Re: [edk2] Dxe Core support for EFI_SECTION_PEI_DEPEX section.
Mike: I agree to update DXE dispatcher to directly handle FV image with PEI_DEPEX. If FV image with SMM_DEPEX, SMM dispatcher should handle it. Once SMM_DEPEX is satisfied, SMM core can trig event and let DxeCore install FV protocol for it. Thanks Liming -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Kinney, Michael D Sent: Tuesday, February 2, 2016 9:04 AM To: Andrew Fish; edk2-devel@lists.01.org; Kinney, Michael D Subject: Re: [edk2] Dxe Core support for EFI_SECTION_PEI_DEPEX section. Andrew, I agree that it looks like we can improve the logic here. 1) PEI Dispatcher: The logic looks correct to me. It only looks for a section of type EFI_SECTION_PEI_DEPEX. 2) DXE Dispatcher: The current logic ignores an FV if there is either a PEI depex or an SMM depex present. I think it would be safe to remove the checks for the PEI depex and the SMM depex, so it only pays attention to a DXE depex. If no DXE depex is present, then the FV can be evaluated immediately. BTW, I did look at the history. It appears that this aggressive filter has been in place since the first commit to the DXE Core to support FV scoped depex expressions. 3) SMM Dispatcher: Does not evaluate depex associated with FV. Instead, it depends on the DXE Dispatcher to notify SMM Dispatcher when the SMM dispatcher should look in FVs for SMM drivers to dispatch. So I do not think any logic changes are required in SMM. Best regards, Mike > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Andrew > Fish > Sent: Monday, February 1, 2016 8:34 AM > To: edk2-devel@lists.01.org> Subject: [edk2] Dxe Core support for EFI_SECTION_PEI_DEPEX section. > > I have an FV and I'd like to have PEI and DXE code in it. The code that I > need to > access at PEI Time (DXE Core) is a compressed file in the FV. The code that > only needs > to be accessed at DXE time is in a compressed FV. By default PEI will try to > decompress > the FV Section, so I added a EFI_SECTION_PEI_DEPEX of FALSE to prevent this. > To my > surprise this prevented the FV from being dispatched in DXE. > > I don't see any language in the PI spec that calls out this behavior. I think > we should > remove the checks for EFI_SECTION_PEI_DEPEX, and maybe even > EFI_SECTION_SMM_DEPEX. I > think it is a better design to have the FV prevent the dispatch from the > phase(s) it is > discovered in if that is the intent. > > So for my example I added: > SECTION PEI_DEPEX_EXP = {FALSE} > > If you had a FV that showed up in DXE, but was for SMM you could: > SECTION DXE_DEPEX_EXP = {FALSE} > > This is the code I'm talking about: > MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c > > // > // Check if this EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE file has > PEI depex > section. > // > DepexBuffer = NULL; > SizeOfBuffer = 0; > Status = Fv->ReadSection ( >Fv, >, >EFI_SECTION_PEI_DEPEX, >0, >, >, > >); > if (!EFI_ERROR (Status)) { > // > // If PEI depex section is found, this FV image will be ignored > in DXE > phase. > // Now, DxeCore doesn't support FV image with more one type > DEPEX > section. > // > FreePool (DepexBuffer); > continue; > } > > > Thanks, > > Andrew Fish > > PS This logic also exists. > > // > // Check if this EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE file has > SMM depex > section. > // > DepexBuffer = NULL; > SizeOfBuffer = 0; > Status = Fv->ReadSection ( >Fv, >, >EFI_SECTION_SMM_DEPEX, >0, >, >, > >); > if (!EFI_ERROR (Status)) { > // > // If SMM depex section is found, this FV image will be ignored > in DXE > phase. > // Now, DxeCore doesn't support FV image with more one type > DEPEX > section. > // > FreePool (DepexBuffer); > continue; > } > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org
Re: [edk2] Dxe Core support for EFI_SECTION_PEI_DEPEX section.
Andrew, I agree that it looks like we can improve the logic here. 1) PEI Dispatcher: The logic looks correct to me. It only looks for a section of type EFI_SECTION_PEI_DEPEX. 2) DXE Dispatcher: The current logic ignores an FV if there is either a PEI depex or an SMM depex present. I think it would be safe to remove the checks for the PEI depex and the SMM depex, so it only pays attention to a DXE depex. If no DXE depex is present, then the FV can be evaluated immediately. BTW, I did look at the history. It appears that this aggressive filter has been in place since the first commit to the DXE Core to support FV scoped depex expressions. 3) SMM Dispatcher: Does not evaluate depex associated with FV. Instead, it depends on the DXE Dispatcher to notify SMM Dispatcher when the SMM dispatcher should look in FVs for SMM drivers to dispatch. So I do not think any logic changes are required in SMM. Best regards, Mike > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Andrew > Fish > Sent: Monday, February 1, 2016 8:34 AM > To: edk2-devel@lists.01.org> Subject: [edk2] Dxe Core support for EFI_SECTION_PEI_DEPEX section. > > I have an FV and I'd like to have PEI and DXE code in it. The code that I > need to > access at PEI Time (DXE Core) is a compressed file in the FV. The code that > only needs > to be accessed at DXE time is in a compressed FV. By default PEI will try to > decompress > the FV Section, so I added a EFI_SECTION_PEI_DEPEX of FALSE to prevent this. > To my > surprise this prevented the FV from being dispatched in DXE. > > I don't see any language in the PI spec that calls out this behavior. I think > we should > remove the checks for EFI_SECTION_PEI_DEPEX, and maybe even > EFI_SECTION_SMM_DEPEX. I > think it is a better design to have the FV prevent the dispatch from the > phase(s) it is > discovered in if that is the intent. > > So for my example I added: > SECTION PEI_DEPEX_EXP = {FALSE} > > If you had a FV that showed up in DXE, but was for SMM you could: > SECTION DXE_DEPEX_EXP = {FALSE} > > This is the code I'm talking about: > MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c > > // > // Check if this EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE file has > PEI depex > section. > // > DepexBuffer = NULL; > SizeOfBuffer = 0; > Status = Fv->ReadSection ( >Fv, >, >EFI_SECTION_PEI_DEPEX, >0, >, >, > >); > if (!EFI_ERROR (Status)) { > // > // If PEI depex section is found, this FV image will be ignored > in DXE > phase. > // Now, DxeCore doesn't support FV image with more one type > DEPEX > section. > // > FreePool (DepexBuffer); > continue; > } > > > Thanks, > > Andrew Fish > > PS This logic also exists. > > // > // Check if this EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE file has > SMM depex > section. > // > DepexBuffer = NULL; > SizeOfBuffer = 0; > Status = Fv->ReadSection ( >Fv, >, >EFI_SECTION_SMM_DEPEX, >0, >, >, > >); > if (!EFI_ERROR (Status)) { > // > // If SMM depex section is found, this FV image will be ignored > in DXE > phase. > // Now, DxeCore doesn't support FV image with more one type > DEPEX > section. > // > FreePool (DepexBuffer); > continue; > } > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [patch 3/6] OvmfPkg:Add FileExplorerLib.inf to the dsc file
Because SecureBootConfigDxe use FileExplorerLib now,but FileExplorerLib is not in the dsc file of the package which use SecureBootConfigDxe.Now add it to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- OvmfPkg/OvmfPkgIa32.dsc| 3 ++- OvmfPkg/OvmfPkgIa32X64.dsc | 3 ++- OvmfPkg/OvmfPkgX64.dsc | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index a6d8d63..2cf6c74 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,9 +1,9 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php @@ -103,10 +103,11 @@ UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 299c862..67b9c9e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -1,9 +1,9 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php @@ -108,10 +108,11 @@ UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index fa37b1e..6d18871 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1,9 +1,9 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php @@ -108,10 +108,11 @@ UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [patch 5/6] SecurityPkg:Add FileExplorerLib.inf to the dsc file
Because SecureBootConfigDxe use FileExplorerLib now,but FileExplorerLib is not in the dsc file of the package which use SecureBootConfigDxe.Now add it to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- SecurityPkg/SecurityPkg.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 0f1fc0f..fa46ffb 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -61,10 +61,11 @@ TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf [LibraryClasses.common.PEIM] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [patch 2/6] ArmVirPkg:Add FileExplorerLib.inf to the dsc file
Because SecureBootConfigDxe use FileExplorerLib now,but FileExplorerLib is not in the dsc file of the package which use SecureBootConfigDxe.Now add it to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- ArmVirtPkg/ArmVirtQemu.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index e6440ec..5e12430 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -1,9 +1,9 @@ # # Copyright (c) 2011-2015, ARM Limited. All rights reserved. # Copyright (c) 2014, Linaro Limited. All rights reserved. -# Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2015-2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php @@ -60,10 +60,11 @@ CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf GenericBdsLib|IntelFrameworkModulePkg/Library/GenericBdsLib/GenericBdsLib.inf PlatformBdsLib|ArmVirtPkg/Library/PlatformIntelBdsLib/PlatformIntelBdsLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf [LibraryClasses.AARCH64.SEC] -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [patch 4/6] Vlv2TbltDevicePkg:Add FileExplorerLib.inf to the dsc file
Because SecureBootConfigDxe use FileExplorerLib now,but FileExplorerLib is not in the dsc file of the package which use SecureBootConfigDxe.Now add it to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 3 ++- Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 3 ++- Vlv2TbltDevicePkg/PlatformPkgX64.dsc| 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc index a2a5b02..7f83798 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc @@ -1,9 +1,9 @@ #/** @file # Platform description. # -# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution. # The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php. @@ -147,10 +147,11 @@ GenericBdsLib|$(PLATFORM_PACKAGE)/Override/IntelFrameworkModulePkg/Library/GenericBdsLib/GenericBdsLib.inf PlatformBdsLib|$(PLATFORM_PACKAGE)/Library/PlatformBdsLib/PlatformBdsLib.inf NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf FlashDeviceLib|$(PLATFORM_PACKAGE)/Library/FlashDeviceLib/FlashDeviceLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf # # Framework # !if $(S3_ENABLE) == TRUE S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc index f42995b..8490432 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc @@ -1,9 +1,9 @@ #/** @file # Platform description. # -# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution. # The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php. @@ -147,10 +147,11 @@ GenericBdsLib|$(PLATFORM_PACKAGE)/Override/IntelFrameworkModulePkg/Library/GenericBdsLib/GenericBdsLib.inf PlatformBdsLib|$(PLATFORM_PACKAGE)/Library/PlatformBdsLib/PlatformBdsLib.inf NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf FlashDeviceLib|$(PLATFORM_PACKAGE)/Library/FlashDeviceLib/FlashDeviceLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf # # Framework # !if $(S3_ENABLE) == TRUE S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc index e2bba65..972773b 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc @@ -1,9 +1,9 @@ #/** @file # Platform description. # -# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution. # The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php. @@ -147,10 +147,11 @@ GenericBdsLib|$(PLATFORM_PACKAGE)/Override/IntelFrameworkModulePkg/Library/GenericBdsLib/GenericBdsLib.inf PlatformBdsLib|$(PLATFORM_PACKAGE)/Library/PlatformBdsLib/PlatformBdsLib.inf NetLib|MdeModulePkg/Library/DxeNetLib/DxeNetLib.inf DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf FlashDeviceLib|$(PLATFORM_PACKAGE)/Library/FlashDeviceLib/FlashDeviceLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf # # Framework # !if $(S3_ENABLE) == TRUE S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org
[edk2] [patch 1/6] ArmPlatformPkg:Add FileExplorerLib.inf to the dsc file
