For this patch set:
Looks good to me.
Reviewed-by: Yi Li
-Original Message-
From: Hou, Wenxing
Sent: Thursday, May 9, 2024 2:27 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1
Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
REF: https://bugzilla.tianocore.org/sh
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3
implementaion based on Openssl.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../Library/BaseCryptLibMbedTls/BaseCryptLib.inf | 11 +++
Crypto
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Implement more RSA functions such as RsaPkcs1Sign based Mbedlts.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c | 278 ++
.../BaseCryptLibMbedTls/Pk/CryptRsaExt.c |
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Update all *.inf in BaseCryptLibMbedTls based on new implementation.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/BaseCryptLib.inf | 42 ++-
.../BaseCryptLibMbedTls/PeiCryptLib.inf
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Timestamp Countersignature Verification implementaion based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c | 381 ++
1 file changed, 381 insertions(+)
c
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Implement AuthenticodeVerify based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../Pk/CryptAuthenticode.c| 214 ++
1 file changed, 214 insertions(+)
create mode 100644 CryptoP
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
X.509 Certificate Handler Wrapper Implementation over MbedTLS.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
1 file changed, 1940 insertions(+)
create mo
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++
1 file changed, 100 insertions(+)
creat
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Because the current Mbedlts pkcs7 library doesn't support
authenticatedAttributes:
Mbed-TLS/mbedtls@bb82ab7
and only support 0 or 1 certificates in Signed data:
tianocore/edk2-staging@9c5b26b
The patch implement Pkcs7 by low Mbedtls Api.
An
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Implement Pem API based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../BaseCryptLibMbedTls/Pem/CryptPem.c| 138 ++
1 file changed, 138 insertions(+)
create mode 100644 CryptoPkg/Library/
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Add rand function for BaseCryptLibMbedTls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
CryptoPkg/Include/Library/BaseCryptLib.h | 2 +
.../BaseCryptLibMbedTls/InternalCryptLib.h| 16 +++
.../BaseCryptLibMbedTls/R
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
AeadAesGcm implementation based on Mbedtls.
Cc: Jiewen Yao
Cc: Yi Li
Signed-off-by: Wenxing Hou
---
.../Cipher/CryptAeadAesGcm.c | 227 ++
1 file changed, 227 insertions(+)
create mode 100644
CryptoPkg
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.
The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552
And the patch has passed unit_te
Hi Pierre, Thanks for reviewing the patchset. Please find my comment inline
below.
On Thu, 2 May 2024 at 18:47, PierreGondois via groups.io wrote:
>
> Hello Sahil,
>
> On 4/23/24 07:56, Sahil Kaushal via groups.io wrote:
> > From: sahil
> >
> > In N1Sdp platform, the SoC is connected to IOFPGA w
From: Doug Flick
This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Andrew Fish
Cc: Ray Ni
Signed-off-by: Doug Flick [MSFT]
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++--
EmulatorPkg/EmulatorPkg.fdf | 5 +
2 files chan
From: Doug Flick
This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
- Random now comes from the RngLib Protocol
- The TCP ISN is now generated by the hash function
Cc: Saloni Kasbekar
Cc: Zachary Clark-williams
Signed-off-by: D
From: Doug Flick
This commit adds a new MockHash2 protocol to the MdePkg. This protocol
is used to test Hash2 protocol consumers.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h | 67
+
From: Doug Flick
This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48
+++
From: Doug Flick
This commit adds a mock library for UefiBootServicesTableLib.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/MdePkgHostTest.dsc
| 1 +
MdePkg/Test/M
From: Doug Flick
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of a Weak PseudoRandom Number Generator
Change Ove
From: Doug Flick
This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.
