASS  = OpensslLib
> >
> >DEFINE OPENSSL_PATH= openssl
> >
> > -  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT
> > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
> >
> > +  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT
> > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -
> > DOPENSSL_NO_ASM
> >
> >
> >
> >  #
> >
> >  #  VALID_ARCHITECTURES   = IA32 X64 ARM AARCH64
> >
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
> > new file mode 100644
> > index 00..825eea0254
> > --- /dev/null
> > +++ b/CryptoPkg/Library/OpensslLib/Openss

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

I replaced the MD5 and SHAx functions with EVP functions in Hash2DxeCrypto, and 
it grew from ~26k to ~253k.

--
Christopher Zurcher

> -Original Message-
> From: Yao, Jiewen 
> Sent: Thursday, August 13, 2020 07:38
> To: Laszlo Ersek ; devel@edk2.groups.io; Zurcher,
> Christopher J 
> Cc: Wang, Jian J ; Lu, XiaoyuX 
> Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP
> (Envelope) Digest interface
> 
> 1) Agree with Laszlo.
> We need extend internal protocol/ppi for this new API.
> 
> 2) Do you have any data on the size difference between old SHA implementation
> or new MD implementation?
> 
> Thank you
> Yao Jiewen
> 
> > -Original Message-
> > From: Laszlo Ersek 
> > Sent: Thursday, August 13, 2020 5:47 PM
> > To: devel@edk2.groups.io; Zurcher, Christopher J
> > 
> > Cc: Yao, Jiewen ; Wang, Jian J
> ;
> > Lu, XiaoyuX 
> > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP
> > (Envelope) Digest interface
> >
> > Hi Christopher,
> >
> > (+Mike,
> >
> > On 08/13/20 03:20, Zurcher, Christopher J wrote:
> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545
> > >
> > > The EVP interface should be used in place of discrete digest function
> > > calls.
> > >
> > > Cc: Jiewen Yao 
> > > Cc: Jian J Wang 
> > > Cc: Xiaoyu Lu 
> > > Signed-off-by: Christopher J Zurcher 
> > > ---
> > >  CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf|   1 +
> > >  CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |   1 +
> > >  CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |   1 +
> > >  CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |   1 +
> > >  CryptoPkg/Include/Library/BaseCryptLib.h   | 122 +++
> > >  CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c| 228
> > 
> > >  6 files changed, 354 insertions(+)
> >
> > (1) This patch extends the library class header, but updates only one
> > *set* of the three library instance *sets*. The other two instance
> > *sets* are:
> >
> > - BaseCryptLibNull (just one instance), for which it should not be hard
> > to provide Null implementations of the new functions;
> >
> > - BaseCryptLibOnProtocolPpi (three instances -- Pei, Dxe, Smm).
> >
> >
> > BaseCryptLibOnProtocolPpi is a tough nut, because it seems to require
> > extending:
> >
> > - the crypto service driver at CryptoPkg/Driver/,
> >
> > - the interface to that driver (CryptoPkg/Private/Protocol/Crypto.h --
> > reused by both "CryptoPkg/Private/Ppi/Crypto.h" and
> > "CryptoPkg/Private/Protocol/SmmCrypto.h"),
> >
> > - the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure at
> > "CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h", for configuring
> > the driver,
> >
> > - the various PcdCryptoServiceFamilyEnable settings / build profiles in
> > CryptoPkg/CryptoPkg.dsc.
> >
> >
> > >
> > > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > > index 4aae2aba95..3968f29412 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > > @@ -50,6 +50,7 @@
> > >Pk/CryptAuthenticode.c
> > >Pk/CryptTs.c
> > >Pem/CryptPem.c
> > > +  Evp/CryptEvpMd.c
> > >
> > >SysCall/CrtWrapper.c
> > >SysCall/TimerWrapper.c
> > > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > index dc28e3a11d..d0b91716d0 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > > @@ -57,6 +57,7 @@
> > >Pk/CryptTsNull.c
> > >Pem/CryptPemNull.c
> > >Rand/CryptRandNull.c
> > > +  Evp/CryptEvpMd.c
> > >
> > >SysCall/CrtWrapper.c
> > >SysCall/ConstantTimeClock.c
> > > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > > index 5005beed02..9f3accd35b 100644
> > > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > > @@ -56,6 +56,7 @@
> > >Pk/CryptAuthenticodeNull.c
> > >Pk/CryptTsNull.c
> > >Pem/Crypt

[edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

The EVP interface should be used in place of discrete digest function
calls.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf|   1 +
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |   1 +
 CryptoPkg/Include/Library/BaseCryptLib.h   | 122 +++
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c| 228 
 6 files changed, 354 insertions(+)

diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 4aae2aba95..3968f29412 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -50,6 +50,7 @@
   Pk/CryptAuthenticode.c
   Pk/CryptTs.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index dc28e3a11d..d0b91716d0 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -57,6 +57,7 @@
   Pk/CryptTsNull.c
   Pem/CryptPemNull.c
   Rand/CryptRandNull.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 5005beed02..9f3accd35b 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -56,6 +56,7 @@
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91ec3e03bf..420623cdc6 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -54,6 +54,7 @@
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
   Pem/CryptPem.c
+  Evp/CryptEvpMd.c
 
   SysCall/CrtWrapper.c
   SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index ae9bde9e37..f3bf8aac0c 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1012,6 +1012,128 @@ HmacSha256Final (
   OUT UINT8  *HmacValue
   );
 
+//=
+//EVP (Envelope) Primitive
+//=
+
+/**
+  Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+  @return  Pointer to the EVP_MD_CTX context that has been initialized.
+   If the allocations fails, EvpMdNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdNew (
+  VOID
+  );
+
+/**
+  Release the specified EVP_MD_CTX context.
+
+  @param[in]  EvpMdContext  Pointer to the EVP_MD_CTX context to be released.
+
+**/
+VOID
+EFIAPI
+EvpMdFree (
+  IN  VOID  *EvpMdContext
+  );
+
+/**
+  Initializes user-supplied memory pointed to by EvpMdContext as EVP_MD_CTX
+  context for subsequent use.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If DigestName is NULL, then return FALSE.
+
+  @param[out]   EvpMdContext  Pointer to EVP_MD_CTX context being initialized.
+  @param[in]DigestNamePointer to the digest name.
+
+  @retval TRUE   EVP_MD_CTX context initialization succeeded.
+  @retval FALSE  EVP_MD_CTX context initialization failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdInit (
+  OUT VOID  *EvpMdContext,
+  IN  CONST CHAR8   *DigestName
+  );
+
+/**
+  Makes a copy of an existing EVP_MD context.
+
+  If EvpMdContext is NULL, then return FALSE.
+  If NewEvpMdContext is NULL, then return FALSE.
+
+  @param[in]  EvpMdContext Pointer to EVP_MD context being copied.
+  @param[out] NewEvpMdContext  Pointer to new EVP_MD context.
+
+  @retval TRUE   EVP_MD context copy succeeded.
+  @retval FALSE  EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+  IN  CONST VOID*EvpMdContext,
+  OUT VOID  *NewEvpMdContext
+  );
+
+/**
+  Digests the input data and updates EVP_MD context.
+
+  This function performs EVP digest on a data buffer of the specified size.
+  It can be called multiple times to compute the digest of long or 
discontinuous data streams.
+  EVP_MD context should be already correctly initialized by EvpMdInit(), and 
should not
+  be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+  If EvpMdContext is NULL, then return FALSE.
+
+  @param[in, out]  EvpMdContext   Pointer to the EVP_MD context.
+  @param[in]   Data   Pointer to the buffer containing the 

[edk2-devel] [PATCH 0/1] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Low-level interfaces to message digest (hash) functions have been deprecated
in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
be replaced by EVP inteface calls.
For reviewers: The added file CryptEvpMd.c is based on CryptHmacSha256.c
and can be compared to that file to easily highlight changes.

References:
  https://www.openssl.org/docs/manmaster/man7/evp.html
  https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 

Christopher J Zurcher (1):
  CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

 CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf|   1 +
 CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf |   1 +
 CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |   1 +
 CryptoPkg/Include/Library/BaseCryptLib.h   | 122 +++
 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c| 228 
 6 files changed, 354 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c

-- 
2.28.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64134): https://edk2.groups.io/g/devel/message/64134
Mute This Topic: https://groups.io/mt/76159837/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 0/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

V2 Changes:
  Limit scope of assembly config to SHA and AES functions.
  Removed IA32 native support (reduced config was causing build failure and
can be added in a later patch).
  Removed XMM instructions from assembly generation.
  Added automatic copyright header porting for generated assembly files.

This patch adds support for building the native instruction algorithms for
the X64 architecture in OpensslLib. The process_files.pl script was modified
to parse the .asm file targets from the OpenSSL build config data struct, and
generate the necessary assembly files for the EDK2 build environment.

For the X64 variant, OpenSSL includes calls to a Windows error handling API,
and that function has been stubbed out in ApiHooks.c.

For all variants, a constructor is added to call the required CPUID function
within OpenSSL to facilitate processor capability checks in the native
algorithms.

Additional native architecture variants should be simple to add by following
the changes made for this architecture.

The OpenSSL assembly files are traditionally generated at build time using a
perl script. To avoid that burden on EDK2 users, these end-result assembly
files are generated during the configuration steps performed by the package
maintainer (through process_files.pl). The perl generator scripts inside
OpenSSL do not parse file comments as they are only meant to create
intermediate build files, so process_files.pl contains additional hooks to
preserve the copyright headers as well as clean up tabs and line endings to
comply with EDK2 coding standards. The resulting file headers align with
the generated .h files which are already included in the EDK2 repository.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Cc: Ard Biesheuvel 

Christopher J Zurcher (2):
  CryptoPkg/OpensslLib: Add native instruction support for X64
  CryptoPkg/OpensslLib: Commit the auto-generated assembly files for X64

 CryptoPkg/Library/OpensslLib/OpensslLib.inf  |2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf   |  656 +++
 CryptoPkg/Library/Include/openssl/opensslconf.h  |3 -
 CryptoPkg/Library/OpensslLib/ApiHooks.c  |   18 +
 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c |   34 +
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm |  732 +++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm   | 1916 

 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm |   78 +
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm| 5103 

 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm| 1173 
+
 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm  | 1569 
++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm  | 3137 

 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm | 2884 
+++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm| 3461 
+
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm   | 3313 
+
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm   | 1938 

 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm |  491 ++
 CryptoPkg/Library/OpensslLib/process_files.pl|  223 +-
 CryptoPkg/Library/OpensslLib/uefi-asm.conf   |   15 +
 20 files changed, 26698 insertions(+), 50 deletions(-)
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
 create mode 100644 CryptoPkg/Library/OpensslLib/ApiHooks.c
 create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
 create mode 100644 
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
 create mode 100644 CryptoPkg/Library/OpensslLib/uefi-asm.conf

-- 
2.28.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io 

[edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507

Adding OpensslLibX64.inf and modifying process_files.pl to process this
file and generate the necessary assembly files.
ApiHooks.c contains a stub function for a Windows API call.
uefi-asm.conf contains the limited assembly configurations for OpenSSL.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Cc: Ard Biesheuvel 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf  |   2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|   2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf   | 656 
 CryptoPkg/Library/Include/openssl/opensslconf.h  |   3 -
 CryptoPkg/Library/OpensslLib/ApiHooks.c  |  18 +
 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c |  34 +
 CryptoPkg/Library/OpensslLib/process_files.pl| 223 +--
 CryptoPkg/Library/OpensslLib/uefi-asm.conf   |  15 +
 8 files changed, 903 insertions(+), 50 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dbbe5386a1..bd62d86936 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -16,7 +16,7 @@
   VERSION_STRING = 1.0
   LIBRARY_CLASS  = OpensslLib
   DEFINE OPENSSL_PATH= openssl
-  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
 
 #
 #  VALID_ARCHITECTURES   = IA32 X64 ARM AARCH64
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 616ccd9f62..2b7324a990 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -16,7 +16,7 @@
   VERSION_STRING = 1.0
   LIBRARY_CLASS  = OpensslLib
   DEFINE OPENSSL_PATH= openssl
-  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM
 
 #
 #  VALID_ARCHITECTURES   = IA32 X64 ARM AARCH64
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
new file mode 100644
index 00..825eea0254
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
@@ -0,0 +1,656 @@
+## @file
+#  This module provides OpenSSL Library implementation.
+#
+#  Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
+#  (C) Copyright 2020 Hewlett Packard Enterprise Development LP
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = OpensslLibX64
+  MODULE_UNI_FILE= OpensslLib.uni
+  FILE_GUID  = 18125E50-0117-4DD0-BE54-4784AD995FEF
+  MODULE_TYPE= BASE
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = OpensslLib
+  DEFINE OPENSSL_PATH= openssl
+  DEFINE OPENSSL_FLAGS   = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT 
-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+  DEFINE OPENSSL_FLAGS_CONFIG= -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
+  CONSTRUCTOR= OpensslLibConstructor
+
+#
+#  VALID_ARCHITECTURES   = X64
+#
+
+[Sources]
+  OpensslLibConstructor.c
+  $(OPENSSL_PATH)/e_os.h
+  $(OPENSSL_PATH)/ms/uplink.h
+# Autogenerated files list starts here
+  X64/crypto/aes/aesni-mb-x86_64.nasm
+  X64/crypto/aes/aesni-sha1-x86_64.nasm
+  X64/crypto/aes/aesni-sha256-x86_64.nasm
+  X64/crypto/aes/aesni-x86_64.nasm
+  X64/crypto/aes/vpaes-x86_64.nasm
+  X64/crypto/modes/ghash-x86_64.nasm
+  X64/crypto/sha/sha1-mb-x86_64.nasm
+  X64/crypto/sha/sha1-x86_64.nasm
+  X64/crypto/sha/sha256-mb-x86_64.nasm
+  X64/crypto/sha/sha256-x86_64.nasm
+  X64/crypto/sha/sha512-x86_64.nasm
+  X64/crypto/x86_64cpuid.nasm
+  $(OPENSSL_PATH)/crypto/aes/aes_cbc.c
+  $(OPENSSL_PATH)/crypto/aes/aes_cfb.c
+  $(OPENSSL_PATH)/crypto/aes/aes_core.c
+  $(OPENSSL_PATH)/crypto/aes/aes_ige.c
+  $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+  $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+  $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+  $(OPENSSL_PATH)/crypto/aria/aria.c
+  $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
+  $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
+  $(OPENSSL_PATH)/crypto/asn1/a_digest.c
+  $(OPENSSL_PATH)/crypto/asn1/a_dup.c
+  $(OPENSSL_PATH)/crypto/asn1/a_gentm.c
+  $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c
+  $(OPENSSL_PATH)/crypto/asn1/a_int.c
+  $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c
+  

Re: [edk2-devel] [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations

[Zurcher, Christopher J]

This change has been validated on an internal development platform; I will 
share the details offline.

Thanks,
Christopher Zurcher

> -Original Message-
> From: Gao, Liming 
> Sent: Monday, March 30, 2020 06:51
> To: Liu, Zhiguang ; Zurcher, Christopher J
> ; devel@edk2.groups.io
> Cc: Kinney, Michael D ; Wang, Jian J
> 
> Subject: RE: [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous
> SCSI Write operations
> 
> Zurcher:
>   What functionality test has been done for this test?
> 
> Thanks
> Liming
> > -Original Message-
> > From: Liu, Zhiguang 
> > Sent: Monday, March 30, 2020 9:52 AM
> > To: Zurcher, Christopher J ;
> devel@edk2.groups.io
> > Cc: Kinney, Michael D ; Wang, Jian J
> ; Gao, Liming 
> > Subject: RE: [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous
> SCSI Write operations
> >
> > Reviewed-by: Zhiguang Liu 
> >
> > > -Original Message-
> > > From: Zurcher, Christopher J
> > > Sent: Thursday, March 26, 2020 3:34 PM
> > > To: devel@edk2.groups.io
> > > Cc: Kinney, Michael D ; Wang, Jian J
> > > ; Gao, Liming ; Liu,
> Zhiguang
> > > 
> > > Subject: [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous
> > > SCSI Write operations
> > >
> > > The FUA (Force Unit Access) bit forces data to be written directly to
> > > disk instead of the write cache. This prevents data from being lost if a
> > > shutdown or reset is requested immediately after a SCSI write operation.
> > >
> > > Cc: Michael D Kinney 
> > > Cc: Jian J Wang 
> > > Cc: Liming Gao 
> > > Cc: Zhiguang Liu 
> > > Signed-off-by: Christopher J Zurcher 
> > > ---
> > >  MdePkg/Include/IndustryStandard/Scsi.h   |  8 +++-
> > >  MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 --
> > >  2 files changed, 15 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/MdePkg/Include/IndustryStandard/Scsi.h
> > > b/MdePkg/Include/IndustryStandard/Scsi.h
> > > index 3e966520a1..64b9918b82 100644
> > > --- a/MdePkg/Include/IndustryStandard/Scsi.h
> > > +++ b/MdePkg/Include/IndustryStandard/Scsi.h
> > > @@ -1,7 +1,7 @@
> > >  /** @file
> > >Support for SCSI-2 standard
> > >
> > > -  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
> > > +  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
> > >SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > >  **/
> > > @@ -175,6 +175,12 @@
> > >  #define EFI_SCSI_DATA_IN  0
> > >  #define EFI_SCSI_DATA_OUT 1
> > >
> > > +//
> > > +// SCSI Block Command Cache Control Parameters
> > > +//
> > > +#define EFI_SCSI_BLOCK_FUA  BIT3  ///< Force Unit Access
> > > +#define EFI_SCSI_BLOCK_DPO  BIT4  ///< Disable Page Out
> > > +
> > >  //
> > >  // Peripheral Device Type Definitions
> > >  //
> > > diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
> > > b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
> > > index 13a2a1912c..512bec500c 100644
> > > --- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
> > > +++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
> > > @@ -1,7 +1,7 @@
> > >  /** @file
> > >UEFI SCSI Library implementation
> > >
> > > -  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
> > > +  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
> > >SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > >  **/
> > > @@ -1055,15 +1055,16 @@ ScsiWrite10Command (
> > >ZeroMem (, sizeof
> > > (EFI_SCSI_IO_SCSI_REQUEST_PACKET));
> > >ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TEN);
> > >
> > > -  CommandPacket.Timeout = Timeout;
> > > -  CommandPacket.OutDataBuffer= DataBuffer;
> > > -  CommandPacket.SenseData   = SenseData;
> > > -  CommandPacket.OutTransferLength= *DataLength;
> > > -  CommandPacket.Cdb = Cdb;
> > > +  CommandPacket.Timeout   = Timeout;
> > > +  CommandPacket.OutDataBuffer = DataBuffer;
> > > +  CommandPacket.SenseData = SenseData;
> > > +  CommandPacket.OutTransferLength = *DataLength;
> > > +  CommandPacket.Cdb   = Cdb;
> > >//
> > >// Fill Cdb for Write (10) Command
> > >//
> > >Cdb[0]= EFI_SCSI

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

[Zurcher, Christopher J]

During the Perlasm generation step, the script attempts to execute NASM from 
the user's path to see if it's an appropriate version to support AVX 
instructions:
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/sha/asm/sha512-x86_64.pl#L129
For now, we could force this check to fail during generation. I'm going to 
reduce this patch to only cover AES and SHA, and the OS-provisioning use case 
for the SHA acceleration has enough dependency on I/O operations that the AVX 
speed increase is already reaching diminishing returns. I don't mind leaving 
AVX support to the future.

