Re: [edk2] [PATCH V3 0/4] DXE Memory Protection

Hi Lindholm/Ard This version 3 contains both of your feedback before. If you can do me a favor to evaluated the impact to ARM, that will be great. Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiewen > Yao > Sent: Wedne

[edk2] [PATCH V3 1/4] UefiCpuPkg/CpuDxe: Add memory attribute setting.

Add memory attribute setting in CpuArch protocol. Previous SetMemoryAttributes() API only supports cache attribute setting. This patch updated SetMemoryAttributes() API to support memory attribute setting by updating CPU page table. Cc: Jeff Fan Cc: Michael Kinney Contributed-under: TianoCore C

[edk2] [PATCH V3 3/4] MdeModulePkg/dec: add PcdImageProtectionPolicy.

Add PCD for image protection policy. Cc: Star Zeng Cc: Feng Tian Cc: Michael Kinney Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdeModulePkg/MdeModulePkg.dec | 10 ++ 1 file changed, 10 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec

[edk2] [PATCH V3 0/4] DXE Memory Protection

V3 1) Add PCD for policy control (feedback from Ard Biesheuvel) (Discussed with Mike Kinney) + #BIT0 - Image from unknown device. + #BIT1 - Image from firmware volume. + # @Prompt Set image protection policy. + # @ValidRange 0x8002 | 0x - 0x001F +

[edk2] [PATCH V3 2/4] ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage

Current Arm CpuDxe driver uses EFI_MEMORY_WP for write protection, according to UEFI spec, we should use EFI_MEMORY_RO for write protection. The EFI_MEMORY_WP is the cache attribute instead of memory attribute. Cc: Leif Lindholm Cc: Ard Biesheuvel Contributed-under: TianoCore Contribution Agreem

[edk2] [PATCH V3 4/4] MdeModulePkg/DxeCore: Add UEFI image protection.

If the UEFI image is page aligned, the image code section is set to read only and the image data section is set to non-executable. 1) This policy is applied for all UEFI image including boot service driver, runtime driver or application. 2) This policy is applied only if the UEFI image meets the p

Re: [edk2] [PATCH v2] MdeModulePkg PiSmmIpl: Update SmmCommunication comments to match code logic

Reviewed-by: Feng Tian Thanks Feng -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Liming Gao Sent: Thursday, February 9, 2017 3:05 PM To: edk2-devel@lists.01.org Cc: Tian, Feng ; Zeng, Star Subject: [edk2] [PATCH v2] MdeModulePkg PiSmmIpl: Upd

Re: [edk2] [PATCH v2] MdeModulePkg PiSmmIpl: Update SmmCommunication comments to match code logic

Reviewed-by: Star Zeng -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Liming Gao Sent: Thursday, February 9, 2017 3:05 PM To: edk2-devel@lists.01.org Cc: Tian, Feng ; Zeng, Star Subject: [edk2] [PATCH v2] MdeModulePkg PiSmmIpl: Update SmmCommun

[edk2] [PATCH v2] MdeModulePkg PiSmmIpl: Update SmmCommunication comments to match code logic

Cc: Star Zeng Cc: Feng Tian Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao --- MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/

[edk2] [Patch] BaseTools: Add NOOPT target in CLANG38 tool chain

https://bugzilla.tianocore.org/show_bug.cgi?id=310 Cc: Yonghong Zhu Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao --- BaseTools/Conf/tools_def.template | 32 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/BaseT

Re: [edk2] [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.

Good catch. Fixed. From: Long, Qin Sent: Wednesday, February 8, 2017 4:39 PM To: Yao, Jiewen ; edk2-devel@lists.01.org Cc: Zhang, Chao B Subject: RE: [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class. Reviewed-by: Qin Long mailto:qin.l...@intel.com>> Please also check the t

Re: [edk2] [PATCH V2 2/6] SecurityPkg/dec: Add PcdPasswordCleared.

Good catch. Fixed. From: Long, Qin Sent: Wednesday, February 8, 2017 4:41 PM To: Yao, Jiewen ; edk2-devel@lists.01.org Cc: Zhang, Chao B Subject: RE: [PATCH V2 2/6] SecurityPkg/dec: Add PcdPasswordCleared. Reviewed-by: Qin Long mailto:qin.l...@intel.com>> Please correct one typo: accroding -->

[edk2] [PATCH v2 4/4] MdeModulePkg/PrintLib: Add safe print functions [A|U]ValueToStringS

Add the following 2 APIs: UnicodeValueToStringS AsciiValueToStringS These safe version APIs are used to enhance their counterpart (APIs without trailing 'S' in function names). They perform checks to the input parameters and will return relative status to reflect the check result. Return RETURN_

