[edk2-devel] [PATCH V2 4/4] OvmfPkg/PeilessStartupLib: Find NCCFV in non-td guest

From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 As described in BZ#4152, NCCFV includes the DXE phase drivers for non-cc guest. PeilessStartupLib is updated to find NCCFV for non-cc guest. Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Le

[edk2-devel] [PATCH V2 3/4] OvmfPkg/IntelTdx: Enable separate-fv in IntelTdx/IntelTdxX64.fdf

From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 In current DXE FV there are 100+ drivers. Some of the drivers are not used in Td guest. (Such as USB support drivers, network related drivers, etc). >From the security perspective if a driver is not used, we'd should prevent

[edk2-devel] [PATCH V2 1/4] EmbeddedPkg/PrePiLib: Add FFS_CHECK_SECTION_HOOK when finding section

From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 EmbeddedPkg/PrePiLib provides the service of finding sections based on the input SectionType. But sometimes there maybe multiple sections with the same SectionType. FFS_CHECK_SECTION_HOOK is a hook which can be called to do a

[edk2-devel] [PATCH V2 2/4] OvmfPkg: Add PCDs/GUID for NCCFV

From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 NCCFV refers to Non-Confidential-Computing-FV. It includes the DXE phase drivers which are only loaded/started in non-cc guest. Hence the PCDs / GUID for NCCFV are defined in OvmfPkg.dec. Cc: Gerd Hoffmann Cc: Erdem Aktas

[edk2-devel] [PATCH V2 0/4] Introduce Separate-Fv in OvmfPkg/IntelTdx

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 In current DXE FV there are 100+ drivers. Some of the drivers are not used in Td guest. (Such as USB support drivers, network related drivers, etc). >From the security perspective if a driver is not used, we should prevent it from being load

Re: [edk2-devel] [PATCH V2 3/4] OvmfPkg/IoMmuDxe: Add SEV support for reserved shared memory

Hi, Tom I cannot apply the patch extracted from your mail with the git am command. So I have to manually port the patch. Please check and test if the patch is correct. Thanks Min > -Original Message- > From: devel@edk2.groups.io On Behalf Of Min Xu > Sent: Tuesday, December 13, 2022 1:4

[edk2-devel] [PATCH V2 4/4] Maintainers: Update OvmfPkg/IoMmuDxe

From: Min M Xu https://bugzilla.tianocore.org/show_bug.cgi?id=4171 AmdSevIoMmu.* is renamed as CcIoMmu*. The related section in Maintainers.txt should be updated as well. Cc: Michael D Kinney Cc: Liming Gao Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lenda

[edk2-devel] [PATCH V2 3/4] OvmfPkg/IoMmuDxe: Add SEV support for reserved shared memory

From: Tom Lendacky Add support to use the reserved shared memory within the IoMmu library. This improves boot times for all SEV guests, with SEV-SNP benefiting the most as it avoids the page state change call to the hypervisor. Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc

[edk2-devel] [PATCH V2 2/4] OvmfPkg/IoMmuDxe: Rename AmdSevIoMmu to CcIoMmu

From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4171 IoMmuDxe once was designed to support DMA operation when SEV is enabled. After TDX is enabled in IoMmuDxe, some files' name in IoMmuDxe need to be more general. So this patch rename: AmdSevIoMmu.h -> CcIoMmu.h AmdSevIoMmu

[edk2-devel] [PATCH V2 1/4] OvmfPkg/IoMmuDxe: Reserve shared memory region for DMA operation

From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4171 A typical QEMU fw_cfg read bytes with IOMMU for td guest is that: (QemuFwCfgReadBytes@QemuFwCfgLib.c is the example) 1) Allocate DMA Access buffer 2) Map actual data buffer 3) start the transfer and wait for the transfer to c

[edk2-devel] [PATCH V2 0/4] Reserve shared memory for DMA operation

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4171 This patch-set introduces the feature of reserving shared memory for DMA operation. Its intention is to reduce the allocation and conversion of private/shared memory, so that boot performance can be improved significantly. Detailed informatio

Re: [edk2-devel] [edk2-wiki][PATCH v3 1/4] Add initial How to Build with Stuart Document

According to https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/organizing-information-with-collapsed-sections, it looks like normal markdown _should_ apply within collapsed sections? I noticed a few problems with https://github.com/tianocore/tianocore.g

Re: [edk2-devel] PATCH v1 1/1 MdePkg: Remove Itanium leftover data structure

Hi Mike If there is a chance you were able to check if I should introduce new PPI with a new GUID for my pull request? Or we can push forward with exiting version? In case of some changes needed - I could start implementing them right away so we could try to process everything before Christm

