Re: [edk2-devel] [Patch V4 3/4] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi.
Minor comment " to indicate whether to broadcast INIT-SIPI-SIPI or SIPI" -> " to broadcast INIT-SIPI-SIPI for first time AP wakeup" or similar. Thanks, Star -Original Message- From: Xie, Yuanhao Sent: Friday, July 28, 2023 1:24 PM To: Zeng, Star Cc: Dong, Eric ; Ni, Ray ; Kumar, Rahul R ; Gerd Hoffmann ; Ard Biesheuvel ; Yao, Jiewen ; Justen, Jordan L ; devel@edk2.groups.io Subject: RE: [Patch V4 3/4] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi. Hi Star, Could you please review this patch, I have made updates to the comments for: Do we really want to mention OVMF specifically in UefiCpuPkg.dec PCD definition ? Those comments may be better to be in OVMF dsc PCD override. Thanks for the feedback Yuanhao -Original Message- From: Xie, Yuanhao Sent: Friday, July 28, 2023 1:18 PM To: devel@edk2.groups.io Cc: Dong, Eric ; Ni, Ray ; Kumar, Rahul R ; Gerd Hoffmann ; Ard Biesheuvel ; Yao, Jiewen ; Justen, Jordan L ; Xie, Yuanhao Subject: [Patch V4 3/4] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi. Disable PcdFirstTimeWakeUpAPsBySipi for OVMF to let BSP wake up APs by INIT-SIPI-SIPI. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- OvmfPkg/OvmfPkgIa32.dsc| 9 - OvmfPkg/OvmfPkgIa32X64.dsc | 7 +++ OvmfPkg/OvmfPkgX64.dsc | 7 +++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index ed36935770..0193ea8af8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2023, Intel Corporation. All rights +reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -585,6 +585,13 @@ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF # + environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to # + indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE # diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 919315e4cb..05ded289ad 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -566,6 +566,13 @@ !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 !endif + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF # + environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to # + indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE [PcdsFixedAtBuild.IA32] # diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 823de0d0f9..d588e09da5 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -615,6 +615,13 @@ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF # + environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to # + indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE # -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107324): https://edk2.groups.io/g/devel/message/107324 Mute This Topic: https://groups.io/mt/100405496/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V4 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi
Would like to highlight it is for first time. " Determining Whether APs Awakened from SIPI or INIT-SIPI-SIPI" to "Determining APs first time wakeup by SIPI or INIT-SIPI-SIPI" or similar. " BSP Broadcast Method" -> " BSP Broadcast Method for first time AP wakeup" or similar. Thanks, Star -Original Message- From: Xie, Yuanhao Sent: Friday, July 28, 2023 1:24 PM To: Zeng, Star Cc: Dong, Eric ; Ni, Ray ; Kumar, Rahul R ; Gerd Hoffmann ; devel@edk2.groups.io Subject: RE: [Patch V4 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi Hi Star, Could you please review this patch, I have made updates to the comments for: Do we really want to mention OVMF specifically in UefiCpuPkg.dec PCD definition ? Those comments may be better to be in OVMF dsc PCD override. Thanks for the feedback Yuanhao -Original Message- From: Xie, Yuanhao Sent: Friday, July 28, 2023 1:18 PM To: devel@edk2.groups.io Cc: Dong, Eric ; Ni, Ray ; Kumar, Rahul R ; Gerd Hoffmann ; Xie, Yuanhao Subject: [Patch V4 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi Add PcdFirstTimeWakeUpAPsBySipi to check if it is in the OVMF environment and necessary to wake up APs by INIT-SIPI-SIPI. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/UefiCpuPkg.dec | 11 +++ 3 files changed, 13 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf index 7d45d3ad4d..55e46d4a1f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -81,6 +81,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf index 83e9028d0f..bc3d716aa9 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -66,6 +66,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index e7726a605c..fcfbd618dc 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -214,6 +214,17 @@ # @Prompt Configure the SEV-ES work area base gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize|0x0|UINT32|0x30002006 + ## Determining Whether APs Awakened from SIPI or INIT-SIPI-SIPI. + # Following a power-up or RESET of an MP system, The APs complete a # + minimal self-configuration, then wait for a startup signal (a SIPI # + message) from the BSP processor. + # + # TRUE - Broadcast SIPI. + # FALSE - Broadcast INIT-SIPI-SIPI. + # + # @Prompt BSP Broadcast Method. + + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|TRUE|BOOLEAN|0x3 + 0002007 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## This value is the CPU Local APIC base address, which aligns the address on a 4-KByte boundary. # @Prompt Configure base address of CPU Local APIC -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107323): https://edk2.groups.io/g/devel/message/107323 Mute This Topic: https://groups.io/mt/100405492/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] 回复: [PATCH v2 0/4] OvmfPkg/RiscVVirt: Add CLANGDWARF toolchain support
On Tue, Jul 25, 2023 at 05:59:25PM +0200, Ard Biesheuvel wrote: > On Fri, 21 Jul 2023 at 06:52, Sunil V L wrote: > > > > On Mon, Jul 17, 2023 at 11:38:31AM +0200, Ard Biesheuvel wrote: > > > On Mon, 17 Jul 2023 at 03:51, gaoliming via groups.io > > > wrote: > > > > > > > > Sunil: > > > > Do you use which CLANG version is used to verify this change? > > > > > > > > > > For the series, > > > > > > Tested-by: Ard Biesheuvel # Debian clang version 14.0.6 > > > > > Thanks!, Ard. > > > > Hi Liming, do you have any further feedback? > > > > Could we make some progress here? I'm happy to go and merge this if i > can get an ack on the basetools change Hi Liming, Could you please provide RB/ACK tag so that Ard can merge this? We would like to get this support added for upcoming stable release. Thanks! Sunil -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107322): https://edk2.groups.io/g/devel/message/107322 Mute This Topic: https://groups.io/mt/100187566/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V4 1/4] UefiCpuPkg: Add SendStartupIpiAllExcludingSelf
Hi Gerd, Could you please review this patch series? Thanks a lot Yuanhao -Original Message- From: Xie, Yuanhao Sent: Friday, July 28, 2023 1:18 PM To: devel@edk2.groups.io Cc: Xie, Yuanhao ; Dong, Eric ; Kumar, Rahul R ; Gerd Hoffmann ; Ni, Ray Subject: [Patch V4 1/4] UefiCpuPkg: Add SendStartupIpiAllExcludingSelf From: Yuanhao Xie Add new API SendStartupIpiAllExcludingSelf(), and modify SendInitSipiSipiAllExcludingSelf() by let it call the new API. Cc: Eric Dong Cc: Rahul Kumar Cc: Gerd Hoffmann Cc: Ray Ni Signed-off-by: Ray Ni Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- UefiCpuPkg/Include/Library/LocalApicLib.h | 17 - UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c | 43 ++- UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 43 ++- 3 files changed, 76 insertions(+), 27 deletions(-) diff --git a/UefiCpuPkg/Include/Library/LocalApicLib.h b/UefiCpuPkg/Include/Library/LocalApicLib.h index b55d88b0f5..d7c2ad3f70 100644 --- a/UefiCpuPkg/Include/Library/LocalApicLib.h +++ b/UefiCpuPkg/Include/Library/LocalApicLib.h @@ -4,7 +4,7 @@ Local APIC library assumes local APIC is enabled. It does not handles cases where local APIC is disabled. - Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2010 - 2023, Intel Corporation. All rights + reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -185,6 +185,21 @@ SendInitIpiAllExcludingSelf ( VOID ); +/** + Send a Start-up IPI to all processors excluding self. + This function returns after the IPI has been accepted by the target processors. + if StartupRoutine >= 1M, then ASSERT. + if StartupRoutine is not multiple of 4K, then ASSERT. + @param StartupRoutine Points to a start-up routine which is below 1M physical + address and 4K aligned. +**/ + +VOID +EFIAPI +SendStartupIpiAllExcludingSelf ( + IN UINT32 StartupRoutine + ); + /** Send an INIT-Start-up-Start-up IPI sequence to a specified target processor. diff --git a/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c b/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c index 008b8a070b..d56c6275cc 100644 --- a/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c +++ b/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c @@ -3,7 +3,7 @@ This local APIC library instance supports xAPIC mode only. - Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2010 - 2023, Intel Corporation. All rights + reserved. Copyright (c) 2017 - 2020, AMD Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -497,6 +497,33 @@ SendInitIpiAllExcludingSelf ( SendIpi (IcrLow.Uint32, 0); } +/** + Send a Start-up IPI to all processors excluding self. + This function returns after the IPI has been accepted by the target processors. + if StartupRoutine >= 1M, then ASSERT. + if StartupRoutine is not multiple of 4K, then ASSERT. + @param StartupRoutine Points to a start-up routine which is below 1M physical + address and 4K aligned. +**/ +VOID +EFIAPI +SendStartupIpiAllExcludingSelf ( + IN UINT32 StartupRoutine + ) +{ + LOCAL_APIC_ICR_LOW IcrLow; + + ASSERT (StartupRoutine < 0x10); + ASSERT ((StartupRoutine & 0xfff) == 0); + + IcrLow.Uint32= 0; + IcrLow.Bits.Vector = (StartupRoutine >> 12); + IcrLow.Bits.DeliveryMode = LOCAL_APIC_DELIVERY_MODE_STARTUP; + IcrLow.Bits.Level= 1; + IcrLow.Bits.DestinationShorthand = +LOCAL_APIC_DESTINATION_SHORTHAND_ALL_EXCLUDING_SELF; + SendIpi (IcrLow.Uint32, 0); +} + /** Send an INIT-Start-up-Start-up IPI sequence to a specified target processor. @@ -551,22 +578,12 @@ SendInitSipiSipiAllExcludingSelf ( IN UINT32 StartupRoutine ) { - LOCAL_APIC_ICR_LOW IcrLow; - - ASSERT (StartupRoutine < 0x10); - ASSERT ((StartupRoutine & 0xfff) == 0); - SendInitIpiAllExcludingSelf (); MicroSecondDelay (PcdGet32 (PcdCpuInitIpiDelayInMicroSeconds)); - IcrLow.Uint32= 0; - IcrLow.Bits.Vector = (StartupRoutine >> 12); - IcrLow.Bits.DeliveryMode = LOCAL_APIC_DELIVERY_MODE_STARTUP; - IcrLow.Bits.Level= 1; - IcrLow.Bits.DestinationShorthand = LOCAL_APIC_DESTINATION_SHORTHAND_ALL_EXCLUDING_SELF; - SendIpi (IcrLow.Uint32, 0); + SendStartupIpiAllExcludingSelf (StartupRoutine); if (!StandardSignatureIsAuthenticAMD ()) { MicroSecondDelay (200); -SendIpi (IcrLow.Uint32, 0); +SendStartupIpiAllExcludingSelf (StartupRoutine); } } diff --git a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c index 0ba0499631..aa4eb11181 100644 --- a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c +++
Re: [edk2-devel] [Patch V4 3/4] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi.