[edk2] [PATCH v2 2/4] MdeModulePkg: Add the EFI_PRINT2S_PROTOCOL

Add the EFI_PRINT2S_PROTOCOL as a safe version of the EFI_PRINT2_PROTOCOL, the EFI_PRINT2S_PROTOCOL replaces the following 2 services in EFI_PRINT2_PROTOCOL: UNICODE_VALUE_TO_STRING ASCII_VALUE_TO_STRING with: UNICODE_VALUE_TO_STRING_S ASCII_VALUE_TO_STRING_S The 2 new services perform checks to

[edk2] [PATCH v2 3/4] MdeModulePkg/PrintLib: Use EFI_PRINT2S_PROTOCOL for this instance

The commit updates the PrintLib instance MdeModulePkg/Library/DxePrintLibPrint2Protocol to use EFI_PRINT2S_PROTOCOL to implement the APIs. Cc: Jiewen Yao Cc: Liming Gao Cc: Michael Kinney Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu --- MdeModulePkg/Library/Dx

[edk2] [PATCH v2 0/4] PrintLib: Add safe print functions [A|U]ValueToStringS

V2 changes: Add the EFI_PRINT2S_PROTOCOL as a safe version of the EFI_PRINT2_PROTOCOL, the new protocol replaces the following 2 services in EFI_PRINT2_PROTOCOL: UNICODE_VALUE_TO_STRING ASCII_VALUE_TO_STRING with: UNICODE_VALUE_TO_STRING_S ASCII_VALUE_TO_STRING_S Now, the PrintLib instance MdeModu

[edk2] [PATCH v2 1/4] MdePkg/BasePrintLib: Add safe print functions [A|U]ValueToStringS

Add the following 2 APIs: UnicodeValueToStringS AsciiValueToStringS These safe version APIs are used to enhance their counterpart (APIs without trailing 'S' in function names). They perform checks to the input parameters and will return relative status to reflect the check result. Return RETURN_

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Stick to current comments and code, OvmfPkg X64 has bug? :) PCD comments: # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore Code pieces in S3ResumePei, S3SaveStateDxe, SmmLockBoxPeiLib, etc: // Both BIOS and OS wants 64bit vector if (FeaturePcdGet (

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Correct typo in below email. "about how to determine DXE is 32BITs or 64BITs" should be "about how to determine PEI is 32BITs or 64BITs". At that time, we were discussing if the code needs to allocate <4G ACPI table for PEI phase at S3 resume. Thanks, Star -Original Message- From: Zeng

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

I suggest we evaluate *all* usages of PcdDxeIplSwitchToLongMode because this is an incompatible change. # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore Thank you Yao Jiewen From: Zeng, Star Sent: Wednesday, February 8, 2017 9:12 PM To: Laszlo Er

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

In fact, X64 DxeIplPeim does not refer PcdDxeIplSwitchToLongMode at all. DxeIpl.inf: [FeaturePcd.IA32] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES As I remember, I did a draft patch below before for the discussion about how to determine DXE is 32BITs or 64BITs in

Re: [edk2] [PATCH 10/12] BaseTool/Script: Add SmiHandleProfile OS tool to get symbol.

Got it. That's good. From: Yao, Jiewen Sent: Thursday, February 09, 2017 12:52 PM To: Gao, Liming ; edk2-devel@lists.01.org Cc: Zhu, Yonghong ; Kinney, Michael D ; Laszlo Ersek Subject: RE: [PATCH 10/12] BaseTool/Script: Add SmiHandleProfile OS tool to get symbol. 1) Good reminder. I wi

Re: [edk2] [PATCH 10/12] BaseTool/Script: Add SmiHandleProfile OS tool to get symbol.

1) Good reminder. I will clean up. 2) I did add parameter to let user input GUID, by using -g. (You can see the quark sample in patch 12) At same time, I want to provide a short default GUID list for core module. Just in case user does not use -g, we can still have some basic inform

Re: [edk2] [Patch 1/2] MdeModulePkg PeiCore: Reset PeimNeedingDispatch when its security violation

Reviewed-by: Star Zeng to this change. How about to also move the code blocks below into the "if (Status != EFI_SECURITY_VIOLATION) {" to follow PI Spec? PERF_START (PeimFileHandle, "PEIM", NULL, 0); REPORT_STATUS_CODE_WITH_EXTENDED_DATA ( EFI_P

Re: [edk2] [Patch 2/2] MdeModulePkg PeiCore: Don't cache GUIDED section with AUTH_NOT_TESTED