--
Christopher Zurcher

> -Original Message-
> From: Kinney, Michael D 
> Sent: Thursday, March 26, 2020 11:23
> To: Yao, Jiewen ; Zurcher, Christopher J
> ; devel@edk2.groups.io; Kinney, Michael D
> 
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Ard Biesheuvel ; david.harr...@hp.com
> Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native
> instruction support for IA32 and X64
> 
> The main issue with use of extended registers is
> that the default interrupt/exception handler for
> IA32/X64 does FXSAVE/FXRSTOR.
> 
> https://github.com/tianocore/edk2/blob/5f7c91f0d72efca3b53628163861265c89306f
> 1f/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm#L24
> 4
> 
> https://github.com/tianocore/edk2/blob/5f7c91f0d72efca3b53628163861265c89306f
> 1f/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.nasm#L2
> 90
> 
> This covers FP/MMX/XMM registers, but no more.
> 
> Any code that uses more than this has 2 options:
> 1) Expand the state saved in interrupts/exception handlers
>for the entire platform.
> 2) Disable interrupts when calling code that uses
>additional register state.
> 
> Mike
> 
> > -Original Message-
> > From: Yao, Jiewen 
> > Sent: Wednesday, March 25, 2020 8:58 PM
> > To: Zurcher, Christopher J
> > ; devel@edk2.groups.io
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ; Ard Biesheuvel
> > ; david.harr...@hp.com;
> > Kinney, Michael D 
> > Subject: RE: [edk2-devel] [PATCH 1/1]
> > CryptoPkg/OpensslLib: Add native instruction support for
> > IA32 and X64
> >
> > There is an old shell based test application. It is
> > removed from edk2-repo, and it should be in edk2-test
> > repo in the future.
> >
> > Before the latter is ready, you can find the archive at
> > https://github.com/jyao1/edk2/tree/edk2-
> > cryptest/CryptoTestPkg/Cryptest
> >
> > But I am not sure if it covers the latest interface,
> > especially the new added one. As far as I know, some SM3
> > is not added there.
> >
> > I still recommend you double check which functions use
> > the YMM and make sure these functions are tested.
> >
> > I have no concern on HASH, since you already provided the
> > data.
> > But other algo, such as AES/RSA/HMAC, etc.
> >
> >
> > Thank you
> > Yao Jiewen
> >
> > > -Original Message-
> > > From: Zurcher, Christopher J
> > 
> > > Sent: Thursday, March 26, 2020 11:29 AM
> > > To: Yao, Jiewen ;
> > devel@edk2.groups.io
> > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ;
> > > Ard Biesheuvel ;
> > david.harr...@hp.com; Kinney,
> > > Michael D 
> > > Subject: RE: [edk2-devel] [PATCH 1/1]
> > CryptoPkg/OpensslLib: Add native
> > > instruction support for IA32 and X64
> > >
> > > > -Original Message-
> > > > From: Yao, Jiewen 
> > > > Sent: Wednesday, March 25, 2020 20:05
> > > > To: Zurcher, Christopher J
> > ;
> > > > devel@edk2.groups.io
> > > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > > ;
> > > > Ard Biesheuvel ;
> > david.harr...@hp.com; Kinney,
> > > > Michael D 
> > > > Subject: RE: [edk2-devel] [PATCH 1/1]
> > CryptoPkg/OpensslLib: Add native
> > > > instruction support for IA32 and X64
> > > >
> > > > Thanks. Comment inline:
> > > >
> > > > > -Original Message-
> > > > > From: Zurcher, Christopher J
> > 
> > > > > Sent: Thursday, March 26, 2020 10:44 AM
> > > > > To: devel@edk2.groups.io; Yao, Jiewen
> > 
> > > > > Cc: Wang, Jian J ; Lu,
> > XiaoyuX
> > > > ;
> > > > > Ard Biesheuvel ;
> > david.harr...@hp.com; Kinney,
> > > > > Michael D 
> > > > > Subject: RE: [edk2-devel] [PATCH 1/1]
> > CryptoPkg/OpensslLib: Add native
> > > > > instruction su

[edk2-devel] [PATCH v2 0/1] UefiScsiLib: Set FUA bit for synchronous SCSI Write operations

[Zurcher, Christopher J]

V2 changes:
Add bit defines for cache control parameters from SBC-2.

Some SCSI devices have very aggressive write caching implemented, causing
data to be lost if the system is shut down or rebooted soon after
receiving a successful write confirmation from the device. By setting the
FUA bit in the synchronous versions of the Write10/Write16 commands, the
write cache is skipped and data is forced directly to the disk.

The Asynchronous (WriteEx) commands will not have this bit set, allowing
performance-sensitive transactions to continue utilizing the write cache.

An alternative, more complicated solution would be to implement the
SYNCHRONIZE CACHE command and call it from ScsiDiskFlushBlocks, which
currently returns EFI_SUCCESS without flushing anything. Since the
SYNCHRONIZE CACHE command requires the caller to provide the specific
blocks to flush, and the BlockIO FlushBlocks function does not accept any
arguments, this would require keeping track of the write history inside the
ScsiDiskDxe driver.

I have not tested the asynchronous commands for this issue, so there is a
chance that resetting the system even after a call to FlushBlocksEx might
still result in lost data. Currently the ScsiDiskFlushBlocksEx command
waits for the BlockIo2 requests queue to empty, but does not ask the device
itself to flush anything. (EFI_SCSI_OP_SYNC_CACHE is defined in
IndustryStandard/Scsi.h but is not implemented anywhere.)

Cc: Michael D Kinney 
Cc: Jian J Wang 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Christopher J Zurcher (1):
  MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations

 MdePkg/Include/IndustryStandard/Scsi.h   |  8 +++-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 --
 2 files changed, 15 insertions(+), 7 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56367): https://edk2.groups.io/g/devel/message/56367
Mute This Topic: https://groups.io/mt/72559352/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations

[Zurcher, Christopher J]

The FUA (Force Unit Access) bit forces data to be written directly to
disk instead of the write cache. This prevents data from being lost if a
shutdown or reset is requested immediately after a SCSI write operation.

Cc: Michael D Kinney 
Cc: Jian J Wang 
Cc: Liming Gao 
Cc: Zhiguang Liu 
Signed-off-by: Christopher J Zurcher 
---
 MdePkg/Include/IndustryStandard/Scsi.h   |  8 +++-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 --
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/Scsi.h 
b/MdePkg/Include/IndustryStandard/Scsi.h
index 3e966520a1..64b9918b82 100644
--- a/MdePkg/Include/IndustryStandard/Scsi.h
+++ b/MdePkg/Include/IndustryStandard/Scsi.h
@@ -1,7 +1,7 @@
 /** @file
   Support for SCSI-2 standard
 
-  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -175,6 +175,12 @@
 #define EFI_SCSI_DATA_IN  0
 #define EFI_SCSI_DATA_OUT 1
 
+//
+// SCSI Block Command Cache Control Parameters
+//
+#define EFI_SCSI_BLOCK_FUA  BIT3  ///< Force Unit Access
+#define EFI_SCSI_BLOCK_DPO  BIT4  ///< Disable Page Out
+
 //
 // Peripheral Device Type Definitions
 //
diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c 
b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
index 13a2a1912c..512bec500c 100644
--- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
+++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
@@ -1,7 +1,7 @@
 /** @file
   UEFI SCSI Library implementation
 
-  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -1055,15 +1055,16 @@ ScsiWrite10Command (
   ZeroMem (, sizeof (EFI_SCSI_IO_SCSI_REQUEST_PACKET));
   ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TEN);
 
-  CommandPacket.Timeout = Timeout;
-  CommandPacket.OutDataBuffer= DataBuffer;
-  CommandPacket.SenseData   = SenseData;
-  CommandPacket.OutTransferLength= *DataLength;
-  CommandPacket.Cdb = Cdb;
+  CommandPacket.Timeout   = Timeout;
+  CommandPacket.OutDataBuffer = DataBuffer;
+  CommandPacket.SenseData = SenseData;
+  CommandPacket.OutTransferLength = *DataLength;
+  CommandPacket.Cdb   = Cdb;
   //
   // Fill Cdb for Write (10) Command
   //
   Cdb[0]= EFI_SCSI_OP_WRITE10;
+  Cdb[1]= EFI_SCSI_BLOCK_FUA;
   WriteUnaligned32 ((UINT32 *)[2], SwapBytes32 (StartLba));
   WriteUnaligned16 ((UINT16 *)[7], SwapBytes16 ((UINT16) SectorSize));
 
@@ -1263,6 +1264,7 @@ ScsiWrite16Command (
   // Fill Cdb for Write (16) Command
   //
   Cdb[0]= EFI_SCSI_OP_WRITE16;
+  Cdb[1]= EFI_SCSI_BLOCK_FUA;
   WriteUnaligned64 ((UINT64 *)[2], SwapBytes64 (StartLba));
   WriteUnaligned32 ((UINT32 *)[10], SwapBytes32 (SectorSize));
 
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56368): https://edk2.groups.io/g/devel/message/56368
Mute This Topic: https://groups.io/mt/72559353/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

[Zurcher, Christopher J]

> -Original Message-
> From: Yao, Jiewen 
> Sent: Wednesday, March 25, 2020 20:05
> To: Zurcher, Christopher J ;
> devel@edk2.groups.io
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Ard Biesheuvel ; david.harr...@hp.com; Kinney,
> Michael D 
> Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native
> instruction support for IA32 and X64
> 
> Thanks. Comment inline:
> 
> > -Original Message-
> > From: Zurcher, Christopher J 
> > Sent: Thursday, March 26, 2020 10:44 AM
> > To: devel@edk2.groups.io; Yao, Jiewen 
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> ;
> > Ard Biesheuvel ; david.harr...@hp.com; Kinney,
> > Michael D 
> > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native
> > instruction support for IA32 and X64
> >
> > The specific performance improvement depends on the operation; the OS
> > provisioning I mentioned in the [Patch 0/1] thread removed the hashing as a
> > bottleneck and improved the overall operation speed over 4x (saving 2.5
> > minutes of flashing time), but a direct SHA256 benchmark on the particular
> > silicon I have available showed over 12x improvement. I have not
> benchmarked
> > the improvements to boot time. I do not know the use case targeted by BZ
> 2507
> > so I don't know what benefit will be seen there.
> [Jiewen] I guess there might be some improvement on HTTPS boot because of
> AES-NI for TLS session.
> I am just curious on the data. :-)
> 
> 
> >
> > I will look at unifying the INF files in the next patch-set and will also
> add the
> > OpensslLibCrypto.inf case.
> [Jiewen] Thanks!
> 
> 
> >
> > I have not exercised the AVX code specifically, as it is coming directly
> from
> > OpenSSL and includes checks against the CPUID capability flags before
> executing.
> > I'm not entirely familiar with AVX requirements; is there a known
> environment
> > restriction against AVX instructions in EDK2?
> [Jiewen] Yes. UEFI spec only requires to set env for XMM register.
> Using other registers such as YMM or ZMM may requires special setup, and
> save/restore some FPU state.
> If a function containing the YMM register access and it is linked into
> BaseCryptoLib, I highly recommend you run some test to make sure it can work
> correct.
> 
> Maybe I should ask more generic question: Have you validated all impacted
> crypto lib API to make sure they still work well with this improvement?
> 

I have not. Is there an existing test suite that was used initially, or used 
with each OpenSSL version update?

Thanks,
Christopher Zurcher

> 
> >
> > Regarding RNG, it looks like we already have architecture-specific variants
> of
> > RdRand...?
> [Jiewen] Yes. That is in RngLib.
> I ask this question because I see openssl wrapper is using PMC/TSC as noisy.
> https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/ra
> nd_pool.c
> Since this patch adds instruction dependency, why no use RNG instruction as
> well?
> 
> 
> >
> > There was some off-list feedback regarding the number of files required to
> be
> > checked in here. OpenSSL does not include assembler-specific
> implementations
> > of these files and instead relies on "perlasm" scripts which are parsed by
> a
> > translation script at build time (in the normal OpenSSL build flow) to
> generate
> > the resulting .nasm files. The implementation I have shared here generates
> these
> > files as part of the OpensslLib maintainer process, similar to the existing
> header
> > files which are also generated. Since process_files.pl already requires the
> > package maintainer to have a Perl environment installed, this does not
> place any
> > additional burden on them.
> > An alternative implementation has been proposed which would see only a
> > listing/script of the required generator operations to be checked in, and
> any
> > platform build which intended to utilize the native algorithms would
> require a
> > local Perl environment as well as any underlying environment dependencies
> > (such as a version check against the NASM executable) for every developer,
> and
> > additional pre-build steps to run the generator scripts.
> >
> > Are there any strong opinions here around adding Perl as a build
> environment
> > dependency vs. checking in maintainer-generated assembly "intermediate"
> build
> > files?
> [Jiewen] Good question. For tool, maybe Mike or Liming can answer.
> And I did get similar issue with you.
> I got a submodule code need using CMake and pre-processor to generate a
> common 

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

[Zurcher, Christopher J]

The specific performance improvement depends on the operation; the OS 
provisioning I mentioned in the [Patch 0/1] thread removed the hashing as a 
bottleneck and improved the overall operation speed over 4x (saving 2.5 minutes 
of flashing time), but a direct SHA256 benchmark on the particular silicon I 
have available showed over 12x improvement. I have not benchmarked the 
improvements to boot time. I do not know the use case targeted by BZ 2507 so I 
don't know what benefit will be seen there.

I will look at unifying the INF files in the next patch-set and will also add 
the OpensslLibCrypto.inf case.

I have not exercised the AVX code specifically, as it is coming directly from 
OpenSSL and includes checks against the CPUID capability flags before 
executing. I'm not entirely familiar with AVX requirements; is there a known 
environment restriction against AVX instructions in EDK2?

Regarding RNG, it looks like we already have architecture-specific variants of 
RdRand...?

There was some off-list feedback regarding the number of files required to be 
checked in here. OpenSSL does not include assembler-specific implementations of 
these files and instead relies on "perlasm" scripts which are parsed by a 
translation script at build time (in the normal OpenSSL build flow) to generate 
the resulting .nasm files. The implementation I have shared here generates 
these files as part of the OpensslLib maintainer process, similar to the 
existing header files which are also generated. Since process_files.pl already 
requires the package maintainer to have a Perl environment installed, this does 
not place any additional burden on them.
An alternative implementation has been proposed which would see only a 
listing/script of the required generator operations to be checked in, and any 
platform build which intended to utilize the native algorithms would require a 
local Perl environment as well as any underlying environment dependencies (such 
as a version check against the NASM executable) for every developer, and 
additional pre-build steps to run the generator scripts.

Are there any strong opinions here around adding Perl as a build environment 
dependency vs. checking in maintainer-generated assembly "intermediate" build 
files?

Thanks,
Christopher Zurcher

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Yao, Jiewen
> Sent: Wednesday, March 25, 2020 18:23
> To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher,
> Christopher J 
> Cc: Wang, Jian J ; Lu, XiaoyuX ;
> Eugene Cohen ; Ard Biesheuvel 
> Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native
> instruction support for IA32 and X64
> 
> Some more comment:
> 
> 3) Do you consider to enable RNG instruction as well?
> 
> 4) I saw you added some code for AVX instruction, such as YMM register.
> Have you validated that code, to make sure it can work correctly in current
> environment?
> 
> 
> 
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Yao, Jiewen
> > Sent: Thursday, March 26, 2020 9:15 AM
> > To: devel@edk2.groups.io; Zurcher, Christopher J
> > 
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> ;
> > Eugene Cohen ; Ard Biesheuvel 
> > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native
> > instruction support for IA32 and X64
> >
> > HI Christopher
> > Thanks for the contribution. I think it is good enhancement.
> >
> > Do you have any data show what performance improvement we can get?
> > Did the system boot faster with the this? Which feature ?
> > UEFI Secure Boot? TCG Measured Boot? HTTPS boot?
> >
> >
> > Comment for the code:
> > 1) I am not sure if we need separate OpensslLibIa32 and OpensslLibX64.
> > Can we just define single INF, such as OpensslLibHw.inf ?
> >
> > 2) Do we also need add a new version for OpensslLibCrypto.inf ?
> >
> >
> >
> > Thank you
> > Yao Jiewen
> >
> > > -Original Message-
> > > From: devel@edk2.groups.io  On Behalf Of Zurcher,
> > > Christopher J
> > > Sent: Tuesday, March 17, 2020 6:27 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Jian J ; Lu, XiaoyuX
> > ;
> > > Eugene Cohen ; Ard Biesheuvel 
> > > Subject: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native
> > instruction
> > > support for IA32 and X64
> > >
> >
> >
> >
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#56354): https://edk2.groups.io/g/devel/message/56354
Mute This Topic: https://groups.io/mt/72021063/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

[Zurcher, Christopher J]

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Ard Biesheuvel
> Sent: Wednesday, March 25, 2020 11:40
> To: Zurcher, Christopher J 
> Cc: edk2-devel-groups-io ; Wang, Jian J
> ; Lu, XiaoyuX ; Eugene Cohen
> 
> Subject: Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native
> instruction support for IA32 and X64
> 
> On Tue, 17 Mar 2020 at 11:26, Christopher J Zurcher
>  wrote:
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507
> >
> > This patch adds support for building the native instruction algorithms for
> > IA32 and X64 versions of OpensslLib. The process_files.pl script was
> modified
> > to parse the .asm file targets from the OpenSSL build config data struct,
> and
> > generate the necessary assembly files for the EDK2 build environment.
> >
> > For the X64 variant, OpenSSL includes calls to a Windows error handling
> API,
> > and that function has been stubbed out in ApiHooks.c.
> >
> > For all variants, a constructor was added to call the required CPUID
> function
> > within OpenSSL to facilitate processor capability checks in the native
> > algorithms.
> >
> > Additional native architecture variants should be simple to add by
> following
> > the changes made for these two architectures.
> >
> > The OpenSSL assembly files are traditionally generated at build time using
> a
> > perl script. To avoid that burden on EDK2 users, these end-result assembly
> > files are generated during the configuration steps performed by the package
> > maintainer (through process_files.pl). The perl generator scripts inside
> > OpenSSL do not parse file comments as they are only meant to create
> > intermediate build files, so process_files.pl contains additional hooks to
> > preserve the copyright headers as well as clean up tabs and line endings to
> > comply with EDK2 coding standards. The resulting file headers align with
> > the generated .h files which are already included in the EDK2 repository.
> >
> > Cc: Jian J Wang 
> > Cc: Xiaoyu Lu 
> > Cc: Eugene Cohen 
> >   
> > Cc: Ard Biesheuvel 
> >
> > Christopher J Zurcher (1):
> >   CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
> >
> 
> Hello Christopher,
> 
> It would be helpful to understand the purpose of all this. Also, I
> think we could be more picky about which algorithms we enable - DES
> and MD5 don't seem highly useful, and even if they were, what do we
> gain by using a faster (or smaller?) implementation?
> 

The selection of algorithms comes from the default OpenSSL assembly targets; 
this combination is validated and widely used, and I don't know all the 
consequences of picking and choosing which ones to include. If necessary I 
could look into reducing the list.