Cc: Andrew Fish
Cc: Ray Ni
Signed-off-by: Doug Flick [MSFT]
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++--
EmulatorPkg/EmulatorPkg.fdf | 6 +-
2
From: Doug Flick
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch these
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy so
This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 +
ArmVirtPkg/ArmVirtQ
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
From: Doug Flick
This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
OvmfPkg/OvmfPkgIa32.dsc| 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/Pla
Encrypted and Special Purpose resource attributes are introduced in
PI 1.8 Specification. This patch is to update VMM Hob list integrity
check to recognise these resource attributes.
Cc: Ard Biesheuvel
Cc: Gerd Hoffmann
Cc: Jiewen Yao
Signed-off-by: Du Lin
---
OvmfPkg/IntelTdx/TdxHelperLib/Se
Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
which adds an integer value to the package node.
Cc: Pierre Gondois
Cc: Sami Mujawar
Signed-off-by: Abdul Lateef Attar
---
.../Include/Library/AmlLib/AmlLib.h | 41 +++-
.../Common/AmlLib/CodeGen/AmlCodeGen.c
Please concider this patch for stable release.
PR: https://github.com/tianocore/edk2/pull/5636
This patch adds integer to the AML package node.
v2 delta : Addressed comments from Pierre Gondois
Cc: Pierre Gondois
Cc: Sami Mujawar
Cc: Liming Gao
Cc: Michael D Kinney
Abdul Lateef Attar (1):
Add a new entry into GCD attribute conversion table to convert
EFI_RESOURCE_ATTRIBUTE_SPECIAL_PURPOSE to EFI_MEMORY_SP.
Cc: Liming Gao
Cc: Ray Ni
Signed-off-by: Du Lin
---
MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c b/MdeM
Reviewed-by: Jiaxin Wu mailto:jiaxin...@intel.com>> after
resolve Ray's concern.
From: Ni, Ray
Sent: Wednesday, May 8, 2024 10:46 AM
To: Xie, Yuanhao ; devel@edk2.groups.io
Cc: Liming Gao ; Wu, Jiaxin
Subject: Re: [PATCH 1/3] StandaloneMmPkg: Add LockBox Dependency DXE Driver
+#include
[Ra
Reviewed-by: Jiaxin Wu
> -Original Message-
> From: Xie, Yuanhao
> Sent: Tuesday, May 7, 2024 2:09 PM
> To: devel@edk2.groups.io
> Cc: Liming Gao ; Wu, Jiaxin
> ; Ni, Ray ; Xie, Yuanhao
>
> Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.
>
> The Lockbox Driver allo
Reviewed-by: Jiaxin Wu
> -Original Message-
> From: Xie, Yuanhao
> Sent: Tuesday, May 7, 2024 2:09 PM
> To: devel@edk2.groups.io
> Cc: Liming Gao ; Wu, Jiaxin
> ; Ni, Ray ; Xie, Yuanhao
>
> Subject: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c.
>
> The Lockbox Driver allows sensiti
MpInfo2HobPei provides backwards compatibility between FSP binaries built with
older versions of EDK II and the latest EDK II.
Newer versions of CpuMpPei produce the gMpInformation2HobGuid. This HOB is
required by newer implementations of the CPU DXE driver, however older
versions of CpuMpPei do n
Newer versions of CpuMpPei produce the gMpInformation2HobGuid. This HOB is
required by newer implementations of the CPU DXE driver, however older
versions of CpuMpPei do not produce it. This can cause backwards
compatibiliity issues if the FSP binary was built with an older version of
EDK II and th
Because Alder Lake FSP includes an older version of CpuMpPei MpInfo2HobPei
is needed to boot with newer versions of EDK II.
Accordingly, this change adds MpInfo2HobPei to FvPostMemory.
Cc: Sai Chaganty
Cc: Rosen Chuang
Cc: Saloni Kasbekar
Cc: Chasel Chiu
Cc: Liming Gao
Cc: Eric Dong
Signed-
On 08/05/2024 22:19, Ard Biesheuvel wrote:
I've always found that logic rather bizarre - there is no way the
implementation of the raw protocol can ensure that the caller uses it
correctly, and so enforcing a minimum read size is pointless and
arbitrary. And as you note, it has no basis in the UE
I've always found that logic rather bizarre - there is no way the
implementation of the raw protocol can ensure that the caller uses it
correctly, and so enforcing a minimum read size is pointless and
arbitrary. And as you note, it has no basis in the UEFI spec either.