Hi Star, Could you please review this patch, I have made updates to the comments for: Do we really want to mention OVMF specifically in UefiCpuPkg.dec PCD definition ? Those comments may be better to be in OVMF dsc PCD override. Thanks for the feedback Yuanhao -Original Message- From: Xie, Yuanhao Sent: Friday, July 28, 2023 1:18 PM To: devel@edk2.groups.io Cc: Dong, Eric ; Ni, Ray ; Kumar, Rahul R ; Gerd Hoffmann ; Ard Biesheuvel ; Yao, Jiewen ; Justen, Jordan L ; Xie, Yuanhao Subject: [Patch V4 3/4] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi. Disable PcdFirstTimeWakeUpAPsBySipi for OVMF to let BSP wake up APs by INIT-SIPI-SIPI. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- OvmfPkg/OvmfPkgIa32.dsc| 9 - OvmfPkg/OvmfPkgIa32X64.dsc | 7 +++ OvmfPkg/OvmfPkgX64.dsc | 7 +++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index ed36935770..0193ea8af8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2023, Intel Corporation. All rights +reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -585,6 +585,13 @@ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF # + environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to # + indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE # diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 919315e4cb..05ded289ad 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -566,6 +566,13 @@ !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 !endif + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF # + environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to # + indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE [PcdsFixedAtBuild.IA32] # diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 823de0d0f9..d588e09da5 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -615,6 +615,13 @@ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF # + environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to # + indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE # -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107320): https://edk2.groups.io/g/devel/message/107320 Mute This Topic: https://groups.io/mt/100405496/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V4 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi
Hi Star, Could you please review this patch, I have made updates to the comments for: Do we really want to mention OVMF specifically in UefiCpuPkg.dec PCD definition ? Those comments may be better to be in OVMF dsc PCD override. Thanks for the feedback Yuanhao -Original Message- From: Xie, Yuanhao Sent: Friday, July 28, 2023 1:18 PM To: devel@edk2.groups.io Cc: Dong, Eric ; Ni, Ray ; Kumar, Rahul R ; Gerd Hoffmann ; Xie, Yuanhao Subject: [Patch V4 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi Add PcdFirstTimeWakeUpAPsBySipi to check if it is in the OVMF environment and necessary to wake up APs by INIT-SIPI-SIPI. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/UefiCpuPkg.dec | 11 +++ 3 files changed, 13 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf index 7d45d3ad4d..55e46d4a1f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -81,6 +81,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf index 83e9028d0f..bc3d716aa9 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -66,6 +66,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index e7726a605c..fcfbd618dc 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -214,6 +214,17 @@ # @Prompt Configure the SEV-ES work area base gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize|0x0|UINT32|0x30002006 + ## Determining Whether APs Awakened from SIPI or INIT-SIPI-SIPI. + # Following a power-up or RESET of an MP system, The APs complete a + # minimal self-configuration, then wait for a startup signal (a SIPI + # message) from the BSP processor. + # + # TRUE - Broadcast SIPI. + # FALSE - Broadcast INIT-SIPI-SIPI. + # + # @Prompt BSP Broadcast Method. + + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|TRUE|BOOLEAN|0x3 + 0002007 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## This value is the CPU Local APIC base address, which aligns the address on a 4-KByte boundary. # @Prompt Configure base address of CPU Local APIC -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107319): https://edk2.groups.io/g/devel/message/107319 Mute This Topic: https://groups.io/mt/100405492/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [Patch V4 3/4] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi.
Disable PcdFirstTimeWakeUpAPsBySipi for OVMF to let BSP wake up APs by INIT-SIPI-SIPI. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- OvmfPkg/OvmfPkgIa32.dsc| 9 - OvmfPkg/OvmfPkgIa32X64.dsc | 7 +++ OvmfPkg/OvmfPkgX64.dsc | 7 +++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index ed36935770..0193ea8af8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1,7 +1,7 @@ ## @file # EFI/Framework Open Virtual Machine Firmware (OVMF) platform # -# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved. +# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved. # (C) Copyright 2016 Hewlett Packard Enterprise Development LP # Copyright (c) Microsoft Corporation. # @@ -585,6 +585,13 @@ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF + # environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to + # indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE # diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 919315e4cb..05ded289ad 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -566,6 +566,13 @@ !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 !endif + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF + # environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to + # indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE [PcdsFixedAtBuild.IA32] # diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 823de0d0f9..d588e09da5 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -615,6 +615,13 @@ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # INIT is now triggered before BIOS by ucode/hardware. In the OVMF + # environment, QEMU lacks a simulation for the INIT process. + # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to + # indicate whether to broadcast INIT-SIPI-SIPI or SIPI. + # + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE # -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107317): https://edk2.groups.io/g/devel/message/107317 Mute This Topic: https://groups.io/mt/100405496/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [Patch V4 4/4] UefiCpuPkg:Wake up APs after power-up or RESET through SIPI.
The implementation of this new behavior aligns with the guidelines outlined in the Intel SDM. Following a power-up or RESET of an MP system, system hardware dynamically selects one of the processors on the system bus as the BSP. The remaining processors are designated as APs. The APs complete a minimal self-configuration, then wait for a startup signal (a SIPI message) from the BSP processor. Additionally, the MP protocol is executed only after a power-up or RESET. If the MP protocol has completed and a BSP is chosen, subsequent INITs (either to a specific processor or system wide) do not cause the MP protocol to be repeated. Instead, each logical processor examines its BSP flag (in the IA32_APIC_BASE MSR) to determine whether it should execute the BIOS boot-strap code (if it is the BSP) or enter a wait-for-SIPI state (if it is an AP). Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Signed-off-by: Ray Ni Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c index e7054adbcc..6f1456cfe1 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1294,7 +1294,14 @@ WakeUpAP ( if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag != ApInitConfig)) { SevSnpCreateAP (CpuMpData, -1); } else { -SendInitSipiSipiAllExcludingSelf ((UINT32)ExchangeInfo->BufferStart); +if ((CpuMpData->InitFlag == ApInitConfig) && FixedPcdGetBool (PcdFirstTimeWakeUpAPsBySipi)) { + // + // SIPI can be used for the first time wake up after reset to reduce boot time. + // + SendStartupIpiAllExcludingSelf ((UINT32)ExchangeInfo->BufferStart); +} else { + SendInitSipiSipiAllExcludingSelf ((UINT32)ExchangeInfo->BufferStart); +} } } -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107318): https://edk2.groups.io/g/devel/message/107318 Mute This Topic: https://groups.io/mt/100405497/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [Patch V4 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi
Add PcdFirstTimeWakeUpAPsBySipi to check if it is in the OVMF environment and necessary to wake up APs by INIT-SIPI-SIPI. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/UefiCpuPkg.dec | 11 +++ 3 files changed, 13 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf index 7d45d3ad4d..55e46d4a1f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -81,6 +81,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf index 83e9028d0f..bc3d716aa9 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -66,6 +66,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONSUMES diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index e7726a605c..fcfbd618dc 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -214,6 +214,17 @@ # @Prompt Configure the SEV-ES work area base gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize|0x0|UINT32|0x30002006 + ## Determining Whether APs Awakened from SIPI or INIT-SIPI-SIPI. + # Following a power-up or RESET of an MP system, The APs complete a + # minimal self-configuration, then wait for a startup signal (a SIPI + # message) from the BSP processor. + # + # TRUE - Broadcast SIPI. + # FALSE - Broadcast INIT-SIPI-SIPI. + # + # @Prompt BSP Broadcast Method. + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|TRUE|BOOLEAN|0x30002007 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## This value is the CPU Local APIC base address, which aligns the address on a 4-KByte boundary. # @Prompt Configure base address of CPU Local APIC -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107316): https://edk2.groups.io/g/devel/message/107316 Mute This Topic: https://groups.io/mt/100405492/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [Patch V4 1/4] UefiCpuPkg: Add SendStartupIpiAllExcludingSelf
From: Yuanhao Xie Add new API SendStartupIpiAllExcludingSelf(), and modify SendInitSipiSipiAllExcludingSelf() by let it call the new API. Cc: Eric Dong Cc: Rahul Kumar Cc: Gerd Hoffmann Cc: Ray Ni Signed-off-by: Ray Ni Signed-off-by: Yuanhao Xie Reviewed-by: Ray Ni --- UefiCpuPkg/Include/Library/LocalApicLib.h | 17 - UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c | 43 ++- UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 43 ++- 3 files changed, 76 insertions(+), 27 deletions(-) diff --git a/UefiCpuPkg/Include/Library/LocalApicLib.h b/UefiCpuPkg/Include/Library/LocalApicLib.h index b55d88b0f5..d7c2ad3f70 100644 --- a/UefiCpuPkg/Include/Library/LocalApicLib.h +++ b/UefiCpuPkg/Include/Library/LocalApicLib.h @@ -4,7 +4,7 @@ Local APIC library assumes local APIC is enabled. It does not handles cases where local APIC is disabled. - Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2010 - 2023, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -185,6 +185,21 @@ SendInitIpiAllExcludingSelf ( VOID ); +/** + Send a Start-up IPI to all processors excluding self. + This function returns after the IPI has been accepted by the target processors. + if StartupRoutine >= 1M, then ASSERT. + if StartupRoutine is not multiple of 4K, then ASSERT. + @param StartupRoutine Points to a start-up routine which is below 1M physical + address and 4K aligned. +**/ + +VOID +EFIAPI +SendStartupIpiAllExcludingSelf ( + IN UINT32 StartupRoutine + ); + /** Send an INIT-Start-up-Start-up IPI sequence to a specified target processor. diff --git a/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c b/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c index 008b8a070b..d56c6275cc 100644 --- a/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c +++ b/UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c @@ -3,7 +3,7 @@ This local APIC library instance supports xAPIC mode only. - Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2010 - 2023, Intel Corporation. All rights reserved. Copyright (c) 2017 - 2020, AMD Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -497,6 +497,33 @@ SendInitIpiAllExcludingSelf ( SendIpi (IcrLow.Uint32, 0); } +/** + Send a Start-up IPI to all processors excluding self. + This function returns after the IPI has been accepted by the target processors. + if StartupRoutine >= 1M, then ASSERT. + if StartupRoutine is not multiple of 4K, then ASSERT. + @param StartupRoutine Points to a start-up routine which is below 1M physical + address and 4K aligned. +**/ +VOID +EFIAPI +SendStartupIpiAllExcludingSelf ( + IN UINT32 StartupRoutine + ) +{ + LOCAL_APIC_ICR_LOW IcrLow; + + ASSERT (StartupRoutine < 0x10); + ASSERT ((StartupRoutine & 0xfff) == 0); + + IcrLow.Uint32= 0; + IcrLow.Bits.Vector = (StartupRoutine >> 12); + IcrLow.Bits.DeliveryMode = LOCAL_APIC_DELIVERY_MODE_STARTUP; + IcrLow.Bits.Level= 1; + IcrLow.Bits.DestinationShorthand = LOCAL_APIC_DESTINATION_SHORTHAND_ALL_EXCLUDING_SELF; + SendIpi (IcrLow.Uint32, 0); +} + /** Send an INIT-Start-up-Start-up IPI sequence to a specified target processor. @@ -551,22 +578,12 @@ SendInitSipiSipiAllExcludingSelf ( IN UINT32 StartupRoutine ) { - LOCAL_APIC_ICR_LOW IcrLow; - - ASSERT (StartupRoutine < 0x10); - ASSERT ((StartupRoutine & 0xfff) == 0); - SendInitIpiAllExcludingSelf (); MicroSecondDelay (PcdGet32 (PcdCpuInitIpiDelayInMicroSeconds)); - IcrLow.Uint32= 0; - IcrLow.Bits.Vector = (StartupRoutine >> 12); - IcrLow.Bits.DeliveryMode = LOCAL_APIC_DELIVERY_MODE_STARTUP; - IcrLow.Bits.Level= 1; - IcrLow.Bits.DestinationShorthand = LOCAL_APIC_DESTINATION_SHORTHAND_ALL_EXCLUDING_SELF; - SendIpi (IcrLow.Uint32, 0); + SendStartupIpiAllExcludingSelf (StartupRoutine); if (!StandardSignatureIsAuthenticAMD ()) { MicroSecondDelay (200); -SendIpi (IcrLow.Uint32, 0); +SendStartupIpiAllExcludingSelf (StartupRoutine); } } diff --git a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c index 0ba0499631..aa4eb11181 100644 --- a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c +++ b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c @@ -4,7 +4,7 @@ This local APIC library instance supports x2APIC capable processors which have xAPIC and x2APIC modes. - Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. + Copyright (c) 2010 - 2023, Intel Corporation. All rights reserved. Copyright (c) 2017 - 2020, AMD Inc. All
[edk2-devel] [Patch V4 0/4] Wake up APs after power-up or RESET through SIPI.