Because SecureBootConfigDxe use FileExplorerLib now,but FileExplorerLib is not in the dsc file of the package which use SecureBootConfigDxe.Now add it to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc index af46331..4837ca1 100644 --- a/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc +++ b/ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc @@ -1,8 +1,8 @@ # # Copyright (c) 2011-2015, ARM Limited. All rights reserved. -# Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2015-2016, Intel Corporation. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php @@ -47,10 +47,11 @@ TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf # Virtio Support VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf VirtioMmioDeviceLib|OvmfPkg/Library/VirtioMmioDeviceLib/VirtioMmioDeviceLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf [LibraryClasses.common.SEC] ArmLib|ArmPkg/Library/ArmLib/AArch64/AArch64LibSec.inf ArmPlatformSecLib|ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressSecLibRTSM/ArmVExpressSecLib.inf ArmPlatformLib|ArmPlatformPkg/ArmVExpressPkg/Library/ArmVExpressLibRTSM/ArmVExpressLibSec.inf -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [patch 0/6] Use FileExplorerLib in SecureBootConfigDxe
Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe.And add FileExplorerLib to dsc files of related packages which use SecureBootConfigDxe. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan BiDandan Bi (6): ArmPlatformPkg:Add FileExplorerLib.inf to the dsc file ArmVirPkg:Add FileExplorerLib.inf to the dsc file OvmfPkg:Add FileExplorerLib.inf to the dsc file Vlv2TbltDevicePkg:Add FileExplorerLib.inf to the dsc file SecurityPkg:Add FileExplorerLib.inf to the dsc file SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe .../ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc |3 +- ArmVirtPkg/ArmVirtQemu.dsc |3 +- OvmfPkg/OvmfPkgIa32.dsc|3 +- OvmfPkg/OvmfPkgIa32X64.dsc |3 +- OvmfPkg/OvmfPkgX64.dsc |3 +- SecurityPkg/SecurityPkg.dsc|1 + .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- .../SecureBootConfigFileExplorer.c | 1127 +--- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 ++- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 +-- .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 + Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc|3 +- Vlv2TbltDevicePkg/PlatformPkgIA32.dsc |3 +- Vlv2TbltDevicePkg/PlatformPkgX64.dsc |3 +- 15 files changed, 1242 insertions(+), 341 deletions(-) -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear.After using FileExplorerLib,the UI behavior for enroll PK will change, previously when select one PK file,commit/discard changes will return to Device Manager,press ESC will return to FileExplorer. Now using FileExplorerLib the behavior will keep same with enroll KEK/DB/...,commit/discard changes will return to Custom Secure Boot Options form and ESC will return to PK options form. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- .../SecureBootConfigFileExplorer.c | 1127 +--- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 ++- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 +-- .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 + 6 files changed, 1225 insertions(+), 333 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 484da2c..e53630c 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,9 +1,9 @@ /** @file VFR file used by the SecureBoot configuration component. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -200,33 +200,15 @@ formset form formid = FORMID_ENROLL_PK_FORM, title = STRING_TOKEN(STR_ENROLL_PK); subtitle text = STRING_TOKEN(STR_NULL); -goto FORMID_ENROLL_PK_FORM, +goto FORM_FILE_EXPLORER_ID_PK, prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), flags = INTERACTIVE, - key = FORMID_ENROLL_PK_FORM; - -subtitle text = STRING_TOKEN(STR_NULL); -label FORMID_ENROLL_PK_FORM; -label LABEL_END; -subtitle text = STRING_TOKEN(STR_NULL); - -goto FORMID_SECURE_BOOT_OPTION_FORM, - prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), - help = STRING_TOKEN(STR_SAVE_AND_EXIT), - flags = INTERACTIVE| RESET_REQUIRED, - key= KEY_VALUE_SAVE_AND_EXIT_PK; - -goto FORMID_SECURE_BOOT_OPTION_FORM, - prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - flags = INTERACTIVE, - key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; - + key = SECUREBOOT_ADD_PK_FILE_FORM_ID; endform; // // ##5 Form: 'KEK Options' // @@ -261,11 +243,11 @@ formset form formid = FORMID_ENROLL_KEK_FORM, title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORMID_ENROLL_KEK_FORM, +goto FORM_FILE_EXPLORER_ID_KEK, prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), flags = INTERACTIVE, key= FORMID_ENROLL_KEK_FORM; @@ -424,11 +406,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, +goto FORM_FILE_EXPLORER_ID_DB, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; @@ -469,11 +451,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, +goto FORM_FILE_EXPLORER_ID_DBX, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; @@ -545,11 +527,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, +goto FORM_FILE_EXPLORER_ID_DBT, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; @@ -582,6
Re: [edk2] EFI_IP4_CONFIG2_PROTOCOL [was: Re: [PATCH v2] MdeModulePkg: Update MNP driver to recycle TX buffer asynchronously.]
On 02/01/16 05:11, Josh Triplett wrote: > On Wed, Jan 13, 2016 at 10:24:00AM -0800, Josh Triplett wrote: >> On Wed, Jan 13, 2016 at 01:43:38PM +0100, Laszlo Ersek wrote: >>> I just noticed that the most recent release of BITS provides a >>> standalone HTTP client! >>> >>> http://biosbits.org/news/bits-2070/ >>> >>> Josh, a couple of points: >>> >>> - edk2 doesn't provide EFI_IP4_CONFIG_PROTOCOL any longer; it provides >>> EFI_IP4_CONFIG2_PROTOCOL. I haven't tested this new release of BITS >>> just yet, but I know this caused problems for a few consumers of edk2. >> >> Most existing BIOSes we've worked with don't provide the newer protocol, >> though. So at a minimum we'll have to support both. Probably not too >> difficult to do, though. > > The latest release of BITS (bits-2073, released today) now uses > EFI_IP4_CONFIG2_PROTOCOL, and falls back to EFI_IP4_CONFIG_PROTOCOL. Thanks a lot, I'm tagging this. Hopefully I can check it out soon. Laszlo > We also added support for using the existing configuration if already > configured, and only kicking off DHCP if not already configured. In > particular, if you have manual IP configuration set up in your firmware, > or manually configure IP via the shell, BITS will use that > configuration. > > A couple of questions about EFI_IP4_CONFIG2_PROTOCOL: > > First, as far as I can tell, the implementation in edk2 does not trigger > any of the events possible to register via RegisterDataNotify when DHCP > completes. Switching to Ip4Config2PolicyDhcp will wipe the three manual > configuration items (and signal the events for them), and any call to > SetData will signal the corresponding event, but DHCP completion just > sets the various configuration information without signaling an event. > As a result, we ended up just polling GetData of > Ip4Config2DataTypeInterfaceInfo until it returned a valid IP. > > Second, how can we explicitly tell EFI_IP4_CONFIG2_PROTOCOL to obtain an > address via DHCP, if it hasn't already? To kick off DHCP, we ended up > having to change the policy from DHCP to static and back to DHCP (since > SetData won't call Ip4StartAutoConfig unless the policy changes to DHCP > from something other than DHCP). > > - Josh Triplett > ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [patch] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- .../SecureBootConfigFileExplorer.c | 1127 +++- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 +-- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 ++- .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 - 6 files changed, 333 insertions(+), 1225 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index e53630c..484da2c 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,9 +1,9 @@ /** @file VFR file used by the SecureBoot configuration component. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -200,15 +200,33 @@ formset form formid = FORMID_ENROLL_PK_FORM, title = STRING_TOKEN(STR_ENROLL_PK); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_PK, +goto FORMID_ENROLL_PK_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), flags = INTERACTIVE, - key = SECUREBOOT_ADD_PK_FILE_FORM_ID; + key = FORMID_ENROLL_PK_FORM; + +subtitle text = STRING_TOKEN(STR_NULL); +label FORMID_ENROLL_PK_FORM; +label LABEL_END; +subtitle text = STRING_TOKEN(STR_NULL); + +goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE| RESET_REQUIRED, + key= KEY_VALUE_SAVE_AND_EXIT_PK; + +goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; + endform; // // ##5 Form: 'KEK Options' // @@ -243,11 +261,11 @@ formset form formid = FORMID_ENROLL_KEK_FORM, title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_KEK, +goto FORMID_ENROLL_KEK_FORM, prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), flags = INTERACTIVE, key= FORMID_ENROLL_KEK_FORM; @@ -406,11 +424,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_DB, +goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; @@ -451,11 +469,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_DBX, +goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; @@ -527,11 +545,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_DBT, +goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; @@ -564,83 +582,6 @@ formset flags = INTERACTIVE, key= KEY_VALUE_NO_SAVE_AND_EXIT_DBT; endform; - // - // File Explorer for PK - // - form formid = FORM_FILE_EXPLORER_ID_PK, - title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE); - - label FORM_FILE_EXPLORER_ID; - label LABEL_END; - endform; - - // - // File Explorer for KEK - // - form
Re: [edk2] [patch] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
On 02/01/16 10:06, Dandan Bi wrote: > Using existing library FileExplorerLib to replace the same > logic in SecureBootConfigDxe to make the code clear. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Dandan Bi> --- > .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- > .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- > .../SecureBootConfigFileExplorer.c | 1127 > +++- > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 +-- > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 ++- > .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 - > 6 files changed, 333 insertions(+), 1225 deletions(-) This is probably a great idea, but the patch is incomplete. The following edk2 DSC files list "SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf": - ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc - ArmVirtPkg/ArmVirtQemu.dsc - Nt32Pkg/Nt32Pkg.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - QuarkPlatformPkg/Quark.dsc - SecurityPkg/SecurityPkg.dsc - Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc - Vlv2TbltDevicePkg/PlatformPkgIA32.dsc - Vlv2TbltDevicePkg/PlatformPkgX64.dsc Of these, only the following resolve "FileExplorerLib": - Nt32Pkg/Nt32Pkg.dsc - QuarkPlatformPkg/Quark.dsc Which means that the patch will break the build for the other DSC files: - ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc - ArmVirtPkg/ArmVirtQemu.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - SecurityPkg/SecurityPkg.dsc - Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc - Vlv2TbltDevicePkg/PlatformPkgIA32.dsc - Vlv2TbltDevicePkg/PlatformPkgX64.dsc So, this change should be implemented in a 6-part series, where the first five patches resolve FileExplorerLib for each of ArmPlatformPkg, ArmVirtPkg, OvmfPkg (three DSC files in one patch), SecurityPkg, Vlv2TbltDevicePkg (three DSC files in one patch). Then this patch should be included as the last one in the series. Thanks Laszlo > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > index e53630c..484da2c 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > @@ -1,9 +1,9 @@ > /** @file >VFR file used by the SecureBoot configuration component. > > -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. > +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD > License > which accompanies this distribution. The full text of the license may be > found at > http://opensource.org/licenses/bsd-license.php > > @@ -200,15 +200,33 @@ formset >form formid = FORMID_ENROLL_PK_FORM, > title = STRING_TOKEN(STR_ENROLL_PK); > > subtitle text = STRING_TOKEN(STR_NULL); > > -goto FORM_FILE_EXPLORER_ID_PK, > +goto FORMID_ENROLL_PK_FORM, > prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), > help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), > flags = INTERACTIVE, > - key = SECUREBOOT_ADD_PK_FILE_FORM_ID; > + key = FORMID_ENROLL_PK_FORM; > + > +subtitle text = STRING_TOKEN(STR_NULL); > +label FORMID_ENROLL_PK_FORM; > +label LABEL_END; > +subtitle text = STRING_TOKEN(STR_NULL); > + > +goto FORMID_SECURE_BOOT_OPTION_FORM, > + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), > + help = STRING_TOKEN(STR_SAVE_AND_EXIT), > + flags = INTERACTIVE| RESET_REQUIRED, > + key= KEY_VALUE_SAVE_AND_EXIT_PK; > + > +goto FORMID_SECURE_BOOT_OPTION_FORM, > + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), > + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), > + flags = INTERACTIVE, > + key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; > + >endform; > >// >// ##5 Form: 'KEK Options' >// > @@ -243,11 +261,11 @@ formset >form formid = FORMID_ENROLL_KEK_FORM, > title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); > > subtitle text = STRING_TOKEN(STR_NULL); > > -goto FORM_FILE_EXPLORER_ID_KEK, > +goto FORMID_ENROLL_KEK_FORM, > prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), > help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), > flags = INTERACTIVE, > key= FORMID_ENROLL_KEK_FORM; > > @@ -406,11 +424,11 @@ formset >form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, > title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); > > subtitle text = STRING_TOKEN(STR_NULL); > > -goto FORM_FILE_EXPLORER_ID_DB, > +goto
