Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64
The GCC build fails with this error: `OPENSSL_ia32cap_P' referenced in section `.text.OPENSSL_cpuid_setup' of /tmp/ccIIRAYs.ltrans20.ltrans.o: defined in discarded section `COMMON' of /mnt/c/mssql/tiano/Build/OvmfX64/DEBUG_GCC5/X64/CryptoPkg/Library/OpensslLib/OpensslLibX64/OUTPUT/OpensslLibX64.lib(x86_64cpuid.obj) The code in question is here: > section .CRT$XCU rdata align=8 > DQ OPENSSL_cpuid_setup > > common OPENSSL_ia32cap_P 16 I have tried disabling LTO with -fno-lto and setting -O0 but I still get this error. At this point I don't know what else to try. Thanks, Christopher Zurcher > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, September 22, 2020 19:35 > To: Zurcher, Christopher J ; Jiang, Guomin > ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > instruction support for X64 > > For GCC, please refer to > https://github.com/tianocore/tianocore.github.io/wiki/Using-EDK-II-with- > Native-GCC > > For LLVM, please refer to > https://github.com/tianocore/tianocore.github.io/wiki/CLANG9-Tools-Chain > > Thank you > Yao Jiewen > > > -Original Message- > > From: Zurcher, Christopher J > > Sent: Tuesday, September 22, 2020 11:22 PM > > To: Jiang, Guomin ; devel@edk2.groups.io; Yao, > > Jiewen > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Ard Biesheuvel > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > instruction support for X64 > > > > I have unit tested SHA1, SHA512, and AES as well. > > I do not have the build environment available to test GCC and LLVM. > > > > -- > > Christopher Zurcher > > > > > -Original Message- > > > From: Jiang, Guomin > > > Sent: Wednesday, September 16, 2020 02:17 > > > To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher, > > > Christopher J > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Ard Biesheuvel > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > > instruction support for X64 > > > > > > Hi Zurcher, > > > > > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think > > > those > > > > need unit test for them too. > > > > > > Can you update the status about it? > > > > > > > [Jiewen] I think we need support build with GCC and LLVM, and with X64. > > > > > > It is better to support the GCC and LLVM. > > > > > > Thanks > > > Guomin > > > > > > > -Original Message- > > > > From: devel@edk2.groups.io On Behalf Of Yao, > > > > Jiewen > > > > Sent: Tuesday, August 25, 2020 7:36 AM > > > > To: Zurcher, Christopher J ; > > > > devel@edk2.groups.io > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; Ard Biesheuvel > > > > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > native > > > > instruction support for X64 > > > > > > > > Below: > > > > > > > > > -Original Message- > > > > > From: Zurcher, Christopher J > > > > > Sent: Tuesday, August 25, 2020 5:26 AM > > > > > To: devel@edk2.groups.io; Zurcher, Christopher J > > > > > ; Yao, Jiewen > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; > > > > > Ard Biesheuvel > > > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > native > > > > > instruction support for X64 > > > > > > > > > > 1) I have confirmed that the ApiHooks.c file is still required even > > > without > > > > the AVX > > > > > instructions included. The x86_64 assembly files in OpenSSL set a > flag > > > called > > > > > $win64 and automatically include calls to the RtlVirtualUnwind > function > > > if > > > > NASM > > > > > is selected as the assembler scheme. > > > > > > > > > > https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt- > > > > > rtlvirtualunwind > > > > > > > > > > I have submitted an issue against OpenSSL since I don't think using > the > > > > NASM > > > > > assembler should force the inclusion of Windows-specific API hooks, > but > > > > that > > &
Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64
I've discovered the failure was because CryptoPkg includes its own stddef.h which is a wrapper for CrtLibSupport.h I have added the required definitions to this file and have resolved the error: typedef INTN ptrdiff_t; typedef UINT32 wchar_t; Thanks, Christopher Zurcher > -Original Message- > From: devel@edk2.groups.io On Behalf Of gaoliming > Sent: Thursday, September 24, 2020 17:49 > To: devel@edk2.groups.io; Zurcher, Christopher J > ; Yao, Jiewen ; Jiang, > Guomin > Cc: Wang, Jian J ; Lu, XiaoyuX ; > 'Ard Biesheuvel' > Subject: 回复: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > instruction support for X64 > > Zurcher: > Can you specify the detail build step to reproduce the build error with > CLANGPDB tool chain? > > Thanks > Liming > > -邮件原件- > > 发件人: bounce+27952+65588+4905953+8761...@groups.io > > 代表 Zurcher, > > Christopher J > > 发送时间: 2020年9月25日 8:28 > > 收件人: Yao, Jiewen ; Jiang, Guomin > > ; devel@edk2.groups.io > > 抄送: Wang, Jian J ; Lu, XiaoyuX > > ; Ard Biesheuvel > > 主题: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > instruction support for X64 > > > > I was able to successfully build and run the non-optimized code with LLVM, > > but the optimized version returns this error during build: > > > > C:\Program Files\LLVM\lib\clang\9.0.0\include\stdatomic.h:91:17: error: > > unknown type name 'wchar_t' > > typedef _Atomic(wchar_t)atomic_wchar_t; > > > > Is there a known build issue with CLANGPDB and the stdatomic.h file? > > > > Thanks, > > Christopher Zurcher > > > > > -Original Message- > > > From: Yao, Jiewen > > > Sent: Tuesday, September 22, 2020 19:35 > > > To: Zurcher, Christopher J ; Jiang, > Guomin > > > ; devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Ard Biesheuvel > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > native > > > instruction support for X64 > > > > > > For GCC, please refer to > > > https://github.com/tianocore/tianocore.github.io/wiki/Using-EDK-II-with- > > > Native-GCC > > > > > > For LLVM, please refer to > > > https://github.com/tianocore/tianocore.github.io/wiki/CLANG9-Tools-Chain > > > > > > Thank you > > > Yao Jiewen > > > > > > > -Original Message- > > > > From: Zurcher, Christopher J > > > > Sent: Tuesday, September 22, 2020 11:22 PM > > > > To: Jiang, Guomin ; devel@edk2.groups.io; Yao, > > > > Jiewen > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > ; > > > > Ard Biesheuvel > > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > > native > > > > instruction support for X64 > > > > > > > > I have unit tested SHA1, SHA512, and AES as well. > > > > I do not have the build environment available to test GCC and LLVM. > > > > > > > > -- > > > > Christopher Zurcher > > > > > > > > > -Original Message- > > > > > From: Jiang, Guomin > > > > > Sent: Wednesday, September 16, 2020 02:17 > > > > > To: devel@edk2.groups.io; Yao, Jiewen ; > > Zurcher, > > > > > Christopher J > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; > > > > > Ard Biesheuvel > > > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > > native > > > > > instruction support for X64 > > > > > > > > > > Hi Zurcher, > > > > > > > > > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I > think > > > > > those > > > > > > need unit test for them too. > > > > > > > > > > Can you update the status about it? > > > > > > > > > > > [Jiewen] I think we need support build with GCC and LLVM, and with > > X64. > > > > > > > > > > It is better to support the GCC and LLVM. > > > > > > > > > > Thanks > > > > > Guomin > > > > > > > > > > > -Original Message- > > > > > > From: devel@edk2.groups.io On Behalf Of > > Yao, > > > > > > Jiewen > > > > > > Sent: Tuesday, August 25, 2020 7:36 AM > > > > > > T
Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64
I was able to successfully build and run the non-optimized code with LLVM, but the optimized version returns this error during build: C:\Program Files\LLVM\lib\clang\9.0.0\include\stdatomic.h:91:17: error: unknown type name 'wchar_t' typedef _Atomic(wchar_t)atomic_wchar_t; Is there a known build issue with CLANGPDB and the stdatomic.h file? Thanks, Christopher Zurcher > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, September 22, 2020 19:35 > To: Zurcher, Christopher J ; Jiang, Guomin > ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > instruction support for X64 > > For GCC, please refer to > https://github.com/tianocore/tianocore.github.io/wiki/Using-EDK-II-with- > Native-GCC > > For LLVM, please refer to > https://github.com/tianocore/tianocore.github.io/wiki/CLANG9-Tools-Chain > > Thank you > Yao Jiewen > > > -Original Message- > > From: Zurcher, Christopher J > > Sent: Tuesday, September 22, 2020 11:22 PM > > To: Jiang, Guomin ; devel@edk2.groups.io; Yao, > > Jiewen > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Ard Biesheuvel > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > instruction support for X64 > > > > I have unit tested SHA1, SHA512, and AES as well. > > I do not have the build environment available to test GCC and LLVM. > > > > -- > > Christopher Zurcher > > > > > -Original Message- > > > From: Jiang, Guomin > > > Sent: Wednesday, September 16, 2020 02:17 > > > To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher, > > > Christopher J > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Ard Biesheuvel > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > > instruction support for X64 > > > > > > Hi Zurcher, > > > > > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think > > > those > > > > need unit test for them too. > > > > > > Can you update the status about it? > > > > > > > [Jiewen] I think we need support build with GCC and LLVM, and with X64. > > > > > > It is better to support the GCC and LLVM. > > > > > > Thanks > > > Guomin > > > > > > > -Original Message- > > > > From: devel@edk2.groups.io On Behalf Of Yao, > > > > Jiewen > > > > Sent: Tuesday, August 25, 2020 7:36 AM > > > > To: Zurcher, Christopher J ; > > > > devel@edk2.groups.io > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; Ard Biesheuvel > > > > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > native > > > > instruction support for X64 > > > > > > > > Below: > > > > > > > > > -Original Message- > > > > > From: Zurcher, Christopher J > > > > > Sent: Tuesday, August 25, 2020 5:26 AM > > > > > To: devel@edk2.groups.io; Zurcher, Christopher J > > > > > ; Yao, Jiewen > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; > > > > > Ard Biesheuvel > > > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > native > > > > > instruction support for X64 > > > > > > > > > > 1) I have confirmed that the ApiHooks.c file is still required even > > > without > > > > the AVX > > > > > instructions included. The x86_64 assembly files in OpenSSL set a > flag > > > called > > > > > $win64 and automatically include calls to the RtlVirtualUnwind > function > > > if > > > > NASM > > > > > is selected as the assembler scheme. > > > > > > > > > > https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt- > > > > > rtlvirtualunwind > > > > > > > > > > I have submitted an issue against OpenSSL since I don't think using > the > > > > NASM > > > > > assembler should force the inclusion of Windows-specific API hooks, > but > > > > that > > > > > change cannot be made in OpenSSL 1.1.1 and we will have to wait for > > > > OpenSSL 3 > > > > > or later to remove the stub function. > > > > > > > > > > https://github.com/openssl/openssl/issues/12712
Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64
I have unit tested SHA1, SHA512, and AES as well. I do not have the build environment available to test GCC and LLVM. -- Christopher Zurcher > -Original Message- > From: Jiang, Guomin > Sent: Wednesday, September 16, 2020 02:17 > To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher, > Christopher J > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > instruction support for X64 > > Hi Zurcher, > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think > those > > need unit test for them too. > > Can you update the status about it? > > > [Jiewen] I think we need support build with GCC and LLVM, and with X64. > > It is better to support the GCC and LLVM. > > Thanks > Guomin > > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of Yao, > > Jiewen > > Sent: Tuesday, August 25, 2020 7:36 AM > > To: Zurcher, Christopher J ; > > devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; Ard Biesheuvel > > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > instruction support for X64 > > > > Below: > > > > > -Original Message- > > > From: Zurcher, Christopher J > > > Sent: Tuesday, August 25, 2020 5:26 AM > > > To: devel@edk2.groups.io; Zurcher, Christopher J > > > ; Yao, Jiewen > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Ard Biesheuvel > > > Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > > instruction support for X64 > > > > > > 1) I have confirmed that the ApiHooks.c file is still required even > without > > the AVX > > > instructions included. The x86_64 assembly files in OpenSSL set a flag > called > > > $win64 and automatically include calls to the RtlVirtualUnwind function > if > > NASM > > > is selected as the assembler scheme. > > > > > > https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt- > > > rtlvirtualunwind > > > > > > I have submitted an issue against OpenSSL since I don't think using the > > NASM > > > assembler should force the inclusion of Windows-specific API hooks, but > > that > > > change cannot be made in OpenSSL 1.1.1 and we will have to wait for > > OpenSSL 3 > > > or later to remove the stub function. > > > > > > https://github.com/openssl/openssl/issues/12712 > > > > > > > [Jiewen] Thanks. > > > > > 2) So far I have only built with VS. > > > > > > > [Jiewen] I think we need support build with GCC and LLVM, and with X64. > > > > > > > 3) The X64 SHA256 implementation was successfully exercised across a > > large > > > number of devices in a production environment as a verification step in a > > multi- > > > GB data transfer scenario. > > > > > > > [Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think > those > > need unit test for them too. > > > > > > > Thanks, > > > Christopher Zurcher > > > > > > > -Original Message- > > > > From: devel@edk2.groups.io On Behalf Of > > Zurcher, > > > > Christopher J > > > > Sent: Tuesday, August 18, 2020 15:50 > > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > ; > > > > Ard Biesheuvel > > > > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add > > native > > > > instruction support for X64 > > > > > > > > After further review, the ApiHooks.c file may no longer be needed since > > we > > > > are no longer including the AVX instructions. I will look over the > > > > dependencies and send a new patch set if I can eliminate the API hooks > > file. > > > > > > > > Thanks, > > > > Christopher Zurcher > > > > > > > > > -Original Message- > > > > > From: Yao, Jiewen > > > > > Sent: Thursday, August 13, 2020 08:04 > > > > > To: Zurcher, Christopher J ; > > > > > devel@edk2.groups.io > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > ; > > > > > Ard Biesheuvel > > > > > Subject: RE: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > > instruction > > > > > support for X64 &
Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
OK, abandoning this patch set. The BZ can stay open as we will still have to migrate the existing files to EVP eventually. -- Christopher Zurcher > -Original Message- > From: Yao, Jiewen > Sent: Wednesday, September 16, 2020 18:34 > To: Zurcher, Christopher J ; Laszlo Ersek > ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: RE: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP > (Envelope) Digest interface > > Thanks to ask this question Christopher. > > When we create the CryptoPkg, our goal is to pick openssl as implementation > choice. We don’t want to mandate any > EDKII consumer use openssl. > > The EDKII consumer shall have freedom to choose whatever crypto library they > want to use. Even Intel IPP and mebdTLS > are options. A vendor may choose a GPL wolfssl, or vendor proprietary close > source implementation. We choose openssl > just because it is the BSD license and it is used widely when we make > decision. > > That is why we spend effort to design BaseCryptoLib API to abstract the > crypto action, instead of calling openssl > function directly in our code. > Whenever we add new API, we need evaluate if it is applicable for any other > crypto implantation and have negative > impact. > > That assumption that EDKII must link openssl is NOT our original intent. > Feel free to drop the patch or reject the Bugzilla, if you want. > > Thank you > Yao Jiewen > > > -Original Message- > > From: Zurcher, Christopher J > > Sent: Thursday, September 17, 2020 9:21 AM > > To: Laszlo Ersek ; Yao, Jiewen ; > > devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > Subject: RE: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP > > (Envelope) Digest interface > > > > Jiewen, > > > > This patch set assumes that EDK2 is linked with OpenSSL for the foreseeable > > future. The end goal would be to move all applicable Crypto access to the > > EVP > > interface and remove the individual modules we maintain for each algorithm. > > The primary benefit here is reducing complexity and code duplication. > > Without > > this end goal, this patch set will not be particularly useful. > > > > If the design goal of BaseCryptLib is to allow OpenSSL to be replaced by > > other > > crypto providers, I should abandon this patch set, and we can save the EVP > > transition for when moving to OpenSSL 3 becomes mandatory. At that time, the > > CryptX.c family can be modified to call EVP functions. > > (This could even be done transparently, by returning UINTN from > > GetContextSize > > and using the user-supplied "context" to store the OpenSSL-supplied context > > pointer.) > > Delaying EVP adoption in this case would also allow more time for platforms > > to > > adopt the Crypto Services model, which should help offset the size impact. > > > > Please let me know which path should be taken. > > > > Thanks, > > Christopher Zurcher > > > > > -Original Message- > > > From: Laszlo Ersek > > > Sent: Wednesday, September 16, 2020 09:05 > > > To: Yao, Jiewen ; devel@edk2.groups.io; Zurcher, > > Christopher J > > > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > > > > Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP > > (Envelope) Digest interface > > > > > > On 09/16/20 16:17, Yao, Jiewen wrote: > > > > Thank you Laszlo. > > > > You forced me to read the code again and more carefully. :-) > > > > > > > > I believe I understand why you use NULL to free the context now - to > > > > support > > error path. > > > > > > > > First, I did have some new thought for EVP API. Let’s consider 3 cases, > > > > 1) > > Hash all data one time, 2) Hash update > > > data multiple times, 3) Error during update. > > > > > > > > A. In current design, the API sequence is: > > > > 1) EvpMdHashAll (Digest) > > > > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest) > > > > 3) EvpMdInit, EvpMdUpdate->ERROR, EvpMdFinal (NULL) > > > > > > > > B. We can auto free context in EvpMdUpdate in error path - the API > > sequence is: > > > > 1) EvpMdHashAll (Digest) > > > > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest) > > > > 3) EvpMdInit, EvpMdUpdate->ERROR > > > > > > I don't like "B" because in the loop body
Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
Jiewen, This patch set assumes that EDK2 is linked with OpenSSL for the foreseeable future. The end goal would be to move all applicable Crypto access to the EVP interface and remove the individual modules we maintain for each algorithm. The primary benefit here is reducing complexity and code duplication. Without this end goal, this patch set will not be particularly useful. If the design goal of BaseCryptLib is to allow OpenSSL to be replaced by other crypto providers, I should abandon this patch set, and we can save the EVP transition for when moving to OpenSSL 3 becomes mandatory. At that time, the CryptX.c family can be modified to call EVP functions. (This could even be done transparently, by returning UINTN from GetContextSize and using the user-supplied "context" to store the OpenSSL-supplied context pointer.) Delaying EVP adoption in this case would also allow more time for platforms to adopt the Crypto Services model, which should help offset the size impact. Please let me know which path should be taken. Thanks, Christopher Zurcher > -Original Message- > From: Laszlo Ersek > Sent: Wednesday, September 16, 2020 09:05 > To: Yao, Jiewen ; devel@edk2.groups.io; Zurcher, > Christopher J > > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: Re: [edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP > (Envelope) Digest interface > > On 09/16/20 16:17, Yao, Jiewen wrote: > > Thank you Laszlo. > > You forced me to read the code again and more carefully. :-) > > > > I believe I understand why you use NULL to free the context now - to > > support error path. > > > > First, I did have some new thought for EVP API. Let’s consider 3 cases, 1) > > Hash all data one time, 2) Hash update > data multiple times, 3) Error during update. > > > > A. In current design, the API sequence is: > > 1) EvpMdHashAll (Digest) > > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest) > > 3) EvpMdInit, EvpMdUpdate->ERROR, EvpMdFinal (NULL) > > > > B. We can auto free context in EvpMdUpdate in error path - the API > > sequence is: > > 1) EvpMdHashAll (Digest) > > 2) EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal (Digest) > > 3) EvpMdInit, EvpMdUpdate->ERROR > > I don't like "B" because in the loop body where you call EvpMdUpdate(), > you may encounter an error from a different source than EvpMdUpdate() > itself. For example, you may be reading data from the network or a disk > file. If fetching the next chunk fails, we'd still want to clean up the > EVP MD context. Therefore, if EvpMdUpdate() would itself invalidate the > context, if it failed, then that would *complicate* the error path. (= > Clean up the context after the loop body *only* if something different > from EvpMdUpdate() failed.) > > > > > C: We can use New/Free style - similar to HMAC > > 1) EvpMdHashAll (Digest) > > 2) EvpMdNew, EvpMdInit, EvpMdUpdate, EvpMdUpdate, ... , EvpMdFinal > > (Digest), EvpMdFree > > 3) EvpMdNew, EvpMdInit, EvpMdUpdate->ERROR, EvpMdFree > > Yes, this was the first pattern, the one that caused me to say "please > don't do this". In this pattern, the context may exist between "New" and > "Init", and also between "Final" and "Free". Those two states are > useless and only good for causing confusion. > > For example, are you allowed to Duplicate a context in those states? > It's best to prevent even the *asking* of that question. > > > > > I checked below APIs: > > 1) openssl (EVP_MD_CTX_new, EVP_DigestInit_ex, EVP_DigestUpdate, > > EVP_DigestFinal_ex, EVP_MD_CTX_free) > > 2) mbedtls (mbedtls_sha256_init, mbedtls_sha256_starts_ret, > > mbedtls_sha256_update_ret, mbedtls_sha256_finish_ret, > mbedtls_sha256_free) > > 3) BaseCryptoLib HMAC (HmacSha256New, HmacSha256SetKey, HmacSha256Update, > > HmacSha256Final, HmacSha256Free) > > > > All APIs include free function to free the context, I don’t think it is a > > bad idea to have EvpMdFree() API. > > I would like to propose option - C. > > - I cannot comment on mbedtls (2). > > - I think the current BaseCryptLib HMAC APIs (3) are not great, and we > should use this opportunity to improve upon them. > > - Regarding openssl (1), as I understand it, the situation is different > from edk2. In OpenSSL, EVP_MD_CTX is *not* an opaque type (expressed in > C language terms, it is not an "incomplete" type, but a "complete" > type). Therefore, an expression such as sizeof(EVP_MD_CTX) works. > > The consequence is that OpenSSL code itself can use the following style: > > void func(void) > {
