From: DoraX Hsueh
https://bugzilla.tianocore.org/show_bug.cgi?id=4665
1. Since installing windows does not meet the minimum system requirements,
Added TPM related code to meet the requirements.
2. Support stage 6, add FvAdvancedPreMemory.
Cc: Sai Chaganty
Cc: Rosen Chuang
Cc: Saloni Kasbek
Adding a copy of BaseCryptLib/Sm3/Sha3 seems like a workaround to me.
I prefer to use files directly from BaseCryptLib, such like:
DEFINE BASE_CRYPT_PATH= ../BaseCryptLib
[Sources]
$(BASE_CRYPT_PATH)/Hash/CryptDispatchApDxe.c
...
Then I think DummyOpensslSupport.c should not be ne
The pools used to store cert chain are not released properly, which will lead
to memory leak problems
Please ensure MbedtlsPkcs7SignedData.Certificates are handled correctly when:
1. error occurred in Pkcs7GetSigner/SignedData
2. Pkcs7Verify finished.
Regards,
Yi
-Original Message-
F
I found some magic number and format issues, please check comments in your PR.
Regards,
Yi
-Original Message-
From: Hou, Wenxing
Sent: Tuesday, April 16, 2024 3:51 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1
Subject: [PATCH 0/9] Add more crypt APIs based on Mbedtls
REF: http
On Thu, Apr 18, 2024 at 08:02:43AM +, Wu, Jiaxin wrote:
> Hi Gerd,
>
> Could you help review & check below OVMF related patches?
>
> > OvmfPkg/SmmRelocationLib: Add library instance for OVMF
> > OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuid
> > OvmfPkg: Refine SmmAccess impleme
From: DoraX Hsueh
https://bugzilla.tianocore.org/show_bug.cgi?id=4665
1. Since installing windows does not meet the minimum system requirements,
Added TPM related code to meet the requirements.
2. Support stage 6, add FvAdvancedPreMemory.
Cc: Sai Chaganty
Cc: Rosen Chuang
Cc: Saloni Kasbek
From: DoraX Hsueh
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4667
Updates Alderlake P Rvp details to the Readme.md.
Cc: Sai Chaganty
Cc: Rosen Chuang
Cc: Saloni Kasbekar
Cc: Haoyu Tang
Cc: Nate DeSimone
Cc: Chasel Chiu
Signed-off-by: DoraX Hsueh
---
Platform/Intel/Readme.md | 4
From: DoraX Hsueh
https://bugzilla.tianocore.org/show_bug.cgi?id=4761
Halt the TCO timer to fix release mode hang.
Cc: Sai Chaganty
Cc: Rosen Chuang
Cc: Saloni Kasbekar
Cc: Haoyu Tang
Cc: Nate DeSimone
Cc: Chasel Chiu
Signed-off-by: DoraX Hsueh
---
.../AlderlakeOpenBoardPkg/AlderlakePRv
IASL complained that DSDT is not optimal:
Dsdt.
83: Name (RBUF, ResourceTemplate() {
Remark 2173 - Creation of named objects within a method is highly
inefficient, use globals or method local variables instead ^
(\_SB.USB0._CRS)
Dsdt.
377: Name (RBUF, ResourceTemplate
Hi Ard,
Could you take a look at this patch set and give you some suggestions?
Thanks,
Chao
On 2024/4/17 18:01, Chao Li wrote:
Hi Gerd,
On 2024/4/17 17:35, Gerd Hoffmann wrote:
On Wed, Apr 17, 2024 at 04:12:56PM +0800, Chao Li wrote:
Patch1: Added three PCDs for QemuFwCfgLibMmio
Patch2: Sp
On Fri, 19 Apr 2024 19:50:13 +0200
Ard Biesheuvel wrote:
> From: Ard Biesheuvel
>
> The optimization that enabled entry with MMU and caches enabled at EL1
> removed the strict alignment requirement for XIP code (roughly, any code
> that might execute with the MMU and caches off, which means SEC
v3:
- use PcdOvmfFlashNvStorageVariableBase
- add reviewed-by tags
v2:
- remove 'Q35' from test bits
- add patch with a README.md
Gerd Hoffmann (3):
OvmfPkg/VirtHstiDxe: add varstore flash check
OvmfPkg/VirtHstiDxe: add code flash check
OvmfPkg/VirtHstiDxe: add README.md
Konstantin Kost
From: Konstantin Kostiuk
The driver supports qemu machine types 'pc' and 'q35'.