Reviewed-by: Star Zeng -Original Message- From: Gao, Liming Sent: Thursday, February 9, 2017 12:15 PM To: edk2-devel@lists.01.org Cc: Zeng, Star Subject: [Patch 2/2] MdeModulePkg PeiCore: Don't cache GUIDED section with AUTH_NOT_TESTED If GUIDED section authentication has EFI_AUTH_STA

[edk2] [Patch 1/2] MdeModulePkg PeiCore: Reset PeimNeedingDispatch when its security violation

When PEIM is security violation, its matched extraction ppi may not be installed. So, its PeimNeedingDispatch will still reset to TRUE. Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao --- MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 9 -

[edk2] [Patch 0/2] MdeModulePkg PeiCore: Signed GUIDED section may not be dispatched

https://bugzilla.tianocore.org/show_bug.cgi?id=365 When RSA2048 GUIDED section has SIGNED attribute only without PROCESSED_REQUIRED attribute, it will not be processed correctly once RSA2048 GUIDED extraction service is dispatcher later, because PeiCore cache GUIDED section with EFI_AUTH_STATU

[edk2] [Patch 2/2] MdeModulePkg PeiCore: Don't cache GUIDED section with AUTH_NOT_TESTED

If GUIDED section authentication has EFI_AUTH_STATUS_NOT_TESTED, its matched extraction ppi may not be installed. So, don't cache its data. Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao --- MdeModulePkg/Core/Pei/FwVol/FwVol.c | 24 +-

Re: [edk2] [PATCH 10/12] BaseTool/Script: Add SmiHandleProfile OS tool to get symbol.

Jiewen: For the commented code, if they are useless, could you clean up them? Besides, Guid Value and Name mapping is recorded into Build Output FV\Guid.xref. Could you enhance script to parse this file to get full guid lists? +#print "0 - " + match.group(0) +

Re: [edk2] Sourceforge svn mirror of edk2

Hi, all Edk2 svn mirror works now! Thanks Liming >-Original Message- >From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Gao, >Liming >Sent: Thursday, February 09, 2017 9:54 AM >To: Laszlo Ersek ; Shifflett, Joseph > >Cc: edk2-devel@lists.01.org >Subject: Re: [edk2]

[edk2] [PATCH v2 3/3] MdeModulePkg: Refine the services comments in EFI_PRINT2_PROTOCOL

For the following 8 services in EFI_PRINT2_PROTOCOL: UNICODE_BS_PRINT UNICODE_S_PRINT UNICODE_BS_PRINT_ASCII_FORMAT UNICODE_S_PRINT_ASCII_FORMAT ASCII_BS_PRINT ASCII_S_PRINT ASCII_BS_PRINT_UNICODE_FORMAT ASCII_S_PRINT_UNICODE_FORMAT They will ASSERT when: 1) The input parameter 'StartOfBuffer' is

[edk2] [PATCH v2 2/3] MdeModulePkg/PrintLib: Refine the SPrint functions

For the following 12 APIs in MdeModulePkg/DxePrintLibPrint2Protocol: UnicodeVSPrint UnicodeBSPrint UnicodeSPrint UnicodeVSPrintAsciiFormat UnicodeBSPrintAsciiFormat UnicodeSPrintAsciiFormat AsciiVSPrint AsciiBSPrint AsciiSPrint AsciiVSPrintUnicodeFormat AsciiBSPrintUnicodeFormat AsciiSPrintUnicodeF

[edk2] [PATCH v2 1/3] MdePkg/BasePrintLib: Refine the SPrint functions

For the following 12 APIs in MdePkg/BasePrintLib: UnicodeVSPrint UnicodeBSPrint UnicodeSPrint UnicodeVSPrintAsciiFormat UnicodeBSPrintAsciiFormat UnicodeSPrintAsciiFormat AsciiVSPrint AsciiBSPrint AsciiSPrint AsciiVSPrintUnicodeFormat AsciiBSPrintUnicodeFormat AsciiSPrintUnicodeFormat They will AS

[edk2] [PATCH v2 0/3] PrintLib: Refine the SPrint functions

V2 changes: Update the description of the following services of EFI_PRINT2_PROTOCOL: UNICODE_BS_PRINT UNICODE_S_PRINT UNICODE_BS_PRINT_ASCII_FORMAT UNICODE_S_PRINT_ASCII_FORMAT ASCII_BS_PRINT ASCII_S_PRINT ASCII_BS_PRINT_UNICODE_FORMAT ASCII_S_PRINT_UNICODE_FORMAT Keep them the same as the relatin

Re: [edk2] Print from DXE_DRIVER

Also, on many systems, the output will be invisible, since boot screen output is a platform policy. In general, using DEBUG() is better, since it can either be redirected to StdErr() or through the serial port. Tim -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.