[edk2-devel] [PATCH v3 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 V3 changes: Added list of valid Digest Names to EvpMdInit() header Added missing copy of CryptEvpMdNull.c in BaseCryptLibNull folder V2 changes: Added NullLib implementation Added Crypto Service implementation Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions Removed unnecessary casts Added "HashAll" utility function Merged "New" and "Init" functions as well as "Final" and "Free" functions Retained "Init/Update/Final" naming instead of "New/Update/Free" as this conforms with common usage Low-level interfaces to message digest (hash) functions have been deprecated in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to low-level functions (such as SHA256_Init() in CryptSha256.c) will need to be replaced by EVP inteface calls. References: https://www.openssl.org/docs/manmaster/man7/evp.html https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Christopher J Zurcher (3): CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface CryptoPkg: Add EVP to Crypto Service driver interface SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface CryptoPkg/CryptoPkg.dsc | 3 + CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 + CryptoPkg/Include/Library/BaseCryptLib.h| 129 CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h| 10 + CryptoPkg/Private/Protocol/Crypto.h | 131 SecurityPkg/Hash2DxeCrypto/Driver.h | 1 - CryptoPkg/Driver/Crypto.c | 152 - CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257 +++ CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 144 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++-- 16 files changed, 1117 insertions(+), 316 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c -- 2.28.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65291): https://edk2.groups.io/g/devel/message/65291 Mute This Topic: https://groups.io/mt/76878641/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v3 3/3] SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Christopher J Zurcher --- SecurityPkg/Hash2DxeCrypto/Driver.h | 1 - SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++-- 2 files changed, 31 insertions(+), 315 deletions(-) diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.h b/SecurityPkg/Hash2DxeCrypto/Driver.h index 7b8996912a..ac811b3977 100644 --- a/SecurityPkg/Hash2DxeCrypto/Driver.h +++ b/SecurityPkg/Hash2DxeCrypto/Driver.h @@ -50,7 +50,6 @@ typedef struct { LIST_ENTRY InstEntry; EFI_HASH2_PROTOCOL Hash2Protocol; VOID *HashContext; - VOID *HashInfoContext; BOOLEAN Updated; } HASH2_INSTANCE_DATA; diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c index d96bc136e2..f31bc79f04 100644 --- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c +++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c @@ -2,7 +2,7 @@ This module implements Hash2 Protocol. (C) Copyright 2015 Hewlett-Packard Development Company, L.P. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -18,241 +18,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "Driver.h" -/** - Retrieves the size, in bytes, of the context buffer required for hash operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for hash operations. - @retval 0 This interface is not supported. - -**/ -typedef -UINTN -(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) ( - VOID - ); - -/** - Initializes user-supplied memory pointed by Sha1Context as hash context for - subsequent use. - - If HashContext is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HashContext Pointer to Hashcontext being initialized. - - @retval TRUE Hash context initialization succeeded. - @retval FALSE Hash context initialization failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EFI_HASH_INIT) ( - OUT VOID *HashContext - ); - -/** - Digests the input data and updates Hash context. - - This function performs Hash digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - Hash context should be already correctly initialized by HashInit(), and should not be finalized - by HashFinal(). Behavior with invalid context is undefined. - - If HashContext is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HashContext Pointer to the Hash context. - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE SHA-1 data digest succeeded. - @retval FALSE SHA-1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EFI_HASH_UPDATE) ( - IN OUT VOID*HashContext, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the Hash digest value. - - This function completes hash computation and retrieves the digest value into - the specified memory. After this function has been called, the Hash context cannot - be used again. - Hash context should be already correctly initialized by HashInit(), and should not be - finalized by HashFinal(). Behavior with invalid Hash context is undefined. - - If HashContext is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HashContext Pointer to the Hash context. - @param[out] HashValuePointer to a buffer that receives the Hash digest -value. - - @retval TRUE Hash digest computation succeeded. - @retval FALSE Hash digest computation failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EFI_HASH_FINAL) ( - IN OUT VOID *HashContext, - OUT UINT8 *HashValue - ); - typedef struct { - EFI_GUID *Guid; - UINT32 HashSize; - EFI_HASH_GET_CONTEXT_SIZE GetContextSize; - EFI_HASH_INIT Init; - EFI_HASH_UPDATEUpdate; - EFI_HASH_FINAL Final; + EFI_GUID *Guid; + UINT32HashSize; + CONST CHAR8 *DigestName; } EFI_HASH_INFO; EFI_HASH_INFO mHashInfo[] = { - {, sizeof(EFI_MD5_HASH2),Md5GetContextSize, Md5Init,Md5Update,Md5Final }, - {,sizeof(EFI_SHA1_HASH2),
[edk2-devel] [PATCH v3 2/3] CryptoPkg: Add EVP to Crypto Service driver interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/CryptoPkg.dsc| 3 + CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 ++ CryptoPkg/Private/Protocol/Crypto.h| 131 + CryptoPkg/Driver/Crypto.c | 152 +++- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++ 5 files changed, 439 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 1af78468a1..af3fceb99f 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -159,6 +159,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif !if $(CRYPTO_SERVICES) == MIN_PEI @@ -173,6 +174,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM @@ -203,6 +205,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif ### diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 44fb0262f4..b79c98d679 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -288,6 +288,16 @@ typedef struct { } Services; UINT32Family; } TlsGet; + union { +struct { + UINT8 Init:1; + UINT8 Duplicate:1; + UINT8 Update:1; + UINT8 Final:1; + UINT8 HashAll:1; +} Services; +UINT32Family; + } EvpMd; } PCD_CRYPTO_SERVICE_FAMILY_ENABLE; #endif diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index c399e0d67a..a3dffc0ce0 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3434,6 +3434,131 @@ EFI_STATUS IN OUT UINTN*DataSize ); +/** + Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use. + + If DigestName is NULL, then return FALSE. + + @param[in]DigestNamePointer to the digest name as a NULL-terminated ASCII string. + Valid digest names are: + MD5, SHA1, SHA224, SHA256, SHA384, SHA512 + SHA3-224, SHA3-256, SHA3-384, SHA3-512 + SM3 + + @return Pointer to the EVP_MD_CTX context that has been allocated and initialized. + If DigestName is invalid, returns NULL. + If the allocations fails, returns NULL. + If initialization fails, returns NULL. + +**/ +typedef +VOID * +(EFIAPI* EDKII_CRYPTO_EVPMD_INIT)( + IN CONST CHAR8 *DigestName + ); + +/** + Makes a copy of an existing EVP_MD context. + + If EvpMdContext is NULL, then return FALSE. + If NewEvpMdContext is NULL, then return FALSE. + + @param[in] EvpMdContext Pointer to EVP_MD context being copied. + @param[out] NewEvpMdContext Pointer to new EVP_MD context. + + @retval TRUE EVP_MD context copy succeeded. + @retval FALSE EVP_MD context copy failed. + +**/ +typedef +BOOLEAN +(EFIAPI* EDKII_CRYPTO_EVPMD_DUPLICATE)( + IN CONST VOID*EvpMdContext, + OUT VOID *NewEvpMdContext + ); + +/** + Digests the input data and updates EVP_MD context. + + This function performs EVP digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + EVP_MD context should be already correctly
[edk2-devel] [PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 The EVP interface should be used in place of discrete digest function calls. Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 + CryptoPkg/Include/Library/BaseCryptLib.h| 129 ++ CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 ++ CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 ++ 9 files changed, 647 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 4aae2aba95..3968f29412 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -50,6 +50,7 @@ Pk/CryptAuthenticode.c Pk/CryptTs.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index dc28e3a11d..d0b91716d0 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -57,6 +57,7 @@ Pk/CryptTsNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 5005beed02..9f3accd35b 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -56,6 +56,7 @@ Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 91ec3e03bf..420623cdc6 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -54,6 +54,7 @@ Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 689af4fedd..542ac2e2e1 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -50,6 +50,7 @@ Pk/CryptTsNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c + Evp/CryptEvpMdNull.c [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ae9bde9e37..5e1b408b54 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1012,6 +1012,135 @@ HmacSha256Final ( OUT UINT8 *HmacValue ); +//= +//EVP (Envelope) Primitive +//= + +/** + Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use. + + If DigestName is NULL, then return FALSE. + + @param[in]DigestNamePointer to the digest name as a NULL-terminated ASCII string. + Valid digest names are: + MD5, SHA1, SHA224, SHA256, SHA384, SHA512 + SHA3-224, SHA3-256, SHA3-384, SHA3-512 + SM3 + + @return Pointer to the EVP_MD_CTX context that has been allocated and initialized. + If DigestName is invalid, returns NULL. + If the allocations fails, returns NULL. + If initialization fails, returns NULL. + +**/ +VOID * +EFIAPI +EvpMdInit ( + IN CONST CHAR8 *DigestName + ); + +/** + Makes a copy of an existing EVP_MD context. + + If EvpMdContext is NULL, then return FALSE. + If NewEvpMdContext is NULL, then return FALSE. + + @param[in] EvpMdContext Pointer to EVP_MD context being copied. + @param[out] NewEvpMdContext Pointer to new EVP_MD context. + + @retval TRUE EVP_MD context copy succeeded. + @retval FALSE EVP_MD context copy failed. + +**/ +BOOLEAN +EFIAPI +EvpMdDuplicate ( + IN CONST VOID*EvpMdContext, + OUT VOID *NewEvpMdContext + ); + +/** + Digests the input data and updates EVP_MD context. + + This function performs EVP digest on a data buffer of the specified size. + It can be called multiple times to compute
Re: [edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
Replies inline > -Original Message- > From: Yao, Jiewen > Sent: Monday, September 14, 2020 18:22 > To: Zurcher, Christopher J ; > devel@edk2.groups.io > Cc: Laszlo Ersek ; Wang, Jian J ; > Lu, XiaoyuX > Subject: RE: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest > interface > > Hi Zurcher: > Thanks for your work. > 1) Please share with us what unit test you have done for all new APIs. I unit tested both the native and Crypto Service implementations through the modified Hash2DxeCrypto protocol. I tested the Init/Update/Final flow as well as the HashAll function. > > 2) Please add comment on what is the valid DigestName in EvpMdInit(). > Otherwise, people will have no idea on that. I will add valid options in a comment. I have to send another patch anyway to add a file in my commit (missed the second copy of CryptEvpMdNull.c in the NullLib folder). > > 3) I assume the size will be unchanged if a module does not use the new EVPMD > API, such as UEFI secure boot, TCG trusted boot. Please double confirm if > that is right understanding. Yes, if a module does not call the EVPMD API, it should not grow in size. The Crypto Service build output CryptoDxe.efi grew less than 1% after enabling the EvpMd function family through PcdCryptoServiceFamilyEnable. I suspect this is because the HmacSha256 Family was already enabled, and inside OpenSSL the HMAC functions are wrappers for EVP functions. So even with library-mode BaseCryptLib, any module that already calls the HMAC functions should not see any size change by adding EVP. > > Hi all: > I would like collect feedback on below: > -- "I replaced the MD5 and SHAx functions with EVP functions in > Hash2DxeCrypto, and it grew from ~26k to ~253k." > > If there is negative size impact for the platform BIOS that is using > Hash2DxeCrypto, please share with the community. The size change in Hash2DxeCrypto was seen while using the library-mode BaseCryptLib implementation, not the Crypto Services driver. We cannot move to OpenSSL 3 without replacing all low-level algorithm functions with EVP calls, so platforms using Hash2DxeCrypto will have to eat the size increase eventually. For platforms using Hash2DxeCrypto, moving to the Crypto Services model should help offset this increase. Thanks, Christopher Zurcher > > Thank you > Yao Jiewen > > > -Original Message- > > From: Christopher J Zurcher > > Sent: Tuesday, September 15, 2020 8:58 AM > > To: devel@edk2.groups.io > > Cc: Laszlo Ersek ; Yao, Jiewen ; > > Wang, Jian J ; Lu, XiaoyuX > > Subject: [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest > > interface > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 > > > > V2 changes: > > Added NullLib implementation > > Added Crypto Service implementation > > Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions > > Removed unnecessary casts > > Added "HashAll" utility function > > Merged "New" and "Init" functions as well as "Final" and "Free" functions > > Retained "Init/Update/Final" naming instead of "New/Update/Free" as this > > conforms with common usage > > > > Low-level interfaces to message digest (hash) functions have been > deprecated > > in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to > > low-level functions (such as SHA256_Init() in CryptSha256.c) will need to > > be replaced by EVP inteface calls. > > > > References: > > https://www.openssl.org/docs/manmaster/man7/evp.html > > https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html > > > > Cc: Laszlo Ersek > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > > > Christopher J Zurcher (3): > > CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface > > CryptoPkg: Add EVP to Crypto Service driver interface > > SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP > > interface > > > > CryptoPkg/CryptoPkg.dsc | 3 + > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > > CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 + > > CryptoPkg/Include/Library/BaseCryptLib.h| 125 +++ > > CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h| 10 + > > CryptoPkg/Private/Protocol/Crypto.h
[edk2-devel] [PATCH v2 3/3] SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Christopher J Zurcher --- SecurityPkg/Hash2DxeCrypto/Driver.h | 1 - SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++-- 2 files changed, 31 insertions(+), 315 deletions(-) diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.h b/SecurityPkg/Hash2DxeCrypto/Driver.h index 7b8996912a..ac811b3977 100644 --- a/SecurityPkg/Hash2DxeCrypto/Driver.h +++ b/SecurityPkg/Hash2DxeCrypto/Driver.h @@ -50,7 +50,6 @@ typedef struct { LIST_ENTRY InstEntry; EFI_HASH2_PROTOCOL Hash2Protocol; VOID *HashContext; - VOID *HashInfoContext; BOOLEAN Updated; } HASH2_INSTANCE_DATA; diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c index d96bc136e2..f31bc79f04 100644 --- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c +++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c @@ -2,7 +2,7 @@ This module implements Hash2 Protocol. (C) Copyright 2015 Hewlett-Packard Development Company, L.P. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -18,241 +18,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "Driver.h" -/** - Retrieves the size, in bytes, of the context buffer required for hash operations. - - If this interface is not supported, then return zero. - - @return The size, in bytes, of the context buffer required for hash operations. - @retval 0 This interface is not supported. - -**/ -typedef -UINTN -(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) ( - VOID - ); - -/** - Initializes user-supplied memory pointed by Sha1Context as hash context for - subsequent use. - - If HashContext is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[out] HashContext Pointer to Hashcontext being initialized. - - @retval TRUE Hash context initialization succeeded. - @retval FALSE Hash context initialization failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EFI_HASH_INIT) ( - OUT VOID *HashContext - ); - -/** - Digests the input data and updates Hash context. - - This function performs Hash digest on a data buffer of the specified size. - It can be called multiple times to compute the digest of long or discontinuous data streams. - Hash context should be already correctly initialized by HashInit(), and should not be finalized - by HashFinal(). Behavior with invalid context is undefined. - - If HashContext is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HashContext Pointer to the Hash context. - @param[in] Data Pointer to the buffer containing the data to be hashed. - @param[in] DataSize Size of Data buffer in bytes. - - @retval TRUE SHA-1 data digest succeeded. - @retval FALSE SHA-1 data digest failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EFI_HASH_UPDATE) ( - IN OUT VOID*HashContext, - IN CONST VOID *Data, - IN UINTN DataSize - ); - -/** - Completes computation of the Hash digest value. - - This function completes hash computation and retrieves the digest value into - the specified memory. After this function has been called, the Hash context cannot - be used again. - Hash context should be already correctly initialized by HashInit(), and should not be - finalized by HashFinal(). Behavior with invalid Hash context is undefined. - - If HashContext is NULL, then return FALSE. - If HashValue is NULL, then return FALSE. - If this interface is not supported, then return FALSE. - - @param[in, out] HashContext Pointer to the Hash context. - @param[out] HashValuePointer to a buffer that receives the Hash digest -value. - - @retval TRUE Hash digest computation succeeded. - @retval FALSE Hash digest computation failed. - @retval FALSE This interface is not supported. - -**/ -typedef -BOOLEAN -(EFIAPI *EFI_HASH_FINAL) ( - IN OUT VOID *HashContext, - OUT UINT8 *HashValue - ); - typedef struct { - EFI_GUID *Guid; - UINT32 HashSize; - EFI_HASH_GET_CONTEXT_SIZE GetContextSize; - EFI_HASH_INIT Init; - EFI_HASH_UPDATEUpdate; - EFI_HASH_FINAL Final; + EFI_GUID *Guid; + UINT32HashSize; + CONST CHAR8 *DigestName; } EFI_HASH_INFO; EFI_HASH_INFO mHashInfo[] = { - {, sizeof(EFI_MD5_HASH2),Md5GetContextSize, Md5Init,Md5Update,Md5Final }, - {,sizeof(EFI_SHA1_HASH2),
[edk2-devel] [PATCH v2 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 V2 changes: Added NullLib implementation Added Crypto Service implementation Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions Removed unnecessary casts Added "HashAll" utility function Merged "New" and "Init" functions as well as "Final" and "Free" functions Retained "Init/Update/Final" naming instead of "New/Update/Free" as this conforms with common usage Low-level interfaces to message digest (hash) functions have been deprecated in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to low-level functions (such as SHA256_Init() in CryptSha256.c) will need to be replaced by EVP inteface calls. References: https://www.openssl.org/docs/manmaster/man7/evp.html https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Christopher J Zurcher (3): CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface CryptoPkg: Add EVP to Crypto Service driver interface SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface CryptoPkg/CryptoPkg.dsc | 3 + CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 + CryptoPkg/Include/Library/BaseCryptLib.h| 125 +++ CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h| 10 + CryptoPkg/Private/Protocol/Crypto.h | 127 +++ SecurityPkg/Hash2DxeCrypto/Driver.h | 1 - CryptoPkg/Driver/Crypto.c | 148 - CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 ++ CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 +++ CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 140 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++-- 15 files changed, 965 insertions(+), 316 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c -- 2.28.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65236): https://edk2.groups.io/g/devel/message/65236 Mute This Topic: https://groups.io/mt/76856051/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 2/3] CryptoPkg: Add EVP to Crypto Service driver interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/CryptoPkg.dsc| 3 + CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 ++ CryptoPkg/Private/Protocol/Crypto.h| 127 + CryptoPkg/Driver/Crypto.c | 148 +++- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 140 ++ 5 files changed, 427 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index 1af78468a1..af3fceb99f 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -159,6 +159,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif !if $(CRYPTO_SERVICES) == MIN_PEI @@ -173,6 +174,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif !if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM @@ -203,6 +205,7 @@ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE + gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY !endif ### diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h index 44fb0262f4..b79c98d679 100644 --- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h +++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h @@ -288,6 +288,16 @@ typedef struct { } Services; UINT32Family; } TlsGet; + union { +struct { + UINT8 Init:1; + UINT8 Duplicate:1; + UINT8 Update:1; + UINT8 Final:1; + UINT8 HashAll:1; +} Services; +UINT32Family; + } EvpMd; } PCD_CRYPTO_SERVICE_FAMILY_ENABLE; #endif diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h index c399e0d67a..84f1bc3f50 100644 --- a/CryptoPkg/Private/Protocol/Crypto.h +++ b/CryptoPkg/Private/Protocol/Crypto.h @@ -3434,6 +3434,127 @@ EFI_STATUS IN OUT UINTN*DataSize ); +/** + Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use. + + If DigestName is NULL, then return FALSE. + + @param[in]DigestNamePointer to the digest name. + + @return Pointer to the EVP_MD_CTX context that has been allocated and initialized. + If DigestName is invalid, returns NULL. + If the allocations fails, returns NULL. + If initialization fails, returns NULL. + +**/ +typedef +VOID * +(EFIAPI* EDKII_CRYPTO_EVPMD_INIT)( + IN CONST CHAR8 *DigestName + ); + +/** + Makes a copy of an existing EVP_MD context. + + If EvpMdContext is NULL, then return FALSE. + If NewEvpMdContext is NULL, then return FALSE. + + @param[in] EvpMdContext Pointer to EVP_MD context being copied. + @param[out] NewEvpMdContext Pointer to new EVP_MD context. + + @retval TRUE EVP_MD context copy succeeded. + @retval FALSE EVP_MD context copy failed. + +**/ +typedef +BOOLEAN +(EFIAPI* EDKII_CRYPTO_EVPMD_DUPLICATE)( + IN CONST VOID*EvpMdContext, + OUT VOID *NewEvpMdContext + ); + +/** + Digests the input data and updates EVP_MD context. + + This function performs EVP digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + EVP_MD context should be already correctly initialized by EvpMdInit(), and should not + be finalized by EvpMdFinal(). Behavior with invalid context is undefined. + + If EvpMdContext is NULL, then return FALSE. + If Data is NULL and DataSize is not zero, return FALSE. + + @param[in, out] EvpMdContext
[edk2-devel] [PATCH v2 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 The EVP interface should be used in place of discrete digest function calls. Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 + CryptoPkg/Include/Library/BaseCryptLib.h| 125 ++ CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 253 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 124 ++ 8 files changed, 507 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 4aae2aba95..3968f29412 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -50,6 +50,7 @@ Pk/CryptAuthenticode.c Pk/CryptTs.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index dc28e3a11d..d0b91716d0 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -57,6 +57,7 @@ Pk/CryptTsNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 5005beed02..9f3accd35b 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -56,6 +56,7 @@ Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 91ec3e03bf..420623cdc6 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -54,6 +54,7 @@ Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf index 689af4fedd..542ac2e2e1 100644 --- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf @@ -50,6 +50,7 @@ Pk/CryptTsNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c + Evp/CryptEvpMdNull.c [Packages] MdePkg/MdePkg.dec diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ae9bde9e37..a92e5e5766 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1012,6 +1012,131 @@ HmacSha256Final ( OUT UINT8 *HmacValue ); +//= +//EVP (Envelope) Primitive +//= + +/** + Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use. + + If DigestName is NULL, then return FALSE. + + @param[in]DigestNamePointer to the digest name. + + @return Pointer to the EVP_MD_CTX context that has been allocated and initialized. + If DigestName is invalid, returns NULL. + If the allocations fails, returns NULL. + If initialization fails, returns NULL. + +**/ +VOID * +EFIAPI +EvpMdInit ( + IN CONST CHAR8 *DigestName + ); + +/** + Makes a copy of an existing EVP_MD context. + + If EvpMdContext is NULL, then return FALSE. + If NewEvpMdContext is NULL, then return FALSE. + + @param[in] EvpMdContext Pointer to EVP_MD context being copied. + @param[out] NewEvpMdContext Pointer to new EVP_MD context. + + @retval TRUE EVP_MD context copy succeeded. + @retval FALSE EVP_MD context copy failed. + +**/ +BOOLEAN +EFIAPI +EvpMdDuplicate ( + IN CONST VOID*EvpMdContext, + OUT VOID *NewEvpMdContext + ); + +/** + Digests the input data and updates EVP_MD context. + + This function performs EVP digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + EVP_MD context should be already correctly initialized by EvpMdInit(), and should not + be finalized by EvpMdFinal(). Behavior with invalid context is undefined. + + If EvpMdContext is NULL, then return FALSE. + If Data is NULL and DataSize is not zero, return FALSE. + + @param[in,
Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64