The primary driver for this change is enabling the Full Flash Update (FFU) OS 
provisioning flow for Windows as described here:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats
This item under "Reliability" is what we are speeding up: "Includes a catalog 
and hash table to validate a signature upfront before flashing onto a device. 
The hash table is generated during capture, and validated when applying the 
image."
This provisioning flow can be performed within the UEFI environment, and the 
native algorithms allow significant time savings in a factory setting (minutes 
per device).

We also had a BZ which requested these changes and the specific need was not 
provided. Maybe David @HP can provide further insight?
https://bugzilla.tianocore.org/show_bug.cgi?id=2507

There have been additional platform-specific benefits identified, for example 
speeding up HMAC authentication of communication with other HW/FW components.

Thanks,
Christopher Zurcher

> 
> 
> 
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf  |
> 2 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|
> 2 +-
> >  CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf  |
> 680 ++
> >  CryptoPkg/Library/OpensslLib/OpensslLibX64.inf   |
> 691 ++
> >  CryptoPkg/Library/Include/openssl/opensslconf.h  |
> 3 -
> >  CryptoPkg/Library/OpensslLib/ApiHooks.c  |
> 18 +
> >  CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c |
> 34 +
> >  CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm  |
> 3209 
> >  CryptoPkg/Library/OpensslLib/Ia

[edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507

This patch adds support for building the native instruction algorithms for
IA32 and X64 versions of OpensslLib. The process_files.pl script was modified
to parse the .asm file targets from the OpenSSL build config data struct, and
generate the necessary assembly files for the EDK2 build environment.

For the X64 variant, OpenSSL includes calls to a Windows error handling API,
and that function has been stubbed out in ApiHooks.c.

For all variants, a constructor was added to call the required CPUID function
within OpenSSL to facilitate processor capability checks in the native
algorithms.

Additional native architecture variants should be simple to add by following
the changes made for these two architectures.

The OpenSSL assembly files are traditionally generated at build time using a
perl script. To avoid that burden on EDK2 users, these end-result assembly
files are generated during the configuration steps performed by the package
maintainer (through process_files.pl). The perl generator scripts inside
OpenSSL do not parse file comments as they are only meant to create
intermediate build files, so process_files.pl contains additional hooks to
preserve the copyright headers as well as clean up tabs and line endings to
comply with EDK2 coding standards. The resulting file headers align with
the generated .h files which are already included in the EDK2 repository.

Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Cc: Eugene Cohen 
Cc: Ard Biesheuvel 

Christopher J Zurcher (1):
  CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64

 CryptoPkg/Library/OpensslLib/OpensslLib.inf  |2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|2 +-
 CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf  |  680 ++
 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf   |  691 ++
 CryptoPkg/Library/Include/openssl/opensslconf.h  |3 -
 CryptoPkg/Library/OpensslLib/ApiHooks.c  |   18 +
 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c |   34 +
 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm  | 3209 

 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm  |  648 ++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm  | 1522 

 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm  | 1259 +++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm|  352 +
 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm|  486 ++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm   |  887 +++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm| 1835 
+
 CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm|  690 ++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm| 1264 +++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm|  381 +
 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm   | 3977 
++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm | 6796 

 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm | 2842 
+++
 CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm   |  513 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm | 1772 
+
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm   | 3271 

 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm | 4709 
+++
 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm| 5084 

 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm| 1170 +++
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm| 1989 
+
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm  | 2242 
++
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm  |  432 +
 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm  | 1479 

 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm | 4033 
++
 CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm  |  794 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm  |  984 +++
 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm  | 2077 
+
 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm  | 1395 

 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm  |  784 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm   |  532 ++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm  | 7581 
++
 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm | 5773 
++
 

Re: [edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

BZ submitted here:
https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Once this "sort" fix is checked in, I will be submitting patches for EVP 
implementation as well as x86 and x86_64 native build options (BZ 2507).

Thanks,
Christopher Zurcher

> -Original Message-
> From: Gao, Liming 
> Sent: Friday, February 14, 2020 00:52
> To: devel@edk2.groups.io; Zurcher, Christopher J
> 
> Cc: Wang, Jian J ; Lu, XiaoyuX 
> Subject: RE: [edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no-
> autoalginit" flag from OpenSSL build
> 
> Zurcher:
>   Seemly, this is like an enhancement in OpensslLib. Please submit one BZ
> (https://bugzilla.tianocore.org/) for this change.
> 
>   And today, edk2 enters into the soft feature freeze for edk2-stable202002
> stable tag. So, this change may not catch this stable tag.
> 
> Thanks
> Liming
> > -----Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Zurcher,
> Christopher J
> > Sent: Friday, February 14, 2020 8:40 AM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> 
> > Subject: [edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no-
> autoalginit" flag from OpenSSL build
> >
> > In order to implement the EVP interface, the EVP_get_digestbyname function
> > requires the desired digest to be already initialized. Removing the
> > "no-autoalginit" build option will allow algorithms to be retrieved by
> name.
> > I plan to submit a future patch with an EVP implementation; the OpenSSL
> > documentation has stated that the EVP interface "should almost always be
> > used" over direct digest interfaces at least as far back as version 0.9.6c.
> >
> > This patch set also adds the "sort" keyword to the header file parsing loop
> > so the .inf files aren't randomized after every run of process_files.pl.
> >
> > Cc: Jian J Wang 
> > Cc: Xiaoyu Lu 
> >
> > Christopher J Zurcher (2):
> >   CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loop
> >   CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
> >
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 66 ++-
> -
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 62 +-
> >  CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
> >  CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
> >  4 files changed, 66 insertions(+), 70 deletions(-)
> >
> > --
> > 2.16.2.windows.1
> >
> >
> > 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54722): https://edk2.groups.io/g/devel/message/54722
Mute This Topic: https://groups.io/mt/71257217/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 0/1] UefiScsiLib: Set FUA bit for synchronous SCSI Write operations

[Zurcher, Christopher J]

Some SCSI devices have very aggressive write caching implemented, causing
data to be lost if the system is shut down or rebooted soon after
receiving a successful write confirmation from the device. By setting the
FUA bit in the synchronous versions of the Write10/Write16 commands, the
write cache is skipped and data is forced directly to the disk.

The Asynchronous (WriteEx) commands will not have this bit set, allowing
performance-sensitive transactions to continue utilizing the write cache.

An alternative, more complicated solution would be to implement the
SYNCHRONIZE CACHE command and call it from ScsiDiskFlushBlocks, which
currently returns EFI_SUCCESS without flushing anything. Since the
SYNCHRONIZE CACHE command requires the caller to provide the specific
blocks to flush, and the BlockIO FlushBlocks function does not accept any
arguments, this would require keeping track of the write history inside the
ScsiDiskDxe driver.

I have not tested the asynchronous commands for this issue, so there is a
chance that resetting the system even after a call to FlushBlocksEx might
still result in lost data. Currently the ScsiDiskFlushBlocksEx command
waits for the BlockIo2 requests queue to empty, but does not ask the device
itself to flush anything. (EFI_SCSI_OP_SYNC_CACHE is defined in
IndustryStandard/Scsi.h but is not implemented anywhere.)

Cc: Michael D Kinney 
Cc: Jian J Wang 
Cc: Liming Gao 

Christopher J Zurcher (1):
  MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations

 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54720): https://edk2.groups.io/g/devel/message/54720
Mute This Topic: https://groups.io/mt/71464106/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations

[Zurcher, Christopher J]

The FUA (Force Unit Access) bit forces data to be written directly to
disk instead of the write cache. This prevents data from being lost if a
shutdown or reset is requested immediately after a SCSI write operation.

Cc: Michael D Kinney 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c 
b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
index 13a2a1912c..cf78f131bd 100644
--- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
+++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c
@@ -1,7 +1,7 @@
 /** @file
   UEFI SCSI Library implementation
 
-  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -1055,15 +1055,16 @@ ScsiWrite10Command (
   ZeroMem (, sizeof (EFI_SCSI_IO_SCSI_REQUEST_PACKET));
   ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TEN);
 
-  CommandPacket.Timeout = Timeout;
-  CommandPacket.OutDataBuffer= DataBuffer;
-  CommandPacket.SenseData   = SenseData;
-  CommandPacket.OutTransferLength= *DataLength;
-  CommandPacket.Cdb = Cdb;
+  CommandPacket.Timeout   = Timeout;
+  CommandPacket.OutDataBuffer = DataBuffer;
+  CommandPacket.SenseData = SenseData;
+  CommandPacket.OutTransferLength = *DataLength;
+  CommandPacket.Cdb   = Cdb;
   //
   // Fill Cdb for Write (10) Command
   //
   Cdb[0]= EFI_SCSI_OP_WRITE10;
+  Cdb[1]= BIT3; //FUA bit (Force Unit Access)
   WriteUnaligned32 ((UINT32 *)[2], SwapBytes32 (StartLba));
   WriteUnaligned16 ((UINT16 *)[7], SwapBytes16 ((UINT16) SectorSize));
 
@@ -1263,6 +1264,7 @@ ScsiWrite16Command (
   // Fill Cdb for Write (16) Command
   //
   Cdb[0]= EFI_SCSI_OP_WRITE16;
+  Cdb[1]= BIT3; //FUA bit (Force Unit Access)
   WriteUnaligned64 ((UINT64 *)[2], SwapBytes64 (StartLba));
   WriteUnaligned32 ((UINT32 *)[10], SwapBytes32 (SectorSize));
 
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54721): https://edk2.groups.io/g/devel/message/54721
Mute This Topic: https://groups.io/mt/71464107/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 2/2] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

This is enabling a future EVP implementation to utilize the
EVP_get_digestbyname() function.

Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/Library/Include/openssl/opensslconf.h | 3 ---
 CryptoPkg/Library/OpensslLib/process_files.pl   | 1 -
 2 files changed, 4 deletions(-)

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h 
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 2b4d538e92..bd34e53ef2 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -109,9 +109,6 @@ extern "C" {
 #ifndef OPENSSL_NO_ASYNC
 # define OPENSSL_NO_ASYNC
 #endif
-#ifndef OPENSSL_NO_AUTOALGINIT
-# define OPENSSL_NO_AUTOALGINIT
-#endif
 #ifndef OPENSSL_NO_AUTOERRINIT
 # define OPENSSL_NO_AUTOERRINIT
 #endif
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl 
b/CryptoPkg/Library/OpensslLib/process_files.pl
index 11cd58cc4e..4ba25da407 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -51,7 +51,6 @@ BEGIN {
 "no-afalgeng",
 "no-asm",
 "no-async",
-"no-autoalginit",
 "no-autoerrinit",
 "no-autoload-config",
 "no-bf",
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54396): https://edk2.groups.io/g/devel/message/54396
Mute This Topic: https://groups.io/mt/71257219/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 1/2] CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loop

[Zurcher, Christopher J]

This prevents the .inf files from being randomized after every run
of process_files.pl.

Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 66 ++--
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 62 +-
 CryptoPkg/Library/OpensslLib/process_files.pl |  4 +-
 3 files changed, 66 insertions(+), 66 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 3fa52f5543..3519a66885 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  This module provides OpenSSL Library implementation.
 #
-#  Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.
+#  Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -494,57 +494,57 @@
   $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
   $(OPENSSL_PATH)/crypto/x509v3/v3err.c
-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
-  $(OPENSSL_PATH)/crypto/conf/conf_def.h
-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
-  $(OPENSSL_PATH)/crypto/store/store_locl.h
-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
   $(OPENSSL_PATH)/crypto/arm_arch.h
   $(OPENSSL_PATH)/crypto/mips_arch.h
   $(OPENSSL_PATH)/crypto/ppc_arch.h
   $(OPENSSL_PATH)/crypto/s390x_arch.h
   $(OPENSSL_PATH)/crypto/sparc_arch.h
   $(OPENSSL_PATH)/crypto/vms_rms.h
-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
-  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
-  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
-  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
-  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
   $(OPENSSL_PATH)/crypto/asn1/charmap.h
   $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
   $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+  $(OPENSSL_PATH)/crypto/async/async_locl.h
   $(OPENSSL_PATH)/crypto/async/arch/async_null.h
   $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
   $(OPENSSL_PATH)/crypto/async/arch/async_win.h
-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+  $(OPENSSL_PATH)/crypto/conf/conf_def.h
+  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
   $(OPENSSL_PATH)/crypto/des/des_locl.h
   $(OPENSSL_PATH)/crypto/des/spr.h
+  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
+  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
   $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
-  $(OPENSSL_PATH)/crypto/async/async_locl.h
+  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/store/store_locl.h
+  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
   $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
   $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
-  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
-  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
   $(OPENSSL_PATH)/ssl/bio_ssl.c
   $(OPENSSL_PATH)/ssl/d1_lib.c
   $(OPENSSL_PATH)/ssl/d1_msg.c
@@ -589,13 +589,13 @@
   $(OPENSSL_PATH)/ssl/t1_trce.c
   $(OPENSSL_PATH)/ssl/tls13_enc.c
   $(OPENSSL_PATH)/ssl/tls_srp.c
-  $(OPENSSL_PATH)/ssl/statem/statem.h
-  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
   $(OPENSSL_PATH)/ssl/packet_locl.h
   $(OPENSSL_PATH)/ssl/ssl_cert_table.h
   $(OPENSSL_PATH)/ssl/ssl_locl.h
   $(OPENSSL_PATH)/ssl/record/record.h
   

[edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

In order to implement the EVP interface, the EVP_get_digestbyname function
requires the desired digest to be already initialized. Removing the
"no-autoalginit" build option will allow algorithms to be retrieved by name.
I plan to submit a future patch with an EVP implementation; the OpenSSL
documentation has stated that the EVP interface "should almost always be
used" over direct digest interfaces at least as far back as version 0.9.6c.

This patch set also adds the "sort" keyword to the header file parsing loop
so the .inf files aren't randomized after every run of process_files.pl.

Cc: Jian J Wang 
Cc: Xiaoyu Lu 

Christopher J Zurcher (2):
  CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loop
  CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 66 ++--
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 62 +-
 CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
 CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
 4 files changed, 66 insertions(+), 70 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54394): https://edk2.groups.io/g/devel/message/54394
Mute This Topic: https://groups.io/mt/71257217/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Laszlo Ersek
> Sent: Thursday, February 13, 2020 15:29
> To: devel@edk2.groups.io; Zurcher, Christopher J
> 
> Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Remove "no-
> autoalginit" flag from OpenSSL build
> 
> Hi Christopher,
> 
> (1) Please CC the CryptoPkg maintainers on CryptoPkg patches.

Thanks, I missed this originally and added them in v2.

> 
> On 02/13/20 00:41, Zurcher, Christopher J wrote:
> > This is required for interfaces such as EVP to retrieve algorithms
> > by name.
> 
> (2) Apologies, I don't understand this explanation. There don't seem to
> be any users for whatever is being enabled in this patch in the edk2
> tree. Can you please elaborate? (Not just for me in this thread, but in
> the commit message.)

This is to prepare for a future commit that will implement an EVP interface.

> 
> >
> > This commit also adds the "sort" keyword to the header file parsing loop
> > so the .inf files aren't randomized after every run of process_files.pl.
> 
> (3) That's a great idea, but it should be split to a separate patch. I'd
> suggest first introducing the sorted generation (without any change to
> the set of files built).
> 
> And then the effects of the "no-autoalginit" removal can be seen
> clearly, without being hidden by the reordering.

Will split in v3.

Thanks,
Christopher Zurcher

> 
> 
> > ---
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 64 ++-
> -
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +-
> >  CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
> >  CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
> >  4 files changed, 64 insertions(+), 68 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > index 3fa52f5543..5caffdb71e 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > @@ -494,57 +494,57 @@
> >$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
> >$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
> >$(OPENSSL_PATH)/crypto/x509v3/v3err.c
> > -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> > -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> > -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> > -  $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> > -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> > -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> > -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> > -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> > -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> > -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> >$(OPENSSL_PATH)/crypto/arm_arch.h
> >$(OPENSSL_PATH)/crypto/mips_arch.h
> >$(OPENSSL_PATH)/crypto/ppc_arch.h
> >$(OPENSSL_PATH)/crypto/s390x_arch.h
> >$(OPENSSL_PATH)/crypto/sparc_arch.h
> >$(OPENSSL_PATH)/crypto/vms_rms.h
> > -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> > -  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> > -  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> > -  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
> > -  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
> > +  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> >$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> >$(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> >$(OPENSSL_PATH)/crypto/asn1/charmap.h
> >$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> >$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> > -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> > -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> > -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> > -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> > -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> > -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> > -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> > +  $(OPENSSL_PATH)/crypto/async/async_locl.h
> >$(OPENSSL_PATH)/crypto/async/arch/async_null.h
> >$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> >$(OPENSSL_PATH)/crypto/async/arch/async_win.h
> > -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> > +  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> > +  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> > +  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> > +  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > +  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> > +  $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > +  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> >$(OPENSSL_PATH)/crypto/des/des_locl.h
> >$(

Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

> -Original Message-
> From: Wang, Jian J 
> Sent: Thursday, February 13, 2020 07:19
> To: Zurcher, Christopher J ;
> devel@edk2.groups.io
> Cc: Lu, XiaoyuX 
> Subject: RE: [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit"
> flag from OpenSSL build
> 
> Thanks for the patch. Two comments below.
> 
> 
> > -Original Message-
> > From: Zurcher, Christopher J 
> > Sent: Thursday, February 13, 2020 11:34 AM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J ; Lu, XiaoyuX
> 
> > Subject: [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit"
> flag
> > from OpenSSL build
> >
> > This is required for interfaces such as EVP to retrieve algorithms
> > by name.
> >
> > This commit also adds the "sort" keyword to the header file parsing loop
> > so the .inf files aren't randomized after every run of process_files.pl.
> >
> > Cc: Jian J Wang 
> > Cc: Xiaoyu Lu 
> > Signed-off-by: Christopher J Zurcher 
> > ---
> >  CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 64 ++--
> >  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +---
> --
> >  CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
> >  CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
> >  4 files changed, 64 insertions(+), 68 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > index 3fa52f5543..5caffdb71e 100644
> > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > @@ -494,57 +494,57 @@
> >$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
> >$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
> >$(OPENSSL_PATH)/crypto/x509v3/v3err.c
> > -  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> > -  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> > -  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> > -  $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > -  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> > -  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> > -  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
> > -  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> > -  $(OPENSSL_PATH)/crypto/store/store_locl.h
> > -  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> > -  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
> >$(OPENSSL_PATH)/crypto/arm_arch.h
> >$(OPENSSL_PATH)/crypto/mips_arch.h
> >$(OPENSSL_PATH)/crypto/ppc_arch.h
> >$(OPENSSL_PATH)/crypto/s390x_arch.h
> >$(OPENSSL_PATH)/crypto/sparc_arch.h
> >$(OPENSSL_PATH)/crypto/vms_rms.h
> > -  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> > -  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> > -  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > -  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
> > -  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
> > -  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
> > +  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
> >$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
> >$(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
> >$(OPENSSL_PATH)/crypto/asn1/charmap.h
> >$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
> >$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
> > -  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> > -  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
> > -  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
> > -  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> > -  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> > -  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
> > -  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
> > +  $(OPENSSL_PATH)/crypto/async/async_locl.h
> >$(OPENSSL_PATH)/crypto/async/arch/async_null.h
> >$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
> >$(OPENSSL_PATH)/crypto/async/arch/async_win.h
> > -  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
> > +  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
> > +  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
> > +  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
> > +  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
> > +  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
> > +  $(OPENSSL_PATH)/crypto/conf/conf_def.h
> > +  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
> >$(OPENSSL_PATH)/crypto/des/des_locl.h
> >$(OPENSSL_PATH)/crypto/des/spr.h
> > +  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
> > +  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
> > +  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
> > +  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
> > +  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
> > +  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
> > +  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
> > +  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
> > + 

[edk2-devel] [PATCH v2 0/1] Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

In order to implement the EVP interface, the EVP_get_digestbyname function
requires the desired digest to be already initialized. Removing the
"no-autoalginit" build option will allow algorithms to be retrieved by name.