Re: [edk2] Print from DXE_DRIVER

> On Feb 8, 2017, at 5:43 PM, Andrew Fish wrote: > > If you want to write directly to the UEFI Console you can try this. Place it > in the entry point of your driver in case you have some bug that is > preventing your from registering the Driver Binding Protocol. > > gST->ConOut->OutputStri

Re: [edk2] Print from DXE_DRIVER

You can use DebugLib, and link MdePkg\Library\UefiDebugLibConOut\UefiDebugLibConOut.inf to print error message to Console. DEBUG ((DEBUG_INFO, "Hello Workd\n")); Thanks Liming -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Andrew Fish Sent: T

Re: [edk2] [PATCH v4 6/6] MdePkg/Pci22.h: Deprecate out-of-Spec IncompatiblePciDevice macros

The reason actually is simple: I remembered to change the commit message but forgot to change the code. I am using a Windows GUI tool (TortoiseGit) to change the patch. I just re-sent the correct patch. Please help to review it. Thanks/Ray > -Original Message- > From: Laszlo Ersek [mailt

[edk2] [PATCH v3] OvmfPkg/QemuBootOrderLib: Fix NOOPT build failure

This patch is to fix the IA32/NOOPT/VS Toolchain build failure. The VS2015 failure log as below: QemuBootOrderLib.lib(ExtraRootBusMap.obj) : error LNK2001: unresolved external symbol __allmul s:\..\Build\OvmfIa32\NOOPT_VS2015\IA32\MdeModulePkg\ Universal\BdsDxe\BdsDxe\DEBUG\BdsDxe.dll : fatal err

[edk2] [PATCH v4 6/6] MdePkg/Pci22.h: Deprecate out-of-Spec IncompatiblePciDevice macros

DEVICE_ID_NOCARE is defined as 0x but Spec says (UINT64) -1 should be used to match any VendorId/DeviceId/RevisionId/ SubsystemVendorId/SubsystemDeviceId. PCI_BAR_OLD_ALIGN/PCI_BAR_EVEN_ALIGN/PCI_BAR_SQUAD_ALIGN/ PCI_BAR_DQUAD_ALIGN are defined but Spec doesn't have such definitions. PCI_BAR_

Re: [edk2] [RFC v2 1/6] MdeModulePkg: Add DxeBmDmaLib (BmDmaLib class) library

Leo, Did you forget to add the BmDmaLib implementation in the patch? Thanks/Ray > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Leo Duran > Sent: Saturday, January 14, 2017 6:14 AM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; brijesh.si.

Re: [edk2] Sourceforge svn mirror of edk2

Recently, our auto sync machine meets with some issue. We are working on it to let it work back asap. Long term goal is to stop svn, and everyone uses edk2 git. Thanks Liming -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Laszlo Ersek Sent: W

[edk2] [PATCH v2] OvmfPkg/QemuBootOrderLib: Fix NOOPT build failure

This patch is to fix the IA32/NOOPT/VS Toolchain build failure. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi Notes: V2: Change the cast type form UINT32 to UINTN. Add commit message to cover the impa

Re: [edk2] [PATCH V2 5/6] SecurityPkg/Password: Add Password based UserAuthentication modules.

Good thoughts, though the time attack looks just theoretical in here (the hash result comparison in here can nearly ignored on CPU overhead.) :) In general, time-based attack was possible if the attacker is capable of adjust some parameters to collect more CPU usage or power for clearer measureme

Re: [edk2] [PATCH V2 0/6] Add password support

Serial reviewed-by : Chao Zhang -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiewen Yao Sent: Tuesday, February 7, 2017 4:24 PM To: edk2-devel@lists.01.org Subject: [edk2] [PATCH V2 0/6] Add password support V2 1) Add SmmCommunicati

Re: [edk2] Print from DXE_DRIVER

> On Feb 8, 2017, at 4:49 PM, David A. Van Arnem wrote: > > > > On 02/08/2017 05:43 PM, Andrew Fish wrote: >> >>> On Feb 8, 2017, at 2:10 PM, David A. Van Arnem >> > wrote: >>> > > > >>> When I load the driver from the shell (load .efi), I get a >>> message ind

Re: [edk2] [PATCH V2 5/6] SecurityPkg/Password: Add Password based UserAuthentication modules.