1) I have confirmed that the ApiHooks.c file is still required even without the AVX instructions included. The x86_64 assembly files in OpenSSL set a flag called $win64 and automatically include calls to the RtlVirtualUnwind function if NASM is selected as the assembler scheme. https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-rtlvirtualunwind I have submitted an issue against OpenSSL since I don't think using the NASM assembler should force the inclusion of Windows-specific API hooks, but that change cannot be made in OpenSSL 1.1.1 and we will have to wait for OpenSSL 3 or later to remove the stub function. https://github.com/openssl/openssl/issues/12712 2) So far I have only built with VS. 3) The X64 SHA256 implementation was successfully exercised across a large number of devices in a production environment as a verification step in a multi-GB data transfer scenario. Thanks, Christopher Zurcher > -Original Message- > From: devel@edk2.groups.io On Behalf Of Zurcher, > Christopher J > Sent: Tuesday, August 18, 2020 15:50 > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel > Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native > instruction support for X64 > > After further review, the ApiHooks.c file may no longer be needed since we > are no longer including the AVX instructions. I will look over the > dependencies and send a new patch set if I can eliminate the API hooks file. > > Thanks, > Christopher Zurcher > > > -Original Message- > > From: Yao, Jiewen > > Sent: Thursday, August 13, 2020 08:04 > > To: Zurcher, Christopher J ; > > devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Ard Biesheuvel > > Subject: RE: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction > > support for X64 > > > > Hi Christopher > > Thanks. > > > > 1) Would you please help me understand more on "ApiHooks.c contains a stub > > function for a Windows API call" ? > > Why we need this? > > If it is compiler specific in openssl, should we submit patch to openssl to > > exclude this with OPENSSL_SYS_UEFI? That should be a cleaner solution for > > UEFI. > > > > 2) Would you please describe what compiler you have tried? VS? GCC? LLVM? > > > > 3) Would you please describe what unit test you have done? > > > > Thank you > > Yao Jiewen > > > > > > > -Original Message- > > > From: Zurcher, Christopher J > > > Sent: Tuesday, August 4, 2020 8:24 AM > > > To: devel@edk2.groups.io > > > Cc: Yao, Jiewen ; Wang, Jian J > > ; > > > Lu, XiaoyuX ; Ard Biesheuvel > > > > > Subject: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction > > support > > > for X64 > > > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507 > > > > > > Adding OpensslLibX64.inf and modifying process_files.pl to process this > > > file and generate the necessary assembly files. > > > ApiHooks.c contains a stub function for a Windows API call. > > > uefi-asm.conf contains the limited assembly configurations for OpenSSL. > > > > > > Cc: Jiewen Yao > > > Cc: Jian J Wang > > > Cc: Xiaoyu Lu > > > Cc: Ard Biesheuvel > > > Signed-off-by: Christopher J Zurcher > > > --- > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- > > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| 2 +- > > > CryptoPkg/Library/OpensslLib/OpensslLibX64.inf | 656 > > > > > > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - > > > CryptoPkg/Library/OpensslLib/ApiHooks.c | 18 + > > > CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c | 34 + > > > CryptoPkg/Library/OpensslLib/process_files.pl| 223 +-- > > > CryptoPkg/Library/OpensslLib/uefi-asm.conf | 15 + > > > 8 files changed, 903 insertions(+), 50 deletions(-) > > > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > index dbbe5386a1..bd62d86936 100644 > > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > @@ -16,7 +16,7 @@ > > >VERSION_STRING = 1.0 > > > > > >LIBRARY_CLASS = OpensslLib > > > > > >DEFINE OPENSSL_PATH= openssl > > > > > > -
Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64
After further review, the ApiHooks.c file may no longer be needed since we are no longer including the AVX instructions. I will look over the dependencies and send a new patch set if I can eliminate the API hooks file. Thanks, Christopher Zurcher > -Original Message- > From: Yao, Jiewen > Sent: Thursday, August 13, 2020 08:04 > To: Zurcher, Christopher J ; > devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel > Subject: RE: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction > support for X64 > > Hi Christopher > Thanks. > > 1) Would you please help me understand more on "ApiHooks.c contains a stub > function for a Windows API call" ? > Why we need this? > If it is compiler specific in openssl, should we submit patch to openssl to > exclude this with OPENSSL_SYS_UEFI? That should be a cleaner solution for > UEFI. > > 2) Would you please describe what compiler you have tried? VS? GCC? LLVM? > > 3) Would you please describe what unit test you have done? > > Thank you > Yao Jiewen > > > > -Original Message- > > From: Zurcher, Christopher J > > Sent: Tuesday, August 4, 2020 8:24 AM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > ; > > Lu, XiaoyuX ; Ard Biesheuvel > > > Subject: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction > support > > for X64 > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507 > > > > Adding OpensslLibX64.inf and modifying process_files.pl to process this > > file and generate the necessary assembly files. > > ApiHooks.c contains a stub function for a Windows API call. > > uefi-asm.conf contains the limited assembly configurations for OpenSSL. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Cc: Ard Biesheuvel > > Signed-off-by: Christopher J Zurcher > > --- > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| 2 +- > > CryptoPkg/Library/OpensslLib/OpensslLibX64.inf | 656 > > > > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - > > CryptoPkg/Library/OpensslLib/ApiHooks.c | 18 + > > CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c | 34 + > > CryptoPkg/Library/OpensslLib/process_files.pl| 223 +-- > > CryptoPkg/Library/OpensslLib/uefi-asm.conf | 15 + > > 8 files changed, 903 insertions(+), 50 deletions(-) > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > index dbbe5386a1..bd62d86936 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > @@ -16,7 +16,7 @@ > >VERSION_STRING = 1.0 > > > >LIBRARY_CLASS = OpensslLib > > > >DEFINE OPENSSL_PATH= openssl > > > > - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT > > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE > > > > + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT > > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE - > > DOPENSSL_NO_ASM > > > > > > > > # > > > > # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > index 616ccd9f62..2b7324a990 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > @@ -16,7 +16,7 @@ > >VERSION_STRING = 1.0 > > > >LIBRARY_CLASS = OpensslLib > > > >DEFINE OPENSSL_PATH= openssl > > > > - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT > > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE > > > > + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT > > -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE - > > DOPENSSL_NO_ASM > > > > > > > > # > > > > # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf > > new file mode 100644 > > index 00..825eea0254 > > --- /dev/null > > +++ b/CryptoPkg/Library/OpensslLib/Openss
Re: [edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
I replaced the MD5 and SHAx functions with EVP functions in Hash2DxeCrypto, and it grew from ~26k to ~253k. -- Christopher Zurcher > -Original Message- > From: Yao, Jiewen > Sent: Thursday, August 13, 2020 07:38 > To: Laszlo Ersek ; devel@edk2.groups.io; Zurcher, > Christopher J > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP > (Envelope) Digest interface > > 1) Agree with Laszlo. > We need extend internal protocol/ppi for this new API. > > 2) Do you have any data on the size difference between old SHA implementation > or new MD implementation? > > Thank you > Yao Jiewen > > > -Original Message- > > From: Laszlo Ersek > > Sent: Thursday, August 13, 2020 5:47 PM > > To: devel@edk2.groups.io; Zurcher, Christopher J > > > > Cc: Yao, Jiewen ; Wang, Jian J > ; > > Lu, XiaoyuX > > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP > > (Envelope) Digest interface > > > > Hi Christopher, > > > > (+Mike, > > > > On 08/13/20 03:20, Zurcher, Christopher J wrote: > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 > > > > > > The EVP interface should be used in place of discrete digest function > > > calls. > > > > > > Cc: Jiewen Yao > > > Cc: Jian J Wang > > > Cc: Xiaoyu Lu > > > Signed-off-by: Christopher J Zurcher > > > --- > > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 1 + > > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + > > > CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + > > > CryptoPkg/Include/Library/BaseCryptLib.h | 122 +++ > > > CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c| 228 > > > > > 6 files changed, 354 insertions(+) > > > > (1) This patch extends the library class header, but updates only one > > *set* of the three library instance *sets*. The other two instance > > *sets* are: > > > > - BaseCryptLibNull (just one instance), for which it should not be hard > > to provide Null implementations of the new functions; > > > > - BaseCryptLibOnProtocolPpi (three instances -- Pei, Dxe, Smm). > > > > > > BaseCryptLibOnProtocolPpi is a tough nut, because it seems to require > > extending: > > > > - the crypto service driver at CryptoPkg/Driver/, > > > > - the interface to that driver (CryptoPkg/Private/Protocol/Crypto.h -- > > reused by both "CryptoPkg/Private/Ppi/Crypto.h" and > > "CryptoPkg/Private/Protocol/SmmCrypto.h"), > > > > - the PCD_CRYPTO_SERVICE_FAMILY_ENABLE structure at > > "CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h", for configuring > > the driver, > > > > - the various PcdCryptoServiceFamilyEnable settings / build profiles in > > CryptoPkg/CryptoPkg.dsc. > > > > > > > > > > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > > index 4aae2aba95..3968f29412 100644 > > > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > > @@ -50,6 +50,7 @@ > > >Pk/CryptAuthenticode.c > > >Pk/CryptTs.c > > >Pem/CryptPem.c > > > + Evp/CryptEvpMd.c > > > > > >SysCall/CrtWrapper.c > > >SysCall/TimerWrapper.c > > > diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > > index dc28e3a11d..d0b91716d0 100644 > > > --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > > +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > > @@ -57,6 +57,7 @@ > > >Pk/CryptTsNull.c > > >Pem/CryptPemNull.c > > >Rand/CryptRandNull.c > > > + Evp/CryptEvpMd.c > > > > > >SysCall/CrtWrapper.c > > >SysCall/ConstantTimeClock.c > > > diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > > index 5005beed02..9f3accd35b 100644 > > > --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > > +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > > @@ -56,6 +56,7 @@ > > >Pk/CryptAuthenticodeNull.c > > >Pk/CryptTsNull.c > > >Pem/Crypt
[edk2-devel] [PATCH 1/1] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 The EVP interface should be used in place of discrete digest function calls. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + CryptoPkg/Include/Library/BaseCryptLib.h | 122 +++ CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c| 228 6 files changed, 354 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 4aae2aba95..3968f29412 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -50,6 +50,7 @@ Pk/CryptAuthenticode.c Pk/CryptTs.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index dc28e3a11d..d0b91716d0 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -57,6 +57,7 @@ Pk/CryptTsNull.c Pem/CryptPemNull.c Rand/CryptRandNull.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 5005beed02..9f3accd35b 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -56,6 +56,7 @@ Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/TimerWrapper.c diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 91ec3e03bf..420623cdc6 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -54,6 +54,7 @@ Pk/CryptAuthenticodeNull.c Pk/CryptTsNull.c Pem/CryptPem.c + Evp/CryptEvpMd.c SysCall/CrtWrapper.c SysCall/ConstantTimeClock.c diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index ae9bde9e37..f3bf8aac0c 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -1012,6 +1012,128 @@ HmacSha256Final ( OUT UINT8 *HmacValue ); +//= +//EVP (Envelope) Primitive +//= + +/** + Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use. + + @return Pointer to the EVP_MD_CTX context that has been initialized. + If the allocations fails, EvpMdNew() returns NULL. + +**/ +VOID * +EFIAPI +EvpMdNew ( + VOID + ); + +/** + Release the specified EVP_MD_CTX context. + + @param[in] EvpMdContext Pointer to the EVP_MD_CTX context to be released. + +**/ +VOID +EFIAPI +EvpMdFree ( + IN VOID *EvpMdContext + ); + +/** + Initializes user-supplied memory pointed to by EvpMdContext as EVP_MD_CTX + context for subsequent use. + + If EvpMdContext is NULL, then return FALSE. + If DigestName is NULL, then return FALSE. + + @param[out] EvpMdContext Pointer to EVP_MD_CTX context being initialized. + @param[in]DigestNamePointer to the digest name. + + @retval TRUE EVP_MD_CTX context initialization succeeded. + @retval FALSE EVP_MD_CTX context initialization failed. + +**/ +BOOLEAN +EFIAPI +EvpMdInit ( + OUT VOID *EvpMdContext, + IN CONST CHAR8 *DigestName + ); + +/** + Makes a copy of an existing EVP_MD context. + + If EvpMdContext is NULL, then return FALSE. + If NewEvpMdContext is NULL, then return FALSE. + + @param[in] EvpMdContext Pointer to EVP_MD context being copied. + @param[out] NewEvpMdContext Pointer to new EVP_MD context. + + @retval TRUE EVP_MD context copy succeeded. + @retval FALSE EVP_MD context copy failed. + +**/ +BOOLEAN +EFIAPI +EvpMdDuplicate ( + IN CONST VOID*EvpMdContext, + OUT VOID *NewEvpMdContext + ); + +/** + Digests the input data and updates EVP_MD context. + + This function performs EVP digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + EVP_MD context should be already correctly initialized by EvpMdInit(), and should not + be finalized by EvpMdFinal(). Behavior with invalid context is undefined. + + If EvpMdContext is NULL, then return FALSE. + + @param[in, out] EvpMdContext Pointer to the EVP_MD context. + @param[in] Data Pointer to the buffer containing the
[edk2-devel] [PATCH 0/1] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 Low-level interfaces to message digest (hash) functions have been deprecated in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to low-level functions (such as SHA256_Init() in CryptSha256.c) will need to be replaced by EVP inteface calls. For reviewers: The added file CryptEvpMd.c is based on CryptHmacSha256.c and can be compared to that file to easily highlight changes. References: https://www.openssl.org/docs/manmaster/man7/evp.html https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Christopher J Zurcher (1): CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + CryptoPkg/Include/Library/BaseCryptLib.h | 122 +++ CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c| 228 6 files changed, 354 insertions(+) create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c -- 2.28.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64134): https://edk2.groups.io/g/devel/message/64134 Mute This Topic: https://groups.io/mt/76159837/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 0/2] CryptoPkg/OpensslLib: Add native instruction support for X64
V2 Changes: Limit scope of assembly config to SHA and AES functions. Removed IA32 native support (reduced config was causing build failure and can be added in a later patch). Removed XMM instructions from assembly generation. Added automatic copyright header porting for generated assembly files. This patch adds support for building the native instruction algorithms for the X64 architecture in OpensslLib. The process_files.pl script was modified to parse the .asm file targets from the OpenSSL build config data struct, and generate the necessary assembly files for the EDK2 build environment. For the X64 variant, OpenSSL includes calls to a Windows error handling API, and that function has been stubbed out in ApiHooks.c. For all variants, a constructor is added to call the required CPUID function within OpenSSL to facilitate processor capability checks in the native algorithms. Additional native architecture variants should be simple to add by following the changes made for this architecture. The OpenSSL assembly files are traditionally generated at build time using a perl script. To avoid that burden on EDK2 users, these end-result assembly files are generated during the configuration steps performed by the package maintainer (through process_files.pl). The perl generator scripts inside OpenSSL do not parse file comments as they are only meant to create intermediate build files, so process_files.pl contains additional hooks to preserve the copyright headers as well as clean up tabs and line endings to comply with EDK2 coding standards. The resulting file headers align with the generated .h files which are already included in the EDK2 repository. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Ard Biesheuvel Christopher J Zurcher (2): CryptoPkg/OpensslLib: Add native instruction support for X64 CryptoPkg/OpensslLib: Commit the auto-generated assembly files for X64 CryptoPkg/Library/OpensslLib/OpensslLib.inf |2 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|2 +- CryptoPkg/Library/OpensslLib/OpensslLibX64.inf | 656 +++ CryptoPkg/Library/Include/openssl/opensslconf.h |3 - CryptoPkg/Library/OpensslLib/ApiHooks.c | 18 + CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c | 34 + CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm | 732 +++ CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm | 1916 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm | 78 + CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm| 5103 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm| 1173 + CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm | 1569 ++ CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm | 3137 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm | 2884 +++ CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm| 3461 + CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm | 3313 + CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm | 1938 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm | 491 ++ CryptoPkg/Library/OpensslLib/process_files.pl| 223 +- CryptoPkg/Library/OpensslLib/uefi-asm.conf | 15 + 20 files changed, 26698 insertions(+), 50 deletions(-) create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf create mode 100644 CryptoPkg/Library/OpensslLib/ApiHooks.c create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm create mode 100644 CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm create mode 100644 CryptoPkg/Library/OpensslLib/uefi-asm.conf -- 2.28.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io
[edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507 Adding OpensslLibX64.inf and modifying process_files.pl to process this file and generate the necessary assembly files. ApiHooks.c contains a stub function for a Windows API call. uefi-asm.conf contains the limited assembly configurations for OpenSSL. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Ard Biesheuvel Signed-off-by: Christopher J Zurcher --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| 2 +- CryptoPkg/Library/OpensslLib/OpensslLibX64.inf | 656 CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - CryptoPkg/Library/OpensslLib/ApiHooks.c | 18 + CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c | 34 + CryptoPkg/Library/OpensslLib/process_files.pl| 223 +-- CryptoPkg/Library/OpensslLib/uefi-asm.conf | 15 + 8 files changed, 903 insertions(+), 50 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index dbbe5386a1..bd62d86936 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -16,7 +16,7 @@ VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib DEFINE OPENSSL_PATH= openssl - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM # # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index 616ccd9f62..2b7324a990 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -16,7 +16,7 @@ VERSION_STRING = 1.0 LIBRARY_CLASS = OpensslLib DEFINE OPENSSL_PATH= openssl - DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_ASM # # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf new file mode 100644 index 00..825eea0254 --- /dev/null +++ b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf @@ -0,0 +1,656 @@ +## @file +# This module provides OpenSSL Library implementation. +# +# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. +# (C) Copyright 2020 Hewlett Packard Enterprise Development LP +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = OpensslLibX64 + MODULE_UNI_FILE= OpensslLib.uni + FILE_GUID = 18125E50-0117-4DD0-BE54-4784AD995FEF + MODULE_TYPE= BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = OpensslLib + DEFINE OPENSSL_PATH= openssl + DEFINE OPENSSL_FLAGS = -DL_ENDIAN -DOPENSSL_SMALL_FOOTPRINT -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE + DEFINE OPENSSL_FLAGS_CONFIG= -DOPENSSL_CPUID_OBJ -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM + CONSTRUCTOR= OpensslLibConstructor + +# +# VALID_ARCHITECTURES = X64 +# + +[Sources] + OpensslLibConstructor.c + $(OPENSSL_PATH)/e_os.h + $(OPENSSL_PATH)/ms/uplink.h +# Autogenerated files list starts here + X64/crypto/aes/aesni-mb-x86_64.nasm + X64/crypto/aes/aesni-sha1-x86_64.nasm + X64/crypto/aes/aesni-sha256-x86_64.nasm + X64/crypto/aes/aesni-x86_64.nasm + X64/crypto/aes/vpaes-x86_64.nasm + X64/crypto/modes/ghash-x86_64.nasm + X64/crypto/sha/sha1-mb-x86_64.nasm + X64/crypto/sha/sha1-x86_64.nasm + X64/crypto/sha/sha256-mb-x86_64.nasm + X64/crypto/sha/sha256-x86_64.nasm + X64/crypto/sha/sha512-x86_64.nasm + X64/crypto/x86_64cpuid.nasm + $(OPENSSL_PATH)/crypto/aes/aes_cbc.c + $(OPENSSL_PATH)/crypto/aes/aes_cfb.c + $(OPENSSL_PATH)/crypto/aes/aes_core.c + $(OPENSSL_PATH)/crypto/aes/aes_ige.c + $(OPENSSL_PATH)/crypto/aes/aes_misc.c + $(OPENSSL_PATH)/crypto/aes/aes_ofb.c + $(OPENSSL_PATH)/crypto/aes/aes_wrap.c + $(OPENSSL_PATH)/crypto/aria/aria.c + $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c + $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c + $(OPENSSL_PATH)/crypto/asn1/a_digest.c + $(OPENSSL_PATH)/crypto/asn1/a_dup.c + $(OPENSSL_PATH)/crypto/asn1/a_gentm.c + $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c + $(OPENSSL_PATH)/crypto/asn1/a_int.c + $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c +
Re: [edk2-devel] [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations
This change has been validated on an internal development platform; I will share the details offline. Thanks, Christopher Zurcher > -Original Message- > From: Gao, Liming > Sent: Monday, March 30, 2020 06:51 > To: Liu, Zhiguang ; Zurcher, Christopher J > ; devel@edk2.groups.io > Cc: Kinney, Michael D ; Wang, Jian J > > Subject: RE: [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous > SCSI Write operations > > Zurcher: > What functionality test has been done for this test? > > Thanks > Liming > > -Original Message- > > From: Liu, Zhiguang > > Sent: Monday, March 30, 2020 9:52 AM > > To: Zurcher, Christopher J ; > devel@edk2.groups.io > > Cc: Kinney, Michael D ; Wang, Jian J > ; Gao, Liming > > Subject: RE: [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous > SCSI Write operations > > > > Reviewed-by: Zhiguang Liu > > > > > -Original Message- > > > From: Zurcher, Christopher J > > > Sent: Thursday, March 26, 2020 3:34 PM > > > To: devel@edk2.groups.io > > > Cc: Kinney, Michael D ; Wang, Jian J > > > ; Gao, Liming ; Liu, > Zhiguang > > > > > > Subject: [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous > > > SCSI Write operations > > > > > > The FUA (Force Unit Access) bit forces data to be written directly to > > > disk instead of the write cache. This prevents data from being lost if a > > > shutdown or reset is requested immediately after a SCSI write operation. > > > > > > Cc: Michael D Kinney > > > Cc: Jian J Wang > > > Cc: Liming Gao > > > Cc: Zhiguang Liu > > > Signed-off-by: Christopher J Zurcher > > > --- > > > MdePkg/Include/IndustryStandard/Scsi.h | 8 +++- > > > MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 -- > > > 2 files changed, 15 insertions(+), 7 deletions(-) > > > > > > diff --git a/MdePkg/Include/IndustryStandard/Scsi.h > > > b/MdePkg/Include/IndustryStandard/Scsi.h > > > index 3e966520a1..64b9918b82 100644 > > > --- a/MdePkg/Include/IndustryStandard/Scsi.h > > > +++ b/MdePkg/Include/IndustryStandard/Scsi.h > > > @@ -1,7 +1,7 @@ > > > /** @file > > >Support for SCSI-2 standard > > > > > > - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. > > > + Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved. > > >SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > **/ > > > @@ -175,6 +175,12 @@ > > > #define EFI_SCSI_DATA_IN 0 > > > #define EFI_SCSI_DATA_OUT 1 > > > > > > +// > > > +// SCSI Block Command Cache Control Parameters > > > +// > > > +#define EFI_SCSI_BLOCK_FUA BIT3 ///< Force Unit Access > > > +#define EFI_SCSI_BLOCK_DPO BIT4 ///< Disable Page Out > > > + > > > // > > > // Peripheral Device Type Definitions > > > // > > > diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c > > > b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c > > > index 13a2a1912c..512bec500c 100644 > > > --- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c > > > +++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c > > > @@ -1,7 +1,7 @@ > > > /** @file > > >UEFI SCSI Library implementation > > > > > > - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. > > > + Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved. > > >SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > **/ > > > @@ -1055,15 +1055,16 @@ ScsiWrite10Command ( > > >ZeroMem (, sizeof > > > (EFI_SCSI_IO_SCSI_REQUEST_PACKET)); > > >ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TEN); > > > > > > - CommandPacket.Timeout = Timeout; > > > - CommandPacket.OutDataBuffer= DataBuffer; > > > - CommandPacket.SenseData = SenseData; > > > - CommandPacket.OutTransferLength= *DataLength; > > > - CommandPacket.Cdb = Cdb; > > > + CommandPacket.Timeout = Timeout; > > > + CommandPacket.OutDataBuffer = DataBuffer; > > > + CommandPacket.SenseData = SenseData; > > > + CommandPacket.OutTransferLength = *DataLength; > > > + CommandPacket.Cdb = Cdb; > > >// > > >// Fill Cdb for Write (10) Command > > >// > > >Cdb[0]= EFI_SCSI
Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
During the Perlasm generation step, the script attempts to execute NASM from the user's path to see if it's an appropriate version to support AVX instructions: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/sha/asm/sha512-x86_64.pl#L129 For now, we could force this check to fail during generation. I'm going to reduce this patch to only cover AES and SHA, and the OS-provisioning use case for the SHA acceleration has enough dependency on I/O operations that the AVX speed increase is already reaching diminishing returns. I don't mind leaving AVX support to the future. -- Christopher Zurcher > -Original Message- > From: Kinney, Michael D > Sent: Thursday, March 26, 2020 11:23 > To: Yao, Jiewen ; Zurcher, Christopher J > ; devel@edk2.groups.io; Kinney, Michael D > > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel ; david.harr...@hp.com > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > instruction support for IA32 and X64 > > The main issue with use of extended registers is > that the default interrupt/exception handler for > IA32/X64 does FXSAVE/FXRSTOR. > > https://github.com/tianocore/edk2/blob/5f7c91f0d72efca3b53628163861265c89306f > 1f/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm#L24 > 4 > > https://github.com/tianocore/edk2/blob/5f7c91f0d72efca3b53628163861265c89306f > 1f/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.nasm#L2 > 90 > > This covers FP/MMX/XMM registers, but no more. > > Any code that uses more than this has 2 options: > 1) Expand the state saved in interrupts/exception handlers >for the entire platform. > 2) Disable interrupts when calling code that uses >additional register state. > > Mike > > > -Original Message- > > From: Yao, Jiewen > > Sent: Wednesday, March 25, 2020 8:58 PM > > To: Zurcher, Christopher J > > ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; Ard Biesheuvel > > ; david.harr...@hp.com; > > Kinney, Michael D > > Subject: RE: [edk2-devel] [PATCH 1/1] > > CryptoPkg/OpensslLib: Add native instruction support for > > IA32 and X64 > > > > There is an old shell based test application. It is > > removed from edk2-repo, and it should be in edk2-test > > repo in the future. > > > > Before the latter is ready, you can find the archive at > > https://github.com/jyao1/edk2/tree/edk2- > > cryptest/CryptoTestPkg/Cryptest > > > > But I am not sure if it covers the latest interface, > > especially the new added one. As far as I know, some SM3 > > is not added there. > > > > I still recommend you double check which functions use > > the YMM and make sure these functions are tested. > > > > I have no concern on HASH, since you already provided the > > data. > > But other algo, such as AES/RSA/HMAC, etc. > > > > > > Thank you > > Yao Jiewen > > > > > -Original Message- > > > From: Zurcher, Christopher J > > > > > Sent: Thursday, March 26, 2020 11:29 AM > > > To: Yao, Jiewen ; > > devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Ard Biesheuvel ; > > david.harr...@hp.com; Kinney, > > > Michael D > > > Subject: RE: [edk2-devel] [PATCH 1/1] > > CryptoPkg/OpensslLib: Add native > > > instruction support for IA32 and X64 > > > > > > > -Original Message- > > > > From: Yao, Jiewen > > > > Sent: Wednesday, March 25, 2020 20:05 > > > > To: Zurcher, Christopher J > > ; > > > > devel@edk2.groups.io > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > ; > > > > Ard Biesheuvel ; > > david.harr...@hp.com; Kinney, > > > > Michael D > > > > Subject: RE: [edk2-devel] [PATCH 1/1] > > CryptoPkg/OpensslLib: Add native > > > > instruction support for IA32 and X64 > > > > > > > > Thanks. Comment inline: > > > > > > > > > -Original Message- > > > > > From: Zurcher, Christopher J > > > > > > > Sent: Thursday, March 26, 2020 10:44 AM > > > > > To: devel@edk2.groups.io; Yao, Jiewen > > > > > > > Cc: Wang, Jian J ; Lu, > > XiaoyuX > > > > ; > > > > > Ard Biesheuvel ; > > david.harr...@hp.com; Kinney, > > > > > Michael D > > > > > Subject: RE: [edk2-devel] [PATCH 1/1] > > CryptoPkg/OpensslLib: Add native > > > > > instruction su
[edk2-devel] [PATCH v2 0/1] UefiScsiLib: Set FUA bit for synchronous SCSI Write operations
V2 changes: Add bit defines for cache control parameters from SBC-2. Some SCSI devices have very aggressive write caching implemented, causing data to be lost if the system is shut down or rebooted soon after receiving a successful write confirmation from the device. By setting the FUA bit in the synchronous versions of the Write10/Write16 commands, the write cache is skipped and data is forced directly to the disk. The Asynchronous (WriteEx) commands will not have this bit set, allowing performance-sensitive transactions to continue utilizing the write cache. An alternative, more complicated solution would be to implement the SYNCHRONIZE CACHE command and call it from ScsiDiskFlushBlocks, which currently returns EFI_SUCCESS without flushing anything. Since the SYNCHRONIZE CACHE command requires the caller to provide the specific blocks to flush, and the BlockIO FlushBlocks function does not accept any arguments, this would require keeping track of the write history inside the ScsiDiskDxe driver. I have not tested the asynchronous commands for this issue, so there is a chance that resetting the system even after a call to FlushBlocksEx might still result in lost data. Currently the ScsiDiskFlushBlocksEx command waits for the BlockIo2 requests queue to empty, but does not ask the device itself to flush anything. (EFI_SCSI_OP_SYNC_CACHE is defined in IndustryStandard/Scsi.h but is not implemented anywhere.) Cc: Michael D Kinney Cc: Jian J Wang Cc: Liming Gao Cc: Zhiguang Liu Christopher J Zurcher (1): MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations MdePkg/Include/IndustryStandard/Scsi.h | 8 +++- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 -- 2 files changed, 15 insertions(+), 7 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56367): https://edk2.groups.io/g/devel/message/56367 Mute This Topic: https://groups.io/mt/72559352/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations
The FUA (Force Unit Access) bit forces data to be written directly to disk instead of the write cache. This prevents data from being lost if a shutdown or reset is requested immediately after a SCSI write operation. Cc: Michael D Kinney Cc: Jian J Wang Cc: Liming Gao Cc: Zhiguang Liu Signed-off-by: Christopher J Zurcher --- MdePkg/Include/IndustryStandard/Scsi.h | 8 +++- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 -- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Scsi.h b/MdePkg/Include/IndustryStandard/Scsi.h index 3e966520a1..64b9918b82 100644 --- a/MdePkg/Include/IndustryStandard/Scsi.h +++ b/MdePkg/Include/IndustryStandard/Scsi.h @@ -1,7 +1,7 @@ /** @file Support for SCSI-2 standard - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -175,6 +175,12 @@ #define EFI_SCSI_DATA_IN 0 #define EFI_SCSI_DATA_OUT 1 +// +// SCSI Block Command Cache Control Parameters +// +#define EFI_SCSI_BLOCK_FUA BIT3 ///< Force Unit Access +#define EFI_SCSI_BLOCK_DPO BIT4 ///< Disable Page Out + // // Peripheral Device Type Definitions // diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c index 13a2a1912c..512bec500c 100644 --- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c +++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c @@ -1,7 +1,7 @@ /** @file UEFI SCSI Library implementation - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1055,15 +1055,16 @@ ScsiWrite10Command ( ZeroMem (, sizeof (EFI_SCSI_IO_SCSI_REQUEST_PACKET)); ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TEN); - CommandPacket.Timeout = Timeout; - CommandPacket.OutDataBuffer= DataBuffer; - CommandPacket.SenseData = SenseData; - CommandPacket.OutTransferLength= *DataLength; - CommandPacket.Cdb = Cdb; + CommandPacket.Timeout = Timeout; + CommandPacket.OutDataBuffer = DataBuffer; + CommandPacket.SenseData = SenseData; + CommandPacket.OutTransferLength = *DataLength; + CommandPacket.Cdb = Cdb; // // Fill Cdb for Write (10) Command // Cdb[0]= EFI_SCSI_OP_WRITE10; + Cdb[1]= EFI_SCSI_BLOCK_FUA; WriteUnaligned32 ((UINT32 *)[2], SwapBytes32 (StartLba)); WriteUnaligned16 ((UINT16 *)[7], SwapBytes16 ((UINT16) SectorSize)); @@ -1263,6 +1264,7 @@ ScsiWrite16Command ( // Fill Cdb for Write (16) Command // Cdb[0]= EFI_SCSI_OP_WRITE16; + Cdb[1]= EFI_SCSI_BLOCK_FUA; WriteUnaligned64 ((UINT64 *)[2], SwapBytes64 (StartLba)); WriteUnaligned32 ((UINT32 *)[10], SwapBytes32 (SectorSize)); -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56368): https://edk2.groups.io/g/devel/message/56368 Mute This Topic: https://groups.io/mt/72559353/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
> -Original Message- > From: Yao, Jiewen > Sent: Wednesday, March 25, 2020 20:05 > To: Zurcher, Christopher J ; > devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Ard Biesheuvel ; david.harr...@hp.com; Kinney, > Michael D > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > instruction support for IA32 and X64 > > Thanks. Comment inline: > > > -Original Message- > > From: Zurcher, Christopher J > > Sent: Thursday, March 26, 2020 10:44 AM > > To: devel@edk2.groups.io; Yao, Jiewen > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Ard Biesheuvel ; david.harr...@hp.com; Kinney, > > Michael D > > Subject: RE: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > > instruction support for IA32 and X64 > > > > The specific performance improvement depends on the operation; the OS > > provisioning I mentioned in the [Patch 0/1] thread removed the hashing as a > > bottleneck and improved the overall operation speed over 4x (saving 2.5 > > minutes of flashing time), but a direct SHA256 benchmark on the particular > > silicon I have available showed over 12x improvement. I have not > benchmarked > > the improvements to boot time. I do not know the use case targeted by BZ > 2507 > > so I don't know what benefit will be seen there. > [Jiewen] I guess there might be some improvement on HTTPS boot because of > AES-NI for TLS session. > I am just curious on the data. :-) > > > > > > I will look at unifying the INF files in the next patch-set and will also > add the > > OpensslLibCrypto.inf case. > [Jiewen] Thanks! > > > > > > I have not exercised the AVX code specifically, as it is coming directly > from > > OpenSSL and includes checks against the CPUID capability flags before > executing. > > I'm not entirely familiar with AVX requirements; is there a known > environment > > restriction against AVX instructions in EDK2? > [Jiewen] Yes. UEFI spec only requires to set env for XMM register. > Using other registers such as YMM or ZMM may requires special setup, and > save/restore some FPU state. > If a function containing the YMM register access and it is linked into > BaseCryptoLib, I highly recommend you run some test to make sure it can work > correct. > > Maybe I should ask more generic question: Have you validated all impacted > crypto lib API to make sure they still work well with this improvement? > I have not. Is there an existing test suite that was used initially, or used with each OpenSSL version update? Thanks, Christopher Zurcher > > > > > Regarding RNG, it looks like we already have architecture-specific variants > of > > RdRand...? > [Jiewen] Yes. That is in RngLib. > I ask this question because I see openssl wrapper is using PMC/TSC as noisy. > https://github.com/tianocore/edk2/blob/master/CryptoPkg/Library/OpensslLib/ra > nd_pool.c > Since this patch adds instruction dependency, why no use RNG instruction as > well? > > > > > > There was some off-list feedback regarding the number of files required to > be > > checked in here. OpenSSL does not include assembler-specific > implementations > > of these files and instead relies on "perlasm" scripts which are parsed by > a > > translation script at build time (in the normal OpenSSL build flow) to > generate > > the resulting .nasm files. The implementation I have shared here generates > these > > files as part of the OpensslLib maintainer process, similar to the existing > header > > files which are also generated. Since process_files.pl already requires the > > package maintainer to have a Perl environment installed, this does not > place any > > additional burden on them. > > An alternative implementation has been proposed which would see only a > > listing/script of the required generator operations to be checked in, and > any > > platform build which intended to utilize the native algorithms would > require a > > local Perl environment as well as any underlying environment dependencies > > (such as a version check against the NASM executable) for every developer, > and > > additional pre-build steps to run the generator scripts. > > > > Are there any strong opinions here around adding Perl as a build > environment > > dependency vs. checking in maintainer-generated assembly "intermediate" > build > > files? > [Jiewen] Good question. For tool, maybe Mike or Liming can answer. > And I did get similar issue with you. > I got a submodule code need using CMake and pre-processor to generate a > common
Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
The specific performance improvement depends on the operation; the OS provisioning I mentioned in the [Patch 0/1] thread removed the hashing as a bottleneck and improved the overall operation speed over 4x (saving 2.5 minutes of flashing time), but a direct SHA256 benchmark on the particular silicon I have available showed over 12x improvement. I have not benchmarked the improvements to boot time. I do not know the use case targeted by BZ 2507 so I don't know what benefit will be seen there. I will look at unifying the INF files in the next patch-set and will also add the OpensslLibCrypto.inf case. I have not exercised the AVX code specifically, as it is coming directly from OpenSSL and includes checks against the CPUID capability flags before executing. I'm not entirely familiar with AVX requirements; is there a known environment restriction against AVX instructions in EDK2? Regarding RNG, it looks like we already have architecture-specific variants of RdRand...? There was some off-list feedback regarding the number of files required to be checked in here. OpenSSL does not include assembler-specific implementations of these files and instead relies on "perlasm" scripts which are parsed by a translation script at build time (in the normal OpenSSL build flow) to generate the resulting .nasm files. The implementation I have shared here generates these files as part of the OpensslLib maintainer process, similar to the existing header files which are also generated. Since process_files.pl already requires the package maintainer to have a Perl environment installed, this does not place any additional burden on them. An alternative implementation has been proposed which would see only a listing/script of the required generator operations to be checked in, and any platform build which intended to utilize the native algorithms would require a local Perl environment as well as any underlying environment dependencies (such as a version check against the NASM executable) for every developer, and additional pre-build steps to run the generator scripts. Are there any strong opinions here around adding Perl as a build environment dependency vs. checking in maintainer-generated assembly "intermediate" build files? Thanks, Christopher Zurcher > -Original Message- > From: devel@edk2.groups.io On Behalf Of Yao, Jiewen > Sent: Wednesday, March 25, 2020 18:23 > To: devel@edk2.groups.io; Yao, Jiewen ; Zurcher, > Christopher J > Cc: Wang, Jian J ; Lu, XiaoyuX ; > Eugene Cohen ; Ard Biesheuvel > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > instruction support for IA32 and X64 > > Some more comment: > > 3) Do you consider to enable RNG instruction as well? > > 4) I saw you added some code for AVX instruction, such as YMM register. > Have you validated that code, to make sure it can work correctly in current > environment? > > > > > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of Yao, Jiewen > > Sent: Thursday, March 26, 2020 9:15 AM > > To: devel@edk2.groups.io; Zurcher, Christopher J > > > > Cc: Wang, Jian J ; Lu, XiaoyuX > ; > > Eugene Cohen ; Ard Biesheuvel > > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > > instruction support for IA32 and X64 > > > > HI Christopher > > Thanks for the contribution. I think it is good enhancement. > > > > Do you have any data show what performance improvement we can get? > > Did the system boot faster with the this? Which feature ? > > UEFI Secure Boot? TCG Measured Boot? HTTPS boot? > > > > > > Comment for the code: > > 1) I am not sure if we need separate OpensslLibIa32 and OpensslLibX64. > > Can we just define single INF, such as OpensslLibHw.inf ? > > > > 2) Do we also need add a new version for OpensslLibCrypto.inf ? > > > > > > > > Thank you > > Yao Jiewen > > > > > -Original Message- > > > From: devel@edk2.groups.io On Behalf Of Zurcher, > > > Christopher J > > > Sent: Tuesday, March 17, 2020 6:27 PM > > > To: devel@edk2.groups.io > > > Cc: Wang, Jian J ; Lu, XiaoyuX > > ; > > > Eugene Cohen ; Ard Biesheuvel > > > Subject: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Add native > > instruction > > > support for IA32 and X64 > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56354): https://edk2.groups.io/g/devel/message/56354 Mute This Topic: https://groups.io/mt/72021063/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
> -Original Message- > From: devel@edk2.groups.io On Behalf Of Ard Biesheuvel > Sent: Wednesday, March 25, 2020 11:40 > To: Zurcher, Christopher J > Cc: edk2-devel-groups-io ; Wang, Jian J > ; Lu, XiaoyuX ; Eugene Cohen > > Subject: Re: [edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native > instruction support for IA32 and X64 > > On Tue, 17 Mar 2020 at 11:26, Christopher J Zurcher > wrote: > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507 > > > > This patch adds support for building the native instruction algorithms for > > IA32 and X64 versions of OpensslLib. The process_files.pl script was > modified > > to parse the .asm file targets from the OpenSSL build config data struct, > and > > generate the necessary assembly files for the EDK2 build environment. > > > > For the X64 variant, OpenSSL includes calls to a Windows error handling > API, > > and that function has been stubbed out in ApiHooks.c. > > > > For all variants, a constructor was added to call the required CPUID > function > > within OpenSSL to facilitate processor capability checks in the native > > algorithms. > > > > Additional native architecture variants should be simple to add by > following > > the changes made for these two architectures. > > > > The OpenSSL assembly files are traditionally generated at build time using > a > > perl script. To avoid that burden on EDK2 users, these end-result assembly > > files are generated during the configuration steps performed by the package > > maintainer (through process_files.pl). The perl generator scripts inside > > OpenSSL do not parse file comments as they are only meant to create > > intermediate build files, so process_files.pl contains additional hooks to > > preserve the copyright headers as well as clean up tabs and line endings to > > comply with EDK2 coding standards. The resulting file headers align with > > the generated .h files which are already included in the EDK2 repository. > > > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Cc: Eugene Cohen > > > > Cc: Ard Biesheuvel > > > > Christopher J Zurcher (1): > > CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64 > > > > Hello Christopher, > > It would be helpful to understand the purpose of all this. Also, I > think we could be more picky about which algorithms we enable - DES > and MD5 don't seem highly useful, and even if they were, what do we > gain by using a faster (or smaller?) implementation? > The selection of algorithms comes from the default OpenSSL assembly targets; this combination is validated and widely used, and I don't know all the consequences of picking and choosing which ones to include. If necessary I could look into reducing the list. The primary driver for this change is enabling the Full Flash Update (FFU) OS provisioning flow for Windows as described here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats This item under "Reliability" is what we are speeding up: "Includes a catalog and hash table to validate a signature upfront before flashing onto a device. The hash table is generated during capture, and validated when applying the image." This provisioning flow can be performed within the UEFI environment, and the native algorithms allow significant time savings in a factory setting (minutes per device). We also had a BZ which requested these changes and the specific need was not provided. Maybe David @HP can provide further insight? https://bugzilla.tianocore.org/show_bug.cgi?id=2507 There have been additional platform-specific benefits identified, for example speeding up HMAC authentication of communication with other HW/FW components. Thanks, Christopher Zurcher > > > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | > 2 +- > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| > 2 +- > > CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf | > 680 ++ > > CryptoPkg/Library/OpensslLib/OpensslLibX64.inf | > 691 ++ > > CryptoPkg/Library/Include/openssl/opensslconf.h | > 3 - > > CryptoPkg/Library/OpensslLib/ApiHooks.c | > 18 + > > CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c | > 34 + > > CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm | > 3209 > > CryptoPkg/Library/OpensslLib/Ia
[edk2-devel] [PATCH 0/1] CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507 This patch adds support for building the native instruction algorithms for IA32 and X64 versions of OpensslLib. The process_files.pl script was modified to parse the .asm file targets from the OpenSSL build config data struct, and generate the necessary assembly files for the EDK2 build environment. For the X64 variant, OpenSSL includes calls to a Windows error handling API, and that function has been stubbed out in ApiHooks.c. For all variants, a constructor was added to call the required CPUID function within OpenSSL to facilitate processor capability checks in the native algorithms. Additional native architecture variants should be simple to add by following the changes made for these two architectures. The OpenSSL assembly files are traditionally generated at build time using a perl script. To avoid that burden on EDK2 users, these end-result assembly files are generated during the configuration steps performed by the package maintainer (through process_files.pl). The perl generator scripts inside OpenSSL do not parse file comments as they are only meant to create intermediate build files, so process_files.pl contains additional hooks to preserve the copyright headers as well as clean up tabs and line endings to comply with EDK2 coding standards. The resulting file headers align with the generated .h files which are already included in the EDK2 repository. Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Eugene Cohen Cc: Ard Biesheuvel Christopher J Zurcher (1): CryptoPkg/OpensslLib: Add native instruction support for IA32 and X64 CryptoPkg/Library/OpensslLib/OpensslLib.inf |2 +- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf|2 +- CryptoPkg/Library/OpensslLib/OpensslLibIa32.inf | 680 ++ CryptoPkg/Library/OpensslLib/OpensslLibX64.inf | 691 ++ CryptoPkg/Library/Include/openssl/opensslconf.h |3 - CryptoPkg/Library/OpensslLib/ApiHooks.c | 18 + CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c | 34 + CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/aesni-x86.nasm | 3209 CryptoPkg/Library/OpensslLib/Ia32/crypto/aes/vpaes-x86.nasm | 648 ++ CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/bn-586.nasm | 1522 CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/co-586.nasm | 1259 +++ CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-gf2m.nasm| 352 + CryptoPkg/Library/OpensslLib/Ia32/crypto/bn/x86-mont.nasm| 486 ++ CryptoPkg/Library/OpensslLib/Ia32/crypto/des/crypt586.nasm | 887 +++ CryptoPkg/Library/OpensslLib/Ia32/crypto/des/des-586.nasm| 1835 + CryptoPkg/Library/OpensslLib/Ia32/crypto/md5/md5-586.nasm| 690 ++ CryptoPkg/Library/OpensslLib/Ia32/crypto/modes/ghash-x86.nasm| 1264 +++ CryptoPkg/Library/OpensslLib/Ia32/crypto/rc4/rc4-586.nasm| 381 + CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha1-586.nasm | 3977 ++ CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha256-586.nasm | 6796 CryptoPkg/Library/OpensslLib/Ia32/crypto/sha/sha512-586.nasm | 2842 +++ CryptoPkg/Library/OpensslLib/Ia32/crypto/x86cpuid.nasm | 513 ++ CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm | 1772 + CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm | 3271 CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm | 4709 +++ CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm| 5084 CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm| 1170 +++ CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-avx2.nasm| 1989 + CryptoPkg/Library/OpensslLib/X64/crypto/bn/rsaz-x86_64.nasm | 2242 ++ CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-gf2m.nasm | 432 + CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont.nasm | 1479 CryptoPkg/Library/OpensslLib/X64/crypto/bn/x86_64-mont5.nasm | 4033 ++ CryptoPkg/Library/OpensslLib/X64/crypto/md5/md5-x86_64.nasm | 794 ++ CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm | 984 +++ CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm | 2077 + CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-md5-x86_64.nasm | 1395 CryptoPkg/Library/OpensslLib/X64/crypto/rc4/rc4-x86_64.nasm | 784 ++ CryptoPkg/Library/OpensslLib/X64/crypto/sha/keccak1600-x86_64.nasm | 532 ++ CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm | 7581 ++ CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm | 5773 ++