Re: [edk2-devel] [PATCH v1 0/5] Update references to new edk2 build instructions

Hi all, I still need reviews on this series. It should only take a few minutes of your time. The TianoCore wiki changes that these changes link to are available now - https://github.com/tianocore/tianocore.github.io/wiki/Build-Instructions Thanks, Michael On 12/5/2022 12:28 PM, Michael Kub

[edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - Tuesday, December 13, 2022 #cal-reminder

*Reminder: TianoCore Bug Triage - APAC / NAMO* *When:* Tuesday, December 13, 2022 6:30pm to 7:30pm (UTC-08:00) America/Los Angeles *Where:* https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344

Re: [edk2-devel] [PATCH 0/3] Fix some typos

Hi,Michael Sorry, I didn't notice your similar commit. I am using codespell to check. In order to avoid similar commits, I feel it is necessary to merge your previous patch. Thanks, Dongdong > -原始邮件-发件人:"Michael Kubacki" > 发送时间:2022-12-12 22:58:37 > (星期一)收件人:devel@edk2.groups.io,

[edk2-devel] Now: Tools, CI, Code base construction meeting series - Monday, December 12, 2022 #cal-notice

*Tools, CI, Code base construction meeting series* *When:* Monday, December 12, 2022 4:30pm to 5:30pm (UTC-08:00) America/Los Angeles *Where:* https://github.com/tianocore/edk2/discussions/2614 View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1650222 ) *Description:* TianoCore com

Re: [edk2-devel] [PATCH 3/3] OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor

On December 12, 2022 5:04 PM, Boeuf, Sebastien wrote: > Subject: [PATCH 3/3] OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for > Cloud Hypervisor > > From: Sebastien Boeuf > > Rely on CcProbe() to identify when running on TDX so that ACPI tables can be > retrieved differently for Cloud Hypervi

Re: [edk2-devel] [PATCH 2/3] OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB

On December 12, 2022 5:04 PM, Boeuf, Sebastien wrote: > Subject: [PATCH 2/3] OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB > > From: Sebastien Boeuf > > This is required for passing the ACPI tables from the VMM up to the guest OS. > They are transferred through this GUID extension. > > S

Re: [edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor

On December 12, 2022 5:04 PM, Boeuf, Sebastien wrote: > Subject: [PATCH 1/3] OvmfPkg/PlatformInitLib: Differentiate TDX case for > Cloud Hypervisor > > From: Sebastien Boeuf > > Rely on the CcProbe() function to identify when running on TDX. This allows > the firmware to follow a different codep

[edk2-devel] Event: Tools, CI, Code base construction meeting series - Monday, December 12, 2022 #cal-reminder

*Reminder: Tools, CI, Code base construction meeting series* *When:* Monday, December 12, 2022 4:30pm to 5:30pm (UTC-08:00) America/Los Angeles *Where:* https://github.com/tianocore/edk2/discussions/2614 View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=1650222 ) *Description:* Tia

Re: [edk2-devel] [PATCH v3] OvmfPkg/PlatformPei: Validate SEC's GHCB page

On 12/9/22 15:04, Adam Dunlap wrote: When running under SEV-ES, a page of shared memory is allocated for the GHCB during the SEC phase at address 0x809000. This page of memory is eventually passed to the OS as EfiConventionalMemory. When running SEV-SNP, this page is not PVALIDATE'd in the RMP ta

[edk2-devel] [PATCH v2] MdeModulePkg/EsrtFmpDxe: Support multiple devices with 0 HardwareInstance

Skip error check if HardwareInstance is 0 as this either means that FmpVersion < 3 and not supported or, "A zero means the FMP provider is not able to determine a unique hardware instance number or a hardware instance number is not needed." per UEFI specification. As the FmpInstances are merged an

Re: [edk2-devel] [PATCH 00/14] OvmfPkg: avoid global variables in PEI

On 12/2/22 07:09, Gerd Hoffmann wrote: Writing to global variables changes the PEI firmware volume which in turn screws up firmware volume measurements. Fix OvmfPkg to avoid that, for the most part by using the PlatformInfoHob instead. Boot tested SEV, SEV-ES and SEV-SNP guests without issues.