Re: [edk2] [patch] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Hi Laszlo, Thanks for your comments. I will update the related package.dsc files, and new patch series will send out later. Thanks, Dandan -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Monday, February 1, 2016 5:22 PM To: Bi, Dandan Cc: Zhang, Chao B; Dong, Eric; edk2-de...@ml01.01.org Subject: Re: [edk2] [patch] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe On 02/01/16 10:06, Dandan Bi wrote: > Using existing library FileExplorerLib to replace the same > logic in SecureBootConfigDxe to make the code clear. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Dandan Bi> --- > .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- > .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- > .../SecureBootConfigFileExplorer.c | 1127 > +++- > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 +-- > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 ++- > .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 - > 6 files changed, 333 insertions(+), 1225 deletions(-) This is probably a great idea, but the patch is incomplete. The following edk2 DSC files list "SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf": - ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc - ArmVirtPkg/ArmVirtQemu.dsc - Nt32Pkg/Nt32Pkg.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - QuarkPlatformPkg/Quark.dsc - SecurityPkg/SecurityPkg.dsc - Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc - Vlv2TbltDevicePkg/PlatformPkgIA32.dsc - Vlv2TbltDevicePkg/PlatformPkgX64.dsc Of these, only the following resolve "FileExplorerLib": - Nt32Pkg/Nt32Pkg.dsc - QuarkPlatformPkg/Quark.dsc Which means that the patch will break the build for the other DSC files: - ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc - ArmVirtPkg/ArmVirtQemu.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - SecurityPkg/SecurityPkg.dsc - Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc - Vlv2TbltDevicePkg/PlatformPkgIA32.dsc - Vlv2TbltDevicePkg/PlatformPkgX64.dsc So, this change should be implemented in a 6-part series, where the first five patches resolve FileExplorerLib for each of ArmPlatformPkg, ArmVirtPkg, OvmfPkg (three DSC files in one patch), SecurityPkg, Vlv2TbltDevicePkg (three DSC files in one patch). Then this patch should be included as the last one in the series. Thanks Laszlo > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > index e53630c..484da2c 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > @@ -1,9 +1,9 @@ > /** @file >VFR file used by the SecureBoot configuration component. > > -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. > +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD > License > which accompanies this distribution. The full text of the license may be > found at > http://opensource.org/licenses/bsd-license.php > > @@ -200,15 +200,33 @@ formset >form formid = FORMID_ENROLL_PK_FORM, > title = STRING_TOKEN(STR_ENROLL_PK); > > subtitle text = STRING_TOKEN(STR_NULL); > > -goto FORM_FILE_EXPLORER_ID_PK, > +goto FORMID_ENROLL_PK_FORM, > prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), > help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), > flags = INTERACTIVE, > - key = SECUREBOOT_ADD_PK_FILE_FORM_ID; > + key = FORMID_ENROLL_PK_FORM; > + > +subtitle text = STRING_TOKEN(STR_NULL); > +label FORMID_ENROLL_PK_FORM; > +label LABEL_END; > +subtitle text = STRING_TOKEN(STR_NULL); > + > +goto FORMID_SECURE_BOOT_OPTION_FORM, > + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), > + help = STRING_TOKEN(STR_SAVE_AND_EXIT), > + flags = INTERACTIVE| RESET_REQUIRED, > + key= KEY_VALUE_SAVE_AND_EXIT_PK; > + > +goto FORMID_SECURE_BOOT_OPTION_FORM, > + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), > + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), > + flags = INTERACTIVE, > + key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; > + >endform; > >// >// ##5 Form: 'KEK Options' >// > @@ -243,11 +261,11 @@ formset >form formid = FORMID_ENROLL_KEK_FORM, > title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); > > subtitle text = STRING_TOKEN(STR_NULL); > > -goto FORM_FILE_EXPLORER_ID_KEK, > +goto FORMID_ENROLL_KEK_FORM, > prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), > help =
Re: [edk2] [patch] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Dandan: Can you also add more specific description in check in log about the SecureBoot Config UI behavior change after your patch? Thanks & Best regards Chao Zhang -Original Message- From: Bi, Dandan Sent: Monday, February 01, 2016 6:02 PM To: Laszlo Ersek Cc: Zhang, Chao B; Dong, Eric; edk2-de...@ml01.01.org Subject: RE: [edk2] [patch] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe Hi Laszlo, Thanks for your comments. I will update the related package.dsc files, and new patch series will send out later. Thanks, Dandan -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Monday, February 1, 2016 5:22 PM To: Bi, Dandan Cc: Zhang, Chao B; Dong, Eric; edk2-de...@ml01.01.org Subject: Re: [edk2] [patch] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe On 02/01/16 10:06, Dandan Bi wrote: > Using existing library FileExplorerLib to replace the same > logic in SecureBootConfigDxe to make the code clear. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Dandan Bi> --- > .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- > .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- > .../SecureBootConfigFileExplorer.c | 1127 > +++- > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 +-- > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 ++- > .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 - > 6 files changed, 333 insertions(+), 1225 deletions(-) This is probably a great idea, but the patch is incomplete. The following edk2 DSC files list "SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf": - ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc - ArmVirtPkg/ArmVirtQemu.dsc - Nt32Pkg/Nt32Pkg.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - QuarkPlatformPkg/Quark.dsc - SecurityPkg/SecurityPkg.dsc - Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc - Vlv2TbltDevicePkg/PlatformPkgIA32.dsc - Vlv2TbltDevicePkg/PlatformPkgX64.dsc Of these, only the following resolve "FileExplorerLib": - Nt32Pkg/Nt32Pkg.dsc - QuarkPlatformPkg/Quark.dsc Which means that the patch will break the build for the other DSC files: - ArmPlatformPkg/ArmVExpressPkg/ArmVExpress-FVP-AArch64.dsc - ArmVirtPkg/ArmVirtQemu.dsc - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - SecurityPkg/SecurityPkg.dsc - Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc - Vlv2TbltDevicePkg/PlatformPkgIA32.dsc - Vlv2TbltDevicePkg/PlatformPkgX64.dsc So, this change should be implemented in a 6-part series, where the first five patches resolve FileExplorerLib for each of ArmPlatformPkg, ArmVirtPkg, OvmfPkg (three DSC files in one patch), SecurityPkg, Vlv2TbltDevicePkg (three DSC files in one patch). Then this patch should be included as the last one in the series. Thanks Laszlo > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > index e53630c..484da2c 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr > @@ -1,9 +1,9 @@ > /** @file >VFR file used by the SecureBoot configuration component. > > -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. > +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD > License > which accompanies this distribution. The full text of the license may be > found at > http://opensource.org/licenses/bsd-license.php > > @@ -200,15 +200,33 @@ formset >form formid = FORMID_ENROLL_PK_FORM, > title = STRING_TOKEN(STR_ENROLL_PK); > > subtitle text = STRING_TOKEN(STR_NULL); > > -goto FORM_FILE_EXPLORER_ID_PK, > +goto FORMID_ENROLL_PK_FORM, > prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), > help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), > flags = INTERACTIVE, > - key = SECUREBOOT_ADD_PK_FILE_FORM_ID; > + key = FORMID_ENROLL_PK_FORM; > + > +subtitle text = STRING_TOKEN(STR_NULL); > +label FORMID_ENROLL_PK_FORM; > +label LABEL_END; > +subtitle text = STRING_TOKEN(STR_NULL); > + > +goto FORMID_SECURE_BOOT_OPTION_FORM, > + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), > + help = STRING_TOKEN(STR_SAVE_AND_EXIT), > + flags = INTERACTIVE| RESET_REQUIRED, > + key= KEY_VALUE_SAVE_AND_EXIT_PK; > + > +goto FORMID_SECURE_BOOT_OPTION_FORM, > + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), > + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), > + flags = INTERACTIVE, > + key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; > + >
Re: [edk2] Variable length PcdRsa2048Sha256PublicKeyBuffer PCD
Mike, Thank you - I was looking at the DEC spec for size stuff and somehow it didn't occur to me to check the DSC spec. This is exactly what I needed. Eugene > -Original Message- > From: Kinney, Michael D [mailto:michael.d.kin...@intel.com] > Sent: Saturday, January 30, 2016 9:59 AM > To: Cohen, Eugene; edk2-devel@lists.01.org; Kinney, > Michael D > Cc: Zhang, Chao B > Subject: RE: Variable length PcdRsa2048Sha256PublicKeyBuffer PCD > > Eugene, > > I can address the general PCD question. > > Dynamic PCDs can be stored in 3 different locations. VPD which is read-only, > so the value can not be changed. UEFI Variable which is non-volatile and > read-write, so the value and size can be changed. Database in a memory > buffer that is volatile and read-write, so the value and size can be changed > up > to a specified max size (if max size not specified, then build time size and > max > size are the same). > > Part of the PCD setting in the DSC file is the maximum size of the PCD. You > can set the maximum size to the largest size a PCD supports, and the build > time setting can be any size up to that maximum size. > > Here is the syntax for the 6 types of DSC sections. The MaximumDatumSize > is the optional field that can be specified to reserve space. The Hii type > does > not require a maximum size in DSC file. The max size of Hii type is limited > only by what SetVariale() supports. > > [PcdsDynamic.common.DEFAULT] > > PcdTokenSpaceGuidCName.PcdCName|Value[|DatumType[|MaximumDatu > mSize]] > > [PcdsDynamicHii.common.DEFAULT] > > PcdTokenSpaceGuidCName.PcdCName|VariableName|VariableGuid|Variabl > eOffset|HiiDefaultValue > > [PcdsDynamicVpd.common.DEFAULT] > PcdTokenSpaceGuidCName.PcdCName|VpdOffset[|MaximumDatumSize > [|Value]] > > [PcdsDynamicEx.common.DEFAULT] > > PcdTokenSpaceGuidCName.PcdCName|Value[|DatumType[|MaximumDatu > mSize]] > > [PcdsDynamicExHii.common.DEFAULT] > > PcdTokenSpaceGuidCName.PcdCName|VariableName|VariableGuid|Variabl > eOffset|HiiDefaultValue > > [PcdsDynamicExVpd.common.DEFAULT] > > PcdTokenSpaceGuidCName.PcdCName|VpdOffset[|MaximumDatumSize[| > Value]] > > Best regards, > > Mike > > > -Original Message- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Cohen, Eugene > > Sent: Saturday, January 30, 2016 5:36 AM > > To: edk2-devel@lists.01.org > > Cc: Kinney, Michael D ; Zhang, Chao B > > > > Subject: [edk2] Variable length PcdRsa2048Sha256PublicKeyBuffer PCD > > > > Dear SecurityPkg maintainer, > > > > The SecurityPkg Rsa2048Sha256 system depends on a dynamic PCD called > > gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer . This > > stores a set of hashes used to verify public keys. > > > > It appears that the length of this PCD is determined at build time. > > How we could handle a case where the number of public keys is not > > known until runtime? Is there some way to make a Ptr-type Dynamic PCD > variable sized? > > > > Thanks, > > > > Eugene > > > > > > ___ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch 1/3] MdeModulePkg: Update the default size of MNP TX buffer pool.