The implementation of this new behavior aligns with the guidelines outlined in the Intel SDM. Following a power-up or RESET of an MP system, system hardware dynamically selects one of the processors on the system bus as the BSP. The remaining processors are designated as APs. The APs complete a minimal self-configuration, then wait for SIPI from the BSP processor. Yuanhao Xie (1): UefiCpuPkg: Add SendStartupIpiAllExcludingSelf YuanhaoXie (3): UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi. UefiCpuPkg:Wake up APs after power-up or RESET through SIPI. OvmfPkg/OvmfPkgIa32.dsc| 9 - OvmfPkg/OvmfPkgIa32X64.dsc | 7 +++ OvmfPkg/OvmfPkgX64.dsc | 7 +++ UefiCpuPkg/Include/Library/LocalApicLib.h | 17 - UefiCpuPkg/Library/BaseXApicLib/BaseXApicLib.c | 43 ++- UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 43 ++- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 - UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/UefiCpuPkg.dec | 11 +++ 10 files changed, 119 insertions(+), 29 deletions(-) -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107314): https://edk2.groups.io/g/devel/message/107314 Mute This Topic: https://groups.io/mt/100405489/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Hi Michael D, Could you help to review and merge this patch to MdePkg? This patch is only to add 2 new GUIDs. These 2 GUIDs will be used for adding RSA3072/RSA4096 cert support for secure boot feature. Thank you. BR Sheng Wei > -Original Message- > From: devel@edk2.groups.io On Behalf Of Sheng > Wei > Sent: 2023年7月27日 14:35 > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J > ; Xu, Min M ; Chen, Zeyi > ; Wang, Fiona ; Lu, Xiaoyu1 > ; Jiang, Guomin ; Kinney, > Michael D ; Gao, Liming > > Subject: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for > CERT_RSA3072 and CERT_RSA4096 > > Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Zeyi Chen > Cc: Fiona Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney > Cc: Liming Gao > Signed-off-by: Sheng Wei > --- > MdePkg/Include/Guid/ImageAuthentication.h | 26 > +++ > MdePkg/MdePkg.dec | 2 ++ > 2 files changed, 28 insertions(+) > > diff --git a/MdePkg/Include/Guid/ImageAuthentication.h > b/MdePkg/Include/Guid/ImageAuthentication.h > index fe83596571..c8ea2c14fb 100644 > --- a/MdePkg/Include/Guid/ImageAuthentication.h > +++ b/MdePkg/Include/Guid/ImageAuthentication.h > @@ -144,6 +144,30 @@ typedef struct { > 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, > 0xb6} \ } +///+/// This identifies a signature containing an RSA-3072 key. > The > key (only the modulus+/// since the public key exponent is known to be > 0x10001) shall be stored in big-endian+/// order.+/// The SignatureHeader > size shall always be 0. The SignatureSize shall always be 16 (size+/// of > SignatureOwner component) + 384 bytes.+///+#define > EFI_CERT_RSA3072_GUID \+ { \+0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, > 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \+ }++///+/// This identifies a > signature > containing an RSA-4096 key. The key (only the modulus+/// since the public > key exponent is known to be 0x10001) shall be stored in big-endian+/// > order.+/// The SignatureHeader size shall always be 0. The SignatureSize shall > always be 16 (size+/// of SignatureOwner component) + 512 > bytes.+///+#define EFI_CERT_RSA4096_GUID \+ { \+0xb23e89a6, 0x8c8b, > 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \+ }+ /// /// This > identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The > /// SignatureHeader size shall always be 0. The SignatureSize shall always be > 16 (size of@@ -330,6 +354,8 @@ typedef struct { > extern EFI_GUID gEfiImageSecurityDatabaseGuid; extern EFI_GUID > gEfiCertSha256Guid; extern EFI_GUID gEfiCertRsa2048Guid;+extern > EFI_GUID gEfiCertRsa3072Guid;+extern EFI_GUID gEfiCertRsa4096Guid; > extern EFI_GUID gEfiCertRsa2048Sha256Guid; extern EFI_GUID > gEfiCertSha1Guid; extern EFI_GUID gEfiCertRsa2048Sha1Guid;diff --git > a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index > b85614992b..24e4779d33 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -581,6 +581,8 @@ >gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, > 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }} gEfiCertSha256Guid = > { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 > }} > gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, > 0xed, > 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}+ gEfiCertRsa3072Guid= { > 0xedd320c2, > 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}+ > gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, > 0x15, > 0x4e, 0x8d, 0x00, 0x98, 0x2c }} gEfiCertRsa2048Sha256Guid = { > 0xe2b36190, > 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }} > gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, > 0xbe, > 0x1, 0x49, 0x66, 0x31, 0xbd }} gEfiCertRsa2048Sha1Guid= { > 0x67f8444f, > 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}-- > 2.26.2.windows.1 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#107294): > https://edk2.groups.io/g/devel/message/107294 > Mute This Topic: https://groups.io/mt/100385942/2558558 > Group Owner: devel+ow...@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [w.sh...@intel.com] - > =-=-=-=-=-= > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107313): https://edk2.groups.io/g/devel/message/107313 Mute This Topic: https://groups.io/mt/100405114/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V3 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi
Do we really want to mention OVMF specifically in UefiCpuPkg.dec PCD definition ? Those comments may be better to be in OVMF dsc PCD override. -Original Message- From: devel@edk2.groups.io On Behalf Of Ni, Ray Sent: Friday, July 21, 2023 11:52 AM To: Xie, Yuanhao ; devel@edk2.groups.io Cc: Dong, Guo ; Rhodes, Sean ; Lu, James ; Guo, Gua Subject: Re: [edk2-devel] [Patch V3 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi Reviewed-by: Ray Ni > -Original Message- > From: Xie, Yuanhao > Sent: Thursday, July 20, 2023 3:08 PM > To: devel@edk2.groups.io > Cc: Dong, Guo ; Ni, Ray ; > Rhodes, Sean ; Lu, James ; > Guo, Gua ; Xie, Yuanhao > Subject: [Patch V3 2/4] UefiCpuPkg: Add PcdFirstTimeWakeUpAPsBySipi > > Add PcdFirstTimeWakeUpAPsBySipi to check if it is in the OVMF > environment and necessary to wake up APs by INIT-SIPI-SIPI. > > Cc: Guo Dong > Cc: Ray Ni > Cc: Sean Rhodes > Cc: James Lu > Cc: Gua Guo > Signed-off-by: Yuanhao Xie > --- > UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + > UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + > UefiCpuPkg/UefiCpuPkg.dec | 11 +++ > 3 files changed, 13 insertions(+) > > diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > index 7d45d3ad4d..55e46d4a1f 100644 > --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > @@ -81,6 +81,7 @@ >gUefiCpuPkgTokenSpaceGuid.PcdCpuApStatusCheckIntervalInMicroSeconds > ## CONSUMES >gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## > CONSUMES >gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## > SOMETIMES_CONSUMES > + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi## > CONSUMES >gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## > CONSUMES >gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## > CONSUMES >gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## > CONSUMES > diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf > b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf > index 83e9028d0f..bc3d716aa9 100644 > --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf > +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf > @@ -66,6 +66,7 @@ >gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## > SOMETIMES_CONSUMES >gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## > SOMETIMES_CONSUMES >gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## > CONSUMES > + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## > CONSUMES >gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## > CONSUMES >gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## > CONSUMES > > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec > index e7726a605c..cef0cbd43b 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -214,6 +214,17 @@ ># @Prompt Configure the SEV-ES work area base > > gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize|0x0|UINT32|0x30002006 > > + ## INIT is now triggered before BIOS by ucode/hardware. In the OVMF > + # environment, QEMU lacks a simulation for the INIT process. > + # To address this, PcdFirstTimeWakeUpAPsBySipi is to indicate # > + whether to broadcast INIT-SIPI-SIPI or SIPI. > + # > + # TRUE - Broadcast SIPI in the OVMF environment. > + # FALSE - Broadcast INIT-SIPI-SIPI. > + # > + # @Prompt Ovmf environement Check. > + > gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|TRUE|BOOLEAN|0 > x30002007 > + > [PcdsFixedAtBuild, PcdsPatchableInModule] >## This value is the CPU Local APIC base address, which aligns the > address on a 4-KByte boundary. ># @Prompt Configure base address of CPU Local APIC > -- > 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107312): https://edk2.groups.io/g/devel/message/107312 Mute This Topic: https://groups.io/mt/100251416/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [edk2-platforms][PATCH V1] Silicon/Synopsys/DesignWare: DwEmacSnpDxe: Fix bug in EmacGetDmaStatus
From: Yang Wang If IrqStat is NULL, the interrupt status will not be read from the device.When the interrupt status is read, it will also be cleared. Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Ran Wang Signed-off-by: Yang Wang --- .../Drivers/DwEmacSnpDxe/EmacDxeUtil.c| 22 --- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c index 3b982ce984..26d3ff6138 100755 --- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c +++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c @@ -500,24 +500,30 @@ EmacGetDmaStatus ( UINT32 ErrorBit; UINT32 Mask = 0; + if (IrqStat != NULL) { +*IrqStat = 0; + } + DmaStatus = MmioRead32 (MacBaseAddress + DW_EMAC_DMAGRP_STATUS_OFST); if (DmaStatus & DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK) { Mask |= DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK; // Rx interrupt if (DmaStatus & DW_EMAC_DMAGRP_STATUS_RI_SET_MSK) { - *IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; - Mask |= DW_EMAC_DMAGRP_STATUS_RI_SET_MSK; -} else { - *IrqStat &= ~EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; + if (IrqStat != NULL) { +*IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; +Mask |= DW_EMAC_DMAGRP_STATUS_RI_SET_MSK; + } } + // Tx interrupt if (DmaStatus & DW_EMAC_DMAGRP_STATUS_TI_SET_MSK) { - *IrqStat |= EFI_SIMPLE_NETWORK_TRANSMIT_INTERRUPT; - Mask |= DW_EMAC_DMAGRP_STATUS_TI_SET_MSK; -} else { - *IrqStat &= ~EFI_SIMPLE_NETWORK_TRANSMIT_INTERRUPT; + if (IrqStat != NULL) { +*IrqStat |= EFI_SIMPLE_NETWORK_TRANSMIT_INTERRUPT; +Mask |= DW_EMAC_DMAGRP_STATUS_TI_SET_MSK; + } } + // Tx Buffer if (DmaStatus & DW_EMAC_DMAGRP_STATUS_TU_SET_MSK){ Mask |= DW_EMAC_DMAGRP_STATUS_TU_SET_MSK; -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107311): https://edk2.groups.io/g/devel/message/107311 Mute This Topic: https://groups.io/mt/100404855/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] Silicon/Synopsys/DesignWare: DwEmacSnpDxe: Fix bug in EmacGetDmaStatus