Re: [edk2-devel] [PATCH] Revert "BaseTools/Conf: Fix Dynamic-Library-File template"

Hi, Jake! No, unfortunately I don't have any way to fix this, besides the patch revert. To reproduce the issue you can add the mentioned PCI_* defines to some simple DXE_DRIVER. For example: SimpleDriver/SimpleDriver.inf ``` [Defines] INF_VERSION= 1.25 BASE_NAME

Re: [edk2-devel] [PATCH] Revert "BaseTools/Conf: Fix Dynamic-Library-File template"

Hi, Konstantin, Do you have a fix for the cyclic redundancy issue when building OptionROMs? If not, can you help me reproduce it? I'd hate to revert d372ab as it fixed dependency issues we frequently ran into during parallel builds. Thanks, Jake From: Konstant

Re: [edk2-devel] [PATCH v2 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as EfiACPIReclaimMemory

On 12/12/22 02:08, Dov Murik wrote: BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4186 Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved") marked the launch secret area itself (1 page) as reserved so the guest OS can use it during the lifetime of the OS

Re: [edk2-devel] [PATCH 0/3] Fix some typos

Hello, I sent a similar series a few months ago: https://github.com/tianocore/edk2/pull/2903 At the time, there was not much interest in fixing these in edk2. But I would still like to get the changes in. Are you running the spell check CI plugin? In order to reduce the number of spelling re

[edk2-devel] [edk2-platforms][PATCH v2 11/11] Ext4Pkg: Add missing exit Status in Ext4OpenDirent

Missing EFI_OUT_OF_RESOURCES exit status on failed Ext4CreateDentry leads to NULL-pointer dereference in Ext4GetFileInfo (passing NULL buffer in Ext4ReadDir) Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva Mitrofanov

[edk2-devel] [edk2-platforms][PATCH v2 10/11] Ext4Pkg: Check VolumeName allocation correctness in Ext4GetVolumeName

Missing check in some cases leads to failed StrCpyS call in Ext4GetVolumeLabelInfo. Also correct condition that checks Inode pointer for being NULL in Ext4AllocateInode Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva M

[edk2-devel] [edk2-platforms][PATCH v2 09/11] Ext4Pkg: Check that source file is directory in Ext4OpenInternal

This check already present in the while loop below, but absent for cases when input file is nameless, so to handle assertion in Ext4ReadFile we need to add it at the top of function Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-of

[edk2-devel] [edk2-platforms][PATCH v2 08/11] Ext4Pkg: Corrects integer overflow check logic in DiskUtil

Corrects multiplication overflow check code Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva Mitrofanov --- Features/Ext4Pkg/Ext4Pkg.dsc| 2 +- Features/Ext4Pkg/Ext4Dxe/DiskUtil.c | 8 2 files changed

[edk2-devel] [edk2-platforms][PATCH v2 07/11] Ext4Pkg: Fix shift out of bounds in Ext4OpenSuperblock

Missing check for wrong s_log_block_size exponent leads to shift out of bounds. Limit block size to 2 MiB Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva Mitrofanov --- Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.h| 14

[edk2-devel] [edk2-platforms][PATCH v2 06/11] Ext4Pkg: Add inode number validity check

We need to validate inode number to prevent possible null-pointer dereference of directory parent in Ext4OpenDirent. Also checks that inode number valid across opened partition before we read it in Ext4ReadInode. Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139

[edk2-devel] [edk2-platforms][PATCH v2 04/11] Ext4Pkg: Fix incorrect checksum metadata feature check

Missing comparison != 0 leads to broken logic condition. Also replaced CSUM_SEED feature_incompat check with predefined macro EXT4_HAS_INCOMPAT Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva Mitrofanov --- Features/

[edk2-devel] [edk2-platforms][PATCH v2 05/11] Ext4Pkg: Fix division by zero by adding check for s_inodes_per_group

Superblock s_inodes_per_group field can't be zero, it leads to division by zero in BlockGroup routine Ext4ReadInode Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva Mitrofanov --- Features/Ext4Pkg/Ext4Dxe/Superblock.c

[edk2-devel] [edk2-platforms][PATCH v2 02/11] Ext4Pkg: Move EXT4_NAME_MAX definition to Ext4Disk.h

Constant EXT4_NAME_MAX is related to EXT4_DIR_ENTRY FS structure, so it should be placed into Ext4Disk.h header Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva Mitrofanov --- Features/Ext4Pkg/Ext4Dxe/Ext4Disk.h | 4 +

[edk2-devel] [edk2-platforms][PATCH v2 03/11] Ext4Pkg: Fix global buffer overflow in Ext4ReadDir

Directory entry structure can contain name_len bigger than size of "." or "..", that's why CompareMem in such cases leads to global buffer overflow. So there are two problems. The first is that statement doesn't check cases when name_len != 0 but > 2 and the second is that we passing big Length to

[edk2-devel] [edk2-platforms][PATCH v2 01/11] Ext4Pkg: Fix memory leak in Ext4RetrieveDirent