This patch adds some helper functions to manage the bitmasks.
The implemented features depend on both OVMF build configuration
and qemu VM configuration.
For q35 a single security feature is supported and checked: I
Detects qemu config issue: vars pflash is not in secure mode (write
access restricted to smm). Applies to Q35 with SMM only.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Konstantin Kostiuk
Signed-off-by: Gerd Hoffmann
Reviewed-by: Jiewen Yao
---
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 4 ++
OvmfPkg
Detects qemu config issue: code pflash is writable.
Checked for both PC and Q35.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Konstantin Kostiuk
Signed-off-by: Gerd Hoffmann
Reviewed-by: Jiewen Yao
---
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 2 ++
OvmfPkg/VirtHstiDxe/VirtHstiDxe.h | 13 +++
From: Konstantin Kostiuk
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Signed-off-by: Konstantin Kostiuk
Signed-off-by: Gerd Hoffmann
Reviewed-by: Jiewen Yao
---
OvmfPkg/OvmfPkgIa32.dsc| 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 2 ++
OvmfPkg/OvmfPkgIa32.fdf| 1 +
Ov
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Konstantin Kostiuk
Signed-off-by: Gerd Hoffmann
Reviewed-by: Jiewen Yao
---
OvmfPkg/VirtHstiDxe/README.md | 48 +++
1 file changed, 48 insertions(+)
create mode 100644 OvmfPkg/VirtHstiDxe/README.md
diff --git a/OvmfPkg/Vi
Gentle reminder, review please.
On 30-03-2024 10:52, Abdul Lateef Attar wrote:
Define IPMI interface type as per specification version 2.0,
section C1-1.1.
Cc: Abner Chang
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Abdul Lateef Attar
---
MdePkg/MdePkg.dec | 11 ++
This is to prevent #DB interception on SEV-ES VM with
enabled DebugSwap feature, more details in 3/5.
The corresponding Linux change (HV and VM) went upstream
long time ago:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e221804dad4e
https://git.kernel.org/pub/scm/li
We need DebugSwap for now but others likely to be needed too.
Signed-off-by: Alexey Kardashevskiy
---
MdePkg/Include/Register/Amd/Fam17Msr.h | 57 +++-
1 file changed, 56 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h
b/MdePkg/Include/Register/
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugSwap or SecureTsc.
This adds the features mask and the DebugSwap feature bit to a PCD.
Signed-off-by: Alexey Kardashevskiy
---
Changes:
v2:
* ex
The SEV-ES DebugSwap feature enables type B swaping of debug registers
on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted.
When DebugSwap is enabled, this stops booting if #VC for #DB or
DB7 read/write occurs as this signals unwanted interaction from the HV.
This adds new API wh
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since a previous commit.
This fixes AmdMemEncryptionAttrCheck to check the level and feature
correctly and adds DebugSwap support.
Since the actual feature flag is not set yet, this should cause
no beh
This writes the feature bit into PcdConfidentialComputingGuestAttr
and enables DebugSwap for the DXE stage too.
Signed-off-by: Alexey Kardashevskiy
---
OvmfPkg/PlatformPei/AmdSev.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/O
On Mon, 22 Apr 2024 at 12:47, Gerd Hoffmann wrote:
>
> v3:
> - use PcdOvmfFlashNvStorageVariableBase
> - add reviewed-by tags
> v2:
> - remove 'Q35' from test bits
> - add patch with a README.md
>
> Gerd Hoffmann (3):
> OvmfPkg/VirtHstiDxe: add varstore flash check
> OvmfPkg/VirtHstiDxe: a
Update the MadtLen varaible before the next record is read,
to void infinite loop.