Re: [edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
BZ submitted here: https://bugzilla.tianocore.org/show_bug.cgi?id=2545 Once this "sort" fix is checked in, I will be submitting patches for EVP implementation as well as x86 and x86_64 native build options (BZ 2507). Thanks, Christopher Zurcher > -Original Message- > From: Gao, Liming > Sent: Friday, February 14, 2020 00:52 > To: devel@edk2.groups.io; Zurcher, Christopher J > > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: RE: [edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no- > autoalginit" flag from OpenSSL build > > Zurcher: > Seemly, this is like an enhancement in OpensslLib. Please submit one BZ > (https://bugzilla.tianocore.org/) for this change. > > And today, edk2 enters into the soft feature freeze for edk2-stable202002 > stable tag. So, this change may not catch this stable tag. > > Thanks > Liming > > -----Original Message- > > From: devel@edk2.groups.io On Behalf Of Zurcher, > Christopher J > > Sent: Friday, February 14, 2020 8:40 AM > > To: devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > Subject: [edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no- > autoalginit" flag from OpenSSL build > > > > In order to implement the EVP interface, the EVP_get_digestbyname function > > requires the desired digest to be already initialized. Removing the > > "no-autoalginit" build option will allow algorithms to be retrieved by > name. > > I plan to submit a future patch with an EVP implementation; the OpenSSL > > documentation has stated that the EVP interface "should almost always be > > used" over direct digest interfaces at least as far back as version 0.9.6c. > > > > This patch set also adds the "sort" keyword to the header file parsing loop > > so the .inf files aren't randomized after every run of process_files.pl. > > > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > > > Christopher J Zurcher (2): > > CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loop > > CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build > > > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 66 ++- > - > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 62 +- > > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - > > CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- > > 4 files changed, 66 insertions(+), 70 deletions(-) > > > > -- > > 2.16.2.windows.1 > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54722): https://edk2.groups.io/g/devel/message/54722 Mute This Topic: https://groups.io/mt/71257217/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 0/1] UefiScsiLib: Set FUA bit for synchronous SCSI Write operations
Some SCSI devices have very aggressive write caching implemented, causing data to be lost if the system is shut down or rebooted soon after receiving a successful write confirmation from the device. By setting the FUA bit in the synchronous versions of the Write10/Write16 commands, the write cache is skipped and data is forced directly to the disk. The Asynchronous (WriteEx) commands will not have this bit set, allowing performance-sensitive transactions to continue utilizing the write cache. An alternative, more complicated solution would be to implement the SYNCHRONIZE CACHE command and call it from ScsiDiskFlushBlocks, which currently returns EFI_SUCCESS without flushing anything. Since the SYNCHRONIZE CACHE command requires the caller to provide the specific blocks to flush, and the BlockIO FlushBlocks function does not accept any arguments, this would require keeping track of the write history inside the ScsiDiskDxe driver. I have not tested the asynchronous commands for this issue, so there is a chance that resetting the system even after a call to FlushBlocksEx might still result in lost data. Currently the ScsiDiskFlushBlocksEx command waits for the BlockIo2 requests queue to empty, but does not ask the device itself to flush anything. (EFI_SCSI_OP_SYNC_CACHE is defined in IndustryStandard/Scsi.h but is not implemented anywhere.) Cc: Michael D Kinney Cc: Jian J Wang Cc: Liming Gao Christopher J Zurcher (1): MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54720): https://edk2.groups.io/g/devel/message/54720 Mute This Topic: https://groups.io/mt/71464106/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH 1/1] MdePkg/UefiScsiLib: Set FUA bit for synchronous SCSI Write operations
The FUA (Force Unit Access) bit forces data to be written directly to disk instead of the write cache. This prevents data from being lost if a shutdown or reset is requested immediately after a SCSI write operation. Cc: Michael D Kinney Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c index 13a2a1912c..cf78f131bd 100644 --- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c +++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c @@ -1,7 +1,7 @@ /** @file UEFI SCSI Library implementation - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1055,15 +1055,16 @@ ScsiWrite10Command ( ZeroMem (, sizeof (EFI_SCSI_IO_SCSI_REQUEST_PACKET)); ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TEN); - CommandPacket.Timeout = Timeout; - CommandPacket.OutDataBuffer= DataBuffer; - CommandPacket.SenseData = SenseData; - CommandPacket.OutTransferLength= *DataLength; - CommandPacket.Cdb = Cdb; + CommandPacket.Timeout = Timeout; + CommandPacket.OutDataBuffer = DataBuffer; + CommandPacket.SenseData = SenseData; + CommandPacket.OutTransferLength = *DataLength; + CommandPacket.Cdb = Cdb; // // Fill Cdb for Write (10) Command // Cdb[0]= EFI_SCSI_OP_WRITE10; + Cdb[1]= BIT3; //FUA bit (Force Unit Access) WriteUnaligned32 ((UINT32 *)[2], SwapBytes32 (StartLba)); WriteUnaligned16 ((UINT16 *)[7], SwapBytes16 ((UINT16) SectorSize)); @@ -1263,6 +1264,7 @@ ScsiWrite16Command ( // Fill Cdb for Write (16) Command // Cdb[0]= EFI_SCSI_OP_WRITE16; + Cdb[1]= BIT3; //FUA bit (Force Unit Access) WriteUnaligned64 ((UINT64 *)[2], SwapBytes64 (StartLba)); WriteUnaligned32 ((UINT32 *)[10], SwapBytes32 (SectorSize)); -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54721): https://edk2.groups.io/g/devel/message/54721 Mute This Topic: https://groups.io/mt/71464107/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v3 2/2] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
This is enabling a future EVP implementation to utilize the EVP_get_digestbyname() function. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 --- CryptoPkg/Library/OpensslLib/process_files.pl | 1 - 2 files changed, 4 deletions(-) diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h index 2b4d538e92..bd34e53ef2 100644 --- a/CryptoPkg/Library/Include/openssl/opensslconf.h +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h @@ -109,9 +109,6 @@ extern "C" { #ifndef OPENSSL_NO_ASYNC # define OPENSSL_NO_ASYNC #endif -#ifndef OPENSSL_NO_AUTOALGINIT -# define OPENSSL_NO_AUTOALGINIT -#endif #ifndef OPENSSL_NO_AUTOERRINIT # define OPENSSL_NO_AUTOERRINIT #endif diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl index 11cd58cc4e..4ba25da407 100755 --- a/CryptoPkg/Library/OpensslLib/process_files.pl +++ b/CryptoPkg/Library/OpensslLib/process_files.pl @@ -51,7 +51,6 @@ BEGIN { "no-afalgeng", "no-asm", "no-async", -"no-autoalginit", "no-autoerrinit", "no-autoload-config", "no-bf", -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54396): https://edk2.groups.io/g/devel/message/54396 Mute This Topic: https://groups.io/mt/71257219/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v3 1/2] CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loop
This prevents the .inf files from being randomized after every run of process_files.pl. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 66 ++-- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 62 +- CryptoPkg/Library/OpensslLib/process_files.pl | 4 +- 3 files changed, 66 insertions(+), 66 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 3fa52f5543..3519a66885 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -1,7 +1,7 @@ ## @file # This module provides OpenSSL Library implementation. # -# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2020, Intel Corporation. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -494,57 +494,57 @@ $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c $(OPENSSL_PATH)/crypto/x509v3/v3err.c - $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h - $(OPENSSL_PATH)/crypto/dh/dh_locl.h - $(OPENSSL_PATH)/crypto/bio/bio_lcl.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h - $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/sha/sha_locl.h - $(OPENSSL_PATH)/crypto/md5/md5_locl.h - $(OPENSSL_PATH)/crypto/store/store_locl.h - $(OPENSSL_PATH)/crypto/dso/dso_locl.h - $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/arm_arch.h $(OPENSSL_PATH)/crypto/mips_arch.h $(OPENSSL_PATH)/crypto/ppc_arch.h $(OPENSSL_PATH)/crypto/s390x_arch.h $(OPENSSL_PATH)/crypto/sparc_arch.h $(OPENSSL_PATH)/crypto/vms_rms.h - $(OPENSSL_PATH)/crypto/bn/bn_lcl.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h - $(OPENSSL_PATH)/crypto/ui/ui_locl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/aes/aes_locl.h $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h $(OPENSSL_PATH)/crypto/asn1/charmap.h $(OPENSSL_PATH)/crypto/asn1/standard_methods.h $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h - $(OPENSSL_PATH)/crypto/evp/evp_locl.h - $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h - $(OPENSSL_PATH)/crypto/modes/modes_lcl.h - $(OPENSSL_PATH)/crypto/comp/comp_lcl.h - $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h - $(OPENSSL_PATH)/crypto/x509/x509_lcl.h + $(OPENSSL_PATH)/crypto/async/async_locl.h $(OPENSSL_PATH)/crypto/async/arch/async_null.h $(OPENSSL_PATH)/crypto/async/arch/async_posix.h $(OPENSSL_PATH)/crypto/async/arch/async_win.h - $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/bio/bio_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_prime.h + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h + $(OPENSSL_PATH)/crypto/comp/comp_lcl.h + $(OPENSSL_PATH)/crypto/conf/conf_def.h + $(OPENSSL_PATH)/crypto/conf/conf_lcl.h $(OPENSSL_PATH)/crypto/des/des_locl.h $(OPENSSL_PATH)/crypto/des/spr.h + $(OPENSSL_PATH)/crypto/dh/dh_locl.h + $(OPENSSL_PATH)/crypto/dso/dso_locl.h + $(OPENSSL_PATH)/crypto/evp/evp_locl.h + $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h + $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h + $(OPENSSL_PATH)/crypto/md4/md4_locl.h + $(OPENSSL_PATH)/crypto/md5/md5_locl.h + $(OPENSSL_PATH)/crypto/modes/modes_lcl.h + $(OPENSSL_PATH)/crypto/objects/obj_dat.h + $(OPENSSL_PATH)/crypto/objects/obj_lcl.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h + $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h + $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h + $(OPENSSL_PATH)/crypto/rand/rand_lcl.h + $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h + $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h - $(OPENSSL_PATH)/crypto/aes/aes_locl.h - $(OPENSSL_PATH)/crypto/async/async_locl.h + $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/store/store_locl.h + $(OPENSSL_PATH)/crypto/ui/ui_locl.h + $(OPENSSL_PATH)/crypto/x509/x509_lcl.h $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h - $(OPENSSL_PATH)/crypto/objects/obj_lcl.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h $(OPENSSL_PATH)/ssl/bio_ssl.c $(OPENSSL_PATH)/ssl/d1_lib.c $(OPENSSL_PATH)/ssl/d1_msg.c @@ -589,13 +589,13 @@ $(OPENSSL_PATH)/ssl/t1_trce.c $(OPENSSL_PATH)/ssl/tls13_enc.c $(OPENSSL_PATH)/ssl/tls_srp.c - $(OPENSSL_PATH)/ssl/statem/statem.h - $(OPENSSL_PATH)/ssl/statem/statem_locl.h $(OPENSSL_PATH)/ssl/packet_locl.h $(OPENSSL_PATH)/ssl/ssl_cert_table.h $(OPENSSL_PATH)/ssl/ssl_locl.h $(OPENSSL_PATH)/ssl/record/record.h
[edk2-devel] [PATCH v3 0/2] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
In order to implement the EVP interface, the EVP_get_digestbyname function requires the desired digest to be already initialized. Removing the "no-autoalginit" build option will allow algorithms to be retrieved by name. I plan to submit a future patch with an EVP implementation; the OpenSSL documentation has stated that the EVP interface "should almost always be used" over direct digest interfaces at least as far back as version 0.9.6c. This patch set also adds the "sort" keyword to the header file parsing loop so the .inf files aren't randomized after every run of process_files.pl. Cc: Jian J Wang Cc: Xiaoyu Lu Christopher J Zurcher (2): CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing loop CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build CryptoPkg/Library/OpensslLib/OpensslLib.inf | 66 ++-- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 62 +- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- 4 files changed, 66 insertions(+), 70 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54394): https://edk2.groups.io/g/devel/message/54394 Mute This Topic: https://groups.io/mt/71257217/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
> -Original Message- > From: devel@edk2.groups.io On Behalf Of Laszlo Ersek > Sent: Thursday, February 13, 2020 15:29 > To: devel@edk2.groups.io; Zurcher, Christopher J > > Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Remove "no- > autoalginit" flag from OpenSSL build > > Hi Christopher, > > (1) Please CC the CryptoPkg maintainers on CryptoPkg patches. Thanks, I missed this originally and added them in v2. > > On 02/13/20 00:41, Zurcher, Christopher J wrote: > > This is required for interfaces such as EVP to retrieve algorithms > > by name. > > (2) Apologies, I don't understand this explanation. There don't seem to > be any users for whatever is being enabled in this patch in the edk2 > tree. Can you please elaborate? (Not just for me in this thread, but in > the commit message.) This is to prepare for a future commit that will implement an EVP interface. > > > > > This commit also adds the "sort" keyword to the header file parsing loop > > so the .inf files aren't randomized after every run of process_files.pl. > > (3) That's a great idea, but it should be split to a separate patch. I'd > suggest first introducing the sorted generation (without any change to > the set of files built). > > And then the effects of the "no-autoalginit" removal can be seen > clearly, without being hidden by the reordering. Will split in v3. Thanks, Christopher Zurcher > > > > --- > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 64 ++- > - > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +- > > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - > > CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- > > 4 files changed, 64 insertions(+), 68 deletions(-) > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > index 3fa52f5543..5caffdb71e 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > @@ -494,57 +494,57 @@ > >$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c > >$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c > >$(OPENSSL_PATH)/crypto/x509v3/v3err.c > > - $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h > > - $(OPENSSL_PATH)/crypto/dh/dh_locl.h > > - $(OPENSSL_PATH)/crypto/bio/bio_lcl.h > > - $(OPENSSL_PATH)/crypto/conf/conf_def.h > > - $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > > - $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h > > - $(OPENSSL_PATH)/crypto/sha/sha_locl.h > > - $(OPENSSL_PATH)/crypto/md5/md5_locl.h > > - $(OPENSSL_PATH)/crypto/store/store_locl.h > > - $(OPENSSL_PATH)/crypto/dso/dso_locl.h > > - $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > >$(OPENSSL_PATH)/crypto/arm_arch.h > >$(OPENSSL_PATH)/crypto/mips_arch.h > >$(OPENSSL_PATH)/crypto/ppc_arch.h > >$(OPENSSL_PATH)/crypto/s390x_arch.h > >$(OPENSSL_PATH)/crypto/sparc_arch.h > >$(OPENSSL_PATH)/crypto/vms_rms.h > > - $(OPENSSL_PATH)/crypto/bn/bn_lcl.h > > - $(OPENSSL_PATH)/crypto/bn/bn_prime.h > > - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h > > - $(OPENSSL_PATH)/crypto/ui/ui_locl.h > > - $(OPENSSL_PATH)/crypto/md4/md4_locl.h > > - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h > > + $(OPENSSL_PATH)/crypto/aes/aes_locl.h > >$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h > >$(OPENSSL_PATH)/crypto/asn1/asn1_locl.h > >$(OPENSSL_PATH)/crypto/asn1/charmap.h > >$(OPENSSL_PATH)/crypto/asn1/standard_methods.h > >$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h > > - $(OPENSSL_PATH)/crypto/evp/evp_locl.h > > - $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > > - $(OPENSSL_PATH)/crypto/modes/modes_lcl.h > > - $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > > - $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > > - $(OPENSSL_PATH)/crypto/x509/x509_lcl.h > > + $(OPENSSL_PATH)/crypto/async/async_locl.h > >$(OPENSSL_PATH)/crypto/async/arch/async_null.h > >$(OPENSSL_PATH)/crypto/async/arch/async_posix.h > >$(OPENSSL_PATH)/crypto/async/arch/async_win.h > > - $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h > > + $(OPENSSL_PATH)/crypto/bio/bio_lcl.h > > + $(OPENSSL_PATH)/crypto/bn/bn_lcl.h > > + $(OPENSSL_PATH)/crypto/bn/bn_prime.h > > + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h > > + $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > > + $(OPENSSL_PATH)/crypto/conf/conf_def.h > > + $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > >$(OPENSSL_PATH)/crypto/des/des_locl.h > >$(
Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
> -Original Message- > From: Wang, Jian J > Sent: Thursday, February 13, 2020 07:19 > To: Zurcher, Christopher J ; > devel@edk2.groups.io > Cc: Lu, XiaoyuX > Subject: RE: [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" > flag from OpenSSL build > > Thanks for the patch. Two comments below. > > > > -Original Message- > > From: Zurcher, Christopher J > > Sent: Thursday, February 13, 2020 11:34 AM > > To: devel@edk2.groups.io > > Cc: Wang, Jian J ; Lu, XiaoyuX > > > Subject: [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" > flag > > from OpenSSL build > > > > This is required for interfaces such as EVP to retrieve algorithms > > by name. > > > > This commit also adds the "sort" keyword to the header file parsing loop > > so the .inf files aren't randomized after every run of process_files.pl. > > > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Signed-off-by: Christopher J Zurcher > > --- > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 64 ++-- > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +--- > -- > > CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - > > CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- > > 4 files changed, 64 insertions(+), 68 deletions(-) > > > > diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > index 3fa52f5543..5caffdb71e 100644 > > --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf > > @@ -494,57 +494,57 @@ > >$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c > >$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c > >$(OPENSSL_PATH)/crypto/x509v3/v3err.c > > - $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h > > - $(OPENSSL_PATH)/crypto/dh/dh_locl.h > > - $(OPENSSL_PATH)/crypto/bio/bio_lcl.h > > - $(OPENSSL_PATH)/crypto/conf/conf_def.h > > - $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > > - $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h > > - $(OPENSSL_PATH)/crypto/sha/sha_locl.h > > - $(OPENSSL_PATH)/crypto/md5/md5_locl.h > > - $(OPENSSL_PATH)/crypto/store/store_locl.h > > - $(OPENSSL_PATH)/crypto/dso/dso_locl.h > > - $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h > >$(OPENSSL_PATH)/crypto/arm_arch.h > >$(OPENSSL_PATH)/crypto/mips_arch.h > >$(OPENSSL_PATH)/crypto/ppc_arch.h > >$(OPENSSL_PATH)/crypto/s390x_arch.h > >$(OPENSSL_PATH)/crypto/sparc_arch.h > >$(OPENSSL_PATH)/crypto/vms_rms.h > > - $(OPENSSL_PATH)/crypto/bn/bn_lcl.h > > - $(OPENSSL_PATH)/crypto/bn/bn_prime.h > > - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h > > - $(OPENSSL_PATH)/crypto/ui/ui_locl.h > > - $(OPENSSL_PATH)/crypto/md4/md4_locl.h > > - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h > > + $(OPENSSL_PATH)/crypto/aes/aes_locl.h > >$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h > >$(OPENSSL_PATH)/crypto/asn1/asn1_locl.h > >$(OPENSSL_PATH)/crypto/asn1/charmap.h > >$(OPENSSL_PATH)/crypto/asn1/standard_methods.h > >$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h > > - $(OPENSSL_PATH)/crypto/evp/evp_locl.h > > - $(OPENSSL_PATH)/crypto/rand/rand_lcl.h > > - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h > > - $(OPENSSL_PATH)/crypto/modes/modes_lcl.h > > - $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > > - $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h > > - $(OPENSSL_PATH)/crypto/x509/x509_lcl.h > > + $(OPENSSL_PATH)/crypto/async/async_locl.h > >$(OPENSSL_PATH)/crypto/async/arch/async_null.h > >$(OPENSSL_PATH)/crypto/async/arch/async_posix.h > >$(OPENSSL_PATH)/crypto/async/arch/async_win.h > > - $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h > > + $(OPENSSL_PATH)/crypto/bio/bio_lcl.h > > + $(OPENSSL_PATH)/crypto/bn/bn_lcl.h > > + $(OPENSSL_PATH)/crypto/bn/bn_prime.h > > + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h > > + $(OPENSSL_PATH)/crypto/comp/comp_lcl.h > > + $(OPENSSL_PATH)/crypto/conf/conf_def.h > > + $(OPENSSL_PATH)/crypto/conf/conf_lcl.h > >$(OPENSSL_PATH)/crypto/des/des_locl.h > >$(OPENSSL_PATH)/crypto/des/spr.h > > + $(OPENSSL_PATH)/crypto/dh/dh_locl.h > > + $(OPENSSL_PATH)/crypto/dso/dso_locl.h > > + $(OPENSSL_PATH)/crypto/evp/evp_locl.h > > + $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h > > + $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h > > + $(OPENSSL_PATH)/crypto/md4/md4_locl.h > > + $(OPENSSL_PATH)/crypto/md5/md5_locl.h > > + $(OPENSSL_PATH)/crypto/modes/modes_lcl.h > > +
[edk2-devel] [PATCH v2 0/1] Remove "no-autoalginit" flag from OpenSSL build
In order to implement the EVP interface, the EVP_get_digestbyname function requires the desired digest to be already initialized. Removing the "no-autoalginit" build option will allow algorithms to be retrieved by name. Cc: Jian J Wang Cc: Xiaoyu Lu Christopher J Zurcher (1): CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build CryptoPkg/Library/OpensslLib/OpensslLib.inf | 64 ++-- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- 4 files changed, 64 insertions(+), 68 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54330): https://edk2.groups.io/g/devel/message/54330 Mute This Topic: https://groups.io/mt/71232052/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