So this should just be remov
Ard,
I went ahead an added your suggestion to use gEfiRngAlgorithmRaw. This however
led me to discover a difference in behavior in x86 based platforms and Arm
based platforms and I'm usure which is the correct behavior.
On x86 based platforms, if the RngValueLength being requested is less than
This patch adds a mock library for MockBiosIdLib.
REF:
https://github.com/VivianNK/edk2-platforms/tree/vnowkakeane/MockBiosIdLib_v1
Cc: Eric Dong
Cc: Liming Gao
Signed-off-by: Vivian Nowka-Keane
Bhavani Subramanian (1):
BoardModulePkg: Added Mock library for BiosIdLib
Platform/Intel/Boar
From: Bhavani Subramanian
Added a gmock for GoogleTests that pull in BiosIdLib.
Cc: Eric Dong
Cc: Liming Gao
Signed-off-by: Vivian Nowka-Keane
---
Platform/Intel/BoardModulePkg/BoardModulePkg.dec
| 1 +
Platform/Intel/BoardModulePkg/Test/BoardModu
In that case,
I think that's a fair argument and a simple enough request with limited impact
to make.
I'll go ahead and add RAW and drop the commits disabling "Secure Algorithms"
from VirtioRngDxe based implementations
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to
On Wed, 8 May 2024 at 18:47, Doug Flick via groups.io
wrote:
>
> I don't disagree.
>
> The intent is not to be limited by NIST specified standards but rather the
> only UEFI Spec defined algorithms are NIST Standards.
>
> https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#efi-rng-algori
I don't disagree.
The intent is not to be limited by NIST specified standards but rather the only
UEFI Spec defined algorithms are NIST Standards.
https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#efi-rng-algorithm-definitions
I'm not sure what's the best way to clarify this distinct
Happy to merge this.
Liming, please let me know if this meets the soft freeze requirements?
Thanks,
On Tue, 7 May 2024 at 07:18, Wu, Jiaxin wrote:
>
> Thanks Jiewen.
>
>
>
>
>
>
>
> From: Yao, Jiewen
> Sent: Tuesday, May 7, 2024 12:59 PM
> To: Wu, Jiaxin ; Ni, Ray ;
> devel@edk2.groups.io; A
Hi Gaoliming,
Could you help push the PR ?
BR,
More Shih
From: Cai, Xianglei
Sent: Friday, April 26, 2024 5:13 PM
To: gaoliming ; devel@edk2.groups.io
Cc: Ni, Ray ; Lewandowski, Krzysztof
; Huang, Jenny ; Shih,
More
Subject: RE: [edk2-devel] [PATCH V2 1/1] M
In SPCR table, 4 structure members have been added newly as per
SPCR table Rev4, which has to be added in
MdePkg/SerialPortConsoleRedirectionTable.h file.
Signed-off-by: Praveen Sankar N praveensank...@ami.com
CC: michael.d.kin...@intel.com
CC: gaolim...@byosoft.com.cn
CC: zhiguang@intel.com
C
In SPCR table, 4 structure members have been added newly as per SPCR
table Revision 4, which has to be added in
MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h.
Signed-off-by: Praveen Sankar N praveensank...@ami.com
Cc: michael.d.kin...@intel.com
Cc: gaolim...@byosoft.com.cn
In SPCR table, 4 structure members have been added newly as per SPCR
table Revision 4, which has to be added in
MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h.
Signed-off-by: Praveen Sankar N praveensank...@ami.com
Cc: michael.d.kin...@intel.com
Cc: gaolim...@byosoft.com.cn
Cc
praveensankarn (2):
Subject: [PATCH] MdePkg:Added new SPCR table stucture members as in
Rev4.