Hi Pedro Falcato, At 2023-07-27 21:45:46, "Pedro Falcato" wrote: >On Thu, Jul 27, 2023 at 8:12 AM wangy wrote: >> >> Hi Pedro Falcato, >> >> At 2023-07-27 08:26:44, "Pedro Falcato" wrote: >> >On Wed, Jul 26, 2023 at 4:07 AM wangy wrote: >> >> >> >> Hi Pedro Falcato, >> >> >> >> At 2023-07-25 16:45:01, "Pedro Falcato" wrote: >> >> >> >> >On Tue, Jul 25, 2023 at 2:10 AM wrote: >> >> >> >> >> >> From: Yang Wang >> >> >> >> >> >> Check EmacGetDmaStatus input parameters >> >> >> IrqStat may be a null pointer. >> >> >> >> >> >> Signed-off-by: Yang Wang >> >> >> --- >> >> >> .../Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c | 7 +-- >> >> >> .../Drivers/DwEmacSnpDxe/EmacDxeUtil.c | 16 >> >> >> .../Drivers/DwEmacSnpDxe/EmacDxeUtil.h | 2 +- >> >> >> 3 files changed, 18 insertions(+), 7 deletions(-) >> >> >> >> >> >> diff --git >> >> >> a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> >> b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> >> index 4cb3371d79..6805511a1d 100755 >> >> >> --- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> >> +++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> >> @@ -847,9 +847,12 @@ SnpGetStatus ( >> >> >>} >> >> >> >> >> >>// Check DMA Irq status >> >> >> - EmacGetDmaStatus (IrqStat, Snp->MacBase); >> >> >> + Status = EmacGetDmaStatus (IrqStat, Snp->MacBase); >> >> >> + if (EFI_ERROR(Status)) { >> >> >> +DEBUG ((DEBUG_ERROR, "%a: error Status: %r\n", __func__, >> >> >> Status)); >> >> >> + } >> >> >> >> >> >> - return EFI_SUCCESS; >> >> >> + return Status; >> >> >> } >> >> >> >> >> >> >> >> >> diff --git >> >> >> a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> >> b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> >> index 3b982ce984..45b5a05f51 100755 >> >> >> --- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> >> +++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> >> @@ -489,16 +489,22 @@ EmacDmaStart ( >> >> >> } >> >> >> >> >> >> >> >> >> -VOID >> >> >> +EFI_STATUS >> >> >> EFIAPI >> >> >> EmacGetDmaStatus ( >> >> >>OUT UINT32 *IrqStat OPTIONAL, >> >> >>IN UINTNMacBaseAddress >> >> >>) >> >> >> { >> >> >> - UINT32 DmaStatus; >> >> >> - UINT32 ErrorBit; >> >> >> - UINT32 Mask = 0; >> >> >> + UINT32DmaStatus; >> >> >> + UINT32ErrorBit; >> >> >> + UINT32Mask = 0; >> >> >> + EFI_STATUSStatus = EFI_SUCCESS; >> >> >> + >> >> >> + if (IrqStat == NULL) { >> >> >> +Status = EFI_INVALID_PARAMETER; >> >> >> +goto EXIT; >> >> >> + } >> >> > >> >> >This patch looks bogus to me. IrqStat is marked OPTIONAL, how can you >> >> >error out if it isn't provided? >> >> >> >> I foud in the MnpRecycleTxBuf(), it will pass NULL in 2nd parameter at >> >> code of 'Status=Snp ->GetStatus (Snp, NULL, (VOID * *));'. >> >> then in EmacGetDmaStatus(), it will not check this pointer and use >> >> directly, causig this problem (system hang). That's why I add above check. >> >> >> > >> >The EFI_SIMPLE_NETWORK protocol, that SnpGetStatus implements, says: >> > >> >> A pointer to the bit mask of the currently active interrupts (see >> >> “Related Definitions”). If this is NULL, the interrupt status will not be >> >> read from the device. >> >> If this is not NULL, the interrupt status will be read from the device. >> >> When the interrupt status is read, it will also be cleared. >> >> Clearing the transmit interrupt does not empty the recycled transmit >> >> buffer array. >> > >> >So it seems to me that there's some missing logic in EmacGetDmaStatus. >> > >> >I don't know this hardware, but I'll assume that writes to >> >DW_EMAC_DMAGRP_STATUS_OFST clear/ACK the corresponding interrupt >> >status bit. >> > >> >I would suggest this (apologies for gmail line wrapping, hopefully you >> >get the idea): >> > >> >diff --git a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >index 3b982ce98411..df4ce53e9e0b 100755 >> >--- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >+++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >@@ -500,24 +500,29 @@ EmacGetDmaStatus ( >> > UINT32 ErrorBit; >> > UINT32 Mask = 0; >> > >> >+ if (IrqStat != NULL) { >> >+*IrqStat = 0; >> >+ } >> >+ >> > DmaStatus = MmioRead32 (MacBaseAddress + >> > DW_EMAC_DMAGRP_STATUS_OFST); >> > if (DmaStatus & DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK) { >> >Mask |= DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK; >> >// Rx interrupt >> >if (DmaStatus & DW_EMAC_DMAGRP_STATUS_RI_SET_MSK) { >> >- *IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; >> >- Mask |= DW_EMAC_DMAGRP_STATUS_RI_SET_MSK; >> >-} else { >> >- *IrqStat &=
Re: [edk2-devel] [PATCH V5 3/3] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
Reviewed-by: Jiewen Yao > -Original Message- > From: Sheng, W > Sent: Thursday, July 27, 2023 2:35 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Chen, Zeyi ; Wang, > Fiona > Subject: [PATCH V5 3/3] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413 > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Zeyi Chen > Cc: Fiona Wang > Signed-off-by: Sheng Wei > --- > .../Library/AuthVariableLib/AuthService.c | 220 +++--- > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > .../DxeImageVerificationLib.c | 73 +++--- > .../SecureBootConfigDxe.inf | 16 ++ > .../SecureBootConfigImpl.c| 114 +++-- > .../SecureBootConfigImpl.h| 7 + > .../SecureBootConfigStrings.uni | 6 + > 8 files changed, 391 insertions(+), 91 deletions(-) > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c > b/SecurityPkg/Library/AuthVariableLib/AuthService.c > index d81c581d78..4c268a85cd 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > @@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > > #include > > > > +#define SHA_DIGEST_SIZE_MAX SHA512_DIGEST_SIZE > > + > > +/** > > + Retrieves the size, in bytes, of the context buffer required for hash > operations. > > + > > + If this interface is not supported, then return zero. > > + > > + @return The size, in bytes, of the context buffer required for hash > operations. > > + @retval 0 This interface is not supported. > > + > > +**/ > > +typedef > > +UINTN > > +(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)( > > + VOID > > + ); > > + > > +/** > > + Initializes user-supplied memory pointed by Sha1Context as hash context for > > + subsequent use. > > + > > + If HashContext is NULL, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[out] HashContext Pointer to Hashcontext being initialized. > > + > > + @retval TRUE Hash context initialization succeeded. > > + @retval FALSE Hash context initialization failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +typedef > > +BOOLEAN > > +(EFIAPI *EFI_HASH_INIT)( > > + OUT VOID *HashContext > > + ); > > + > > +/** > > + Digests the input data and updates Hash context. > > + > > + This function performs Hash digest on a data buffer of the specified size. > > + It can be called multiple times to compute the digest of long or > discontinuous > data streams. > > + Hash context should be already correctly initialized by HashInit(), and > should > not be finalized > > + by HashFinal(). Behavior with invalid context is undefined. > > + > > + If HashContext is NULL, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in, out] HashContext Pointer to the Hash context. > > + @param[in] Data Pointer to the buffer containing the data to > be > hashed. > > + @param[in] DataSize Size of Data buffer in bytes. > > + > > + @retval TRUE SHA-1 data digest succeeded. > > + @retval FALSE SHA-1 data digest failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +typedef > > +BOOLEAN > > +(EFIAPI *EFI_HASH_UPDATE)( > > + IN OUT VOID*HashContext, > > + IN CONST VOID *Data, > > + IN UINTN DataSize > > + ); > > + > > +/** > > + Completes computation of the Hash digest value. > > + > > + This function completes hash computation and retrieves the digest value > into > > + the specified memory. After this function has been called, the Hash context > cannot > > + be used again. > > + Hash context should be already correctly initialized by HashInit(), and > should > not be > > + finalized by HashFinal(). Behavior with invalid Hash context is undefined. > > + > > + If HashContext is NULL, then return FALSE. > > + If HashValue is NULL, then return FALSE. > > + If this interface is not supported, then return FALSE. > > + > > + @param[in, out] HashContext Pointer to the Hash context. > > + @param[out] HashValuePointer to a buffer that receives the Hash > digest > > +value. > > + > > + @retval TRUE Hash digest computation succeeded. > > + @retval FALSE Hash digest computation failed. > > + @retval FALSE This interface is not supported. > > + > > +**/ > > +typedef > > +BOOLEAN > > +(EFIAPI *EFI_HASH_FINAL)( > > + IN OUT VOID *HashContext, > > + OUT UINT8 *HashValue > > + ); > > + > > +typedef struct { > > + UINT32 HashSize; > > +
Re: [edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384
OK. Thanks! > -Original Message- > From: Sheng, W > Sent: Friday, July 28, 2023 9:50 AM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: Wang, Jian J ; Xu, Min M ; > Chen, Zeyi ; Wang, Fiona ; Lu, > Xiaoyu1 ; Jiang, Guomin ; > Kinney, Michael D ; Gao, Liming > > Subject: RE: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > Here are my negative tests. > 1) Enroll a RSA2048 Cert, execute an unsigned efi image. > 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. > 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. > 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi > image. > > Test Result: > Get "Access Denied" when try to execute the efi image. > > Thank you. > BR > Sheng Wei > > > -Original Message- > > From: Yao, Jiewen > > Sent: 2023年7月27日 17:45 > > To: Sheng, W ; devel@edk2.groups.io > > Cc: Wang, Jian J ; Xu, Min M ; > > Chen, Zeyi ; Wang, Fiona ; > > Lu, Xiaoyu1 ; Jiang, Guomin > > ; Kinney, Michael D > > ; Gao, Liming > > Subject: RE: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > > > Thanks. May I know what *negative* test you have done? > > > > > > > -Original Message- > > > From: Sheng, W > > > Sent: Thursday, July 27, 2023 2:35 PM > > > To: devel@edk2.groups.io > > > Cc: Yao, Jiewen ; Wang, Jian J > > > ; Xu, Min M ; Chen, Zeyi > > > ; Wang, Fiona ; Lu, Xiaoyu1 > > > ; Jiang, Guomin ; > > > Kinney, Michael D ; Gao, Liming > > > > > > Subject: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > > > > > Patch V5: > > > Using define KEY_TYPE_RSASSA to replace the magic number. > > > > > > Patch V4: > > > Determine the RSA algorithm by a supported algorithm list. > > > > > > Patch V3: > > > Select SHA algorithm automaticly for a unsigned efi image. > > > > > > Patch V2: > > > Determine the SHA algorithm by a supported algorithm list. > > > Create SHA context for each algorithm. > > > > > > Test Case: > > > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image > > > under UEFI shell. > > > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image > > > under UEFI shell. > > > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image > > > under UEFI shell. > > > 4. Enroll an unsigned efi image, execute the unsigned efi image under > > > UEFI shell > > > > > > Test Result: > > > Pass > > > > > > Cc: Jiewen Yao > > > Cc: Jian J Wang > > > Cc: Min Xu > > > Cc: Zeyi Chen > > > Cc: Fiona Wang > > > Cc: Xiaoyu Lu > > > Cc: Guomin Jiang > > > Cc: Michael D Kinney > > > Cc: Liming Gao > > > > > > Sheng Wei (3): > > > MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 > > > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > > > ImageTimestampVerify > > > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > > > MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ > > > MdePkg/MdePkg.dec | 2 + > > > .../Library/AuthVariableLib/AuthService.c | 220 +++--- > > > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > > > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > > > .../DxeImageVerificationLib.c | 73 +++--- > > > .../SecureBootConfigDxe.inf | 16 ++ > > > .../SecureBootConfigImpl.c| 114 +++-- > > > .../SecureBootConfigImpl.h| 7 + > > > .../SecureBootConfigStrings.uni | 6 + > > > 11 files changed, 421 insertions(+), 92 deletions(-) > > > > > > -- > > > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107308): https://edk2.groups.io/g/devel/message/107308 Mute This Topic: https://groups.io/mt/100385941/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
回复: [edk2-devel] [PATCH] BaseTools: Add FMMT BinPipWrappers
Reviewed-by: Liming Gao > -邮件原件- > 发件人: devel@edk2.groups.io 代表 Yuwei Chen > 发送时间: 2023年7月26日 15:17 > 收件人: devel@edk2.groups.io > 抄送: Rebecca Cran ; Liming Gao > ; Bob Feng > 主题: [edk2-devel] [PATCH] BaseTools: Add FMMT BinPipWrappers > > Cc: Rebecca Cran > Cc: Liming Gao > Cc: Bob Feng > Signed-off-by: Yuwei Chen > --- > BaseTools/BinPipWrappers/PosixLike/FMMT | 12 > BaseTools/BinPipWrappers/WindowsLike/FMMT.bat | 3 +++ > 2 files changed, 15 insertions(+) > create mode 100755 BaseTools/BinPipWrappers/PosixLike/FMMT > create mode 100644 BaseTools/BinPipWrappers/WindowsLike/FMMT.bat > > diff --git a/BaseTools/BinPipWrappers/PosixLike/FMMT > b/BaseTools/BinPipWrappers/PosixLike/FMMT > new file mode 100755 > index 00..9d143c7fc6 > --- /dev/null > +++ b/BaseTools/BinPipWrappers/PosixLike/FMMT > @@ -0,0 +1,12 @@ > +#!/usr/bin/env bash > +#python `dirname $0`/RunToolFromSource.py `basename $0` $* > + > +# If a ${PYTHON_COMMAND} command is available, use it in preference to > python > +if command -v ${PYTHON_COMMAND} >/dev/null 2>&1; then > +python_exe=${PYTHON_COMMAND} > +fi > + > +full_cmd=${BASH_SOURCE:-$0} # see > http://mywiki.wooledge.org/BashFAQ/028 for a discussion of why $0 is not a > good choice here > +cmd=${full_cmd##*/} > + > +exec "${python_exe:-python}" -m edk2basetools.$cmd.$cmd "$@" > diff --git a/BaseTools/BinPipWrappers/WindowsLike/FMMT.bat > b/BaseTools/BinPipWrappers/WindowsLike/FMMT.bat > new file mode 100644 > index 00..d347d64844 > --- /dev/null > +++ b/BaseTools/BinPipWrappers/WindowsLike/FMMT.bat > @@ -0,0 +1,3 @@ > +@setlocal > +@set ToolName=%~n0% > +@%PYTHON_COMMAND% -m > edk2basetools.%ToolName%.%ToolName% %* > -- > 2.39.1.windows.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107307): https://edk2.groups.io/g/devel/message/107307 Mute This Topic: https://groups.io/mt/100403646/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384
Here are my negative tests. 1) Enroll a RSA2048 Cert, execute an unsigned efi image. 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi image. Test Result: Get "Access Denied" when try to execute the efi image. Thank you. BR Sheng Wei > -Original Message- > From: Yao, Jiewen > Sent: 2023年7月27日 17:45 > To: Sheng, W ; devel@edk2.groups.io > Cc: Wang, Jian J ; Xu, Min M ; > Chen, Zeyi ; Wang, Fiona ; > Lu, Xiaoyu1 ; Jiang, Guomin > ; Kinney, Michael D > ; Gao, Liming > Subject: RE: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > Thanks. May I know what *negative* test you have done? > > > > -Original Message- > > From: Sheng, W > > Sent: Thursday, July 27, 2023 2:35 PM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > > ; Xu, Min M ; Chen, Zeyi > > ; Wang, Fiona ; Lu, Xiaoyu1 > > ; Jiang, Guomin ; > > Kinney, Michael D ; Gao, Liming > > > > Subject: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > > > Patch V5: > > Using define KEY_TYPE_RSASSA to replace the magic number. > > > > Patch V4: > > Determine the RSA algorithm by a supported algorithm list. > > > > Patch V3: > > Select SHA algorithm automaticly for a unsigned efi image. > > > > Patch V2: > > Determine the SHA algorithm by a supported algorithm list. > > Create SHA context for each algorithm. > > > > Test Case: > > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image > > under UEFI shell. > > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image > > under UEFI shell. > > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image > > under UEFI shell. > > 4. Enroll an unsigned efi image, execute the unsigned efi image under > > UEFI shell > > > > Test Result: > > Pass > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Min Xu > > Cc: Zeyi Chen > > Cc: Fiona Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Michael D Kinney > > Cc: Liming Gao > > > > Sheng Wei (3): > > MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 > > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > > ImageTimestampVerify > > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > > MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ > > MdePkg/MdePkg.dec | 2 + > > .../Library/AuthVariableLib/AuthService.c | 220 +++--- > > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > > .../DxeImageVerificationLib.c | 73 +++--- > > .../SecureBootConfigDxe.inf | 16 ++ > > .../SecureBootConfigImpl.c| 114 +++-- > > .../SecureBootConfigImpl.h| 7 + > > .../SecureBootConfigStrings.uni | 6 + > > 11 files changed, 421 insertions(+), 92 deletions(-) > > > > -- > > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107306): https://edk2.groups.io/g/devel/message/107306 Mute This Topic: https://groups.io/mt/100385941/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] MdeModulePkg: AllocatePages for TranslateBmpToGopBlt
On Thu, Jul 27, 2023 at 4:40 PM chitralekha ck wrote: > > https://bugzilla.tianocore.org/show_bug.cgi?id=4507 > AllocatePool limits to allocate memory of 64 KB at most in PEI Phase. > AllocatePool() is being avoided due to its 64k allocation size limit > when the library is incorporated into a PEI component. > > change the function debug string to __func__ If you really want to change this (why??), change this separately (as another commit/patch), like Ard told you before. This patch should only have AllocatePool -> AllocatePages changes. > > Cc: Ray Ni > Cc: Zhichao Gao > Cc: Ashraf Ali S > Cc: Chinni B Duggapu > Signed-off-by: chitralekha ck > --- > .../Library/BaseBmpSupportLib/BmpSupportLib.c | 58 +++ > 1 file changed, 33 insertions(+), 25 deletions(-) > > diff --git a/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c > b/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c > index c5e885d7a6..d0833a721f 100644 > --- a/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c > +++ b/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c > @@ -52,7 +52,7 @@ const BMP_IMAGE_HEADER mBmpImageHeaderTemplate = { > /** >Translate a *.BMP graphics image to a GOP blt buffer. If a NULL Blt buffer >is passed in a GopBlt buffer will be allocated by this routine using > - EFI_BOOT_SERVICES.AllocatePool(). If a GopBlt buffer is passed in it will > be > + EFI_BOOT_SERVICES.AllocatePages(). If a GopBlt buffer is passed in it will > be >used if it is big enough. > >@param[in] BmpImage Pointer to BMP file. > @@ -113,14 +113,14 @@ TranslateBmpToGopBlt ( >} > >if (BmpImageSize < sizeof (BMP_IMAGE_HEADER)) { > -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: BmpImageSize too small\n")); > +DEBUG ((DEBUG_ERROR, "%a: BmpImageSize too small\n", __func__)); > return RETURN_UNSUPPORTED; >} > >BmpHeader = (BMP_IMAGE_HEADER *)BmpImage; > >if ((BmpHeader->CharB != 'B') || (BmpHeader->CharM != 'M')) { > -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: BmpHeader->Char fields > incorrect\n")); > +DEBUG ((DEBUG_ERROR, "%a: BmpHeader->Char fields incorrect\n", > __func__)); > return RETURN_UNSUPPORTED; >} > > @@ -128,12 +128,12 @@ TranslateBmpToGopBlt ( >// Doesn't support compress. >// >if (BmpHeader->CompressionType != 0) { > -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: Compression Type > unsupported.\n")); > +DEBUG ((DEBUG_ERROR, "%a: Compression Type unsupported\n", __func__)); > return RETURN_UNSUPPORTED; >} > >if ((BmpHeader->PixelHeight == 0) || (BmpHeader->PixelWidth == 0)) { > -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: BmpHeader->PixelHeight or > BmpHeader->PixelWidth is 0.\n")); > +DEBUG ((DEBUG_ERROR, "%a: BmpHeader PixelHeight or PixelWidth is 0\n", > __func__)); > return RETURN_UNSUPPORTED; >} > > @@ -144,7 +144,8 @@ TranslateBmpToGopBlt ( >if (BmpHeader->HeaderSize != sizeof (BMP_IMAGE_HEADER) - OFFSET_OF > (BMP_IMAGE_HEADER, HeaderSize)) { > DEBUG (( >DEBUG_ERROR, > - "TranslateBmpToGopBlt: BmpHeader->Headership is not as expected. > Headersize is 0x%x\n", > + "%a: BmpHeader->Headership is not as expected. Headersize is 0x%x\n", > + __func__, >BmpHeader->HeaderSize >)); > return RETURN_UNSUPPORTED; > @@ -161,7 +162,8 @@ TranslateBmpToGopBlt ( >if (EFI_ERROR (Status)) { > DEBUG (( >DEBUG_ERROR, > - "TranslateBmpToGopBlt: invalid BmpImage... PixelWidth:0x%x > BitPerPixel:0x%x\n", > + "%a: invalid BmpImage. PixelWidth:0x%x BitPerPixel:0x%x\n", > + __func__, >BmpHeader->PixelWidth, >BmpHeader->BitPerPixel >)); > @@ -172,7 +174,8 @@ TranslateBmpToGopBlt ( >if (EFI_ERROR (Status)) { > DEBUG (( >DEBUG_ERROR, > - "TranslateBmpToGopBlt: invalid BmpImage... DataSizePerLine:0x%x\n", > + "%a: invalid BmpImage. DataSizePerLine:0x%x\n", > + __func__, >DataSizePerLine >)); > > @@ -189,7 +192,8 @@ TranslateBmpToGopBlt ( >if (EFI_ERROR (Status)) { > DEBUG (( >DEBUG_ERROR, > - "TranslateBmpToGopBlt: invalid BmpImage... DataSizePerLine:0x%x > PixelHeight:0x%x\n", > + "%a: invalid BmpImage. DataSizePerLine:0x%x PixelHeight:0x%x\n", > + __func__, >DataSizePerLine, >BmpHeader->PixelHeight >)); > @@ -206,7 +210,8 @@ TranslateBmpToGopBlt ( >if (EFI_ERROR (Status)) { > DEBUG (( >DEBUG_ERROR, > - "TranslateBmpToGopBlt: invalid BmpImage... PixelHeight:0x%x > DataSizePerLine:0x%x\n", > + "%a: invalid BmpImage. PixelHeight:0x%x DataSizePerLine:0x%x\n", > + __func__, >BmpHeader->PixelHeight, >DataSizePerLine >)); > @@ -218,11 +223,11 @@ TranslateBmpToGopBlt ( >(BmpHeader->Size < BmpHeader->ImageOffset) || >(BmpHeader->Size - BmpHeader->ImageOffset != DataSize)) >{ > -DEBUG ((DEBUG_ERROR,
[edk2-devel] [PATCH V1 1/1] UefiCpuPkg/ResetVector: Cache Disable should not be set by default in CR0
From: "Wu, MingliangX" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4511 With 64 bit build we are seeing the CD in control register CR 0 set. This causes the NEM to disabled for some specific bios profiles. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Cc: Debkumar De Cc: Catharine West Signed-off-by: Wu, Mingliang --- UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm b/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm index f59fc6ead4ba..4af2e875c31c 100644 --- a/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm +++ b/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm @@ -7,7 +7,7 @@ ; ;-- -%define SEC_DEFAULT_CR0 0x4023 +%define SEC_DEFAULT_CR0 0x0023 %define SEC_DEFAULT_CR4 0x640 BITS16 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107303): https://edk2.groups.io/g/devel/message/107303 Mute This Topic: https://groups.io/mt/100367559/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2] MdeModulePkg: AllocatePages for TranslateBmpToGopBlt
https://bugzilla.tianocore.org/show_bug.cgi?id=4507 AllocatePool limits to allocate memory of 64 KB at most in PEI Phase. AllocatePool() is being avoided due to its 64k allocation size limit when the library is incorporated into a PEI component. change the function debug string to __func__ Cc: Ray Ni Cc: Zhichao Gao Cc: Ashraf Ali S Cc: Chinni B Duggapu Signed-off-by: chitralekha ck --- .../Library/BaseBmpSupportLib/BmpSupportLib.c | 58 +++ 1 file changed, 33 insertions(+), 25 deletions(-) diff --git a/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c b/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c index c5e885d7a6..d0833a721f 100644 --- a/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c +++ b/MdeModulePkg/Library/BaseBmpSupportLib/BmpSupportLib.c @@ -52,7 +52,7 @@ const BMP_IMAGE_HEADER mBmpImageHeaderTemplate = { /** Translate a *.BMP graphics image to a GOP blt buffer. If a NULL Blt buffer is passed in a GopBlt buffer will be allocated by this routine using - EFI_BOOT_SERVICES.AllocatePool(). If a GopBlt buffer is passed in it will be + EFI_BOOT_SERVICES.AllocatePages(). If a GopBlt buffer is passed in it will be used if it is big enough. @param[in] BmpImage Pointer to BMP file. @@ -113,14 +113,14 @@ TranslateBmpToGopBlt ( } if (BmpImageSize < sizeof (BMP_IMAGE_HEADER)) { -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: BmpImageSize too small\n")); +DEBUG ((DEBUG_ERROR, "%a: BmpImageSize too small\n", __func__)); return RETURN_UNSUPPORTED; } BmpHeader = (BMP_IMAGE_HEADER *)BmpImage; if ((BmpHeader->CharB != 'B') || (BmpHeader->CharM != 'M')) { -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: BmpHeader->Char fields incorrect\n")); +DEBUG ((DEBUG_ERROR, "%a: BmpHeader->Char fields incorrect\n", __func__)); return RETURN_UNSUPPORTED; } @@ -128,12 +128,12 @@ TranslateBmpToGopBlt ( // Doesn't support compress. // if (BmpHeader->CompressionType != 0) { -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: Compression Type unsupported.\n")); +DEBUG ((DEBUG_ERROR, "%a: Compression Type unsupported\n", __func__)); return RETURN_UNSUPPORTED; } if ((BmpHeader->PixelHeight == 0) || (BmpHeader->PixelWidth == 0)) { -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: BmpHeader->PixelHeight or BmpHeader->PixelWidth is 0.\n")); +DEBUG ((DEBUG_ERROR, "%a: BmpHeader PixelHeight or PixelWidth is 0\n", __func__)); return RETURN_UNSUPPORTED; } @@ -144,7 +144,8 @@ TranslateBmpToGopBlt ( if (BmpHeader->HeaderSize != sizeof (BMP_IMAGE_HEADER) - OFFSET_OF (BMP_IMAGE_HEADER, HeaderSize)) { DEBUG (( DEBUG_ERROR, - "TranslateBmpToGopBlt: BmpHeader->Headership is not as expected. Headersize is 0x%x\n", + "%a: BmpHeader->Headership is not as expected. Headersize is 0x%x\n", + __func__, BmpHeader->HeaderSize )); return RETURN_UNSUPPORTED; @@ -161,7 +162,8 @@ TranslateBmpToGopBlt ( if (EFI_ERROR (Status)) { DEBUG (( DEBUG_ERROR, - "TranslateBmpToGopBlt: invalid BmpImage... PixelWidth:0x%x BitPerPixel:0x%x\n", + "%a: invalid BmpImage. PixelWidth:0x%x BitPerPixel:0x%x\n", + __func__, BmpHeader->PixelWidth, BmpHeader->BitPerPixel )); @@ -172,7 +174,8 @@ TranslateBmpToGopBlt ( if (EFI_ERROR (Status)) { DEBUG (( DEBUG_ERROR, - "TranslateBmpToGopBlt: invalid BmpImage... DataSizePerLine:0x%x\n", + "%a: invalid BmpImage. DataSizePerLine:0x%x\n", + __func__, DataSizePerLine )); @@ -189,7 +192,8 @@ TranslateBmpToGopBlt ( if (EFI_ERROR (Status)) { DEBUG (( DEBUG_ERROR, - "TranslateBmpToGopBlt: invalid BmpImage... DataSizePerLine:0x%x PixelHeight:0x%x\n", + "%a: invalid BmpImage. DataSizePerLine:0x%x PixelHeight:0x%x\n", + __func__, DataSizePerLine, BmpHeader->PixelHeight )); @@ -206,7 +210,8 @@ TranslateBmpToGopBlt ( if (EFI_ERROR (Status)) { DEBUG (( DEBUG_ERROR, - "TranslateBmpToGopBlt: invalid BmpImage... PixelHeight:0x%x DataSizePerLine:0x%x\n", + "%a: invalid BmpImage. PixelHeight:0x%x DataSizePerLine:0x%x\n", + __func__, BmpHeader->PixelHeight, DataSizePerLine )); @@ -218,11 +223,11 @@ TranslateBmpToGopBlt ( (BmpHeader->Size < BmpHeader->ImageOffset) || (BmpHeader->Size - BmpHeader->ImageOffset != DataSize)) { -DEBUG ((DEBUG_ERROR, "TranslateBmpToGopBlt: invalid BmpImage... \n")); -DEBUG ((DEBUG_ERROR, " BmpHeader->Size: 0x%x\n", BmpHeader->Size)); -DEBUG ((DEBUG_ERROR, " BmpHeader->ImageOffset: 0x%x\n", BmpHeader->ImageOffset)); -DEBUG ((DEBUG_ERROR, " BmpImageSize: 0x%lx\n", (UINTN)BmpImageSize)); -DEBUG ((DEBUG_ERROR, " DataSize: 0x%lx\n", (UINTN)DataSize)); +DEBUG ((DEBUG_ERROR, "%a: invalid BmpImage... \n", __func__)); +DEBUG ((DEBUG_ERROR, " Size: 0x%x\n", BmpHeader->Size)); +
Re: [edk2-devel] [PATCH edk2-non-osi 1/1] Qemu/Sbsa: Update TF-A binaries for Neoverse-V1 support
On Fri, 14 Jul 2023 at 15:03, Marcin Juszkiewicz wrote: > > Update the TF-A binaries to have Neoverse-V1 cpu support. > > This support was merged into TF-A: > > https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/21813 > > This allows SBSA Reference Platform to boot Linux on "neoverse-v1" cpu. > > Signed-off-by: Marcin Juszkiewicz > --- > Platform/Qemu/Sbsa/Readme.md | 23 +++ > Platform/Qemu/Sbsa/bl1.bin | Bin 19413 -> 19557 bytes > Platform/Qemu/Sbsa/fip.bin | Bin 58098 -> 66338 bytes > 3 files changed, 11 insertions(+), 12 deletions(-) > Pushed as f0bb00937ad6bfdf..648aa9ee26926f33 Thanks, -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107302): https://edk2.groups.io/g/devel/message/107302 Mute This Topic: https://groups.io/mt/100140603/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] Silicon/Synopsys/DesignWare: DwEmacSnpDxe: Fix bug in EmacGetDmaStatus
On Thu, Jul 27, 2023 at 8:12 AM wangy wrote: > > Hi Pedro Falcato, > > At 2023-07-27 08:26:44, "Pedro Falcato" wrote: > >On Wed, Jul 26, 2023 at 4:07 AM wangy wrote: > >> > >> Hi Pedro Falcato, > >> > >> At 2023-07-25 16:45:01, "Pedro Falcato" wrote: > >> > >> >On Tue, Jul 25, 2023 at 2:10 AM wrote: > >> >> > >> >> From: Yang Wang > >> >> > >> >> Check EmacGetDmaStatus input parameters > >> >> IrqStat may be a null pointer. > >> >> > >> >> Signed-off-by: Yang Wang > >> >> --- > >> >> .../Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c | 7 +-- > >> >> .../Drivers/DwEmacSnpDxe/EmacDxeUtil.c | 16 > >> >> .../Drivers/DwEmacSnpDxe/EmacDxeUtil.h | 2 +- > >> >> 3 files changed, 18 insertions(+), 7 deletions(-) > >> >> > >> >> diff --git > >> >> a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c > >> >> b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c > >> >> index 4cb3371d79..6805511a1d 100755 > >> >> --- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c > >> >> +++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c > >> >> @@ -847,9 +847,12 @@ SnpGetStatus ( > >> >>} > >> >> > >> >>// Check DMA Irq status > >> >> - EmacGetDmaStatus (IrqStat, Snp->MacBase); > >> >> + Status = EmacGetDmaStatus (IrqStat, Snp->MacBase); > >> >> + if (EFI_ERROR(Status)) { > >> >> +DEBUG ((DEBUG_ERROR, "%a: error Status: %r\n", __func__, Status)); > >> >> + } > >> >> > >> >> - return EFI_SUCCESS; > >> >> + return Status; > >> >> } > >> >> > >> >> > >> >> diff --git > >> >> a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >> >> b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >> >> index 3b982ce984..45b5a05f51 100755 > >> >> --- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >> >> +++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >> >> @@ -489,16 +489,22 @@ EmacDmaStart ( > >> >> } > >> >> > >> >> > >> >> -VOID > >> >> +EFI_STATUS > >> >> EFIAPI > >> >> EmacGetDmaStatus ( > >> >>OUT UINT32 *IrqStat OPTIONAL, > >> >>IN UINTNMacBaseAddress > >> >>) > >> >> { > >> >> - UINT32 DmaStatus; > >> >> - UINT32 ErrorBit; > >> >> - UINT32 Mask = 0; > >> >> + UINT32DmaStatus; > >> >> + UINT32ErrorBit; > >> >> + UINT32Mask = 0; > >> >> + EFI_STATUSStatus = EFI_SUCCESS; > >> >> + > >> >> + if (IrqStat == NULL) { > >> >> +Status = EFI_INVALID_PARAMETER; > >> >> +goto EXIT; > >> >> + } > >> > > >> >This patch looks bogus to me. IrqStat is marked OPTIONAL, how can you > >> >error out if it isn't provided? > >> > >> I foud in the MnpRecycleTxBuf(), it will pass NULL in 2nd parameter at > >> code of 'Status=Snp ->GetStatus (Snp, NULL, (VOID * *));'. > >> then in EmacGetDmaStatus(), it will not check this pointer and use > >> directly, causig this problem (system hang). That's why I add above check. > >> > > > >The EFI_SIMPLE_NETWORK protocol, that SnpGetStatus implements, says: > > > >> A pointer to the bit mask of the currently active interrupts (see “Related > >> Definitions”). If this is NULL, the interrupt status will not be read from > >> the device. > >> If this is not NULL, the interrupt status will be read from the device. > >> When the interrupt status is read, it will also be cleared. > >> Clearing the transmit interrupt does not empty the recycled transmit > >> buffer array. > > > >So it seems to me that there's some missing logic in EmacGetDmaStatus. > > > >I don't know this hardware, but I'll assume that writes to > >DW_EMAC_DMAGRP_STATUS_OFST clear/ACK the corresponding interrupt > >status bit. > > > >I would suggest this (apologies for gmail line wrapping, hopefully you > >get the idea): > > > >diff --git a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >index 3b982ce98411..df4ce53e9e0b 100755 > >--- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >+++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c > >@@ -500,24 +500,29 @@ EmacGetDmaStatus ( > > UINT32 ErrorBit; > > UINT32 Mask = 0; > > > >+ if (IrqStat != NULL) { > >+*IrqStat = 0; > >+ } > >+ > > DmaStatus = MmioRead32 (MacBaseAddress + > > DW_EMAC_DMAGRP_STATUS_OFST); > > if (DmaStatus & DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK) { > >Mask |= DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK; > >// Rx interrupt > >if (DmaStatus & DW_EMAC_DMAGRP_STATUS_RI_SET_MSK) { > >- *IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; > >- Mask |= DW_EMAC_DMAGRP_STATUS_RI_SET_MSK; > >-} else { > >- *IrqStat &= ~EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; > >+ if (IrqStat != NULL) { > >+*IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; > >+Mask |= DW_EMAC_DMAGRP_STATUS_RI_SET_MSK; > >+ } > > How about it be more appropriate to