Cc: Chasel Chiu
Cc: Nate DeSimone
Cc: Liming Gao
Cc: Eric Dong
Signed-off-by: Abdul Lateef Attar
---
.../Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c | 7 +--
1 file changed, 5 insertions(+), 2 d
On 4/19/24 13:21, Adam Dunlap via groups.io wrote:
Ensure that when a #VC exception happens, the instruction at the
instruction pointer matches the instruction that is expected given the
error code. This is to mitigate the ahoi WeSee attack [1] that could
allow hypervisors to breach integrity and
Hello everyone,
I was trying to get my platform running and since I used MinPlatformPkg as my
base platform I used the
Platform/Intel/MinPlatformPkg/Pci/Library/PciHostBridgeLibSimple/PciHostBridgeLibSimple.inf
for the library of the
MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf com
Hi Nickle and Abner,
I also have the same question as Abner.
Why do we need to delete those credentials?
According to spec BMC should delete the bootstrap credentials automatically on
host or service reset.
Thank you,
Igor
-Original Message-
From: Chang, Abner
Sent: Sunday, April 21, 202
Reviewed-by: Kasbekar, Saloni
-Original Message-
From: Hsueh, DoraX
Sent: Monday, April 22, 2024 1:40 AM
To: devel@edk2.groups.io
Cc: Hsueh, DoraX ; Chaganty, Rangasai V
; Chuang, Rosen ;
Kasbekar, Saloni ; Tang, Haoyu
; Desimone, Nathaniel L ;
Chiu, Chasel
Subject: [PATCH] Alderla
Reviewed-by: Kasbekar, Saloni
-Original Message-
From: Hsueh, DoraX
Sent: Monday, April 22, 2024 1:39 AM
To: devel@edk2.groups.io
Cc: Hsueh, DoraX ; Chaganty, Rangasai V
; Chuang, Rosen ;
Kasbekar, Saloni ; Tang, Haoyu
; Desimone, Nathaniel L ;
Chiu, Chasel
Subject: [PATCH] Readme.
On 4/16/24 16:53, Stuart Yoder wrote:
This patch series cleans up some issues found when building edk2-test with
a non-GCC compiler:
-TPMT_HA struct had an error due to incorrect use of C flexible array member
-compute struct member offsets using OFFSET_OF, which is not GCC specific
-cle
On 4/19/24 16:46, Sachin Ganesh wrote:
EFI_RESOURCE_MEMORY_UNACCEPTED has been officially defined in the PI
1.8 specification. So all temporary solutions have been replaced with
the actual definition.
Cc: Felix Polyudov
Cc: Dhanaraj V
Cc: Jiewen Yao
Cc: Liming Gao
Signed-off-by: Sachin Ganes
This seems like a bad design to require the ipmi interface type at such
a high level in the code tree. UEFI provides plenty protocol and
library abstractions for IPMI so I would really prefer not to leak this
type of information into a PCD defined in MdePkg. Happy to discuss IPMI
support an
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Groups.io Inc//Groups.io Calendar//EN
METHOD:CANCEL
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-PUBLISHED-TTL:PT1H
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
LAST-MODIFIED:20231222T233358Z
TZURL:https://www.tzurl.org/zoneinfo-outlook/America/Los_Ang
*Reminder: TianoCore Bug Triage - APAC / NAMO*
*When:*
Tuesday, April 23, 2024
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles
*Where:*
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTk1YzJhN2UtOGQwNi00NjY4LWEwMTktY2JiODRlYTY1NmY0%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4e
[AMD Official Use Only - General]
Hi Sean,
I was struggling when introduce IPMI KCS base IO PCD in Mde, although it is a
industry value but seems it is fine to have it in ManageabilityPkg. How do you
think if we relocate those IPMI PCDs back to ManageabilityPkg?
Thanks
Abner
From: Sean Broga
Hi @Chiu, Chasel and @Kinney, Michael D
As you know, Intel don't have owner own basetools now, may I get your help to
reach the PR to maintainer.
Thanks,
Gua
-Original Message-
From: Guo, Gua
Sent: Monday, April 22, 2024 9:50 AM
To: devel@edk2.groups.io
Cc: Guo, Gua
Subject: [PATCH v1
Hi @Chiu, Chasel and @Kinney, Michael D
As you know, Intel don't have owner own basetools now, may I get your help to
reach the PR to maintainer.