Good question. 1) I will remove the unused code. 2) If BaseMemoryLib is used, the malicious code may guess which byte is incorrect by analyzing time on error returned - technically. The SlowCompareMem is designed to mitigate time-attack for comparison. It always compare the full memory even the

Re: [edk2] [PATCH V2 6/6] SecurityPkg/dsc: add Password authentication module.

Reviewed-by: Qin Long Best Regards & Thanks, LONG, Qin > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, February 7, 2017 12:24 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Zhang, Chao B > > Subject: [PATCH V2 6/6] SecurityPkg/dsc: add Password authentication > module. >

Re: [edk2] Print from DXE_DRIVER

On 02/08/2017 05:43 PM, Andrew Fish wrote: > >> On Feb 8, 2017, at 2:10 PM, David A. Van Arnem wrote: >> >> When I load the driver from the shell (load .efi), I get a >> message indicating it loaded successfully, but no output from the >> Print() messages. > > You should be able to use sh

Re: [edk2] Print from DXE_DRIVER

> On Feb 8, 2017, at 4:41 PM, David A. Van Arnem wrote: > > > > On 02/08/2017 05:15 PM, Laszlo Ersek wrote: >> On 02/08/17 23:10, David A. Van Arnem wrote: >>> Hello, >>> >>> I am working on a DXE_DRIVER for a custom device. I like to use Print() >>> statements to trace code execution during

Re: [edk2] [PATCH V2 5/6] SecurityPkg/Password: Add Password based UserAuthentication modules.

Some comments: 1. I didn't see any usage of KeyLibGenerateLib interface. Remove or just designed for future usage? 2. Why need one extra KeyLibSlowCompareMem? Instead of using one in BaseMemoryLib? And if necessary, please add extra ASSERT handling as the comments. Reviewed-by: Qin Long B

Re: [edk2] Print from DXE_DRIVER

> On Feb 8, 2017, at 2:10 PM, David A. Van Arnem wrote: > > Hello, > > I am working on a DXE_DRIVER for a custom device. I like to use Print() > statements to trace code execution during development. Prints are not allowed in drivers as they are likely to break the UI. > Thus I have put >

Re: [edk2] [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance.

Reviewed-by: Qin Long Best Regards & Thanks, LONG, Qin > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, February 7, 2017 12:24 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Zhang, Chao B > > Subject: [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add > PlatformPasswo

Re: [edk2] Print from DXE_DRIVER

On 02/08/2017 05:15 PM, Laszlo Ersek wrote: > On 02/08/17 23:10, David A. Van Arnem wrote: >> Hello, >> >> I am working on a DXE_DRIVER for a custom device. I like to use Print() >> statements to trace code execution during development. Thus I have put >> a print statement in each of my Support

Re: [edk2] [PATCH V2 2/6] SecurityPkg/dec: Add PcdPasswordCleared.

Reviewed-by: Qin Long Please correct one typo: accroding --> according in the comment. Best Regards & Thanks, LONG, Qin > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, February 7, 2017 12:24 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Zhang, Chao B > > Subject: [PATC

Re: [edk2] [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.

Reviewed-by: Qin Long Please also check the typo: passowrd --> password. Best Regards & Thanks, LONG, Qin > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, February 7, 2017 12:24 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Zhang, Chao B > > Subject: [PATCH V2 3/6] Secu

Re: [edk2] [PATCH V2 1/6] CryptoPkg:SmmCryptLib: Add real Pkcs5Pbkdf2.c.

Reviewed-by: Qin Long Best Regards & Thanks, LONG, Qin > -Original Message- > From: Yao, Jiewen > Sent: Tuesday, February 7, 2017 12:24 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin > Subject: [PATCH V2 1/6] CryptoPkg:SmmCryptLib: Add real Pkcs5Pbkdf2.c. > > Cc: Qin Long > Contribu

Re: [edk2] Print from DXE_DRIVER

On 02/08/17 23:10, David A. Van Arnem wrote: > Hello, > > I am working on a DXE_DRIVER for a custom device. I like to use Print() > statements to trace code execution during development. Thus I have put > a print statement in each of my Supported(), Start(), and Stop() > functions for the driver

[edk2] Print from DXE_DRIVER

Hello, I am working on a DXE_DRIVER for a custom device. I like to use Print() statements to trace code execution during development. Thus I have put a print statement in each of my Supported(), Start(), and Stop() functions for the driver binding protocol. Currently I am building the driver as

[edk2] [PATCH 2/3] MdeModulePkg/Universal/CapsulePei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. The mask is applied when 4GB tables are created (UefiCapsule.c), and when the tables are expanded on-demand by page-faults above