MdePkg: Added new SPCR table Revision 4 structure
.../SerialPortConsoleRedirectionTable.h| 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
--
2.38.1.windows.1
-
On Wed, 8 May 2024 at 17:29, Doug Flick via groups.io
wrote:
>
> From: Doug Flick
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
>
> Bug Overview:
> PixieFail Bug #9
> CVE-2023-45237
> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
> CWE-338 Use of Cryptographically Weak Pseudo-Random
Yes
On Wed, 8 May 2024 at 17:36, gaoliming via groups.io
wrote:
>
> Ard:
> So, this patch needs to catch this stable tag. Right?
>
> Thanks
> Liming
> > -邮件原件-
> > 发件人: devel@edk2.groups.io 代表 Ard Biesheuvel
> > 发送时间: 2024年5月8日 20:41
> > 收件人: Liming Gao (Byosoft address) ; Michael
> >
Ard:
So, this patch needs to catch this stable tag. Right?
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Ard Biesheuvel
> 发送时间: 2024年5月8日 20:41
> 收件人: Liming Gao (Byosoft address) ; Michael
> Kinney ; Leif Lindholm
> ; edk2-devel-groups-io
> 抄送: Peter Batard
> 主题: [edk2-devel]
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Groups.io Inc//Groups.io Calendar//EN
METHOD:CANCEL
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-PUBLISHED-TTL:PT1H
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
LAST-MODIFIED:20240422T053451Z
TZURL:https://www.tzurl.org/zoneinfo-outlook/America/Los_Ang
From: Doug Flick
This commit adds a mock library for UefiBootServicesTableLib.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/MdePkgHostTest.dsc
| 1 +
MdePkg/Test/M
This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 +
ArmVirtPkg/ArmVirtQ
From: Doug Flick
This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
- Random now comes from the RngLib Protocol
- The TCP ISN is now generated by the hash function
Cc: Saloni Kasbekar
Cc: Zachary Clark-williams
Signed-off-by: D
From: Doug Flick
This commit adds a new MockHash2 protocol to the MdePkg. This protocol
is used to test Hash2 protocol consumers.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h | 67
+
From: Doug Flick
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of a Weak PseudoRandom Number Generator
Change Ove
From: Doug Flick
This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48
+++
This commit disables enforcement of NIST defined
RNG algorithms. Such that NetworkPkg will accept
"Default" and depend on the platform.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
OvmfPkg/OvmfPkgIa32.dsc| 7 +++
OvmfPkg/OvmfPkgIa32X64.dsc
From: Doug Flick
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C
The NetworkPkg attempts to use the NIST Algorithms
as defined in the EDK2 specification. If not
available (or if so desired) the platform may
choose to use "Default" and use what is provided by
the platform.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by
From: Doug Flick
This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
OvmfPkg/OvmfPkgIa32.dsc| 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
From: Doug Flick
This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Andrew Fish
Cc: Ray Ni
Signed-off-by: Doug Flick [MSFT]
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++--
EmulatorPkg/EmulatorPkg.fdf | 5 +
2 files chan
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/Pla
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch these
From: Doug Flick
This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.
Cc: Andrew Fish
Cc: Ray Ni
Signed-off-by: Doug Flick [MSFT]
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++--
EmulatorPkg/EmulatorPkg.fdf | 6 +-
2
We have considered that; however, we aim to avoid maintaining our own
implementation of functions that communicate with UART.
Please see discussion over previous approach:
https://edk2.groups.io/g/devel/topic/104469297#115731
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages se
Please set the push label on
https://github.com/tianocore/edk2/pull/5642
discussed here:
https://openfw.io/edk2-devel/20240508085148.1725-1-p...@akeo.ie/
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118671): https://edk2.groups.io/g/
On Wed, 8 May 2024 at 11:21, Pete Batard wrote:
>
> Hi Ard,
>
> Thanks for the quick review.
>
> Note that as opposed to the previous one you referenced, that patches
> both the .S and the .asm, my submission only patches the .asm, so it's
> probably better to use Adam Liu's for integration (who w
Hi Ard,
Thanks for the quick review.
Note that as opposed to the previous one you referenced, that patches
both the .S and the .asm, my submission only patches the .asm, so it's
probably better to use Adam Liu's for integration (who was the first to
propose a fix anyway).
As to your other q
On Wed, 8 May 2024 at 11:07, Ard Biesheuvel wrote:
>
> On Wed, 8 May 2024 at 10:52, Pete Batard wrote:
> >
> > Commit 80bbea192aa44ab664ba8be29ac06c83f246e99c introduced a regression
> > resulting in 'error A2023: undefined symbol: InternalAssertJumpBuffer'
> > when compling MdePkg for AARCH64 wi
On Wed, 8 May 2024 at 10:52, Pete Batard wrote:
>
> Commit 80bbea192aa44ab664ba8be29ac06c83f246e99c introduced a regression
> resulting in 'error A2023: undefined symbol: InternalAssertJumpBuffer'
> when compling MdePkg for AARCH64 with Visual Studio.
> Fix this by adding the relevant EXTERN refer
Commit 80bbea192aa44ab664ba8be29ac06c83f246e99c introduced a regression
resulting in 'error A2023: undefined symbol: InternalAssertJumpBuffer'
when compling MdePkg for AARCH64 with Visual Studio.
Fix this by adding the relevant EXTERN reference.
Signed-off-by: Pete Batard
Cc: Leif Lindholm
Cc: A
The following patch fixes a regression/breakage that currently prevents
compilation of MdePkg for AARCH64 with Visual Studio 2022. This regression
was introduced with the patch that was discussed in October 2020 at:
https://edk2.groups.io/g/devel/topic/77247140#msg65813 and that was
eventually inte
Upgrade Werkzeug to version 3.0.3 to address CVE-2024-34069
Signed-off-by: Nickle Wang
Cc: Abner Chang
Cc: Igor Kulchytskyy
Cc: Nick Ramirez
---
Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py | 7 ---
Tools/Redfish-Profile-Simulator/requirements.txt | 6 ++
2 fil
The Blob Verifier checks boot artifacts against a hash table
injected by the hypervisor and measured by hardware.
Update the Blob Verifier to enter a dead loop if the artifacts
do not match.
Signed-off-by: Tobin Feldman-Fitzthum
---
.../BlobVerifierSevHashes.c | 39 +++
Hi Sunil,
We mainly want to use UEFI+ACPI mode to start RISCV64 server. However, during
the development process, we found that ACPI(6.5) in the current version of UEFI
does not support riscv for the time being. In order to solve this problem, We
refer to the upstream RISC-V ACPI platform spec
A malicious host may be able to undermine the fw_cfg
interface such that loading a blob fails.
In this case rather than continuing to the next boot
option, the blob verifier should halt.
For non-confidential guests, the error should be non-fatal.
Signed-off-by: Tobin Feldman-Fitzthum
---
.../B
Internal Use - Confidential
On 2024-05-01 18:43, Michael D Kinney wrote:
> Hello,
>
> I would like to propose that TianoCore move all code review from email
> based code reviews to GitHub Pull Requests based code reviews.
>
> The proposed date to switch would be immediately after the next stable
The AmdSev package has a so-called BlobVerifier, which
is meant to extend the TCB of a confidential guest
(SEV or SNP) to include components provided via fw_cfg
such as initrd, kernel, kernel params.
This series fixes a few implementation errors in the
blob verifier. One common theme is that the v
From: Shanmugavel Pakkirisamy
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
Attacker able to modify physical memory and ResumeCount.
System will crash/DoS when ResumeCount reaches its MAX_UINT32.
Cc: Zhiguang Liu
Cc: Dandan Bi
Cc: Liming Gao
Signed-off-by: Pakkirisamy Shanmugavel
86 matches
Mail list logo