On 02/01/16 03:51, Fu Siyuan wrote: > This patch update the default MNP TX buffer increasement to 32, so the default > TX pool length is same as the maximum recycled buffer numbers in one UNDI > GetStatus command. Is that MAX_XMIT_BUFFERS in PxeGetStatus()? > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Fu Siyuan> CC: Ye Ting > CC: Wu Jiaxin > --- > MdeModulePkg/Universal/Network/MnpDxe/MnpImpl.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Universal/Network/MnpDxe/MnpImpl.h > b/MdeModulePkg/Universal/Network/MnpDxe/MnpImpl.h > index c66be64..51391af 100644 > --- a/MdeModulePkg/Universal/Network/MnpDxe/MnpImpl.h > +++ b/MdeModulePkg/Universal/Network/MnpDxe/MnpImpl.h > @@ -27,7 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > #define MNP_INIT_NET_BUFFER_NUM 512 > #define MNP_NET_BUFFER_INCREASEMENT 64 > #define MNP_MAX_NET_BUFFER_NUM65536 > -#define MNP_TX_BUFFER_INCREASEMENT64 > +#define MNP_TX_BUFFER_INCREASEMENT32// Same as the recycling Q > length for xmit_done in UNDI command. > #define MNP_MAX_TX_BUFFER_NUM 65536 > > #define MNP_MAX_RCVD_PACKET_QUE_SIZE 256 > Out of curiosity: is this a bugfix or an optimization? If a bugfix, then can you please explain why those two things (i.e., MNP_TX_BUFFER_INCREASEMENT in MnpAllocTxBuf(), and MAX_XMIT_BUFFERS in PxeGetStatus) should match? As a perf optimization I guess this makes sense, but otherwise, SNP internals and MNP should be independent, shouldn't they? Thanks Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] Not able to run into shell
Hi, I am porting edk2 to a ARM64 based SoC, but when starting shell, edk2 hangs. I do not have a clear idea on this. Does anyone know this? " UEFI v2.50 (IMX board EFI Jan 8 2016 06:52:28, 0x) Mapping table map: No mapping found. No SimpleTextInputEx was found. CTRL-based features are not usable. No SimpleTextInputEx was found. CTRL-based features are not usable. Press ESC in 5 seconds to skip startup.nsh or any other key to continue. " Appreciate your help. Thanks, Peng. Add More log in case needed: UEFI firmware (version built at 07:25:36 on Jan 8 2016) UEFI firmware (version built at 09:27:49 on Jan 8 2016) add-symbol-file /home/Freenix/work/sw-stash/imx/uefi/uefi-src/Build/IMX/DEBUG_GCC49/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll 0xBFB20240 Loading DxeCore at 0x00BFB2 EntryPoint=0x00BFB20240 CoreInitializeMemoryServices: BaseAddress - 0x800D Length - 0x3EF3 MinimalMemorySizeNeeded - 0xDDA000 InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B BFB4FE78 add-symbol-file /home/Freenix/work/sw-stash/imx/uefi/uefi-src/Build/IMX/DEBUG_GCC49/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll 0xBFB2 InstallProtocolInterface: 76B6BDFA-2ACD-4462-9E3F-CB58C969D937 BFB50D60 InstallProtocolInterface: 1EA81BEC-F01A-4D98-A201-4A61CE2FC022 BFB50D78 HOBLIST address in DXE = 0xBEDDE018 Memory Allocation 0x0004 0xBFFEF000 - 0xBFFE Memory Allocation 0x0004 0xBFFED000 - 0xBFFEEFFF Memory Allocation 0x0004 0xBFFF - 0xBFFF Memory Allocation 0x0004 0xBFFDD000 - 0xBFFECFFF Memory Allocation 0x0004 0xBFD98000 - 0xBFFDCFFF Memory Allocation 0x0004 0xBFB53000 - 0xBFD97FFF Memory Allocation 0x0004 0xBFB2 - 0xBFB52FFF Memory Allocation 0x0003 0xBFB2 - 0xBFB52FFF FV Hob0x8000 - 0x800C FV Hob0xBFB53000 - 0xBFD9625F FV2 Hob 0xBFB53000 - 0xBFD9625F InstallProtocolInterface: D8117CFE-94A6-11D4-9A3A-0090273FC14D BFB4FE08 InstallProtocolInterface: 8F644FA9-E850-4DB1-9CE2-0B44698E8DA4 BEDC5030 InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B BEDC5E98 InstallProtocolInterface: 8F644FA9-E850-4DB1-9CE2-0B44698E8DA4 BEDC5C70 InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B BEDC5A58 InstallProtocolInterface: 220E73B6-6BDB-4413-8405-B974B108619A BEDC5270 InstallProtocolInterface: 220E73B6-6BDB-4413-8405-B974B108619A BEDC40B0 InstallProtocolInterface: FC1BCDB0-7D31-49AA-936A-A4600D9DD083 BFB4FE28 Loading driver B8D9777E-D72A-451F-9BDB-BAFB52A68415 InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B BECD70C0 add-symbol-file /home/Freenix/work/sw-stash/imx/uefi/uefi-src/Build/IMX/DEBUG_GCC49/AARCH64/ArmPkg/Drivers/CpuDxe/CpuDxe/DEBUG/ArmCpuDxe.dll 0xBEF61800 Loading driver at 0x000BEF61000 EntryPoint=0x000BEF61844 ArmCpuDxe.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BECD7E58 InstallProtocolInterface: 26BACCB1-6F42-11D4-BCE7-0080C73C8881 BEF6E800 InstallProtocolInterface: AD651C7D-3C22-4DBF-92E8-38A7CDAE87B2 BEF6E8A8 Loading driver B601F8C4-43B7-4784-95B1-F4226CB40CEE InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B BECCF040 add-symbol-file /home/Freenix/work/sw-stash/imx/uefi/uefi-src/Build/IMX/DEBUG_GCC49/AARCH64/MdeModulePkg/Core/RuntimeDxe/RuntimeDxe/DEBUG/RuntimeDxe.dll 0xBEF80240 InsertImageRecord - Section Alignment(0x20) is not 64K ! !!! Image - /home/Freenix/work/sw-stash/imx/uefi/uefi-src/Build/IMX/DEBUG_GCC49/AARCH64/MdeModulePkg/Core/RuntimeDxe/RuntimeDxe/DEBUG/RuntimeDxe.dll Loading driver at 0x000BEF8 EntryPoint=0x000BEF80284 RuntimeDxe.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BECD7B98 InstallProtocolInterface: B7DFB4E1-052F-449F-87BE-9818FC91B733 BEF86380 Loading driver F80697E9-7FD6-4665-8646-88E33EF71DFC InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B BECCFB40 add-symbol-file /home/Freenix/work/sw-stash/imx/uefi/uefi-src/Build/IMX/DEBUG_GCC49/AARCH64/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe/DEBUG/SecurityStubDxe.dll 0xBEF5A240 Loading driver at 0x000BEF5A000 EntryPoint=0x000BEF5A284 SecurityStubDxe.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BECCFD98 InstallProtocolInterface: 94AB2F58-1438-4EF1-9152-18941A3A0E68 BEF60A28 InstallProtocolInterface: A46423E3-4617-49F1-B9FF-D1BFA9115839 BEF60A20 Loading driver 3 48C4D62-BFBD-4882-9ECE-C80BB1C4783B InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B BECCF400 add-symbol-file /home/Freenix/work/sw-stash/imx/uefi/uefi-src/Build/IMX/DEBUG_GCC49/AARCH64/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe/DEBUG/HiiDatabase.dll 0xBEF30240 Loading driver at 0x000BEF3 EntryPoint=0x000BEF30284 HiiDatabase.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF BECCF858 InstallProtocolInterface: E9CA4775-8657-47FC-97E7-7ED65A084324 BEF59AA8 InstallProtocolInterface: 0FD96974-23AA-4CDC-B9CB-98D17750322A
[edk2] Dxe Core support for EFI_SECTION_PEI_DEPEX section.