Cc: Jian J Wang 
Cc: Xiaoyu Lu 

Christopher J Zurcher (1):
  CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 64 ++--
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +-
 CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
 CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
 4 files changed, 64 insertions(+), 68 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54330): https://edk2.groups.io/g/devel/message/54330
Mute This Topic: https://groups.io/mt/71232052/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

This is required for interfaces such as EVP to retrieve algorithms
by name.

This commit also adds the "sort" keyword to the header file parsing loop
so the .inf files aren't randomized after every run of process_files.pl.

Cc: Jian J Wang 
Cc: Xiaoyu Lu 
Signed-off-by: Christopher J Zurcher 
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 64 ++--
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +-
 CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
 CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
 4 files changed, 64 insertions(+), 68 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 3fa52f5543..5caffdb71e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -494,57 +494,57 @@
   $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
   $(OPENSSL_PATH)/crypto/x509v3/v3err.c
-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
-  $(OPENSSL_PATH)/crypto/conf/conf_def.h
-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
-  $(OPENSSL_PATH)/crypto/store/store_locl.h
-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
   $(OPENSSL_PATH)/crypto/arm_arch.h
   $(OPENSSL_PATH)/crypto/mips_arch.h
   $(OPENSSL_PATH)/crypto/ppc_arch.h
   $(OPENSSL_PATH)/crypto/s390x_arch.h
   $(OPENSSL_PATH)/crypto/sparc_arch.h
   $(OPENSSL_PATH)/crypto/vms_rms.h
-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
-  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
-  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
-  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
-  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
   $(OPENSSL_PATH)/crypto/asn1/charmap.h
   $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
   $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+  $(OPENSSL_PATH)/crypto/async/async_locl.h
   $(OPENSSL_PATH)/crypto/async/arch/async_null.h
   $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
   $(OPENSSL_PATH)/crypto/async/arch/async_win.h
-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+  $(OPENSSL_PATH)/crypto/conf/conf_def.h
+  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
   $(OPENSSL_PATH)/crypto/des/des_locl.h
   $(OPENSSL_PATH)/crypto/des/spr.h
+  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
+  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
   $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
-  $(OPENSSL_PATH)/crypto/async/async_locl.h
+  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/store/store_locl.h
+  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
   $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
   $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
-  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
-  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
   $(OPENSSL_PATH)/ssl/bio_ssl.c
   $(OPENSSL_PATH)/ssl/d1_lib.c
   $(OPENSSL_PATH)/ssl/d1_msg.c
@@ -589,13 +589,13 @@
   $(OPENSSL_PATH)/ssl/t1_trce.c
   $(OPENSSL_PATH)/ssl/tls13_enc.c
   $(OPENSSL_PATH)/ssl/tls_srp.c
-  $(OPENSSL_PATH)/ssl/statem/statem.h
-  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
   $(OPENSSL_PATH)/ssl/packet_locl.h
   $(OPENSSL_PATH)/ssl/ssl_cert_table.h
   $(OPENSSL_PATH)/ssl/ssl_locl.h
   $(OPENSSL_PATH)/ssl/record/record.h
   $(OPENSSL_PATH)/ssl/record/record_locl.h
+  $(OPENSSL_PATH)/ssl/statem/statem.h
+  

[edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

This is required for interfaces such as EVP to retrieve algorithms
by name.

This commit also adds the "sort" keyword to the header file parsing loop
so the .inf files aren't randomized after every run of process_files.pl.
---
 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 64 ++--
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +-
 CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
 CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
 4 files changed, 64 insertions(+), 68 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf 
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 3fa52f5543..5caffdb71e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -494,57 +494,57 @@
   $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
   $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
   $(OPENSSL_PATH)/crypto/x509v3/v3err.c
-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
-  $(OPENSSL_PATH)/crypto/conf/conf_def.h
-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
-  $(OPENSSL_PATH)/crypto/store/store_locl.h
-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
   $(OPENSSL_PATH)/crypto/arm_arch.h
   $(OPENSSL_PATH)/crypto/mips_arch.h
   $(OPENSSL_PATH)/crypto/ppc_arch.h
   $(OPENSSL_PATH)/crypto/s390x_arch.h
   $(OPENSSL_PATH)/crypto/sparc_arch.h
   $(OPENSSL_PATH)/crypto/vms_rms.h
-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
-  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
-  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
-  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
-  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
   $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
   $(OPENSSL_PATH)/crypto/asn1/charmap.h
   $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
   $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+  $(OPENSSL_PATH)/crypto/async/async_locl.h
   $(OPENSSL_PATH)/crypto/async/arch/async_null.h
   $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
   $(OPENSSL_PATH)/crypto/async/arch/async_win.h
-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+  $(OPENSSL_PATH)/crypto/conf/conf_def.h
+  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
   $(OPENSSL_PATH)/crypto/des/des_locl.h
   $(OPENSSL_PATH)/crypto/des/spr.h
+  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
+  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
   $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
-  $(OPENSSL_PATH)/crypto/async/async_locl.h
+  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+  $(OPENSSL_PATH)/crypto/store/store_locl.h
+  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
   $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
   $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
-  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
-  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
   $(OPENSSL_PATH)/ssl/bio_ssl.c
   $(OPENSSL_PATH)/ssl/d1_lib.c
   $(OPENSSL_PATH)/ssl/d1_msg.c
@@ -589,13 +589,13 @@
   $(OPENSSL_PATH)/ssl/t1_trce.c
   $(OPENSSL_PATH)/ssl/tls13_enc.c
   $(OPENSSL_PATH)/ssl/tls_srp.c
-  $(OPENSSL_PATH)/ssl/statem/statem.h
-  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
   $(OPENSSL_PATH)/ssl/packet_locl.h
   $(OPENSSL_PATH)/ssl/ssl_cert_table.h
   $(OPENSSL_PATH)/ssl/ssl_locl.h
   $(OPENSSL_PATH)/ssl/record/record.h
   $(OPENSSL_PATH)/ssl/record/record_locl.h
+  $(OPENSSL_PATH)/ssl/statem/statem.h
+  $(OPENSSL_PATH)/ssl/statem/statem_locl.h
 # Autogenerated files list ends here
   buildinf.h
   

[edk2-devel] [PATCH 0/1] Remove "no-autoalginit" flag from OpenSSL build

[Zurcher, Christopher J]

In order to implement the EVP interface, the EVP_get_digestbyname function
requires the desired digest to be already initialized. Removing the
"no-autoalginit" build option will allow algorithms to be retrieved by name.

Cc: Jian J Wang 
Cc: Xiaoyu Lu 

Christopher J Zurcher (1):
  CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build

 CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 64 ++--
 CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +-
 CryptoPkg/Library/Include/openssl/opensslconf.h   |  3 -
 CryptoPkg/Library/OpensslLib/process_files.pl |  5 +-
 4 files changed, 64 insertions(+), 68 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#54314): https://edk2.groups.io/g/devel/message/54314
Mute This Topic: https://groups.io/mt/71227826/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 017/105] .mailmap: Add an entry for Christopher J Zurcher

[Zurcher, Christopher J]

Reviewed-by: Christopher J Zurcher 

--
Christopher Zurcher

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Philippe 
Mathieu-Daudé
Sent: Friday, December 6, 2019 03:25
To: devel@edk2.groups.io
Cc: Philippe Mathieu-Daude ; Zurcher, Christopher J 

Subject: [edk2-devel] [PATCH v2 017/105] .mailmap: Add an entry for Christopher 
J Zurcher

We use .mailmap to display contributors email addresses in an
uniform format.

Add an entry for Christopher J Zurcher to have his name and email address
displayed properly in the git history.

Cc: Christopher J Zurcher 
Signed-off-by: Philippe Mathieu-Daude 
---
[Due to MTA restricting the recipient list to 100, I can not Cc all the
 named developers in the cover. Therefore I'm adapting the explaination
 from the cover in each patch]

This patch won't get merged if Christopher J Zurcher doesn't give his
approval, by replying to this patch with:
  Reviewed-by: Christopher J Zurcher 

If you think this patch is inappropriate, you don't need to justify,
reply with:
  NAcked-by: Christopher J Zurcher 
or simply:
  NACK

If your Firstname Lastname order is incorrect, tell me and I will fix it.

You can also ignore this mail, but I might resend it and keep bothering
you.

Regards,

Phil.
---
 .mailmap | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.mailmap b/.mailmap
index b36e803247d1..e96b4ec6fe45 100644
--- a/.mailmap
+++ b/.mailmap
@@ -35,3 +35,4 @@ Chasel Chiu 
 Chen A Chen 
 Cheng Ching Jen 
 Christian Rodriguez 
+Christopher J Zurcher 
-- 
2.21.0





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#52039): https://edk2.groups.io/g/devel/message/52039
Mute This Topic: https://groups.io/mt/67467684/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v8 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

This patch implements the Security Protocol In and Security Protocol Out
commands in UefiScsiLib to prepare support for the Storage Security
Command Protocol.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdePkg/Include/IndustryStandard/Scsi.h   |  48 ++--
 MdePkg/Include/Library/UefiScsiLib.h | 130 ++-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 229 +++-
 3 files changed, 388 insertions(+), 19 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/Scsi.h 
b/MdePkg/Include/IndustryStandard/Scsi.h
index cbe5709fe5..d03886417f 100644
--- a/MdePkg/Include/IndustryStandard/Scsi.h
+++ b/MdePkg/Include/IndustryStandard/Scsi.h
@@ -1,7 +1,7 @@
 /** @file
   Support for SCSI-2 standard
 
-  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -163,6 +163,12 @@
 #define EFI_SCSI_OP_SEND_MESSAGE10  0x2a
 #define EFI_SCSI_OP_SEND_MESSAGE12  0xaa
 
+//
+// Additional commands for Secure Transactions
+//
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN  0xa2
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5
+
 //
 // SCSI Data Transfer Direction
 //
@@ -172,22 +178,30 @@
 //
 // Peripheral Device Type Definitions
 //
-#define EFI_SCSI_TYPE_DISK  0x00  ///< Direct-access device (e.g. 
magnetic disk)
-#define EFI_SCSI_TYPE_TAPE  0x01  ///< Sequential-access device (e.g. 
magnetic tape)
-#define EFI_SCSI_TYPE_PRINTER   0x02  ///< Printer device
-#define EFI_SCSI_TYPE_PROCESSOR 0x03  ///< Processor device
-#define EFI_SCSI_TYPE_WORM  0x04  ///< Write-once device (e.g. some 
optical disks)
-#define EFI_SCSI_TYPE_CDROM 0x05  ///< CD-ROM device
-#define EFI_SCSI_TYPE_SCANNER   0x06  ///< Scanner device
-#define EFI_SCSI_TYPE_OPTICAL   0x07  ///< Optical memory device (e.g. 
some optical disks)
-#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08  ///< Medium changer device (e.g. 
jukeboxes)
-#define EFI_SCSI_TYPE_COMMUNICATION 0x09  ///< Communications device
-#define EFI_SCSI_TYPE_ASCIT8_1  0x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-#define EFI_SCSI_TYPE_ASCIT8_2  0x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-//
-// 0Ch - 1Eh are reserved
-//
-#define EFI_SCSI_TYPE_UNKNOWN   0x1F  ///< Unknown or no device type
+#define EFI_SCSI_TYPE_DISK0x00  ///< Direct-access device (e.g. 
magnetic disk)
+#define EFI_SCSI_TYPE_TAPE0x01  ///< Sequential-access device 
(e.g. magnetic tape)
+#define EFI_SCSI_TYPE_PRINTER 0x02  ///< Printer device
+#define EFI_SCSI_TYPE_PROCESSOR   0x03  ///< Processor device
+#define EFI_SCSI_TYPE_WORM0x04  ///< Write-once device (e.g. some 
optical disks)
+#define EFI_SCSI_TYPE_CDROM   0x05  ///< CD/DVD device
+#define EFI_SCSI_TYPE_SCANNER 0x06  ///< Scanner device (obsolete)
+#define EFI_SCSI_TYPE_OPTICAL 0x07  ///< Optical memory device (e.g. 
some optical disks)
+#define EFI_SCSI_TYPE_MEDIUMCHANGER   0x08  ///< Medium changer device (e.g. 
jukeboxes)
+#define EFI_SCSI_TYPE_COMMUNICATION   0x09  ///< Communications device 
(obsolete)
+#define EFI_SCSI_TYPE_ASCIT8_10x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
+#define EFI_SCSI_TYPE_ASCIT8_20x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
+#define EFI_SCSI_TYPE_RAID0x0C  ///< Storage array controller 
device (e.g., RAID)
+#define EFI_SCSI_TYPE_SES 0x0D  ///< Enclosure services device
+#define EFI_SCSI_TYPE_RBC 0x0E  ///< Simplified direct-access 
device (e.g., magnetic disk)
+#define EFI_SCSI_TYPE_OCRW0x0F  ///< Optical card reader/writer 
device
+#define EFI_SCSI_TYPE_BRIDGE  0x10  ///< Bridge Controller Commands
+#define EFI_SCSI_TYPE_OSD 0x11  ///< Object-based Storage Device
+#define EFI_SCSI_TYPE_AUTOMATION  0x12  ///< Automation/Drive Interface
+#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13  ///< Security manager device
+#define EFI_SCSI_TYPE_RESERVED_LOW0x14  ///< Reserved (low)
+#define EFI_SCSI_TYPE_RESERVED_HIGH   0x1D  ///< Reserved (high)
+#define EFI_SCSI_TYPE_WLUN0x1E  ///< Well known logical unit
+#define EFI_SCSI_TYPE_UNKNOWN 0x1F  ///< Unknown or no device type
 
 //
 // Page Codes for INQUIRY command
diff --git a/MdePkg/Include/Library/UefiScsiLib.h 
b/MdePkg/Include/Library/UefiScsiLib.h
index 10dd81902b..2a81883ca9 100644
--- a/MdePkg/Include/Library/UefiScsiLib.h
+++ b/MdePkg/Include/Library/UefiScsiLib.h
@@ -5,7 +5,7 @@
   for hard drive, CD and DVD devices that are the most common SCSI boot 
targets used by UEFI platforms.
   This library class depends on SCSI I/O Protocol defined in UEFI 
Specification and SCSI-2 industry standard.
 
-Copyright (c) 2006 - 2018, Intel 

[edk2-devel] [PATCH v8 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

Currently UfsPassThru only checks for 8 common LUNs. This adds a check
for the RPMB Well-known LUN and sets the corresponding bit-mask. Further
handling of the WLUN is already present in the driver.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c 
b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
index b12404aacb..26c5a8b855 100644
--- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
+++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
@@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart (
   UINTN UfsHcBase;
   UINT32Index;
   UFS_UNIT_DESC UnitDescriptor;
+  UFS_DEV_DESC  DeviceDescriptor;
   UINT32UnitDescriptorSize;
+  UINT32DeviceDescriptorSize;
 
   Status= EFI_SUCCESS;
   UfsHc = NULL;
@@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart (
 
   //
   // Check if 8 common luns are active and set corresponding bit mask.
-  // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper 
layer for authentication access.
   //
   UnitDescriptorSize = sizeof (UFS_UNIT_DESC);
   for (Index = 0; Index < 8; Index++) {
@@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart (
 }
   }
 
+  //
+  // Check if RPMB WLUN is supported and set corresponding bit mask.
+  //
+  DeviceDescriptorSize = sizeof (UFS_DEV_DESC);
+  Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, 
, );
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", 
Status));
+  } else {
+if (DeviceDescriptor.SecurityLun == 0x1) {
+  DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n"));
+  Private->Luns.BitMask |= BIT11;
+}
+  }
+
   //
   // Start the asynchronous interrupt monitor
   //
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#48177): https://edk2.groups.io/g/devel/message/48177
Mute This Topic: https://groups.io/mt/34306980/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v8 0/4] Add SCSI Support for Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

V8 changes:
Align Inc512 definition in UefiScsiLib.h with that in UefiScsiLib.c.

V7 changes:
Changed Inc512 behavior to always take DataLength as bytes, and divide
by 512 only in the CDB.

V6 changes:
Restore EFI_SCSI_TYPE defines for ASC IT8 devices. Revert EFI_SCSI_IO_TYPE
changes in Protocol\ScsiIo.h. Add INC_512 parameter for SecurityProtocol
In/Out commands in UefiScsiLib. Change UINT32 args to UINTN to match the
definitions for Storage Security Command Protocol.

V5 changes:
Split MdeModulePkg changes into separate patches. Add ReinstallProtocol
calls for StorageSecurityCommand Protocol. Restore original MediaPresent
and ReadCapacity behavior, with new implementation for WLUN type media.
Clear temporary aligned buffers before freeing them.

V4 changes:
Add SSC Protocol in addition to BlockIo instead of in place of BlockIo.
Add error handling for (BlockSize == 0) in Read and WriteBlocks commands
to handle partitions that do not support ReadCapacity().

V3 changes:
Initialize AlignedBuffer variable in ScsiDiskReceiveData and
ScsiDiskSendData functions. Remove redundant input validation and debug
message in ScsiDiskSendData.

V2 changes:
Split the patch into separate commits for separate packages.

