Re: [edk2] [PATCH] PcAtChipsetPkg/PcatChipsetPkg.dsc: Add a driver to build
Reviewed-by: Liming Gao >-Original Message- >From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of >Zhichao Gao >Sent: Thursday, March 21, 2019 10:45 PM >To: edk2-devel@lists.01.org >Cc: Gao, Liming >Subject: [edk2] [PATCH] PcAtChipsetPkg/PcatChipsetPkg.dsc: Add a driver to >build > >REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1646 > >Add the IdeControllerDxe driver to the [Components] section >to make sure it would build correctly. > >Contributed-under: TianoCore Contribution Agreement 1.1 >Signed-off-by: Zhichao Gao >Cc: Ray Ni >Cc: Liming Gao >--- > PcAtChipsetPkg/PcAtChipsetPkg.dsc | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/PcAtChipsetPkg/PcAtChipsetPkg.dsc >b/PcAtChipsetPkg/PcAtChipsetPkg.dsc >index d357aa28d0..e58ca81864 100644 >--- a/PcAtChipsetPkg/PcAtChipsetPkg.dsc >+++ b/PcAtChipsetPkg/PcAtChipsetPkg.dsc >@@ -52,6 +52,7 @@ > PcAtChipsetPkg/8254TimerDxe/8254Timer.inf > PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf > PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf >+ PcAtChipsetPkg/Bus/Pci/IdeControllerDxe/IdeControllerDxe.inf > PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf > PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf > PcAtChipsetPkg/Library/ResetSystemLib/ResetSystemLib.inf >-- >2.16.2.windows.1 > >___ >edk2-devel mailing list >edk2-devel@lists.01.org >https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 2/3] OvmfPkg: Add an Super IO bus driver
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1495 There is a plan to remove the IntelFrameworkModulePkg: https://bugzilla.tianocore.org/show_bug.cgi?id=1605 This patch will a new OVMF Super I/O bus driver which will create the below child devices: * COM 1 UART * COM 2 UART * PS/2 Keyboard and installs the Super I/O Protocol on them. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Ray Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc| 1 + OvmfPkg/OvmfPkgX64.dsc| 1 + OvmfPkg/SioBusDxe/SioBusDxe.inf | 54 ++ OvmfPkg/SioBusDxe/SioBusDxe.h | 332 +++ OvmfPkg/SioBusDxe/SioService.h| 221 +++ OvmfPkg/SioBusDxe/ComponentName.c | 167 ++ OvmfPkg/SioBusDxe/SioBusDxe.c | 622 OvmfPkg/SioBusDxe/SioService.c| 405 + OvmfPkg/SioBusDxe/SioBusDxe.uni | 21 + 10 files changed, 1825 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 1710ab5a88..3be0314146 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -752,6 +752,7 @@ # # ISA Support # + OvmfPkg/SioBusDxe/SioBusDxe.inf PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 5bceef3116..3b85c2e6af 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -761,6 +761,7 @@ # # ISA Support # + OvmfPkg/SioBusDxe/SioBusDxe.inf PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3f5d948dbb..104b2e79a5 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -759,6 +759,7 @@ # # ISA Support # + OvmfPkg/SioBusDxe/SioBusDxe.inf PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf diff --git a/OvmfPkg/SioBusDxe/SioBusDxe.inf b/OvmfPkg/SioBusDxe/SioBusDxe.inf new file mode 100644 index 00..5c462f1a8c --- /dev/null +++ b/OvmfPkg/SioBusDxe/SioBusDxe.inf @@ -0,0 +1,54 @@ +## @file +# The SioBusDxe driver is used to create child devices on the ISA bus and +# installs the Super I/O protocols on them. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = SioBusDxe + MODULE_UNI_FILE= SioBusDxe.uni + FILE_GUID = 864E1CA8-85EB-4D63-9DCC-6E0FC90FFD55 + MODULE_TYPE= UEFI_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT= SioBusDxeDriverEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + ComponentName.c + SioService.c + SioService.h + SioBusDxe.c + SioBusDxe.h + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + UefiLib + UefiBootServicesTableLib + DebugLib + ReportStatusCodeLib + MemoryAllocationLib + BaseMemoryLib + DevicePathLib + +[Protocols] + gEfiPciIoProtocolGuid## TO_START + gEfiSioProtocolGuid ## BY_START diff --git a/OvmfPkg/SioBusDxe/SioBusDxe.h b/OvmfPkg/SioBusDxe/SioBusDxe.h new file mode 100644 index 00..1455c48f63 --- /dev/null +++ b/OvmfPkg/SioBusDxe/SioBusDxe.h @@ -0,0 +1,332 @@ +/** @file + The SioBusDxe driver is used to create child devices on the ISA bus and + installs the Super I/O protocols on them. + + Copyright (c) 2019, Intel Corporation. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions + of the BSD License which accompanies this distribution. The + full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __SIO_BUS_DXE_H__ +#define __SIO_BUS_DXE_H__ + +#include + +#include + +#include +#include + +#include +#include +#include +#include
Re: [edk2] [PATCH] IntelSiliconPkg/IntelSiliconPkg.dsc: Add a driver to build
Reviewed-by: Liming Gao >-Original Message- >From: Gao, Zhichao >Sent: Thursday, March 21, 2019 10:44 PM >To: edk2-devel@lists.01.org >Cc: Ni, Ray ; Chaganty, Rangasai V >; Gao, Liming >Subject: [PATCH] IntelSiliconPkg/IntelSiliconPkg.dsc: Add a driver to build > >REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1647 > >Add a driver MicrocodeFlashAccessLibNull.inf to the >[Components] section to make sure it would build correctly. > >Contributed-under: TianoCore Contribution Agreement 1.1 >Signed-off-by: Zhichao Gao >Cc: Ray Ni >Cc: Rangasai V Chaganty >Cc: Liming Gao >--- > IntelSiliconPkg/IntelSiliconPkg.dsc | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/IntelSiliconPkg/IntelSiliconPkg.dsc >b/IntelSiliconPkg/IntelSiliconPkg.dsc >index 790870e2f1..a00fef6010 100644 >--- a/IntelSiliconPkg/IntelSiliconPkg.dsc >+++ b/IntelSiliconPkg/IntelSiliconPkg.dsc >@@ -85,6 +85,7 @@ > >IntelSiliconPkg/Feature/VTd/PlatformVTdSampleDxe/PlatformVTdSampleDxe >.inf > >IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSa >mplePei.inf > >IntelSiliconPkg/Feature/Capsule/MicrocodeUpdateDxe/MicrocodeUpdateDx >e.inf >+ >IntelSiliconPkg/Feature/Capsule/Library/MicrocodeFlashAccessLibNull/Microc >odeFlashAccessLibNull.inf > > [BuildOptions] > *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES >-- >2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 3/3] OvmfPkg: Add a build flag to select ISA driver stack