I have an FV and I'd like to have PEI and DXE code in it. The code that I need to access at PEI Time (DXE Core) is a compressed file in the FV. The code that only needs to be accessed at DXE time is in a compressed FV. By default PEI will try to decompress the FV Section, so I added a EFI_SECTION_PEI_DEPEX of FALSE to prevent this. To my surprise this prevented the FV from being dispatched in DXE. I don't see any language in the PI spec that calls out this behavior. I think we should remove the checks for EFI_SECTION_PEI_DEPEX, and maybe even EFI_SECTION_SMM_DEPEX. I think it is a better design to have the FV prevent the dispatch from the phase(s) it is discovered in if that is the intent. So for my example I added: SECTION PEI_DEPEX_EXP = {FALSE} If you had a FV that showed up in DXE, but was for SMM you could: SECTION DXE_DEPEX_EXP = {FALSE} This is the code I'm talking about: MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c // // Check if this EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE file has PEI depex section. // DepexBuffer = NULL; SizeOfBuffer = 0; Status = Fv->ReadSection ( Fv, , EFI_SECTION_PEI_DEPEX, 0, , , ); if (!EFI_ERROR (Status)) { // // If PEI depex section is found, this FV image will be ignored in DXE phase. // Now, DxeCore doesn't support FV image with more one type DEPEX section. // FreePool (DepexBuffer); continue; } Thanks, Andrew Fish PS This logic also exists. // // Check if this EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE file has SMM depex section. // DepexBuffer = NULL; SizeOfBuffer = 0; Status = Fv->ReadSection ( Fv, , EFI_SECTION_SMM_DEPEX, 0, , , ); if (!EFI_ERROR (Status)) { // // If SMM depex section is found, this FV image will be ignored in DXE phase. // Now, DxeCore doesn't support FV image with more one type DEPEX section. // FreePool (DepexBuffer); continue; } ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v4] NetworkPkg:Add a new error status code EFI_HTTP_ERROR
v4: * Update macro HTTP_ERROR_STATUS to HTTP_ERROR_OR_NOT_SUPPORT_STATUS_CODE Update copyright year. When the Error Status of ResponseData returned from HttpIoRecvResponse function during the Http HEAD method, it should also return error status to Load file protocol. Cc: Fu SiyuanCc: Ye Ting Cc: Wu Jiaxin Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo --- NetworkPkg/HttpBootDxe/HttpBootClient.c | 10 -- NetworkPkg/HttpBootDxe/HttpBootSupport.c | 18 +- NetworkPkg/HttpBootDxe/HttpBootSupport.h | 14 +- NetworkPkg/HttpDxe/HttpImpl.c| 19 +++ NetworkPkg/HttpDxe/HttpImpl.h| 4 +++- NetworkPkg/HttpDxe/HttpProto.h | 4 +++- 6 files changed, 47 insertions(+), 22 deletions(-) diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.c b/NetworkPkg/HttpBootDxe/HttpBootClient.c index f0817e9..dd835c4 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootClient.c +++ b/NetworkPkg/HttpBootDxe/HttpBootClient.c @@ -1,9 +1,9 @@ /** @file Implementation of the boot file download function. -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -715,10 +715,11 @@ HttpBootGetBootFile ( IN OUT UINTN*BufferSize, OUT UINT8*Buffer ) { EFI_STATUS Status; + EFI_HTTP_STATUS_CODE StatusCode; CHAR8 *HostName; EFI_HTTP_REQUEST_DATA *RequestData; HTTP_IO_RESPONSE_DATA *ResponseData; HTTP_IO_RESPONSE_DATA ResponseBody; HTTP_IO*HttpIo; @@ -892,11 +893,16 @@ HttpBootGetBootFile ( Status = HttpIoRecvResponse ( >HttpIo, TRUE, ResponseData ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || EFI_ERROR (ResponseData->Status)) { +if (EFI_ERROR (ResponseData->Status)) { + StatusCode = HttpIo->RspToken.Message->Data.Response->StatusCode; + HttpBootPrintErrorMessage (StatusCode); + Status = ResponseData->Status; +} goto ERROR_5; } // // 3.2 Cache the response header. diff --git a/NetworkPkg/HttpBootDxe/HttpBootSupport.c b/NetworkPkg/HttpBootDxe/HttpBootSupport.c index f9bbe4b..db2af78 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootSupport.c +++ b/NetworkPkg/HttpBootDxe/HttpBootSupport.c @@ -1,9 +1,9 @@ /** @file Support functions implementation for UEFI HTTP boot driver. -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -928,11 +928,10 @@ HttpIoRecvResponse ( OUT HTTP_IO_RESPONSE_DATA*ResponseData ) { EFI_STATUS Status; EFI_HTTP_PROTOCOL *Http; - EFI_HTTP_STATUS_CODE StatusCode; if (HttpIo == NULL || HttpIo->Http == NULL || ResponseData == NULL) { return EFI_INVALID_PARAMETER; } @@ -969,19 +968,12 @@ HttpIoRecvResponse ( } // // Store the received data into the wrapper. // - Status = HttpIo->RspToken.Status; - if (!EFI_ERROR (Status)) { -ResponseData->HeaderCount = HttpIo->RspToken.Message->HeaderCount; -ResponseData->Headers = HttpIo->RspToken.Message->Headers; -ResponseData->BodyLength = HttpIo->RspToken.Message->BodyLength; - } - - if (RecvMsgHeader) { -StatusCode = HttpIo->RspToken.Message->Data.Response->StatusCode; -HttpBootPrintErrorMessage (StatusCode); - } + ResponseData->Status = HttpIo->RspToken.Status; + ResponseData->HeaderCount = HttpIo->RspToken.Message->HeaderCount; + ResponseData->Headers = HttpIo->RspToken.Message->Headers; + ResponseData->BodyLength = HttpIo->RspToken.Message->BodyLength; return Status; } diff --git a/NetworkPkg/HttpBootDxe/HttpBootSupport.h b/NetworkPkg/HttpBootDxe/HttpBootSupport.h index 2eba14e..8e0fc37 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootSupport.h +++ b/NetworkPkg/HttpBootDxe/HttpBootSupport.h @@ -1,9 +1,9 @@ /** @file Support functions declaration for UEFI HTTP boot driver. -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. This program and the accompanying
Re: [edk2] [PATCH v4] NetworkPkg:Add a new error status code EFI_HTTP_ERROR
Reviewed-by: Siyuan Fu-Original Message- From: Zhang, Lubo Sent: Tuesday, February 2, 2016 2:52 PM To: edk2-devel@lists.01.org Cc: Fu, Siyuan ; Ye, Ting ; Wu, Jiaxin Subject: [PATCH v4] NetworkPkg:Add a new error status code EFI_HTTP_ERROR v4: * Update macro HTTP_ERROR_STATUS to HTTP_ERROR_OR_NOT_SUPPORT_STATUS_CODE Update copyright year. When the Error Status of ResponseData returned from HttpIoRecvResponse function during the Http HEAD method, it should also return error status to Load file protocol. Cc: Fu Siyuan Cc: Ye Ting Cc: Wu Jiaxin Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo --- NetworkPkg/HttpBootDxe/HttpBootClient.c | 10 -- NetworkPkg/HttpBootDxe/HttpBootSupport.c | 18 +- NetworkPkg/HttpBootDxe/HttpBootSupport.h | 14 +- NetworkPkg/HttpDxe/HttpImpl.c| 19 +++ NetworkPkg/HttpDxe/HttpImpl.h| 4 +++- NetworkPkg/HttpDxe/HttpProto.h | 4 +++- 6 files changed, 47 insertions(+), 22 deletions(-) diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.c b/NetworkPkg/HttpBootDxe/HttpBootClient.c index f0817e9..dd835c4 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootClient.c +++ b/NetworkPkg/HttpBootDxe/HttpBootClient.c @@ -1,9 +1,9 @@ /** @file Implementation of the boot file download function. -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -715,10 +715,11 @@ HttpBootGetBootFile ( IN OUT UINTN*BufferSize, OUT UINT8*Buffer ) { EFI_STATUS Status; + EFI_HTTP_STATUS_CODE StatusCode; CHAR8 *HostName; EFI_HTTP_REQUEST_DATA *RequestData; HTTP_IO_RESPONSE_DATA *ResponseData; HTTP_IO_RESPONSE_DATA ResponseBody; HTTP_IO*HttpIo; @@ -892,11 +893,16 @@ HttpBootGetBootFile ( Status = HttpIoRecvResponse ( >HttpIo, TRUE, ResponseData ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status) || EFI_ERROR (ResponseData->Status)) { +if (EFI_ERROR (ResponseData->Status)) { + StatusCode = HttpIo->RspToken.Message->Data.Response->StatusCode; + HttpBootPrintErrorMessage (StatusCode); + Status = ResponseData->Status; +} goto ERROR_5; } // // 3.2 Cache the response header. diff --git a/NetworkPkg/HttpBootDxe/HttpBootSupport.c b/NetworkPkg/HttpBootDxe/HttpBootSupport.c index f9bbe4b..db2af78 100644 --- a/NetworkPkg/HttpBootDxe/HttpBootSupport.c +++ b/NetworkPkg/HttpBootDxe/HttpBootSupport.c @@ -1,9 +1,9 @@ /** @file Support functions implementation for UEFI HTTP boot driver. -Copyright (c) 2015, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php. @@ -928,11 +928,10 @@ HttpIoRecvResponse ( OUT HTTP_IO_RESPONSE_DATA*ResponseData ) { EFI_STATUS Status; EFI_HTTP_PROTOCOL *Http; - EFI_HTTP_STATUS_CODE StatusCode; if (HttpIo == NULL || HttpIo->Http == NULL || ResponseData == NULL) { return EFI_INVALID_PARAMETER; } @@ -969,19 +968,12 @@ HttpIoRecvResponse ( } // // Store the received data into the wrapper. // - Status = HttpIo->RspToken.Status; - if (!EFI_ERROR (Status)) { -ResponseData->HeaderCount = HttpIo->RspToken.Message->HeaderCount; -ResponseData->Headers = HttpIo->RspToken.Message->Headers; -ResponseData->BodyLength = HttpIo->RspToken.Message->BodyLength; - } - - if (RecvMsgHeader) { -StatusCode = HttpIo->RspToken.Message->Data.Response->StatusCode; -HttpBootPrintErrorMessage (StatusCode); - } + ResponseData->Status = HttpIo->RspToken.Status; + ResponseData->HeaderCount = HttpIo->RspToken.Message->HeaderCount; + ResponseData->Headers = HttpIo->RspToken.Message->Headers; + ResponseData->BodyLength = HttpIo->RspToken.Message->BodyLength; return Status; } diff --git a/NetworkPkg/HttpBootDxe/HttpBootSupport.h b/NetworkPkg/HttpBootDxe/HttpBootSupport.h index 2eba14e..8e0fc37 100644 ---
[edk2] SATA 3.0 AHCI host controller codebase
Hi, Is there some SATA 3.0 AHCI driver implementation in UEFI / EDK code? The one I need to write for our platform is not PCI based. I have seen few implementations in EDK2: DuetPkg/SataControllerDxe/SataController.c OvmfPkg/SataControllerDxe/SataController.c But in all of them SATA connectivity is via PCI Express switch. Kindly point me to some non-PCI based "SATA 3.0 AHCI driver code" for UEFI, if there is any such code. Thanks and Regards, Shaveta ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg: TcgConfigDxe: Move TPM state string update to CallBack function
Reviewed-by: Dandan Bi-Original Message- From: Zhang, Chao B Sent: Friday, January 29, 2016 4:47 PM To: edk2-de...@ml01.01.org Cc: Yao, Jiewen; Bi, Dandan; Zhang, Chao B Subject: [PATCH] SecurityPkg: TcgConfigDxe: Move TPM state string update to CallBack function TPM state string update requires HiiHandle which may not be ready when calling ExtractConfig. Move this logic to CallBack function. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang --- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c | 10 - SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c | 55 +++--- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h | 1 + 3 files changed, 40 insertions(+), 26 deletions(-) diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c index 29ec7b0..a9d3105 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c @@ -73,9 +73,15 @@ TcgConfigDriverEntryPoint ( if (PrivateData == NULL) { return EFI_OUT_OF_RESOURCES; } - + + PrivateData->Configuration = AllocatePool (sizeof + (TCG_CONFIGURATION)); if (PrivateData->Configuration == NULL) { +Status = EFI_OUT_OF_RESOURCES; +goto ErrorExit; + } + PrivateData->TcgProtocol = TcgProtocol; - + // // Install TCG configuration form // diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c index c2e3b34..7fa5611 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c @@ -1,7 +1,7 @@ /** @file HII Config Access protocol implementation of TCG configuration module. -Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -149,8 +149,6 @@ TcgExtractConfig ( ) { EFI_STATUS Status; - UINTN BufferSize; - TCG_CONFIGURATION Configuration; TCG_CONFIG_PRIVATE_DATA*PrivateData; EFI_STRING ConfigRequestHdr; EFI_STRING ConfigRequest; @@ -158,7 +156,6 @@ TcgExtractConfig ( UINTN Size; BOOLEANTpmEnable; BOOLEANTpmActivate; - CHAR16 State[32]; if (Progress == NULL || Results == NULL) { return EFI_INVALID_PARAMETER; @@ -179,12 +176,10 @@ TcgExtractConfig ( // // Convert buffer data to by helper function BlockToConfig() // - ZeroMem (, sizeof (TCG_CONFIGURATION)); - - Configuration.TpmOperation= PHYSICAL_PRESENCE_ENABLE; + PrivateData->Configuration->TpmOperation = PHYSICAL_PRESENCE_ENABLE; // - // Display current TPM state. + // Get current TPM state. // if (PrivateData->TcgProtocol != NULL) { Status = GetTpmState (PrivateData->TcgProtocol, , ); @@ -192,20 +187,10 @@ TcgExtractConfig ( return Status; } -UnicodeSPrint ( - State, - sizeof (State), - L"%s, and %s", - TpmEnable ? L"Enabled" : L"Disabled", - TpmActivate ? L"Activated" : L"Deactivated" - ); -Configuration.TpmEnable = TpmEnable; -Configuration.TpmActivate = TpmActivate; - -HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM_STATE_CONTENT), State, NULL); +PrivateData->Configuration->TpmEnable = TpmEnable; +PrivateData->Configuration->TpmActivate = TpmActivate; } - BufferSize = sizeof (Configuration); ConfigRequest = Request; if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { // @@ -218,15 +203,15 @@ TcgExtractConfig ( ConfigRequest = AllocateZeroPool (Size); ASSERT (ConfigRequest != NULL); AllocatedRequest = TRUE; -UnicodeSPrint (ConfigRequest, Size, L"%s=0=%016LX", ConfigRequestHdr, (UINT64) BufferSize); +UnicodeSPrint (ConfigRequest, Size, L"%s=0=%016LX", ConfigRequestHdr, sizeof (TCG_CONFIGURATION)); FreePool (ConfigRequestHdr); } Status = gHiiConfigRouting->BlockToConfig ( gHiiConfigRouting, ConfigRequest, -(UINT8 *) , -BufferSize, +(UINT8 *) PrivateData->Configuration, +sizeof (TCG_CONFIGURATION), Results, Progress ); @@ -386,10 +371,29 @@ TcgCallback ( OUT EFI_BROWSER_ACTION_REQUEST*ActionRequest ) { + TCG_CONFIG_PRIVATE_DATA*PrivateData; + CHAR16 State[32];