To support RPMB access on UFS devices, support must be added to
the ScsiDiskDxe driver for the Storage Security Command Protocol.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Cc: Hao A Wu 

Christopher J Zurcher (4):
  MdePkg: Implement SCSI commands for Security Protocol In/Out
  MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
  MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
  MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdePkg/Include/IndustryStandard/Scsi.h|  48 +-
 MdePkg/Include/Library/UefiScsiLib.h  | 130 -
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 616 +++-
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  17 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c  | 229 +++-
 8 files changed, 1181 insertions(+), 38 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#48175): https://edk2.groups.io/g/devel/message/48175
Mute This Topic: https://groups.io/mt/34306978/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v8 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

Replacing "magic numbers" in the Peripheral Type check with defines for
the reserved range from IndustryStandard/Scsi.h

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c 
b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
index c4069aec0f..1caffd38cd 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
+++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
@@ -2,7 +2,7 @@
   SCSI Bus driver that layers on every SCSI Pass Thru and
   Extended SCSI Pass Thru protocol in the system.
 
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -1368,7 +1368,8 @@ DiscoverScsiDevice (
 goto Done;
   }
 
-  if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 
0xa) {
+  if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) &&
+  (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) {
 ScsiDeviceFound = FALSE;
 goto Done;
   }
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#48178): https://edk2.groups.io/g/devel/message/48178
Mute This Topic: https://groups.io/mt/34306981/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v8 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the
ScsiDiskDxe driver.

Support is currently limited to the RPMB Well-known LUN for UFS devices.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 616 +++-
 3 files changed, 774 insertions(+), 16 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
index 5500d828e9..40818e669b 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
@@ -3,7 +3,7 @@
 #  It detects the SCSI disk media and installs Block I/O and Block I/O2 
Protocol on
 #  the device handle.
 #
-#  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -52,6 +52,7 @@
   gEfiBlockIoProtocolGuid   ## BY_START
   gEfiBlockIo2ProtocolGuid  ## BY_START
   gEfiEraseBlockProtocolGuid## BY_START
+  gEfiStorageSecurityCommandProtocolGuid## BY_START
   gEfiScsiIoProtocolGuid## TO_START
   gEfiScsiPassThruProtocolGuid  ## TO_START
   gEfiExtScsiPassThruProtocolGuid   ## TO_START
diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
index 42c095..2d8679ec6f 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
@@ -1,7 +1,7 @@
 /** @file
   Header file for SCSI Disk Driver.
 
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include 
 #include 
 #include 
+#include 
 
 
 #include 
@@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0
 
+#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0)
+
+#define UFS_WLUN_RPMB 0xC4
+
 typedef struct {
   UINT32MaxLbaCnt;
   UINT32MaxBlkDespCnt;
@@ -51,6 +56,8 @@ typedef struct {
 
   EFI_HANDLEHandle;
 
+  EFI_STORAGE_SECURITY_COMMAND_PROTOCOL   StorageSecurity;
+
   EFI_BLOCK_IO_PROTOCOL BlkIo;
   EFI_BLOCK_IO2_PROTOCOLBlkIo2;
   EFI_BLOCK_IO_MEDIABlkIoMedia;
@@ -95,6 +102,7 @@ typedef struct {
 #define SCSI_DISK_DEV_FROM_BLKIO(a)  CR (a, SCSI_DISK_DEV, BlkIo, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_BLKIO2(a)  CR (a, SCSI_DISK_DEV, BlkIo2, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_ERASEBLK(a)  CR (a, SCSI_DISK_DEV, EraseBlock, 
SCSI_DISK_DEV_SIGNATURE)
+#define SCSI_DISK_DEV_FROM_STORSEC(a)  CR (a, SCSI_DISK_DEV, StorageSecurity, 
SCSI_DISK_DEV_SIGNATURE)
 
 #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, 
SCSI_DISK_DEV_SIGNATURE)
 
@@ -638,6 +646,151 @@ ScsiDiskEraseBlocks (
   );
 
 
+/**
+  Send a security protocol command to a device that receives data and/or the 
result
+  of one or more commands sent by SendData.
+
+  The ReceiveData function sends a security protocol command to the given 
MediaId.
+  The security protocol command sent is defined by SecurityProtocolId and 
contains
+  the security protocol specific data SecurityProtocolSpecificData. The 
function
+  returns the data from the security protocol command in PayloadBuffer.
+
+  For devices supporting the SCSI command set, the security protocol command 
is sent
+  using the SECURITY PROTOCOL IN command defined in SPC-4.
+
+  If PayloadBufferSize is too small to store the available data from the 
security
+  protocol command, the function shall copy PayloadBufferSize bytes into the
+  PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
+
+  If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is 
non-zero,
+  the function shall return EFI_INVALID_PARAMETER.
+
+  If the given MediaId does not support security protocol commands, the 
function shall
+  return EFI_UNSUPPORTED. If there is no media in the device, the function 
returns
+  EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the 
device,
+  the function returns EFI_MEDIA_CHANGED.
+
+  If the security protocol fails to complete within the Timeout period, the 
function
+  shall return EFI_TIMEOUT.
+
+  If the security protocol command completes without an error, the function 
shall
+  return EFI_SUCCESS. If the security protocol command completes with an 
error, the
+  function 

[edk2-devel] [PATCH v7 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

Replacing "magic numbers" in the Peripheral Type check with defines for
the reserved range from IndustryStandard/Scsi.h

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c 
b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
index c4069aec0f..1caffd38cd 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
+++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
@@ -2,7 +2,7 @@
   SCSI Bus driver that layers on every SCSI Pass Thru and
   Extended SCSI Pass Thru protocol in the system.
 
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -1368,7 +1368,8 @@ DiscoverScsiDevice (
 goto Done;
   }
 
-  if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 
0xa) {
+  if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) &&
+  (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) {
 ScsiDeviceFound = FALSE;
 goto Done;
   }
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#48172): https://edk2.groups.io/g/devel/message/48172
Mute This Topic: https://groups.io/mt/34306930/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v7 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

This patch implements the Security Protocol In and Security Protocol Out
commands in UefiScsiLib to prepare support for the Storage Security
Command Protocol.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdePkg/Include/IndustryStandard/Scsi.h   |  48 ++--
 MdePkg/Include/Library/UefiScsiLib.h | 128 ++-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 229 +++-
 3 files changed, 386 insertions(+), 19 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/Scsi.h 
b/MdePkg/Include/IndustryStandard/Scsi.h
index cbe5709fe5..d03886417f 100644
--- a/MdePkg/Include/IndustryStandard/Scsi.h
+++ b/MdePkg/Include/IndustryStandard/Scsi.h
@@ -1,7 +1,7 @@
 /** @file
   Support for SCSI-2 standard
 
-  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -163,6 +163,12 @@
 #define EFI_SCSI_OP_SEND_MESSAGE10  0x2a
 #define EFI_SCSI_OP_SEND_MESSAGE12  0xaa
 
+//
+// Additional commands for Secure Transactions
+//
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN  0xa2
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5
+
 //
 // SCSI Data Transfer Direction
 //
@@ -172,22 +178,30 @@
 //
 // Peripheral Device Type Definitions
 //
-#define EFI_SCSI_TYPE_DISK  0x00  ///< Direct-access device (e.g. 
magnetic disk)
-#define EFI_SCSI_TYPE_TAPE  0x01  ///< Sequential-access device (e.g. 
magnetic tape)
-#define EFI_SCSI_TYPE_PRINTER   0x02  ///< Printer device
-#define EFI_SCSI_TYPE_PROCESSOR 0x03  ///< Processor device
-#define EFI_SCSI_TYPE_WORM  0x04  ///< Write-once device (e.g. some 
optical disks)
-#define EFI_SCSI_TYPE_CDROM 0x05  ///< CD-ROM device
-#define EFI_SCSI_TYPE_SCANNER   0x06  ///< Scanner device
-#define EFI_SCSI_TYPE_OPTICAL   0x07  ///< Optical memory device (e.g. 
some optical disks)
-#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08  ///< Medium changer device (e.g. 
jukeboxes)
-#define EFI_SCSI_TYPE_COMMUNICATION 0x09  ///< Communications device
-#define EFI_SCSI_TYPE_ASCIT8_1  0x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-#define EFI_SCSI_TYPE_ASCIT8_2  0x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-//
-// 0Ch - 1Eh are reserved
-//
-#define EFI_SCSI_TYPE_UNKNOWN   0x1F  ///< Unknown or no device type
+#define EFI_SCSI_TYPE_DISK0x00  ///< Direct-access device (e.g. 
magnetic disk)
+#define EFI_SCSI_TYPE_TAPE0x01  ///< Sequential-access device 
(e.g. magnetic tape)
+#define EFI_SCSI_TYPE_PRINTER 0x02  ///< Printer device
+#define EFI_SCSI_TYPE_PROCESSOR   0x03  ///< Processor device
+#define EFI_SCSI_TYPE_WORM0x04  ///< Write-once device (e.g. some 
optical disks)
+#define EFI_SCSI_TYPE_CDROM   0x05  ///< CD/DVD device
+#define EFI_SCSI_TYPE_SCANNER 0x06  ///< Scanner device (obsolete)
+#define EFI_SCSI_TYPE_OPTICAL 0x07  ///< Optical memory device (e.g. 
some optical disks)
+#define EFI_SCSI_TYPE_MEDIUMCHANGER   0x08  ///< Medium changer device (e.g. 
jukeboxes)
+#define EFI_SCSI_TYPE_COMMUNICATION   0x09  ///< Communications device 
(obsolete)
+#define EFI_SCSI_TYPE_ASCIT8_10x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
+#define EFI_SCSI_TYPE_ASCIT8_20x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
+#define EFI_SCSI_TYPE_RAID0x0C  ///< Storage array controller 
device (e.g., RAID)
+#define EFI_SCSI_TYPE_SES 0x0D  ///< Enclosure services device
+#define EFI_SCSI_TYPE_RBC 0x0E  ///< Simplified direct-access 
device (e.g., magnetic disk)
+#define EFI_SCSI_TYPE_OCRW0x0F  ///< Optical card reader/writer 
device
+#define EFI_SCSI_TYPE_BRIDGE  0x10  ///< Bridge Controller Commands
+#define EFI_SCSI_TYPE_OSD 0x11  ///< Object-based Storage Device
+#define EFI_SCSI_TYPE_AUTOMATION  0x12  ///< Automation/Drive Interface
+#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13  ///< Security manager device
+#define EFI_SCSI_TYPE_RESERVED_LOW0x14  ///< Reserved (low)
+#define EFI_SCSI_TYPE_RESERVED_HIGH   0x1D  ///< Reserved (high)
+#define EFI_SCSI_TYPE_WLUN0x1E  ///< Well known logical unit
+#define EFI_SCSI_TYPE_UNKNOWN 0x1F  ///< Unknown or no device type
 
 //
 // Page Codes for INQUIRY command
diff --git a/MdePkg/Include/Library/UefiScsiLib.h 
b/MdePkg/Include/Library/UefiScsiLib.h
index 10dd81902b..5c94b0aa16 100644
--- a/MdePkg/Include/Library/UefiScsiLib.h
+++ b/MdePkg/Include/Library/UefiScsiLib.h
@@ -5,7 +5,7 @@
   for hard drive, CD and DVD devices that are the most common SCSI boot 
targets used by UEFI platforms.
   This library class depends on SCSI I/O Protocol defined in UEFI 
Specification and SCSI-2 industry standard.
 
-Copyright (c) 2006 - 2018, Intel 

[edk2-devel] [PATCH v7 0/4] Add SCSI Support for Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

V7 changes:
Changed Inc512 behavior to always take DataLength as bytes, and divide
by 512 only in the CDB.

V6 changes:
Restore EFI_SCSI_TYPE defines for ASC IT8 devices. Revert EFI_SCSI_IO_TYPE
changes in Protocol\ScsiIo.h. Add INC_512 parameter for SecurityProtocol
In/Out commands in UefiScsiLib. Change UINT32 args to UINTN to match the
definitions for Storage Security Command Protocol.

V5 changes:
Split MdeModulePkg changes into separate patches. Add ReinstallProtocol
calls for StorageSecurityCommand Protocol. Restore original MediaPresent
and ReadCapacity behavior, with new implementation for WLUN type media.
Clear temporary aligned buffers before freeing them.

V4 changes:
Add SSC Protocol in addition to BlockIo instead of in place of BlockIo.
Add error handling for (BlockSize == 0) in Read and WriteBlocks commands
to handle partitions that do not support ReadCapacity().

V3 changes:
Initialize AlignedBuffer variable in ScsiDiskReceiveData and
ScsiDiskSendData functions. Remove redundant input validation and debug
message in ScsiDiskSendData.

V2 changes:
Split the patch into separate commits for separate packages.

To support RPMB access on UFS devices, support must be added to
the ScsiDiskDxe driver for the Storage Security Command Protocol.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Cc: Hao A Wu 

Christopher J Zurcher (4):
  MdePkg: Implement SCSI commands for Security Protocol In/Out
  MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
  MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
  MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdePkg/Include/IndustryStandard/Scsi.h|  48 +-
 MdePkg/Include/Library/UefiScsiLib.h  | 128 +++-
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 616 +++-
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  17 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c  | 229 +++-
 8 files changed, 1179 insertions(+), 38 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#48170): https://edk2.groups.io/g/devel/message/48170
Mute This Topic: https://groups.io/mt/34306927/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v7 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

Currently UfsPassThru only checks for 8 common LUNs. This adds a check
for the RPMB Well-known LUN and sets the corresponding bit-mask. Further
handling of the WLUN is already present in the driver.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c 
b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
index b12404aacb..26c5a8b855 100644
--- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
+++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
@@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart (
   UINTN UfsHcBase;
   UINT32Index;
   UFS_UNIT_DESC UnitDescriptor;
+  UFS_DEV_DESC  DeviceDescriptor;
   UINT32UnitDescriptorSize;
+  UINT32DeviceDescriptorSize;
 
   Status= EFI_SUCCESS;
   UfsHc = NULL;
@@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart (
 
   //
   // Check if 8 common luns are active and set corresponding bit mask.
-  // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper 
layer for authentication access.
   //
   UnitDescriptorSize = sizeof (UFS_UNIT_DESC);
   for (Index = 0; Index < 8; Index++) {
@@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart (
 }
   }
 
+  //
+  // Check if RPMB WLUN is supported and set corresponding bit mask.
+  //
+  DeviceDescriptorSize = sizeof (UFS_DEV_DESC);
+  Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, 
, );
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", 
Status));
+  } else {
+if (DeviceDescriptor.SecurityLun == 0x1) {
+  DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n"));
+  Private->Luns.BitMask |= BIT11;
+}
+  }
+
   //
   // Start the asynchronous interrupt monitor
   //
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#48171): https://edk2.groups.io/g/devel/message/48171
Mute This Topic: https://groups.io/mt/34306929/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v7 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the
ScsiDiskDxe driver.

Support is currently limited to the RPMB Well-known LUN for UFS devices.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 616 +++-
 3 files changed, 774 insertions(+), 16 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
index 5500d828e9..40818e669b 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
@@ -3,7 +3,7 @@
 #  It detects the SCSI disk media and installs Block I/O and Block I/O2 
Protocol on
 #  the device handle.
 #
-#  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -52,6 +52,7 @@
   gEfiBlockIoProtocolGuid   ## BY_START
   gEfiBlockIo2ProtocolGuid  ## BY_START
   gEfiEraseBlockProtocolGuid## BY_START
+  gEfiStorageSecurityCommandProtocolGuid## BY_START
   gEfiScsiIoProtocolGuid## TO_START
   gEfiScsiPassThruProtocolGuid  ## TO_START
   gEfiExtScsiPassThruProtocolGuid   ## TO_START
diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
index 42c095..2d8679ec6f 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
@@ -1,7 +1,7 @@
 /** @file
   Header file for SCSI Disk Driver.
 
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include 
 #include 
 #include 
+#include 
 
 
 #include 
@@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0
 
+#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0)
+
+#define UFS_WLUN_RPMB 0xC4
+
 typedef struct {
   UINT32MaxLbaCnt;
   UINT32MaxBlkDespCnt;
@@ -51,6 +56,8 @@ typedef struct {
 
   EFI_HANDLEHandle;
 
+  EFI_STORAGE_SECURITY_COMMAND_PROTOCOL   StorageSecurity;
+
   EFI_BLOCK_IO_PROTOCOL BlkIo;
   EFI_BLOCK_IO2_PROTOCOLBlkIo2;
   EFI_BLOCK_IO_MEDIABlkIoMedia;
@@ -95,6 +102,7 @@ typedef struct {
 #define SCSI_DISK_DEV_FROM_BLKIO(a)  CR (a, SCSI_DISK_DEV, BlkIo, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_BLKIO2(a)  CR (a, SCSI_DISK_DEV, BlkIo2, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_ERASEBLK(a)  CR (a, SCSI_DISK_DEV, EraseBlock, 
SCSI_DISK_DEV_SIGNATURE)
+#define SCSI_DISK_DEV_FROM_STORSEC(a)  CR (a, SCSI_DISK_DEV, StorageSecurity, 
SCSI_DISK_DEV_SIGNATURE)
 
 #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, 
SCSI_DISK_DEV_SIGNATURE)
 
@@ -638,6 +646,151 @@ ScsiDiskEraseBlocks (
   );
 
 
+/**
+  Send a security protocol command to a device that receives data and/or the 
result
+  of one or more commands sent by SendData.
+
+  The ReceiveData function sends a security protocol command to the given 
MediaId.
+  The security protocol command sent is defined by SecurityProtocolId and 
contains
+  the security protocol specific data SecurityProtocolSpecificData. The 
function
+  returns the data from the security protocol command in PayloadBuffer.
+
+  For devices supporting the SCSI command set, the security protocol command 
is sent
+  using the SECURITY PROTOCOL IN command defined in SPC-4.
+
+  If PayloadBufferSize is too small to store the available data from the 
security
+  protocol command, the function shall copy PayloadBufferSize bytes into the
+  PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
+
+  If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is 
non-zero,
+  the function shall return EFI_INVALID_PARAMETER.
+
+  If the given MediaId does not support security protocol commands, the 
function shall
+  return EFI_UNSUPPORTED. If there is no media in the device, the function 
returns
+  EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the 
device,
+  the function returns EFI_MEDIA_CHANGED.
+
+  If the security protocol fails to complete within the Timeout period, the 
function
+  shall return EFI_TIMEOUT.
+
+  If the security protocol command completes without an error, the function 
shall
+  return EFI_SUCCESS. If the security protocol command completes with an 
error, the
+  function 

[edk2-devel] [PATCH v6 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

Replacing "magic numbers" in the Peripheral Type check with defines for
the reserved range from IndustryStandard/Scsi.h

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c 
b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
index c4069aec0f..1caffd38cd 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
+++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
@@ -2,7 +2,7 @@
   SCSI Bus driver that layers on every SCSI Pass Thru and
   Extended SCSI Pass Thru protocol in the system.
 