This is required for interfaces such as EVP to retrieve algorithms by name. This commit also adds the "sort" keyword to the header file parsing loop so the .inf files aren't randomized after every run of process_files.pl. Cc: Jian J Wang Cc: Xiaoyu Lu Signed-off-by: Christopher J Zurcher --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 64 ++-- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- 4 files changed, 64 insertions(+), 68 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 3fa52f5543..5caffdb71e 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -494,57 +494,57 @@ $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c $(OPENSSL_PATH)/crypto/x509v3/v3err.c - $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h - $(OPENSSL_PATH)/crypto/dh/dh_locl.h - $(OPENSSL_PATH)/crypto/bio/bio_lcl.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h - $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/sha/sha_locl.h - $(OPENSSL_PATH)/crypto/md5/md5_locl.h - $(OPENSSL_PATH)/crypto/store/store_locl.h - $(OPENSSL_PATH)/crypto/dso/dso_locl.h - $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/arm_arch.h $(OPENSSL_PATH)/crypto/mips_arch.h $(OPENSSL_PATH)/crypto/ppc_arch.h $(OPENSSL_PATH)/crypto/s390x_arch.h $(OPENSSL_PATH)/crypto/sparc_arch.h $(OPENSSL_PATH)/crypto/vms_rms.h - $(OPENSSL_PATH)/crypto/bn/bn_lcl.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h - $(OPENSSL_PATH)/crypto/ui/ui_locl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/aes/aes_locl.h $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h $(OPENSSL_PATH)/crypto/asn1/charmap.h $(OPENSSL_PATH)/crypto/asn1/standard_methods.h $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h - $(OPENSSL_PATH)/crypto/evp/evp_locl.h - $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h - $(OPENSSL_PATH)/crypto/modes/modes_lcl.h - $(OPENSSL_PATH)/crypto/comp/comp_lcl.h - $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h - $(OPENSSL_PATH)/crypto/x509/x509_lcl.h + $(OPENSSL_PATH)/crypto/async/async_locl.h $(OPENSSL_PATH)/crypto/async/arch/async_null.h $(OPENSSL_PATH)/crypto/async/arch/async_posix.h $(OPENSSL_PATH)/crypto/async/arch/async_win.h - $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/bio/bio_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_prime.h + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h + $(OPENSSL_PATH)/crypto/comp/comp_lcl.h + $(OPENSSL_PATH)/crypto/conf/conf_def.h + $(OPENSSL_PATH)/crypto/conf/conf_lcl.h $(OPENSSL_PATH)/crypto/des/des_locl.h $(OPENSSL_PATH)/crypto/des/spr.h + $(OPENSSL_PATH)/crypto/dh/dh_locl.h + $(OPENSSL_PATH)/crypto/dso/dso_locl.h + $(OPENSSL_PATH)/crypto/evp/evp_locl.h + $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h + $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h + $(OPENSSL_PATH)/crypto/md4/md4_locl.h + $(OPENSSL_PATH)/crypto/md5/md5_locl.h + $(OPENSSL_PATH)/crypto/modes/modes_lcl.h + $(OPENSSL_PATH)/crypto/objects/obj_dat.h + $(OPENSSL_PATH)/crypto/objects/obj_lcl.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h + $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h + $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h + $(OPENSSL_PATH)/crypto/rand/rand_lcl.h + $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h + $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h - $(OPENSSL_PATH)/crypto/aes/aes_locl.h - $(OPENSSL_PATH)/crypto/async/async_locl.h + $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/store/store_locl.h + $(OPENSSL_PATH)/crypto/ui/ui_locl.h + $(OPENSSL_PATH)/crypto/x509/x509_lcl.h $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h - $(OPENSSL_PATH)/crypto/objects/obj_lcl.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h $(OPENSSL_PATH)/ssl/bio_ssl.c $(OPENSSL_PATH)/ssl/d1_lib.c $(OPENSSL_PATH)/ssl/d1_msg.c @@ -589,13 +589,13 @@ $(OPENSSL_PATH)/ssl/t1_trce.c $(OPENSSL_PATH)/ssl/tls13_enc.c $(OPENSSL_PATH)/ssl/tls_srp.c - $(OPENSSL_PATH)/ssl/statem/statem.h - $(OPENSSL_PATH)/ssl/statem/statem_locl.h $(OPENSSL_PATH)/ssl/packet_locl.h $(OPENSSL_PATH)/ssl/ssl_cert_table.h $(OPENSSL_PATH)/ssl/ssl_locl.h $(OPENSSL_PATH)/ssl/record/record.h $(OPENSSL_PATH)/ssl/record/record_locl.h + $(OPENSSL_PATH)/ssl/statem/statem.h +
[edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build
This is required for interfaces such as EVP to retrieve algorithms by name. This commit also adds the "sort" keyword to the header file parsing loop so the .inf files aren't randomized after every run of process_files.pl. --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 64 ++-- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- 4 files changed, 64 insertions(+), 68 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 3fa52f5543..5caffdb71e 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -494,57 +494,57 @@ $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c $(OPENSSL_PATH)/crypto/x509v3/v3err.c - $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h - $(OPENSSL_PATH)/crypto/dh/dh_locl.h - $(OPENSSL_PATH)/crypto/bio/bio_lcl.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h - $(OPENSSL_PATH)/crypto/conf/conf_lcl.h - $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h - $(OPENSSL_PATH)/crypto/sha/sha_locl.h - $(OPENSSL_PATH)/crypto/md5/md5_locl.h - $(OPENSSL_PATH)/crypto/store/store_locl.h - $(OPENSSL_PATH)/crypto/dso/dso_locl.h - $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h $(OPENSSL_PATH)/crypto/arm_arch.h $(OPENSSL_PATH)/crypto/mips_arch.h $(OPENSSL_PATH)/crypto/ppc_arch.h $(OPENSSL_PATH)/crypto/s390x_arch.h $(OPENSSL_PATH)/crypto/sparc_arch.h $(OPENSSL_PATH)/crypto/vms_rms.h - $(OPENSSL_PATH)/crypto/bn/bn_lcl.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h - $(OPENSSL_PATH)/crypto/ui/ui_locl.h - $(OPENSSL_PATH)/crypto/md4/md4_locl.h - $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/aes/aes_locl.h $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h $(OPENSSL_PATH)/crypto/asn1/charmap.h $(OPENSSL_PATH)/crypto/asn1/standard_methods.h $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h - $(OPENSSL_PATH)/crypto/evp/evp_locl.h - $(OPENSSL_PATH)/crypto/rand/rand_lcl.h - $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h - $(OPENSSL_PATH)/crypto/modes/modes_lcl.h - $(OPENSSL_PATH)/crypto/comp/comp_lcl.h - $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h - $(OPENSSL_PATH)/crypto/x509/x509_lcl.h + $(OPENSSL_PATH)/crypto/async/async_locl.h $(OPENSSL_PATH)/crypto/async/arch/async_null.h $(OPENSSL_PATH)/crypto/async/arch/async_posix.h $(OPENSSL_PATH)/crypto/async/arch/async_win.h - $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/bio/bio_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_prime.h + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h + $(OPENSSL_PATH)/crypto/comp/comp_lcl.h + $(OPENSSL_PATH)/crypto/conf/conf_def.h + $(OPENSSL_PATH)/crypto/conf/conf_lcl.h $(OPENSSL_PATH)/crypto/des/des_locl.h $(OPENSSL_PATH)/crypto/des/spr.h + $(OPENSSL_PATH)/crypto/dh/dh_locl.h + $(OPENSSL_PATH)/crypto/dso/dso_locl.h + $(OPENSSL_PATH)/crypto/evp/evp_locl.h + $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h + $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h + $(OPENSSL_PATH)/crypto/md4/md4_locl.h + $(OPENSSL_PATH)/crypto/md5/md5_locl.h + $(OPENSSL_PATH)/crypto/modes/modes_lcl.h + $(OPENSSL_PATH)/crypto/objects/obj_dat.h + $(OPENSSL_PATH)/crypto/objects/obj_lcl.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h + $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h + $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h + $(OPENSSL_PATH)/crypto/rand/rand_lcl.h + $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h + $(OPENSSL_PATH)/crypto/sha/sha_locl.h $(OPENSSL_PATH)/crypto/siphash/siphash_local.h - $(OPENSSL_PATH)/crypto/aes/aes_locl.h - $(OPENSSL_PATH)/crypto/async/async_locl.h + $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/store/store_locl.h + $(OPENSSL_PATH)/crypto/ui/ui_locl.h + $(OPENSSL_PATH)/crypto/x509/x509_lcl.h $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h - $(OPENSSL_PATH)/crypto/objects/obj_lcl.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h $(OPENSSL_PATH)/ssl/bio_ssl.c $(OPENSSL_PATH)/ssl/d1_lib.c $(OPENSSL_PATH)/ssl/d1_msg.c @@ -589,13 +589,13 @@ $(OPENSSL_PATH)/ssl/t1_trce.c $(OPENSSL_PATH)/ssl/tls13_enc.c $(OPENSSL_PATH)/ssl/tls_srp.c - $(OPENSSL_PATH)/ssl/statem/statem.h - $(OPENSSL_PATH)/ssl/statem/statem_locl.h $(OPENSSL_PATH)/ssl/packet_locl.h $(OPENSSL_PATH)/ssl/ssl_cert_table.h $(OPENSSL_PATH)/ssl/ssl_locl.h $(OPENSSL_PATH)/ssl/record/record.h $(OPENSSL_PATH)/ssl/record/record_locl.h + $(OPENSSL_PATH)/ssl/statem/statem.h + $(OPENSSL_PATH)/ssl/statem/statem_locl.h # Autogenerated files list ends here buildinf.h
[edk2-devel] [PATCH 0/1] Remove "no-autoalginit" flag from OpenSSL build
In order to implement the EVP interface, the EVP_get_digestbyname function requires the desired digest to be already initialized. Removing the "no-autoalginit" build option will allow algorithms to be retrieved by name. Cc: Jian J Wang Cc: Xiaoyu Lu Christopher J Zurcher (1): CryptoPkg/OpensslLib: Remove "no-autoalginit" flag from OpenSSL build CryptoPkg/Library/OpensslLib/OpensslLib.inf | 64 ++-- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 60 +- CryptoPkg/Library/Include/openssl/opensslconf.h | 3 - CryptoPkg/Library/OpensslLib/process_files.pl | 5 +- 4 files changed, 64 insertions(+), 68 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54314): https://edk2.groups.io/g/devel/message/54314 Mute This Topic: https://groups.io/mt/71227826/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 017/105] .mailmap: Add an entry for Christopher J Zurcher
Reviewed-by: Christopher J Zurcher -- Christopher Zurcher -Original Message- From: devel@edk2.groups.io On Behalf Of Philippe Mathieu-Daudé Sent: Friday, December 6, 2019 03:25 To: devel@edk2.groups.io Cc: Philippe Mathieu-Daude ; Zurcher, Christopher J Subject: [edk2-devel] [PATCH v2 017/105] .mailmap: Add an entry for Christopher J Zurcher We use .mailmap to display contributors email addresses in an uniform format. Add an entry for Christopher J Zurcher to have his name and email address displayed properly in the git history. Cc: Christopher J Zurcher Signed-off-by: Philippe Mathieu-Daude --- [Due to MTA restricting the recipient list to 100, I can not Cc all the named developers in the cover. Therefore I'm adapting the explaination from the cover in each patch] This patch won't get merged if Christopher J Zurcher doesn't give his approval, by replying to this patch with: Reviewed-by: Christopher J Zurcher If you think this patch is inappropriate, you don't need to justify, reply with: NAcked-by: Christopher J Zurcher or simply: NACK If your Firstname Lastname order is incorrect, tell me and I will fix it. You can also ignore this mail, but I might resend it and keep bothering you. Regards, Phil. --- .mailmap | 1 + 1 file changed, 1 insertion(+) diff --git a/.mailmap b/.mailmap index b36e803247d1..e96b4ec6fe45 100644 --- a/.mailmap +++ b/.mailmap @@ -35,3 +35,4 @@ Chasel Chiu Chen A Chen Cheng Ching Jen Christian Rodriguez +Christopher J Zurcher -- 2.21.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52039): https://edk2.groups.io/g/devel/message/52039 Mute This Topic: https://groups.io/mt/67467684/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v8 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 This patch implements the Security Protocol In and Security Protocol Out commands in UefiScsiLib to prepare support for the Storage Security Command Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdePkg/Include/IndustryStandard/Scsi.h | 48 ++-- MdePkg/Include/Library/UefiScsiLib.h | 130 ++- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 229 +++- 3 files changed, 388 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Scsi.h b/MdePkg/Include/IndustryStandard/Scsi.h index cbe5709fe5..d03886417f 100644 --- a/MdePkg/Include/IndustryStandard/Scsi.h +++ b/MdePkg/Include/IndustryStandard/Scsi.h @@ -1,7 +1,7 @@ /** @file Support for SCSI-2 standard - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -163,6 +163,12 @@ #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa +// +// Additional commands for Secure Transactions +// +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 + // // SCSI Data Transfer Direction // @@ -172,22 +178,30 @@ // // Peripheral Device Type Definitions // -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. magnetic disk) -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device (e.g. magnetic tape) -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. some optical disks) -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) -// -// 0Ch - 1Eh are reserved -// -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type +#define EFI_SCSI_TYPE_DISK0x00 ///< Direct-access device (e.g. magnetic disk) +#define EFI_SCSI_TYPE_TAPE0x01 ///< Sequential-access device (e.g. magnetic tape) +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device +#define EFI_SCSI_TYPE_WORM0x04 ///< Write-once device (e.g. some optical disks) +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) +#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) +#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device (obsolete) +#define EFI_SCSI_TYPE_ASCIT8_10x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) +#define EFI_SCSI_TYPE_ASCIT8_20x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) +#define EFI_SCSI_TYPE_RAID0x0C ///< Storage array controller device (e.g., RAID) +#define EFI_SCSI_TYPE_SES 0x0D ///< Enclosure services device +#define EFI_SCSI_TYPE_RBC 0x0E ///< Simplified direct-access device (e.g., magnetic disk) +#define EFI_SCSI_TYPE_OCRW0x0F ///< Optical card reader/writer device +#define EFI_SCSI_TYPE_BRIDGE 0x10 ///< Bridge Controller Commands +#define EFI_SCSI_TYPE_OSD 0x11 ///< Object-based Storage Device +#define EFI_SCSI_TYPE_AUTOMATION 0x12 ///< Automation/Drive Interface +#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13 ///< Security manager device +#define EFI_SCSI_TYPE_RESERVED_LOW0x14 ///< Reserved (low) +#define EFI_SCSI_TYPE_RESERVED_HIGH 0x1D ///< Reserved (high) +#define EFI_SCSI_TYPE_WLUN0x1E ///< Well known logical unit +#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type // // Page Codes for INQUIRY command diff --git a/MdePkg/Include/Library/UefiScsiLib.h b/MdePkg/Include/Library/UefiScsiLib.h index 10dd81902b..2a81883ca9 100644 --- a/MdePkg/Include/Library/UefiScsiLib.h +++ b/MdePkg/Include/Library/UefiScsiLib.h @@ -5,7 +5,7 @@ for hard drive, CD and DVD devices that are the most common SCSI boot targets used by UEFI platforms. This library class depends on SCSI I/O Protocol defined in UEFI Specification and SCSI-2 industry standard. -Copyright (c) 2006 - 2018, Intel
[edk2-devel] [PATCH v8 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 Currently UfsPassThru only checks for 8 common LUNs. This adds a check for the RPMB Well-known LUN and sets the corresponding bit-mask. Further handling of the WLUN is already present in the driver. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 - 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c index b12404aacb..26c5a8b855 100644 --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c @@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart ( UINTN UfsHcBase; UINT32Index; UFS_UNIT_DESC UnitDescriptor; + UFS_DEV_DESC DeviceDescriptor; UINT32UnitDescriptorSize; + UINT32DeviceDescriptorSize; Status= EFI_SUCCESS; UfsHc = NULL; @@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart ( // // Check if 8 common luns are active and set corresponding bit mask. - // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper layer for authentication access. // UnitDescriptorSize = sizeof (UFS_UNIT_DESC); for (Index = 0; Index < 8; Index++) { @@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart ( } } + // + // Check if RPMB WLUN is supported and set corresponding bit mask. + // + DeviceDescriptorSize = sizeof (UFS_DEV_DESC); + Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, , ); + if (EFI_ERROR (Status)) { +DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", Status)); + } else { +if (DeviceDescriptor.SecurityLun == 0x1) { + DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n")); + Private->Luns.BitMask |= BIT11; +} + } + // // Start the asynchronous interrupt monitor // -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48177): https://edk2.groups.io/g/devel/message/48177 Mute This Topic: https://groups.io/mt/34306980/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v8 0/4] Add SCSI Support for Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 V8 changes: Align Inc512 definition in UefiScsiLib.h with that in UefiScsiLib.c. V7 changes: Changed Inc512 behavior to always take DataLength as bytes, and divide by 512 only in the CDB. V6 changes: Restore EFI_SCSI_TYPE defines for ASC IT8 devices. Revert EFI_SCSI_IO_TYPE changes in Protocol\ScsiIo.h. Add INC_512 parameter for SecurityProtocol In/Out commands in UefiScsiLib. Change UINT32 args to UINTN to match the definitions for Storage Security Command Protocol. V5 changes: Split MdeModulePkg changes into separate patches. Add ReinstallProtocol calls for StorageSecurityCommand Protocol. Restore original MediaPresent and ReadCapacity behavior, with new implementation for WLUN type media. Clear temporary aligned buffers before freeing them. V4 changes: Add SSC Protocol in addition to BlockIo instead of in place of BlockIo. Add error handling for (BlockSize == 0) in Read and WriteBlocks commands to handle partitions that do not support ReadCapacity(). V3 changes: Initialize AlignedBuffer variable in ScsiDiskReceiveData and ScsiDiskSendData functions. Remove redundant input validation and debug message in ScsiDiskSendData. V2 changes: Split the patch into separate commits for separate packages. To support RPMB access on UFS devices, support must be added to the ScsiDiskDxe driver for the Storage Security Command Protocol. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Cc: Hao A Wu Christopher J Zurcher (4): MdePkg: Implement SCSI commands for Security Protocol In/Out MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun) MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdePkg/Include/IndustryStandard/Scsi.h| 48 +- MdePkg/Include/Library/UefiScsiLib.h | 130 - MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 616 +++- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 229 +++- 8 files changed, 1181 insertions(+), 38 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48175): https://edk2.groups.io/g/devel/message/48175 Mute This Topic: https://groups.io/mt/34306978/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v8 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 Replacing "magic numbers" in the Peripheral Type check with defines for the reserved range from IndustryStandard/Scsi.h Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c index c4069aec0f..1caffd38cd 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c +++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c @@ -2,7 +2,7 @@ SCSI Bus driver that layers on every SCSI Pass Thru and Extended SCSI Pass Thru protocol in the system. -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1368,7 +1368,8 @@ DiscoverScsiDevice ( goto Done; } - if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 0xa) { + if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) && + (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) { ScsiDeviceFound = FALSE; goto Done; } -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48178): https://edk2.groups.io/g/devel/message/48178 Mute This Topic: https://groups.io/mt/34306981/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v8 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the ScsiDiskDxe driver. Support is currently limited to the RPMB Well-known LUN for UFS devices. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 616 +++- 3 files changed, 774 insertions(+), 16 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf index 5500d828e9..40818e669b 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf @@ -3,7 +3,7 @@ # It detects the SCSI disk media and installs Block I/O and Block I/O2 Protocol on # the device handle. # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -52,6 +52,7 @@ gEfiBlockIoProtocolGuid ## BY_START gEfiBlockIo2ProtocolGuid ## BY_START gEfiEraseBlockProtocolGuid## BY_START + gEfiStorageSecurityCommandProtocolGuid## BY_START gEfiScsiIoProtocolGuid## TO_START gEfiScsiPassThruProtocolGuid ## TO_START gEfiExtScsiPassThruProtocolGuid ## TO_START diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h index 42c095..2d8679ec6f 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h @@ -1,7 +1,7 @@ /** @file Header file for SCSI Disk Driver. -Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include @@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0 +#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0) + +#define UFS_WLUN_RPMB 0xC4 + typedef struct { UINT32MaxLbaCnt; UINT32MaxBlkDespCnt; @@ -51,6 +56,8 @@ typedef struct { EFI_HANDLEHandle; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL StorageSecurity; + EFI_BLOCK_IO_PROTOCOL BlkIo; EFI_BLOCK_IO2_PROTOCOLBlkIo2; EFI_BLOCK_IO_MEDIABlkIoMedia; @@ -95,6 +102,7 @@ typedef struct { #define SCSI_DISK_DEV_FROM_BLKIO(a) CR (a, SCSI_DISK_DEV, BlkIo, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_BLKIO2(a) CR (a, SCSI_DISK_DEV, BlkIo2, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_ERASEBLK(a) CR (a, SCSI_DISK_DEV, EraseBlock, SCSI_DISK_DEV_SIGNATURE) +#define SCSI_DISK_DEV_FROM_STORSEC(a) CR (a, SCSI_DISK_DEV, StorageSecurity, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, SCSI_DISK_DEV_SIGNATURE) @@ -638,6 +646,151 @@ ScsiDiskEraseBlocks ( ); +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function
[edk2-devel] [PATCH v7 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 Replacing "magic numbers" in the Peripheral Type check with defines for the reserved range from IndustryStandard/Scsi.h Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c index c4069aec0f..1caffd38cd 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c +++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c @@ -2,7 +2,7 @@ SCSI Bus driver that layers on every SCSI Pass Thru and Extended SCSI Pass Thru protocol in the system. -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1368,7 +1368,8 @@ DiscoverScsiDevice ( goto Done; } - if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 0xa) { + if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) && + (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) { ScsiDeviceFound = FALSE; goto Done; } -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48172): https://edk2.groups.io/g/devel/message/48172 Mute This Topic: https://groups.io/mt/34306930/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 This patch implements the Security Protocol In and Security Protocol Out commands in UefiScsiLib to prepare support for the Storage Security Command Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdePkg/Include/IndustryStandard/Scsi.h | 48 ++-- MdePkg/Include/Library/UefiScsiLib.h | 128 ++- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 229 +++- 3 files changed, 386 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Scsi.h b/MdePkg/Include/IndustryStandard/Scsi.h index cbe5709fe5..d03886417f 100644 --- a/MdePkg/Include/IndustryStandard/Scsi.h +++ b/MdePkg/Include/IndustryStandard/Scsi.h @@ -1,7 +1,7 @@ /** @file Support for SCSI-2 standard - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -163,6 +163,12 @@ #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa +// +// Additional commands for Secure Transactions +// +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 + // // SCSI Data Transfer Direction // @@ -172,22 +178,30 @@ // // Peripheral Device Type Definitions // -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. magnetic disk) -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device (e.g. magnetic tape) -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. some optical disks) -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) -// -// 0Ch - 1Eh are reserved -// -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type +#define EFI_SCSI_TYPE_DISK0x00 ///< Direct-access device (e.g. magnetic disk) +#define EFI_SCSI_TYPE_TAPE0x01 ///< Sequential-access device (e.g. magnetic tape) +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device +#define EFI_SCSI_TYPE_WORM0x04 ///< Write-once device (e.g. some optical disks) +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) +#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) +#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device (obsolete) +#define EFI_SCSI_TYPE_ASCIT8_10x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) +#define EFI_SCSI_TYPE_ASCIT8_20x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) +#define EFI_SCSI_TYPE_RAID0x0C ///< Storage array controller device (e.g., RAID) +#define EFI_SCSI_TYPE_SES 0x0D ///< Enclosure services device +#define EFI_SCSI_TYPE_RBC 0x0E ///< Simplified direct-access device (e.g., magnetic disk) +#define EFI_SCSI_TYPE_OCRW0x0F ///< Optical card reader/writer device +#define EFI_SCSI_TYPE_BRIDGE 0x10 ///< Bridge Controller Commands +#define EFI_SCSI_TYPE_OSD 0x11 ///< Object-based Storage Device +#define EFI_SCSI_TYPE_AUTOMATION 0x12 ///< Automation/Drive Interface +#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13 ///< Security manager device +#define EFI_SCSI_TYPE_RESERVED_LOW0x14 ///< Reserved (low) +#define EFI_SCSI_TYPE_RESERVED_HIGH 0x1D ///< Reserved (high) +#define EFI_SCSI_TYPE_WLUN0x1E ///< Well known logical unit +#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type // // Page Codes for INQUIRY command diff --git a/MdePkg/Include/Library/UefiScsiLib.h b/MdePkg/Include/Library/UefiScsiLib.h index 10dd81902b..5c94b0aa16 100644 --- a/MdePkg/Include/Library/UefiScsiLib.h +++ b/MdePkg/Include/Library/UefiScsiLib.h @@ -5,7 +5,7 @@ for hard drive, CD and DVD devices that are the most common SCSI boot targets used by UEFI platforms. This library class depends on SCSI I/O Protocol defined in UEFI Specification and SCSI-2 industry standard. -Copyright (c) 2006 - 2018, Intel