Re: [edk2] [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Hi Chao, Thanks for your comments. 1. The copyright info has updated in the latest [patch 6/6] patch. 2. The FileExplorerLib is already in NT32Pkg.dsc & Quark.dsc, So no need to update. Thanks, Dandan -Original Message- From: Zhang, Chao B Sent: Tuesday, February 2, 2016 1:45 PM To: Bi, Dandan; Dong, Eric; ler...@redhat.com; edk2-devel@lists.01.org Subject: RE: [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe Dandan: 1. The copyright head file change is not right. 2. Do we need to update NT32Pkg.dsc & Quark Platform dsc? Other changes are good to me Thanks & Best regards Chao Zhang -Original Message- From: Bi, Dandan Sent: Tuesday, February 02, 2016 10:18 AM To: Zhang, Chao B; Dong, Eric; ler...@redhat.com; edk2-devel@lists.01.org Subject: [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear.After using FileExplorerLib,the UI behavior for enroll PK will change, previously when select one PK file,commit/discard changes will return to Device Manager,press ESC will return to FileExplorer. Now using FileExplorerLib the behavior will keep same with enroll KEK/DB/...,commit/discard changes will return to Custom Secure Boot Options form and ESC will return to PK options form. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- .../SecureBootConfigFileExplorer.c | 1127 +--- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 ++- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 +-- .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 + 6 files changed, 1225 insertions(+), 333 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 484da2c..e53630c 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,9 +1,9 @@ /** @file VFR file used by the SecureBoot configuration component. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -200,33 +200,15 @@ formset form formid = FORMID_ENROLL_PK_FORM, title = STRING_TOKEN(STR_ENROLL_PK); subtitle text = STRING_TOKEN(STR_NULL); -goto FORMID_ENROLL_PK_FORM, +goto FORM_FILE_EXPLORER_ID_PK, prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), flags = INTERACTIVE, - key = FORMID_ENROLL_PK_FORM; - -subtitle text = STRING_TOKEN(STR_NULL); -label FORMID_ENROLL_PK_FORM; -label LABEL_END; -subtitle text = STRING_TOKEN(STR_NULL); - -goto FORMID_SECURE_BOOT_OPTION_FORM, - prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), - help = STRING_TOKEN(STR_SAVE_AND_EXIT), - flags = INTERACTIVE| RESET_REQUIRED, - key= KEY_VALUE_SAVE_AND_EXIT_PK; - -goto FORMID_SECURE_BOOT_OPTION_FORM, - prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - flags = INTERACTIVE, - key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; - + key = SECUREBOOT_ADD_PK_FILE_FORM_ID; endform; // // ##5 Form: 'KEK Options' // @@ -261,11 +243,11 @@ formset form formid = FORMID_ENROLL_KEK_FORM, title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORMID_ENROLL_KEK_FORM, +goto FORM_FILE_EXPLORER_ID_KEK, prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), flags = INTERACTIVE, key= FORMID_ENROLL_KEK_FORM; @@ -424,11 +406,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, +goto FORM_FILE_EXPLORER_ID_DB, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; @@ -469,11 +451,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, title =
Re: [edk2] [patch] NetworkPkg: Fix suspicious dereference of pointer 'Mode.Ia'
Reviewed-by: Siyuan Fu-Original Message- From: Zhang, Lubo Sent: Tuesday, February 2, 2016 2:51 PM To: edk2-devel@lists.01.org Cc: Fu, Siyuan ; Ye, Ting ; Wu, Jiaxin Subject: [patch] NetworkPkg: Fix suspicious dereference of pointer 'Mode.Ia' This patch is used to fix suspicious dereference of pointer 'Mode.Ia' before NULL check. Cc: Fu Siyuan Cc: Ye Ting Cc: Wu Jiaxin Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo --- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c index 6d39437..8003f31 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c @@ -2071,11 +2071,11 @@ PxeBcDhcp6Sarr ( if (EFI_ERROR (Status)) { Dhcp6->Stop (Dhcp6); return Status; } - ASSERT (Mode.Ia->State == Dhcp6Bound); + ASSERT ((Mode.Ia != NULL) && (Mode.Ia->State == Dhcp6Bound)); // // DHCP6 doesn't have an option to specify the router address on the subnet, the only way to get the // router address in IP6 is the router discovery mechanism (the RS and RA, which only be handled when // the IP policy is Automatic). So we just hold the station IP address here and leave the IP policy as // Automatic, until we get the server IP address. This could let IP6 driver finish the router discovery -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [patch] NetworkPkg: Fix suspicious dereference of pointer 'Mode.Ia'
Reviewed-by: Jiaxin Wu-Original Message- From: Zhang, Lubo Sent: Tuesday, February 2, 2016 2:51 PM To: edk2-devel@lists.01.org Cc: Fu, Siyuan; Ye, Ting; Wu, Jiaxin Subject: [patch] NetworkPkg: Fix suspicious dereference of pointer 'Mode.Ia' This patch is used to fix suspicious dereference of pointer 'Mode.Ia' before NULL check. Cc: Fu Siyuan Cc: Ye Ting Cc: Wu Jiaxin Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo --- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c index 6d39437..8003f31 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c @@ -2071,11 +2071,11 @@ PxeBcDhcp6Sarr ( if (EFI_ERROR (Status)) { Dhcp6->Stop (Dhcp6); return Status; } - ASSERT (Mode.Ia->State == Dhcp6Bound); + ASSERT ((Mode.Ia != NULL) && (Mode.Ia->State == Dhcp6Bound)); // // DHCP6 doesn't have an option to specify the router address on the subnet, the only way to get the // router address in IP6 is the router discovery mechanism (the RS and RA, which only be handled when // the IP policy is Automatic). So we just hold the station IP address here and leave the IP policy as // Automatic, until we get the server IP address. This could let IP6 driver finish the router discovery -- 1.9.5.msysgit.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [Patch] MdePkg: Add TLS related protocol definition
This patch is used to add Tls.h and TlsConfig.h header files to define EFI TLS Configuration Protocol, EFI TLS Service Binding Protocol and EFI TLS Configuration Protocol. Cc: Ye TingCc: Fu Siyuan Cc: Long Qin Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- MdePkg/Include/Protocol/Tls.h | 460 MdePkg/Include/Protocol/TlsConfig.h | 132 +++ MdePkg/MdePkg.dec | 11 +- 3 files changed, 602 insertions(+), 1 deletion(-) create mode 100644 MdePkg/Include/Protocol/Tls.h create mode 100644 MdePkg/Include/Protocol/TlsConfig.h diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h new file mode 100644 index 000..51a3cda --- /dev/null +++ b/MdePkg/Include/Protocol/Tls.h @@ -0,0 +1,460 @@ +/** @file + EFI TLS Protocols as defined in UEFI 2.5. + + The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers + to create and destroy child of the driver to communicate with other host using + TLS protocol. + The EFI TLS Protocol provides the ability to manage TLS session. + + Copyright (c) 2016, Intel Corporation. All rights reserved. + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.5 + +**/ + +#ifndef __EFI_TLS_PROTOCOL_H__ +#define __EFI_TLS_PROTOCOL_H__ + +/// +/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers to +/// create and destroy child of the driver to communicate with other host using TLS +/// protocol. +/// +#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \ + { \ +0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d } \ + } + +/// +/// The EFI TLS protocol provides the ability to manage TLS session. +/// +#define EFI_TLS_PROTOCOL_GUID \ + { \ +0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \ + } + +typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; + +/// +/// EFI_TLS_SESSION_DATA_TYPE +/// +typedef enum { + /// + /// Session Configuration + /// + + /// + /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION. + /// + EfiTlsVersion, + /// + /// TLS session as client or as server. The corresponding Data is of + /// EFI_TLS_CONNECTION_END. + /// + EfiTlsConnectionEnd, + /// + /// A priority list of preferred algorithms for the TLS session. + /// The corresponding Data is a list of EFI_TLS_CIPHER. + /// + EfiTlsCipherList, + /// + /// TLS session compression method. + /// The corresponding Data is of type EFI_TLS_COMPRESSION. + /// + EfiTlsCompressionMethod, + /// + /// TLS session extension data. + /// The corresponding Data is a list of type EFI_TLS_EXTENDION. + /// + EfiTlsExtensionData, + /// + /// TLS session verify method. + /// The corresponding Data is of type EFI_TLS_VERIFY. + /// + EfiTlsVerifyMethod, + /// + /// TLS session data session ID. + /// For SetSessionData(), it is TLS session ID used for session resumption. + /// For GetSessionData(), it is the TLS session ID used for current session. + /// The corresponding Data is of type EFI_TLS_SESSION_ID. + /// + EfiTlsSessionID, + /// + /// TLS session data session state. + /// The corresponding Data is of type EFI_TLS_SESSION_STATE. + /// + EfiTlsSessionState, + + /// + /// Session information + /// + + /// + /// TLS session data client random. + /// The corresponding Data is of type EFI_TLS_RANDOM. + /// + EfiTlsClientRandom, + /// + /// TLS session data server random. + /// The corresponding Data is of type EFI_TLS_RANDOM. + /// + EfiTlsServerRandom, + /// + /// TLS session data key material. + /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. + /// + EfiTlsKeyMaterial, + + EfiTlsSessionDataTypeMaximum + +} EFI_TLS_SESSION_DATA_TYPE; + +/// +/// EFI_TLS_VERSION +/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2). +/// SSL2.0 is obsolete and should not be used. +/// +typedef struct { + UINT8 Major; + UINT8 Minor; +} EFI_TLS_VERSION; + +/// +/// EFI_TLS_CONNECTION_END to define TLS session as client or server. +/// +typedef enum { + EfiTlsClient, + EfiTlsServer, +} EFI_TLS_CONNECTION_END; + +/// +/// EFI_TLS_CIPHER +/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, A.4.1. +/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher +///