[edk2] [PATCH 3/3] UefiCpuPkg/Universal/Acpi/S3Resume2Pei: Add support for PCD PcdPteMemoryEncryptionAddressOrMask

This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. The mask is applied when page tables are created (S3Resume.c). CC: Jeff Fan Cc: Feng Tian Cc: Star Zeng Cc: Laszlo Ersek Con

[edk2] [PATCH 0/3] Add PCD PcdPteMemoryEncryptionAddressOrMask

This new PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. This mask is be applied when creating 1:1 virtual to physical mapping tables. For example, the OvmfPkg sets the PCD when laun

[edk2] [PATCH 1/3] MdeModulePkg: Add PCD PcdPteMemoryEncryptionAddressOrMask

From: Brijesh Singh This PCD holds the address mask for page table entries when memory encryption is enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. Cc: Feng Tian Cc: Star Zeng Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Sig

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

On 02/08/17 19:20, Yao, Jiewen wrote: > Got it. > > > > If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more > description to make it clear. > > > > If we believe “PcdDxeIplSwitchtoLongMode == DXE is Long mode” as final > conclusion, can we treat that as a bug and fix OVM

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

On 02/08/17 19:13, Yao, Jiewen wrote: > I think X64 DXEIPL **may** create page table for X64 DXE. It is > controlled by PcdDxeIplBuildPageTables. > > > > if(FeaturePcdGet (PcdDxeIplBuildPageTables)) { > > // > > // Create page table and save PageMapLevel4 to CR3 > > // > >

Re: [edk2] [PATCH 00/12] Add SmiHandlerProfile feature

Sounds great. I appreciate your help. :) Thank you Yao Jiewen From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Wednesday, February 8, 2017 10:28 AM To: Yao, Jiewen ; edk2-de...@ml01.01.org Cc: Kinney, Michael D ; Justen, Jordan L ; Tian, Feng ; Zeng, Star ; Gao, Liming Subject: Re: [edk2]

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Comments below: From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Duran, Leo Sent: Wednesday, February 8, 2017 10:31 AM To: Yao, Jiewen ; Gao, Liming ; edk2-de...@ml01.01.org Cc: Laszlo Ersek ; Tian, Feng ; Singh, Brijesh ; Zeng, Star Subject: Re: [edk2] [PATCH] MdeModuleP

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

[Jiewen] The IA32 capsule code creates X64 page tables, then switch to X64. So the page table is for X64. Would you please double check if this PCD is needed? Regarding: MedModelePkg/Universal/CapsulePei/UefiCapsule.c Create4GPageTables() explicitly sets PhysicalAddressBits = 32; So it seems lik

Re: [edk2] [PATCH 00/12] Add SmiHandlerProfile feature

On 02/08/17 18:57, Yao, Jiewen wrote: > Hi Laszlo > > Thanks for the comment. > > > > To clarify something: > > > > 1) I did not enable SMI handler profile for OVMF because I notice > the OVMF just use very few SMI handlers, and it does not have > SmmChildDispatcher. Just like what y

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Got it. If the means of PcdDxeIplSwitchtoLongMode is unclear, we may add more description to make it clear. If we believe "PcdDxeIplSwitchtoLongMode == DXE is Long mode" as final conclusion, can we treat that as a bug and fix OVMF X64? Thank you Yao Jiewen From: Laszlo Ersek [mailto:ler...

Re: [edk2] [PATCH v4 0/3] Remove TimerLib dependency from DP

> On Feb 3, 2017, at 9:47 AM, Carsey, Jaben wrote: > > I am good with this change. I like the idea of changing platforms that build > the shell from source in a separate patch series. > > Reviewed-by: Jaben Carsey > Mike, This looks good. Reviewed-by: Andrew Fish mailto:af...@apple.com

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

I think X64 DXEIPL *may* create page table for X64 DXE. It is controlled by PcdDxeIplBuildPageTables. if (FeaturePcdGet (PcdDxeIplBuildPageTables)) { // // Create page table and save PageMapLevel4 to CR3 // PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (U

Re: [edk2] [PATCH 00/12] Add SmiHandlerProfile feature

Hi Laszlo Thanks for the comment. To clarify something: 1) I did not enable SMI handler profile for OVMF because I notice the OVMF just use very few SMI handlers, and it does not have SmmChildDispatcher. Just like what you mentioned. 2) I forget to mention: I did regression test

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

On 02/08/17 18:28, Duran, Leo wrote: > Lazlo, et al, > Please see reply below. > Lleo > >> -Original Message- >> From: Laszlo Ersek [mailto:ler...@redhat.com] >> Sent: Wednesday, February 08, 2017 11:11 AM >> To: Yao, Jiewen ; Duran, Leo >> ; Zeng, Star ; edk2- >> de...@ml01.01.org >> Cc:

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Agreed. Leo From: Yao, Jiewen [mailto:jiewen@intel.com] Sent: Wednesday, February 08, 2017 11:18 AM To: Laszlo Ersek ; Duran, Leo ; Zeng, Star ; edk2-de...@ml01.01.org Cc: Tian, Feng ; Singh, Brijesh Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMa

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Please see below. Leo. From: Yao, Jiewen [mailto:jiewen@intel.com] Sent: Wednesday, February 08, 2017 11:05 AM To: Duran, Leo ; Zeng, Star ; edk2-de...@ml01.01.org Cc: Laszlo Ersek ; Tian, Feng ; Singh, Brijesh Subject: RE: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptio

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

On 02/08/17 18:27, Yao, Jiewen wrote: > I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode. > > > > See DEC description: > > # It is assumed that 64-bit DxeCore is built in firmware if it is > true; otherwise 32-bit DxeCore > > # is built in firmware. Unfortunately, I have no his

Re: [edk2] [PATCH 00/12] Add SmiHandlerProfile feature

CC Jordan On 02/08/17 17:30, Jiewen Yao wrote: > This series patch add SMI handler profile. > > The purpose of SMI handler profile is to add the capability to > dump all SMI handlers produced by the firmware in a given boot. > The SMI handlers here include > 1) Root SMI handlers registered with S

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Comments below: From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Duran, Leo Sent: Wednesday, February 8, 2017 9:12 AM To: Gao, Liming ; edk2-de...@ml01.01.org Cc: Singh, Brijesh ; Tian, Feng ; Laszlo Ersek ; Zeng, Star Subject: Re: [edk2] [PATCH] MdeModulePkg: Add dynamic

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Lazlo, et al, Please see reply below. Lleo > -Original Message- > From: Laszlo Ersek [mailto:ler...@redhat.com] > Sent: Wednesday, February 08, 2017 11:11 AM > To: Yao, Jiewen ; Duran, Leo > ; Zeng, Star ; edk2- > de...@ml01.01.org > Cc: Tian, Feng ; Singh, Brijesh > > Subject: Re: [edk2]

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

I believe PcdDxeIplSwitchtoLongMode == DXE is Long mode. See DEC description: # It is assumed that 64-bit DxeCore is built in firmware if it is true; otherwise 32-bit DxeCore # is built in firmware. And the code MdeModulePkg\Universal\Acpi\S3SaveStateDxe\AcpiS3ContextSave.c: BOOLEAN IsLo

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Good reminder. I take back my word. In this case, we need consume PcdPteMemoryEncryptionAddressOrMask in IA32 mode to build X64 paging. We need From: Laszlo Ersek [mailto:ler...@redhat.com] Sent: Wednesday, February 8, 2017 9:11 AM To: Yao, Jiewen ; Duran, Leo ; Zeng, Star ; edk2-de...@ml01.0

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Please see replies below. Thanks, Leo > -Original Message- > From: Gao, Liming [mailto:liming@intel.com] > Sent: Wednesday, February 08, 2017 9:19 AM > To: Duran, Leo ; edk2-de...@ml01.01.org > Cc: Laszlo Ersek ; Tian, Feng ; > Singh, Brijesh ; Zeng, Star > Subject: RE: [edk2] [PATCH]

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

On 02/08/17 18:05, Yao, Jiewen wrote: > HI Leo > > Thanks to clarify that. > > > > If that is the case, do you think it will be better to limit this PCD to > X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64] Not sure if this is the best place to raise the following observatio

Re: [edk2] Sourceforge svn mirror of edk2

On 02/08/17 17:56, Carsey, Jaben wrote: > Laszlo - Nice article. Maybe you posted the link before, but if so I had > missed it. Thank you! > On a SVN-related note, I noticed that SVN via github also seems to be > out of date. Basically the message is: use git. That's right. Cheers, Laszlo >

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

HI Leo Thanks to clarify that. If that is the case, do you think it will be better to limit this PCD to X64 only in DEC file. Such as [PcdsDynamic.X64, PcdsDynamicEx.X64] Thank you Yao Jiewen From: Duran, Leo [mailto:leo.du...@amd.com] Sent: Wednesday, February 8, 2017 9:00 AM To: Zeng, Star ;

Re: [edk2] Sourceforge svn mirror of edk2

Laszlo - Nice article. Maybe you posted the link before, but if so I had missed it. On a SVN-related note, I noticed that SVN via github also seems to be out of date. Basically the message is: use git. > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On