[edk2-devel] [PATCH v7 0/4] Add SCSI Support for Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 V7 changes: Changed Inc512 behavior to always take DataLength as bytes, and divide by 512 only in the CDB. V6 changes: Restore EFI_SCSI_TYPE defines for ASC IT8 devices. Revert EFI_SCSI_IO_TYPE changes in Protocol\ScsiIo.h. Add INC_512 parameter for SecurityProtocol In/Out commands in UefiScsiLib. Change UINT32 args to UINTN to match the definitions for Storage Security Command Protocol. V5 changes: Split MdeModulePkg changes into separate patches. Add ReinstallProtocol calls for StorageSecurityCommand Protocol. Restore original MediaPresent and ReadCapacity behavior, with new implementation for WLUN type media. Clear temporary aligned buffers before freeing them. V4 changes: Add SSC Protocol in addition to BlockIo instead of in place of BlockIo. Add error handling for (BlockSize == 0) in Read and WriteBlocks commands to handle partitions that do not support ReadCapacity(). V3 changes: Initialize AlignedBuffer variable in ScsiDiskReceiveData and ScsiDiskSendData functions. Remove redundant input validation and debug message in ScsiDiskSendData. V2 changes: Split the patch into separate commits for separate packages. To support RPMB access on UFS devices, support must be added to the ScsiDiskDxe driver for the Storage Security Command Protocol. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Cc: Hao A Wu Christopher J Zurcher (4): MdePkg: Implement SCSI commands for Security Protocol In/Out MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun) MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdePkg/Include/IndustryStandard/Scsi.h| 48 +- MdePkg/Include/Library/UefiScsiLib.h | 128 +++- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 616 +++- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 229 +++- 8 files changed, 1179 insertions(+), 38 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48170): https://edk2.groups.io/g/devel/message/48170 Mute This Topic: https://groups.io/mt/34306927/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 Currently UfsPassThru only checks for 8 common LUNs. This adds a check for the RPMB Well-known LUN and sets the corresponding bit-mask. Further handling of the WLUN is already present in the driver. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 - 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c index b12404aacb..26c5a8b855 100644 --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c @@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart ( UINTN UfsHcBase; UINT32Index; UFS_UNIT_DESC UnitDescriptor; + UFS_DEV_DESC DeviceDescriptor; UINT32UnitDescriptorSize; + UINT32DeviceDescriptorSize; Status= EFI_SUCCESS; UfsHc = NULL; @@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart ( // // Check if 8 common luns are active and set corresponding bit mask. - // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper layer for authentication access. // UnitDescriptorSize = sizeof (UFS_UNIT_DESC); for (Index = 0; Index < 8; Index++) { @@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart ( } } + // + // Check if RPMB WLUN is supported and set corresponding bit mask. + // + DeviceDescriptorSize = sizeof (UFS_DEV_DESC); + Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, , ); + if (EFI_ERROR (Status)) { +DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", Status)); + } else { +if (DeviceDescriptor.SecurityLun == 0x1) { + DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n")); + Private->Luns.BitMask |= BIT11; +} + } + // // Start the asynchronous interrupt monitor // -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48171): https://edk2.groups.io/g/devel/message/48171 Mute This Topic: https://groups.io/mt/34306929/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the ScsiDiskDxe driver. Support is currently limited to the RPMB Well-known LUN for UFS devices. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 616 +++- 3 files changed, 774 insertions(+), 16 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf index 5500d828e9..40818e669b 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf @@ -3,7 +3,7 @@ # It detects the SCSI disk media and installs Block I/O and Block I/O2 Protocol on # the device handle. # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -52,6 +52,7 @@ gEfiBlockIoProtocolGuid ## BY_START gEfiBlockIo2ProtocolGuid ## BY_START gEfiEraseBlockProtocolGuid## BY_START + gEfiStorageSecurityCommandProtocolGuid## BY_START gEfiScsiIoProtocolGuid## TO_START gEfiScsiPassThruProtocolGuid ## TO_START gEfiExtScsiPassThruProtocolGuid ## TO_START diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h index 42c095..2d8679ec6f 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h @@ -1,7 +1,7 @@ /** @file Header file for SCSI Disk Driver. -Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include @@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0 +#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0) + +#define UFS_WLUN_RPMB 0xC4 + typedef struct { UINT32MaxLbaCnt; UINT32MaxBlkDespCnt; @@ -51,6 +56,8 @@ typedef struct { EFI_HANDLEHandle; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL StorageSecurity; + EFI_BLOCK_IO_PROTOCOL BlkIo; EFI_BLOCK_IO2_PROTOCOLBlkIo2; EFI_BLOCK_IO_MEDIABlkIoMedia; @@ -95,6 +102,7 @@ typedef struct { #define SCSI_DISK_DEV_FROM_BLKIO(a) CR (a, SCSI_DISK_DEV, BlkIo, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_BLKIO2(a) CR (a, SCSI_DISK_DEV, BlkIo2, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_ERASEBLK(a) CR (a, SCSI_DISK_DEV, EraseBlock, SCSI_DISK_DEV_SIGNATURE) +#define SCSI_DISK_DEV_FROM_STORSEC(a) CR (a, SCSI_DISK_DEV, StorageSecurity, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, SCSI_DISK_DEV_SIGNATURE) @@ -638,6 +646,151 @@ ScsiDiskEraseBlocks ( ); +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function
[edk2-devel] [PATCH v6 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 Replacing "magic numbers" in the Peripheral Type check with defines for the reserved range from IndustryStandard/Scsi.h Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c index c4069aec0f..1caffd38cd 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c +++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c @@ -2,7 +2,7 @@ SCSI Bus driver that layers on every SCSI Pass Thru and Extended SCSI Pass Thru protocol in the system. -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1368,7 +1368,8 @@ DiscoverScsiDevice ( goto Done; } - if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 0xa) { + if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) && + (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) { ScsiDeviceFound = FALSE; goto Done; } -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46993): https://edk2.groups.io/g/devel/message/46993 Mute This Topic: https://groups.io/mt/33202223/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 0/4] Add SCSI Support for Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 V5 changes: Split MdeModulePkg changes into separate patches. Add ReinstallProtocol calls for StorageSecurityCommand Protocol. Restore original MediaPresent and ReadCapacity behavior, with new implementation for WLUN type media. Clear temporary aligned buffers before freeing them. V4 changes: Add SSC Protocol in addition to BlockIo instead of in place of BlockIo. Add error handling for (BlockSize == 0) in Read and WriteBlocks commands to handle partitions that do not support ReadCapacity(). V3 changes: Initialize AlignedBuffer variable in ScsiDiskReceiveData and ScsiDiskSendData functions. Remove redundant input validation and debug message in ScsiDiskSendData. V2 changes: Split the patch into separate commits for separate packages. To support RPMB access on UFS devices, support must be added to the ScsiDiskDxe driver for the Storage Security Command Protocol. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Cc: Hao A Wu Christopher J Zurcher (4): MdePkg: Implement SCSI commands for Security Protocol In/Out MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun) MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdePkg/Include/IndustryStandard/Scsi.h| 48 +- MdePkg/Include/Library/UefiScsiLib.h | 126 +++- MdePkg/Include/Protocol/ScsiIo.h | 9 +- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 614 +++- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 ++- 9 files changed, 1157 insertions(+), 41 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46995): https://edk2.groups.io/g/devel/message/46995 Mute This Topic: https://groups.io/mt/33202228/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 Currently UfsPassThru only checks for 8 common LUNs. This adds a check for the RPMB Well-known LUN and sets the corresponding bit-mask. Further handling of the WLUN is already present in the driver. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 - 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c index b12404aacb..26c5a8b855 100644 --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c @@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart ( UINTN UfsHcBase; UINT32Index; UFS_UNIT_DESC UnitDescriptor; + UFS_DEV_DESC DeviceDescriptor; UINT32UnitDescriptorSize; + UINT32DeviceDescriptorSize; Status= EFI_SUCCESS; UfsHc = NULL; @@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart ( // // Check if 8 common luns are active and set corresponding bit mask. - // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper layer for authentication access. // UnitDescriptorSize = sizeof (UFS_UNIT_DESC); for (Index = 0; Index < 8; Index++) { @@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart ( } } + // + // Check if RPMB WLUN is supported and set corresponding bit mask. + // + DeviceDescriptorSize = sizeof (UFS_DEV_DESC); + Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, , ); + if (EFI_ERROR (Status)) { +DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", Status)); + } else { +if (DeviceDescriptor.SecurityLun == 0x1) { + DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n")); + Private->Luns.BitMask |= BIT11; +} + } + // // Start the asynchronous interrupt monitor // -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46991): https://edk2.groups.io/g/devel/message/46991 Mute This Topic: https://groups.io/mt/33202219/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the ScsiDiskDxe driver. Support is currently limited to the RPMB Well-known LUN for UFS devices. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 616 +++- 3 files changed, 774 insertions(+), 16 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf index 5500d828e9..40818e669b 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf @@ -3,7 +3,7 @@ # It detects the SCSI disk media and installs Block I/O and Block I/O2 Protocol on # the device handle. # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -52,6 +52,7 @@ gEfiBlockIoProtocolGuid ## BY_START gEfiBlockIo2ProtocolGuid ## BY_START gEfiEraseBlockProtocolGuid## BY_START + gEfiStorageSecurityCommandProtocolGuid## BY_START gEfiScsiIoProtocolGuid## TO_START gEfiScsiPassThruProtocolGuid ## TO_START gEfiExtScsiPassThruProtocolGuid ## TO_START diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h index 42c095..2d8679ec6f 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h @@ -1,7 +1,7 @@ /** @file Header file for SCSI Disk Driver. -Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include @@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0 +#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0) + +#define UFS_WLUN_RPMB 0xC4 + typedef struct { UINT32MaxLbaCnt; UINT32MaxBlkDespCnt; @@ -51,6 +56,8 @@ typedef struct { EFI_HANDLEHandle; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL StorageSecurity; + EFI_BLOCK_IO_PROTOCOL BlkIo; EFI_BLOCK_IO2_PROTOCOLBlkIo2; EFI_BLOCK_IO_MEDIABlkIoMedia; @@ -95,6 +102,7 @@ typedef struct { #define SCSI_DISK_DEV_FROM_BLKIO(a) CR (a, SCSI_DISK_DEV, BlkIo, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_BLKIO2(a) CR (a, SCSI_DISK_DEV, BlkIo2, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_ERASEBLK(a) CR (a, SCSI_DISK_DEV, EraseBlock, SCSI_DISK_DEV_SIGNATURE) +#define SCSI_DISK_DEV_FROM_STORSEC(a) CR (a, SCSI_DISK_DEV, StorageSecurity, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, SCSI_DISK_DEV_SIGNATURE) @@ -638,6 +646,151 @@ ScsiDiskEraseBlocks ( ); +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function
[edk2-devel] [PATCH v6 0/4] Add SCSI Support for Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 V6 changes: Restore EFI_SCSI_TYPE defines for ASC IT8 devices. Revert EFI_SCSI_IO_TYPE changes in Protocol\ScsiIo.h. Add INC_512 parameter for SecurityProtocol In/Out commands in UefiScsiLib. Change UINT32 args to UINTN to match the definitions for Storage Security Command Protocol. V5 changes: Split MdeModulePkg changes into separate patches. Add ReinstallProtocol calls for StorageSecurityCommand Protocol. Restore original MediaPresent and ReadCapacity behavior, with new implementation for WLUN type media. Clear temporary aligned buffers before freeing them. V4 changes: Add SSC Protocol in addition to BlockIo instead of in place of BlockIo. Add error handling for (BlockSize == 0) in Read and WriteBlocks commands to handle partitions that do not support ReadCapacity(). V3 changes: Initialize AlignedBuffer variable in ScsiDiskReceiveData and ScsiDiskSendData functions. Remove redundant input validation and debug message in ScsiDiskSendData. V2 changes: Split the patch into separate commits for separate packages. To support RPMB access on UFS devices, support must be added to the ScsiDiskDxe driver for the Storage Security Command Protocol. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Cc: Hao A Wu Christopher J Zurcher (4): MdePkg: Implement SCSI commands for Security Protocol In/Out MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun) MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdePkg/Include/IndustryStandard/Scsi.h| 48 +- MdePkg/Include/Library/UefiScsiLib.h | 128 +++- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 616 +++- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 217 ++- 8 files changed, 1167 insertions(+), 38 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46990): https://edk2.groups.io/g/devel/message/46990 Mute This Topic: https://groups.io/mt/33202203/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 This patch implements the Security Protocol In and Security Protocol Out commands in UefiScsiLib to prepare support for the Storage Security Command Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdePkg/Include/IndustryStandard/Scsi.h | 48 +++-- MdePkg/Include/Library/UefiScsiLib.h | 128 +++- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 217 +++- 3 files changed, 374 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Scsi.h b/MdePkg/Include/IndustryStandard/Scsi.h index cbe5709fe5..d03886417f 100644 --- a/MdePkg/Include/IndustryStandard/Scsi.h +++ b/MdePkg/Include/IndustryStandard/Scsi.h @@ -1,7 +1,7 @@ /** @file Support for SCSI-2 standard - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -163,6 +163,12 @@ #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa +// +// Additional commands for Secure Transactions +// +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 + // // SCSI Data Transfer Direction // @@ -172,22 +178,30 @@ // // Peripheral Device Type Definitions // -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. magnetic disk) -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device (e.g. magnetic tape) -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. some optical disks) -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) -// -// 0Ch - 1Eh are reserved -// -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type +#define EFI_SCSI_TYPE_DISK0x00 ///< Direct-access device (e.g. magnetic disk) +#define EFI_SCSI_TYPE_TAPE0x01 ///< Sequential-access device (e.g. magnetic tape) +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device +#define EFI_SCSI_TYPE_WORM0x04 ///< Write-once device (e.g. some optical disks) +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) +#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) +#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device (obsolete) +#define EFI_SCSI_TYPE_ASCIT8_10x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) +#define EFI_SCSI_TYPE_ASCIT8_20x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) +#define EFI_SCSI_TYPE_RAID0x0C ///< Storage array controller device (e.g., RAID) +#define EFI_SCSI_TYPE_SES 0x0D ///< Enclosure services device +#define EFI_SCSI_TYPE_RBC 0x0E ///< Simplified direct-access device (e.g., magnetic disk) +#define EFI_SCSI_TYPE_OCRW0x0F ///< Optical card reader/writer device +#define EFI_SCSI_TYPE_BRIDGE 0x10 ///< Bridge Controller Commands +#define EFI_SCSI_TYPE_OSD 0x11 ///< Object-based Storage Device +#define EFI_SCSI_TYPE_AUTOMATION 0x12 ///< Automation/Drive Interface +#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13 ///< Security manager device +#define EFI_SCSI_TYPE_RESERVED_LOW0x14 ///< Reserved (low) +#define EFI_SCSI_TYPE_RESERVED_HIGH 0x1D ///< Reserved (high) +#define EFI_SCSI_TYPE_WLUN0x1E ///< Well known logical unit +#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type // // Page Codes for INQUIRY command diff --git a/MdePkg/Include/Library/UefiScsiLib.h b/MdePkg/Include/Library/UefiScsiLib.h index 10dd81902b..5c94b0aa16 100644 --- a/MdePkg/Include/Library/UefiScsiLib.h +++ b/MdePkg/Include/Library/UefiScsiLib.h @@ -5,7 +5,7 @@ for hard drive, CD and DVD devices that are the most common SCSI boot targets used by UEFI platforms. This library class depends on SCSI I/O Protocol defined in UEFI Specification and SCSI-2 industry standard. -Copyright (c) 2006 - 2018, Intel
Re: [edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out
I've implemented all the suggested changes except changing the arguments from UINT32 to UINTN. No other functions in UefiScsiLib take UINTN arguments, and since the library is directly packing the CDB, I think it makes sense to force the caller to provide the correct-size length value. That way there is no ambiguity on what is going to the device. If you agree I will send the updated patchset. Thanks, Christopher Zurcher -Original Message- From: Wu, Hao A Sent: Monday, August 26, 2019 20:03 To: devel@edk2.groups.io; Zurcher, Christopher J Cc: Yao, Jiewen ; Wang, Jian J ; Gao, Liming Subject: RE: [edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out Hello, Please refer to the below inline comments: > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Zurcher, Christopher J > Sent: Friday, August 23, 2019 6:02 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen; Wang, Jian J; Gao, Liming > Subject: [edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands > for Security Protocol In/Out > > This patch implements the Security Protocol In and Security Protocol Out > commands in UefiScsiLib to prepare support for the Storage Security > Command Protocol. > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Liming Gao > Signed-off-by: Christopher J Zurcher > --- > MdePkg/Include/IndustryStandard/Scsi.h | 48 +++-- > MdePkg/Include/Library/UefiScsiLib.h | 126 +++- > MdePkg/Include/Protocol/ScsiIo.h | 9 +- > MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++- > 4 files changed, 366 insertions(+), 22 deletions(-) > > diff --git a/MdePkg/Include/IndustryStandard/Scsi.h > b/MdePkg/Include/IndustryStandard/Scsi.h > index cbe5709fe5..10d7b49ba7 100644 > --- a/MdePkg/Include/IndustryStandard/Scsi.h > +++ b/MdePkg/Include/IndustryStandard/Scsi.h > @@ -1,7 +1,7 @@ > /** @file >Support for SCSI-2 standard > > - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. > + Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. >SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -163,6 +163,12 @@ > #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a > #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa > > +// > +// Additional commands for Secure Transactions > +// > +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 > +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 > + > // > // SCSI Data Transfer Direction > // > @@ -172,22 +178,30 @@ > // > // Peripheral Device Type Definitions > // > -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. > magnetic disk) > -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device (e.g. > magnetic tape) > -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device > -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device > -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. some > optical disks) > -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device > -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device > -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. > some optical disks) > -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer > device (e.g. jukeboxes) > -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications > device > -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic > arts pre-press devices) > -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic > arts pre-press devices) Could you help to address Liming's comment in the V4 series that to preserve the definition for EFI_SCSI_TYPE_ASCIT8_1 & EFI_SCSI_TYPE_ASCIT8_2 for compatibility consideration: https://edk2.groups.io/g/devel/message/42361?p=,,,20,0,0,0::Created,,scsi,20,2,40,32048246 > -// > -// 0Ch - 1Eh are reserved > -// > -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device > type > +#define EFI_SCSI_TYPE_DISK0x00 ///< Direct-access device (e.g. > magnetic disk) > +#define EFI_SCSI_TYPE_TAPE0x01 ///< Sequential-access device > (e.g. > magnetic tape) > +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device > +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device > +#define EFI_SCSI_TYPE_WORM0x04 ///< Write-once device (e.g. > some optical disks) > +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device > +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) > +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory devi
[edk2-devel] [PATCH v5 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check
Replacing "magic numbers" in the Peripheral Type check with defines for the reserved range from IndustryStandard/Scsi.h Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c index c4069aec0f..1caffd38cd 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c +++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c @@ -2,7 +2,7 @@ SCSI Bus driver that layers on every SCSI Pass Thru and Extended SCSI Pass Thru protocol in the system. -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1368,7 +1368,8 @@ DiscoverScsiDevice ( goto Done; } - if (0x1e >= InquiryData->Peripheral_Type && InquiryData->Peripheral_Type >= 0xa) { + if ((InquiryData->Peripheral_Type >= EFI_SCSI_TYPE_RESERVED_LOW) && + (InquiryData->Peripheral_Type <= EFI_SCSI_TYPE_RESERVED_HIGH)) { ScsiDeviceFound = FALSE; goto Done; } -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46240): https://edk2.groups.io/g/devel/message/46240 Mute This Topic: https://groups.io/mt/32994944/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out
This patch implements the Security Protocol In and Security Protocol Out commands in UefiScsiLib to prepare support for the Storage Security Command Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdePkg/Include/IndustryStandard/Scsi.h | 48 +++-- MdePkg/Include/Library/UefiScsiLib.h | 126 +++- MdePkg/Include/Protocol/ScsiIo.h | 9 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++- 4 files changed, 366 insertions(+), 22 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Scsi.h b/MdePkg/Include/IndustryStandard/Scsi.h index cbe5709fe5..10d7b49ba7 100644 --- a/MdePkg/Include/IndustryStandard/Scsi.h +++ b/MdePkg/Include/IndustryStandard/Scsi.h @@ -1,7 +1,7 @@ /** @file Support for SCSI-2 standard - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -163,6 +163,12 @@ #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa +// +// Additional commands for Secure Transactions +// +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 + // // SCSI Data Transfer Direction // @@ -172,22 +178,30 @@ // // Peripheral Device Type Definitions // -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. magnetic disk) -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device (e.g. magnetic tape) -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. some optical disks) -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) -// -// 0Ch - 1Eh are reserved -// -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type +#define EFI_SCSI_TYPE_DISK0x00 ///< Direct-access device (e.g. magnetic disk) +#define EFI_SCSI_TYPE_TAPE0x01 ///< Sequential-access device (e.g. magnetic tape) +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device +#define EFI_SCSI_TYPE_WORM0x04 ///< Write-once device (e.g. some optical disks) +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) +#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) +#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device (obsolete) +#define EFI_SCSI_TYPE_A 0x0A ///< Obsolete +#define EFI_SCSI_TYPE_B 0x0B ///< Obsolete +#define EFI_SCSI_TYPE_RAID0x0C ///< Storage array controller device (e.g., RAID) +#define EFI_SCSI_TYPE_SES 0x0D ///< Enclosure services device +#define EFI_SCSI_TYPE_RBC 0x0E ///< Simplified direct-access device (e.g., magnetic disk) +#define EFI_SCSI_TYPE_OCRW0x0F ///< Optical card reader/writer device +#define EFI_SCSI_TYPE_BRIDGE 0x10 ///< Bridge Controller Commands +#define EFI_SCSI_TYPE_OSD 0x11 ///< Object-based Storage Device +#define EFI_SCSI_TYPE_AUTOMATION 0x12 ///< Automation/Drive Interface +#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13 ///< Security manager device +#define EFI_SCSI_TYPE_RESERVED_LOW0x14 ///< Reserved (low) +#define EFI_SCSI_TYPE_RESERVED_HIGH 0x1D ///< Reserved (high) +#define EFI_SCSI_TYPE_WLUN0x1E ///< Well known logical unit +#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type // // Page Codes for INQUIRY command diff --git a/MdePkg/Include/Library/UefiScsiLib.h b/MdePkg/Include/Library/UefiScsiLib.h index 10dd81902b..a0d99e703a 100644 --- a/MdePkg/Include/Library/UefiScsiLib.h +++ b/MdePkg/Include/Library/UefiScsiLib.h @@ -5,7 +5,7 @@ for hard drive, CD and DVD devices that are the most common SCSI boot targets used by UEFI platforms. This library class depends on SCSI I/O Protocol defined in UEFI Specification and SCSI-2 industry standard. -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2019, Intel Corporation. All rights
