[edk2-devel] [PATCH v2 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL

2019-06-19 Thread Xiaoyu Lu 
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1926

This problem was found by Rebecca Cran .
REF: https://edk2.groups.io/g/devel/topic/32100684

OpenSSL will automatically load a system config file which configures
default ssl options. In UEFI, It will cause TlsInitialize failed
without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
So disable it.

Re-run process_files.py to generate OpensslLib[Crypto].inf files.

Cc: Jian J Wang 
Cc: Laszlo Ersek 
Signed-off-by: Xiaoyu Lu 
Reviewed-by: Rebecca Cran 
Reviewed-by: Jian J Wang 
---
 CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
 CryptoPkg/Library/OpensslLib/process_files.pl   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h 
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 07fa2d3ce280..2b4d538e92d2 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -115,6 +115,9 @@ extern "C" {
 #ifndef OPENSSL_NO_AUTOERRINIT
 # define OPENSSL_NO_AUTOERRINIT
 #endif
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+# define OPENSSL_NO_AUTOLOAD_CONFIG
+#endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl 
b/CryptoPkg/Library/OpensslLib/process_files.pl
index 2783ff54f95a..3e8669e30fd7 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -53,6 +53,7 @@ BEGIN {
 "no-async",
 "no-autoalginit",
 "no-autoerrinit",
+"no-autoload-config",
 "no-bf",
 "no-blake2",
 "no-camellia",
-- 
2.7.4


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42629): https://edk2.groups.io/g/devel/message/42629
Mute This Topic: https://groups.io/mt/32141158/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.

2019-06-19 Thread Nate DeSimone 
Reviewed-by: Nate DeSimone 

-Original Message-
From: Chiu, Chasel 
Sent: Sunday, June 16, 2019 7:42 PM
To: devel@edk2.groups.io
Cc: Desimone, Nathaniel L ; Zeng, Star 

Subject: [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1883

Add header file for FSP_TEMP_RAM_EXIT_PPI which is defined by FSP 2.1 spec.

Test: Build successfully.

Cc: Nate DeSimone 
Cc: Star Zeng 
Signed-off-by: Chasel Chiu 
---
 IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h | 52 

 IntelFsp2Pkg/IntelFsp2Pkg.dec |  5 +
 2 files changed, 57 insertions(+)

diff --git a/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h 
b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
new file mode 100644
index 00..0db54dfa45
--- /dev/null
+++ b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
@@ -0,0 +1,52 @@
+/** @file
+  This file defines the Silicon Temp Ram Exit PPI which implements the
+  required programming steps for disabling temporary memory.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _FSP_TEMP_RAM_EXIT_PPI_H_
+#define _FSP_TEMP_RAM_EXIT_PPI_H_
+
+///
+/// Global ID for the FSP_TEMP_RAM_EXIT_PPI.
+///
+#define FSP_TEMP_RAM_EXIT_GUID \
+  { \
+0xbc1cfbdb, 0x7e50, 0x42be, { 0xb4, 0x87, 0x22, 0xe0, 0xa9, 0x0c, 
+0xb0, 0x52 } \
+  }
+
+//
+// Forward declaration for the FSP_TEMP_RAM_EXIT_PPI.
+//
+typedef struct _FSP_TEMP_RAM_EXIT_PPI FSP_TEMP_RAM_EXIT_PPI;
+
+/**
+  Silicon function for disabling temporary memory.
+  @param[in] TempRamExitParamPtr - Pointer to the TempRamExit parameters 
structure.
+   This structure is normally defined in the 
Integration
+   Guide. If it is not defined in the 
Integration Guide,
+   pass NULL.
+  @retval EFI_SUCCESS- FSP execution environment was initialized 
successfully.
+  @retval EFI_INVALID_PARAMETER  - Input parameters are invalid.
+  @retval EFI_UNSUPPORTED- The FSP calling conditions were not met.
+  @retval EFI_DEVICE_ERROR   - Temporary memory exit.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *FSP_TEMP_RAM_EXIT) (
+  IN  VOID*TempRamExitParamPtr
+  );
+
+///
+/// This PPI provides function to disable temporary memory.
+///
+struct _FSP_TEMP_RAM_EXIT_PPI {
+  FSP_TEMP_RAM_EXIT   TempRamExit;
+};
+
+extern EFI_GUID gFspTempRamExitPpiGuid;
+
+#endif // _FSP_TEMP_RAM_EXIT_PPI_H_
diff --git a/IntelFsp2Pkg/IntelFsp2Pkg.dec b/IntelFsp2Pkg/IntelFsp2Pkg.dec 
index cc17164742..ad2b7f7fb5 100644
--- a/IntelFsp2Pkg/IntelFsp2Pkg.dec
+++ b/IntelFsp2Pkg/IntelFsp2Pkg.dec
@@ -49,6 +49,11 @@
   #
   gFspInApiModePpiGuid  = { 0xa1eeab87, 0xc859, 0x479d, {0x89, 
0xb5, 0x14, 0x61, 0xf4, 0x06, 0x1a, 0x3e}}
 
+  #
+  # PPI to tear down the temporary memory set up by TempRamInit ().
+  #
+  gFspTempRamExitPpiGuid  = {0xbc1cfbdb, 0x7e50, 0x42be, {0xb4, 0x87, 
0x22, 0xe0, 0xa9, 0x0c, 0xb0, 0x52}}
+
 [Guids]
   #
   # GUID defined in package
--
2.13.3.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42628): https://edk2.groups.io/g/devel/message/42628
Mute This Topic: https://groups.io/mt/32090494/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.

2019-06-19 Thread Nate DeSimone 
Hi All,

The decision to use FSP_TEMP_RAM_EXIT_PPI for both FSP and non-FSP builds is a 
platform level decision. There are several EDK2 based UEFI implementations that 
do not use FSP_TEMP_RAM_EXIT_PPI, OvmfPkg, Minnow, and Quark are some of many 
examples. There is nothing in the UEFI PI spec or the MinPlatform spec 
mandating that this PPI be implemented. This PPI is however mandated by the FSP 
spec. As a matter of convenience, if a platform implements the FSP spec, it is 
easiest to also implement this PPI even on a non-FSP build. This PPI was added 
to the FSP spec because our prior experience has shown that such a PPI makes it 
easier to implement platform agnostic SEC phase code.

Furthermore, IntelFsp2Pkg may not have any dependencies on IntelSiliconPkg, it 
is only allowed to depend on MdePkg since FSP is an industry standard.

Accordingly, I agree with Chasel that two copies of this PPI are currently 
merited:

1. IntelFsp2Pkg
2. IntelSiliconPkg

I agree with Chasel that depending on ecosystem adoption of FSP we can consider 
dropping the duplicate from IntelSiliconPkg in the future.

Thanks,
Nate

-Original Message-
From: Chiu, Chasel 
Sent: Wednesday, June 19, 2019 8:33 PM
To: Ni, Ray ; devel@edk2.groups.io
Cc: Desimone, Nathaniel L ; Zeng, Star 

Subject: RE: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.


Hi Ray,

Currently we prefer to duplicate header files so we do not have IntelFsp2Pkg 
dependency for non-FSP build.
We will review for how to support FSP/non-FSP builds better.

Thanks!
Chasel


> -Original Message-
> From: Ni, Ray
> Sent: Monday, June 17, 2019 11:27 AM
> To: devel@edk2.groups.io; Chiu, Chasel 
> Cc: Desimone, Nathaniel L ; Zeng, Star 
> 
> Subject: RE: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.
> 
> Chasel,
> I found another instance of this PPI in 
> edk2-platforms/Silicon/Intel/KabylakeSiliconPkg/Include/Ppi.
> Will you remove that one after this is checked in?
> 
> 
> Thanks,
> Ray
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Chiu, 
> > Chasel
> > Sent: Monday, June 17, 2019 10:42 AM
> > To: devel@edk2.groups.io
> > Cc: Desimone, Nathaniel L ; Zeng, 
> > Star 
> > Subject: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1883
> >
> > Add header file for FSP_TEMP_RAM_EXIT_PPI which is defined by FSP 
> > 2.1 spec.
> >
> > Test: Build successfully.
> >
> > Cc: Nate DeSimone 
> > Cc: Star Zeng 
> > Signed-off-by: Chasel Chiu 
> > ---
> >  IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h | 52
> > 
> >  IntelFsp2Pkg/IntelFsp2Pkg.dec |  5 +
> >  2 files changed, 57 insertions(+)
> >
> > diff --git a/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
> > b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
> > new file mode 100644
> > index 00..0db54dfa45
> > --- /dev/null
> > +++ b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
> > @@ -0,0 +1,52 @@
> > +/** @file
> > +  This file defines the Silicon Temp Ram Exit PPI which implements 
> > +the
> > +  required programming steps for disabling temporary memory.
> > +
> > +Copyright (c) 2019, Intel Corporation. All rights reserved.
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#ifndef _FSP_TEMP_RAM_EXIT_PPI_H_
> > +#define _FSP_TEMP_RAM_EXIT_PPI_H_
> > +
> > +///
> > +/// Global ID for the FSP_TEMP_RAM_EXIT_PPI.
> > +///
> > +#define FSP_TEMP_RAM_EXIT_GUID \
> > +  { \
> > +0xbc1cfbdb, 0x7e50, 0x42be, { 0xb4, 0x87, 0x22, 0xe0, 0xa9, 
> > +0x0c, 0xb0, 0x52 } \
> > +  }
> > +
> > +//
> > +// Forward declaration for the FSP_TEMP_RAM_EXIT_PPI.
> > +//
> > +typedef struct _FSP_TEMP_RAM_EXIT_PPI FSP_TEMP_RAM_EXIT_PPI;
> > +
> > +/**
> > +  Silicon function for disabling temporary memory.
> > +  @param[in] TempRamExitParamPtr - Pointer to the TempRamExit
> > parameters structure.
> > +   This structure is normally 
> > + defined in the
> Integration
> > +   Guide. If it is not defined in the 
> > Integration Guide,
> > +   pass NULL.
> > +  @retval EFI_SUCCESS- FSP execution environment was 
> > initialized
> > successfully.
> > +  @retval EFI_INVALID_PARAMETER  - Input parameters are invalid.
> > +  @retval EFI_UNSUPPORTED- The FSP calling conditions were not
> met.
> > +  @retval EFI_DEVICE_ERROR   - Temporary memory exit.
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *FSP_TEMP_RAM_EXIT) (
> > +  IN  VOID*TempRamExitParamPtr
> > +  );
> > +
> > +///
> > +/// This PPI provides function to disable temporary memory.
> > +///
> > +struct _FSP_TEMP_RAM_EXIT_PPI {
> > +  FSP_TEMP_RAM_EXIT   TempRamExit;
> > +};
> > +
> > +extern EFI_GUID gFspTempRamExitPpiGuid;
> > +
> > +#endif // _FSP_TEMP_RAM_EXIT_PPI_H_
> > diff --git a/IntelFsp2Pkg/IntelFsp2Pkg.dec 
> >

[edk2-devel] [PATCH v5 2/2] MdeModulePkg/BdsDxe: Use a pcd to control PlatformRecovery

2019-06-19 Thread Gao, Zhichao 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1678

Use the PcdPlatformRecoverySupport to control the function
of platform recovery in BDS.
First, set the variable's ("OsIndicationsSupported")
EFI_OS_INDICATIONS_START_PLATFORM_RECOVERY bit base on the pcd.
It would affect the variable "OsIndications".
While the platform does not support the platform recovery,
it is inappropriate to set a PlatformRecovery variable. So
skip setting the variable. But it should remain the behavior of
booting from a default file path (such as \EFI\BOOT\BOOTX64.EFI)
to be compatible with the previous version UEFI spec.

Add memory check before build platform default boot option. If
fail to allocate memory for the defualt boot file path, put the
system into dead loop to indicate it is unable to boot.

Cc: Jian J Wang 
Cc: Hao Wu 
Cc: Ray Ni 
Cc: Star Zeng 
Cc: Liming Gao 
Cc: Sean Brogan 
Cc: Michael Turner 
Cc: Bret Barkelew 
Signed-off-by: Zhichao Gao 
---
 MdeModulePkg/Universal/BdsDxe/BdsDxe.inf |  3 +-
 MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 71 +++-
 2 files changed, 47 insertions(+), 27 deletions(-)

diff --git a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf 
b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
index 6913389d34..7f94ca17df 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+++ b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@@ -5,7 +5,7 @@
 #  gEfiBdsArchProtocolGuid. After DxeCore finish dispatching, DxeCore will 
invoke Entry
 #  interface of protocol gEfiBdsArchProtocolGuid, then BDS phase is entered.
 #
-#  Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) 2008 - 2019, Intel Corporation. All rights reserved.
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -95,6 +95,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand  ## 
CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable  ## 
SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed   ## 
CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdPlatformRecoverySupport   ## 
CONSUMES
 
 [Depex]
   TRUE
diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c 
b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
index 9d312bd982..4f3168b62a 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
+++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
@@ -5,7 +5,7 @@
   After DxeCore finish DXE phase, gEfiBdsArchProtocolGuid->BdsEntry will be 
invoked
   to enter BDS phase.
 
-Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP
 (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
 SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -546,10 +546,14 @@ BdsFormalizeOSIndicationVariable (
   //
   Status = EfiBootManagerGetBootManagerMenu ();
   if (Status != EFI_NOT_FOUND) {
-OsIndicationSupport = EFI_OS_INDICATIONS_BOOT_TO_FW_UI | 
EFI_OS_INDICATIONS_START_PLATFORM_RECOVERY;
+OsIndicationSupport = EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
 EfiBootManagerFreeLoadOption ();
   } else {
-OsIndicationSupport = EFI_OS_INDICATIONS_START_PLATFORM_RECOVERY;
+OsIndicationSupport = 0;
+  }
+
+  if (PcdGetBool (PcdPlatformRecoverySupport)) {
+OsIndicationSupport |= EFI_OS_INDICATIONS_START_PLATFORM_RECOVERY;
   }
 
   Status = gRT->SetVariable (
@@ -662,6 +666,7 @@ BdsEntry (
   BOOLEAN BootSuccess;
   EFI_DEVICE_PATH_PROTOCOL*FilePath;
   EFI_STATUS  BootManagerMenuStatus;
+  EFI_BOOT_MANAGER_LOAD_OPTIONPlatformDefaultBootOption;
 
   HotkeyTriggered = NULL;
   Status  = EFI_SUCCESS;
@@ -763,14 +768,13 @@ BdsEntry (
   //
   InitializeLanguage (TRUE);
 
-  //
-  // System firmware must include a PlatformRecovery variable specifying
-  // a short-form File Path Media Device Path containing the platform default
-  // file path for removable media
-  //
   FilePath = FileDevicePath (NULL, EFI_REMOVABLE_MEDIA_FILE_NAME);
+  if (FilePath == NULL) {
+DEBUG ((DEBUG_ERROR, "Fail to allocate memory for defualt boot file path. 
Unable to boot.\n"));
+CpuDeadLoop ();
+  }
   Status = EfiBootManagerInitializeLoadOption (
- ,
+ ,
  LoadOptionNumberUnassigned,
  LoadOptionTypePlatformRecovery,
  LOAD_OPTION_ACTIVE,
@@ -780,24 +784,31 @@ BdsEntry (
  0
  );
   ASSERT_EFI_ERROR (Status);
-  LoadOptions = EfiBootManagerGetLoadOptions (, 
LoadOptionTypePlatformRecovery);
-  if (EfiBootManagerFindLoadOption (, LoadOptions, LoadOptionCount) 
== -1) {
-for (Index = 0; Index < LoadOptionCount; Index++) {
-  //
-  // The PlatformRecovery options are sorted by OptionNumber.
-  // Find the the smallest unused number as the new OptionNumber.
-  //
-  if (LoadOptions[Index].OptionNumber != Index) {
-break;
+
+  //
+  //

[edk2-devel] [PATCH v5 0/2] Use a pcd to control Platform Recovery behavior

2019-06-19 Thread Gao, Zhichao 
V1:
Add a pcd PcdPlatformRecoverySupport to control the variable
PlatformRecovery and the EFI_OS_INDICATIONS_START_PLATFORM_RECOVERY
bit of variable "OsIndicationsSupported".

V2:
While PcdPlatformRecoverySupport is FALSE, do not set a PlatformRecovery
Variable.
But remain boot from a default file path(such as \EFI\BOOT\BOOTX64.EFI).
Add memory check before build platform default boot option.

V3:
Modify the memory check operation. If fail to allocate memory for the defualt
boot file path, put the system into dead loop to indicate it is unable to boot.

v4:
Add the description of PcdPlatformRecoverySupport in MdeModulePkg.uni
Fix incorrect check of LoadOption. Should check PlatformDefaultBootOption.

v5:
Fix the incorrect string in MdeModulePkg.uni:
Add STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPlatformRecoverySupport_PROMPT
and STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPlatformRecoverySupport_HELP
base on the description in MdeModulePkg.dec file.

Cc: Jian J Wang 
Cc: Hao Wu 
Cc: Ray Ni 
Cc: Star Zeng 
Cc: Liming Gao 
Cc: Sean Brogan 
Cc: Michael Turner 
Cc: Bret Barkelew 

Bret Barkelew (1):
  MdeModulePkg: Add a pcd to set the OS indications bit

Zhichao Gao (1):
  MdeModulePkg/BdsDxe: Use a pcd to control PlatformRecovery

 MdeModulePkg/MdeModulePkg.dec|  6 ++
 MdeModulePkg/MdeModulePkg.uni|  6 ++
 MdeModulePkg/Universal/BdsDxe/BdsDxe.inf |  3 +-
 MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 71 +++-
 4 files changed, 59 insertions(+), 27 deletions(-)

-- 
2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42624): https://edk2.groups.io/g/devel/message/42624
Mute This Topic: https://groups.io/mt/32140505/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v5 1/2] MdeModulePkg: Add a pcd to set the OS indications bit

2019-06-19 Thread Gao, Zhichao 
From: Bret Barkelew 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1678

Add a pcd PcdPlatformRecoverySupport to conditionally
set an OS indications bit and set the 'PlatformRecovery'
variable. This pcd would also control whether the BDS
support platform recovery or not.
Update the uni file to add the prompt and help string base on
the description in dec file.

Cc: Jian J Wang 
Cc: Hao Wu 
Cc: Ray Ni 
Cc: Star Zeng 
Cc: Liming Gao 
Cc: Sean Brogan 
Cc: Michael Turner 
Cc: Bret Barkelew 
Signed-off-by: Zhichao Gao 
---
 MdeModulePkg/MdeModulePkg.dec | 6 ++
 MdeModulePkg/MdeModulePkg.uni | 6 ++
 2 files changed, 12 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 2dee139ba3..ab51392262 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1640,6 +1640,12 @@
   # @Prompt Reset on memory type information change.
   
gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|TRUE|BOOLEAN|0x00010056
 
+  ## Indicates if the BDS supports Platform Recovery.
+  #   TRUE  - BDS supports Platform Recovery.
+  #   FALSE - BDS does not support Platform Recovery.
+  # @Prompt Support Platform Recovery.
+  
gEfiMdeModulePkgTokenSpaceGuid.PcdPlatformRecoverySupport|TRUE|BOOLEAN|0x00010078
+
   ## Specify the foreground color for Subtile text in HII Form Browser. The 
default value is EFI_BLUE.
   #  Only following values defined in UEFI specification are valid:
   #  0x00 (EFI_BLACK)
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index ed8ac9eadc..eda1fc043e 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -445,6 +445,12 @@

"TRUE  - Resets system when memory type information 
changes.\n"

"FALSE - Does not reset system when memory type 
information changes."
 
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPlatformRecoverySupport_PROMPT  
#language en-US "Support Platform Recovery"
+
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPlatformRecoverySupport_HELP  
#language en-US "Indicates if the BDS supports Platform Recovery.\n"
+   
 "TRUE  - BDS supports Platform Recovery.\n"
+   
 "FALSE - BDS does not support Platform Recovery."
+
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdBrowserSubtitleTextColor_PROMPT  
#language en-US "Foreground color for browser subtitle"
 
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdBrowserSubtitleTextColor_HELP  
#language en-US "Specify the foreground color for Subtitle text in HII Form 
Browser. The default value is EFI_BLUE. Only following values defined in UEFI 
specification are valid:\n"
-- 
2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42625): https://edk2.groups.io/g/devel/message/42625
Mute This Topic: https://groups.io/mt/32140506/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] KabylakeOpenBoardPkg: Remove PeiMain for Dispatch mode.

2019-06-19 Thread Nate DeSimone 
Reviewed-by: Nate DeSimone 

-Original Message-
From: Chiu, Chasel 
Sent: Friday, June 14, 2019 1:25 AM
To: devel@edk2.groups.io
Cc: Kubacki, Michael A ; Desimone, Nathaniel L 
; Gao, Liming 
Subject: [PATCH] KabylakeOpenBoardPkg: Remove PeiMain for Dispatch mode.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1916

In Dispatch mode PeiMain from FSP Binary will be launched so the one from boot 
loader can be removed.

Test: Verified the PeiMain is removed in Dispatch mode
  and included in API mode.

Cc: Michael Kubacki 
Cc: Nate DeSimone 
Cc: Liming Gao 
Signed-off-by: Chasel Chiu 
---
 Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.fdf | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.fdf 
b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.fdf
index 007cb4b28f..abafd8e44d 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.fdf
+++ b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.fdf
@@ -226,7 +226,13 @@ READ_LOCK_STATUS   = TRUE
 FvNameGuid = FC8FE6B5-CD9B-411E-BD8F-31824D0CDE3D
 
 INF  UefiCpuPkg/SecCore/SecCore.inf
+!if (gMinPlatformPkgTokenSpaceGuid.PcdFspWrapperBootMode == FALSE) || 
+(gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection == 1) # # PeiMain 
+is needed only for FSP API mode or EDK2 build, # in FSP dispatch mode 
+the one inside FSP Binary is launched.
+#
 INF  MdeModulePkg/Core/Pei/PeiMain.inf
+!endif
 !include $(PLATFORM_PACKAGE)/Include/Fdf/CorePreMemoryInclude.fdf
 
 INF $(PLATFORM_PACKAGE)/PlatformInit/ReportFv/ReportFvPei.inf
--
2.13.3.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42622): https://edk2.groups.io/g/devel/message/42622
Mute This Topic: https://groups.io/mt/32061785/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.

2019-06-19 Thread Chiu, Chasel 


Hi Ray,

Currently we prefer to duplicate header files so we do not have IntelFsp2Pkg 
dependency for non-FSP build.
We will review for how to support FSP/non-FSP builds better.

Thanks!
Chasel


> -Original Message-
> From: Ni, Ray
> Sent: Monday, June 17, 2019 11:27 AM
> To: devel@edk2.groups.io; Chiu, Chasel 
> Cc: Desimone, Nathaniel L ; Zeng, Star
> 
> Subject: RE: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.
> 
> Chasel,
> I found another instance of this PPI in
> edk2-platforms/Silicon/Intel/KabylakeSiliconPkg/Include/Ppi.
> Will you remove that one after this is checked in?
> 
> 
> Thanks,
> Ray
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Chiu,
> > Chasel
> > Sent: Monday, June 17, 2019 10:42 AM
> > To: devel@edk2.groups.io
> > Cc: Desimone, Nathaniel L ; Zeng, Star
> > 
> > Subject: [edk2-devel] [PATCH v2] IntelFsp2Pkg: add TempRamExitPpi.h.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1883
> >
> > Add header file for FSP_TEMP_RAM_EXIT_PPI which is defined by FSP 2.1
> > spec.
> >
> > Test: Build successfully.
> >
> > Cc: Nate DeSimone 
> > Cc: Star Zeng 
> > Signed-off-by: Chasel Chiu 
> > ---
> >  IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h | 52
> > 
> >  IntelFsp2Pkg/IntelFsp2Pkg.dec |  5 +
> >  2 files changed, 57 insertions(+)
> >
> > diff --git a/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
> > b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
> > new file mode 100644
> > index 00..0db54dfa45
> > --- /dev/null
> > +++ b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
> > @@ -0,0 +1,52 @@
> > +/** @file
> > +  This file defines the Silicon Temp Ram Exit PPI which implements
> > +the
> > +  required programming steps for disabling temporary memory.
> > +
> > +Copyright (c) 2019, Intel Corporation. All rights reserved.
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#ifndef _FSP_TEMP_RAM_EXIT_PPI_H_
> > +#define _FSP_TEMP_RAM_EXIT_PPI_H_
> > +
> > +///
> > +/// Global ID for the FSP_TEMP_RAM_EXIT_PPI.
> > +///
> > +#define FSP_TEMP_RAM_EXIT_GUID \
> > +  { \
> > +0xbc1cfbdb, 0x7e50, 0x42be, { 0xb4, 0x87, 0x22, 0xe0, 0xa9, 0x0c,
> > +0xb0, 0x52 } \
> > +  }
> > +
> > +//
> > +// Forward declaration for the FSP_TEMP_RAM_EXIT_PPI.
> > +//
> > +typedef struct _FSP_TEMP_RAM_EXIT_PPI FSP_TEMP_RAM_EXIT_PPI;
> > +
> > +/**
> > +  Silicon function for disabling temporary memory.
> > +  @param[in] TempRamExitParamPtr - Pointer to the TempRamExit
> > parameters structure.
> > +   This structure is normally defined in 
> > the
> Integration
> > +   Guide. If it is not defined in the 
> > Integration Guide,
> > +   pass NULL.
> > +  @retval EFI_SUCCESS- FSP execution environment was 
> > initialized
> > successfully.
> > +  @retval EFI_INVALID_PARAMETER  - Input parameters are invalid.
> > +  @retval EFI_UNSUPPORTED- The FSP calling conditions were not
> met.
> > +  @retval EFI_DEVICE_ERROR   - Temporary memory exit.
> > +**/
> > +typedef
> > +EFI_STATUS
> > +(EFIAPI *FSP_TEMP_RAM_EXIT) (
> > +  IN  VOID*TempRamExitParamPtr
> > +  );
> > +
> > +///
> > +/// This PPI provides function to disable temporary memory.
> > +///
> > +struct _FSP_TEMP_RAM_EXIT_PPI {
> > +  FSP_TEMP_RAM_EXIT   TempRamExit;
> > +};
> > +
> > +extern EFI_GUID gFspTempRamExitPpiGuid;
> > +
> > +#endif // _FSP_TEMP_RAM_EXIT_PPI_H_
> > diff --git a/IntelFsp2Pkg/IntelFsp2Pkg.dec
> > b/IntelFsp2Pkg/IntelFsp2Pkg.dec index cc17164742..ad2b7f7fb5 100644
> > --- a/IntelFsp2Pkg/IntelFsp2Pkg.dec
> > +++ b/IntelFsp2Pkg/IntelFsp2Pkg.dec
> > @@ -49,6 +49,11 @@
> >#
> >gFspInApiModePpiGuid  = { 0xa1eeab87, 0xc859, 0x479d,
> {0x89,
> > 0xb5, 0x14, 0x61, 0xf4, 0x06, 0x1a, 0x3e}}
> >
> > +  #
> > +  # PPI to tear down the temporary memory set up by TempRamInit ().
> > +  #
> > +  gFspTempRamExitPpiGuid  = {0xbc1cfbdb, 0x7e50, 0x42be, {0xb4, 0x87,
> > 0x22, 0xe0, 0xa9, 0x0c, 0xb0, 0x52}}
> > +
> >  [Guids]
> >#
> ># GUID defined in package
> > --
> > 2.13.3.windows.1
> >
> >
> > 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42623): https://edk2.groups.io/g/devel/message/42623
Mute This Topic: https://groups.io/mt/32090494/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2] Platform/Intel: Dynamic NUMBER_OF_PROCESSORS in build.

2019-06-19 Thread Nate DeSimone 
Reviewed-by: Nate DeSimone 

-Original Message-
From: devel@edk2.groups.io  On Behalf Of Chiu, Chasel
Sent: Thursday, June 13, 2019 1:32 AM
To: devel@edk2.groups.io
Cc: Kubacki, Michael A ; Desimone, Nathaniel L 
; Gao, Liming ; Feng, Bob 
C 
Subject: [edk2-devel] [PATCH v2] Platform/Intel: Dynamic NUMBER_OF_PROCESSORS 
in build.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1913

To improve build performance by default the maximum processors should be used 
for building.
NUMBER_OF_PROCESSORS in build.cfg is set to 0 so BaseTools can utilize maximum 
processors for build.

Test: tried NUMBER_OF_PROCESSORS 0 and 1 cases and
  confirmed the build time is half with 0 case.

Cc: Michael Kubacki 
Cc: Nate DeSimone 
Cc: Liming Gao 
Cc: Bob Feng 
Signed-off-by: Chasel Chiu 
---
 Platform/Intel/build.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Platform/Intel/build.cfg b/Platform/Intel/build.cfg index 
6c23e5eabc..fc6e4fe824 100644
--- a/Platform/Intel/build.cfg
+++ b/Platform/Intel/build.cfg
@@ -46,7 +46,7 @@ FSP_TEST_RELEASE = FALSE  SECURE_BOOT_ENABLE = FALSE  
REBUILD_MODE =  BUILD_ROM_ONLY = -NUMBER_OF_PROCESSORS = 1
+NUMBER_OF_PROCESSORS = 0
 
 
 [PLATFORMS]
--
2.13.3.windows.1





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42621): https://edk2.groups.io/g/devel/message/42621
Mute This Topic: https://groups.io/mt/32050132/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] IntelFsp2Pkg: add TempRamExitPpi.h.

2019-06-19 Thread Nate DeSimone 
Hi Chasel,

Please update the comments for the TempRamExit() function declaration to 
include all of the FSP specification allowed return values:

EFI_SUCCESS - FSP execution environment was initialized successfully.
EFI_INVALID_PARAMETER - Input parameters are invalid.
EFI_UNSUPPORTED - The FSP calling conditions were not met.
EFI_DEVICE_ERROR - Temporary memory exit failed.

With this change...

Reviewed-by: Nate DeSimone 

-Original Message-
From: Chiu, Chasel 
Sent: Friday, June 14, 2019 2:56 AM
To: devel@edk2.groups.io
Cc: Desimone, Nathaniel L ; Zeng, Star 

Subject: [PATCH] IntelFsp2Pkg: add TempRamExitPpi.h.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1883

Add header file for FSP_TEMP_RAM_EXIT_PPI which is defined by FSP 2.1 spec.

Test: Build successfully.

Cc: Nate DeSimone 
Cc: Star Zeng 
Signed-off-by: Chasel Chiu 
---
 IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h | 50 
++
 1 file changed, 50 insertions(+)

diff --git a/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h 
b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
new file mode 100644
index 00..9e728a5d4d
--- /dev/null
+++ b/IntelFsp2Pkg/Include/Ppi/TempRamExitPpi.h
@@ -0,0 +1,50 @@
+/** @file
+  This file defines the Silicon Temp Ram Exit PPI which implements the
+  required programming steps for disabling temporary memory.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _FSP_TEMP_RAM_EXIT_PPI_H_
+#define _FSP_TEMP_RAM_EXIT_PPI_H_
+
+///
+/// Global ID for the FSP_TEMP_RAM_EXIT_PPI.
+///
+#define FSP_TEMP_RAM_EXIT_GUID \
+  { \
+0xbc1cfbdb, 0x7e50, 0x42be, { 0xb4, 0x87, 0x22, 0xe0, 0xa9, 0x0c, 
+0xb0, 0x52 } \
+  }
+
+//
+// Forward declaration for the FSP_TEMP_RAM_EXIT_PPI.
+//
+typedef struct _FSP_TEMP_RAM_EXIT_PPI FSP_TEMP_RAM_EXIT_PPI;
+
+/**
+  Silicon function for disabling temporary memory.
+  @param[in] TempRamExitParamPtr - Pointer to the TempRamExit parameters 
structure.
+   This structure is normally defined in the 
Integration
+   Guide. If it is not defined in the 
Integration Guide,
+   pass NULL.
+  @retval EFI_SUCCESS- Execution was completed successfully.
+  @retval Status - Error status reported by sub-functions if 
implemented.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *FSP_TEMP_RAM_EXIT) (
+  IN  VOID*TempRamExitParamPtr
+  );
+
+///
+/// This PPI provides function to disable temporary memory.
+///
+struct _FSP_TEMP_RAM_EXIT_PPI {
+  FSP_TEMP_RAM_EXIT   TempRamExit;
+};
+
+extern EFI_GUID gFspTempRamExitPpiGuid;
+
+#endif // _FSP_TEMP_RAM_EXIT_PPI_H_
--
2.13.3.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42620): https://edk2.groups.io/g/devel/message/42620
Mute This Topic: https://groups.io/mt/32062194/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] UefiCpuPkg/MpService: GetProcessorInfo returns 6-level topology

2019-06-19 Thread Dong, Eric 
Reviewed-by: Eric Dong 

> -Original Message-
> From: Ni, Ray
> Sent: Wednesday, June 19, 2019 4:58 PM
> To: devel@edk2.groups.io; Ni, Ray 
> Cc: Dong, Eric 
> Subject: RE: [edk2-devel] [PATCH] UefiCpuPkg/MpService: GetProcessorInfo
> returns 6-level topology
> 
> This change will be pushed to edk2-staging repo after it gets Reviewed-by.
> The reason is the change requires a protocol interface change in PI spec.
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Ni,
> Ray
> > Sent: Wednesday, June 19, 2019 4:57 PM
> > To: devel@edk2.groups.io
> > Cc: Dong, Eric 
> > Subject: [edk2-devel] [PATCH] UefiCpuPkg/MpService: GetProcessorInfo
> > returns 6-level topology
> >
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Ray Ni 
> > Cc: Eric Dong 
> > ---
> >  MdePkg/Include/Protocol/MpService.h  | 50
> > +---  UefiCpuPkg/Library/MpInitLib/MpLib.c
> |
> > 19 +++
> >  2 files changed, 64 insertions(+), 5 deletions(-)
> >
> > diff --git a/MdePkg/Include/Protocol/MpService.h
> > b/MdePkg/Include/Protocol/MpService.h
> > index 10e2405daf..aeab8b0790 100644
> > --- a/MdePkg/Include/Protocol/MpService.h
> > +++ b/MdePkg/Include/Protocol/MpService.h
> > @@ -27,7 +27,7 @@
> >APs to help test system memory in parallel with other device 
> > initialization.
> >Diagnostics applications may also use this protocol for multi-processor.
> >
> > -Copyright (c) 2006 - 2017, Intel Corporation. All rights
> > reserved.
> > +Copyright (c) 2006 - 2019, Intel Corporation. All rights
> > +reserved.
> >  SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> >@par Revision Reference:
> > @@ -79,7 +79,7 @@ typedef struct _EFI_MP_SERVICES_PROTOCOL
> > EFI_MP_SERVICES_PROTOCOL;  #define PROCESSOR_HEALTH_STATUS_BIT
> > 0x0004
> >
> >  ///
> > -/// Structure that describes the pyhiscal location of a logical CPU.
> > +/// Structure that describes the physical location of a logical CPU.
> >  ///
> >  typedef struct {
> >///
> > @@ -96,6 +96,45 @@ typedef struct {
> >UINT32  Thread;
> >  } EFI_CPU_PHYSICAL_LOCATION;
> >
> > +#define CPU_V2_EXTENDED_TOPOLOGY BIT24
> > +
> > +///
> > +/// Structure that describes the v2 physical location of a logical CPU.
> > +///
> > +typedef struct {
> > +  ///
> > +  /// Zero-based physical package number that identifies the
> > +cartridge of the
> > processor.
> > +  ///
> > +  UINT32  Package;
> > +  ///
> > +  /// Zero-based physical module number within package of the processor.
> > +  ///
> > +  UINT32  Module;
> > +  ///
> > +  /// Zero-based physical tile number within module of the processor.
> > +  ///
> > +  UINT32  Tile;
> > +  ///
> > +  /// Zero-based physical die number within tile of the processor.
> > +  ///
> > +  UINT32  Die;
> > +  ///
> > +  /// Zero-based physical core number within die of the processor.
> > +  ///
> > +  UINT32  Core;
> > +  ///
> > +  /// Zero-based logical thread number within core of the processor.
> > +  ///
> > +  UINT32  Thread;
> > +} EFI_CPU_PHYSICAL_LOCATION2;
> > +
> > +///
> > +/// Structure that describes extended processor information.
> > +///
> > +typedef union {
> > +  EFI_CPU_PHYSICAL_LOCATION2  Location2; }
> > +EXTENDED_PROCESSOR_INFORMATION;
> > +
> >  ///
> >  /// Structure that describes information about a logical CPU.
> >  ///
> > @@ -106,7 +145,7 @@ typedef struct {
> >/// are used, and higher bits are reserved.  For IPF, the lower 16
> > bits contains
> >/// id/eid, and higher bits are reserved.
> >///
> > -  UINT64 ProcessorId;
> > +  UINT64 ProcessorId;
> >///
> >/// Flags indicating if the processor is BSP or AP, if the processor is
> enabled
> >/// or disabled, and if the processor is healthy. Bits 3..31 are
> > reserved and @@ -125,13 +164,14 @@ typedef struct {
> >///  1  1   1 Healthy Enabled BSP.
> >/// 
> >///
> > -  UINT32 StatusFlag;
> > +  UINT32 StatusFlag;
> >///
> >/// The physical location of the processor, including the physical
> > package number
> >/// that identifies the cartridge, the physical core number within
> > package, and
> >/// logical thread number within core.
> >///
> > -  EFI_CPU_PHYSICAL_LOCATION  Location;
> > +  EFI_CPU_PHYSICAL_LOCATION  Location;
> > +  EXTENDED_PROCESSOR_INFORMATION ExtendedInformation;
> >  } EFI_PROCESSOR_INFORMATION;
> >
> >  /**
> > diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> > b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> > index 6f51bc4ebf..538d6536e2 100644
> > --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
> > +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
> > @@ -1774,10 +1774,17 @@ MpInitLibGetProcessorInfo (
> >CPU_MP_DATA*CpuMpData;
> >UINTN  CallerNumber;
> >CPU_INFO_IN_HOB*CpuInfoInHob;
> > +  UINTN  OriginalProcessorNumber;
> >
> >

Re: [edk2-devel] [PATCH V4 1/2] MdeModulePkg: Add a pcd to set the OS indications bit

2019-06-19 Thread Gao, Zhichao 
I am so sorry for my mistake.
There are still ECC errors in the change of uni file. The additional string 
should be
STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPlatformRecoverySupport_PROMPT
STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPlatformRecoverySupport_HELP

I would update the patch.

Thanks,
Zhichao

> -Original Message-
> From: Ni, Ray
> Sent: Wednesday, June 19, 2019 1:06 PM
> To: Gao, Zhichao ; devel@edk2.groups.io
> Cc: Bret Barkelew ; Wang, Jian J
> ; Wu, Hao A ; Zeng, Star
> ; Gao, Liming ; Sean Brogan
> ; Michael Turner
> 
> Subject: RE: [PATCH V4 1/2] MdeModulePkg: Add a pcd to set the OS
> indications bit
> 
> Reviewed-by: Ray Ni 
> 
> > -Original Message-
> > From: Gao, Zhichao
> > Sent: Wednesday, June 19, 2019 11:10 AM
> > To: devel@edk2.groups.io
> > Cc: Bret Barkelew ; Wang, Jian J
> > ; Wu, Hao A ; Ni, Ray
> > ; Zeng, Star ; Gao, Liming
> > ; Sean Brogan ;
> > Michael Turner 
> > Subject: [PATCH V4 1/2] MdeModulePkg: Add a pcd to set the OS
> > indications bit
> >
> > From: Bret Barkelew 
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1678
> >
> > Add a pcd PcdPlatformRecoverySupport to conditionally set an OS
> > indications bit and set the 'PlatformRecovery'
> > variable. This pcd would also control whether the BDS support platform
> > recovery or not.
> > Update the uni file for description of the pcd.
> >
> > Cc: Jian J Wang 
> > Cc: Hao Wu 
> > Cc: Ray Ni 
> > Cc: Star Zeng 
> > Cc: Liming Gao 
> > Cc: Sean Brogan 
> > Cc: Michael Turner 
> > Cc: Bret Barkelew 
> > Signed-off-by: Zhichao Gao 
> > ---
> >  MdeModulePkg/MdeModulePkg.dec | 6 ++
> > MdeModulePkg/MdeModulePkg.uni | 2 ++
> >  2 files changed, 8 insertions(+)
> >
> > diff --git a/MdeModulePkg/MdeModulePkg.dec
> > b/MdeModulePkg/MdeModulePkg.dec index 0a9fcddecc..da2b85770c
> > 100644
> > --- a/MdeModulePkg/MdeModulePkg.dec
> > +++ b/MdeModulePkg/MdeModulePkg.dec
> > @@ -1660,6 +1660,12 @@
> ># @Prompt Reset on memory type information change.
> >
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationC
> h
> > ange|TRUE|BOOLEAN|0x00010056
> >
> > +  ## Indicates if the BDS supports Platform Recovery.
> > +  #   TRUE  - BDS supports Platform Recovery.
> > +  #   FALSE - BDS does not support Platform Recovery.
> > +  # @Prompt Support Platform Recovery.
> > +
> > +
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdPlatformRecoverySupport|TRUE|B
> O
> > OLEAN
> > + |0x00010078
> > +
> >## Specify the foreground color for Subtile text in HII Form
> > Browser. The default value is EFI_BLUE.
> >#  Only following values defined in UEFI specification are valid:
> >#  0x00 (EFI_BLACK)
> > diff --git a/MdeModulePkg/MdeModulePkg.uni
> > b/MdeModulePkg/MdeModulePkg.uni index ed8ac9eadc..a265452eba
> > 100644
> > --- a/MdeModulePkg/MdeModulePkg.uni
> > +++ b/MdeModulePkg/MdeModulePkg.uni
> > @@ -441,6 +441,8 @@
> >
> >  #string
> >
> STR_gEfiMdeModulePkgTokenSpaceGuid_PcdResetOnMemoryTypeInforma
> ti
> > onChange_PROMPT  #language en-US "Reset on memory type information
> > change"
> >
> > +#string
> >
> STR_gEfiMdeModulePkgTokenSpaceGuid_PcdResetOnMemoryTypeInforma
> ti
> > onChange  #language en-US "Indicate the system support platform
> > recovery or not"
> > +
> >  #string
> >
> STR_gEfiMdeModulePkgTokenSpaceGuid_PcdResetOnMemoryTypeInforma
> ti
> > onChange_HELP  #language en-US "Indicates if to reset system when
> > memory type information changes.\n"
> >
> > "TRUE  - Resets system when memory type information changes.\n"
> >
> > "FALSE - Does not reset system when memory type information
> changes."
> > --
> > 2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42618): https://edk2.groups.io/g/devel/message/42618
Mute This Topic: https://groups.io/mt/32119455/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 3/3] SecurityPkg: add FvReportPei.inf in dsc for build validation

2019-06-19 Thread Wang, Jian J 
https://bugzilla.tianocore.org/show_bug.cgi?id=1617

Cc: Chao Zhang 
Cc: Jiewen Yao 
Cc: "Hernandez Beltran, Jorge" 
Cc: Harry Han 
Signed-off-by: Jian J Wang 
---
 SecurityPkg/SecurityPkg.dsc | 5 +
 1 file changed, 5 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index a2ee0528f0..4451bd1271 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -287,6 +287,11 @@
   SecurityPkg/HddPassword/HddPasswordDxe.inf
   SecurityPkg/HddPassword/HddPasswordPei.inf
 
+  #
+  # Common FV checker/verifier/reporter
+  #
+  SecurityPkg/FvReportPei/FvReportPei.inf
+
 [BuildOptions]
MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256
   INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256
-- 
2.17.1.windows.2


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42617): https://edk2.groups.io/g/devel/message/42617
Mute This Topic: https://groups.io/mt/32139884/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 1/3] SecurityPkg: add definitions for OBB verification

2019-06-19 Thread Wang, Jian J 
> v4: change FV_HASH_FLAG_BOOT_MODE to align with
> HASHED_FV_FLAG_SKIP_BOOT_MODE

> v3: update per Jiewen's comments
>   - remove HASHED_FV_MAX_NUMBER
>   - update _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI to
> be more flexible
>   - update HASHED_FV_INFO to use UINT64 for Base and Length

https://bugzilla.tianocore.org/show_bug.cgi?id=1617

gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid should be installed by
platform to pass FV hash information to the common FV verify/report
driver, in which the hash value will be calculated again based on the
information fed in and then verified.

The information passed in this PPI include:
  - FVs location in flash and length
  - Hash values for different boot mode

The hash value must be calculated in following way (if 3 FVs to calc):

  FV1 -> Hash1
  FV2 -> Hash2
  FV3 -> Hash3
  Hash1 + Hash2 + Hash3 -> HashAll

Only HashAll is stored in this PPI. The purposes for this algorithm
are two:

  1. To report each FV's hash to TCG driver and verify HashAll at the
 same time without the burden to calculate the hash twice;
  2. To save hash value storage due to potential hardware limitation

Different boot mode may have its own hash value so that each mode can
decide which FV will be verified. For example, for the sake of performance,
S3 may choose to skip some FVs verification and normal boot will verify
all FVs it concerns.

So in this PPI, each FV information has flag to indicate which boot mode
it will be taken into hash calculation.

And if multiple hash values passed in this PPI, each has a flag to indicate
which boot mode it's used for. Note one hash value supports more than one
boot modes if they're just the same.

PcdStatusCodeFvVerificationPass and PcdStatusCodeFvVerificationFail are
introduced to report status back to platform, and platform can choose how
to act upon verification success and failure.

Cc: Chao Zhang 
Cc: Jiewen Yao 
Cc: "Hernandez Beltran, Jorge" 
Cc: Harry Han 
Signed-off-by: Jian J Wang 
---
 .../Ppi/FirmwareVolumeInfoStoredHashFv.h  | 62 +++
 SecurityPkg/SecurityPkg.dec   |  9 +++
 2 files changed, 71 insertions(+)
 create mode 100644 SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h

diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h 
b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
new file mode 100644
index 00..42f2748f92
--- /dev/null
+++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
@@ -0,0 +1,62 @@
+/** @file
+PPI to describe stored hash digest for FVs.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_H__
+#define __PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_H__
+
+#include 
+
+// {7F5E4E31-81B1-47E5-9E21-1E4B5BC2F61D}
+#define EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI_GUID \
+  {0x7f5e4e31, 0x81b1, 0x47e5, {0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 
0x1d}}
+
+//
+// Hashed FV flags.
+//
+#define HASHED_FV_FLAG_REPORT_FV_INFO_PPI 0x0001
+#define HASHED_FV_FLAG_REPORT_FV_HOB  0x0002
+#define HASHED_FV_FLAG_VERIFIED_BOOT  0x0010
+#define HASHED_FV_FLAG_MEASURED_BOOT  0x0020
+#define HASHED_FV_FLAG_SKIP_ALL   0xFF00
+#define HASHED_FV_FLAG_SKIP_BOOT_MODE(Mode)   LShiftU64 (0x100, (Mode))
+
+//
+// FV hash flags
+//
+#define FV_HASH_FLAG_BOOT_MODE(Mode)  LShiftU64 (0x100, (Mode))
+
+typedef struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI
+EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI;
+
+typedef struct _HASHED_FV_INFO {
+  UINT64  Base;
+  UINT64  Length;
+  UINT64  Flag;
+} HASHED_FV_INFO;
+
+typedef struct _FV_HASH_INFO {
+  UINT64  HashFlag;
+  UINT16  HashAlgoId;
+  UINT16  HashSize;
+  UINT8   Hash[64];
+} FV_HASH_INFO;
+
+//
+// PPI used to convey FVs and hash information of a specific platform. Only one
+// instance of this PPI is allowed in the platform.
+//
+struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
+  FV_HASH_INFOHashInfo;
+  UINTN   FvNumber;
+  HASHED_FV_INFO  FvInfo[1];
+};
+
+extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;
+
+#endif
+
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 1d43a69bc6..b9c04a3d13 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -187,6 +187,9 @@
 
   ## Include/Ppi/FirmwareVolumeInfoPrehashedFV.h
   gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid = { 0x3ce1e631, 0x7008, 
0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, 0x4b } }
+ 
+  ## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
+  gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1, 
0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b,

[edk2-devel] [PATCH v4 0/3] Common OBB verification feature

2019-06-19 Thread Wang, Jian J 
>V4: change FV_HASH_FLAG_BOOT_MODE definition

>V3: update per Jiewen's comments

>V2: fix parameter description error found by ECC

https://bugzilla.tianocore.org/show_bug.cgi?id=1617

Cc: Chao Zhang 
Cc: Jiewen Yao 
Cc: "Hernandez Beltran, Jorge" 
Cc: Harry Han 

Jian J Wang (3):
  SecurityPkg: add definitions for OBB verification
  SecurityPkg/FvReportPei: implement a common FV verifier and reporter
  SecurityPkg: add FvReportPei.inf in dsc for build validation

 SecurityPkg/FvReportPei/FvReportPei.c | 416 ++
 SecurityPkg/FvReportPei/FvReportPei.h | 122 +
 SecurityPkg/FvReportPei/FvReportPei.inf   |  57 +++
 SecurityPkg/FvReportPei/FvReportPei.uni   |  14 +
 .../FvReportPei/FvReportPeiPeiExtra.uni   |  12 +
 .../Ppi/FirmwareVolumeInfoStoredHashFv.h  |  62 +++
 SecurityPkg/SecurityPkg.dec   |   9 +
 SecurityPkg/SecurityPkg.dsc   |   5 +
 8 files changed, 697 insertions(+)
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.c
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.h
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.inf
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.uni
 create mode 100644 SecurityPkg/FvReportPei/FvReportPeiPeiExtra.uni
 create mode 100644 SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h

-- 
2.17.1.windows.2


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42614): https://edk2.groups.io/g/devel/message/42614
Mute This Topic: https://groups.io/mt/32139876/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 2/3] SecurityPkg/FvReportPei: implement a common FV verifier and reporter

2019-06-19 Thread Wang, Jian J 
>v3:
>  - shrink mHashAlgInfo and add FindHashAlgInfo() to find matched algorithm
>  - add ASSERT for illegal use cases
>  - add DEBUG print for skipped FV
>  - update code to use new definition of HASHED_FV_INFO and
>_EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI
>  - some small code optimizations

>v2: correct parameter and return value description for GetHashInfo()

https://bugzilla.tianocore.org/show_bug.cgi?id=1617

This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.

Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.

To be hardware/platform independent, PPI

  gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid

is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.

struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
  UINTN   FvNumber;
  HASHED_FV_INFO  FvInfo[HASHED_FV_MAX_NUMBER];
  UINTN   HashNumber;
  FV_HASH_INFOHashInfo[1];
};

To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.

For a measured boot, this driver will install

  gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid

to report digest of each FV to TCG driver.

For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.

If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.

If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.

The platform can register customized handler to process pass and fail
cases differently.

Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.

Cc: Chao Zhang 
Cc: Jiewen Yao 
Cc: "Hernandez Beltran, Jorge" 
Cc: Harry Han 
Signed-off-by: Jian J Wang 
---
 SecurityPkg/FvReportPei/FvReportPei.c | 416 ++
 SecurityPkg/FvReportPei/FvReportPei.h | 122 +
 SecurityPkg/FvReportPei/FvReportPei.inf   |  57 +++
 SecurityPkg/FvReportPei/FvReportPei.uni   |  14 +
 .../FvReportPei/FvReportPeiPeiExtra.uni   |  12 +
 5 files changed, 621 insertions(+)
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.c
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.h
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.inf
 create mode 100644 SecurityPkg/FvReportPei/FvReportPei.uni
 create mode 100644 SecurityPkg/FvReportPei/FvReportPeiPeiExtra.uni

diff --git a/SecurityPkg/FvReportPei/FvReportPei.c 
b/SecurityPkg/FvReportPei/FvReportPei.c
new file mode 100644
index 00..653012b3e9
--- /dev/null
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@@ -0,0 +1,416 @@
+/** @file
+  This driver verifies and reports OBB FVs.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "FvReportPei.h"
+
+STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = {
+  {TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, 
Sha256HashAll}, // 000B
+  {TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, 
Sha384HashAll}, // 000C
+  {TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, 
Sha512HashAll}, // 000D
+};
+
+STATIC
+CONST
+HASH_ALG_INFO *
+FindHashAlgInfo (
+  IN UINT16 HashAlgId
+  )
+{
+  UINTN Index;
+
+  for (Index = 0; Index < ARRAY_SIZE (mHashAlgInfo); ++Index) {
+if (mHashAlgInfo[Index].HashAlgId == HashAlgId) {
+  return [Index];
+}
+  }
+
+  return NULL;
+}
+
+/**
+  Install a EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI instance so that
+  TCG driver may use to extend PCRs.
+
+  @param[in]  FvBufferBuffer containing the whole FV.
+  @param[in]  FvLengthLength of the FV.
+  @param[in]  HashAlgoId  Hash algorithm type id.
+  @param[in]  HashSizeHash size.
+  @param[in]  HashValue   Hash value buffer.
+**/
+STATIC
+VOID
+InstallPreHashFvPpi (
+  IN VOID   *FvBuffer,
+  IN UINTN  FvLength,
+  IN UINT16 HashAlgoId,
+  IN UINT16 HashSize,
+  IN UINT8  *HashValue
+  )
+{
+  EFI_STATUSStatus;
+  EFI_PEI_PPI_DESCRIPTOR*FvInfoPpiDescriptor;
+

[edk2-devel] [PATCH] SecurityPkg/DxeDeferImageLoadLib: Remove DxeDeferImageLoadLib

2019-06-19 Thread Zhang, Shenglei 
The library DxeDeferImageLoadLib supports UID feature and it is conflicted
with the driver SecurityStubDxe (Defer3rdPartyImageLoad.c).
And the UID feature is dropped. So it should be removed from SecurityPkg.
https://bugzilla.tianocore.org/show_bug.cgi?id=1919

Cc: Chao Zhang 
Cc: Jiewen Yao 
Cc: Jian Wang 
Signed-off-by: Shenglei Zhang 
---
 .../DxeDeferImageLoadLib.c| 927 --
 .../DxeDeferImageLoadLib.h|  99 --
 .../DxeDeferImageLoadLib.inf  |  63 --
 .../DxeDeferImageLoadLib.uni  |  18 -
 SecurityPkg/SecurityPkg.dsc   |   1 -
 5 files changed, 1108 deletions(-)
 delete mode 100644 
SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c
 delete mode 100644 
SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h
 delete mode 100644 
SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf
 delete mode 100644 
SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.uni

diff --git a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c 
b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c
deleted file mode 100644
index a6a3fe3cfc68..
--- a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c
+++ /dev/null
@@ -1,927 +0,0 @@
-/** @file
-  Implement defer image load services for user identification in UEFI2.2.
-
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include "DxeDeferImageLoadLib.h"
-
-//
-// Handle for the Deferred Image Load Protocol instance produced by this 
driver.
-//
-EFI_HANDLE   mDeferredImageHandle = NULL;
-BOOLEAN  mIsProtocolInstalled = FALSE;
-EFI_USER_MANAGER_PROTOCOL*mUserManager= NULL;
-DEFERRED_IMAGE_TABLE mDeferredImage   = {
-  0,   // Deferred image count
-  NULL // The deferred image info
-};
-
-EFI_DEFERRED_IMAGE_LOAD_PROTOCOL gDeferredImageLoad   = {
-  GetDefferedImageInfo
-};
-
-/**
-  Get the image type.
-
-  @param[in]FileThis is a pointer to the device path of the file
-that is being dispatched.
-
-  @return   UINT32  Image Type
-
-**/
-UINT32
-GetFileType (
-  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File
-  )
-{
-  EFI_STATUSStatus;
-  EFI_HANDLEDeviceHandle;
-  EFI_DEVICE_PATH_PROTOCOL  *TempDevicePath;
-  EFI_BLOCK_IO_PROTOCOL *BlockIo;
-
-  //
-  // First check to see if File is from a Firmware Volume
-  //
-  DeviceHandle  = NULL;
-  TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
-  Status = gBS->LocateDevicePath (
-  ,
-  ,
-  
-  );
-  if (!EFI_ERROR (Status)) {
-Status = gBS->OpenProtocol (
-DeviceHandle,
-,
-NULL,
-NULL,
-NULL,
-EFI_OPEN_PROTOCOL_TEST_PROTOCOL
-);
-if (!EFI_ERROR (Status)) {
-  return IMAGE_FROM_FV;
-}
-  }
-
-  //
-  // Next check to see if File is from a Block I/O device
-  //
-  DeviceHandle   = NULL;
-  TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
-  Status = gBS->LocateDevicePath (
-  ,
-  ,
-  
-  );
-  if (!EFI_ERROR (Status)) {
-BlockIo = NULL;
-Status = gBS->OpenProtocol (
-DeviceHandle,
-,
-(VOID **) ,
-NULL,
-NULL,
-EFI_OPEN_PROTOCOL_GET_PROTOCOL
-);
-if (!EFI_ERROR (Status) && BlockIo != NULL) {
-  if (BlockIo->Media != NULL) {
-if (BlockIo->Media->RemovableMedia) {
-  //
-  // Block I/O is present and specifies the media is removable
-  //
-  return IMAGE_FROM_REMOVABLE_MEDIA;
-} else {
-  //
-  // Block I/O is present and specifies the media is not removable
-  //
-  return IMAGE_FROM_FIXED_MEDIA;
-}
-  }
-}
-  }
-
-  //
-  // File is not in a Firmware Volume or on a Block I/O device, so check to 
see if
-  // the device path supports the Simple File System Protocol.
-  //
-  DeviceHandle   = NULL;
-  TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
-  Status = gBS->LocateDevicePath (
-  ,
-  ,
-  
-  );
-  if (!EFI_ERROR (Status)) {
-//
-// Simple File System is present without Block I/O, so assume media is 
fixed.
-//
-return IMAGE_FROM_FIXED_MEDIA;
-  }
-
-  //
-  // File is not from an FV, Block I/O or Simple File System, so the only 
options
-  // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot 
from a NIC.
-  //
-  TempDevicePath =

Re: [edk2-devel] [edk2-platforms] [patch v3 0/2] Add UserInterfaceFeaturePkg and UserAuthentication modules

2019-06-19 Thread Dong, Eric 
Hi Dandan,

Please update the copyright date to 2019 before you check in the code, others 
are good to me.

Reviewed-by: Eric Dong 

Thanks,
Eric

> -Original Message-
> From: Bi, Dandan
> Sent: Monday, June 17, 2019 4:49 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric ; Gao, Liming 
> Subject: [edk2-platforms] [patch v3 0/2] Add UserInterfaceFeaturePkg and
> UserAuthentication modules
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1545
> 
> Patch 1 add a new package UserInterfaceFeaturePkg where put the
> UserAuthentication modules into.
> Package name follows the discussion in:
> https://edk2.groups.io/g/devel/message/42286
> 
> Patch 2 add password based user authentication modules.
> 
> V3:
> No change for patch 1.
> Patch 2 add missing [LibraryClasses] section in UserInterfaceFeaturePkg.dec.
> 
> V2:
> No change for patch 1.
> patch 2 add PcdPasswordCleared in
> [PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx]
> section.
> 
> Cc: Eric Dong 
> Cc: Liming Gao 
> Dandan Bi (2):
>   Platform/Intel: Add UserInterfaceFeaturePkg
>   Platform/Intel/UserInterfaceFeaturePkg: Add UserAuthentication modules
> 
>  Maintainers.txt   |   4 +
>  .../Include/Guid/UserAuthentication.h |  45 +
>  .../Include/Library/PlatformPasswordLib.h |  48 ++
>  .../Include/Library/UserPasswordLib.h |  70 ++
>  .../Include/Library/UserPasswordUiLib.h   |  37 +
>  .../PlatformPasswordLibNull.c |  78 ++
>  .../PlatformPasswordLibNull.inf   |  39 +
>  .../PlatformPasswordLibNull.uni   |  19 +
>  .../Library/UserPasswordLib/UserPasswordLib.c | 274 ++
>  .../UserPasswordLib/UserPasswordLib.inf   |  37 +
>  .../UserPasswordUiLib/UserPasswordUiLib.c | 522 
>  .../UserPasswordUiLib/UserPasswordUiLib.inf   |  41 +
>  .../UserAuthentication/KeyService.c   | 133 +++
>  .../UserAuthentication/KeyService.h   |  88 ++
>  .../UserAuthentication2Dxe.c  | 478 +++
>  .../UserAuthentication2Dxe.h  |  55 ++
>  .../UserAuthentication2Dxe.inf|  53 ++
>  .../UserAuthenticationDxe.c   | 780 ++
>  .../UserAuthenticationDxe.h   | 138 
>  .../UserAuthenticationDxe.inf |  63 ++
>  .../UserAuthenticationDxeFormset.h|  23 +
>  .../UserAuthenticationDxePassword.c   | 319 +++
>  .../UserAuthenticationDxeStrings.uni  |  30 +
>  .../UserAuthenticationDxeVfr.vfr  |  39 +
>  .../UserAuthenticationSmm.c   | 674 +++
>  .../UserAuthenticationSmm.h   |  52 ++
>  .../UserAuthenticationSmm.inf |  53 ++
>  .../UserInterfaceFeaturePkg.dec   |  34 +
>  .../UserInterfaceFeaturePkg.dsc   |  78 ++
>  29 files changed, 4304 insertions(+)
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Include/Guid/UserAuthentication.
> h
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Include/Library/PlatformPasswordL
> ib.h
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Include/Library/UserPasswordLib.h
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Include/Library/UserPasswordUiLib
> .h
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Library/PlatformPasswordLibNull/P
> latformPasswordLibNull.c
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Library/PlatformPasswordLibNull/P
> latformPasswordLibNull.inf
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Library/PlatformPasswordLibNull/P
> latformPasswordLibNull.uni
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Library/UserPasswordLib/UserPass
> wordLib.c
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Library/UserPasswordLib/UserPass
> wordLib.inf
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Library/UserPasswordUiLib/UserPa
> sswordUiLib.c
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/Library/UserPasswordUiLib/UserPa
> sswordUiLib.inf
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/KeyService.c
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/KeyService.h
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
> ation2Dxe.c
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
> ation2Dxe.h
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
> ation2Dxe.inf
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
> ationDxe.c
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
> ationDxe.h
>  create mode 100644
> Platform/Intel/UserInterfaceFeaturePkg/UserAuthentication/UserAuthentic
>

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL

2019-06-19 Thread Wang, Jian J 
Agree with Laszlo's comment. With it's addressed,

Reviewed-by: Jian J Wang 


> -Original Message-
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Laszlo Ersek
> Sent: Thursday, June 20, 2019 6:20 AM
> To: devel@edk2.groups.io; Lu, XiaoyuX ; Rebecca Cran
> 
> Cc: Wang, Jian J 
> Subject: Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-
> config for OpenSSL
> 
> Hi,
> 
> On 06/19/19 09:22, Xiaoyu Lu wrote:
> > This problem was found by Rebecca Cran .
> > REF: https://edk2.groups.io/g/devel/topic/32100684
> >
> > OpenSSL will automatically load a system config file which configures
> > default ssl options. In UEFI, It will cause TlsInitialize failed
> > without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
> > So disable it.
> >
> > Re-run process_files.py to generate OpensslLib[Crypto].inf files.
> >
> > Cc: Jian J Wang 
> > Signed-off-by: Xiaoyu Lu 
> > ---
> >  CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
> >  CryptoPkg/Library/OpensslLib/process_files.pl   | 1 +
> >  2 files changed, 4 insertions(+)
> 
> I think -- also from the discussion in the other thread, linked above --
> that this qualifies as a regression from the OpenSSL update in
> edk2-stable201905.
> 
> I suggest that we please file a TianoCore BZ for this issue, and
> cross-reference the BZ with the patch (the patch should be reposted with
> a BZ reference, and the BZ should reference the posting / final commit
> hash).
> 
> In addition, the BZ should get the "Regression" keyword (in the
> "keywords" field), and it should include a pointer to the OpenSSL
> upgrade BZ (1089) in the See Also field.
> 
> These metadata make it easier for consumers of edk2 to track this fix.
> 
> Thanks
> Laszlo
> 
> > diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > index 07fa2d3ce280..2b4d538e92d2 100644
> > --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> > +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> > @@ -115,6 +115,9 @@ extern "C" {
> >  #ifndef OPENSSL_NO_AUTOERRINIT
> >  # define OPENSSL_NO_AUTOERRINIT
> >  #endif
> > +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> > +# define OPENSSL_NO_AUTOLOAD_CONFIG
> > +#endif
> >  #ifndef OPENSSL_NO_CAPIENG
> >  # define OPENSSL_NO_CAPIENG
> >  #endif
> > diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> > index 2783ff54f95a..3e8669e30fd7 100755
> > --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> > +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> > @@ -53,6 +53,7 @@ BEGIN {
> >  "no-async",
> >  "no-autoalginit",
> >  "no-autoerrinit",
> > +"no-autoload-config",
> >  "no-bf",
> >  "no-blake2",
> >  "no-camellia",
> >
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42610): https://edk2.groups.io/g/devel/message/42610
Mute This Topic: https://groups.io/mt/32120649/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM.

2019-06-19 Thread Wu, Hao A 
> -Original Message-
> From: Ni, Ray
> Sent: Wednesday, June 19, 2019 5:00 PM
> To: devel@edk2.groups.io; Xu, Wei6; Wu, Hao A
> Cc: Wang, Jian J; Zhang, Chao B
> Subject: RE: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> CapsuleOnDiskLoadPei PEIM.
> 
> > -Original Message-
> > From: devel@edk2.groups.io  On Behalf Of Xu,
> > Wei6
> > Sent: Wednesday, June 19, 2019 4:41 PM
> > To: Wu, Hao A ; devel@edk2.groups.io
> > Cc: Wang, Jian J ; Zhang, Chao B
> > 
> > Subject: Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> > CapsuleOnDiskLoadPei PEIM.
> >
> > > > +  ASSERT_EFI_ERROR (Status);
> > > > +
> > > > +  FileNameSize = PcdGetSize (PcdCoDRelocationFileName);  Status =
> > > > + PcdSetPtrS (PcdRecoveryFileName, , (VOID *)
> > > > PcdGetPtr(PcdCoDRelocationFileName));
> > >
> > >
> > > Buffer for 'PcdRecoveryFileName' may not be big enough to hold the
> > > content in 'PcdCoDRelocationFileName'.
> > >
> > > I think there might be a chance for the above PcdSetPtrS() call to fail.
> > >
> >
> >
> > Thanks a lot for the comments.
> > Yes, 'PcdRecoveryFileName' should be larger than
> > 'PcdCoDRelocationFileName'.
> > I think no need to update the code, since these two PCDs are fixed during
> > build time.
> > I will update the description of 'PcdCoDRelocationFileName' to mention: it
> > must be smaller than 'PcdRecoveryFileName', otherwise failure may occur.
> 
> But your code doesn't check the status of PcdSetPtrS().


Please help to add check to the return status of PcdSetPtrS() and also add
description comments for 'PcdCoDRelocationFileName' to mention its impact
to 'PcdRecoveryFileName' together with the limitation.

Best Regards,
Hao Wu


> 
> >
> > Do you have comments about it?
> > Thanks again.
> >
> >
> > BR,
> > Wei
> >
> > > -Original Message-
> > > From: Wu, Hao A
> > > Sent: Wednesday, June 12, 2019 3:49 PM
> > > To: devel@edk2.groups.io; Xu, Wei6 
> > > Cc: Wang, Jian J ; Zhang, Chao B
> > > 
> > > Subject: RE: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> > > CapsuleOnDiskLoadPei PEIM.
> > >
> > > > -Original Message-
> > > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf
> > > > Of Xu,
> > > > Wei6
> > > > Sent: Wednesday, June 05, 2019 11:42 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B; Xu, Wei6
> > > > Subject: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> > > > CapsuleOnDiskLoadPei PEIM.
> > > >
> > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1852
> > > >
> > > > This module provides PPI to load Capsule On Disk temp relocation
> > > > file from Root Directory file system, retrieve the capsules from the
> > > > temp file and create capsule hobs for these capsules.
> > > >
> > > > Cc: Jian J Wang 
> > > > Cc: Hao A Wu 
> > > > Cc: Chao B Zhang 
> > > > Signed-off-by: Wei6 Xu 
> > > > ---
> > > >  MdeModulePkg/MdeModulePkg.dsc  |   4 +
> > > >  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c| 442
> > > > +
> > > >  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf  |  64 +++
> > > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.uni  |  15 +
> > > >  .../CapsuleOnDiskLoadPeiExtra.uni  |  14 +
> > > >  5 files changed, 539 insertions(+)
> > > >  create mode 100644
> > > >
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c
> > > >  create mode 100644
> > > >
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in
> > > > f
> > > >  create mode 100644
> > > >
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.u
> > > > ni
> > > >  create mode 100644
> > > >
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPeiEx
> > > > tra.uni
> > >
> > > Since this a new module, could you help to follow the recommendation
> > > in
> > >
> https://edk2.groups.io/g/devel/message/39655?p=,,,20,0,0,0::Created,,U
> > > efi
> > > DebugLibStdErr,20,2,0,3131
> > >
> > > to add/update 'static' (lower case) for global variables/functions
> > > whose scope is limited within a single file?
> > >
> > > >
> > > > diff --git a/MdeModulePkg/MdeModulePkg.dsc
> > > > b/MdeModulePkg/MdeModulePkg.dsc index 995fd805e1..615edddbcc
> > > 100644
> > > > --- a/MdeModulePkg/MdeModulePkg.dsc
> > > > +++ b/MdeModulePkg/MdeModulePkg.dsc
> > > > @@ -197,10 +197,13 @@
> > > >
> gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
> > > >
> > >
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizeNonPopulateCapsule|0x0
> > > >
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizePopulateCapsule|0x0
> > > >
> > >
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxPeiPerformanceLogEntries|28
> > > >
> > > > +[PcdsDynamicExDefault]
> > > > +
> > > >
> > >
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName|L"FVMAIN.FV"
> > > > +
> > > >  [Components]
> > > >MdeModulePkg/Application/HelloWorld/HelloWorld.inf
> > > >MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf
> > > >
> >

Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py

2019-06-19 Thread Wang, Jian J 
Reviewed-by: Jian J Wang 


> -Original Message-
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Xiaoyu Lu
> Sent: Wednesday, June 19, 2019 3:19 PM
> To: devel@edk2.groups.io
> Cc: Lu, XiaoyuX ; Laszlo Ersek ;
> Wang, Jian J ; Ye, Ting 
> Subject: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c 
> in
> process_files.py
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1881
> 
> Commit(0a1b13fd4d2210e2c3) fix VS2017 build failure
> remove useless file in OpensslLib[Crypto].inf,
> but we use process_files.py to generate files.
> So exclude err_all.c file in process_files.py
> 
> Cc: Jian J Wang 
> Cc: Ting Ye 
> Signed-off-by: Xiaoyu Lu 
> ---
>  CryptoPkg/Library/OpensslLib/process_files.pl | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> index e277108f0734..2783ff54f95a 100755
> --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> @@ -132,6 +132,7 @@ foreach my $product ((@{$unified_info{libraries}},
>  # So it can reduce porting time, compile time, library size.
>  next if $s =~ "crypto/rand/randfile.c";
>  next if $s =~ "crypto/store/";
> +next if $s =~ "crypto/err/err_all.c";
> 
>  if ($product =~ "libssl") {
>  push @sslfilelist, '  $(OPENSSL_PATH)/' . $s . "\r\n";
> --
> 2.7.4
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42609): https://edk2.groups.io/g/devel/message/42609
Mute This Topic: https://groups.io/mt/32120631/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Fix CR/LF issue

2019-06-19 Thread Wang, Jian J 
Reviewed-by: Jian J Wang 

> -Original Message-
> From: Lu, XiaoyuX
> Sent: Wednesday, June 19, 2019 3:21 PM
> To: devel@edk2.groups.io
> Cc: Lu, XiaoyuX ; Wang, Jian J 
> Subject: [PATCH 1/1] CryptoPkg/OpensslLib: Fix CR/LF issue
> 
> Re-run process_files.py to generate OpensslLib[Crypto].inf.
> CryptoPkg/Library/Include/openssl/opensslconf.h is coped from OpenSSL,
> So keep the CR/LF style like OpenSSL source file.
> 
> Cc: Jian J Wang 
> Signed-off-by: Xiaoyu Lu 
> ---
>  CryptoPkg/Library/Include/openssl/opensslconf.h | 80 
> -
>  1 file changed, 40 insertions(+), 40 deletions(-)
> 
> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 9ce99705d80f..07fa2d3ce280 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -10,8 +10,8 @@
>   * https://www.openssl.org/source/license.html
>   */
> 
> -#include 
> -
> +#include 
> +
>  #ifdef  __cplusplus
>  extern "C" {
>  #endif
> @@ -79,9 +79,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_SEED
>  # define OPENSSL_NO_SEED
>  #endif
> -#ifndef OPENSSL_NO_SM2
> -# define OPENSSL_NO_SM2
> -#endif
> +#ifndef OPENSSL_NO_SM2
> +# define OPENSSL_NO_SM2
> +#endif
>  #ifndef OPENSSL_NO_SRP
>  # define OPENSSL_NO_SRP
>  #endif
> @@ -91,9 +91,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_WHIRLPOOL
>  # define OPENSSL_NO_WHIRLPOOL
>  #endif
> -#ifndef OPENSSL_RAND_SEED_NONE
> -# define OPENSSL_RAND_SEED_NONE
> -#endif
> +#ifndef OPENSSL_RAND_SEED_NONE
> +# define OPENSSL_RAND_SEED_NONE
> +#endif
>  #ifndef OPENSSL_NO_AFALGENG
>  # define OPENSSL_NO_AFALGENG
>  #endif
> @@ -127,9 +127,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_DEPRECATED
>  # define OPENSSL_NO_DEPRECATED
>  #endif
> -#ifndef OPENSSL_NO_DEVCRYPTOENG
> -# define OPENSSL_NO_DEVCRYPTOENG
> -#endif
> +#ifndef OPENSSL_NO_DEVCRYPTOENG
> +# define OPENSSL_NO_DEVCRYPTOENG
> +#endif
>  #ifndef OPENSSL_NO_DGRAM
>  # define OPENSSL_NO_DGRAM
>  #endif
> @@ -163,9 +163,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_ERR
>  # define OPENSSL_NO_ERR
>  #endif
> -#ifndef OPENSSL_NO_EXTERNAL_TESTS
> -# define OPENSSL_NO_EXTERNAL_TESTS
> -#endif
> +#ifndef OPENSSL_NO_EXTERNAL_TESTS
> +# define OPENSSL_NO_EXTERNAL_TESTS
> +#endif
>  #ifndef OPENSSL_NO_FILENAMES
>  # define OPENSSL_NO_FILENAMES
>  #endif
> @@ -220,24 +220,24 @@ extern "C" {
>  #ifndef OPENSSL_NO_TESTS
>  # define OPENSSL_NO_TESTS
>  #endif
> -#ifndef OPENSSL_NO_TLS1_3
> -# define OPENSSL_NO_TLS1_3
> -#endif
> +#ifndef OPENSSL_NO_TLS1_3
> +# define OPENSSL_NO_TLS1_3
> +#endif
>  #ifndef OPENSSL_NO_UBSAN
>  # define OPENSSL_NO_UBSAN
>  #endif
> -#ifndef OPENSSL_NO_UI_CONSOLE
> -# define OPENSSL_NO_UI_CONSOLE
> -#endif
> +#ifndef OPENSSL_NO_UI_CONSOLE
> +# define OPENSSL_NO_UI_CONSOLE
> +#endif
>  #ifndef OPENSSL_NO_UNIT_TEST
>  # define OPENSSL_NO_UNIT_TEST
>  #endif
>  #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
>  # define OPENSSL_NO_WEAK_SSL_CIPHERS
>  #endif
> -#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> -# define OPENSSL_NO_DYNAMIC_ENGINE
> -#endif
> +#ifndef OPENSSL_NO_DYNAMIC_ENGINE
> +# define OPENSSL_NO_DYNAMIC_ENGINE
> +#endif
>  #ifndef OPENSSL_NO_AFALGENG
>  # define OPENSSL_NO_AFALGENG
>  #endif
> @@ -256,11 +256,11 @@ extern "C" {
>   * functions.
>   */
>  #ifndef DECLARE_DEPRECATED
> -# define DECLARE_DEPRECATED(f)   f;
> -# ifdef __GNUC__
> -#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> -#   undef DECLARE_DEPRECATED
> -#   define DECLARE_DEPRECATED(f)f __attribute__ ((deprecated));
> +# define DECLARE_DEPRECATED(f)   f;
> +# ifdef __GNUC__
> +#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
> +#   undef DECLARE_DEPRECATED
> +#   define DECLARE_DEPRECATED(f)f __attribute__ ((deprecated));
>  #  endif
>  # endif
>  #endif
> @@ -284,18 +284,18 @@ extern "C" {
>  # define OPENSSL_API_COMPAT OPENSSL_MIN_API
>  #endif
> 
> -/*
> - * Do not deprecate things to be deprecated in version 1.2.0 before the
> - * OpenSSL version number matches.
> - */
> -#if OPENSSL_VERSION_NUMBER < 0x1020L
> -# define DEPRECATEDIN_1_2_0(f)   f;
> -#elif OPENSSL_API_COMPAT < 0x1020L
> -# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
> -#else
> -# define DEPRECATEDIN_1_2_0(f)
> -#endif
> -
> +/*
> + * Do not deprecate things to be deprecated in version 1.2.0 before the
> + * OpenSSL version number matches.
> + */
> +#if OPENSSL_VERSION_NUMBER < 0x1020L
> +# define DEPRECATEDIN_1_2_0(f)   f;
> +#elif OPENSSL_API_COMPAT < 0x1020L
> +# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
> +#else
> +# define DEPRECATEDIN_1_2_0(f)
> +#endif
> +
>  #if OPENSSL_API_COMPAT < 0x1010L
>  # define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
>  #else
> --
> 2.7.4


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42608): https://edk2.groups.io/g/devel/message/42608
Mute This Topic: https://groups.io/mt/32120640/21656
Group Owner:

[edk2-devel] [PATCH V3] BaseTools:Add DetectNotUsedItem.py to Edk2\BaseTools\Scripts

2019-06-19 Thread Fan, ZhijuX 
BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=1850

This script is used to Detect unreferenced PCD and GUID/Protocols/PPIs.
The input parameters are Dec file and package directory.

This script can be run in both Py2 and Py3.

Cc: Bob Feng 
Cc: Liming Gao 
Signed-off-by: Zhiju.Fan 
---
 BaseTools/Scripts/DetectNotUsedItem.py | 185 +
 1 file changed, 185 insertions(+)
 create mode 100644 BaseTools/Scripts/DetectNotUsedItem.py

diff --git a/BaseTools/Scripts/DetectNotUsedItem.py 
b/BaseTools/Scripts/DetectNotUsedItem.py
new file mode 100644
index 00..655fb65a96
--- /dev/null
+++ b/BaseTools/Scripts/DetectNotUsedItem.py
@@ -0,0 +1,185 @@
+## @file
+# Detect unreferenced PCD and GUID/Protocols/PPIs.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+'''
+DetectNotUsedItem
+'''
+import re
+import os
+import sys
+import argparse
+
+#
+# Globals for help information
+#
+__prog__= 'DetectNotUsedItem'
+__version__ = '%s Version %s' % (__prog__, '0.1')
+__copyright__   = 'Copyright (c) 2019, Intel Corporation. All rights reserved.'
+__description__ = "Detect unreferenced PCD and GUID/Protocols/PPIs.\n"
+
+SectionList = ["LibraryClasses", "Guids", "Ppis", "Protocols", "Pcd"]
+
+class PROCESS(object):
+
+  def __init__(self, DecPath, InfDirs):
+self.Dec = DecPath
+self.InfPath = InfDirs
+self.Log = []
+
+  def ParserDscFdfInfFile(self):
+AllContentList = []
+for File in (self.SearchbyExt(".dsc") + self.SearchbyExt(".fdf") + 
self.SearchbyExt(".inf")):
+  AllContentList += self.ParseDscFdfInfContent(File)
+return AllContentList
+
+  #Search File by extension name
+  def SearchbyExt(self, Ext):
+FileList = []
+for path in self.InfPath:
+  for root, _, files in os.walk(path, topdown=True, followlinks=False):
+for filename in files:
+  if filename.endswith(Ext):
+FileList.append(os.path.join(root, filename))
+return FileList
+
+  # Parse DEC file to get Line number and Name
+  # return section name, the Item Name and comments line number
+  def ParseDecContent(self):
+SectionRE = re.compile(r'\[(.*)\]')
+Flag = False
+Comments ={}
+Comment_Line = []
+ItemName = {}
+with open(self.Dec, 'r') as F:
+  for Index, content in enumerate(F):
+NotComment = not content.strip().startswith("#")
+Section = SectionRE.findall(content)
+if Section and NotComment:
+  Flag = self.IsNeedParseSection(Section[0])
+if Flag:
+  Comment_Line.append(Index)
+  if NotComment:
+if content != "\n" and content != "\r\n":
+  ItemName[Index] = 
content.split('=')[0].split('|')[0].split('#')[0].strip()
+  Comments[Index] = Comment_Line
+  Comment_Line = []
+return ItemName, Comments
+
+  def IsNeedParseSection(self, SectionName):
+for item in SectionList:
+  if item in SectionName:
+return True
+return False
+
+  #Parse DSC, FDF, INF File, remove comments, return Lines list
+  def ParseDscFdfInfContent(self, File):
+with open(File,'r') as F:
+  lines = F.readlines()
+for Index in range(len(lines)-1, -1, -1):
+  if lines[Index].strip().startswith("#") or lines[Index] == "\n" or 
lines[Index] == "\r\n":
+lines.remove(lines[Index])
+  elif "#" in lines[Index]:
+lines[Index] = lines[Index].split("#")[0].strip()
+  else:
+lines[Index] = lines[Index].strip()
+return lines
+
+  def DetectNotUsedItem(self):
+NotUsedItem = {}
+DecItem, DecComments = self.ParseDecContent()
+InfDscFdfContent = self.ParserDscFdfInfFile()
+for LineNum in list(DecItem.keys()):
+  DecItemName = DecItem[LineNum]
+  Match_reg = re.compile("(?

[edk2-devel] [PATCH V3] BaseTools:add UniTool.py to Edk2\BaseTools\Scripts

2019-06-19 Thread Fan, ZhijuX 
BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=1855

UniTool is one python script to generate UQI (Universal Question
Identifier) unicode string for HII question PROMPT string. UQI
string can be used to identify each HII question.
The scripts function will sync up UQI definitions with uni files
based on vfi/vfr/hfr/sd/sdi in the tree.

This script can be run in both Py2 and Py3.

Cc: Bob Feng 
Cc: Liming Gao 
Signed-off-by: Zhiju.Fan 
---
 BaseTools/Scripts/UniTool.py | 514 +++
 1 file changed, 514 insertions(+)
 create mode 100644 BaseTools/Scripts/UniTool.py

diff --git a/BaseTools/Scripts/UniTool.py b/BaseTools/Scripts/UniTool.py
new file mode 100644
index 00..1064e261f7
--- /dev/null
+++ b/BaseTools/Scripts/UniTool.py
@@ -0,0 +1,514 @@
+## @file
+# generate UQI (Universal Question Identifier) unicode string for HII question 
PROMPT string. UQI string can be used to
+# identify each HII question.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+import re
+import sys
+import os
+import getopt
+import codecs
+import fnmatch
+import logging
+
+# global variable declarations
+QuestionError = False
+UqiList = re.compile('^#string[ \t]+([A-Z_0-9]+)[ \t]+#language[ \t]+uqi[ 
\t\r\n]+"(?:[x\S]{1,2})([0-9a-fA-F]{4,5})"',
+ re.M).findall
+AllUqis = {}
+StringDict = {}
+GlobalVarId = {}
+Options = {}
+
+
+# **
+# description: Prints help information
+#
+# arguments:   none
+#
+# returns: none
+#
+
+def Usage():
+print("Syntax:  %s [-b] [-u] [-l] [-x] [-h] [-d 'rootDirectory1'] [-d 
'rootDirectory2'] [-d 'rootDirectory3']... [-q e|w] \
+'rootDirectory0' 'uqiFile'|'uqiFileDirectory' ['excludedDirectory1'] 
['excludedDirectory2'] ['excludedDirectory3']...\n%s" %
+ (os.path.basename(sys.argv[0]),
+  """\nFunction will sync up UQI definitions with uni files based 
on vfi/vfr/hfr/sd/sdi in the tree.\n
+Required Arguments:
+  'rootdirectory0'   path to root directory
+  'uqiFileDirectory' path to UQI file(UqiList.uni)
+  'uqiFile'  UQI file
+
+Options:
+  -hShow this help
+  -bBuild option returns error if any new UQI 
needs assigning
+based on vfi/vfr/hfr/sd/sdi when no -u option 
is specified
+  -uCreate new UQIs that does not already exist in 
uqiFile for
+any string requiring a UQI based on 
vfi/vfr/hfr/sd/sdi
+NOTE: 'uqiFile' cannot be readonly!
+  -lLanguage deletion option (keeps only English 
and uqi)
+moves all UQIs to 'uqiFile'
+NOTE: Uni files cannot be readonly!
+  -xExclude 'rootDirectory'/'excludedDirectory1' &
+'rootDirectory'/'excludedDirectory2'... from 
UQI list build
+NOTE: Cannot be the same as rootDirectory
+  -dAdd multiple root directories to process
+  -qPrint warning(w) or return error(e) if 
different HII questions
+are referring same string token
+
+Return error if any duplicated UQI string or value in UQI list or if 
no definition
+for any string referred by HII question when -b or -u is specified
+
+NOTE: Options must be specified before parameters
+"""))
+sys.exit()
+
+
+# **
+# description: Get uni file encoding
+#
+# arguments:   Filename - name of uni file
+#
+# returns: utf-8 or utf-16
+#
+def GetUniFileEncoding(Filename):
+#
+# Detect Byte Order Mark at beginning of file.  Default to UTF-8
+#
+Encoding = 'utf-8'
+
+#
+# Read file
+#
+try:
+with open(Filename, mode='rb') as UniFile:
+FileIn = UniFile.read()
+except:
+return Encoding
+
+if (FileIn.startswith(codecs.BOM_UTF16_BE) or 
FileIn.startswith(codecs.BOM_UTF16_LE)):
+Encoding = 'utf-16'
+
+return Encoding
+
+
+# rewrite function os.path.walk
+def Walk(Top, Func, Arg):
+try:
+Names = os.listdir(Top)
+except os.error:
+return
+Func(Arg, Top, Names)
+for Name in Names:
+Name = os.path.join(Top, Name)
+if os.path.isdir(Name):
+Walk(Name, Func, Arg)
+
+
+# **
+# description: Parses commandline arguments and options
+#  Calls function processUni to build dictionary of strings
+#  Calls other functions according to user specified options
+#
+# arguments:   argv

Re: [edk2-devel] [PATCH 0/2] BaseTools: add script to set up git environment

2019-06-19 Thread Laszlo Ersek 
On 06/15/19 10:47, Philippe Mathieu-Daudé wrote:
> On 6/10/19 1:54 PM, Leif Lindholm wrote:
>> https://github.com/tianocore/tianocore.github.io/wiki/Laszlo's-unkempt-git-guide-for-edk2-contributors-and-maintainers
>> is a great resource, but it's a lot of manual steps to go through for
>> each repository (especially as the number seems to grow).
> 
> Laszlo, why do you set 'git config core.pager cat'?
> 

Because I dislike git invoking "less" automatically, when run from a
terminal. If I need "less", I can pipe git's output to "less" just fine.

Thanks
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42605): https://edk2.groups.io/g/devel/message/42605
Mute This Topic: https://groups.io/mt/32003227/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py

2019-06-19 Thread Laszlo Ersek 
On 06/19/19 09:19, Xiaoyu Lu wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1881
> 
> Commit(0a1b13fd4d2210e2c3) fix VS2017 build failure
> remove useless file in OpensslLib[Crypto].inf,
> but we use process_files.py to generate files.
> So exclude err_all.c file in process_files.py
> 
> Cc: Jian J Wang 
> Cc: Ting Ye 
> Signed-off-by: Xiaoyu Lu 
> ---
>  CryptoPkg/Library/OpensslLib/process_files.pl | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl 
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> index e277108f0734..2783ff54f95a 100755
> --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> @@ -132,6 +132,7 @@ foreach my $product ((@{$unified_info{libraries}},
>  # So it can reduce porting time, compile time, library size.
>  next if $s =~ "crypto/rand/randfile.c";
>  next if $s =~ "crypto/store/";
> +next if $s =~ "crypto/err/err_all.c";
>  
>  if ($product =~ "libssl") {
>  push @sslfilelist, '  $(OPENSSL_PATH)/' . $s . "\r\n";
> 

Reviewed-by: Laszlo Ersek 

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42604): https://edk2.groups.io/g/devel/message/42604
Mute This Topic: https://groups.io/mt/32120631/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL

2019-06-19 Thread Laszlo Ersek 
Hi,

On 06/19/19 09:22, Xiaoyu Lu wrote:
> This problem was found by Rebecca Cran .
> REF: https://edk2.groups.io/g/devel/topic/32100684
> 
> OpenSSL will automatically load a system config file which configures
> default ssl options. In UEFI, It will cause TlsInitialize failed
> without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
> So disable it.
> 
> Re-run process_files.py to generate OpensslLib[Crypto].inf files.
> 
> Cc: Jian J Wang 
> Signed-off-by: Xiaoyu Lu 
> ---
>  CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
>  CryptoPkg/Library/OpensslLib/process_files.pl   | 1 +
>  2 files changed, 4 insertions(+)

I think -- also from the discussion in the other thread, linked above --
that this qualifies as a regression from the OpenSSL update in
edk2-stable201905.

I suggest that we please file a TianoCore BZ for this issue, and
cross-reference the BZ with the patch (the patch should be reposted with
a BZ reference, and the BZ should reference the posting / final commit
hash).

In addition, the BZ should get the "Regression" keyword (in the
"keywords" field), and it should include a pointer to the OpenSSL
upgrade BZ (1089) in the See Also field.

These metadata make it easier for consumers of edk2 to track this fix.

Thanks
Laszlo

> diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h 
> b/CryptoPkg/Library/Include/openssl/opensslconf.h
> index 07fa2d3ce280..2b4d538e92d2 100644
> --- a/CryptoPkg/Library/Include/openssl/opensslconf.h
> +++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
> @@ -115,6 +115,9 @@ extern "C" {
>  #ifndef OPENSSL_NO_AUTOERRINIT
>  # define OPENSSL_NO_AUTOERRINIT
>  #endif
> +#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
> +# define OPENSSL_NO_AUTOLOAD_CONFIG
> +#endif
>  #ifndef OPENSSL_NO_CAPIENG
>  # define OPENSSL_NO_CAPIENG
>  #endif
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl 
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> index 2783ff54f95a..3e8669e30fd7 100755
> --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> @@ -53,6 +53,7 @@ BEGIN {
>  "no-async",
>  "no-autoalginit",
>  "no-autoerrinit",
> +"no-autoload-config",
>  "no-bf",
>  "no-blake2",
>  "no-camellia",
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42603): https://edk2.groups.io/g/devel/message/42603
Mute This Topic: https://groups.io/mt/32120649/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2] [PATCH] OvmfPkg: prevent 64-bit MMIO BAR degradation if there is no CSM

2019-06-19 Thread David Woodhouse 


> the driver is thoroughly commented. See especially the
> DriverInitialize() function. Can you determine which one(s) of those
> statements doesn't / don't hold any longer?
>
> Or maybe IncompatiblePciDeviceSupportDxe works as before, but commit
> 065ae7d717f9 ("MdeModulePkg/PciBusDxe: make OPROM BAR degradation
> configurable", 2016-09-26) made a difference? (Adding Ard.)
>
> I'm just guessing of course; a bisection could prove more effective.

I think I worked it out. The problem is that the nvme controller doesn't
have a ROM so it wasn't triggering the downgrade to 32-bit in the first
place.

By hacking IncompatiblePciDeviceSupportDxe to always return configuration
with 32+bit "granularity" I can boot. That does it for *all* devices, of
course... but I don't get the PCI class; only device/vendor IDs.

-- 
dwmw2


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42602): https://edk2.groups.io/g/devel/message/42602
Mute This Topic: https://groups.io/mt/32122513/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2] [PATCH] OvmfPkg: prevent 64-bit MMIO BAR degradation if there is no CSM

2019-06-19 Thread Laszlo Ersek 
Hi David,

On 06/19/19 14:50, David Woodhouse wrote:
> On Thu, 2016-05-19 at 00:12 +0200, Laszlo Ersek wrote:
>> According to edk2 commit
>>
>>   "MdeModulePkg/PciBus: do not improperly degrade resource"
>>
>> and to the EFI_INCOMPATIBLE_PCI_DEVICE_SUPPORT_PROTOCOL definition in the
>> Platform Init 1.4a specification, a platform can provide such a protocol
>> in order to influence the PCI resource allocation performed by the PCI Bus
>> driver.
>>
>> In particular it is possible instruct the PCI Bus driver, with a
>> "wildcard" hint, to allocate the 64-bit MMIO BARs of a device in 64-bit
>> address space, regardless of whether the device features an option ROM.
>>
>> (By default, the PCI Bus driver considers an option ROM reason enough for
>> allocating the 64-bit MMIO BARs in 32-bit address space. It cannot know if
>> BDS will launch a legacy boot option, and under legacy boot, a legacy BIOS
>> binary from a combined option ROM could be dispatched, and fail to access
>> MMIO BARs in 64-bit address space.)
>>
>> In platform code we can ascertain whether a CSM is present or not. If not,
>> then legacy BIOS binaries in option ROMs can't be dispatched, hence the
>> BAR degradation is detrimental, and we should prevent it. This is expected
>> to conserve the 32-bit address space for 32-bit MMIO BARs.
>>
>> The driver added in this patch could be simplified based on the following
>> facts:
>>
>> - In the Ia32 build, the 64-bit MMIO aperture is always zero-size, hence
>>   the driver will exit immediately. Therefore the driver could be omitted
>>   from the Ia32 build.
>>
>> - In the Ia32X64 and X64 builds, the driver could be omitted if CSM_ENABLE
>>   was defined (because in that case the degradation would be justified).
>>   On the other hand, if CSM_ENABLE was undefined, then the driver could be
>>   included, and it could provide the hint unconditionally (without looking
>>   for the Legacy BIOS protocol).
>>
>> These short-cuts are not taken because they would increase the differences
>> between the OVMF DSC/FDF files. If we can manage without extreme
>> complexity, we should use dynamic logic (vs. build time configuration),
>> plus keep conditional compilation to a minimum.
>>
>> Cc: Jordan Justen 
>> Cc: Ruiyu Ni 
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Laszlo Ersek 
> 
> This (commit 855743f717745) appears not to be working any more. I see
> NVMe controllers' BARs being assigned above 4GiB where the CSM can't
> reach them.

the driver is thoroughly commented. See especially the
DriverInitialize() function. Can you determine which one(s) of those
statements doesn't / don't hold any longer?

Or maybe IncompatiblePciDeviceSupportDxe works as before, but commit
065ae7d717f9 ("MdeModulePkg/PciBusDxe: make OPROM BAR degradation
configurable", 2016-09-26) made a difference? (Adding Ard.)

I'm just guessing of course; a bisection could prove more effective.

Thanks
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42601): https://edk2.groups.io/g/devel/message/42601
Mute This Topic: https://groups.io/mt/32122513/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2] [PATCH] OvmfPkg: QemuVideoDxe: Int10h stub for Windows 2008 R2 SP1 (stdvga, QXL)

2019-06-19 Thread Laszlo Ersek 
Hi David,

On 06/17/19 12:52, David Woodhouse wrote:
> On Mon, 2014-05-12 at 20:21 +0400, Mike Maslenkin wrote:
>>>
> +  Segment0  = 0;
> +  Segment0Pages = 1;
> +  Status = gBS->AllocatePages (AllocateAddress, EfiReservedMemoryType,
> +  Segment0Pages, );
> +  if (EFI_ERROR (Status)) {
> +goto RestorePam1;
> +  }

 If CSM is enabled, we will fail to allocate, right?
>>
>> Allocation at LegacyBiosInstall() function will fail, but no one cares
>> about it and MemoryAddress remains uninitialized. This is because uefi
>> video driver is being initialized earlier.
> 
> Right... at the time the above code runs, the CSM has already been
> initialised and installed a stub 'iret' handler for INT 10h, which in
> my case happens to be at F000:F065.
> 
> Because the CSM chose to put that in the F-segment not the E-segment,
> that happens not to trigger the check for an existing handler:
> 
> //
> // Check if a video BIOS handler has been installed previously -- we
> // shouldn't override a real video BIOS with our shim, nor our own shim if
> // it's already present.
> //
> Handler = (Int0x10->Segment << 4) + Int0x10->Offset;
> if (Handler >= SegmentC && Handler < SegmentF) {
>   DEBUG ((EFI_D_INFO, "%a: Video BIOS handler found at %04x:%04x\n",
> __FUNCTION__, Int0x10->Segment, Int0x10->Offset));
>   return;
> }
> 
> So InstallVbeShim() goes ahead and copies the shim to the C-segment and
> points the INT10 vector to it (at C000:0200 it seems).
> 
> Later, LegacyBiosInstallRom() shadows the video OpROM, stomping on the
> shim. The very *next* thing it does before actually invoking the newly-
> shadowed OpROM is make an INT 10h call to put the display into a plain
> text mode. Which blows up since there's nothing useful at C000:0200 any
> more.
> 
> 
> There are a few ways we could fix this...
> 
> If I just move that PrepareToScanRom hook invocation (that sets the
> text mode) to happen before the CopyMem() of the shadowing, that makes
> things work again. But mostly by luck.
> 
> If I change the check in InstallVbeShim() to be '<= SegmentF' then the
> VBE shim won't install itself even over the CSM's iret stub. This is
> basically equivalent to making the VBE Shim refuse to install if
> CSM_ENABLE is set. And might be the right thing to do, since the VBE
> Shim isn't enough to actually make legacy code work.
> 
> It might also work if you were to allocate the space for the VBE shim
> so that we don't later try to shadow the real ROM to the same location.
> 
> Or maybe we should be letting the legacy BIOS video driver take
> precedence if the CSM has a video BIOS, and not letting the native
> drivers bind at all?
> 

In 2013, you submitted the following patch:

  OvmfPkg: Don't build in QemuVideoDxe when we have CSM

The thread starts here:

  https://www.mail-archive.com/edk2-devel@lists.sourceforge.net/msg01871.html

After an update:

  http://mid.mail-archive.com/1360493281.7383.26.camel@shinybook.infradead.org

I had given my R-b:

  http://mid.mail-archive.com/511816AD.9000603@redhat.com

But, the patch was never merged.

The commit hash referenced in those messages still works (pointing into your 
personal repo):

  http://git.infradead.org/users/dwmw2/edk2.git/commitdiff/22253c949e5

Can you resubmit that patch please?

Thanks,
Laszlo

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42600): https://edk2.groups.io/g/devel/message/42600
Mute This Topic: https://groups.io/mt/32093442/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH] EmulatorPkg: update HOST_TOOLS to xcode5

2019-06-19 Thread Stephano Cetola 
The last compiler flag change was for Xcode 5.0, not Xcode 3.2. As such
the HOST_TOOLS should be set to XCODE5.

Also, fix a small typo.

This fixes bug 447:

https://bugzilla.tianocore.org/show_bug.cgi?id=447

Signed-off-by: Stephano Cetola 
---
 EmulatorPkg/build.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/build.sh b/EmulatorPkg/build.sh
index 558b65e88b..c5bf0bd655 100755
--- a/EmulatorPkg/build.sh
+++ b/EmulatorPkg/build.sh
@@ -60,9 +60,9 @@ case `uname` in
 CLANG_VER=$(clang -ccc-host-triple x86_64-pc-win32-macho 2>&1 
>/dev/null) || true
 if [[ "$CLANG_VER" == *-ccc-host-triple* ]]
 then
-# only older versions of Xcode support -ccc-host-tripe, for newer 
versions
+# only older versions of Xcode support -ccc-host-triple, for newer 
versions
 # it is -target
-  HOST_TOOLS=XCODE32
+  HOST_TOOLS=XCODE5
   TARGET_TOOLS=XCODE5
 else
   HOST_TOOLS=XCODE32
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42599): https://edk2.groups.io/g/devel/message/42599
Mute This Topic: https://groups.io/mt/32125628/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol

2019-06-19 Thread rebecca 
On 2019-06-19 02:07, Lu, XiaoyuX wrote:
>
> Thanks for your information. I checked the NOOPT OVMF in linux environment, 
> it failed too.
> I think compiler optimization hides this problem. 
> By default, OpenSSL will auto load config file. But UEFI don't use it.
> And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change 
> openssl_config_int
> function will cause this problem.
>
> And I made a patch for it. You can find it at
> https://edk2.groups.io/g/devel/message/42577



Thanks! That fixed the problem.


-- 
Rebecca Cran


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42598): https://edk2.groups.io/g/devel/message/42598
Mute This Topic: https://groups.io/mt/32100684/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL

2019-06-19 Thread rebecca 
On 2019-06-19 01:22, Xiaoyu Lu wrote:
> This problem was found by Rebecca Cran .
> REF: https://edk2.groups.io/g/devel/topic/32100684
>
> OpenSSL will automatically load a system config file which configures
> default ssl options. In UEFI, It will cause TlsInitialize failed
> without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
> So disable it.
>
> Re-run process_files.py to generate OpensslLib[Crypto].inf files.


Reviewed-by: Rebecca Cran 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42597): https://edk2.groups.io/g/devel/message/42597
Mute This Topic: https://groups.io/mt/32120649/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2] [PATCH] OvmfPkg: prevent 64-bit MMIO BAR degradation if there is no CSM

2019-06-19 Thread David Woodhouse 
On Thu, 2016-05-19 at 00:12 +0200, Laszlo Ersek wrote:
> According to edk2 commit
> 
>   "MdeModulePkg/PciBus: do not improperly degrade resource"
> 
> and to the EFI_INCOMPATIBLE_PCI_DEVICE_SUPPORT_PROTOCOL definition in the
> Platform Init 1.4a specification, a platform can provide such a protocol
> in order to influence the PCI resource allocation performed by the PCI Bus
> driver.
> 
> In particular it is possible instruct the PCI Bus driver, with a
> "wildcard" hint, to allocate the 64-bit MMIO BARs of a device in 64-bit
> address space, regardless of whether the device features an option ROM.
> 
> (By default, the PCI Bus driver considers an option ROM reason enough for
> allocating the 64-bit MMIO BARs in 32-bit address space. It cannot know if
> BDS will launch a legacy boot option, and under legacy boot, a legacy BIOS
> binary from a combined option ROM could be dispatched, and fail to access
> MMIO BARs in 64-bit address space.)
> 
> In platform code we can ascertain whether a CSM is present or not. If not,
> then legacy BIOS binaries in option ROMs can't be dispatched, hence the
> BAR degradation is detrimental, and we should prevent it. This is expected
> to conserve the 32-bit address space for 32-bit MMIO BARs.
> 
> The driver added in this patch could be simplified based on the following
> facts:
> 
> - In the Ia32 build, the 64-bit MMIO aperture is always zero-size, hence
>   the driver will exit immediately. Therefore the driver could be omitted
>   from the Ia32 build.
> 
> - In the Ia32X64 and X64 builds, the driver could be omitted if CSM_ENABLE
>   was defined (because in that case the degradation would be justified).
>   On the other hand, if CSM_ENABLE was undefined, then the driver could be
>   included, and it could provide the hint unconditionally (without looking
>   for the Legacy BIOS protocol).
> 
> These short-cuts are not taken because they would increase the differences
> between the OVMF DSC/FDF files. If we can manage without extreme
> complexity, we should use dynamic logic (vs. build time configuration),
> plus keep conditional compilation to a minimum.
> 
> Cc: Jordan Justen 
> Cc: Ruiyu Ni 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Laszlo Ersek 

This (commit 855743f717745) appears not to be working any more. I see
NVMe controllers' BARs being assigned above 4GiB where the CSM can't
reach them.



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42596): https://edk2.groups.io/g/devel/message/42596
Mute This Topic: https://groups.io/mt/32122513/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-



smime.p7s
Description: S/MIME cryptographic signature

[edk2-devel] [PATCH 1/2] LegacyBios: set NumberBbsEntries to the size of BbsTable

2019-06-19 Thread David Woodhouse 
Signed-off-by: David Woodhouse 
---
 OvmfPkg/Csm/LegacyBiosDxe/LegacyBios.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OvmfPkg/Csm/LegacyBiosDxe/LegacyBios.c 
b/OvmfPkg/Csm/LegacyBiosDxe/LegacyBios.c
index 05e3ffd2bb..69abd06c40 100644
--- a/OvmfPkg/Csm/LegacyBiosDxe/LegacyBios.c
+++ b/OvmfPkg/Csm/LegacyBiosDxe/LegacyBios.c
@@ -568,7 +568,7 @@ ShadowAndStartLegacy16 (
   //
   // Skip Floppy and possible onboard IDE drives
   //
-  EfiToLegacy16BootTable->NumberBbsEntries = 1 + 2 * MAX_IDE_CONTROLLER;
+  EfiToLegacy16BootTable->NumberBbsEntries = 
sizeof(Private->IntThunk->BbsTable) / sizeof(BBS_TABLE);
 
   for (Index = 0; Index < (sizeof (Private->IntThunk->BbsTable) / sizeof 
(BBS_TABLE)); Index++) {
 BbsTable[Index].BootPriority = BBS_IGNORE_ENTRY;


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42594): https://edk2.groups.io/g/devel/message/42594
Mute This Topic: https://groups.io/mt/32122467/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-



smime.p7s
Description: S/MIME cryptographic signature

[edk2-devel] [PATCH 2/2] LegacyBbs: Add boot entries for VirtIO and NVME devices

2019-06-19 Thread David Woodhouse 
Signed-off-by: David Woodhouse 
---

They still end up all just called 'Harddisk', but I absolutely do not
want to reproduce all the special cases in BmBootDescription.c. I'm not
even sure I want to export that and use it; it's horrid. Why don't the
disk objects themselves have a protocol which will generate a user-
visible label for them instead of collecting special-cases like that?

But that's just cosmetic. I can now do a CSM boot from VirtIO and NVMe
drives. At least, I can after
https://mail.coreboot.org/hyperkitty/list/seab...@seabios.org/thread/NR6Z4VTZA6VKF46RAFB3Q5TUE6ZLMLXT/

 OvmfPkg/Csm/LegacyBiosDxe/LegacyBbs.c | 162 +-
 1 file changed, 157 insertions(+), 5 deletions(-)

diff --git a/OvmfPkg/Csm/LegacyBiosDxe/LegacyBbs.c 
b/OvmfPkg/Csm/LegacyBiosDxe/LegacyBbs.c
index 6b1dd344f3..cc84712d25 100644
--- a/OvmfPkg/Csm/LegacyBiosDxe/LegacyBbs.c
+++ b/OvmfPkg/Csm/LegacyBiosDxe/LegacyBbs.c
@@ -140,10 +140,14 @@ LegacyBiosBuildBbs (
   IN  BBS_TABLE *BbsTable
   )
 {
-  UINTN BbsIndex;
-  HDD_INFO  *HddInfo;
-  UINTN HddIndex;
-  UINTN Index;
+  UINTN   BbsIndex;
+  HDD_INFO*HddInfo;
+  UINTN   HddIndex;
+  UINTN   Index;
+  EFI_HANDLE  *BlockIoHandles;
+  UINTN   NumberBlockIoHandles;
+  UINTN   BlockIndex;
+  EFI_STATUS  Status;
 
   //
   // First entry is floppy.
@@ -252,8 +256,156 @@ LegacyBiosBuildBbs (
 }
   }
 
-  return EFI_SUCCESS;
+  //
+  // Add non-IDE block devices
+  //
+  BbsIndex = HddIndex * 2 + 1;
+
+  Status = gBS->LocateHandleBuffer (
+  ByProtocol,
+  ,
+  NULL,
+  ,
+  
+  );
+  if (!EFI_ERROR(Status)) {
+UINTN Removable;
+EFI_BLOCK_IO_PROTOCOL *BlkIo;
+EFI_PCI_IO_PROTOCOL   *PciIo;
+EFI_DEVICE_PATH_PROTOCOL  *DevicePath;
+EFI_DEVICE_PATH_PROTOCOL  *DevicePathNode;
+EFI_HANDLEPciHandle;
+UINTN SegNum;
+UINTN BusNum;
+UINTN DevNum;
+UINTN FuncNum;
+
+for (Removable = 0; Removable < 2; Removable++) {
+  for (BlockIndex = 0; BlockIndex < NumberBlockIoHandles; BlockIndex++) {
+Status = gBS->HandleProtocol (
+BlockIoHandles[BlockIndex],
+,
+(VOID **) 
+);
+if (EFI_ERROR (Status)) {
+  continue;
+}
 
+//
+// Skip the logical partitions
+//
+if (BlkIo->Media->LogicalPartition) {
+  DEBUG((EFI_D_INFO, "Partition\n"));
+  continue;
+}
+
+//
+// Skip the fixed block io then the removable block io
+//
+if (BlkIo->Media->RemovableMedia == ((Removable == 0) ? FALSE : TRUE)) 
{
+  continue;
+}
+
+//
+// Get Device Path
+//
+Status = gBS->HandleProtocol (
+BlockIoHandles[BlockIndex],
+,
+(VOID **) 
+);
+if (EFI_ERROR (Status)) {
+  continue;
+}
+
+//
+// Skip ATA devices as they have already been handled
+//
+DevicePathNode = DevicePath;
+while (!IsDevicePathEnd (DevicePathNode)) {
+  if (DevicePathType (DevicePathNode) == MESSAGING_DEVICE_PATH &&
+  DevicePathSubType (DevicePathNode) == MSG_ATAPI_DP) {
+break;
+  }
+  DevicePathNode = NextDevicePathNode (DevicePathNode);
+}
+if (!IsDevicePathEnd (DevicePathNode)) {
+continue;
+}
+
+//
+//  Locate which PCI device
+//
+Status = gBS->LocateDevicePath (
+,
+,
+
+);
+if (EFI_ERROR (Status)) {
+  continue;
+}
+
+Status = gBS->HandleProtocol (
+PciHandle,
+,
+(VOID **) 
+);
+if (EFI_ERROR (Status)) {
+  continue;
+}
+
+Status = PciIo->GetLocation (
+  PciIo,
+  ,
+  ,
+  ,
+  
+  );
+if (EFI_ERROR (Status)) {
+  continue;
+}
+
+if (SegNum != 0) {
+  DEBUG((EFI_D_INFO, "CSM cannot use PCI devices in segment %d\n", 
SegNum));
+  continue;
+}
+
+DEBUG_CODE (
+  CHAR16 *PathText;
+
+  PathText = ConvertDevicePathToText(DevicePath, FALSE, FALSE);
+
+  DEBUG((EFI_D_INFO, "Add Legacy Bbs entry for PCI %d/%d/%d: %s\n",
+ BusNum, DevNum, FuncNum, PathText));
+  FreePool(PathText);
+

[edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM3 digest algorithm

2019-06-19 Thread Imran Desai 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.
This patch add SM3 algorithm in the hashinstance library.


Signed-off-by: Imran Desai 
Cc: Chao Zhang 
Cc: Jiewen Yao 
Cc: Jian Wang 
Signed-off-by: Imran Desai 
---
 SecurityPkg/SecurityPkg.dsc   |   3 +
 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf |  41 ++
 SecurityPkg/Include/Library/HashLib.h |   1 +
 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c   | 150 

 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni |  15 ++
 5 files changed, 210 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index a2ee0528f0d2..044319ab5e36 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -222,6 +222,7 @@ [Components.IA32, Components.X64]
   SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
   SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+  SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
 
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
 
@@ -236,6 +237,7 @@ [Components.IA32, Components.X64]
   NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+  NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
 
   SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
@@ -246,6 +248,7 @@ [Components.IA32, Components.X64]
   NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+  NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
   }
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf 
b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
new file mode 100644
index ..781164d74ea0
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
@@ -0,0 +1,41 @@
+## @file
+#  Provides BaseCrypto SM3 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash 
engine.
+#
+#  Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = HashInstanceLibSm3
+  MODULE_UNI_FILE= HashInstanceLibSm3.uni
+  FILE_GUID  = C5865D5D-9ACE-39FB-DC7C-0511891D40F9
+  MODULE_TYPE= BASE
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = NULL
+  CONSTRUCTOR= HashInstanceLibSm3Constructor
+
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES   = IA32 X64
+#
+
+[Sources]
+  HashInstanceLibSm3.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  Tpm2CommandLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Include/Library/HashLib.h 
b/SecurityPkg/Include/Library/HashLib.h
index 63f08398788b..a5b433d824a4 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -137,6 +137,7 @@ EFI_STATUS
 #define HASH_ALGORITHM_SHA256_GUID  EFI_HASH_ALGORITHM_SHA256_GUID
 #define HASH_ALGORITHM_SHA384_GUID  EFI_HASH_ALGORITHM_SHA384_GUID
 #define HASH_ALGORITHM_SHA512_GUID  EFI_HASH_ALGORITHM_SHA512_GUID
+#define HASH_ALGORITHM_SM3_256_GUID EFI_HASH_ALGORITHM_SM3_256_GUID
 
 typedef struct {
   EFI_GUID   HashGuid;
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c 
b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
new file mode 100644
index ..8fd95162118a
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
@@ -0,0 +1,150 @@
+/** @file
+  BaseCrypto SM3 hash instance library.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+  Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+  The function set SM3 to digest list.
+
+  @param

[edk2-devel] [PATCH v3 2/5] SecurityPkg: introduce the SM3 digest algorithm

2019-06-19 Thread Imran Desai 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.
This patch add SM3 algorithm in the hashinstance library.


Signed-off-by: Imran Desai 
Cc: Chao Zhang 
Cc: Jiewen Yao 
Cc: Jian Wang 
Signed-off-by: Imran Desai 
---
 SecurityPkg/SecurityPkg.dsc   |   3 +
 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf |  41 ++
 SecurityPkg/Include/Library/HashLib.h |   1 +
 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c   | 150 

 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni |  15 ++
 5 files changed, 210 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index a2ee0528f0d2..044319ab5e36 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -222,6 +222,7 @@ [Components.IA32, Components.X64]
   SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
   SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+  SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
 
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
 
@@ -236,6 +237,7 @@ [Components.IA32, Components.X64]
   NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+  NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
 
   SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
@@ -246,6 +248,7 @@ [Components.IA32, Components.X64]
   NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+  NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
   }
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf 
b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
new file mode 100644
index ..781164d74ea0
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
@@ -0,0 +1,41 @@
+## @file
+#  Provides BaseCrypto SM3 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash 
engine.
+#
+#  Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = HashInstanceLibSm3
+  MODULE_UNI_FILE= HashInstanceLibSm3.uni
+  FILE_GUID  = C5865D5D-9ACE-39FB-DC7C-0511891D40F9
+  MODULE_TYPE= BASE
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = NULL
+  CONSTRUCTOR= HashInstanceLibSm3Constructor
+
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES   = IA32 X64
+#
+
+[Sources]
+  HashInstanceLibSm3.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  Tpm2CommandLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Include/Library/HashLib.h 
b/SecurityPkg/Include/Library/HashLib.h
index 63f08398788b..a5b433d824a4 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -137,6 +137,7 @@ EFI_STATUS
 #define HASH_ALGORITHM_SHA256_GUID  EFI_HASH_ALGORITHM_SHA256_GUID
 #define HASH_ALGORITHM_SHA384_GUID  EFI_HASH_ALGORITHM_SHA384_GUID
 #define HASH_ALGORITHM_SHA512_GUID  EFI_HASH_ALGORITHM_SHA512_GUID
+#define HASH_ALGORITHM_SM3_256_GUID EFI_HASH_ALGORITHM_SM3_256_GUID
 
 typedef struct {
   EFI_GUID   HashGuid;
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c 
b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
new file mode 100644
index ..8fd95162118a
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
@@ -0,0 +1,150 @@
+/** @file
+  BaseCrypto SM3 hash instance library.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+  Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+  The function set SM3 to digest list.
+
+  @param

[edk2-devel] reg: Adding Entry for Initiator Name in the ISCSI Config Structure

2019-06-19 Thread Sivaraman Nainar 
Hello :

Right now the structure _ISCSI_ATTEMPT_CONFIG_NVDATA does not have the entry 
for Initiator Name.

It uses the NV Variable I_NAME for maintain the Initiator Name since the setup 
supports single initiator name for all the attempts getting created.

When we have the attempts from the Redfish and other source of attempt details 
it would be nice to have the Initiator Name also in the 
_ISCSI_ATTEMPT_CONFIG_NVDATA structure. Redfish supports to have multiple 
Initiator Name which cannot be addressed with the existing NV Variable.

Could you please review this request. If required shall create a bugzilla  
ticket to address the enhancement.

-Siva

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42590): https://edk2.groups.io/g/devel/message/42590
Mute This Topic: https://groups.io/mt/32122046/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] reg: Multiple Host Name Certificate

2019-06-19 Thread Sivaraman Nainar 
Can you please help to confirm the behavior

From: Sivaraman Nainar
Sent: Friday, June 7, 2019 2:48 PM
To: devel@edk2.groups.io
Subject: reg: Multiple Host Name Certificate

Hello:

Can someone help to confirm if EDK2 supports multiple Host Name support.

We need to have an environment where the HTTPS request should work fine for IP 
& Host Name based access. When we create certificates with CN as Host Name and 
SAN as IP TLS Handshake works only for Host Name and it provides Handshake 
Error when the request are IP Based.

If this question need to be raised in other forum please help to redirect.

-Siva

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42591): https://edk2.groups.io/g/devel/message/42591
Mute This Topic: https://groups.io/mt/31972894/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 edk2-platforms 1/1] Silicon/DesignWare/Driver: DwEmacSnpDxe: Add DesignWare EMAC driver

2019-06-19 Thread Ard Biesheuvel 
On Wed, 19 Jun 2019 at 12:09, Ooi, Tzy Way  wrote:
>
> Hi Bieshuevel,
>
> In the DmaMap function, there is one line where my code look like this:
>
> "Status = DmaMap (MapOperationBusMasterCommonBuffer, 
> Snp->MacDriver.TxdescRing[0], , >MacDriver.TxdescRingMap[0], 
> >MappingTxdesc);"
>
> You asked me why the [0] and how many descriptor I am mapping. In my code, 
> there is total 10 descriptors. The way I did in current code was I use 
> DmaAllocateBuffer to allocate a memory size which is big enough for 10 
> descriptors. After that, I just map the first descriptor and I access the 
> rest of the descriptor by using the first descriptor address plus the size 
> for each descriptor to get the next descriptor address. Wonder if this method 
> is ok? Or do I need to use DmaAllocateBuffer and DmaMap for 10 times for 
> total 10 descriptors?
>

No, this is not ok. You have to allocate and map the size of the
memory that you will use. As long as you don't use more than a page,
it will not matter in practice, but it is wrong nonetheless

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42589): https://edk2.groups.io/g/devel/message/42589
Mute This Topic: https://groups.io/mt/31541649/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 edk2-platforms 1/1] Silicon/DesignWare/Driver: DwEmacSnpDxe: Add DesignWare EMAC driver

2019-06-19 Thread Ooi, Tzy Way 
Hi Bieshuevel,

In the DmaMap function, there is one line where my code look like this:

"Status = DmaMap (MapOperationBusMasterCommonBuffer, 
Snp->MacDriver.TxdescRing[0], , >MacDriver.TxdescRingMap[0], 
>MappingTxdesc);"

You asked me why the [0] and how many descriptor I am mapping. In my code, 
there is total 10 descriptors. The way I did in current code was I use 
DmaAllocateBuffer to allocate a memory size which is big enough for 10 
descriptors. After that, I just map the first descriptor and I access the rest 
of the descriptor by using the first descriptor address plus the size for each 
descriptor to get the next descriptor address. Wonder if this method is ok? Or 
do I need to use DmaAllocateBuffer and DmaMap for 10 times for total 10 
descriptors? 

Thank you

Best regards,
Tzy Way

-Original Message-
From: Ard Biesheuvel  
Sent: Friday, May 31, 2019 5:20 PM
To: Ooi, Tzy Way 
Cc: edk2-devel-groups-io ; Kinney, Michael D 
; Loh, Tien Hock ; 
leif.lindh...@linaro.org
Subject: Re: [edk2-devel] [PATCH v4 edk2-platforms 1/1] 
Silicon/DesignWare/Driver: DwEmacSnpDxe: Add DesignWare EMAC driver

On Fri, 31 May 2019 at 11:14, Ooi, Tzy Way  wrote:
>
> Thanks Biesheuvel.
>
> I would like to confirm with you on regards of one of the comment. There is 
> one comment where you mentioned that:
> "I am aware that TX is usually the hot path in UEFI, but we should still try 
> to map a buffer directly rather than copy the contents into uncached memory"
>
> I would like to confirm with you if do you mean I should do the DmaMap here 
> instead of doing it at the beginning of the code while DmaAllocate is 
> executed?

Yes.

Each time you receive a buffer, you DmaMap() it with the 
MapOperationBusMasterRead attribute, and hand it to the device. After the 
device is finished, you DmaUnmap() it again. This removes the need for uncached 
memory.

On the RX path, you can allocate the buffers via AllocatePages() rather than 
via DmaAllocateBuffer(), and map the for DMA using
DmaMap() with the MapOperationBusMasterWrite attribute. Once the buffer is 
filled by the hardware, you can DmaUnmap() it and copy the contents back to the 
caller, after which you can recycle the buffer or free it.

> Or do you mean I shouldn’t copy it into a uncached memory region?
>

DmaAllocateBuffer() gives you an uncached region, so you should only use it for 
data structures that are accessed and modified by the CPU and the hardware at 
the same time, e.g., the descriptor rings. The actual data buffers only need 
directional DMA, so using uncached memory results in an unnecessary performance 
hit.


> Thank you
> -Original Message-
> From: Ard Biesheuvel 
> Sent: Wednesday, May 22, 2019 3:22 PM
> To: edk2-devel-groups-io ; Ooi, Tzy Way 
> 
> Cc: Kinney, Michael D ; Loh, Tien Hock 
> ; leif.lindh...@linaro.org
> Subject: Re: [edk2-devel] [PATCH v4 edk2-platforms 1/1] 
> Silicon/DesignWare/Driver: DwEmacSnpDxe: Add DesignWare EMAC driver
>
> On Wed, 22 May 2019 at 03:37, Ooi, Tzy Way  wrote:
> >
> > Hi Maintainers,
> >
> > Please could you help to review this patch? Thanks.
> >
>
> I already did, but my email response got rejected twice
>
> https://edk2.groups.io/g/devel/message/40829?p=,,,20,0,0,0::Created,,e
> mac,20,2,0,31541649

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42588): https://edk2.groups.io/g/devel/message/42588
Mute This Topic: https://groups.io/mt/31541649/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [RFC] Fine-grained review ownership for MdeModulePkg

2019-06-19 Thread Leif Lindholm 
On Wed, Jun 19, 2019 at 05:09:40AM +, Wu, Hao A wrote:
> Hello all,
> 
> As suggested by Ray and Leif, modules (with wildcard) in MdeModulePkg are
> classified to a list of features.
> 
> Please note that:
> * The below list is a draft at this moment, please help to provide
>   feedbacks/comments;
> * Modules with no clear classification are listed under the 'Misc' section
>   at the bottom of the list.

Thank you for doing the heavy lifting.

A few comments below on how this could be more easily described in the
Maintainer.txt syntax.

> ACPI:
> MdeModulePkg/Include/*/*Acpi*.h
> MdeModulePkg/Universal/Acpi/
>
> BDS:
> MdeModulePkg/Include/Library/PlatformBootManagerLib.h
> MdeModulePkg/Include/Library/UefiBootManagerLib.h
> MdeModulePkg/Library/PlatformBootManagerLibNull/
> MdeModulePkg/Library/UefiBootManagerLib/

MdeModulePkg/*BootManagerLib*/

> MdeModulePkg/Universal/BdsDxe/
> MdeModulePkg/Universal/BootManagerPolicyDxe/

Or maybe even
MdeModulePkg/*BootManager*/, which would also match the line above.

> MdeModulePkg/Universal/LoadFileOnFv2/
> MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.*
> 
> Console:
> MdeModulePkg/Include/Guid/ConnectConInEvent.h
> MdeModulePkg/Include/Guid/ConsoleInDevice.h
> MdeModulePkg/Include/Guid/ConsoleOutDevice.h
> MdeModulePkg/Include/Guid/StandardErrorDevice.h
> MdeModulePkg/Include/Guid/TtyTerm.h
> MdeModulePkg/Universal/Console/ConPlatformDxe/
> MdeModulePkg/Universal/Console/ConSplitterDxe/
> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/
> MdeModulePkg/Universal/Console/TerminalDxe/

I was intrigued as to why this did not specify
MdeModulePkg/Universal/Console/
See [1] below.

However, even if suggestions included below were not implemented, the
situation could be described as:
F: MdeModulePkg/Universal/Console/
X: MdeModulePkg/Universal/Console/GraphicsOutputDxe/

> Core (PEI, DXE and Runtime):
> MdeModulePkg/Core/Dxe/*
> MdeModulePkg/Core/Dxe/Dispatcher/
> MdeModulePkg/Core/Dxe/DxeMain/
> MdeModulePkg/Core/Dxe/Event/
> MdeModulePkg/Core/Dxe/FwVol*/
> MdeModulePkg/Core/Dxe/Hand/
> MdeModulePkg/Core/Dxe/Image/
> MdeModulePkg/Core/Dxe/Library/
> MdeModulePkg/Core/Dxe/Misc/
> MdeModulePkg/Core/Dxe/SectionExtraction/

F: MdeModulePkg/Core/Dxe/
X: MdeModulePkg/Core/Dxe/Mem/

> MdeModulePkg/Core/DxeIplPeim/
> MdeModulePkg/Core/Pei/*
> MdeModulePkg/Core/Pei/BootMode/
> MdeModulePkg/Core/Pei/CpuIo/
> MdeModulePkg/Core/Pei/Dependency/
> MdeModulePkg/Core/Pei/Dispatcher/
> MdeModulePkg/Core/Pei/FwVol/
> MdeModulePkg/Core/Pei/Hob/
> MdeModulePkg/Core/Pei/Image/
> MdeModulePkg/Core/Pei/PeiMain/
> MdeModulePkg/Core/Pei/Ppi/
> MdeModulePkg/Core/Pei/Security/

F: MdeModulePkg/Core/Pei/
X: MdeModulePkg/Core/Pei/Memory/
X: MdeModulePkg/Core/Pei/PciCfg2/
X: MdeModulePkg/Core/Pei/Reset/
X: MdeModulePkg/Core/Pei/StatusCode/

I'm going to stop there, because I'm lazy, and I realise this is about
the responsibility areas rather than an actual patch to
Maintainers.txt - and I think my point is made.

Further comments below.

> MdeModulePkg/Core/RuntimeDxe/
> MdeModulePkg/Include/Guid/Crc32GuidedSectionExtraction.h
> MdeModulePkg/Include/Guid/EventExitBootServiceFailed.h
> MdeModulePkg/Include/Guid/IdleLoopEvent.h
> MdeModulePkg/Include/Guid/LoadModuleAtFixedAddress.h
> MdeModulePkg/Include/Library/SecurityManagementLib.h
> MdeModulePkg/Library/*SectionExtract*/
> MdeModulePkg/Library/DxeSecurityManagementLib/
> MdeModulePkg/Universal/PlatformDriOverrideDxe/
> MdeModulePkg/Universal/SectionExtraction*/
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStub.c
> 
> Debug:
> MdeModulePkg/Include/Guid/DebugMask.h
> MdeModulePkg/Include/Library/DebugAgentLib.h
> MdeModulePkg/Include/Ppi/Debug.h
> MdeModulePkg/Library/*Debug*/
> MdeModulePkg/Universal/Debug*/
> 
> Decompress:
> MdeModulePkg/Include/Guid/LzmaDecompress.h
> MdeModulePkg/Library/*Decompress*/
> 
> Device:
> MdeModulePkg/Bus/Ata/
> MdeModulePkg/Bus/I2c/
> MdeModulePkg/Bus/Isa/
> MdeModulePkg/Bus/Pci/Ehci*/
> MdeModulePkg/Bus/Pci/IdeBusPei/
> MdeModulePkg/Bus/Pci/NonDiscoverablePciDeviceDxe/
> MdeModulePkg/Bus/Pci/NvmExpress*/
> MdeModulePkg/Bus/Pci/PciSioSerialDxe/
> MdeModulePkg/Bus/Pci/SataControllerDxe/
> MdeModulePkg/Bus/Pci/SdMmc*/
> MdeModulePkg/Bus/Pci/Ufs*/
> MdeModulePkg/Bus/Pci/Uhci*/
> MdeModulePkg/Bus/Pci/Xhci*/
> MdeModulePkg/Bus/Scsi/
> MdeModulePkg/Bus/Sd/
> MdeModulePkg/Bus/Ufs/
> MdeModulePkg/Bus/Usb/
> MdeModulePkg/Include/*/*Ata*.h
> MdeModulePkg/Include/*/*NonDiscoverableDevice*.h
> MdeModulePkg/Include/*/*NvmExpress*.h
> MdeModulePkg/Include/*/*SerialPort*.h
> MdeModulePkg/Include/*/*SdMmc*.h
> MdeModulePkg/Include/*/*Ufs*.h
> MdeModulePkg/Include/*/*Usb*.h
> MdeModulePkg/Include/Guid/S3StorageDeviceInitList.h
> MdeModulePkg/Include/Guid/RecoveryDevice.h
> MdeModulePkg/Include/Guid/UsbKeyBoardLayout.h
> MdeModulePkg/Include/Ppi/StorageSecurityCommand.h
> MdeModulePkg/Include/Protocol/Ps2Policy.h
> MdeModulePkg/Library/BaseSerialPortLib16550/
>

Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM.

2019-06-19 Thread Ni, Ray 
> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of Xu,
> Wei6
> Sent: Wednesday, June 19, 2019 4:41 PM
> To: Wu, Hao A ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Zhang, Chao B
> 
> Subject: Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> CapsuleOnDiskLoadPei PEIM.
> 
> > > +  ASSERT_EFI_ERROR (Status);
> > > +
> > > +  FileNameSize = PcdGetSize (PcdCoDRelocationFileName);  Status =
> > > + PcdSetPtrS (PcdRecoveryFileName, , (VOID *)
> > > PcdGetPtr(PcdCoDRelocationFileName));
> >
> >
> > Buffer for 'PcdRecoveryFileName' may not be big enough to hold the
> > content in 'PcdCoDRelocationFileName'.
> >
> > I think there might be a chance for the above PcdSetPtrS() call to fail.
> >
> 
> 
> Thanks a lot for the comments.
> Yes, 'PcdRecoveryFileName' should be larger than
> 'PcdCoDRelocationFileName'.
> I think no need to update the code, since these two PCDs are fixed during
> build time.
> I will update the description of 'PcdCoDRelocationFileName' to mention: it
> must be smaller than 'PcdRecoveryFileName', otherwise failure may occur.

But your code doesn't check the status of PcdSetPtrS().

> 
> Do you have comments about it?
> Thanks again.
> 
> 
> BR,
> Wei
> 
> > -Original Message-
> > From: Wu, Hao A
> > Sent: Wednesday, June 12, 2019 3:49 PM
> > To: devel@edk2.groups.io; Xu, Wei6 
> > Cc: Wang, Jian J ; Zhang, Chao B
> > 
> > Subject: RE: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> > CapsuleOnDiskLoadPei PEIM.
> >
> > > -Original Message-
> > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf
> > > Of Xu,
> > > Wei6
> > > Sent: Wednesday, June 05, 2019 11:42 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B; Xu, Wei6
> > > Subject: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> > > CapsuleOnDiskLoadPei PEIM.
> > >
> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1852
> > >
> > > This module provides PPI to load Capsule On Disk temp relocation
> > > file from Root Directory file system, retrieve the capsules from the
> > > temp file and create capsule hobs for these capsules.
> > >
> > > Cc: Jian J Wang 
> > > Cc: Hao A Wu 
> > > Cc: Chao B Zhang 
> > > Signed-off-by: Wei6 Xu 
> > > ---
> > >  MdeModulePkg/MdeModulePkg.dsc  |   4 +
> > >  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c| 442
> > > +
> > >  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf  |  64 +++
> > > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.uni  |  15 +
> > >  .../CapsuleOnDiskLoadPeiExtra.uni  |  14 +
> > >  5 files changed, 539 insertions(+)
> > >  create mode 100644
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c
> > >  create mode 100644
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in
> > > f
> > >  create mode 100644
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.u
> > > ni
> > >  create mode 100644
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPeiEx
> > > tra.uni
> >
> > Since this a new module, could you help to follow the recommendation
> > in
> > https://edk2.groups.io/g/devel/message/39655?p=,,,20,0,0,0::Created,,U
> > efi
> > DebugLibStdErr,20,2,0,3131
> >
> > to add/update 'static' (lower case) for global variables/functions
> > whose scope is limited within a single file?
> >
> > >
> > > diff --git a/MdeModulePkg/MdeModulePkg.dsc
> > > b/MdeModulePkg/MdeModulePkg.dsc index 995fd805e1..615edddbcc
> > 100644
> > > --- a/MdeModulePkg/MdeModulePkg.dsc
> > > +++ b/MdeModulePkg/MdeModulePkg.dsc
> > > @@ -197,10 +197,13 @@
> > >gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
> > >
> > gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizeNonPopulateCapsule|0x0
> > >gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizePopulateCapsule|0x0
> > >
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxPeiPerformanceLogEntries|28
> > >
> > > +[PcdsDynamicExDefault]
> > > +
> > >
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName|L"FVMAIN.FV"
> > > +
> > >  [Components]
> > >MdeModulePkg/Application/HelloWorld/HelloWorld.inf
> > >MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf
> > >
> MdeModulePkg/Application/MemoryProfileInfo/MemoryProfileInfo.inf
> > >
> > > @@ -315,10 +318,11 @@
> > >
> > >
> >
> NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMainte
> > > nanceManagerUiLib.inf
> > >}
> > >
> > >
> >
> MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManager
> > > Dxe.inf
> > >
> > >
> >
> MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.i
> > > nf
> > >MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
> > > +
> > >
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in
> > > f
> > >
> MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> > >
> > MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
> > >

[edk2-devel] [PATCH] UefiCpuPkg/MpService: GetProcessorInfo returns 6-level topology

2019-06-19 Thread Ni, Ray 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ray Ni 
Cc: Eric Dong 
---
 MdePkg/Include/Protocol/MpService.h  | 50 +---
 UefiCpuPkg/Library/MpInitLib/MpLib.c | 19 +++
 2 files changed, 64 insertions(+), 5 deletions(-)

diff --git a/MdePkg/Include/Protocol/MpService.h 
b/MdePkg/Include/Protocol/MpService.h
index 10e2405daf..aeab8b0790 100644
--- a/MdePkg/Include/Protocol/MpService.h
+++ b/MdePkg/Include/Protocol/MpService.h
@@ -27,7 +27,7 @@
   APs to help test system memory in parallel with other device initialization.
   Diagnostics applications may also use this protocol for multi-processor.
 
-Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
   @par Revision Reference:
@@ -79,7 +79,7 @@ typedef struct _EFI_MP_SERVICES_PROTOCOL 
EFI_MP_SERVICES_PROTOCOL;
 #define PROCESSOR_HEALTH_STATUS_BIT  0x0004
 
 ///
-/// Structure that describes the pyhiscal location of a logical CPU.
+/// Structure that describes the physical location of a logical CPU.
 ///
 typedef struct {
   ///
@@ -96,6 +96,45 @@ typedef struct {
   UINT32  Thread;
 } EFI_CPU_PHYSICAL_LOCATION;
 
+#define CPU_V2_EXTENDED_TOPOLOGY BIT24
+
+///
+/// Structure that describes the v2 physical location of a logical CPU.
+///
+typedef struct {
+  ///
+  /// Zero-based physical package number that identifies the cartridge of the 
processor.
+  ///
+  UINT32  Package;
+  ///
+  /// Zero-based physical module number within package of the processor.
+  ///
+  UINT32  Module;
+  ///
+  /// Zero-based physical tile number within module of the processor.
+  ///
+  UINT32  Tile;
+  ///
+  /// Zero-based physical die number within tile of the processor.
+  ///
+  UINT32  Die;
+  ///
+  /// Zero-based physical core number within die of the processor.
+  ///
+  UINT32  Core;
+  ///
+  /// Zero-based logical thread number within core of the processor.
+  ///
+  UINT32  Thread;
+} EFI_CPU_PHYSICAL_LOCATION2;
+
+///
+/// Structure that describes extended processor information.
+///
+typedef union {
+  EFI_CPU_PHYSICAL_LOCATION2  Location2;
+} EXTENDED_PROCESSOR_INFORMATION;
+
 ///
 /// Structure that describes information about a logical CPU.
 ///
@@ -106,7 +145,7 @@ typedef struct {
   /// are used, and higher bits are reserved.  For IPF, the lower 16 bits 
contains
   /// id/eid, and higher bits are reserved.
   ///
-  UINT64 ProcessorId;
+  UINT64 ProcessorId;
   ///
   /// Flags indicating if the processor is BSP or AP, if the processor is 
enabled
   /// or disabled, and if the processor is healthy. Bits 3..31 are reserved and
@@ -125,13 +164,14 @@ typedef struct {
   ///  1  1   1 Healthy Enabled BSP.
   /// 
   ///
-  UINT32 StatusFlag;
+  UINT32 StatusFlag;
   ///
   /// The physical location of the processor, including the physical package 
number
   /// that identifies the cartridge, the physical core number within package, 
and
   /// logical thread number within core.
   ///
-  EFI_CPU_PHYSICAL_LOCATION  Location;
+  EFI_CPU_PHYSICAL_LOCATION  Location;
+  EXTENDED_PROCESSOR_INFORMATION ExtendedInformation;
 } EFI_PROCESSOR_INFORMATION;
 
 /**
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c 
b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index 6f51bc4ebf..538d6536e2 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -1774,10 +1774,17 @@ MpInitLibGetProcessorInfo (
   CPU_MP_DATA*CpuMpData;
   UINTN  CallerNumber;
   CPU_INFO_IN_HOB*CpuInfoInHob;
+  UINTN  OriginalProcessorNumber;
 
   CpuMpData = GetCpuMpData ();
   CpuInfoInHob = (CPU_INFO_IN_HOB *) (UINTN) CpuMpData->CpuInfoInHob;
 
+  //
+  // Lower 24 bits contains the actual processor number.
+  //
+  OriginalProcessorNumber = ProcessorNumber;
+  ProcessorNumber &= BIT24 - 1;
+
   //
   // Check whether caller processor is BSP
   //
@@ -1818,6 +1825,18 @@ MpInitLibGetProcessorInfo (
 >Location.Thread
 );
 
+  if ((OriginalProcessorNumber & CPU_V2_EXTENDED_TOPOLOGY) != 0) {
+GetProcessorLocation2ByApicId (
+  CpuInfoInHob[ProcessorNumber].ApicId,
+  >ExtendedInformation.Location2.Package,
+  >ExtendedInformation.Location2.Die,
+  >ExtendedInformation.Location2.Tile,
+  >ExtendedInformation.Location2.Module,
+  >ExtendedInformation.Location2.Core,
+  >ExtendedInformation.Location2.Thread
+  );
+  }
+
   if (HealthData != NULL) {
 HealthData->Uint32 = CpuInfoInHob[ProcessorNumber].Health;
   }
-- 
2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42584): https://edk2.groups.io/g/devel/message/42584
Mute This Topic: https://groups.io/mt/32121076/21656
Group Owner: devel+ow...@edk2.groups.io

Re: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add CapsuleOnDiskLoadPei PEIM.

2019-06-19 Thread Xu, Wei6 
> > +  ASSERT_EFI_ERROR (Status);
> > +
> > +  FileNameSize = PcdGetSize (PcdCoDRelocationFileName);  Status =
> > + PcdSetPtrS (PcdRecoveryFileName, , (VOID *)
> > PcdGetPtr(PcdCoDRelocationFileName));
> 
> 
> Buffer for 'PcdRecoveryFileName' may not be big enough to hold the content
> in 'PcdCoDRelocationFileName'.
> 
> I think there might be a chance for the above PcdSetPtrS() call to fail.
>


Thanks a lot for the comments.
Yes, 'PcdRecoveryFileName' should be larger than 'PcdCoDRelocationFileName'.
I think no need to update the code, since these two PCDs are fixed during build 
time.
I will update the description of 'PcdCoDRelocationFileName' to mention: it must 
be smaller than 'PcdRecoveryFileName', otherwise failure may occur.

Do you have comments about it?
Thanks again.


BR,
Wei

> -Original Message-
> From: Wu, Hao A
> Sent: Wednesday, June 12, 2019 3:49 PM
> To: devel@edk2.groups.io; Xu, Wei6 
> Cc: Wang, Jian J ; Zhang, Chao B
> 
> Subject: RE: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> CapsuleOnDiskLoadPei PEIM.
> 
> > -Original Message-
> > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> > Xu,
> > Wei6
> > Sent: Wednesday, June 05, 2019 11:42 PM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B; Xu, Wei6
> > Subject: [edk2-devel][Patch v2 3/7] MdeModulePkg: Add
> > CapsuleOnDiskLoadPei PEIM.
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1852
> >
> > This module provides PPI to load Capsule On Disk temp relocation file
> > from Root Directory file system, retrieve the capsules from the temp
> > file and create capsule hobs for these capsules.
> >
> > Cc: Jian J Wang 
> > Cc: Hao A Wu 
> > Cc: Chao B Zhang 
> > Signed-off-by: Wei6 Xu 
> > ---
> >  MdeModulePkg/MdeModulePkg.dsc  |   4 +
> >  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c| 442
> > +
> >  .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.inf  |  64 +++
> > .../CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.uni  |  15 +
> >  .../CapsuleOnDiskLoadPeiExtra.uni  |  14 +
> >  5 files changed, 539 insertions(+)
> >  create mode 100644
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.c
> >  create mode 100644
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in
> > f
> >  create mode 100644
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.u
> > ni
> >  create mode 100644
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPeiEx
> > tra.uni
> 
> Since this a new module, could you help to follow the recommendation in
> https://edk2.groups.io/g/devel/message/39655?p=,,,20,0,0,0::Created,,Uefi
> DebugLibStdErr,20,2,0,3131
> 
> to add/update 'static' (lower case) for global variables/functions whose
> scope is limited within a single file?
> 
> >
> > diff --git a/MdeModulePkg/MdeModulePkg.dsc
> > b/MdeModulePkg/MdeModulePkg.dsc index 995fd805e1..615edddbcc
> 100644
> > --- a/MdeModulePkg/MdeModulePkg.dsc
> > +++ b/MdeModulePkg/MdeModulePkg.dsc
> > @@ -197,10 +197,13 @@
> >gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x06
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizeNonPopulateCapsule|0x0
> >gEfiMdeModulePkgTokenSpaceGuid.PcdMaxSizePopulateCapsule|0x0
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxPeiPerformanceLogEntries|28
> >
> > +[PcdsDynamicExDefault]
> > +
> >
> gEfiMdeModulePkgTokenSpaceGuid.PcdRecoveryFileName|L"FVMAIN.FV"
> > +
> >  [Components]
> >MdeModulePkg/Application/HelloWorld/HelloWorld.inf
> >MdeModulePkg/Application/DumpDynPcd/DumpDynPcd.inf
> >MdeModulePkg/Application/MemoryProfileInfo/MemoryProfileInfo.inf
> >
> > @@ -315,10 +318,11 @@
> >
> >
> NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMainte
> > nanceManagerUiLib.inf
> >}
> >
> >
> MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManager
> > Dxe.inf
> >
> >
> MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.i
> > nf
> >MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
> > +
> >
> MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.in
> > f
> >MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> >
> MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
> >MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
> >
> >
> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleD
> > xe.inf
> >
> >
> MdeModulePkg/Universal/Console/GraphicsOutputDxe/GraphicsOutputDx
> > e.inf
> > diff --git
> >
> a/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.
> > c
> >
> b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.
> > c
> > new file mode 100644
> > index 00..40d25f3d3b
> > --- /dev/null
> > +++
> >
> b/MdeModulePkg/Universal/CapsuleOnDiskLoadPei/CapsuleOnDiskLoadPei.
> > c
> > @@ -0,0 +1,442 @@
> > +/** @file
> > +  Recovery module.
> > +
> > +  Caution: This module requires additional

Re: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk APIs into CapsuleLib.

2019-06-19 Thread Xu, Wei6 
Thank you very much.
Of course, I will follow up all the other comments.

BR,
Wei
> -Original Message-
> From: Wu, Hao A
> Sent: Wednesday, June 19, 2019 4:20 PM
> To: devel@edk2.groups.io; Wu, Hao A ; Xu, Wei6
> 
> Cc: Wang, Jian J ; Zhang, Chao B
> 
> Subject: RE: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On
> Disk APIs into CapsuleLib.
> 
> Forgot to mention, please help to handle other comments in the first reply to
> the patch. Thanks in advance.
> 
> Best Regards,
> Hao Wu
> 
> 
> > -Original Message-
> > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> > Wu, Hao A
> > Sent: Wednesday, June 19, 2019 4:17 PM
> > To: Xu, Wei6; devel@edk2.groups.io
> > Cc: Wang, Jian J; Zhang, Chao B
> > Subject: Re: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On
> > Disk APIs into CapsuleLib.
> >
> > >
> > > No,  that's how it is designed.
> > > PcdCodRelocationDevPath is used by platform to specify a device to
> > > store temp Cod relocation file.
> > > If this PCD is not available, it means that platform doesn't have a
> > requirement
> > > to store the file to a specific place.
> > > Then save the file to the device where the capsules are placed.
> > >
> >
> > Got it.
> > I suggest to add comments to explicitly mention this in the codes.
> >
> > >
> > > For Capsule On Disk, no capsule hob means the Cod temp relocations
> > > file is corrupted, which also means current boot is insecure.
> > > Then force reset to re-apply normal boot platform secure policy.
> > > I will update the description. Do you have comments for it?
> > >
> >
> > If the behavior change of the 'ProcessCapsules' API is covered during
> > design review process, then updating the comments is good to me.
> >
> > Best Regards,
> > Hao Wu
> >
> > >
> > > BR,
> > > Wei Xu
> >
> > 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42582): https://edk2.groups.io/g/devel/message/42582
Mute This Topic: https://groups.io/mt/31938582/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk APIs into CapsuleLib.

2019-06-19 Thread Wu, Hao A 
Forgot to mention, please help to handle other comments in the first reply
to the patch. Thanks in advance.

Best Regards,
Hao Wu


> -Original Message-
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Wu, Hao A
> Sent: Wednesday, June 19, 2019 4:17 PM
> To: Xu, Wei6; devel@edk2.groups.io
> Cc: Wang, Jian J; Zhang, Chao B
> Subject: Re: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On
> Disk APIs into CapsuleLib.
> 
> >
> > No,  that's how it is designed.
> > PcdCodRelocationDevPath is used by platform to specify a device to store
> > temp Cod relocation file.
> > If this PCD is not available, it means that platform doesn't have a
> requirement
> > to store the file to a specific place.
> > Then save the file to the device where the capsules are placed.
> >
> 
> Got it.
> I suggest to add comments to explicitly mention this in the codes.
> 
> >
> > For Capsule On Disk, no capsule hob means the Cod temp relocations file is
> > corrupted, which also means current boot is insecure.
> > Then force reset to re-apply normal boot platform secure policy.
> > I will update the description. Do you have comments for it?
> >
> 
> If the behavior change of the 'ProcessCapsules' API is covered during
> design review process, then updating the comments is good to me.
> 
> Best Regards,
> Hao Wu
> 
> >
> > BR,
> > Wei Xu
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42581): https://edk2.groups.io/g/devel/message/42581
Mute This Topic: https://groups.io/mt/31938582/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk APIs into CapsuleLib.

2019-06-19 Thread Wu, Hao A 
> 
> No,  that's how it is designed.
> PcdCodRelocationDevPath is used by platform to specify a device to store
> temp Cod relocation file.
> If this PCD is not available, it means that platform doesn't have a 
> requirement
> to store the file to a specific place.
> Then save the file to the device where the capsules are placed.
> 

Got it.
I suggest to add comments to explicitly mention this in the codes.

> 
> For Capsule On Disk, no capsule hob means the Cod temp relocations file is
> corrupted, which also means current boot is insecure.
> Then force reset to re-apply normal boot platform secure policy.
> I will update the description. Do you have comments for it?
>

If the behavior change of the 'ProcessCapsules' API is covered during
design review process, then updating the comments is good to me.

Best Regards,
Hao Wu

> 
> BR,
> Wei Xu

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42580): https://edk2.groups.io/g/devel/message/42580
Mute This Topic: https://groups.io/mt/31938582/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't find TLS Service Binding Protocol

2019-06-19 Thread Xiaoyu Lu 
Hi bcran,

> -Original Message-
> From: Rebecca Cran [mailto:rebe...@bluestop.org]
> Sent: Wednesday, June 19, 2019 5:27 AM
> To: Lu, XiaoyuX ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Laszlo Ersek 
> Subject: Re: [edk2-devel] Problems using HTTPS boot: Http->Request can't
> find TLS Service Binding Protocol
> 
> On 2019-06-18 11:53, rebe...@bluestop.org wrote:
> > On 2019-06-18 02:52, Lu, XiaoyuX wrote:
> >>I test this in my own environment, It works well.
> >>The edk2 commit id : f03859ea6c8fddeaa3a5cc3d9a3461
> >>Build command:
> >>build -p ~/code/edk2/OvmfPkg/OvmfPkgX64.dsc -a X64 -t GCC5 -D
> NETWORK_TLS_ENABLE -D NETWORK_HTTP_BOOT_ENABLE
> >>DHCP server: Internet Systems Consortium DHCP Server 4.3.3
> >>
> >>Do you enroll your ca cert in Tls Auth Configuration?
> >>Could you give us more information?
> >
> > I set up a Linux environment to test, and found that it does actually
> > work there after all. So it seems the breakage is limited to running
> > OVMF built on FreeBSD, which I'll work on myself to fix.
> >
> >
> 
> Sorry - actually, I realized I was only testing the NOOPT build on
> FreeBSD, and on Linux the NOOPT build also doesn't work, while RELEASE
> does. And on FreeBSD the RELEASE and DEBUG builds work, but just NOOPT
> doesn't.
> 
> 
> Could you check if the NOOPT OVMF build works with HTTPS on your
> system,
> please?
> 

Thanks for your information. I checked the NOOPT OVMF in linux environment, it 
failed too.
I think compiler optimization hides this problem. 
By default, OpenSSL will auto load config file. But UEFI don't use it.
And OpenSSL commit (25eb9299) first introduced in OpenSSL_1_1_1b change 
openssl_config_int
function will cause this problem.

And I made a patch for it. You can find it at
https://edk2.groups.io/g/devel/message/42577

Thanks,
Xiaoyu

> 
> --
> Rebecca Cran


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42579): https://edk2.groups.io/g/devel/message/42579
Mute This Topic: https://groups.io/mt/32100684/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk APIs into CapsuleLib.

2019-06-19 Thread Xu, Wei6 
Thanks a lot for the comments. 
Please find my answer bellow.


> -Original Message-
> From: Wu, Hao A
> Sent: Wednesday, June 12, 2019 3:50 PM
> To: devel@edk2.groups.io; Xu, Wei6 
> Cc: Wang, Jian J ; Zhang, Chao B
> 
> Subject: RE: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On
> Disk APIs into CapsuleLib.
> 
> > -Original Message-
> > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Xu,
> > Wei6
> > Sent: Wednesday, June 05, 2019 11:42 PM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J; Wu, Hao A; Zhang, Chao B; Xu, Wei6
> > Subject: [edk2-devel][Patch v2 7/7] MdeModulePkg: Add Capsule On Disk
> > APIs into CapsuleLib.
> 
> 
> Not directly related with this patch, I saw many function declarations
> within .C file for this library. Could you help to propose another series
> to add header files to address this (Maybe like the case in
> MdeModulePkg/Universal/Variable/RuntimeDxe to handle multi-phases).
> 

Sure, I will work on it after this patch is done.

> 
> Some general level comments:
> 
> I saw some of the new functions whose scope is limited within a single
> file have been decorated with keyword 'STATIC'. Could you help to make it
> consistent for all the newly added global variables/functions? Also, could
> you help to use keyword 'static' (lower case) instead?
> 

I will update all 'STATIC' to 'static'.

> 
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1852
> >
> > CoDCheckCapsuleOnDiskFlag() is to check if CapsuleOnDisk flag in
> > "OsIndications" Variable is enabled. It is used to indicate whether
> > capsule on disk is provisioned in normal boot path.
> >
> > CoDClearCapsuleOnDiskFlag() is to to clear CapsuleOnDisk flags,
> > including "OsIndications" and "BootNext" variable.
> >
> > CoDRelocateCapsule() is to relocate the capsules from EFI system
> > partition. Depends on PcdCapsuleInRamSupport, there are two solutions
> > to relocate the capsule on disk images:
> > When Capsule In Ram is supported, the Capsule On Disk images are
> > relocated into memory, and call UpdateCapsule() service to deliver
> > the capsules.
> > When Capsule In Ram is not supported, the Capsule On Disk images are
> > relocated into a temp file which will be stored in root directory on
> > a platform specific storage device. CapsuleOnDiskLoadPei PEIM will
> > retrieve the capsules from the relocation temp file and report
> > capsule hobs for them.
> >
> > CoDRemoveTempFile() is to remove the relocation temp file in the next
> > boot after capsules are processed.
> >
> > Cc: Jian J Wang 
> > Cc: Hao A Wu 
> > Cc: Chao B Zhang 
> > Signed-off-by: Wei6 Xu 
> > ---
> >  MdeModulePkg/Include/Library/CapsuleLib.h  |   94 +-
> >  .../Library/DxeCapsuleLibFmp/CapsuleOnDisk.c   | 1983
> > 
> >  .../Library/DxeCapsuleLibFmp/CapsuleOnDisk.h   |   63 +
> >  .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c   |   56 +-
> >  .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf |   21 +-
> >  .../DxeCapsuleLibFmp/DxeCapsuleProcessLib.c|  121 +-
> >  .../Library/DxeCapsuleLibFmp/DxeCapsuleReportLib.c |   67 +-
> >  .../DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf  |3 +-
> >  .../Library/DxeCapsuleLibNull/DxeCapsuleLibNull.c  |   85 +-
> >  9 files changed, 2466 insertions(+), 27 deletions(-)
> >  create mode 100644
> > MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.c
> >  create mode 100644
> > MdeModulePkg/Library/DxeCapsuleLibFmp/CapsuleOnDisk.h
> >
> > diff --git a/MdeModulePkg/Include/Library/CapsuleLib.h
> > b/MdeModulePkg/Include/Library/CapsuleLib.h
> > index 1fc2fba3a2..f3cb17cbf9 100644
> > --- a/MdeModulePkg/Include/Library/CapsuleLib.h
> > +++ b/MdeModulePkg/Include/Library/CapsuleLib.h
> > @@ -1,17 +1,37 @@
> >  /** @file
> >
> >This library class defines a set of interfaces for how to process capsule
> > image updates.
> >
> > -Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
> > +Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
> >  SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> >  **/
> >
> >  #ifndef __CAPSULE_LIB_H__
> >  #define __CAPSULE_LIB_H__
> >
> > +#include 
> > +
> > +
> > +typedef struct {
> > +  //
> > +  // image address.
> > +  //
> > +  VOID *ImageAddress;
> > +  //
> > +  // The file info of the image comes from.
> > +  //  if FileInfo == NULL. means image does not come from file
> > +  //
> > +  EFI_FILE_INFO*FileInfo;
> > +} IMAGE_INFO;
> 
> 
> Will this 'IMAGE_INFO' structure (FileInfo.h include as well) be used by
> the consumer of CapsuleLib? For this series, this one is only used within
> DxeCapsuleLibFmp (implementation of CapsuleLib).
> 
> If it is only used internally, I suggest to move the definition into
> MdeModulePkg\Library\DxeCapsuleLibFmp\CapsuleOnDisk.h.
> 
> 
> > +
> > +//
> > +// BOOLEAN Variable to save the total size of all Capsule On Disk during
> > relocation
> > +//
> 
> 
> The above description comment

[edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: disable autoload-config for OpenSSL

2019-06-19 Thread Xiaoyu Lu 
This problem was found by Rebecca Cran .
REF: https://edk2.groups.io/g/devel/topic/32100684

OpenSSL will automatically load a system config file which configures
default ssl options. In UEFI, It will cause TlsInitialize failed
without OPENSSL_INIT_NO_LOAD_CONFIG flag. we don't use this feature,
So disable it.

Re-run process_files.py to generate OpensslLib[Crypto].inf files.

Cc: Jian J Wang 
Signed-off-by: Xiaoyu Lu 
---
 CryptoPkg/Library/Include/openssl/opensslconf.h | 3 +++
 CryptoPkg/Library/OpensslLib/process_files.pl   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h 
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 07fa2d3ce280..2b4d538e92d2 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -115,6 +115,9 @@ extern "C" {
 #ifndef OPENSSL_NO_AUTOERRINIT
 # define OPENSSL_NO_AUTOERRINIT
 #endif
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+# define OPENSSL_NO_AUTOLOAD_CONFIG
+#endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl 
b/CryptoPkg/Library/OpensslLib/process_files.pl
index 2783ff54f95a..3e8669e30fd7 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -53,6 +53,7 @@ BEGIN {
 "no-async",
 "no-autoalginit",
 "no-autoerrinit",
+"no-autoload-config",
 "no-bf",
 "no-blake2",
 "no-camellia",
-- 
2.7.4


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42577): https://edk2.groups.io/g/devel/message/42577
Mute This Topic: https://groups.io/mt/32120649/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 1/1] CryptoPkg/OpensslLib: Fix CR/LF issue

2019-06-19 Thread Xiaoyu Lu 
Re-run process_files.py to generate OpensslLib[Crypto].inf.
CryptoPkg/Library/Include/openssl/opensslconf.h is coped from OpenSSL,
So keep the CR/LF style like OpenSSL source file.

Cc: Jian J Wang 
Signed-off-by: Xiaoyu Lu 
---
 CryptoPkg/Library/Include/openssl/opensslconf.h | 80 -
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h 
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 9ce99705d80f..07fa2d3ce280 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -10,8 +10,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include 
-
+#include 
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -79,9 +79,9 @@ extern "C" {
 #ifndef OPENSSL_NO_SEED
 # define OPENSSL_NO_SEED
 #endif
-#ifndef OPENSSL_NO_SM2
-# define OPENSSL_NO_SM2
-#endif
+#ifndef OPENSSL_NO_SM2
+# define OPENSSL_NO_SM2
+#endif
 #ifndef OPENSSL_NO_SRP
 # define OPENSSL_NO_SRP
 #endif
@@ -91,9 +91,9 @@ extern "C" {
 #ifndef OPENSSL_NO_WHIRLPOOL
 # define OPENSSL_NO_WHIRLPOOL
 #endif
-#ifndef OPENSSL_RAND_SEED_NONE
-# define OPENSSL_RAND_SEED_NONE
-#endif
+#ifndef OPENSSL_RAND_SEED_NONE
+# define OPENSSL_RAND_SEED_NONE
+#endif
 #ifndef OPENSSL_NO_AFALGENG
 # define OPENSSL_NO_AFALGENG
 #endif
@@ -127,9 +127,9 @@ extern "C" {
 #ifndef OPENSSL_NO_DEPRECATED
 # define OPENSSL_NO_DEPRECATED
 #endif
-#ifndef OPENSSL_NO_DEVCRYPTOENG
-# define OPENSSL_NO_DEVCRYPTOENG
-#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
 #ifndef OPENSSL_NO_DGRAM
 # define OPENSSL_NO_DGRAM
 #endif
@@ -163,9 +163,9 @@ extern "C" {
 #ifndef OPENSSL_NO_ERR
 # define OPENSSL_NO_ERR
 #endif
-#ifndef OPENSSL_NO_EXTERNAL_TESTS
-# define OPENSSL_NO_EXTERNAL_TESTS
-#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
 #ifndef OPENSSL_NO_FILENAMES
 # define OPENSSL_NO_FILENAMES
 #endif
@@ -220,24 +220,24 @@ extern "C" {
 #ifndef OPENSSL_NO_TESTS
 # define OPENSSL_NO_TESTS
 #endif
-#ifndef OPENSSL_NO_TLS1_3
-# define OPENSSL_NO_TLS1_3
-#endif
+#ifndef OPENSSL_NO_TLS1_3
+# define OPENSSL_NO_TLS1_3
+#endif
 #ifndef OPENSSL_NO_UBSAN
 # define OPENSSL_NO_UBSAN
 #endif
-#ifndef OPENSSL_NO_UI_CONSOLE
-# define OPENSSL_NO_UI_CONSOLE
-#endif
+#ifndef OPENSSL_NO_UI_CONSOLE
+# define OPENSSL_NO_UI_CONSOLE
+#endif
 #ifndef OPENSSL_NO_UNIT_TEST
 # define OPENSSL_NO_UNIT_TEST
 #endif
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 # define OPENSSL_NO_WEAK_SSL_CIPHERS
 #endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
 #ifndef OPENSSL_NO_AFALGENG
 # define OPENSSL_NO_AFALGENG
 #endif
@@ -256,11 +256,11 @@ extern "C" {
  * functions.
  */
 #ifndef DECLARE_DEPRECATED
-# define DECLARE_DEPRECATED(f)   f;
-# ifdef __GNUC__
-#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
-#   undef DECLARE_DEPRECATED
-#   define DECLARE_DEPRECATED(f)f __attribute__ ((deprecated));
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)f __attribute__ ((deprecated));
 #  endif
 # endif
 #endif
@@ -284,18 +284,18 @@ extern "C" {
 # define OPENSSL_API_COMPAT OPENSSL_MIN_API
 #endif
 
-/*
- * Do not deprecate things to be deprecated in version 1.2.0 before the
- * OpenSSL version number matches.
- */
-#if OPENSSL_VERSION_NUMBER < 0x1020L
-# define DEPRECATEDIN_1_2_0(f)   f;
-#elif OPENSSL_API_COMPAT < 0x1020L
-# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
-#else
-# define DEPRECATEDIN_1_2_0(f)
-#endif
-
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x1020L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x1020L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
 #if OPENSSL_API_COMPAT < 0x1010L
 # define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
 #else
-- 
2.7.4


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42576): https://edk2.groups.io/g/devel/message/42576
Mute This Topic: https://groups.io/mt/32120640/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py

2019-06-19 Thread Xiaoyu Lu 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1881

Commit(0a1b13fd4d2210e2c3) fix VS2017 build failure
remove useless file in OpensslLib[Crypto].inf,
but we use process_files.py to generate files.
So exclude err_all.c file in process_files.py

Cc: Jian J Wang 
Cc: Ting Ye 
Signed-off-by: Xiaoyu Lu 
---
 CryptoPkg/Library/OpensslLib/process_files.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl 
b/CryptoPkg/Library/OpensslLib/process_files.pl
index e277108f0734..2783ff54f95a 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -132,6 +132,7 @@ foreach my $product ((@{$unified_info{libraries}},
 # So it can reduce porting time, compile time, library size.
 next if $s =~ "crypto/rand/randfile.c";
 next if $s =~ "crypto/store/";
+next if $s =~ "crypto/err/err_all.c";
 
 if ($product =~ "libssl") {
 push @sslfilelist, '  $(OPENSSL_PATH)/' . $s . "\r\n";
-- 
2.7.4


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#42575): https://edk2.groups.io/g/devel/message/42575
Mute This Topic: https://groups.io/mt/32120631/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-