Thanks,
Gua
-Original Message-
From: Guo, Gua
Sent: Monday, April 22, 2024 9:06 AM
To: devel@edk2.groups.io; Liming Gao ; Rebecca Cran
Cc:
Sorry, I haven’t had time to look at EDK2 patches recently. I’ll spend some
time going through them tomorrow.
Rebecca
On Mon, Apr 22, 2024, at 8:29 PM, Guo, Gua wrote:
> Hi @Chiu, Chasel and @Kinney, Michael D
>
> As you know, Intel don't have owner own basetools now, may I get your
> help to r
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.
The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552
And the patch has passed unit_te
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Add rand function for BaseCryptLibMbedTls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/InternalCryptLib.h| 16 +++
.../BaseCryptLibMbedTls/Rand/CryptRand.c | 105 ++
.../Base
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Implement Pem API based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pem/CryptPem.c| 138 ++
1 file changed, 138 insertions(+)
create mode 100644 CryptoPkg/Library/
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
X.509 Certificate Handler Wrapper Implementation over MbedTLS.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pk/CryptX509.c| 1925 +
1 file changed, 1925 insertions(+)
create mo
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Because the current Mbedlts pkcs7 library doesn't support
authenticatedAttributes:
Mbed-TLS/mbedtls@bb82ab7
and only support 0 or 1 certificates in Signed data:
tianocore/edk2-staging@9c5b26b
The patch implement Pkcs7 by low Mbedtls Api.
An
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
AeadAesGcm implementation based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../Cipher/CryptAeadAesGcm.c | 227 ++
1 file changed, 227 insertions(+)
create mode 100644
CryptoPkg
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++
1 file changed, 100 insertions(+)
creat
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Implement more RSA functions such as RsaPkcs1Sign based Mbedlts.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 ++
.../BaseCryptLibMbedTls/Pk/CryptRsaExt.c |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Implement AuthenticodeVerify based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../Pk/CryptAuthenticode.c| 214 ++
1 file changed, 214 insertions(+)
create mode 100644 CryptoP
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Timestamp Countersignature Verification implementaion based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++
1 file changed, 381 insertions(+)
c
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4762
Map file generating 8 byte address offset is not matched
with the pattern defined in patchFv tool resulting build
error.
Cc: Chasel Chiu
Cc: Nate DeSimone
Cc: Duggapu Chinni B
Cc: Ashraf Ali S
Cc: Ted Kuo
Signed-off-by: Duggapu Chinni
[AMD Official Use Only - General]
HI Abner,
Moving the IPMI related PCD’s will cause additional package
dependencies.
Suppose if someone wants to implement SPMI table using DynamicTablesPkg (and
using this PCD);
then it will cause dependencies on ManageabilityPkg which is not acc
Reviewed-by: S, Ashraf Ali
Thanks.,
S, Ashraf Ali
-Original Message-
From: Duggapu, Chinni B
Sent: Tuesday, April 23, 2024 9:33 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel ; Desimone, Nathaniel L
; Duggapu, Chinni B
; S, Ashraf Ali ; Kuo, Ted
Subject: [PATCH] IntelFsp2Pkg/PatchFv.
Declares in the .inf file that the current component is an MM_STANDALONE
xieyuanh (1):
UefiCpuPkg/SmmCpuSyncLib: Add MM_STANDALONE tag.
UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
base-commit: 86c8d69146310f24069701053a27153ae5
Declares in the .inf file that the current component is an MM_STANDALONE
Signed-off-by: Yuanhao Xie
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Cc: Jiaxin Wu
---
UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff
Shoving everything into mdepkg to avoid a perceived dependency issue doesn't
really solve the problem. If dynamictables pkg wants to be tied to an
implementation of ipmi then you will have that dependency problem regardless.
If dynamic tables really wants to be the producer of SPMI then it coul
Reviewed-by: Jiaxin Wu
> -Original Message-
> From: Xie, Yuanhao
> Sent: Tuesday, April 23, 2024 1:57 PM
> To: devel@edk2.groups.io
> Cc: Xie, Yuanhao ; Dong, Eric
> ; Ni, Ray ; Kumar, Rahul R
> ; Gerd Hoffmann ; Wu, Jiaxin
>
> Subject: [PATCH 1/1] UefiCpuPkg/SmmCpuSyncLib: Add MM_STAND
57 matches
Mail list logo
