Star, Apologies - the copyright change was a merge error from an older edk2 snapshot. Updated patch below.
--- MdeModulePkg: PeiCore: fix issue where AuthenticationStatus is not propagated correctly to encapsulated FVs by ensuring that the FvInfo2 PPI is installed before the FvInfo PPI This patch fixes an issue in PEI with encapsulated FV images where the AuthenticationStatus is not correctly propagated down to child FV handles. The PEI core registers for callbacks for both FvInfo and FvInfo2 PPIs. These callbacks process the FVs which will recurse as necessary to find more encapsulated FVs. (FvInfo2 is an updated PPI that includes an AuthenticationStatus field - the original FvInfo did not include this.) When encapsulated FV processing occurs the PEI core installs both FvInfo and FvInfo2 PPIs. The original implementation installs FvInfo first and FvInfo2 second. As soon as the FvInfo PPI is installed the notification callback handler immediately fires causing recursive FV processing to occur. Since there is no AuthenticationStatus provided for the original FvInfo the callback assumes AuthenticationStatus is zero (unsigned / unverified) even though the parent FV may have been verified. This changes the order of FvInfo and FvInfo2 installs to ensure that the notification callback occurs for FvInfo2 first and appropriate AuthenticationStatus data can be propagated from parent FV to child FV. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eugene Cohen eug...@hp.com<mailto:eug...@hp.com> --- MdeModulePkg/Core/Pei/FwVol/FwVol.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.c b/MdeModulePkg/Core/Pei/FwVol/FwVol.c index 363ff7e..8f6e2ef 100644 --- a/MdeModulePkg/Core/Pei/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.c @@ -1,6 +1,7 @@ /** @file Pei Core Firmware File System service routines. +Copyright (c) 2015 HP Development Company, L.P. Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -1381,22 +1382,24 @@ ProcessFvFile ( // // Install FvInfo(2) Ppi + // NOTE: FvInfo2 must be installed before FvInfo so that recursive processing of encapsulated + // FVs inherit the proper AuthenticationStatus. // - PeiServicesInstallFvInfoPpi ( + PeiServicesInstallFvInfo2Ppi( &FvHeader->FileSystemGuid, - (VOID**) FvHeader, - (UINT32) FvHeader->FvLength, + (VOID**)FvHeader, + (UINT32)FvHeader->FvLength, &ParentFvImageInfo.FvName, - &FileInfo.FileName + &FileInfo.FileName, + AuthenticationStatus ); - PeiServicesInstallFvInfo2Ppi ( + PeiServicesInstallFvInfoPpi ( &FvHeader->FileSystemGuid, (VOID**) FvHeader, (UINT32) FvHeader->FvLength, &ParentFvImageInfo.FvName, - &FileInfo.FileName, - AuthenticationStatus + &FileInfo.FileName ); // -- Thanks, Eugene -----Original Message----- From: Zeng, Star [mailto:star.z...@intel.com] Sent: Monday, November 09, 2015 6:47 AM To: Cohen, Eugene <eug...@hp.com>; Tian, Feng <feng.t...@intel.com>; edk2-devel@lists.01.org Cc: Thompson, Mark L. <mark.l.thomp...@hp.com>; Dellaquila, Katie <katie.dellaqu...@hp.com> Subject: Re: [edk2] [PATCH] MdeModulePkg: PeiCore: fix issue where AuthenticationStatus is not propagated correctly to encapsulated FVs by ensuring that the FvInfo2 PPI is installed before the FvInfo PPI On 2015/11/9 20:47, Cohen, Eugene wrote: > Feng, > > The patch was attached as a ".patch" file attachment and was stripped off > before it came to the list. I'll just use plaintext this time. > > > MdeModulePkg: PeiCore: fix issue where AuthenticationStatus is not > propagated correctly to encapsulated FVs by ensuring that the FvInfo2 > PPI is installed before the FvInfo PPI > > This patch fixes an issue in PEI with encapsulated FV images where the > AuthenticationStatus is not correctly propagated down to child FV > handles. The PEI core registers for callbacks for both FvInfo and > FvInfo2 PPIs. These callbacks process the FVs which will recurse as > necessary to find more encapsulated FVs. (FvInfo2 is an updated PPI > that includes an AuthenticationStatus field - the original FvInfo did > not include this.) > > When encapsulated FV processing occurs the PEI core installs both > FvInfo and FvInfo2 PPIs. The original implementation installs FvInfo > first and FvInfo2 second. As soon as the FvInfo PPI is installed the > notification callback handler immediately fires causing recursive FV > processing to occur. Since there is no AuthenticationStatus provided > for the original FvInfo the callback assumes AuthenticationStatus is > zero (unsigned / unverified) even though the parent FV may have been > verified. > > This changes the order of FvInfo and FvInfo2 installs to ensure that > the notification callback occurs for FvInfo2 first and appropriate > AuthenticationStatus data can be propagated from parent FV to child > FV. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Eugene Cohen eug...@hp.com<mailto:eug...@hp.com> > > --- > MdeModulePkg/Core/Pei/FwVol/FwVol.c | 19 +++++++++++-------- > 1 file changed, 11 insertions(+), 8 deletions(-) > > diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.c > b/MdeModulePkg/Core/Pei/FwVol/FwVol.c > index 363ff7e..0e3246b 100644 > --- a/MdeModulePkg/Core/Pei/FwVol/FwVol.c > +++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.c > @@ -1,7 +1,8 @@ > /** @file > Pei Core Firmware File System service routines. > > -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> Could the patch do not touch this line? If yes, you can have Reviewed-by below. Reviewed-by: Star Zeng <star.z...@intel.com> Thanks, Star > +Copyright (c) 2015 HP Development Company, L.P. > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD > License > which accompanies this distribution. The full text of the license may be > found at > @@ -1381,22 +1382,24 @@ ProcessFvFile ( > > // > // Install FvInfo(2) Ppi > + // NOTE: FvInfo2 must be installed before FvInfo so that recursive > processing of encapsulated > + // FVs inherit the proper AuthenticationStatus. > // > - PeiServicesInstallFvInfoPpi ( > + PeiServicesInstallFvInfo2Ppi( > &FvHeader->FileSystemGuid, > - (VOID**) FvHeader, > - (UINT32) FvHeader->FvLength, > + (VOID**)FvHeader, > + (UINT32)FvHeader->FvLength, > &ParentFvImageInfo.FvName, > - &FileInfo.FileName > + &FileInfo.FileName, > + AuthenticationStatus > ); > > - PeiServicesInstallFvInfo2Ppi ( > + PeiServicesInstallFvInfoPpi ( > &FvHeader->FileSystemGuid, > (VOID**) FvHeader, > (UINT32) FvHeader->FvLength, > &ParentFvImageInfo.FvName, > - &FileInfo.FileName, > - AuthenticationStatus > + &FileInfo.FileName > ); > > // > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