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -1368,7 +1368,8 @@ DiscoverScsiDevice (
 goto Done;
   }
 
-  if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 
0xa) {
+  if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) &&
+  (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) {
 ScsiDeviceFound = FALSE;
 goto Done;
   }
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46993): https://edk2.groups.io/g/devel/message/46993
Mute This Topic: https://groups.io/mt/33202223/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v5 0/4] Add SCSI Support for Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

V5 changes:
Split MdeModulePkg changes into separate patches. Add ReinstallProtocol
calls for StorageSecurityCommand Protocol. Restore original MediaPresent
and ReadCapacity behavior, with new implementation for WLUN type media.
Clear temporary aligned buffers before freeing them.

V4 changes:
Add SSC Protocol in addition to BlockIo instead of in place of BlockIo.
Add error handling for (BlockSize == 0) in Read and WriteBlocks commands
to handle partitions that do not support ReadCapacity().

V3 changes:
Initialize AlignedBuffer variable in ScsiDiskReceiveData and
ScsiDiskSendData functions. Remove redundant input validation and debug
message in ScsiDiskSendData.

V2 changes:
Split the patch into separate commits for separate packages.

To support RPMB access on UFS devices, support must be added to
the ScsiDiskDxe driver for the Storage Security Command Protocol.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Cc: Hao A Wu 

Christopher J Zurcher (4):
  MdePkg: Implement SCSI commands for Security Protocol In/Out
  MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
  MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
  MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdePkg/Include/IndustryStandard/Scsi.h|  48 +-
 MdePkg/Include/Library/UefiScsiLib.h  | 126 +++-
 MdePkg/Include/Protocol/ScsiIo.h  |   9 +-
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 614 +++-
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  17 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c  | 205 ++-
 9 files changed, 1157 insertions(+), 41 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46995): https://edk2.groups.io/g/devel/message/46995
Mute This Topic: https://groups.io/mt/33202228/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v6 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

Currently UfsPassThru only checks for 8 common LUNs. This adds a check
for the RPMB Well-known LUN and sets the corresponding bit-mask. Further
handling of the WLUN is already present in the driver.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c 
b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
index b12404aacb..26c5a8b855 100644
--- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
+++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
@@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart (
   UINTN UfsHcBase;
   UINT32Index;
   UFS_UNIT_DESC UnitDescriptor;
+  UFS_DEV_DESC  DeviceDescriptor;
   UINT32UnitDescriptorSize;
+  UINT32DeviceDescriptorSize;
 
   Status= EFI_SUCCESS;
   UfsHc = NULL;
@@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart (
 
   //
   // Check if 8 common luns are active and set corresponding bit mask.
-  // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper 
layer for authentication access.
   //
   UnitDescriptorSize = sizeof (UFS_UNIT_DESC);
   for (Index = 0; Index < 8; Index++) {
@@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart (
 }
   }
 
+  //
+  // Check if RPMB WLUN is supported and set corresponding bit mask.
+  //
+  DeviceDescriptorSize = sizeof (UFS_DEV_DESC);
+  Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, 
, );
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", 
Status));
+  } else {
+if (DeviceDescriptor.SecurityLun == 0x1) {
+  DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n"));
+  Private->Luns.BitMask |= BIT11;
+}
+  }
+
   //
   // Start the asynchronous interrupt monitor
   //
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46991): https://edk2.groups.io/g/devel/message/46991
Mute This Topic: https://groups.io/mt/33202219/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v6 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the
ScsiDiskDxe driver.

Support is currently limited to the RPMB Well-known LUN for UFS devices.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 616 +++-
 3 files changed, 774 insertions(+), 16 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
index 5500d828e9..40818e669b 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
@@ -3,7 +3,7 @@
 #  It detects the SCSI disk media and installs Block I/O and Block I/O2 
Protocol on
 #  the device handle.
 #
-#  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -52,6 +52,7 @@
   gEfiBlockIoProtocolGuid   ## BY_START
   gEfiBlockIo2ProtocolGuid  ## BY_START
   gEfiEraseBlockProtocolGuid## BY_START
+  gEfiStorageSecurityCommandProtocolGuid## BY_START
   gEfiScsiIoProtocolGuid## TO_START
   gEfiScsiPassThruProtocolGuid  ## TO_START
   gEfiExtScsiPassThruProtocolGuid   ## TO_START
diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
index 42c095..2d8679ec6f 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
@@ -1,7 +1,7 @@
 /** @file
   Header file for SCSI Disk Driver.
 
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include 
 #include 
 #include 
+#include 
 
 
 #include 
@@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0
 
+#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0)
+
+#define UFS_WLUN_RPMB 0xC4
+
 typedef struct {
   UINT32MaxLbaCnt;
   UINT32MaxBlkDespCnt;
@@ -51,6 +56,8 @@ typedef struct {
 
   EFI_HANDLEHandle;
 
+  EFI_STORAGE_SECURITY_COMMAND_PROTOCOL   StorageSecurity;
+
   EFI_BLOCK_IO_PROTOCOL BlkIo;
   EFI_BLOCK_IO2_PROTOCOLBlkIo2;
   EFI_BLOCK_IO_MEDIABlkIoMedia;
@@ -95,6 +102,7 @@ typedef struct {
 #define SCSI_DISK_DEV_FROM_BLKIO(a)  CR (a, SCSI_DISK_DEV, BlkIo, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_BLKIO2(a)  CR (a, SCSI_DISK_DEV, BlkIo2, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_ERASEBLK(a)  CR (a, SCSI_DISK_DEV, EraseBlock, 
SCSI_DISK_DEV_SIGNATURE)
+#define SCSI_DISK_DEV_FROM_STORSEC(a)  CR (a, SCSI_DISK_DEV, StorageSecurity, 
SCSI_DISK_DEV_SIGNATURE)
 
 #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, 
SCSI_DISK_DEV_SIGNATURE)
 
@@ -638,6 +646,151 @@ ScsiDiskEraseBlocks (
   );
 
 
+/**
+  Send a security protocol command to a device that receives data and/or the 
result
+  of one or more commands sent by SendData.
+
+  The ReceiveData function sends a security protocol command to the given 
MediaId.
+  The security protocol command sent is defined by SecurityProtocolId and 
contains
+  the security protocol specific data SecurityProtocolSpecificData. The 
function
+  returns the data from the security protocol command in PayloadBuffer.
+
+  For devices supporting the SCSI command set, the security protocol command 
is sent
+  using the SECURITY PROTOCOL IN command defined in SPC-4.
+
+  If PayloadBufferSize is too small to store the available data from the 
security
+  protocol command, the function shall copy PayloadBufferSize bytes into the
+  PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
+
+  If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is 
non-zero,
+  the function shall return EFI_INVALID_PARAMETER.
+
+  If the given MediaId does not support security protocol commands, the 
function shall
+  return EFI_UNSUPPORTED. If there is no media in the device, the function 
returns
+  EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the 
device,
+  the function returns EFI_MEDIA_CHANGED.
+
+  If the security protocol fails to complete within the Timeout period, the 
function
+  shall return EFI_TIMEOUT.
+
+  If the security protocol command completes without an error, the function 
shall
+  return EFI_SUCCESS. If the security protocol command completes with an 
error, the
+  function 

[edk2-devel] [PATCH v6 0/4] Add SCSI Support for Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

V6 changes:
Restore EFI_SCSI_TYPE defines for ASC IT8 devices. Revert EFI_SCSI_IO_TYPE
changes in Protocol\ScsiIo.h. Add INC_512 parameter for SecurityProtocol
In/Out commands in UefiScsiLib. Change UINT32 args to UINTN to match the
definitions for Storage Security Command Protocol.

V5 changes:
Split MdeModulePkg changes into separate patches. Add ReinstallProtocol
calls for StorageSecurityCommand Protocol. Restore original MediaPresent
and ReadCapacity behavior, with new implementation for WLUN type media.
Clear temporary aligned buffers before freeing them.

V4 changes:
Add SSC Protocol in addition to BlockIo instead of in place of BlockIo.
Add error handling for (BlockSize == 0) in Read and WriteBlocks commands
to handle partitions that do not support ReadCapacity().

V3 changes:
Initialize AlignedBuffer variable in ScsiDiskReceiveData and
ScsiDiskSendData functions. Remove redundant input validation and debug
message in ScsiDiskSendData.

V2 changes:
Split the patch into separate commits for separate packages.

To support RPMB access on UFS devices, support must be added to
the ScsiDiskDxe driver for the Storage Security Command Protocol.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Cc: Hao A Wu 

Christopher J Zurcher (4):
  MdePkg: Implement SCSI commands for Security Protocol In/Out
  MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
  MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
  MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdePkg/Include/IndustryStandard/Scsi.h|  48 +-
 MdePkg/Include/Library/UefiScsiLib.h  | 128 +++-
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 616 +++-
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  17 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c  | 217 ++-
 8 files changed, 1167 insertions(+), 38 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46990): https://edk2.groups.io/g/devel/message/46990
Mute This Topic: https://groups.io/mt/33202203/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v6 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

This patch implements the Security Protocol In and Security Protocol Out
commands in UefiScsiLib to prepare support for the Storage Security
Command Protocol.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdePkg/Include/IndustryStandard/Scsi.h   |  48 +++--
 MdePkg/Include/Library/UefiScsiLib.h | 128 +++-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 217 +++-
 3 files changed, 374 insertions(+), 19 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/Scsi.h 
b/MdePkg/Include/IndustryStandard/Scsi.h
index cbe5709fe5..d03886417f 100644
--- a/MdePkg/Include/IndustryStandard/Scsi.h
+++ b/MdePkg/Include/IndustryStandard/Scsi.h
@@ -1,7 +1,7 @@
 /** @file
   Support for SCSI-2 standard
 
-  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -163,6 +163,12 @@
 #define EFI_SCSI_OP_SEND_MESSAGE10  0x2a
 #define EFI_SCSI_OP_SEND_MESSAGE12  0xaa
 
+//
+// Additional commands for Secure Transactions
+//
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN  0xa2
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5
+
 //
 // SCSI Data Transfer Direction
 //
@@ -172,22 +178,30 @@
 //
 // Peripheral Device Type Definitions
 //
-#define EFI_SCSI_TYPE_DISK  0x00  ///< Direct-access device (e.g. 
magnetic disk)
-#define EFI_SCSI_TYPE_TAPE  0x01  ///< Sequential-access device (e.g. 
magnetic tape)
-#define EFI_SCSI_TYPE_PRINTER   0x02  ///< Printer device
-#define EFI_SCSI_TYPE_PROCESSOR 0x03  ///< Processor device
-#define EFI_SCSI_TYPE_WORM  0x04  ///< Write-once device (e.g. some 
optical disks)
-#define EFI_SCSI_TYPE_CDROM 0x05  ///< CD-ROM device
-#define EFI_SCSI_TYPE_SCANNER   0x06  ///< Scanner device
-#define EFI_SCSI_TYPE_OPTICAL   0x07  ///< Optical memory device (e.g. 
some optical disks)
-#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08  ///< Medium changer device (e.g. 
jukeboxes)
-#define EFI_SCSI_TYPE_COMMUNICATION 0x09  ///< Communications device
-#define EFI_SCSI_TYPE_ASCIT8_1  0x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-#define EFI_SCSI_TYPE_ASCIT8_2  0x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-//
-// 0Ch - 1Eh are reserved
-//
-#define EFI_SCSI_TYPE_UNKNOWN   0x1F  ///< Unknown or no device type
+#define EFI_SCSI_TYPE_DISK0x00  ///< Direct-access device (e.g. 
magnetic disk)
+#define EFI_SCSI_TYPE_TAPE0x01  ///< Sequential-access device 
(e.g. magnetic tape)
+#define EFI_SCSI_TYPE_PRINTER 0x02  ///< Printer device
+#define EFI_SCSI_TYPE_PROCESSOR   0x03  ///< Processor device
+#define EFI_SCSI_TYPE_WORM0x04  ///< Write-once device (e.g. some 
optical disks)
+#define EFI_SCSI_TYPE_CDROM   0x05  ///< CD/DVD device
+#define EFI_SCSI_TYPE_SCANNER 0x06  ///< Scanner device (obsolete)
+#define EFI_SCSI_TYPE_OPTICAL 0x07  ///< Optical memory device (e.g. 
some optical disks)
+#define EFI_SCSI_TYPE_MEDIUMCHANGER   0x08  ///< Medium changer device (e.g. 
jukeboxes)
+#define EFI_SCSI_TYPE_COMMUNICATION   0x09  ///< Communications device 
(obsolete)
+#define EFI_SCSI_TYPE_ASCIT8_10x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
+#define EFI_SCSI_TYPE_ASCIT8_20x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
+#define EFI_SCSI_TYPE_RAID0x0C  ///< Storage array controller 
device (e.g., RAID)
+#define EFI_SCSI_TYPE_SES 0x0D  ///< Enclosure services device
+#define EFI_SCSI_TYPE_RBC 0x0E  ///< Simplified direct-access 
device (e.g., magnetic disk)
+#define EFI_SCSI_TYPE_OCRW0x0F  ///< Optical card reader/writer 
device
+#define EFI_SCSI_TYPE_BRIDGE  0x10  ///< Bridge Controller Commands
+#define EFI_SCSI_TYPE_OSD 0x11  ///< Object-based Storage Device
+#define EFI_SCSI_TYPE_AUTOMATION  0x12  ///< Automation/Drive Interface
+#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13  ///< Security manager device
+#define EFI_SCSI_TYPE_RESERVED_LOW0x14  ///< Reserved (low)
+#define EFI_SCSI_TYPE_RESERVED_HIGH   0x1D  ///< Reserved (high)
+#define EFI_SCSI_TYPE_WLUN0x1E  ///< Well known logical unit
+#define EFI_SCSI_TYPE_UNKNOWN 0x1F  ///< Unknown or no device type
 
 //
 // Page Codes for INQUIRY command
diff --git a/MdePkg/Include/Library/UefiScsiLib.h 
b/MdePkg/Include/Library/UefiScsiLib.h
index 10dd81902b..5c94b0aa16 100644
--- a/MdePkg/Include/Library/UefiScsiLib.h
+++ b/MdePkg/Include/Library/UefiScsiLib.h
@@ -5,7 +5,7 @@
   for hard drive, CD and DVD devices that are the most common SCSI boot 
targets used by UEFI platforms.
   This library class depends on SCSI I/O Protocol defined in UEFI 
Specification and SCSI-2 industry standard.
 
-Copyright (c) 2006 - 2018, Intel 

Re: [edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out

[Zurcher, Christopher J]

I've implemented all the suggested changes except changing the arguments from 
UINT32 to UINTN. No other functions in UefiScsiLib take UINTN arguments, and 
since the library is directly packing the CDB, I think it makes sense to force 
the caller to provide the correct-size length value. That way there is no 
ambiguity on what is going to the device.
If you agree I will send the updated patchset.

Thanks,
Christopher Zurcher

-Original Message-
From: Wu, Hao A 
Sent: Monday, August 26, 2019 20:03
To: devel@edk2.groups.io; Zurcher, Christopher J 

Cc: Yao, Jiewen ; Wang, Jian J ; 
Gao, Liming 
Subject: RE: [edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands for 
Security Protocol In/Out

Hello,

Please refer to the below inline comments:


> -Original Message-
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Zurcher, Christopher J
> Sent: Friday, August 23, 2019 6:02 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen; Wang, Jian J; Gao, Liming
> Subject: [edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands
> for Security Protocol In/Out
> 
> This patch implements the Security Protocol In and Security Protocol Out
> commands in UefiScsiLib to prepare support for the Storage Security
> Command Protocol.
> 
> Cc: Jiewen Yao 
> Cc: Jian J Wang 
> Cc: Liming Gao 
> Signed-off-by: Christopher J Zurcher 
> ---
>  MdePkg/Include/IndustryStandard/Scsi.h   |  48 +++--
>  MdePkg/Include/Library/UefiScsiLib.h | 126 +++-
>  MdePkg/Include/Protocol/ScsiIo.h |   9 +-
>  MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++-
>  4 files changed, 366 insertions(+), 22 deletions(-)
> 
> diff --git a/MdePkg/Include/IndustryStandard/Scsi.h
> b/MdePkg/Include/IndustryStandard/Scsi.h
> index cbe5709fe5..10d7b49ba7 100644
> --- a/MdePkg/Include/IndustryStandard/Scsi.h
> +++ b/MdePkg/Include/IndustryStandard/Scsi.h
> @@ -1,7 +1,7 @@
>  /** @file
>Support for SCSI-2 standard
> 
> -  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
> +  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
>SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> @@ -163,6 +163,12 @@
>  #define EFI_SCSI_OP_SEND_MESSAGE10  0x2a
>  #define EFI_SCSI_OP_SEND_MESSAGE12  0xaa
> 
> +//
> +// Additional commands for Secure Transactions
> +//
> +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN  0xa2
> +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5
> +
>  //
>  // SCSI Data Transfer Direction
>  //
> @@ -172,22 +178,30 @@
>  //
>  // Peripheral Device Type Definitions
>  //
> -#define EFI_SCSI_TYPE_DISK  0x00  ///< Direct-access device (e.g.
> magnetic disk)
> -#define EFI_SCSI_TYPE_TAPE  0x01  ///< Sequential-access device (e.g.
> magnetic tape)
> -#define EFI_SCSI_TYPE_PRINTER   0x02  ///< Printer device
> -#define EFI_SCSI_TYPE_PROCESSOR 0x03  ///< Processor device
> -#define EFI_SCSI_TYPE_WORM  0x04  ///< Write-once device (e.g. some
> optical disks)
> -#define EFI_SCSI_TYPE_CDROM 0x05  ///< CD-ROM device
> -#define EFI_SCSI_TYPE_SCANNER   0x06  ///< Scanner device
> -#define EFI_SCSI_TYPE_OPTICAL   0x07  ///< Optical memory device (e.g.
> some optical disks)
> -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08  ///< Medium changer
> device (e.g. jukeboxes)
> -#define EFI_SCSI_TYPE_COMMUNICATION 0x09  ///< Communications
> device
> -#define EFI_SCSI_TYPE_ASCIT8_1  0x0A  ///< Defined by ASC IT8 (Graphic
> arts pre-press devices)
> -#define EFI_SCSI_TYPE_ASCIT8_2  0x0B  ///< Defined by ASC IT8 (Graphic
> arts pre-press devices)


Could you help to address Liming's comment in the V4 series that to preserve
the definition for EFI_SCSI_TYPE_ASCIT8_1 & EFI_SCSI_TYPE_ASCIT8_2 for
compatibility consideration:

https://edk2.groups.io/g/devel/message/42361?p=,,,20,0,0,0::Created,,scsi,20,2,40,32048246


> -//
> -// 0Ch - 1Eh are reserved
> -//
> -#define EFI_SCSI_TYPE_UNKNOWN   0x1F  ///< Unknown or no device
> type
> +#define EFI_SCSI_TYPE_DISK0x00  ///< Direct-access device (e.g.
> magnetic disk)
> +#define EFI_SCSI_TYPE_TAPE0x01  ///< Sequential-access device 
> (e.g.
> magnetic tape)
> +#define EFI_SCSI_TYPE_PRINTER 0x02  ///< Printer device
> +#define EFI_SCSI_TYPE_PROCESSOR   0x03  ///< Processor device
> +#define EFI_SCSI_TYPE_WORM0x04  ///< Write-once device (e.g.
> some optical disks)
> +#define EFI_SCSI_TYPE_CDROM   0x05  ///< CD/DVD device
> +#define EFI_SCSI_TYPE_SCANNER 0x06  ///< Scanner device (obsolete)
> +#define EFI_SCSI_TYPE_OPTICAL 0x07  ///< Optical memory devi

[edk2-devel] [PATCH v5 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check

[Zurcher, Christopher J]

Replacing "magic numbers" in the Peripheral Type check with defines for
the reserved range from IndustryStandard/Scsi.h

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c 
b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
index c4069aec0f..1caffd38cd 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
+++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c
@@ -2,7 +2,7 @@
   SCSI Bus driver that layers on every SCSI Pass Thru and
   Extended SCSI Pass Thru protocol in the system.
 