[edk2-devel] [PATCH v5 0/4] Add SCSI Support for Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 V5 changes: Split MdeModulePkg changes into separate patches. Add ReinstallProtocol calls for StorageSecurityCommand Protocol. Restore original MediaPresent and ReadCapacity behavior, with new implementation for WLUN type media. Clear temporary aligned buffers before freeing them. V4 changes: Add SSC Protocol in addition to BlockIo instead of in place of BlockIo. Add error handling for (BlockSize == 0) in Read and WriteBlocks commands to handle partitions that do not support ReadCapacity(). V3 changes: Initialize AlignedBuffer variable in ScsiDiskReceiveData and ScsiDiskSendData functions. Remove redundant input validation and debug message in ScsiDiskSendData. V2 changes: Split the patch into separate commits for separate packages. To support RPMB access on UFS devices, support must be added to the ScsiDiskDxe driver for the Storage Security Command Protocol. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Cc: Hao A Wu Christopher J Zurcher (4): MdePkg: Implement SCSI commands for Security Protocol In/Out MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun) MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdePkg/Include/IndustryStandard/Scsi.h| 48 +- MdePkg/Include/Library/UefiScsiLib.h | 126 +++- MdePkg/Include/Protocol/ScsiIo.h | 9 +- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 614 +++- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 ++- 9 files changed, 1157 insertions(+), 41 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46237): https://edk2.groups.io/g/devel/message/46237 Mute This Topic: https://groups.io/mt/32994941/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol
This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the ScsiDiskDxe driver. Support is currently limited to the RPMB Well-known LUN for UFS devices. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 614 +++- 3 files changed, 772 insertions(+), 16 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf index 5500d828e9..40818e669b 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf @@ -3,7 +3,7 @@ # It detects the SCSI disk media and installs Block I/O and Block I/O2 Protocol on # the device handle. # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -52,6 +52,7 @@ gEfiBlockIoProtocolGuid ## BY_START gEfiBlockIo2ProtocolGuid ## BY_START gEfiEraseBlockProtocolGuid## BY_START + gEfiStorageSecurityCommandProtocolGuid## BY_START gEfiScsiIoProtocolGuid## TO_START gEfiScsiPassThruProtocolGuid ## TO_START gEfiExtScsiPassThruProtocolGuid ## TO_START diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h index 42c095..2d8679ec6f 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h @@ -1,7 +1,7 @@ /** @file Header file for SCSI Disk Driver. -Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include @@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0 +#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0) + +#define UFS_WLUN_RPMB 0xC4 + typedef struct { UINT32MaxLbaCnt; UINT32MaxBlkDespCnt; @@ -51,6 +56,8 @@ typedef struct { EFI_HANDLEHandle; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL StorageSecurity; + EFI_BLOCK_IO_PROTOCOL BlkIo; EFI_BLOCK_IO2_PROTOCOLBlkIo2; EFI_BLOCK_IO_MEDIABlkIoMedia; @@ -95,6 +102,7 @@ typedef struct { #define SCSI_DISK_DEV_FROM_BLKIO(a) CR (a, SCSI_DISK_DEV, BlkIo, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_BLKIO2(a) CR (a, SCSI_DISK_DEV, BlkIo2, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_ERASEBLK(a) CR (a, SCSI_DISK_DEV, EraseBlock, SCSI_DISK_DEV_SIGNATURE) +#define SCSI_DISK_DEV_FROM_STORSEC(a) CR (a, SCSI_DISK_DEV, StorageSecurity, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, SCSI_DISK_DEV_SIGNATURE) @@ -638,6 +646,151 @@ ScsiDiskEraseBlocks ( ); +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function shall return EFI_DEVICE_ERROR. + + @param This
[edk2-devel] [PATCH v5 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun)
Currently UfsPassThru only checks for 8 common LUNs. This adds a check for the RPMB Well-known LUN and sets the corresponding bit-mask. Further handling of the WLUN is already present in the driver. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 - 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c index b12404aacb..26c5a8b855 100644 --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c @@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart ( UINTN UfsHcBase; UINT32Index; UFS_UNIT_DESC UnitDescriptor; + UFS_DEV_DESC DeviceDescriptor; UINT32UnitDescriptorSize; + UINT32DeviceDescriptorSize; Status= EFI_SUCCESS; UfsHc = NULL; @@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart ( // // Check if 8 common luns are active and set corresponding bit mask. - // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper layer for authentication access. // UnitDescriptorSize = sizeof (UFS_UNIT_DESC); for (Index = 0; Index < 8; Index++) { @@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart ( } } + // + // Check if RPMB WLUN is supported and set corresponding bit mask. + // + DeviceDescriptorSize = sizeof (UFS_DEV_DESC); + Status = UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, , ); + if (EFI_ERROR (Status)) { +DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status = %r\n", Status)); + } else { +if (DeviceDescriptor.SecurityLun == 0x1) { + DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n")); + Private->Luns.BitMask |= BIT11; +} + } + // // Start the asynchronous interrupt monitor // -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46239): https://edk2.groups.io/g/devel/message/46239 Mute This Topic: https://groups.io/mt/32994943/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol
Hao, Why will this cause CDROM devices to fail to be recognized? If they require a capacity read, I can change the MustReadCapacity flag to TRUE. On subsequent media change, the sense key parsing will set Action to ACTION_READ_CAPACITY so that case is covered as well. Is there a reason the MustReadCapacity flag was originally set to FALSE for CDROM devices? With the default action being to read capacity anyway, the existing implementation seems to make the flag mostly useless. I have implemented the rest of the suggestions. Thanks, Christopher Zurcher -Original Message- From: Wu, Hao A Sent: Monday, June 17, 2019 19:12 To: devel@edk2.groups.io; Zurcher, Christopher J Cc: Kinney, Michael D ; Yao, Jiewen ; Wang, Jian J ; Gao, Liming Subject: RE: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Zurcher, Christopher J > Sent: Thursday, June 13, 2019 10:05 AM > To: devel@edk2.groups.io > Cc: Kinney, Michael D; Yao, Jiewen; Wang, Jian J; Gao, Liming > Subject: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support > Storage Security Command Protocol > > This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL > in the > ScsiDiskDxe driver. > > Support is currently limited to the RPMB Well-known LUN for UFS devices. Hello, Some general level comments: 1. CDROM device issue This patch will bring an issue to the CDROM devices that CD/DVD will not be recognized properly. I think the cause of the issue is the relocation of the below logic: ScsiDiskDevice->BlkIo.Media->MediaPresent = TRUE; from GetMediaInfo() to ScsiDiskTestUnitReady(). It will lead to the read capacity command being skipped for CDROM devices, which results into the LastBlock for the device equals to 0. We may need to find out a better approach to handle the case for UFS RPMB. 2. Split this patch into three commits Besides adding the Storage Security Command Protocol support in ScsiDisk driver, the patch also: * Updates the ScsiBus driver to recognize the Well known logical unit * Updates the UfsPassThruDxe driver to expose the RPMB WLUN Please help to split the patch into 3 separate commits. 3. Updates for the BlockIO(2) services For functions ScsiDiskReadBlocks(Ex) & ScsiDiskWriteBlocks(Ex), below codes are added for the dummy BlockIO(2) protocol instance on the UFS RPMB Lun: if (BlockSize == 0) { Status = EFI_UNSUPPORTED; goto Done; } I suggest to use status 'EFI_DEVICE_ERROR' for such case, since 'EFI_UNSUPPORTED' is not listed as an expected return status in the UEFI spec. 4. Reinstallation of the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL For the reinstallation of the SSC protocol to handle media change, I saw this is only handled within ScsiDiskReceiveData() & ScsiDiskSendData(). The below functions should be considered as well: ScsiDiskReadBlocks(Ex) ScsiDiskWriteBlocks(Ex) ScsiDiskFlushBlocksEx ScsiDiskEraseBlocks Some inline comments below: > > Cc: Michael D Kinney > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Liming Gao > Signed-off-by: Christopher J Zurcher > --- > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 ++- > MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 522 > +++- > MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 19 +- > 5 files changed, 698 insertions(+), 22 deletions(-) > > diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > index 5500d828e9..40818e669b 100644 > --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > @@ -3,7 +3,7 @@ > # It detects the SCSI disk media and installs Block I/O and Block I/O2 > Protocol > on > # the device handle. > # > -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. > +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > ## > @@ -52,6 +52,7 @@ >gEfiBlockIoProtocolGuid ## BY_START >gEfiBlockIo2ProtocolGuid ## BY_START >gEfiEraseBlockProtocolGuid## BY_START > + gEfiStorageSecurityCommandProtocolGuid## BY_START >gEfiScsiIoProtocolGuid## TO_START >gEfiScsiPassThruProtocolGuid ## TO_START >gEfiExtScsiPassThruProtocolGuid ## TO_START > diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h > b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h > index 42c095..2d8679ec6f
Re: [edk2-devel] [PATCH v4 0/2] Add SCSI Support for Storage Security Command Protocol
A unit test has been run which provisions RPMB key, writes data, and verifies it after reading on the following boot. Further, this code is being exercised for secure storage on multiple platforms as part of standard boot flow. Unit test files emailed separately. Thanks, Christopher Zurcher -Original Message- From: Gao, Liming Sent: Thursday, June 13, 2019 05:59 To: Zurcher, Christopher J ; devel@edk2.groups.io Cc: Kinney, Michael D ; Yao, Jiewen ; Wang, Jian J Subject: RE: [PATCH v4 0/2] Add SCSI Support for Storage Security Command Protocol Zurcher: Can you share what test has been done for this feature? Thanks Liming > -Original Message- > From: Zurcher, Christopher J > Sent: Thursday, June 13, 2019 10:05 AM > To: devel@edk2.groups.io > Cc: Kinney, Michael D ; Yao, Jiewen > ; Wang, Jian J ; Gao, > Liming > Subject: [PATCH v4 0/2] Add SCSI Support for Storage Security Command Protocol > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 > > V4 changes: > Add SSC Protocol in addition to BlockIo instead of in place of BlockIo. > Add error handling for (BlockSize == 0) in Read and WriteBlocks commands > to handle partitions that do not support ReadCapacity(). > > V3 changes: > Initialize AlignedBuffer variable in ScsiDiskReceiveData and > ScsiDiskSendData functions. Remove redundant input validation and debug > message in ScsiDiskSendData. > > V2 changes: > Split the patch into separate commits for separate packages. > > To support RPMB access on UFS devices, support must be added to > the ScsiDiskDxe driver for the Storage Security Command Protocol. > > Cc: Michael D Kinney > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Liming Gao > > Christopher J Zurcher (2): > MdePkg: Implement SCSI commands for Security Protocol In/Out > MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol > > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 ++- > MdePkg/Include/IndustryStandard/Scsi.h| 48 +- > MdePkg/Include/Library/UefiScsiLib.h | 126 - > MdePkg/Include/Protocol/ScsiIo.h | 9 +- > MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 522 +++- > MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 19 +- > MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++- > 9 files changed, 1064 insertions(+), 44 deletions(-) > > -- > 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42394): https://edk2.groups.io/g/devel/message/42394 Mute This Topic: https://groups.io/mt/32048245/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security Protocol In/Out
> Why remove ASCIT8_1 & ASCIT8_2? Can we keep them for compatibility? If that's preferred, I can add them back in. They were only removed as they are marked obsolete in SPC-5. -- Christopher Zurcher -Original Message- From: Gao, Liming Sent: Thursday, June 13, 2019 05:54 To: Zurcher, Christopher J ; devel@edk2.groups.io Cc: Yao, Jiewen ; Wang, Jian J Subject: RE: [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security Protocol In/Out > -Original Message- > From: Zurcher, Christopher J > Sent: Thursday, June 13, 2019 10:05 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Gao, Liming > Subject: [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security Protocol > In/Out > > This patch implements the Security Protocol In and Security Protocol Out > commands in UefiScsiLib to prepare support for the Storage Security > Command Protocol. > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Liming Gao > Signed-off-by: Christopher J Zurcher > --- > MdePkg/Include/IndustryStandard/Scsi.h | 48 +++-- > MdePkg/Include/Library/UefiScsiLib.h | 126 +++- > MdePkg/Include/Protocol/ScsiIo.h | 9 +- > MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++- > 4 files changed, 366 insertions(+), 22 deletions(-) > > diff --git a/MdePkg/Include/IndustryStandard/Scsi.h > b/MdePkg/Include/IndustryStandard/Scsi.h > index cbe5709fe5..10d7b49ba7 100644 > --- a/MdePkg/Include/IndustryStandard/Scsi.h > +++ b/MdePkg/Include/IndustryStandard/Scsi.h > @@ -1,7 +1,7 @@ > /** @file >Support for SCSI-2 standard > > - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. > + Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. >SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -163,6 +163,12 @@ > #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a > #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa > > +// > +// Additional commands for Secure Transactions > +// > +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 > +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 > + > // > // SCSI Data Transfer Direction > // > @@ -172,22 +178,30 @@ > // > // Peripheral Device Type Definitions > // > -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. > magnetic disk) > -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device > (e.g. magnetic tape) > -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device > -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device > -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. some > optical disks) > -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device > -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device > -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. > some optical disks) > -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. > jukeboxes) > -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device > -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic > arts pre-press devices) > -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic > arts pre-press devices) Why remove ASCIT8_1 & ASCIT8_2? Can we keep them for compatibility? > -// > -// 0Ch - 1Eh are reserved > -// > -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type > +#define EFI_SCSI_TYPE_DISK0x00 ///< Direct-access device (e.g. > magnetic disk) > +#define EFI_SCSI_TYPE_TAPE0x01 ///< Sequential-access device > (e.g. magnetic tape) > +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device > +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device > +#define EFI_SCSI_TYPE_WORM0x04 ///< Write-once device (e.g. > some optical disks) > +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device > +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) > +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. > some optical disks) > +#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. > jukeboxes) > +#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device > (obsolete) > +#define EFI_SCSI_TYPE_A 0x0A ///< Obsolete > +#define EFI_SCSI_TYPE_B 0x0B ///< Obsolete > +#define EFI_SCSI_TYPE_RAID0x0C ///< Storage array controller > device (e.g., RAID) > +#define EFI_SCSI_TYPE_SES 0x0D ///< Enclosure services device > +#define
[edk2-devel] [PATCH v4 1/2] MdePkg: Implement SCSI commands for Security Protocol In/Out
This patch implements the Security Protocol In and Security Protocol Out commands in UefiScsiLib to prepare support for the Storage Security Command Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdePkg/Include/IndustryStandard/Scsi.h | 48 +++-- MdePkg/Include/Library/UefiScsiLib.h | 126 +++- MdePkg/Include/Protocol/ScsiIo.h | 9 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++- 4 files changed, 366 insertions(+), 22 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Scsi.h b/MdePkg/Include/IndustryStandard/Scsi.h index cbe5709fe5..10d7b49ba7 100644 --- a/MdePkg/Include/IndustryStandard/Scsi.h +++ b/MdePkg/Include/IndustryStandard/Scsi.h @@ -1,7 +1,7 @@ /** @file Support for SCSI-2 standard - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. + Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -163,6 +163,12 @@ #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa +// +// Additional commands for Secure Transactions +// +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 + // // SCSI Data Transfer Direction // @@ -172,22 +178,30 @@ // // Peripheral Device Type Definitions // -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. magnetic disk) -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device (e.g. magnetic tape) -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. some optical disks) -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic arts pre-press devices) -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic arts pre-press devices) -// -// 0Ch - 1Eh are reserved -// -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type +#define EFI_SCSI_TYPE_DISK0x00 ///< Direct-access device (e.g. magnetic disk) +#define EFI_SCSI_TYPE_TAPE0x01 ///< Sequential-access device (e.g. magnetic tape) +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device +#define EFI_SCSI_TYPE_WORM0x04 ///< Write-once device (e.g. some optical disks) +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g. some optical disks) +#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g. jukeboxes) +#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device (obsolete) +#define EFI_SCSI_TYPE_A 0x0A ///< Obsolete +#define EFI_SCSI_TYPE_B 0x0B ///< Obsolete +#define EFI_SCSI_TYPE_RAID0x0C ///< Storage array controller device (e.g., RAID) +#define EFI_SCSI_TYPE_SES 0x0D ///< Enclosure services device +#define EFI_SCSI_TYPE_RBC 0x0E ///< Simplified direct-access device (e.g., magnetic disk) +#define EFI_SCSI_TYPE_OCRW0x0F ///< Optical card reader/writer device +#define EFI_SCSI_TYPE_BRIDGE 0x10 ///< Bridge Controller Commands +#define EFI_SCSI_TYPE_OSD 0x11 ///< Object-based Storage Device +#define EFI_SCSI_TYPE_AUTOMATION 0x12 ///< Automation/Drive Interface +#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13 ///< Security manager device +#define EFI_SCSI_TYPE_RESERVED_LOW0x14 ///< Reserved (low) +#define EFI_SCSI_TYPE_RESERVED_HIGH 0x1D ///< Reserved (high) +#define EFI_SCSI_TYPE_WLUN0x1E ///< Well known logical unit +#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type // // Page Codes for INQUIRY command diff --git a/MdePkg/Include/Library/UefiScsiLib.h b/MdePkg/Include/Library/UefiScsiLib.h index 10dd81902b..a0d99e703a 100644 --- a/MdePkg/Include/Library/UefiScsiLib.h +++ b/MdePkg/Include/Library/UefiScsiLib.h @@ -5,7 +5,7 @@ for hard drive, CD and DVD devices that are the most common SCSI boot targets used by UEFI platforms. This library class depends on SCSI I/O Protocol defined in UEFI Specification and SCSI-2 industry standard. -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2006 - 2019, Intel Corporation. All rights
[edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol
This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the ScsiDiskDxe driver. Support is currently limited to the RPMB Well-known LUN for UFS devices. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher --- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 ++- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 522 +++- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 19 +- 5 files changed, 698 insertions(+), 22 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf index 5500d828e9..40818e669b 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf @@ -3,7 +3,7 @@ # It detects the SCSI disk media and installs Block I/O and Block I/O2 Protocol on # the device handle. # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -52,6 +52,7 @@ gEfiBlockIoProtocolGuid ## BY_START gEfiBlockIo2ProtocolGuid ## BY_START gEfiEraseBlockProtocolGuid## BY_START + gEfiStorageSecurityCommandProtocolGuid## BY_START gEfiScsiIoProtocolGuid## TO_START gEfiScsiPassThruProtocolGuid ## TO_START gEfiExtScsiPassThruProtocolGuid ## TO_START diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h index 42c095..2d8679ec6f 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h @@ -1,7 +1,7 @@ /** @file Header file for SCSI Disk Driver. -Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include @@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define IS_DEVICE_FIXED(a)(a)->FixedDevice ? 1 : 0 +#define IS_ALIGNED(addr, size)(((UINTN) (addr) & (size - 1)) == 0) + +#define UFS_WLUN_RPMB 0xC4 + typedef struct { UINT32MaxLbaCnt; UINT32MaxBlkDespCnt; @@ -51,6 +56,8 @@ typedef struct { EFI_HANDLEHandle; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL StorageSecurity; + EFI_BLOCK_IO_PROTOCOL BlkIo; EFI_BLOCK_IO2_PROTOCOLBlkIo2; EFI_BLOCK_IO_MEDIABlkIoMedia; @@ -95,6 +102,7 @@ typedef struct { #define SCSI_DISK_DEV_FROM_BLKIO(a) CR (a, SCSI_DISK_DEV, BlkIo, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_BLKIO2(a) CR (a, SCSI_DISK_DEV, BlkIo2, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_ERASEBLK(a) CR (a, SCSI_DISK_DEV, EraseBlock, SCSI_DISK_DEV_SIGNATURE) +#define SCSI_DISK_DEV_FROM_STORSEC(a) CR (a, SCSI_DISK_DEV, StorageSecurity, SCSI_DISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, SCSI_DISK_DEV_SIGNATURE) @@ -638,6 +646,151 @@ ScsiDiskEraseBlocks ( ); +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the
[edk2-devel] [PATCH v4 0/2] Add SCSI Support for Storage Security Command Protocol
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1546 V4 changes: Add SSC Protocol in addition to BlockIo instead of in place of BlockIo. Add error handling for (BlockSize == 0) in Read and WriteBlocks commands to handle partitions that do not support ReadCapacity(). V3 changes: Initialize AlignedBuffer variable in ScsiDiskReceiveData and ScsiDiskSendData functions. Remove redundant input validation and debug message in ScsiDiskSendData. V2 changes: Split the patch into separate commits for separate packages. To support RPMB access on UFS devices, support must be added to the ScsiDiskDxe driver for the Storage Security Command Protocol. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Christopher J Zurcher (2): MdePkg: Implement SCSI commands for Security Protocol In/Out MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 ++- MdePkg/Include/IndustryStandard/Scsi.h| 48 +- MdePkg/Include/Library/UefiScsiLib.h | 126 - MdePkg/Include/Protocol/ScsiIo.h | 9 +- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c| 5 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 522 +++- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 19 +- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 205 +++- 9 files changed, 1064 insertions(+), 44 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42321): https://edk2.groups.io/g/devel/message/42321 Mute This Topic: https://groups.io/mt/32048245/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-