Re: [edk2] [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Dandan: 1. The copyright head file change is not right. 2. Do we need to update NT32Pkg.dsc & Quark Platform dsc? Other changes are good to me Thanks & Best regards Chao Zhang -Original Message- From: Bi, Dandan Sent: Tuesday, February 02, 2016 10:18 AM To: Zhang, Chao B; Dong, Eric; ler...@redhat.com; edk2-devel@lists.01.org Subject: [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear.After using FileExplorerLib,the UI behavior for enroll PK will change, previously when select one PK file,commit/discard changes will return to Device Manager,press ESC will return to FileExplorer. Now using FileExplorerLib the behavior will keep same with enroll KEK/DB/...,commit/discard changes will return to Custom Secure Boot Options form and ESC will return to PK options form. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- .../SecureBootConfigFileExplorer.c | 1127 +--- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 ++- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 +-- .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 + 6 files changed, 1225 insertions(+), 333 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 484da2c..e53630c 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,9 +1,9 @@ /** @file VFR file used by the SecureBoot configuration component. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -200,33 +200,15 @@ formset form formid = FORMID_ENROLL_PK_FORM, title = STRING_TOKEN(STR_ENROLL_PK); subtitle text = STRING_TOKEN(STR_NULL); -goto FORMID_ENROLL_PK_FORM, +goto FORM_FILE_EXPLORER_ID_PK, prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), flags = INTERACTIVE, - key = FORMID_ENROLL_PK_FORM; - -subtitle text = STRING_TOKEN(STR_NULL); -label FORMID_ENROLL_PK_FORM; -label LABEL_END; -subtitle text = STRING_TOKEN(STR_NULL); - -goto FORMID_SECURE_BOOT_OPTION_FORM, - prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), - help = STRING_TOKEN(STR_SAVE_AND_EXIT), - flags = INTERACTIVE| RESET_REQUIRED, - key= KEY_VALUE_SAVE_AND_EXIT_PK; - -goto FORMID_SECURE_BOOT_OPTION_FORM, - prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), - flags = INTERACTIVE, - key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; - + key = SECUREBOOT_ADD_PK_FILE_FORM_ID; endform; // // ##5 Form: 'KEK Options' // @@ -261,11 +243,11 @@ formset form formid = FORMID_ENROLL_KEK_FORM, title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORMID_ENROLL_KEK_FORM, +goto FORM_FILE_EXPLORER_ID_KEK, prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), flags = INTERACTIVE, key= FORMID_ENROLL_KEK_FORM; @@ -424,11 +406,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, +goto FORM_FILE_EXPLORER_ID_DB, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; @@ -469,11 +451,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, +goto FORM_FILE_EXPLORER_ID_DBX, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; @@ -545,11 +527,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT,
[edk2] [patch 6/6] SecurityPkg:Use FileExplorerLib in SecureBootConfigDxe
Sorry for giving the wrong [patch 6/6] in patches serial, this is the correct one. Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear.After using FileExplorerLib,the UI behavior for enroll PK will change, previously when select one PK file,commit/discard changes will return to Device Manager,press ESC will return to FileExplorer. Now using FileExplorerLib the behavior will keep same with enroll KEK/DB/...,commit/discard changes will return to Custom Secure Boot Options form and ESC will return to PK options form. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi--- .../SecureBootConfigDxe/SecureBootConfig.vfr | 109 +- .../SecureBootConfigDxe/SecureBootConfigDxe.inf|3 +- .../SecureBootConfigFileExplorer.c | 1127 +++- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 167 +-- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 142 ++- .../SecureBootConfigDxe/SecureBootConfigNvData.h | 10 - 6 files changed, 333 insertions(+), 1225 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index e53630c..484da2c 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,9 +1,9 @@ /** @file VFR file used by the SecureBoot configuration component. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved. +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -200,15 +200,33 @@ formset form formid = FORMID_ENROLL_PK_FORM, title = STRING_TOKEN(STR_ENROLL_PK); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_PK, +goto FORMID_ENROLL_PK_FORM, prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), flags = INTERACTIVE, - key = SECUREBOOT_ADD_PK_FILE_FORM_ID; + key = FORMID_ENROLL_PK_FORM; + +subtitle text = STRING_TOKEN(STR_NULL); +label FORMID_ENROLL_PK_FORM; +label LABEL_END; +subtitle text = STRING_TOKEN(STR_NULL); + +goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE| RESET_REQUIRED, + key= KEY_VALUE_SAVE_AND_EXIT_PK; + +goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key= KEY_VALUE_NO_SAVE_AND_EXIT_PK; + endform; // // ##5 Form: 'KEK Options' // @@ -243,11 +261,11 @@ formset form formid = FORMID_ENROLL_KEK_FORM, title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_KEK, +goto FORMID_ENROLL_KEK_FORM, prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), flags = INTERACTIVE, key= FORMID_ENROLL_KEK_FORM; @@ -406,11 +424,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_DB, +goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; @@ -451,11 +469,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_DBX, +goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), flags = INTERACTIVE, key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; @@ -527,11 +545,11 @@ formset form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); subtitle text = STRING_TOKEN(STR_NULL); -goto FORM_FILE_EXPLORER_ID_DBT, +goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
Re: [edk2] [Patch 0/3] Fix several issues related to TX buffer recycle
Series Reviewed-by: Jiaxin Wu-Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Fu Siyuan Sent: Monday, February 1, 2016 10:51 AM To: edk2-devel@lists.01.org Subject: [edk2] [Patch 0/3] Fix several issues related to TX buffer recycle 1. MdeModulePkg-Update-the-default-size-of-MNP-TX-buffer. 2. Update DBsize in SNP GetStatus command 3. Correct one return status code in SNP Transmit function. Fu Siyuan (3): MdeModulePkg: Update the default size of MNP TX buffer pool. MdeModulePkg: Update DBsize in SNP GetStatus command. MdeModulePkg: Correct one return status code in SNP Transmit function. MdeModulePkg/Universal/Network/MnpDxe/MnpImpl.h| 2 +- MdeModulePkg/Universal/Network/SnpDxe/Get_status.c | 2 +- MdeModulePkg/Universal/Network/SnpDxe/Transmit.c | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) -- 2.5.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch V4 4/4] MdeModulePkg: Add generic PciHostBridgeDxe driver.
On 01/26/2016 07:17 AM, Ni, Ruiyu wrote: Laszlo, I now understand your problem. Can you tell me why OVMF needs multiple root bridges support? My understanding to OVMF is it's a firmware which can be used in a guest VM environment to boot OS. Multiple root bridges requirement currently mainly comes from high-end servers. Do you mean that the VM guest needs to be like a high-end server? This may help me to think about the possible solution to your problem. Hi Ray, Laszlo's explanation is very good, this is not exactly about high-end VMs, we need the extra root bridges to match assigned devices to their corresponding NUMA node. Regarding the OVMF issue, the main problem is that the extra root bridges are created dynamically for the VMs (command line parameter) and their resources are computed on the fly. Not directly related to the above, the optimal way to allocate resources for PCI root bridges sharing the same PCI domain is to sort devices MEM/IO ranges from the biggest to smallest and use this order during allocation. After the resources allocation is finished we can build the CRS for each PCI root bridge and pass it back to firmware/OS. While for "real" machines we can hard-code the root bridge resources in some ROM and have it extracted early in the boot process, for the VM world this would not be possible. Also any effort to divide the resources range before the resource allocation would be odd and far from optimal. Regarding a possible solution, I first need to understand why the resource allocation is done per PCI root bridge and not per PCI domain. The CRS allows a PCI root bridge to have several MEM/IO ranges so there is really no need to impose a per PCI root bridge logic. I am new to the edk2 project so I might get things wrong, but I think we need a way to specify if the PCI root bridges will supply their resources or if an external allocator will do the job. Laszlo proposed solution looks like a way to implement such a policy, I am personally OK with it. I really think the generic PciHostBridgeDxe driver is the right way to go also for OVMF, we just need a way to deal with this issue. Thanks, Marcel Regards, Ray -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Tuesday, January 26, 2016 11:10 AM To: Ni, RuiyuCc: edk2-de...@ml01.01.org; Tian, Feng ; Fan, Jeff ; Justen, Jordan L ; Marcel Apfelbaum Subject: Re: [edk2] [Patch V4 4/4] MdeModulePkg: Add generic PciHostBridgeDxe driver. On 01/26/16 03:42, Ni, Ruiyu wrote: Laszlo, Thanks for the detailed explanation and I agrees with your idea that a generic driver should consider the case that part of the IO/MMIO resource may be already added by platform, no matter by PEI or by DXE. So I think we may not need the flag you proposed here. To achieve the maximum flexibility, we can use gDS.GetMemorySpaceMap/GetIoSpaceMap to retrieve all the current MMIO/IO space map and only add those ranges that are not added. And to be more robust, we can check that the range specified to the root bridge should not be allocated by anyone (CAN be added by someone). What's your opinion? Very good, but painful questions. :) Until now, OVMF has relied upon PlatformPei producing the HOBs in question (where the base of the 32-bit PCI MMIO window varies in the HOB, based on guest RAM size), *and* OVMF's PCI host bridge driver has never even tried to match the root bridges' 32-bit MMIO apertures to anything at all. All of those apertures are set as [2GB, 4GB). The idea being, the gDS->AllocateMemorySpace() calls can be satisfied from whatever room is left from the range that the HOB identified. Especially in the case of multiple root bridges, I wouldn't know *how* to divide up the MMIO address space between them. (Dividing up the bus range was hard enough.) Same for IO ports -- all root bridges share the same [0xC000, 0x] port range. Therefore your idea above would immediately break OVMF, functionally :) (I suspect that OVMF is kinda broken already, in this aspect, but it happens to work.) I know precious little about PCI resource allocation. This is one of the areas we intend to look into seriously in the future, with Marcel (CC'd). Thus, if porting OVMF to the generic PciHostBridgeDxe driver requires incompatible changes at once, then I think we should postpone the port until Marcel returns from his vacation. To reiterate, my current problem is ultimately the lack of an algorithm for dynamically dividing up the IO and MMIO space between root bridges. Do you have an idea for that? (The algorithm, if there is one, could very well be specific to QEMU -- which too is where we'll need Marcel's input.) Thanks! Laszlo Regards, Ray -Original Message- From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Tuesday, January 26, 2016 10:20 AM To: Ni, Ruiyu Cc:
[edk2] [PATCH 2/4] BeagleBoardPkg: Rectify file modes