Re: [edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384
Thanks. May I know what *negative* test you have done? > -Original Message- > From: Sheng, W > Sent: Thursday, July 27, 2023 2:35 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Chen, Zeyi ; Wang, > Fiona ; Lu, Xiaoyu1 ; Jiang, > Guomin ; Kinney, Michael D > ; Gao, Liming > Subject: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > Patch V5: > Using define KEY_TYPE_RSASSA to replace the magic number. > > Patch V4: > Determine the RSA algorithm by a supported algorithm list. > > Patch V3: > Select SHA algorithm automaticly for a unsigned efi image. > > Patch V2: > Determine the SHA algorithm by a supported algorithm list. > Create SHA context for each algorithm. > > Test Case: > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI > shell. > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI > shell. > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI > shell. > 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI > shell > > Test Result: > Pass > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Zeyi Chen > Cc: Fiona Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney > Cc: Liming Gao > > Sheng Wei (3): > MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > ImageTimestampVerify > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ > MdePkg/MdePkg.dec | 2 + > .../Library/AuthVariableLib/AuthService.c | 220 +++--- > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > .../DxeImageVerificationLib.c | 73 +++--- > .../SecureBootConfigDxe.inf | 16 ++ > .../SecureBootConfigImpl.c| 114 +++-- > .../SecureBootConfigImpl.h| 7 + > .../SecureBootConfigStrings.uni | 6 + > 11 files changed, 421 insertions(+), 92 deletions(-) > > -- > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107300): https://edk2.groups.io/g/devel/message/107300 Mute This Topic: https://groups.io/mt/100385941/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V5 2/3] CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
Reviewed-by: Jiewen Yao > -Original Message- > From: Sheng, W > Sent: Thursday, July 27, 2023 2:35 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Xu, Min M ; Chen, Zeyi ; Wang, > Fiona ; Lu, Xiaoyu1 ; Jiang, > Guomin ; Kinney, Michael D > > Subject: [PATCH V5 2/3] CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 > to ImageTimestampVerify > > Register and initialize sha384/sha512 digest algorithms for PKCS#7 Handling. > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413 > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Zeyi Chen > Cc: Fiona Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney > Signed-off-by: Sheng Wei > --- > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c > index 027dbb6842..944bcf8d38 100644 > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c > @@ -591,7 +591,8 @@ ImageTimestampVerify ( >// Register & Initialize necessary digest algorithms for PKCS#7 Handling. >// >if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) == > 0) > || > - (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias > (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0)) > + (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 > ()) > == 0) || > + (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias > (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0)) >{ > return FALSE; >} > -- > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107299): https://edk2.groups.io/g/devel/message/107299 Mute This Topic: https://groups.io/mt/100385943/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] empty USB DVD disk hang Xhci
Hi Likun, Liming and Hao have reviewd and acked your patch, I think you can submit your patch on edk2 repo and don't forget include Liming and Hao review message. Good job! Thanks, Chao 在 2023/7/27 11:21, 苏丽坤 写道: Hi, Hao,Liming, this is my reply, function XhcInitializeDeviceSlot64 will init EndpointTransferRing,while fuctionUsbMassReadBlocks return (Invalid Parameter), which result in run function UsbMassReset, this will call XhcDisableSlotCmd64, will clear EndpointTransferRing, like this Xhc->UsbDevContext[SlotId].EndpointTransferRing[Index] = NULL; If fuctionUsbMassReadBlocks return success also run function UsbMassReset, will hang for the same reason. why fuctionUsbMassReadBlocks return (Invalid Parameter), this function will call UsbBootRequestSense,this retun (Invalid Parameter). At the same time, Ehcialsoretun (Invalid Parameter). Thanks -原始邮件- *发件人:* "Wu, Hao A" *发送时间:* 2023-07-25 10:18:42 (星期二) *收件人:* "Gao, Liming" , "devel@edk2.groups.io" , "suli...@loongson.cn" , "Demeter, Miki" *主题:* RE: [edk2-devel] empty USB DVD disk hang Xhci Sorry, I do not have much resource to review this in detail. But the patch generally looks good to me: Acked-by: Hao A Wu hao.a...@intel.com However, I hope the below question can be answered (or add related information to the commit log message) before mering: Likun, could you help to elaborate a bit more on why the below statement will return NULL pointer for “USB DVD with empty disk”? EPRing = (TRANSFER_RING *)(UINTN)Xhc->UsbDevContext[SlotId].EndpointTransferRing[Dci-1]; Best Regards, Hao Wu *From:*gaoliming *Sent:* Tuesday, July 25, 2023 9:44 AM *To:* devel@edk2.groups.io; suli...@loongson.cn; Demeter, Miki *Cc:* Wu, Hao A *Subject:* 回复: [edk2-devel] empty USB DVD disk hang Xhci Likun: This change is good to me. Reviewed-by: Liming Gao Hao: Have you time to review this fix? Thanks Liming *发件人**:*devel@edk2.groups.io *代表 *苏丽坤 *发送时间:* 2023年7月18日 9:49 *收件人:* gaolim...@byosoft.com.cn; miki.deme...@intel.com; devel@edk2.groups.io *主题:* [edk2-devel] empty USB DVD disk hang Xhci Hi We find a bug in xhci, USB DVD boot with emtpy disk will hang Xhci while Ehci can pass. The hang log is shown as : MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c(1847): TrsRing != ((void *) 0) We suggest a way to solve this bug is shown as: https://github.com/suling-123/edk2 the latest commit, MdeModulePkg: Solve boot hang xhci driver when use USB DVD with empty disk, 950bc8781d81b96b0c7944e7ac947382b1bc0c06 /本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。// This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it. / /本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。// This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it. / /本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。 This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it. / -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107298): https://edk2.groups.io/g/devel/message/107298 Mute This Topic: https://groups.io/mt/100343121/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
Re: [edk2-devel] [PATCH] Silicon/Synopsys/DesignWare: DwEmacSnpDxe: Fix bug in EmacGetDmaStatus
Hi Pedro Falcato, At 2023-07-27 08:26:44, "Pedro Falcato" wrote: >On Wed, Jul 26, 2023 at 4:07 AM wangy wrote: >> >> Hi Pedro Falcato, >> >> At 2023-07-25 16:45:01, "Pedro Falcato" wrote: >> >> >On Tue, Jul 25, 2023 at 2:10 AM wrote: >> >> >> >> From: Yang Wang >> >> >> >> Check EmacGetDmaStatus input parameters >> >> IrqStat may be a null pointer. >> >> >> >> Signed-off-by: Yang Wang >> >> --- >> >> .../Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c | 7 +-- >> >> .../Drivers/DwEmacSnpDxe/EmacDxeUtil.c | 16 >> >> .../Drivers/DwEmacSnpDxe/EmacDxeUtil.h | 2 +- >> >> 3 files changed, 18 insertions(+), 7 deletions(-) >> >> >> >> diff --git >> >> a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> index 4cb3371d79..6805511a1d 100755 >> >> --- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> +++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/DwEmacSnpDxe.c >> >> @@ -847,9 +847,12 @@ SnpGetStatus ( >> >>} >> >> >> >>// Check DMA Irq status >> >> - EmacGetDmaStatus (IrqStat, Snp->MacBase); >> >> + Status = EmacGetDmaStatus (IrqStat, Snp->MacBase); >> >> + if (EFI_ERROR(Status)) { >> >> +DEBUG ((DEBUG_ERROR, "%a: error Status: %r\n", __func__, Status)); >> >> + } >> >> >> >> - return EFI_SUCCESS; >> >> + return Status; >> >> } >> >> >> >> >> >> diff --git >> >> a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> index 3b982ce984..45b5a05f51 100755 >> >> --- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> +++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >> >> @@ -489,16 +489,22 @@ EmacDmaStart ( >> >> } >> >> >> >> >> >> -VOID >> >> +EFI_STATUS >> >> EFIAPI >> >> EmacGetDmaStatus ( >> >>OUT UINT32 *IrqStat OPTIONAL, >> >>IN UINTNMacBaseAddress >> >>) >> >> { >> >> - UINT32 DmaStatus; >> >> - UINT32 ErrorBit; >> >> - UINT32 Mask = 0; >> >> + UINT32DmaStatus; >> >> + UINT32ErrorBit; >> >> + UINT32Mask = 0; >> >> + EFI_STATUSStatus = EFI_SUCCESS; >> >> + >> >> + if (IrqStat == NULL) { >> >> +Status = EFI_INVALID_PARAMETER; >> >> +goto EXIT; >> >> + } >> > >> >This patch looks bogus to me. IrqStat is marked OPTIONAL, how can you >> >error out if it isn't provided? >> >> I foud in the MnpRecycleTxBuf(), it will pass NULL in 2nd parameter at code >> of 'Status=Snp ->GetStatus (Snp, NULL, (VOID * *));'. >> then in EmacGetDmaStatus(), it will not check this pointer and use directly, >> causig this problem (system hang). That's why I add above check. >> > >The EFI_SIMPLE_NETWORK protocol, that SnpGetStatus