Re: [edk2] [PATCH] MdeModulePkg: Add dynamic PCD PcdPteMemoryEncryptionAddressOrMask

Pease see reply below. Leo > -Original Message- > From: Zeng, Star [mailto:star.z...@intel.com] > Sent: Tuesday, February 07, 2017 8:27 PM > To: Duran, Leo ; edk2-de...@ml01.01.org > Cc: Laszlo Ersek ; Tian, Feng ; > Singh, Brijesh ; Zeng, Star ; > Yao, Jiewen > Subject: RE: [edk2] [PATCH

[edk2] [PATCH 09/12] MdeModulePkg/dsc: add SmiHandlerProfile to dsc.

Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdeModulePkg/MdeModulePkg.dsc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg

[edk2] [PATCH 12/12] QuarkPlatformPkg: enable SmiHandlerProfile.

Cc: Michael D Kinney Cc: Kelly Steele Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- QuarkPlatformPkg/Quark.dsc| 16 ++- QuarkPlatformPkg/Quark.fdf| 3 +- QuarkPlatformPkg/QuarkMin.dsc | 5 +++- QuarkPlatformPkg/Readme.m

[edk2] [PATCH 10/12] BaseTool/Script: Add SmiHandleProfile OS tool to get symbol.

This tool accepts the input XML file generated by SmiHandlerProfile application and convert the RVA address to be a user readable symbol. It also converts the GUID to be a user readable string. Cc: Yonghong Zhu Cc: Liming Gao Cc: Michael D Kinney Cc: Laszlo Ersek Contributed-under: TianoCore C

[edk2] [PATCH 11/12] QuarkSocPkg/SmmChildDispatch: Add SmiHandlerProfile support.

Cc: Michael D Kinney Cc: Kelly Steele Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmmDispatcher/QNCSmmCore.c | 19 +-- QuarkSocPkg/QuarkNorthCluster/Smm/DxeSmm/QncSmm

[edk2] [PATCH 08/12] MdeModulePkg/App: Add SmiHandlerProfile dump app.

This app uses SMM communication to get SMI handler profile from SMM core. Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdeModulePkg/Application/SmiHandlerProfileInfo/SmiHandlerProfileIn

[edk2] [PATCH 00/12] Add SmiHandlerProfile feature

This series patch add SMI handler profile. The purpose of SMI handler profile is to add the capability to dump all SMI handlers produced by the firmware in a given boot. The SMI handlers here include 1) Root SMI handlers registered with SMST->SmiHandlerRegister by SmmCore. 2) GUID SMI handlers reg

[edk2] [PATCH 06/12] MdeModulePkg/SmmSmiHandlerProfileLib: Add SMM instance.

This instance should be linked by SmmChildDispatcher if SMI handler profile feature is enabled. Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdeModulePkg/Library/SmmSmiHandlerProfileLib

[edk2] [PATCH 07/12] MdeModulePkg/PiSmmCore: Add SmiHandlerProfile support.

1) SmmCore maintains the root SMI handler and NULL SMI handler database. 2) SmmCore consumes PcdSmiHandlerProfilePropertyMask to decide if SmmCore need support SMI handler profile. If SMI handler profile is supported, the SmmCore installs SMI handler profile protocol and SMI handler profile communi

[edk2] [PATCH 05/12] MdeModulePkg/dec: Add PcdSmiHandlerProfilePropertyMask.

This PCD is linked by PiSmmCore to control if it enables SMI handler profile feature. Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdeModulePkg/MdeModulePkg.dec | 6 ++ 1 file chang

[edk2] [PATCH 04/12] MdeModulePkg/include: Add SmiHandlerProfile header file.

This header file defines: 1) An SMI handler profile protocol. So that SmmChildDispatch module can register the hardware SMI handler information. 2) The SMI handler profile communication buffer. So that a shell application can use SMM communication to get the SMI handler profile info. Cc: Feng Tian

[edk2] [PATCH 03/12] MdePkg/dsc: add SmiHandlerProfileLib to dsc.

Cc: Michael D Kinney Cc: Liming Gao Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdePkg/MdePkg.dsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index b4575cd..2144979 100644

[edk2] [PATCH 02/12] MdePkg/SmiHandlerProfileLibNull: Add NULL instance.

Cc: Michael D Kinney Cc: Liming Gao Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- MdePkg/Library/SmiHandlerProfileLibNull/SmiHandlerProfileLibNull.c | 72 MdePkg/Library/SmiHandlerProfileLibNull/SmiHandlerProfileL

  1   2   >