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1495 This commit will add a static build flag 'USE_LEGACY_ISA_STACK' to select the ISA driver stack. If the flag is set to TRUE, the below driver stack will be used: PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf If the flag is set to FALSE, the below driver stack will be used: OvmfPkg/SioBusDxe/SioBusDxe.inf MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf The default value is set to FALSE in OVMF DSC files. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Ray Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- OvmfPkg/OvmfPkgIa32.dsc| 6 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++ OvmfPkg/OvmfPkgX64.dsc | 6 ++ OvmfPkg/OvmfPkgIa32.fdf| 18 -- OvmfPkg/OvmfPkgIa32X64.fdf | 18 -- OvmfPkg/OvmfPkgX64.fdf | 18 -- 6 files changed, 54 insertions(+), 18 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 3be0314146..f55ab5a3d2 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -41,6 +41,7 @@ DEFINE TLS_ENABLE = FALSE DEFINE TPM2_ENABLE = FALSE DEFINE TPM2_CONFIG_ENABLE = FALSE + DEFINE USE_LEGACY_ISA_STACK= FALSE # # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to @@ -752,11 +753,16 @@ # # ISA Support # +!if $(USE_LEGACY_ISA_STACK) == FALSE OvmfPkg/SioBusDxe/SioBusDxe.inf + MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf + MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +!else PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf +!endif # # SMBIOS Support diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 3b85c2e6af..5c9bdf034e 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -41,6 +41,7 @@ DEFINE TLS_ENABLE = FALSE DEFINE TPM2_ENABLE = FALSE DEFINE TPM2_CONFIG_ENABLE = FALSE + DEFINE USE_LEGACY_ISA_STACK= FALSE # # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to @@ -761,11 +762,16 @@ # # ISA Support # +!if $(USE_LEGACY_ISA_STACK) == FALSE OvmfPkg/SioBusDxe/SioBusDxe.inf + MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf + MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +!else PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf +!endif # # SMBIOS Support diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 104b2e79a5..2943e9e8af 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -41,6 +41,7 @@ DEFINE TLS_ENABLE = FALSE DEFINE TPM2_ENABLE = FALSE DEFINE TPM2_CONFIG_ENABLE = FALSE + DEFINE USE_LEGACY_ISA_STACK= FALSE # # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to @@ -759,11 +760,16 @@ # # ISA Support # +!if $(USE_LEGACY_ISA_STACK) == FALSE OvmfPkg/SioBusDxe/SioBusDxe.inf + MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf + MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +!else PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf +!endif # # SMBIOS Support diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 54d7f06a70..006ea9a415 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -265,14 +265,20 @@ INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf -INF PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf -INF IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf - +!if $(USE_LEGACY_ISA_STACK) == FALSE + INF OvmfPkg/SioBusDxe/SioBusDxe.inf !ifndef $(SOURCE_DEBUG_ENABLE) -INF IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf + INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf +!endif + INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf +!else + INF PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf + INF IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf
[edk2] [PATCH v2 0/3] Ovmf: Stop using ISA drivers within IntelFrameworkModulePkg
The series is also available at: https://github.com/hwu25/edk2/tree/ovmf_siobus_v2 V2 changes: * Introduce a static build flag 'USE_LEGACY_ISA_STACK' in OVMF DSC files for users to select between the ISA driver stacks. * V1 patch 2/2 is split into 2 patches in V2. The first one will add the new OVMF SioBusDxe driver and list it in the DSC files. Then second one will add the whole new ISA stack in DSC/FDF files. V1 history: This series will update the OVMF to stop using the ISA drivers within IntelFrameworkModulePkg. As the replacement, a new OVMF Super I/O bus driver has been add which will install the Super I/O protocol for ISA serial and PS2 keyboard devices. By doing so, these devices can be managed by: MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf respectively. Tests done: A. GCC5 & VS2015x86 tool chains build pass B. Launch QEMU (2.4.50, Windows) with command: > qemu-system-x86_64.exe -pflash \OVMF.fd -serial file:1.txt -serial file:2.txt Able to see the ISA COM1/COM2 UART and PS2Keyboard devices under Shell using command 'devtree'; Both the serials and PS2 keyboard are working fine; Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Ray Ni Hao Wu (3): OvmfPkg: Drop the ISA Floppy device support OvmfPkg: Add an Super IO bus driver OvmfPkg: Add a build flag to select ISA driver stack OvmfPkg/OvmfPkgIa32.dsc | 10 +- OvmfPkg/OvmfPkgIa32X64.dsc| 10 +- OvmfPkg/OvmfPkgX64.dsc| 10 +- OvmfPkg/OvmfPkgIa32.fdf | 21 +- OvmfPkg/OvmfPkgIa32X64.fdf| 21 +- OvmfPkg/OvmfPkgX64.fdf| 21 +- OvmfPkg/SioBusDxe/SioBusDxe.inf | 54 ++ OvmfPkg/SioBusDxe/SioBusDxe.h | 332 +++ OvmfPkg/SioBusDxe/SioService.h| 221 +++ OvmfPkg/SioBusDxe/ComponentName.c | 167 ++ OvmfPkg/SioBusDxe/SioBusDxe.c | 622 OvmfPkg/SioBusDxe/SioService.c| 405 + OvmfPkg/SioBusDxe/SioBusDxe.uni | 21 + 13 files changed, 1885 insertions(+), 30 deletions(-) create mode 100644 OvmfPkg/SioBusDxe/SioBusDxe.inf create mode 100644 OvmfPkg/SioBusDxe/SioBusDxe.h create mode 100644 OvmfPkg/SioBusDxe/SioService.h create mode 100644 OvmfPkg/SioBusDxe/ComponentName.c create mode 100644 OvmfPkg/SioBusDxe/SioBusDxe.c create mode 100644 OvmfPkg/SioBusDxe/SioService.c create mode 100644 OvmfPkg/SioBusDxe/SioBusDxe.uni -- 2.12.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 1/3] OvmfPkg: Drop the ISA Floppy device support