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -1368,7 +1368,8 @@ DiscoverScsiDevice (
 goto Done;
   }
 
-  if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 
0xa) {
+  if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) &&
+  (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) {
 ScsiDeviceFound = FALSE;
 goto Done;
   }
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46240): https://edk2.groups.io/g/devel/message/46240
Mute This Topic: https://groups.io/mt/32994944/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out

[Zurcher, Christopher J]

This patch implements the Security Protocol In and Security Protocol Out
commands in UefiScsiLib to prepare support for the Storage Security
Command Protocol.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdePkg/Include/IndustryStandard/Scsi.h   |  48 +++--
 MdePkg/Include/Library/UefiScsiLib.h | 126 +++-
 MdePkg/Include/Protocol/ScsiIo.h |   9 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++-
 4 files changed, 366 insertions(+), 22 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/Scsi.h 
b/MdePkg/Include/IndustryStandard/Scsi.h
index cbe5709fe5..10d7b49ba7 100644
--- a/MdePkg/Include/IndustryStandard/Scsi.h
+++ b/MdePkg/Include/IndustryStandard/Scsi.h
@@ -1,7 +1,7 @@
 /** @file
   Support for SCSI-2 standard
 
-  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -163,6 +163,12 @@
 #define EFI_SCSI_OP_SEND_MESSAGE10  0x2a
 #define EFI_SCSI_OP_SEND_MESSAGE12  0xaa
 
+//
+// Additional commands for Secure Transactions
+//
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN  0xa2
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5
+
 //
 // SCSI Data Transfer Direction
 //
@@ -172,22 +178,30 @@
 //
 // Peripheral Device Type Definitions
 //
-#define EFI_SCSI_TYPE_DISK  0x00  ///< Direct-access device (e.g. 
magnetic disk)
-#define EFI_SCSI_TYPE_TAPE  0x01  ///< Sequential-access device (e.g. 
magnetic tape)
-#define EFI_SCSI_TYPE_PRINTER   0x02  ///< Printer device
-#define EFI_SCSI_TYPE_PROCESSOR 0x03  ///< Processor device
-#define EFI_SCSI_TYPE_WORM  0x04  ///< Write-once device (e.g. some 
optical disks)
-#define EFI_SCSI_TYPE_CDROM 0x05  ///< CD-ROM device
-#define EFI_SCSI_TYPE_SCANNER   0x06  ///< Scanner device
-#define EFI_SCSI_TYPE_OPTICAL   0x07  ///< Optical memory device (e.g. 
some optical disks)
-#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08  ///< Medium changer device (e.g. 
jukeboxes)
-#define EFI_SCSI_TYPE_COMMUNICATION 0x09  ///< Communications device
-#define EFI_SCSI_TYPE_ASCIT8_1  0x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-#define EFI_SCSI_TYPE_ASCIT8_2  0x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-//
-// 0Ch - 1Eh are reserved
-//
-#define EFI_SCSI_TYPE_UNKNOWN   0x1F  ///< Unknown or no device type
+#define EFI_SCSI_TYPE_DISK0x00  ///< Direct-access device (e.g. 
magnetic disk)
+#define EFI_SCSI_TYPE_TAPE0x01  ///< Sequential-access device 
(e.g. magnetic tape)
+#define EFI_SCSI_TYPE_PRINTER 0x02  ///< Printer device
+#define EFI_SCSI_TYPE_PROCESSOR   0x03  ///< Processor device
+#define EFI_SCSI_TYPE_WORM0x04  ///< Write-once device (e.g. some 
optical disks)
+#define EFI_SCSI_TYPE_CDROM   0x05  ///< CD/DVD device
+#define EFI_SCSI_TYPE_SCANNER 0x06  ///< Scanner device (obsolete)
+#define EFI_SCSI_TYPE_OPTICAL 0x07  ///< Optical memory device (e.g. 
some optical disks)
+#define EFI_SCSI_TYPE_MEDIUMCHANGER   0x08  ///< Medium changer device (e.g. 
jukeboxes)
+#define EFI_SCSI_TYPE_COMMUNICATION   0x09  ///< Communications device 
(obsolete)
+#define EFI_SCSI_TYPE_A   0x0A  ///< Obsolete
+#define EFI_SCSI_TYPE_B   0x0B  ///< Obsolete
+#define EFI_SCSI_TYPE_RAID0x0C  ///< Storage array controller 
device (e.g., RAID)
+#define EFI_SCSI_TYPE_SES 0x0D  ///< Enclosure services device
+#define EFI_SCSI_TYPE_RBC 0x0E  ///< Simplified direct-access 
device (e.g., magnetic disk)
+#define EFI_SCSI_TYPE_OCRW0x0F  ///< Optical card reader/writer 
device
+#define EFI_SCSI_TYPE_BRIDGE  0x10  ///< Bridge Controller Commands
+#define EFI_SCSI_TYPE_OSD 0x11  ///< Object-based Storage Device
+#define EFI_SCSI_TYPE_AUTOMATION  0x12  ///< Automation/Drive Interface
+#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13  ///< Security manager device
+#define EFI_SCSI_TYPE_RESERVED_LOW0x14  ///< Reserved (low)
+#define EFI_SCSI_TYPE_RESERVED_HIGH   0x1D  ///< Reserved (high)
+#define EFI_SCSI_TYPE_WLUN0x1E  ///< Well known logical unit
+#define EFI_SCSI_TYPE_UNKNOWN 0x1F  ///< Unknown or no device type
 
 //
 // Page Codes for INQUIRY command
diff --git a/MdePkg/Include/Library/UefiScsiLib.h 
b/MdePkg/Include/Library/UefiScsiLib.h
index 10dd81902b..a0d99e703a 100644
--- a/MdePkg/Include/Library/UefiScsiLib.h
+++ b/MdePkg/Include/Library/UefiScsiLib.h
@@ -5,7 +5,7 @@
   for hard drive, CD and DVD devices that are the most common SCSI boot 
targets used by UEFI platforms.
   This library class depends on SCSI I/O Protocol defined in UEFI 
Specification and SCSI-2 industry standard.
 
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights 

[edk2-devel] [PATCH v5 0/4] Add SCSI Support for Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

V5 changes:
Split MdeModulePkg changes into separate patches. Add ReinstallProtocol
calls for StorageSecurityCommand Protocol. Restore original MediaPresent
and ReadCapacity behavior, with new implementation for WLUN type media.
Clear temporary aligned buffers before freeing them.

V4 changes:
Add SSC Protocol in addition to BlockIo instead of in place of BlockIo.
Add error handling for (BlockSize == 0) in Read and WriteBlocks commands
to handle partitions that do not support ReadCapacity().

V3 changes:
Initialize AlignedBuffer variable in ScsiDiskReceiveData and
ScsiDiskSendData functions. Remove redundant input validation and debug
message in ScsiDiskSendData.

V2 changes:
Split the patch into separate commits for separate packages.

To support RPMB access on UFS devices, support must be added to
the ScsiDiskDxe driver for the Storage Security Command Protocol.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Cc: Hao A Wu 

Christopher J Zurcher (4):
  MdePkg: Implement SCSI commands for Security Protocol In/Out
  MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
  MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
  MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdePkg/Include/IndustryStandard/Scsi.h|  48 +-
 MdePkg/Include/Library/UefiScsiLib.h  | 126 +++-
 MdePkg/Include/Protocol/ScsiIo.h  |   9 +-
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 614 +++-
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  17 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c  | 205 ++-
 9 files changed, 1157 insertions(+), 41 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46237): https://edk2.groups.io/g/devel/message/46237
Mute This Topic: https://groups.io/mt/32994941/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v5 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

[Zurcher, Christopher J]

This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the
ScsiDiskDxe driver.

Support is currently limited to the RPMB Well-known LUN for UFS devices.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 614 +++-
 3 files changed, 772 insertions(+), 16 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
index 5500d828e9..40818e669b 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
@@ -3,7 +3,7 @@
 #  It detects the SCSI disk media and installs Block I/O and Block I/O2 
Protocol on
 #  the device handle.
 #
-#  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -52,6 +52,7 @@
   gEfiBlockIoProtocolGuid   ## BY_START
   gEfiBlockIo2ProtocolGuid  ## BY_START
   gEfiEraseBlockProtocolGuid## BY_START
+  gEfiStorageSecurityCommandProtocolGuid## BY_START
   gEfiScsiIoProtocolGuid## TO_START
   gEfiScsiPassThruProtocolGuid  ## TO_START
   gEfiExtScsiPassThruProtocolGuid   ## TO_START
diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
index 42c095..2d8679ec6f 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
@@ -1,7 +1,7 @@
 /** @file
   Header file for SCSI Disk Driver.
 
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include 
 #include 
 #include 
+#include 
 
 
 #include 
@@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0
 
+#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0)
+
+#define UFS_WLUN_RPMB 0xC4
+
 typedef struct {
   UINT32MaxLbaCnt;
   UINT32MaxBlkDespCnt;
@@ -51,6 +56,8 @@ typedef struct {
 
   EFI_HANDLEHandle;
 
+  EFI_STORAGE_SECURITY_COMMAND_PROTOCOL   StorageSecurity;
+
   EFI_BLOCK_IO_PROTOCOL BlkIo;
   EFI_BLOCK_IO2_PROTOCOLBlkIo2;
   EFI_BLOCK_IO_MEDIABlkIoMedia;
@@ -95,6 +102,7 @@ typedef struct {
 #define SCSI_DISK_DEV_FROM_BLKIO(a)  CR (a, SCSI_DISK_DEV, BlkIo, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_BLKIO2(a)  CR (a, SCSI_DISK_DEV, BlkIo2, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_ERASEBLK(a)  CR (a, SCSI_DISK_DEV, EraseBlock, 
SCSI_DISK_DEV_SIGNATURE)
+#define SCSI_DISK_DEV_FROM_STORSEC(a)  CR (a, SCSI_DISK_DEV, StorageSecurity, 
SCSI_DISK_DEV_SIGNATURE)
 
 #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, 
SCSI_DISK_DEV_SIGNATURE)
 
@@ -638,6 +646,151 @@ ScsiDiskEraseBlocks (
   );
 
 
+/**
+  Send a security protocol command to a device that receives data and/or the 
result
+  of one or more commands sent by SendData.
+
+  The ReceiveData function sends a security protocol command to the given 
MediaId.
+  The security protocol command sent is defined by SecurityProtocolId and 
contains
+  the security protocol specific data SecurityProtocolSpecificData. The 
function
+  returns the data from the security protocol command in PayloadBuffer.
+
+  For devices supporting the SCSI command set, the security protocol command 
is sent
+  using the SECURITY PROTOCOL IN command defined in SPC-4.
+
+  If PayloadBufferSize is too small to store the available data from the 
security
+  protocol command, the function shall copy PayloadBufferSize bytes into the
+  PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
+
+  If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is 
non-zero,
+  the function shall return EFI_INVALID_PARAMETER.
+
+  If the given MediaId does not support security protocol commands, the 
function shall
+  return EFI_UNSUPPORTED. If there is no media in the device, the function 
returns
+  EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the 
device,
+  the function returns EFI_MEDIA_CHANGED.
+
+  If the security protocol fails to complete within the Timeout period, the 
function
+  shall return EFI_TIMEOUT.
+
+  If the security protocol command completes without an error, the function 
shall
+  return EFI_SUCCESS. If the security protocol command completes with an 
error, the
+  function shall return EFI_DEVICE_ERROR.
+
+  @param  This  

[edk2-devel] [PATCH v5 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)

[Zurcher, Christopher J]

Currently UfsPassThru only checks for 8 common LUNs. This adds a check
for the RPMB Well-known LUN and sets the corresponding bit-mask. Further
handling of the WLUN is already present in the driver.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c 
b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
index b12404aacb..26c5a8b855 100644
--- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
+++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c
@@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart (
   UINTN UfsHcBase;
   UINT32Index;
   UFS_UNIT_DESC UnitDescriptor;
+  UFS_DEV_DESC  DeviceDescriptor;
   UINT32UnitDescriptorSize;
+  UINT32DeviceDescriptorSize;
 
   Status= EFI_SUCCESS;
   UfsHc = NULL;
@@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart (
 
   //
   // Check if 8 common luns are active and set corresponding bit mask.
-  // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper 
layer for authentication access.
   //
   UnitDescriptorSize = sizeof (UFS_UNIT_DESC);
   for (Index = 0; Index < 8; Index++) {
@@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart (
 }
   }
 
+  //
+  // Check if RPMB WLUN is supported and set corresponding bit mask.
+  //
+  DeviceDescriptorSize = sizeof (UFS_DEV_DESC);
+  Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, 
, );
+  if (EFI_ERROR (Status)) {
+DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", 
Status));
+  } else {
+if (DeviceDescriptor.SecurityLun == 0x1) {
+  DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n"));
+  Private->Luns.BitMask |= BIT11;
+}
+  }
+
   //
   // Start the asynchronous interrupt monitor
   //
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#46239): https://edk2.groups.io/g/devel/message/46239
Mute This Topic: https://groups.io/mt/32994943/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

[Zurcher, Christopher J]

Hao,
Why will this cause CDROM devices to fail to be recognized? If they require a 
capacity read, I can change the MustReadCapacity flag to TRUE. On subsequent 
media change, the sense key parsing will set Action to ACTION_READ_CAPACITY so 
that case is covered as well. Is there a reason the MustReadCapacity flag was 
originally set to FALSE for CDROM devices? With the default action being to 
read capacity anyway, the existing implementation seems to make the flag mostly 
useless.

I have implemented the rest of the suggestions.

Thanks,
Christopher Zurcher

-Original Message-
From: Wu, Hao A 
Sent: Monday, June 17, 2019 19:12
To: devel@edk2.groups.io; Zurcher, Christopher J 

Cc: Kinney, Michael D ; Yao, Jiewen 
; Wang, Jian J ; Gao, Liming 

Subject: RE: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support 
Storage Security Command Protocol

> -Original Message-
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Zurcher, Christopher J
> Sent: Thursday, June 13, 2019 10:05 AM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D; Yao, Jiewen; Wang, Jian J; Gao, Liming
> Subject: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support
> Storage Security Command Protocol
> 
> This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
> in the
> ScsiDiskDxe driver.
> 
> Support is currently limited to the RPMB Well-known LUN for UFS devices.


Hello,

Some general level comments:
1. CDROM device issue
This patch will bring an issue to the CDROM devices that CD/DVD will not
be recognized properly.

I think the cause of the issue is the relocation of the below logic:
  ScsiDiskDevice->BlkIo.Media->MediaPresent = TRUE;
from GetMediaInfo() to ScsiDiskTestUnitReady(). It will lead to the read
capacity command being skipped for CDROM devices, which results into the
LastBlock for the device equals to 0.

We may need to find out a better approach to handle the case for UFS RPMB.

2. Split this patch into three commits
Besides adding the Storage Security Command Protocol support in ScsiDisk
driver, the patch also:
* Updates the ScsiBus driver to recognize the Well known logical unit
* Updates the UfsPassThruDxe driver to expose the RPMB WLUN

Please help to split the patch into 3 separate commits.

3. Updates for the BlockIO(2) services
For functions ScsiDiskReadBlocks(Ex) & ScsiDiskWriteBlocks(Ex), below codes
are added for the dummy BlockIO(2) protocol instance on the UFS RPMB Lun:

  if (BlockSize == 0) {
Status = EFI_UNSUPPORTED;
goto Done;
  }

I suggest to use status 'EFI_DEVICE_ERROR' for such case, since
'EFI_UNSUPPORTED' is not listed as an expected return status in the UEFI
spec.

4. Reinstallation of the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
For the reinstallation of the SSC protocol to handle media change, I saw
this is only handled within ScsiDiskReceiveData() & ScsiDiskSendData().
The below functions should be considered as well:

ScsiDiskReadBlocks(Ex)
ScsiDiskWriteBlocks(Ex)
ScsiDiskFlushBlocksEx
ScsiDiskEraseBlocks


Some inline comments below:


> 
> Cc: Michael D Kinney 
> Cc: Jiewen Yao 
> Cc: Jian J Wang 
> Cc: Liming Gao 
> Signed-off-by: Christopher J Zurcher 
> ---
>  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
>  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 ++-
>  MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
>  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 522
> +++-
>  MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  19 +-
>  5 files changed, 698 insertions(+), 22 deletions(-)
> 
> diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
> b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
> index 5500d828e9..40818e669b 100644
> --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
> +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
> @@ -3,7 +3,7 @@
>  #  It detects the SCSI disk media and installs Block I/O and Block I/O2 
> Protocol
> on
>  #  the device handle.
>  #
> -#  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
> +#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
>  ##
> @@ -52,6 +52,7 @@
>gEfiBlockIoProtocolGuid   ## BY_START
>gEfiBlockIo2ProtocolGuid  ## BY_START
>gEfiEraseBlockProtocolGuid## BY_START
> +  gEfiStorageSecurityCommandProtocolGuid## BY_START
>gEfiScsiIoProtocolGuid## TO_START
>gEfiScsiPassThruProtocolGuid  ## TO_START
>gEfiExtScsiPassThruProtocolGuid   ## TO_START
> diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
> b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
> index 42c095..2d8679ec6f

Re: [edk2-devel] [PATCH v4 0/2] Add SCSI Support for Storage Security Command Protocol

[Zurcher, Christopher J]

A unit test has been run which provisions RPMB key, writes data, and verifies 
it after reading on the following boot.
Further, this code is being exercised for secure storage on multiple platforms 
as part of standard boot flow.

Unit test files emailed separately.

Thanks,
Christopher Zurcher


-Original Message-
From: Gao, Liming 
Sent: Thursday, June 13, 2019 05:59
To: Zurcher, Christopher J ; 
devel@edk2.groups.io
Cc: Kinney, Michael D ; Yao, Jiewen 
; Wang, Jian J 
Subject: RE: [PATCH v4 0/2] Add SCSI Support for Storage Security Command 
Protocol

Zurcher:
  Can you share what test has been done for this feature?