implements, says: > >> A pointer to the bit mask of the currently active interrupts (see “Related >> Definitions”). If this is NULL, the interrupt status will not be read from >> the device. >> If this is not NULL, the interrupt status will be read from the device. When >> the interrupt status is read, it will also be cleared. >> Clearing the transmit interrupt does not empty the recycled transmit buffer >> array. > >So it seems to me that there's some missing logic in EmacGetDmaStatus. > >I don't know this hardware, but I'll assume that writes to >DW_EMAC_DMAGRP_STATUS_OFST clear/ACK the corresponding interrupt >status bit. > >I would suggest this (apologies for gmail line wrapping, hopefully you >get the idea): > >diff --git a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >index 3b982ce98411..df4ce53e9e0b 100755 >--- a/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >+++ b/Silicon/Synopsys/DesignWare/Drivers/DwEmacSnpDxe/EmacDxeUtil.c >@@ -500,24 +500,29 @@ EmacGetDmaStatus ( > UINT32 ErrorBit; > UINT32 Mask = 0; > >+ if (IrqStat != NULL) { >+*IrqStat = 0; >+ } >+ > DmaStatus = MmioRead32 (MacBaseAddress + > DW_EMAC_DMAGRP_STATUS_OFST); > if (DmaStatus & DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK) { >Mask |= DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK; >// Rx interrupt >if (DmaStatus & DW_EMAC_DMAGRP_STATUS_RI_SET_MSK) { >- *IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; >- Mask |= DW_EMAC_DMAGRP_STATUS_RI_SET_MSK; >-} else { >- *IrqStat &= ~EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; >+ if (IrqStat != NULL) { >+*IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; >+Mask |= DW_EMAC_DMAGRP_STATUS_RI_SET_MSK; >+ } How about it be more appropriate to change it to this way? if "if (DmaStatus & DW_EMAC_DMAGRP_STATUS_RI_SET_MSK) " is true, set Mask |=DW_EMAC_DMAGRP_STATUS_RI_SET_MSK if "if (IrqStat != NULL)" is true, set *IrqStat |= EFI_SIMPLE_NETWORK_RECEIVE_INTERRUPT; if (DmaStatus & DW_EMAC_DMAGRP_STATUS_NIS_SET_MSK) { Mask |=
[edk2-devel] [PATCH V5 3/3] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413 Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Signed-off-by: Sheng Wei --- .../Library/AuthVariableLib/AuthService.c | 220 +++--- .../AuthVariableLib/AuthServiceInternal.h | 4 +- .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- .../DxeImageVerificationLib.c | 73 +++--- .../SecureBootConfigDxe.inf | 16 ++ .../SecureBootConfigImpl.c| 114 +++-- .../SecureBootConfigImpl.h| 7 + .../SecureBootConfigStrings.uni | 6 + 8 files changed, 391 insertions(+), 91 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index d81c581d78..4c268a85cd 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +#define SHA_DIGEST_SIZE_MAX SHA512_DIGEST_SIZE + +/** + Retrieves the size, in bytes, of the context buffer required for hash operations. + + If this interface is not supported, then return zero. + + @return The size, in bytes, of the context buffer required for hash operations. + @retval 0 This interface is not supported. + +**/ +typedef +UINTN +(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)( + VOID + ); + +/** + Initializes user-supplied memory pointed by Sha1Context as hash context for + subsequent use. + + If HashContext is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HashContext Pointer to Hashcontext being initialized. + + @retval TRUE Hash context initialization succeeded. + @retval FALSE Hash context initialization failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_HASH_INIT)( + OUT VOID *HashContext + ); + +/** + Digests the input data and updates Hash context. + + This function performs Hash digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + Hash context should be already correctly initialized by HashInit(), and should not be finalized + by HashFinal(). Behavior with invalid context is undefined. + + If HashContext is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HashContext Pointer to the Hash context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE SHA-1 data digest succeeded. + @retval FALSE SHA-1 data digest failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_HASH_UPDATE)( + IN OUT VOID*HashContext, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the Hash digest value. + + This function completes hash computation and retrieves the digest value into + the specified memory. After this function has been called, the Hash context cannot + be used again. + Hash context should be already correctly initialized by HashInit(), and should not be + finalized by HashFinal(). Behavior with invalid Hash context is undefined. + + If HashContext is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HashContext Pointer to the Hash context. + @param[out] HashValuePointer to a buffer that receives the Hash digest +value. + + @retval TRUE Hash digest computation succeeded. + @retval FALSE Hash digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_HASH_FINAL)( + IN OUT VOID *HashContext, + OUT UINT8 *HashValue + ); + +typedef struct { + UINT32 HashSize; + EFI_HASH_GET_CONTEXT_SIZEGetContextSize; + EFI_HASH_INITInit; + EFI_HASH_UPDATE Update; + EFI_HASH_FINAL Final; + VOID **HashShaCtx; + UINT8*OidValue; + UINTNOidLength; +} EFI_HASH_INFO; + // // Public Exponent of RSA Key. // CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; -CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 }; +UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 }; +UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 }; +UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 }; + +EFI_HASH_INFO mHashInfo[] = { + {SHA256_DIGEST_SIZE, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final, ,
[edk2-devel] [PATCH V5 2/3] CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
Register and initialize sha384/sha512 digest algorithms for PKCS#7 Handling. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413 Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Signed-off-by: Sheng Wei --- CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c index 027dbb6842..944bcf8d38 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c @@ -591,7 +591,8 @@ ImageTimestampVerify ( // Register & Initialize necessary digest algorithms for PKCS#7 Handling. // if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) == 0) || - (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0)) + (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ()) == 0) || + (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0)) { return FALSE; } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107295): https://edk2.groups.io/g/devel/message/107295 Mute This Topic: https://groups.io/mt/100385943/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Sheng Wei --- MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ MdePkg/MdePkg.dec | 2 ++ 2 files changed, 28 insertions(+) diff --git a/MdePkg/Include/Guid/ImageAuthentication.h b/MdePkg/Include/Guid/ImageAuthentication.h index fe83596571..c8ea2c14fb 100644 --- a/MdePkg/Include/Guid/ImageAuthentication.h +++ b/MdePkg/Include/Guid/ImageAuthentication.h @@ -144,6 +144,30 @@ typedef struct { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ } +/// +/// This identifies a signature containing an RSA-3072 key. The key (only the modulus +/// since the public key exponent is known to be 0x10001) shall be stored in big-endian +/// order. +/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size +/// of SignatureOwner component) + 384 bytes. +/// +#define EFI_CERT_RSA3072_GUID \ + { \ +0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \ + } + +/// +/// This identifies a signature containing an RSA-4096 key. The key (only the modulus +/// since the public key exponent is known to be 0x10001) shall be stored in big-endian +/// order. +/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size +/// of SignatureOwner component) + 512 bytes. +/// +#define EFI_CERT_RSA4096_GUID \ + { \ +0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \ + } + /// /// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The /// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of @@ -330,6 +354,8 @@ typedef struct { extern EFI_GUID gEfiImageSecurityDatabaseGuid; extern EFI_GUID gEfiCertSha256Guid; extern EFI_GUID gEfiCertRsa2048Guid; +extern EFI_GUID gEfiCertRsa3072Guid; +extern EFI_GUID gEfiCertRsa4096Guid; extern EFI_GUID gEfiCertRsa2048Sha256Guid; extern EFI_GUID gEfiCertSha1Guid; extern EFI_GUID gEfiCertRsa2048Sha1Guid; diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index b85614992b..24e4779d33 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -581,6 +581,8 @@ gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }} gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }} gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }} + gEfiCertRsa3072Guid= { 0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }} + gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c }} gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }} gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }} gEfiCertRsa2048Sha1Guid= { 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }} -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107294): https://edk2.groups.io/g/devel/message/107294 Mute This Topic: https://groups.io/mt/100385942/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384
Patch V5: Using define KEY_TYPE_RSASSA to replace the magic number. Patch V4: Determine the RSA algorithm by a supported algorithm list. Patch V3: Select SHA algorithm automaticly for a unsigned efi image. Patch V2: Determine the SHA algorithm by a supported algorithm list. Create SHA context for each algorithm. Test Case: 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI shell. 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI shell. 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI shell. 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI shell Test Result: Pass Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Cc: Liming Gao Sheng Wei (3): MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ MdePkg/MdePkg.dec | 2 + .../Library/AuthVariableLib/AuthService.c | 220 +++--- .../AuthVariableLib/AuthServiceInternal.h | 4 +- .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- .../DxeImageVerificationLib.c | 73 +++--- .../SecureBootConfigDxe.inf | 16 ++ .../SecureBootConfigImpl.c| 114 +++-- .../SecureBootConfigImpl.h| 7 + .../SecureBootConfigStrings.uni | 6 + 11 files changed, 421 insertions(+), 92 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107293): https://edk2.groups.io/g/devel/message/107293 Mute This Topic: https://groups.io/mt/100385941/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-