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1495 There is a plan to remove the IntelFrameworkModulePkg: https://bugzilla.tianocore.org/show_bug.cgi?id=1605 And for driver: IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe This patch proposes to drop the ISA Floppy device support in OVMF. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Ray Ni Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- OvmfPkg/OvmfPkgIa32.dsc| 3 +-- OvmfPkg/OvmfPkgIa32X64.dsc | 3 +-- OvmfPkg/OvmfPkgX64.dsc | 3 +-- OvmfPkg/OvmfPkgIa32.fdf| 3 +-- OvmfPkg/OvmfPkgIa32X64.fdf | 3 +-- OvmfPkg/OvmfPkgX64.fdf | 3 +-- 6 files changed, 6 insertions(+), 12 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 5b885590b2..1710ab5a88 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # # This program and the accompanying materials @@ -756,7 +756,6 @@ IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf - IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/IsaFloppyDxe.inf # # SMBIOS Support diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index bbf0853ee6..5bceef3116 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # # This program and the accompanying materials @@ -765,7 +765,6 @@ IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf - IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/IsaFloppyDxe.inf # # SMBIOS Support diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index d81460f520..3f5d948dbb 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # # This program and the accompanying materials @@ -763,7 +763,6 @@ IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf - IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/IsaFloppyDxe.inf # # SMBIOS Support diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 4999403ad7..54d7f06a70 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -1,7 +1,7 @@ ## @file # Open Virtual Machine Firmware: FDF # -# Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # # This program and the accompanying materials @@ -273,7 +273,6 @@ INF IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf !endif INF IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf -INF IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/IsaFloppyDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index d0cc107928..7519b53a9b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -1,7 +1,7 @@ ## @file # Open Virtual Machine Firmware: FDF # -# Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # # This program and the accompanying materials @@ -274,7 +274,6 @@ INF IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf !endif INF IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf -INF IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/IsaFloppyDxe.inf INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index d0cc107928..7519b53a9b 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf
[edk2] [PATCH 4/6] CryptoPkg/BaseCryptLib: Add new API VerifyEKUsInPkcs7Signature
From: Bret Barkelew REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1402 Add the API VerifyEKUsInPkcs7Signature to check if x509 cert has any or all EKUs. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Zhichao Gao Cc: Ting Ye Cc: Gang Wei Cc: Wang Jian J Cc: Liming Gao Cc: Sean Brogan Cc: Michael Turner Cc: Bret Barkelew --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 1 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 3 +- .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 539 + .../BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c | 75 +++ CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 + 6 files changed, 619 insertions(+), 1 deletion(-) create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index 5988c103c6..dbddd98c59 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -51,6 +51,7 @@ Pk/CryptPkcs7Sign.c Pk/CryptPkcs7VerifyCommon.c Pk/CryptPkcs7VerifyBase.c + Pk/CryptPkcs7VerifyEku.c Pk/CryptDh.c Pk/CryptX509.c Pk/CryptAuthenticode.c diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf index e84d7f91e4..5dbb115734 100644 --- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf @@ -13,7 +13,7 @@ # PEM handler functions, and pseudorandom number generator functions are not # supported in this instance. # -# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -58,6 +58,7 @@ Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7VerifyCommon.c Pk/CryptPkcs7VerifyBase.c + Pk/CryptPkcs7VerifyEku.c Pk/CryptDhNull.c Pk/CryptX509Null.c diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c new file mode 100644 index 00..0384b53476 --- /dev/null +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c @@ -0,0 +1,539 @@ +/** @file + This module verifies that Enhanced Key Usages (EKU's) are present within + a PKCS7 signature blob using OpenSSL. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. + + Copyright (C) Microsoft Corporation. All Rights Reserved. + Copyright (c) 2019, Intel Corporation. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +**/ + +#include +#include "InternalCryptLib.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + This function will return the leaf signer certificate in a chain. This is + required because certificate chains are not guaranteed to have the + certificates in the order that they were issued. + + A typical certificate chain looks like this: + + + +|Root| + + ^ + | + +| Policy CA | <-- Typical Trust Anchor. + + ^ +
[edk2] [PATCH 5/6] CryptoPkg/BaseCryptLib.h: Add PKCS1v2 (RSAES-OAEP) support.
From: Bret Barkelew REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1403 Add prototype of new API Pkcs1v2Encrypt in header file to support PKCS1v2 (RSAES-OAEP) encrypt. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Zhichao Gao Cc: Ting Ye Cc: Gang Wei Cc: Wang Jian J Cc: Liming Gao Cc: Sean Brogan Cc: Michael Turner Cc: Bret Barkelew --- CryptoPkg/Include/Library/BaseCryptLib.h | 44 +++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 37b93a2c63..f0f0021469 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -4,7 +4,7 @@ primitives (Hash Serials, HMAC, RSA, Diffie-Hellman, etc) for UEFI security functionality enabling. -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -2411,6 +2411,48 @@ Pkcs5HashPassword ( OUT UINT8*OutKey ); +/** + Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return the + encrypted message in a newly allocated buffer. + + Things that can cause a failure include: + - X509 key size does not match any known key size. + - Fail to parse X509 certificate. + - Fail to allocate an intermediate buffer. + - Null pointer provided for a non-optional parameter. + - Data size is too large for the provided key size (max size is a function of key size +and hash digest size). + + @param[in] PublicKey A pointer to the DER-encoded X509 certificate that + will be used to encrypt the data. + @param[in] PublicKeySize Size of the X509 cert buffer. + @param[in] InData Data to be encrypted. + @param[in] InDataSize Size of the data buffer. + @param[in] PrngSeed[Optional] If provided, a pointer to a random seed buffer + to be used when initializing the PRNG. NULL otherwise. + @param[in] PrngSeedSize[Optional] If provided, size of the random seed buffer. + 0 otherwise. + @param[out] EncryptedData Pointer to an allocated buffer containing the encrypted + message. + @param[out] EncryptedDataSize Size of the encrypted message buffer. + + @retval TRUEEncryption was successful. + @retval FALSE Encryption failed. + +**/ +BOOLEAN +EFIAPI +Pkcs1v2Encrypt ( + IN CONST UINT8 *PublicKey, + IN UINTNPublicKeySize, + IN UINT8*InData, + IN UINTNInDataSize, + IN CONST UINT8 *PrngSeed, OPTIONAL + IN UINTNPrngSeedSize, OPTIONAL + OUT UINT8**EncryptedData, + OUT UINTN*EncryptedDataSize + ); + /** The 3rd parameter of Pkcs7GetSigners will return all embedded X.509 certificate in one given PKCS7 signature. The format is: -- 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 1/6] CryptoPkg/BaseCryptLib.h: Add new API to get organization name
From: Bret Barkelew REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1401 Add a prototype declaration of the new API X509GetOrganizationName in the header file. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Zhichao Gao Cc: Ting Ye Cc: Gang Wei Cc: Wang Jian J Cc: Liming Gao Cc: Sean Brogan Cc: Michael Turner Cc: Bret Barkelew --- CryptoPkg/Include/Library/BaseCryptLib.h | 35 1 file changed, 35 insertions(+) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 52ab2316db..011e908ee4 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2206,6 +2206,41 @@ X509GetCommonName ( IN OUT UINTN*CommonNameSize ); +/** + Retrieve the organization name (ON) string from one X.509 certificate. + + @param[in] Cert Pointer to the DER-encoded X509 certificate. + @param[in] CertSize Size of the X509 certificate in bytes. + @param[out] NameBuffer Buffer to contain the retrieved certificate organization + name string. At most NameBufferSize bytes will be + written and the string will be null terminated. May be + NULL in order to determine the size buffer needed. + @param[in,out] NameBufferSize The size in bytes of the Name buffer on input, + and the size of buffer returned Name on output. + If NameBuffer is NULL then the amount of space needed + in buffer (including the final null) is returned. + + @retval RETURN_SUCCESS The certificate Organization Name retrieved successfully. + @retval RETURN_INVALID_PARAMETER If Cert is NULL. + If NameBufferSize is NULL. + If NameBuffer is not NULL and *CommonNameSize is 0. + If Certificate is invalid. + @retval RETURN_NOT_FOUND If no Organization Name entry exists. + @retval RETURN_BUFFER_TOO_SMALL If the NameBuffer is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. + @retval RETURN_UNSUPPORTED The operation is not supported. + +**/ +RETURN_STATUS +EFIAPI +X509GetOrganizationName ( + IN CONST UINT8 *Cert, + IN UINTN CertSize, + OUT CHAR8 *NameBuffer, OPTIONAL + IN OUT UINTN *NameBufferSize + ); + /** Verify one X509 certificate was issued by the trusted CA. -- 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 6/6] CryptoPkg/BaseCryptLib: Add PKCS1v2 (RSAES-OAEP) support.
From: Bret Barkelew
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1403
Add support for PKCS 1v2 RSAES-OAEP PKI encryption in BaseCryptLib.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhichao Gao
Cc: Ting Ye
Cc: Gang Wei
Cc: Wang Jian J
Cc: Liming Gao
Cc: Sean Brogan
Cc: Michael Turner
Cc: Bret Barkelew
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 1 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 218 +
.../Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 61 ++
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
6 files changed, 283 insertions(+)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index dbddd98c59..55a6be83c6 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -47,6 +47,7 @@
Cipher/CryptArc4.c
Pk/CryptRsaBasic.c
Pk/CryptRsaExt.c
+ Pk/CryptPkcs1Oaep.c
Pk/CryptPkcs5Pbkdf2.c
Pk/CryptPkcs7Sign.c
Pk/CryptPkcs7VerifyCommon.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index 5dbb115734..3427000416 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -54,6 +54,7 @@
Pk/CryptRsaBasic.c
Pk/CryptRsaExtNull.c
+ Pk/CryptPkcs1OaepNull.c
Pk/CryptPkcs5Pbkdf2Null.c
Pk/CryptPkcs7SignNull.c
Pk/CryptPkcs7VerifyCommon.c
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
new file mode 100644
index 00..df5cd75049
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c
@@ -0,0 +1,218 @@
+/** @file
+ This file contains UEFI wrapper functions for RSA PKCS1v2 OAEP encryption
routines.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ THE POSSIBILITY OF SUCH DAMAGE.
+
+ Copyright (C) 2016 Microsoft Corporation. All Rights Reserved.
+ Copyright (c) 2019, Intel Corporation. All rights reserved.
+
+**/
+
+#include "InternalCryptLib.h"
+#include
+#include
+#include
+#include
+
+/**
+ Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return
the
+ encrypted message in a newly allocated buffer.
+
+ Things that can cause a failure include:
+ - X509 key size does not match any known key size.
+ - Fail to parse X509 certificate.
+ - Fail to allocate an intermediate buffer.
+ - Null pointer provided for a non-optional parameter.
+ - Data size is too large for the provided key size (max size is a function
of key size
+and hash digest size).
+
+ @param[in] PublicKey A pointer to the DER-encoded X509
certificate that
+ will be used to encrypt the data.
+ @param[in] PublicKeySize Size of the X509 cert buffer.
+ @param[in] InData Data to be encrypted.
+ @param[in] InDataSize Size of the data buffer.
+ @param[in] PrngSeed[Optional] If provided, a pointer to a
random seed buffer
+ to be used when initializing the PRNG. NULL
otherwise.
+ @param[in] PrngSeedSize[Optional] If provided, size of the random
seed buffer.
+ 0 otherwise.
+ @param[out] EncryptedData Pointer to an allocated buffer containing
the encrypted
+ message.
+ @param[out] EncryptedDataSize Size of the encrypted message buffer.
+
+ @retval TRUEEncryption was successful.
+ @retval FALSE Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs1v2Encrypt (
+ IN CONST UINT8 *PublicKey,
+ IN UINTNPublicKeySize,
+ IN UINT8*InData,
+ IN UINTNInDataSize,
+ IN CONST UINT8 *PrngSeed, OPTIONAL
+ IN UINTNPrngSeedSize, OPTIONAL
+ OUT UINT8**EncryptedData,
+ OUT UINTN*EncryptedDataSize
+ )
+{
+
[edk2] [PATCH 2/6] CryptoPkg/BaseCryptLib: Add new API to get organization name
From: Bret Barkelew
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1401
Implement a common function to get the NID name. And use
this function to get common name and organization name.
Add a null function API X509GetOrganizationName of null
function source file.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhichao Gao
Cc: Ting Ye
Cc: Gang Wei
Cc: Wang Jian J
Cc: Liming Gao
Cc: Sean Brogan
Cc: Michael Turner
Cc: Bret Barkelew
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 102 +++---
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 +++
2 files changed, 122 insertions(+), 12 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
index 75337ed32b..bcdefabbb7 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c
@@ -298,10 +298,11 @@ _Exit:
}
/**
- Retrieve the common name (CN) string from one X.509 certificate.
+ Retrieve a string from one X.509 certificate base on the Request_NID.
@param[in] Cert Pointer to the DER-encoded X509 certificate.
@param[in] CertSize Size of the X509 certificate in bytes.
+ @param[in] Request_NID NID of string to obtain
@param[out] CommonName Buffer to contain the retrieved certificate
common
name string (UTF8). At most CommonNameSize
bytes will be
written and the string will be null
terminated. May be
@@ -316,20 +317,21 @@ _Exit:
If CommonNameSize is NULL.
If CommonName is not NULL and
*CommonNameSize is 0.
If Certificate is invalid.
- @retval RETURN_NOT_FOUND If no CommonName entry exists.
+ @retval RETURN_NOT_FOUND If no NID Name entry exists.
@retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required
buffer size
(including the final null) is returned in
the
CommonNameSize parameter.
@retval RETURN_UNSUPPORTED The operation is not supported.
**/
+STATIC
RETURN_STATUS
-EFIAPI
-X509GetCommonName (
- IN CONST UINT8 *Cert,
- IN UINTNCertSize,
- OUT CHAR8*CommonName, OPTIONAL
- IN OUT UINTN*CommonNameSize
+InternalX509GetNIDName (
+ IN CONST UINT8 *Cert,
+ IN UINTN CertSize,
+ IN INT32 Request_NID,
+ OUT CHAR8 *CommonName, OPTIONAL
+ IN OUT UINTN *CommonNameSize
)
{
RETURN_STATUSReturnStatus;
@@ -381,12 +383,12 @@ X509GetCommonName (
}
//
- // Retrieve the CommonName information from X.509 Subject
+ // Retrive the string from X.509 Subject base on the Request_NID
//
- Index = X509_NAME_get_index_by_NID (X509Name, NID_commonName, -1);
+ Index = X509_NAME_get_index_by_NID (X509Name, Request_NID, -1);
if (Index < 0) {
//
-// No CommonName entry exists in X509_NAME object
+// No Request_NID name entry exists in X509_NAME object
//
*CommonNameSize = 0;
ReturnStatus= RETURN_NOT_FOUND;
@@ -408,7 +410,7 @@ X509GetCommonName (
Length = ASN1_STRING_to_UTF8 (, EntryData);
if (Length < 0) {
//
-// Fail to convert the commonName string
+// Fail to convert the Name string
//
*CommonNameSize = 0;
ReturnStatus= RETURN_INVALID_PARAMETER;
@@ -439,6 +441,82 @@ _Exit:
return ReturnStatus;
}
+/**
+ Retrieve the common name (CN) string from one X.509 certificate.
+
+ @param[in] Cert Pointer to the DER-encoded X509 certificate.
+ @param[in] CertSize Size of the X509 certificate in bytes.
+ @param[out] CommonName Buffer to contain the retrieved certificate
common
+ name string. At most CommonNameSize bytes
will be
+ written and the string will be null
terminated. May be
+ NULL in order to determine the size buffer
needed.
+ @param[in,out] CommonNameSize The size in bytes of the CommonName buffer
on input,
+ and the size of buffer returned CommonName
on output.
+ If CommonName is NULL then the amount of
space needed
+ in buffer (including the final null) is
returned.
+
+ @retval RETURN_SUCCESS The certificate CommonName retrieved
successfully.
+ @retval RETURN_INVALID_PARAMETER If Cert is NULL.
+ If CommonNameSize is NULL.
+ If CommonName is not NULL and
*CommonNameSize is 0.
+ If Certificate is invalid.
+ @retval RETURN_NOT_FOUND If no CommonName entry
[edk2] [PATCH 0/6] Add new APIs for BaseCryptLib
Add new API to get organization name Add new API VerifyEKUsInPkcs7Signature Add PKCS1v2 (RSAES-OAEP) support Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Zhichao Gao Cc: Ting Ye Cc: Gang Wei Cc: Wang Jian J Cc: Liming Gao Cc: Sean Brogan Cc: Michael Turner Cc: Bret Barkelew Bret Barkelew (6): CryptoPkg/BaseCryptLib.h: Add new API to get organization name CryptoPkg/BaseCryptLib: Add new API to get organization name CryptoPkg/BaseCryptLib.h: Add new API VerifyEKUsInPkcs7Signature CryptoPkg/BaseCryptLib: Add new API VerifyEKUsInPkcs7Signature CryptoPkg/BaseCryptLib.h: Add PKCS1v2 (RSAES-OAEP) support. CryptoPkg/BaseCryptLib: Add PKCS1v2 (RSAES-OAEP) support. CryptoPkg/Include/Library/BaseCryptLib.h | 121 - CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf| 2 + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 4 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c | 218 + .../Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c | 61 +++ .../Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 539 + .../BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c | 75 +++ CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 102 +++- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509Null.c | 32 ++ CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 2 + CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 + 11 files changed, 1144 insertions(+), 14 deletions(-) create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1Oaep.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs1OaepNull.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c create mode 100644 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEkuRuntime.c -- 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 3/6] CryptoPkg/BaseCryptLib.h: Add new API VerifyEKUsInPkcs7Signature
From: Bret Barkelew REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1402 Add a prototype of new API VerifyEKUsInPkcs7Signature. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Zhichao Gao Cc: Ting Ye Cc: Gang Wei Cc: Wang Jian J Cc: Liming Gao Cc: Sean Brogan Cc: Michael Turner Cc: Bret Barkelew --- CryptoPkg/Include/Library/BaseCryptLib.h | 42 1 file changed, 42 insertions(+) diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h index 011e908ee4..37b93a2c63 100644 --- a/CryptoPkg/Include/Library/BaseCryptLib.h +++ b/CryptoPkg/Include/Library/BaseCryptLib.h @@ -2599,6 +2599,48 @@ Pkcs7Verify ( IN UINTNDataLength ); +/** + This function receives a PKCS7 formatted signature, and then verifies that + the specified Enhanced or Extended Key Usages (EKU's) are present in the end-entity + leaf signing certificate. + Note that this function does not validate the certificate chain. + + Applications for custom EKU's are quite flexible. For example, a policy EKU + may be present in an Issuing Certificate Authority (CA), and any sub-ordinate + certificate issued might also contain this EKU, thus constraining the + sub-ordinate certificate. Other applications might allow a certificate + embedded in a device to specify that other Object Identifiers (OIDs) are + present which contains binary data specifying custom capabilities that + the device is able to do. + + @param[in] Pkcs7Signature The PKCS#7 signed information content block. An array + containing the content block with both the signature, + the signer's certificate, and any necessary intermediate + certificates. + @param[in] Pkcs7SignatureSize Number of bytes in Pkcs7Signature. + @param[in] RequiredEKUs Array of null-terminated strings listing OIDs of + required EKUs that must be present in the signature. + @param[in] RequiredEKUsSize Number of elements in the RequiredEKUs string array. + @param[in] RequireAllPresentIf this is TRUE, then all of the specified EKU's + must be present in the leaf signer. If it is + FALSE, then we will succeed if we find any + of the specified EKU's. + + @retval EFI_SUCCESS The required EKUs were found in the signature. + @retval EFI_INVALID_PARAMETERA parameter was invalid. + @retval EFI_NOT_FOUNDOne or more EKU's were not found in the signature. + +**/ +RETURN_STATUS +EFIAPI +VerifyEKUsInPkcs7Signature ( + IN CONST UINT8 *Pkcs7Signature, + IN CONST UINT32 SignatureSize, + IN CONST CHAR8 *RequiredEKUs[], + IN CONST UINT32 RequiredEKUsSize, + IN BOOLEAN RequireAllPresent + ); + /** Extracts the attached content from a PKCS#7 signed data if existed. The input signed data could be wrapped in a ContentInfo structure. -- 2.16.2.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v1 0/2] Ovmf: Stop using ISA drivers within IntelFrameworkModulePkg
> -Original Message- > From: Laszlo Ersek [mailto:ler...@redhat.com] > Sent: Friday, March 22, 2019 6:56 PM > To: Ard Biesheuvel > Cc: Wu, Hao A; edk2-devel@lists.01.org; Justen, Jordan L; Ni, Ray > Subject: Re: [PATCH v1 0/2] Ovmf: Stop using ISA drivers within > IntelFrameworkModulePkg > > On 03/22/19 10:41, Ard Biesheuvel wrote: > > On Fri, 22 Mar 2019 at 10:25, Laszlo Ersek wrote: > >> > >> On 03/22/19 02:33, Wu, Hao A wrote: > -Original Message- > From: Laszlo Ersek [mailto:ler...@redhat.com] > Sent: Friday, March 22, 2019 3:04 AM > To: Ard Biesheuvel; Wu, Hao A > Cc: edk2-devel@lists.01.org; Justen, Jordan L; Ni, Ray > Subject: Re: [PATCH v1 0/2] Ovmf: Stop using ISA drivers within > IntelFrameworkModulePkg > > On 03/21/19 11:08, Ard Biesheuvel wrote: > > On Thu, 21 Mar 2019 at 07:44, Wu, Hao A wrote: > >> > > > > Just a couple of notes from my side - I'm sure Laszlo will have a > much > > longer list :-) > > > > - Dropping the floppy driver is fine with me. > > - What is OVMF specific about this driver? Is it only the hardcoded > > list of COM1/COM2/PS2 keyboard? If so, should we split this into a > > driver and a library class, where the driver lives in MdeModulePkg, > > and the library is implemented in the context of OVMF? > > Hello Ard, > > I think the special thing for this one is that: > For QEMU, it does not have a Super I/O (SIO) chip. While, as far as I > know, the SIO chip exists on other platforms. The driver proposed > here > simulates the behavior of an SIO chip. IMO, if we find more platforms > that > do not have a SIO chip, we can convert the driver into a general one. > > Also, for the implementation of the services in the Super I/O > protocol, > the proposed driver just does the minimal effort in order to support > the > serial/PS2 keyboard. > >>> > >>> Here's why I'd like the majority of this driver to live under > >>> MdeModulePkg (for example through a lib class separation like Ard > suggests): > >>> > >>> Because then its maintenance would not be the responsibility of > OvmfPkg > >>> maintainers. > >>> > >>> Consider, this driver is absolutely huge (1.5-2 kLOC), for doing "the > >>> minimal effort in order to support the serial/PS2 keyboard". > >>> > >>> The risk of regressions is extreme (the PS/2 keyboard is the default > >>> one, and if it breaks *subtly*, almost all users will be > >>> inconvenienced, > >>> but not necessarily soon enough for us to get reports about it *early* > >>> in the current development cycle). > >>> > >>> I realize that IntelFrameworkModulePkg/Bus/Isa/* drivers are frowned > >>> upon nowadays, they may be ugly / platform specific / etc etc etc, but > >>> they have also proved themselves to *work*, and (as far as I > remember) > >>> they have required practically zero fixes in order to function well on > QEMU. > >>> > >>> It is very unwelcome by me to take on the maintenance burden for a > >>> driver that is all of: > >>> - not widely tested, > >>> - replacing a proven set of drivers that is critical to users, > >>> - large. > >>> > >>> I understand that Intel wants to stop maintaining > >>> IntelFrameworkModulePkg/Bus/Isa/*, but the above price is too high > for > me. > >>> > >>> Compare the case if we simply moved the > >>> IntelFrameworkModulePkg/Bus/Isa/* drivers under OvmfPkg: > >>> - still large, > >>> - but widely tested (with minimal churn in the past), > >>> - and no risk of regressions. > >>> > >>> So in this form, I'm generally opposed to the switch. The two sets of > >>> drivers need to coexist for a while, and we must expose the new > drivers > >>> to users while providing them with some sort of easy fallback. (I'd > >>> prefer that fallback to be dynamically configurable, but, again, if > >>> your > >>> keyboard breaks, how do you interact with e.g. the UEFI shell? So I > >>> guess a static build flag would do as well.) I think the old drivers > >> > >> Hello Laszlo, > >> > >> I agree with your point. So your suggestion is to: > >> > >> 1. Duplicate the below drivers into OvmfPkg: > >> PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf > >> IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf > >> IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf > >> > IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf > >> > >> 2. Meanwhile, add the proposed SioBusDxe driver in the OvmfPkg as > well > >> > >> 3. Add a static build flag within OvmfPkg to let users choose between: > >>a) New OVMF SioBusDxe driver + ISA device
Re: [edk2] [RFC PATCH] MdeModulePkg: add LockBoxNullLib for !IA32/X64 in .dsc
> -Original Message-
> From: Leif Lindholm [mailto:leif.lindh...@linaro.org]
> Sent: Saturday, March 23, 2019 2:13 AM
> To: Wu, Hao A
> Cc: Zeng, Star; Laszlo Ersek; edk2-devel@lists.01.org;
> ard.biesheu...@linaro.org; Wang, Jian J; Ni, Ray; Andrew Fish; Kinney, Michael
> D
> Subject: Re: [RFC PATCH] MdeModulePkg: add LockBoxNullLib for !IA32/X64
> in .dsc
>
> On Thu, Mar 21, 2019 at 03:27:45AM +, Wu, Hao A wrote:
> > > -Original Message-
> > > From: Zeng, Star
> > > Sent: Thursday, March 21, 2019 9:03 AM
> > > To: Leif Lindholm; Laszlo Ersek
> > > Cc: edk2-devel@lists.01.org; ard.biesheu...@linaro.org; Wang, Jian J; Wu,
> > > Hao A; Ni, Ray; Andrew Fish; Kinney, Michael D; Zeng, Star
> > > Subject: RE: [RFC PATCH] MdeModulePkg: add LockBoxNullLib for !IA32/X64
> > > in .dsc
> > >
> > > Another way to update the file is
> > >
> > > [LibraryClasses.EBC]
> > > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
> > >
> > > ->
> > >
> > > [LibraryClasses.EBC, LibraryClasses.ARM, LibraryClasses.AARCH64]
> > > LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
> >
> > Hello Leif,
> >
> > The current proposed patch seems great to me.
> > Reviewed-by: Hao Wu
> >
> > I am also fine with the above suggestion by Star. So if you prefer the
> > above approach, please feel free to propose another patch. Thanks in
> > advance.
>
> Laszlo convinced me that this change makes sense. But the argument for
> that was that each architecture needs to decide itself how to
> implement LockBoxLib (or not).
>
> What does not make sense to me is that
> MdeModulePkg/Library/SmmLockBoxLib/ is used as a global default, and
> set as the resolution for LockBoxLib in common sections, when it is
> only valid for 2 of the 6 architectures supported by the UEFI
> specification.
Hello Leif,
I filed a BZ tracker according to your above concern:
https://bugzilla.tianocore.org/show_bug.cgi?id=1660
We will find an approach to address it.
>
> My original version is my preferred way of addressing the immediate
> problem though, mainly to keep the separate .EBC section.
Got it.
Do you want me to help to push the patch?
Best Regards,
Hao Wu
>
> Best Regards,
>
> Leif
>
> > Best Regards,
> > Hao Wu
> >
> > >
> > >
> > > Thanks,
> > > Star
> > > -Original Message-
> > > From: Leif Lindholm [mailto:leif.lindh...@linaro.org]
> > > Sent: Thursday, March 21, 2019 1:43 AM
> > > To: Laszlo Ersek
> > > Cc: edk2-devel@lists.01.org; ard.biesheu...@linaro.org; Wang, Jian J
> > > ; Wu, Hao A ; Ni, Ray
> > > ; Zeng, Star ; Andrew Fish
> > > ; Kinney, Michael D
> > > Subject: Re: [RFC PATCH] MdeModulePkg: add LockBoxNullLib for !IA32/X64
> > > in .dsc
> > >
> > > On Wed, Mar 20, 2019 at 03:51:39PM +0100, Laszlo Ersek wrote:
> > > > Hi Leif,
> > > >
> > > > On 03/18/19 15:56, Leif Lindholm wrote:
> > > > > Commit 05fd2a926833
> > > > > ("MdeModulePkg/NvmExpressPei: Consume S3StorageDeviceInitList
> > > > > LockBox") added a dependency on LockBoxLib to NvmExpressPei,
> causing
> > > > > builds using MdeModulePkg.dsc to fail on architectures other than
> > > > > IA32/X64 with missing reference to
> > > > > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode.
> > > > >
> > > > > Add a resolution for LockBoxNullLib for ARM/AARCH64 to restore builds.
> > > > >
> > > > > Contributed-under: TianoCore Contribution Agreement 1.1
> > > > > Signed-off-by: Leif Lindholm
> > > > > ---
> > > > >
> > > > > Note: this patch hides the symptom, but this isn't really the fix I
> > > > > would like to see.
> > > > >
> > > > > The build error is caused by the chain of:
> > > > > 1) NvmExpressPei depending on LockBoxLib
> > > > > 2) LockBoxLib being mapped to SmmLockBoxPeiLib in
> > > > > [LibraryClasses.common.PEIM]
> > > > > 3) SmmLockBoxPeiLib depending on PcdDxeIplSwitchToLongMode
> > > > > 4) PcdDxeIplSwitchToLongMode being declared in
> > > > >[PcdsFeatureFlag.IA32, PcdsFeatureFlag.X64] in MdeModulePkg.dsc
> > > > >
> > > > > Now, an alternative quick-fix would be to move the PEIM LockBoxLib
> > > > > mapping into a [LibraryClasses.IA32.PEIM, LibraryClasses.X64.PEIM]
> > > > > section. But that would leave NvmExpressPei unbuildable on anything
> > > > > not IA32/X64.
> > > > >
> > > > > Another option would be to add default declaration (for all other
> > > > > architectures) of FALSE for PcdDxeIplSwitchToLongMode in
> > > > > MdeModulePkg.dec, but the current way this is expressed seems to
> > > > > treat this as an architecture-specific feature (which it is).
> > > > >
> > > > > What I believe would be the cleanest solution would be to abstract
> > > > > NvmExpressPei to the point where it can function without the
> LockBoxLib.
> > > > > But regardless, it does not look valid to me for something as
> > > > > architecture-specific as MdeModulePkg/Library/SmmLockBoxLib/ to live
> > > > > under .common sections in the .dsc. (And if this changes at some
> > > > > point, because we implement an