Thanks
Liming
> -Original Message-
> From: Zurcher, Christopher J
> Sent: Thursday, June 13, 2019 10:05 AM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D ; Yao, Jiewen 
> ; Wang, Jian J ; Gao,
> Liming 
> Subject: [PATCH v4 0/2] Add SCSI Support for Storage Security Command Protocol
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546
> 
> V4 changes:
> Add SSC Protocol in addition to BlockIo instead of in place of BlockIo.
> Add error handling for (BlockSize == 0) in Read and WriteBlocks commands
> to handle partitions that do not support ReadCapacity().
> 
> V3 changes:
> Initialize AlignedBuffer variable in ScsiDiskReceiveData and
> ScsiDiskSendData functions. Remove redundant input validation and debug
> message in ScsiDiskSendData.
> 
> V2 changes:
> Split the patch into separate commits for separate packages.
> 
> To support RPMB access on UFS devices, support must be added to
> the ScsiDiskDxe driver for the Storage Security Command Protocol.
> 
> Cc: Michael D Kinney 
> Cc: Jiewen Yao 
> Cc: Jian J Wang 
> Cc: Liming Gao 
> 
> Christopher J Zurcher (2):
>   MdePkg: Implement SCSI commands for Security Protocol In/Out
>   MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol
> 
>  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
>  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 ++-
>  MdePkg/Include/IndustryStandard/Scsi.h|  48 +-
>  MdePkg/Include/Library/UefiScsiLib.h  | 126 -
>  MdePkg/Include/Protocol/ScsiIo.h  |   9 +-
>  MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
>  MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 522 +++-
>  MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  19 +-
>  MdePkg/Library/UefiScsiLib/UefiScsiLib.c  | 205 +++-
>  9 files changed, 1064 insertions(+), 44 deletions(-)
> 
> --
> 2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42394): https://edk2.groups.io/g/devel/message/42394
Mute This Topic: https://groups.io/mt/32048245/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security Protocol In/Out

[Zurcher, Christopher J]

> Why remove ASCIT8_1 & ASCIT8_2? Can we keep them for compatibility?

If that's preferred, I can add them back in. They were only removed as they are 
marked obsolete in SPC-5.

--
Christopher Zurcher

-Original Message-
From: Gao, Liming 
Sent: Thursday, June 13, 2019 05:54
To: Zurcher, Christopher J ; 
devel@edk2.groups.io
Cc: Yao, Jiewen ; Wang, Jian J 
Subject: RE: [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security 
Protocol In/Out


> -Original Message-
> From: Zurcher, Christopher J
> Sent: Thursday, June 13, 2019 10:05 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ; 
> Gao, Liming 
> Subject: [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security Protocol 
> In/Out
> 
> This patch implements the Security Protocol In and Security Protocol Out
> commands in UefiScsiLib to prepare support for the Storage Security
> Command Protocol.
> 
> Cc: Jiewen Yao 
> Cc: Jian J Wang 
> Cc: Liming Gao 
> Signed-off-by: Christopher J Zurcher 
> ---
>  MdePkg/Include/IndustryStandard/Scsi.h   |  48 +++--
>  MdePkg/Include/Library/UefiScsiLib.h | 126 +++-
>  MdePkg/Include/Protocol/ScsiIo.h |   9 +-
>  MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++-
>  4 files changed, 366 insertions(+), 22 deletions(-)
> 
> diff --git a/MdePkg/Include/IndustryStandard/Scsi.h 
> b/MdePkg/Include/IndustryStandard/Scsi.h
> index cbe5709fe5..10d7b49ba7 100644
> --- a/MdePkg/Include/IndustryStandard/Scsi.h
> +++ b/MdePkg/Include/IndustryStandard/Scsi.h
> @@ -1,7 +1,7 @@
>  /** @file
>Support for SCSI-2 standard
> 
> -  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
> +  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
>SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  **/
> @@ -163,6 +163,12 @@
>  #define EFI_SCSI_OP_SEND_MESSAGE10  0x2a
>  #define EFI_SCSI_OP_SEND_MESSAGE12  0xaa
> 
> +//
> +// Additional commands for Secure Transactions
> +//
> +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN  0xa2
> +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5
> +
>  //
>  // SCSI Data Transfer Direction
>  //
> @@ -172,22 +178,30 @@
>  //
>  // Peripheral Device Type Definitions
>  //
> -#define EFI_SCSI_TYPE_DISK  0x00  ///< Direct-access device (e.g. 
> magnetic disk)
> -#define EFI_SCSI_TYPE_TAPE  0x01  ///< Sequential-access device 
> (e.g. magnetic tape)
> -#define EFI_SCSI_TYPE_PRINTER   0x02  ///< Printer device
> -#define EFI_SCSI_TYPE_PROCESSOR 0x03  ///< Processor device
> -#define EFI_SCSI_TYPE_WORM  0x04  ///< Write-once device (e.g. some 
> optical disks)
> -#define EFI_SCSI_TYPE_CDROM 0x05  ///< CD-ROM device
> -#define EFI_SCSI_TYPE_SCANNER   0x06  ///< Scanner device
> -#define EFI_SCSI_TYPE_OPTICAL   0x07  ///< Optical memory device (e.g. 
> some optical disks)
> -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08  ///< Medium changer device (e.g. 
> jukeboxes)
> -#define EFI_SCSI_TYPE_COMMUNICATION 0x09  ///< Communications device
> -#define EFI_SCSI_TYPE_ASCIT8_1  0x0A  ///< Defined by ASC IT8 (Graphic 
> arts pre-press devices)
> -#define EFI_SCSI_TYPE_ASCIT8_2  0x0B  ///< Defined by ASC IT8 (Graphic 
> arts pre-press devices)

Why remove ASCIT8_1 & ASCIT8_2? Can we keep them for compatibility?

> -//
> -// 0Ch - 1Eh are reserved
> -//
> -#define EFI_SCSI_TYPE_UNKNOWN   0x1F  ///< Unknown or no device type
> +#define EFI_SCSI_TYPE_DISK0x00  ///< Direct-access device (e.g. 
> magnetic disk)
> +#define EFI_SCSI_TYPE_TAPE0x01  ///< Sequential-access device 
> (e.g. magnetic tape)
> +#define EFI_SCSI_TYPE_PRINTER 0x02  ///< Printer device
> +#define EFI_SCSI_TYPE_PROCESSOR   0x03  ///< Processor device
> +#define EFI_SCSI_TYPE_WORM0x04  ///< Write-once device (e.g. 
> some optical disks)
> +#define EFI_SCSI_TYPE_CDROM   0x05  ///< CD/DVD device
> +#define EFI_SCSI_TYPE_SCANNER 0x06  ///< Scanner device (obsolete)
> +#define EFI_SCSI_TYPE_OPTICAL 0x07  ///< Optical memory device (e.g. 
> some optical disks)
> +#define EFI_SCSI_TYPE_MEDIUMCHANGER   0x08  ///< Medium changer device (e.g. 
> jukeboxes)
> +#define EFI_SCSI_TYPE_COMMUNICATION   0x09  ///< Communications device 
> (obsolete)
> +#define EFI_SCSI_TYPE_A   0x0A  ///< Obsolete
> +#define EFI_SCSI_TYPE_B   0x0B  ///< Obsolete
> +#define EFI_SCSI_TYPE_RAID0x0C  ///< Storage array controller 
> device (e.g., RAID)
> +#define EFI_SCSI_TYPE_SES 0x0D  ///< Enclosure services device
> +#define

[edk2-devel] [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security Protocol In/Out

[Zurcher, Christopher J]

This patch implements the Security Protocol In and Security Protocol Out
commands in UefiScsiLib to prepare support for the Storage Security
Command Protocol.

Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdePkg/Include/IndustryStandard/Scsi.h   |  48 +++--
 MdePkg/Include/Library/UefiScsiLib.h | 126 +++-
 MdePkg/Include/Protocol/ScsiIo.h |   9 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++-
 4 files changed, 366 insertions(+), 22 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/Scsi.h 
b/MdePkg/Include/IndustryStandard/Scsi.h
index cbe5709fe5..10d7b49ba7 100644
--- a/MdePkg/Include/IndustryStandard/Scsi.h
+++ b/MdePkg/Include/IndustryStandard/Scsi.h
@@ -1,7 +1,7 @@
 /** @file
   Support for SCSI-2 standard
 
-  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -163,6 +163,12 @@
 #define EFI_SCSI_OP_SEND_MESSAGE10  0x2a
 #define EFI_SCSI_OP_SEND_MESSAGE12  0xaa
 
+//
+// Additional commands for Secure Transactions
+//
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN  0xa2
+#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5
+
 //
 // SCSI Data Transfer Direction
 //
@@ -172,22 +178,30 @@
 //
 // Peripheral Device Type Definitions
 //
-#define EFI_SCSI_TYPE_DISK  0x00  ///< Direct-access device (e.g. 
magnetic disk)
-#define EFI_SCSI_TYPE_TAPE  0x01  ///< Sequential-access device (e.g. 
magnetic tape)
-#define EFI_SCSI_TYPE_PRINTER   0x02  ///< Printer device
-#define EFI_SCSI_TYPE_PROCESSOR 0x03  ///< Processor device
-#define EFI_SCSI_TYPE_WORM  0x04  ///< Write-once device (e.g. some 
optical disks)
-#define EFI_SCSI_TYPE_CDROM 0x05  ///< CD-ROM device
-#define EFI_SCSI_TYPE_SCANNER   0x06  ///< Scanner device
-#define EFI_SCSI_TYPE_OPTICAL   0x07  ///< Optical memory device (e.g. 
some optical disks)
-#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08  ///< Medium changer device (e.g. 
jukeboxes)
-#define EFI_SCSI_TYPE_COMMUNICATION 0x09  ///< Communications device
-#define EFI_SCSI_TYPE_ASCIT8_1  0x0A  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-#define EFI_SCSI_TYPE_ASCIT8_2  0x0B  ///< Defined by ASC IT8 (Graphic 
arts pre-press devices)
-//
-// 0Ch - 1Eh are reserved
-//
-#define EFI_SCSI_TYPE_UNKNOWN   0x1F  ///< Unknown or no device type
+#define EFI_SCSI_TYPE_DISK0x00  ///< Direct-access device (e.g. 
magnetic disk)
+#define EFI_SCSI_TYPE_TAPE0x01  ///< Sequential-access device 
(e.g. magnetic tape)
+#define EFI_SCSI_TYPE_PRINTER 0x02  ///< Printer device
+#define EFI_SCSI_TYPE_PROCESSOR   0x03  ///< Processor device
+#define EFI_SCSI_TYPE_WORM0x04  ///< Write-once device (e.g. some 
optical disks)
+#define EFI_SCSI_TYPE_CDROM   0x05  ///< CD/DVD device
+#define EFI_SCSI_TYPE_SCANNER 0x06  ///< Scanner device (obsolete)
+#define EFI_SCSI_TYPE_OPTICAL 0x07  ///< Optical memory device (e.g. 
some optical disks)
+#define EFI_SCSI_TYPE_MEDIUMCHANGER   0x08  ///< Medium changer device (e.g. 
jukeboxes)
+#define EFI_SCSI_TYPE_COMMUNICATION   0x09  ///< Communications device 
(obsolete)
+#define EFI_SCSI_TYPE_A   0x0A  ///< Obsolete
+#define EFI_SCSI_TYPE_B   0x0B  ///< Obsolete
+#define EFI_SCSI_TYPE_RAID0x0C  ///< Storage array controller 
device (e.g., RAID)
+#define EFI_SCSI_TYPE_SES 0x0D  ///< Enclosure services device
+#define EFI_SCSI_TYPE_RBC 0x0E  ///< Simplified direct-access 
device (e.g., magnetic disk)
+#define EFI_SCSI_TYPE_OCRW0x0F  ///< Optical card reader/writer 
device
+#define EFI_SCSI_TYPE_BRIDGE  0x10  ///< Bridge Controller Commands
+#define EFI_SCSI_TYPE_OSD 0x11  ///< Object-based Storage Device
+#define EFI_SCSI_TYPE_AUTOMATION  0x12  ///< Automation/Drive Interface
+#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13  ///< Security manager device
+#define EFI_SCSI_TYPE_RESERVED_LOW0x14  ///< Reserved (low)
+#define EFI_SCSI_TYPE_RESERVED_HIGH   0x1D  ///< Reserved (high)
+#define EFI_SCSI_TYPE_WLUN0x1E  ///< Well known logical unit
+#define EFI_SCSI_TYPE_UNKNOWN 0x1F  ///< Unknown or no device type
 
 //
 // Page Codes for INQUIRY command
diff --git a/MdePkg/Include/Library/UefiScsiLib.h 
b/MdePkg/Include/Library/UefiScsiLib.h
index 10dd81902b..a0d99e703a 100644
--- a/MdePkg/Include/Library/UefiScsiLib.h
+++ b/MdePkg/Include/Library/UefiScsiLib.h
@@ -5,7 +5,7 @@
   for hard drive, CD and DVD devices that are the most common SCSI boot 
targets used by UEFI platforms.
   This library class depends on SCSI I/O Protocol defined in UEFI 
Specification and SCSI-2 industry standard.
 
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights 

[edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

[Zurcher, Christopher J]

This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the
ScsiDiskDxe driver.

Support is currently limited to the RPMB Well-known LUN for UFS devices.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 
Signed-off-by: Christopher J Zurcher 
---
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 ++-
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 522 +++-
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  19 +-
 5 files changed, 698 insertions(+), 22 deletions(-)

diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
index 5500d828e9..40818e669b 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
@@ -3,7 +3,7 @@
 #  It detects the SCSI disk media and installs Block I/O and Block I/O2 
Protocol on
 #  the device handle.
 #
-#  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -52,6 +52,7 @@
   gEfiBlockIoProtocolGuid   ## BY_START
   gEfiBlockIo2ProtocolGuid  ## BY_START
   gEfiEraseBlockProtocolGuid## BY_START
+  gEfiStorageSecurityCommandProtocolGuid## BY_START
   gEfiScsiIoProtocolGuid## TO_START
   gEfiScsiPassThruProtocolGuid  ## TO_START
   gEfiExtScsiPassThruProtocolGuid   ## TO_START
diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h 
b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
index 42c095..2d8679ec6f 100644
--- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
+++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h
@@ -1,7 +1,7 @@
 /** @file
   Header file for SCSI Disk Driver.
 
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include 
 #include 
 #include 
+#include 
 
 
 #include 
@@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 
 #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0
 
+#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0)
+
+#define UFS_WLUN_RPMB 0xC4
+
 typedef struct {
   UINT32MaxLbaCnt;
   UINT32MaxBlkDespCnt;
@@ -51,6 +56,8 @@ typedef struct {
 
   EFI_HANDLEHandle;
 
+  EFI_STORAGE_SECURITY_COMMAND_PROTOCOL   StorageSecurity;
+
   EFI_BLOCK_IO_PROTOCOL BlkIo;
   EFI_BLOCK_IO2_PROTOCOLBlkIo2;
   EFI_BLOCK_IO_MEDIABlkIoMedia;
@@ -95,6 +102,7 @@ typedef struct {
 #define SCSI_DISK_DEV_FROM_BLKIO(a)  CR (a, SCSI_DISK_DEV, BlkIo, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_BLKIO2(a)  CR (a, SCSI_DISK_DEV, BlkIo2, 
SCSI_DISK_DEV_SIGNATURE)
 #define SCSI_DISK_DEV_FROM_ERASEBLK(a)  CR (a, SCSI_DISK_DEV, EraseBlock, 
SCSI_DISK_DEV_SIGNATURE)
+#define SCSI_DISK_DEV_FROM_STORSEC(a)  CR (a, SCSI_DISK_DEV, StorageSecurity, 
SCSI_DISK_DEV_SIGNATURE)
 
 #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, 
SCSI_DISK_DEV_SIGNATURE)
 
@@ -638,6 +646,151 @@ ScsiDiskEraseBlocks (
   );
 
 
+/**
+  Send a security protocol command to a device that receives data and/or the 
result
+  of one or more commands sent by SendData.
+
+  The ReceiveData function sends a security protocol command to the given 
MediaId.
+  The security protocol command sent is defined by SecurityProtocolId and 
contains
+  the security protocol specific data SecurityProtocolSpecificData. The 
function
+  returns the data from the security protocol command in PayloadBuffer.
+
+  For devices supporting the SCSI command set, the security protocol command 
is sent
+  using the SECURITY PROTOCOL IN command defined in SPC-4.
+
+  If PayloadBufferSize is too small to store the available data from the 
security
+  protocol command, the function shall copy PayloadBufferSize bytes into the
+  PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
+
+  If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is 
non-zero,
+  the function shall return EFI_INVALID_PARAMETER.
+
+  If the given MediaId does not support security protocol commands, the 
function shall
+  return EFI_UNSUPPORTED. If there is no media in the device, the function 
returns
+  EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the 
device,
+  the function returns EFI_MEDIA_CHANGED.
+
+  If the security protocol fails to complete within the Timeout period, the 
function
+  shall return EFI_TIMEOUT.
+
+  If the security protocol command completes without an error, the function 
shall
+  return EFI_SUCCESS. If the 

[edk2-devel] [PATCH v4 0/2] Add SCSI Support for Storage Security Command Protocol

[Zurcher, Christopher J]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546

V4 changes:
Add SSC Protocol in addition to BlockIo instead of in place of BlockIo.
Add error handling for (BlockSize == 0) in Read and WriteBlocks commands
to handle partitions that do not support ReadCapacity().

V3 changes:
Initialize AlignedBuffer variable in ScsiDiskReceiveData and
ScsiDiskSendData functions. Remove redundant input validation and debug
message in ScsiDiskSendData.

V2 changes:
Split the patch into separate commits for separate packages.

To support RPMB access on UFS devices, support must be added to
the ScsiDiskDxe driver for the Storage Security Command Protocol.

Cc: Michael D Kinney 
Cc: Jiewen Yao 
Cc: Jian J Wang 
Cc: Liming Gao 

Christopher J Zurcher (2):
  MdePkg: Implement SCSI commands for Security Protocol In/Out
  MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol

 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf |   3 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h  | 171 ++-
 MdePkg/Include/IndustryStandard/Scsi.h|  48 +-
 MdePkg/Include/Library/UefiScsiLib.h  | 126 -
 MdePkg/Include/Protocol/ScsiIo.h  |   9 +-
 MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c|   5 +-
 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c  | 522 +++-
 MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c |  19 +-
 MdePkg/Library/UefiScsiLib/UefiScsiLib.c  | 205 +++-
 9 files changed, 1064 insertions(+), 44 deletions(-)

-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42321): https://edk2.groups.io/g/devel/message/42321
Mute This Topic: https://groups.io/mt/32048245/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-