We need to free buffer on return if BlockRemainder != 0. Also changed return logic from function to use use common exit to prevent code duplication. Cc: Marvin Häuser Cc: Pedro Falcato Cc: Vitaly Cheptsov Fixes: e55f0527dde48a5f139c1b8f35acc4e6b59dd794 Signed-off-by: Savva Mitrofanov --- Feat

[edk2-devel] [edk2-platforms][PATCH v2 00/11] Ext4Pkg: Code correctness and security improvements

Hi all, In v2 I corrected remarks from Pedro Falcato. Also I added 'Fixes' tag to track which exactly state of driver is fixed by this patchset. This patchset fixes several code problems found by fuzzing Ext4Dxe like buffer and integer overflows, memory leaks, logic bugs and so on. REF: https://

Re: [edk2-devel] [edk2-platforms][PATCH v1 00/12] Ext4Pkg: Code correctness and security improvements

Hi! Thanks for your review, I did changes in my branch of edk2-platforms and will send corrected patchset soon. Best regards, Savva Mitrofanov > On 10 Dec 2022, at 04:28, Pedro Falcato wrote: > > On Fri, Dec 9, 2022 at 4:11 PM Savva Mitrofanov > wrote: > Hi all, >

[edk2-devel] [PATCH] Revert "BaseTools/Conf: Fix Dynamic-Library-File template"

Revert commit d372ab585a2cdc5348af5f701c56c631235fe698. EdkII build system supports OptionROM generation if particular PCI_* defines are present in the module INF file: ``` [Defines] ... PCI_VENDOR_ID = <...> PCI_DEVICE_ID = <...> PCI_CLASS_CODE

Re: [edk2-devel] [edk2-platforms][PATCH v1 06/12] Ext4Pkg: Add comparison between Position and FileSize in Ext4SetPosition

Seems I misunderstood the usage of SetPosition, thanks for pointing out. So we can just drop this commit and keep everything as is, because this check is already present in Ext4Read. Savva Mitrofanov > On 10 Dec 2022, at 04:12, Pedro Falcato wrote: > > On Fri, Dec 9, 2022 at 4:11 PM Savva Mit

[edk2-devel] [PATCH 3/3] OvmfPkg/AcpiPlatformDxe: Differentiate TDX case for Cloud Hypervisor

From: Sebastien Boeuf Rely on CcProbe() to identify when running on TDX so that ACPI tables can be retrieved differently for Cloud Hypervisor. Instead of relying on the PVH structure to find the RSDP pointer, the tables are individually passed through the HOB. Signed-off-by: Jiaqi Gao Signed-of

[edk2-devel] [PATCH 2/3] OvmfPkg/PlatformInitLib: Transfer GUID Extension HOB

From: Sebastien Boeuf This is required for passing the ACPI tables from the VMM up to the guest OS. They are transferred through this GUID extension. Signed-off-by: Jiaqi Gao Signed-off-by: Sebastien Boeuf --- OvmfPkg/Library/PlatformInitLib/IntelTdx.c | 5 + 1 file changed, 5 insertions(

[edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Differentiate TDX case for Cloud Hypervisor

From: Sebastien Boeuf Rely on the CcProbe() function to identify when running on TDX. This allows the firmware to follow a different codepath for Cloud Hypervisor, which means it doesn't rely on PVH to find out about memory below 4GiB. instead it falls back onto the CMOS to retrieve that informat

[edk2-devel] [PATCH 0/3] OvmfPkg: Make IntelTdx work with Cloud Hypervisor

From: Sebastien Boeuf The IntelTdxX64 OVMF target wasn't working with Cloud Hypervisor on TDX platform. This was due to the way the OVMF code expects Cloud Hypervisor to rely on PVH to retrieve information like memory below 4GiB as well as the ACPI tables. This is why this series takes care of i

Re: [edk2-devel] [PATCH v2 RESEND] edk2-staging/RedfishClientPkg: Add Redfish.Settings support

[AMD Official Use Only - General] Reviewed-by: Abner Chang > -Original Message- > From: Simon Wang (SW-GPU) > Sent: Monday, December 12, 2022 4:38 PM > To: devel@edk2.groups.io > Cc: Simon Wang (SW-GPU) ; Nickle Wang > ; Chang, Abner ; Igor > Kulchytskyy ; Nick Ramirez > Subject: [PATC

[edk2-devel] [PATCH v2 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as EfiACPIReclaimMemory

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4186 Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved") marked the launch secret area itself (1 page) as reserved so the guest OS can use it during the lifetime of the OS. However, the address and size of the