From: Evan LloydProblems have been encountered because some of the source files have execute permission set. This can cause git to report them as changed when they are checked out onto a file system with inherited permissions. This has been seen using Cygwin, MinGW and PowerShell Git. This patch makes no change to source file content, and only aims to correct the file modes/permissions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Evan Lloyd diff --git a/BeagleBoardPkg/Debugger_scripts/rvi_dummy.axf b/BeagleBoardPkg/Debugger_scripts/rvi_dummy.axf old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Debugger_scripts/rvi_symbols_macros.inc b/BeagleBoardPkg/Debugger_scripts/rvi_symbols_macros.inc old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Debugger_scripts/rvi_unload_symbols.inc b/BeagleBoardPkg/Debugger_scripts/rvi_unload_symbols.inc old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Include/BeagleBoard.h b/BeagleBoardPkg/Include/BeagleBoard.h old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Library/BeagleBoardLib/BeagleBoard.c b/BeagleBoardPkg/Library/BeagleBoardLib/BeagleBoard.c old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Library/BeagleBoardLib/BeagleBoardLib.inf b/BeagleBoardPkg/Library/BeagleBoardLib/BeagleBoardLib.inf old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Library/BeagleBoardLib/BeagleBoardMem.c b/BeagleBoardPkg/Library/BeagleBoardLib/BeagleBoardMem.c old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Library/BeagleBoardLib/Clock.c b/BeagleBoardPkg/Library/BeagleBoardLib/Clock.c old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Library/BeagleBoardLib/PadConfiguration.c b/BeagleBoardPkg/Library/BeagleBoardLib/PadConfiguration.c old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/License.txt b/BeagleBoardPkg/License.txt old mode 100755 new mode 100644 diff --git a/BeagleBoardPkg/Tools/makefile b/BeagleBoardPkg/Tools/makefile old mode 100755 new mode 100644 -- 2.7.0 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 3/4] EmbeddedPkg: Rectify file modes
From: Evan LloydProblems have been encountered because some of the source files have execute permission set. This can cause git to report them as changed when they are checked out onto a file system with inherited permissions. This has been seen using Cygwin, MinGW and PowerShell Git. This patch makes no change to source file content, and only aims to correct the file modes/permissions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Evan Lloyd diff --git a/EmbeddedPkg/Include/Library/DebugAgentTimerLib.h b/EmbeddedPkg/Include/Library/DebugAgentTimerLib.h old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Include/Library/DmaLib.h b/EmbeddedPkg/Include/Library/DmaLib.h old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/DebugAgentTimerLibNull/DebugAgentTimerLib.c b/EmbeddedPkg/Library/DebugAgentTimerLibNull/DebugAgentTimerLib.c old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/DebugAgentTimerLibNull/DebugAgentTimerLibNull.inf b/EmbeddedPkg/Library/DebugAgentTimerLibNull/DebugAgentTimerLibNull.inf old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/FdtLib/README.txt b/EmbeddedPkg/Library/FdtLib/README.txt old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/Arm/ExceptionSupport.ARMv6.S b/EmbeddedPkg/Library/GdbDebugAgent/Arm/ExceptionSupport.ARMv6.S old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/Arm/ExceptionSupport.ARMv6.asm b/EmbeddedPkg/Library/GdbDebugAgent/Arm/ExceptionSupport.ARMv6.asm old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/Arm/Processor.c b/EmbeddedPkg/Library/GdbDebugAgent/Arm/Processor.c old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/GdbDebugAgent.c b/EmbeddedPkg/Library/GdbDebugAgent/GdbDebugAgent.c old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/GdbDebugAgent.h b/EmbeddedPkg/Library/GdbDebugAgent/GdbDebugAgent.h old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/GdbDebugAgent.inf b/EmbeddedPkg/Library/GdbDebugAgent/GdbDebugAgent.inf old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/Ia32/Processor.c b/EmbeddedPkg/Library/GdbDebugAgent/Ia32/Processor.c old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/X64/Processor.c b/EmbeddedPkg/Library/GdbDebugAgent/X64/Processor.c old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/GdbDebugAgent/gdbnotes.txt b/EmbeddedPkg/Library/GdbDebugAgent/gdbnotes.txt old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/NullDmaLib/NullDmaLib.c b/EmbeddedPkg/Library/NullDmaLib/NullDmaLib.c old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Library/NullDmaLib/NullDmaLib.inf b/EmbeddedPkg/Library/NullDmaLib/NullDmaLib.inf old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/License.txt b/EmbeddedPkg/License.txt old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Scripts/LauterbachT32/EFI.CMM b/EmbeddedPkg/Scripts/LauterbachT32/EFI.CMM old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Scripts/LauterbachT32/EfiLoadDxe.cmm b/EmbeddedPkg/Scripts/LauterbachT32/EfiLoadDxe.cmm old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Scripts/LauterbachT32/EfiLoadFv.cmm b/EmbeddedPkg/Scripts/LauterbachT32/EfiLoadFv.cmm old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Scripts/LauterbachT32/EfiProcessPeImage.cmm b/EmbeddedPkg/Scripts/LauterbachT32/EfiProcessPeImage.cmm old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Scripts/LauterbachT32/EfiProcessTeImage.cmm b/EmbeddedPkg/Scripts/LauterbachT32/EfiProcessTeImage.cmm old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Scripts/LauterbachT32/README.txt b/EmbeddedPkg/Scripts/LauterbachT32/README.txt old mode 100755 new mode 100644 diff --git a/EmbeddedPkg/Scripts/LauterbachT32/T32.CMM b/EmbeddedPkg/Scripts/LauterbachT32/T32.CMM old mode 100755 new mode 100644 -- 2.7.0 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 4/4] Omap35xxPkg: Rectify file modes
From: Evan LloydProblems have been encountered because some of the source files have execute permission set. This can cause git to report them as changed when they are checked out onto a file system with inherited permissions. This has been seen using Cygwin, MinGW and PowerShell Git. This patch makes no change to source file content, and only aims to correct the file modes/permissions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Evan Lloyd diff --git a/Omap35xxPkg/Include/Library/OmapDmaLib.h b/Omap35xxPkg/Include/Library/OmapDmaLib.h old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/Include/Omap3530/Omap3530Dma.h b/Omap35xxPkg/Include/Omap3530/Omap3530Dma.h old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/Library/DebugAgentTimerLib/DebugAgentTimerLib.c b/Omap35xxPkg/Library/DebugAgentTimerLib/DebugAgentTimerLib.c old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/Library/DebugAgentTimerLib/DebugAgentTimerLib.inf b/Omap35xxPkg/Library/DebugAgentTimerLib/DebugAgentTimerLib.inf old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/Library/OmapDmaLib/OmapDmaLib.c b/Omap35xxPkg/Library/OmapDmaLib/OmapDmaLib.c old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/Library/OmapDmaLib/OmapDmaLib.inf b/Omap35xxPkg/Library/OmapDmaLib/OmapDmaLib.inf old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/Library/RealTimeClockLib/RealTimeClockLib.c b/Omap35xxPkg/Library/RealTimeClockLib/RealTimeClockLib.c old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/Library/RealTimeClockLib/RealTimeClockLib.inf b/Omap35xxPkg/Library/RealTimeClockLib/RealTimeClockLib.inf old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/License.txt b/Omap35xxPkg/License.txt old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/MmcHostDxe/MmcHostDxe.c b/Omap35xxPkg/MmcHostDxe/MmcHostDxe.c old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/MmcHostDxe/MmcHostDxe.h b/Omap35xxPkg/MmcHostDxe/MmcHostDxe.h old mode 100755 new mode 100644 diff --git a/Omap35xxPkg/MmcHostDxe/MmcHostDxe.inf b/Omap35xxPkg/MmcHostDxe/MmcHostDxe.inf old mode 100755 new mode 100644 -- 2.7.0 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 1/4] ArmPlatformPkg: Rectify file modes
From: Evan LloydProblems have been encountered because some of the source files have execute permission set. This can cause git to report them as changed when they are checked out onto a file system with inherited permissions. This has been seen using Cygwin, MinGW and PowerShell Git. This patch makes no change to source file content, and only aims to correct the file modes/permissions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Evan Lloyd diff --git a/ArmPlatformPkg/Documentation/ARM-EDK2-Overview.png b/ArmPlatformPkg/Documentation/ARM-EDK2-Overview.png old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Documentation/ArmPlatformLib-2nd-Stage.png b/ArmPlatformPkg/Documentation/ArmPlatformLib-2nd-Stage.png old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Documentation/ArmPlatformLib-Full-Boot.png b/ArmPlatformPkg/Documentation/ArmPlatformLib-Full-Boot.png old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Drivers/PL180MciDxe/PL180MciDxe.inf b/ArmPlatformPkg/Drivers/PL180MciDxe/PL180MciDxe.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Drivers/PL301Axi/PL301Axi.inf b/ArmPlatformPkg/Drivers/PL301Axi/PL301Axi.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Drivers/PL310L2Cache/PL310L2CacheSec.inf b/ArmPlatformPkg/Drivers/PL310L2Cache/PL310L2CacheSec.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Drivers/PL34xDmc/PL341Dmc.inf b/ArmPlatformPkg/Drivers/PL34xDmc/PL341Dmc.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Drivers/PL35xSmc/InitializeSMC.S b/ArmPlatformPkg/Drivers/PL35xSmc/InitializeSMC.S old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Drivers/PL35xSmc/InitializeSMC.asm b/ArmPlatformPkg/Drivers/PL35xSmc/InitializeSMC.asm old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Drivers/PL35xSmc/PL35xSmc.inf b/ArmPlatformPkg/Drivers/PL35xSmc/PL35xSmc.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Library/DebugSecExtraActionLib/DebugSecExtraActionLib.c b/ArmPlatformPkg/Library/DebugSecExtraActionLib/DebugSecExtraActionLib.c old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Library/DebugSecExtraActionLib/DebugSecExtraActionLib.inf b/ArmPlatformPkg/Library/DebugSecExtraActionLib/DebugSecExtraActionLib.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Library/L2X0CacheLibNull/L2X0CacheLibNull.inf b/ArmPlatformPkg/Library/L2X0CacheLibNull/L2X0CacheLibNull.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Library/PrePiHobListPointerLib/PrePiHobListPointer.c b/ArmPlatformPkg/Library/PrePiHobListPointerLib/PrePiHobListPointer.c old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf b/ArmPlatformPkg/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/License.txt b/ArmPlatformPkg/License.txt old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/MemoryInitPei/MemoryInitPeiLib.c b/ArmPlatformPkg/MemoryInitPei/MemoryInitPeiLib.c old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/MemoryInitPei/MemoryInitPeiLib.inf b/ArmPlatformPkg/MemoryInitPei/MemoryInitPeiLib.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.c b/ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.c old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf b/ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/PlatformPei/PlatformPeiLib.c b/ArmPlatformPkg/PlatformPei/PlatformPeiLib.c old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/PlatformPei/PlatformPeiLib.inf b/ArmPlatformPkg/PlatformPei/PlatformPeiLib.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/PlatformPei/PlatformPeim.c b/ArmPlatformPkg/PlatformPei/PlatformPeim.c old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/PlatformPei/PlatformPeim.inf b/ArmPlatformPkg/PlatformPei/PlatformPeim.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/PrePi/PeiMPCore.inf b/ArmPlatformPkg/PrePi/PeiMPCore.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/PrePi/PeiUniCore.inf b/ArmPlatformPkg/PrePi/PeiUniCore.inf old mode 100755 new mode 100644 diff --git a/ArmPlatformPkg/PrePi/PrePi.c b/ArmPlatformPkg/PrePi/PrePi.c old mode 100755 new mode 100644 -- 2.7.0 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel