Re: [edk2-devel] [PATCH 1/1] MdeModulePkg: Load Serial driver in early DXE

[Ni, Ray]

Mike did not recommend the approach used by the patch.

Your patch exposes a new pattern that's anti-driver-model, IMO.

If you want to avoid code duplication, solve that problem in a way that does 
not introduce such a pattern.
Please be aware that any one piece of code introduced in edk2, could be cloned 
to multiple similar pieces of code. So we need to be very careful.


Thanks,
Ray

From: devel@edk2.groups.io  on behalf of Borzeszkowski, 
Alan 
Sent: Wednesday, May 8, 2024 21:24
To: Ni, Ray ; devel@edk2.groups.io 
Subject: Re: [edk2-devel] [PATCH 1/1] MdeModulePkg: Load Serial driver in early 
DXE


We have considered that; however, we aim to avoid maintaining our own 
implementation of functions that communicate with UART.

Please see discussion over previous approach:

https://edk2.groups.io/g/devel/topic/104469297#115731




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118788): https://edk2.groups.io/g/devel/message/118788
Mute This Topic: https://groups.io/mt/105959587/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg

[Ni, Ray]

Reviewed-by: Ray Ni 



Thanks,
Ray

From: Doug Flick 
Sent: Wednesday, May 8, 2024 23:29
To: devel@edk2.groups.io 
Cc: Andrew Fish ; Ni, Ray 
Subject: [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg

From: Doug Flick 

This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 5 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb768..1c356bc8c732 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@ [LibraryClasses]
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf

   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf

   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf

-

-!if $(SECURE_BOOT_ENABLE) == TRUE

   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf

   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf

+

+!if $(SECURE_BOOT_ENABLE) == TRUE

   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf

   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf

   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf

@@ -402,6 +403,10 @@ [Components]
   # Rng Protocol producer

   #

   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf

+  #

+  # Hash2 Protocol producer

+  #

+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf



 !if $(SECURE_BOOT_ENABLE) == TRUE

   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d94d..73d5b0068d3f 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ [FV.FvRecovery]
 #

 INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf



+#

+# Hash2 Protocol producer

+#

+INF  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf

+

 #

 # Secure Boot Key Enroll

 #

--
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118787): https://edk2.groups.io/g/devel/message/118787
Mute This Topic: https://groups.io/mt/105983240/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 01/13] EmulatorPkg: : Add RngDxe to EmulatorPkg

[Ni, Ray]

Reviewed-by: Ray Ni 

Thanks,
Ray

From: devel@edk2.groups.io  on behalf of Doug Flick via 
groups.io 
Sent: Thursday, May 9, 2024 13:56
To: devel@edk2.groups.io 
Cc: Andrew Fish ; Ni, Ray 
Subject: [edk2-devel] [PATCH v2 01/13] EmulatorPkg: : Add RngDxe to EmulatorPkg

From: Doug Flick 

This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 6 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 5fa1ed345a33..0a66294cb768 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -127,9 +127,9 @@ [LibraryClasses]
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf

   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf

   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf

-

-!if $(SECURE_BOOT_ENABLE) == TRUE

   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf

+

+!if $(SECURE_BOOT_ENABLE) == TRUE

   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf

   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf

   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf

@@ -398,6 +398,11 @@ [Components]
   EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf

   EmulatorPkg/TimerDxe/Timer.inf



+  #

+  # Rng Protocol producer

+  #

+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf

+

 !if $(SECURE_BOOT_ENABLE) == TRUE

   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

 !endif

diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 5420756eaa6f..d756c144d94d 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -193,6 +193,11 @@ [FV.FvRecovery]
 INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf

 INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf



+#

+# Rng Protocol producer

+#

+INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf

+

 #

 # Secure Boot Key Enroll

 #

@@ -320,4 +325,3 @@ [Rule.Common.UEFI_APPLICATION.BINARY]
 UISTRING="$(MODULE_NAME)" Optional

 VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)

   }

-

--
2.34.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118717): https://edk2.groups.io/g/devel/message/118717
Mute This Topic: https://groups.io/mt/105996579/1712937
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [ray...@intel.com]
-=-=-=-=-=-=




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118786): https://edk2.groups.io/g/devel/message/118786
Mute This Topic: https://groups.io/mt/105996579/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] edk2-test Release candidate 2: edk2-test-rc2_202405 // RE: [PATCH v2 0/4] TCG2 protocol clean up

[Chao Li]

Hi Edhay,

Do I need to retest based on the edk2-test-rc2_202405 tag?


Thanks,
Chao
On 2024/5/10 10:43, G Edhaya Chandran wrote:


Thank you, David.

The results are well received.

With Warm Regards,
Edhay

*From:*David Wright 
*Sent:* Thursday, May 9, 2024 3:23 PM
*To:* G Edhaya Chandran ; Heinrich Schuchardt 

*Cc:* Alex Fox ; lic...@loongson.cn; Stuart 
Yoder ; devel@edk2.groups.io; gao...@byosoft.com.cn
*Subject:* RE: edk2-test Release candidate 2: edk2-test-rc2_202405 // 
RE: [PATCH v2 0/4] TCG2 protocol clean up


Hi all,

Phoenix has completed testing on *edk2-test-rc2_202405*

Results have been uploaded to their respective folders.

Thanks,

David Wright
QA Team Leader

david_wri...@phoenix.com

503-730-4537 Tel

www.phoenix.com 




THIS MESSAGE MAY CONTAIN CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE 
INTENDED RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS 
STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, 
PLEASE IMMEDIATELY NOTIFY THE SENDER BY TELEPHONE OR REPLY EMAIL, AND 
IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES.


*From:*G Edhaya Chandran 
*Sent:* Friday, May 3, 2024 4:47 PM
*To:* Heinrich Schuchardt 
*Cc:* Alex Fox ; David Wright 
; lic...@loongson.cn; Stuart Yoder 
; devel@edk2.groups.io; gao...@byosoft.com.cn
*Subject:* edk2-test Release candidate 2: edk2-test-rc2_202405 // RE: 
[PATCH v2 0/4] TCG2 protocol clean up


[Caution, this message was sent from an external sender.]

Hi All,

   A new release candidate is published after upstreaming Stuart's 
commits on build cleanup.


https://github.com/tianocore/edk2-test/tree/edk2-test-rc2_202405 



The updates since the old tag are the following commits in the patch 
series:


[PATCH v2 0/4] TCG2 protocol clean up (groups.io) 



The release candidate may be used for any further testing.

With Warm Regards,
Edhay

> -Original Message-

> From: G Edhaya Chandran

> Sent: Tuesday, April 23, 2024 4:52 AM

> To: Heinrich Schuchardt 

> Cc: alex_...@phoenix.com; david_wri...@phoenix.com;

> lic...@loongson.cn; Stuart Yoder ;

> devel@edk2.groups.io; gao...@byosoft.com.cn

> Subject: RE: [PATCH v2 0/4] TCG2 protocol clean up

> 


> Hi Heinrich,

> 


>    Yes. A new release candidate shall be published after review and upstream

> of the patches.

> Will further send an update.

> 


> With Warm Regards,

> Edhay

> 

> 


> > -Original Message-

> > From: Heinrich Schuchardt 

> > Sent: Tuesday, April 23, 2024 12:46 AM

> > To: G Edhaya Chandran 

> > Cc: alex_...@phoenix.com; david_wri...@phoenix.com;

> > lic...@loongson.cn; Stuart Yoder ;

> > devel@edk2.groups.io; gao...@byosoft.com.cn

> > Subject: Re: [PATCH v2 0/4] TCG2 protocol clean up

> >

> > On 4/16/24 16:53, Stuart Yoder wrote:

> > > This patch series cleans up some issues found when building

> > > edk2-test with a non-GCC compiler:

> > >   -TPMT_HA struct had an error due to incorrect use of C flexible

> > > array

> > member

> > >   -compute struct member offsets using OFFSET_OF, which is not GCC

> specific

> > >   -clean up of #pragma pack in one file

> > >   -resolve type conversion warnings

> > >

> > > Patches are in github here:

> > > https://github.com/stuyod01/edk2-test/tree/tcg2-cleanup

> > >

> > > Version 2

> > >   -add SM3 hash type to TPM2.h

> > >   -resolve type conversion warnings

> > >

> > > Stuart Yoder (4):

> > >   uefi-sct/SctPkg: TCG2 Protocol: correct definition of TPMT_HA struct

> > >   uefi-sct/SctPkg: TCG2 Protocol: use OFFSET_OF for computing offsets

> > >   uefi-sct/SctPkg: TCG2 Protocol: #pragma pack cleanup

> > >   uefi-sct/SctPkg: TCG2 Protocol: clean up type conversion warnings

> > >

> > >  uefi-

> >

> sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTe

> > st.h    |  3 +--

> > >  uefi-sct/SctPkg/UEFI/Protocol/TCG2.h | 17

> > +++--

> > >  uefi-

> > sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBB

> > Te stConformance.c | 25 +---

> > >   3 files changed, 27 insertions(+), 18 deletions(-)

> > >

> >

> > Hello Edhaya,

> >

> > Will we have another release candidate with these patches included?

> >

> > Best regards

> >

> > Heinrich

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended 
recipient, please notify the sender immediately and do not disclose 
the contents to any other person, use it for any purpose, or store or 
copy 

Re: [edk2-devel] [PATCH] MdeModulePkg: Update GCD attribute conversion to support SP attribute

[Ni, Ray]

Reviewed-by: Ray Ni 

Thanks,
Ray

From: Lin, Du 
Sent: Thursday, May 9, 2024 12:04
To: devel@edk2.groups.io 
Cc: Lin, Du ; Liming Gao ; Ni, Ray 

Subject: [PATCH] MdeModulePkg: Update GCD attribute conversion to support SP 
attribute

Add a new entry into GCD attribute conversion table to convert
EFI_RESOURCE_ATTRIBUTE_SPECIAL_PURPOSE to EFI_MEMORY_SP.

Cc: Liming Gao 
Cc: Ray Ni 
Signed-off-by: Du Lin 
---
 MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c b/MdeModulePkg/Core/Dxe/Gcd/Gcd.c
index fe1bbd6974..99364508cd 100644
--- a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c
+++ b/MdeModulePkg/Core/Dxe/Gcd/Gcd.c
@@ -92,6 +92,7 @@ GCD_ATTRIBUTE_CONVERSION_ENTRY  mAttributeConversionTable[] = 
{
   { EFI_RESOURCE_ATTRIBUTE_TESTED,  EFI_MEMORY_TESTED,
FALSE },
   { EFI_RESOURCE_ATTRIBUTE_PERSISTABLE, EFI_MEMORY_NV,
TRUE  },
   { EFI_RESOURCE_ATTRIBUTE_MORE_RELIABLE,   EFI_MEMORY_MORE_RELIABLE, 
TRUE  },
+  { EFI_RESOURCE_ATTRIBUTE_SPECIAL_PURPOSE, EFI_MEMORY_SP,
TRUE  },
   { 0,  0,
FALSE }
 };

--
2.44.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118784): https://edk2.groups.io/g/devel/message/118784
Mute This Topic: https://groups.io/mt/105995670/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] edk2-test Release candidate 2: edk2-test-rc2_202405 // RE: [PATCH v2 0/4] TCG2 protocol clean up

[G Edhaya Chandran]

Thank you, David.
The results are well received.

With Warm Regards,
Edhay


From: David Wright 
Sent: Thursday, May 9, 2024 3:23 PM
To: G Edhaya Chandran ; Heinrich Schuchardt 

Cc: Alex Fox ; lic...@loongson.cn; Stuart Yoder 
; devel@edk2.groups.io; gao...@byosoft.com.cn
Subject: RE: edk2-test Release candidate 2: edk2-test-rc2_202405 // RE: [PATCH 
v2 0/4] TCG2 protocol clean up

Hi all,

Phoenix has completed testing on edk2-test-rc2_202405

Results have been uploaded to their respective folders.

[cid:image001.png@01DAA259.ED4F57C0]


Thanks,
David Wright
QA Team Leader
david_wri...@phoenix.com
503-730-4537 Tel
[cid:image002.jpg@01DAA259.ED4F57C0]
www.phoenix.com
THIS MESSAGE MAY CONTAIN CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES.




From: G Edhaya Chandran 
mailto:edhaya.chand...@arm.com>>
Sent: Friday, May 3, 2024 4:47 PM
To: Heinrich Schuchardt 
mailto:heinrich.schucha...@canonical.com>>
Cc: Alex Fox mailto:alex_...@phoenix.com>>; David Wright 
mailto:david_wri...@phoenix.com>>; 
lic...@loongson.cn; Stuart Yoder 
mailto:stuart.yo...@arm.com>>; 
devel@edk2.groups.io; 
gao...@byosoft.com.cn
Subject: edk2-test Release candidate 2: edk2-test-rc2_202405 // RE: [PATCH v2 
0/4] TCG2 protocol clean up


[Caution, this message was sent from an external sender.]

Hi All,

   A new release candidate is published after upstreaming Stuart's commits on 
build cleanup.
https://github.com/tianocore/edk2-test/tree/edk2-test-rc2_202405

The updates since the old tag are the following commits in the patch series:
[PATCH v2 0/4] TCG2 protocol clean up 
(groups.io)

The release candidate may be used for any further testing.

With Warm Regards,
Edhay



> -Original Message-
> From: G Edhaya Chandran
> Sent: Tuesday, April 23, 2024 4:52 AM
> To: Heinrich Schuchardt 
> mailto:heinrich.schucha...@canonical.com>>
> Cc: alex_...@phoenix.com; 
> david_wri...@phoenix.com;
> lic...@loongson.cn; Stuart Yoder 
> mailto:stuart.yo...@arm.com>>;
> devel@edk2.groups.io; 
> gao...@byosoft.com.cn
> Subject: RE: [PATCH v2 0/4] TCG2 protocol clean up
>
> Hi Heinrich,
>
>Yes. A new release candidate shall be published after review and upstream
> of the patches.
> Will further send an update.
>
> With Warm Regards,
> Edhay
>
>
> > -Original Message-
> > From: Heinrich Schuchardt 
> > mailto:heinrich.schucha...@canonical.com>>
> > Sent: Tuesday, April 23, 2024 12:46 AM
> > To: G Edhaya Chandran 
> > mailto:edhaya.chand...@arm.com>>
> > Cc: alex_...@phoenix.com; 
> > david_wri...@phoenix.com;
> > lic...@loongson.cn; Stuart Yoder 
> > mailto:stuart.yo...@arm.com>>;
> > devel@edk2.groups.io; 
> > gao...@byosoft.com.cn
> > Subject: Re: [PATCH v2 0/4] TCG2 protocol clean up
> >
> > On 4/16/24 16:53, Stuart Yoder wrote:
> > > This patch series cleans up some issues found when building
> > > edk2-test with a non-GCC compiler:
> > >-TPMT_HA struct had an error due to incorrect use of C flexible
> > > array
> > member
> > >-compute struct member offsets using OFFSET_OF, which is not GCC
> specific
> > >-clean up of #pragma pack in one file
> > >-resolve type conversion warnings
> > >
> > > Patches are in github here:
> > > https://github.com/stuyod01/edk2-test/tree/tcg2-cleanup
> > >
> > > Version 2
> > >-add SM3 hash type to TPM2.h
> > >-resolve type conversion warnings
> > >
> > > Stuart Yoder (4):
> > >uefi-sct/SctPkg: TCG2 Protocol: correct definition of TPMT_HA struct
> > >uefi-sct/SctPkg: TCG2 Protocol: use OFFSET_OF for computing offsets
> > >uefi-sct/SctPkg: TCG2 Protocol: #pragma pack cleanup
> > >uefi-sct/SctPkg: TCG2 Protocol: clean up type conversion warnings
> > >
> > >   uefi-
> >
> sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTe
> > st.h|  3 +--
> > >   uefi-sct/SctPkg/UEFI/Protocol/TCG2.h
> > >  | 17
> > +++--
> > >   uefi-
> > sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBB
> > Te stConformance.c | 25 +---
> > >   3 files changed, 27 insertions(+), 18 deletions(-)
> > >
> >
> > Hello Edhaya,
> >
> > Will we have 

[edk2-devel] [PATCH v1 0/1] MinPlatformPkg: Fix DxePhatAcpiLib.inf path

[VivianNK]

REF: https://github.com/VivianNK/edk2-platforms/tree/remove_unused_inf

Bug fix. When building MinPlatformPkg, a build error occured because the inf was
not found. The path was incorrect -- DxePhatAcpiLib folder doesn't
exist, PhatAcpiLib does.

Cc: Chasel Chiu 
Cc: Nate DeSimone 
Signed-off-by: Vivian Nowka-Keane 

Vivian Nowka-Keane (1):
  MinPlatformPkg: Fix DxePhatAcpiLib.inf path in dsc

 Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.43.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118781): https://edk2.groups.io/g/devel/message/118781
Mute This Topic: https://groups.io/mt/106014297/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 1/1] MinPlatformPkg: Fix DxePhatAcpiLib.inf path in dsc

[VivianNK]

When building MinPlatformPkg, a build error occured because the inf was
not found. The path was incorrect -- DxePhatAcpiLib folder doesn't
exist, PhatAcpiLib does.

Cc: Chasel Chiu 
Cc: Nate DeSimone 
Signed-off-by: Vivian Nowka-Keane 
---
 Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc 
b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
index ecb4d8f65efa..f81ad3cabf56 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
@@ -64,7 +64,7 @@
   
PciSegmentInfoLib|MinPlatformPkg/Pci/Library/PciSegmentInfoLibSimple/PciSegmentInfoLibSimple.inf
   
PlatformBootManagerLib|MinPlatformPkg/Bds/Library/DxePlatformBootManagerLib/DxePlatformBootManagerLib.inf
   AslUpdateLib|MinPlatformPkg/Acpi/Library/DxeAslUpdateLib/DxeAslUpdateLib.inf
-  PhatAcpiLib|MinPlatformPkg/Acpi/Library/DxePhatAcpiLib/DxePhatAcpiLib.inf
+  PhatAcpiLib|MinPlatformPkg/Acpi/Library/PhatAcpiLib/DxePhatAcpiLib.inf
 
   #
   # Misc
@@ -209,7 +209,7 @@
   MinPlatformPkg/Library/BaseLargeVariableLib/BaseLargeVariableReadLib.inf
   MinPlatformPkg/Library/BaseLargeVariableLib/BaseLargeVariableWriteLib.inf
 
-  MinPlatformPkg/Acpi/Library/DxePhatAcpiLib/DxePhatAcpiLib.inf
+  MinPlatformPkg/Acpi/Library/PhatAcpiLib/DxePhatAcpiLib.inf
 
 [BuildOptions]
   *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
-- 
2.43.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118782): https://edk2.groups.io/g/devel/message/118782
Mute This Topic: https://groups.io/mt/106014298/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-platforms] [PATCH v1 1/2] MinPlatform: Add MpInfo2HobPei

[Chaganty, Rangasai V]

Hi Nate, 
Looks good. 
In addition to optimization suggested by Chasel to save unnecessary call to 
locate PPI, you might also want to consider checking for checking "no error" 
status for locate PPI and perhaps avoid a "goto" label.
With that, Reviewed-by: Sai Chaganty  for the 
whole patch series. 

Thanks,
Sai


-Original Message-
From: Desimone, Nathaniel L  
Sent: Wednesday, May 8, 2024 5:09 PM
To: devel@edk2.groups.io
Cc: Chiu, Chasel ; Liming Gao 
; Dong, Eric ; Chaganty, 
Rangasai V ; Chuang, Rosen 
; Kasbekar, Saloni 
Subject: [edk2-platforms] [PATCH v1 1/2] MinPlatform: Add MpInfo2HobPei

MpInfo2HobPei provides backwards compatibility between FSP binaries built with 
older versions of EDK II and the latest EDK II.

Newer versions of CpuMpPei produce the gMpInformation2HobGuid. This HOB is 
required by newer implementations of the CPU DXE driver, however older versions 
of CpuMpPei do not produce it. This PEIM will check if CpuMpPei creates 
gMpInformation2HobGuid and if it does not it creates it.

Cc: Chasel Chiu 
Cc: Liming Gao 
Cc: Eric Dong 
Cc: Sai Chaganty 
Cc: Rosen Chuang 
Cc: Saloni Kasbekar 
Signed-off-by: Nate DeSimone 
---
 .../FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c  | 236 ++
 .../MpInfo2HobPei/MpInfo2HobPei.inf   |  47 
 .../Intel/MinPlatformPkg/MinPlatformPkg.dsc   |   3 +-
 3 files changed, 285 insertions(+), 1 deletion(-)  create mode 100644 
Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c
 create mode 100644 
Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.inf

diff --git 
a/Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c 
b/Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c
new file mode 100644
index 00..4cbc4cf7e6
--- /dev/null
+++ b/Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobP
+++ ei.c
@@ -0,0 +1,236 @@
+/** @file
+  Multi-processor Info 2 HOB PEIM.
+
+  The purpose of this PEIM is to provide backwards compatibility 
+ between FSP  binaries built with older versions of EDK II and the latest EDK 
II.
+
+  Newer versions of CpuMpPei produce the gMpInformation2HobGuid. This 
+ HOB is  required by newer implementations of the CPU DXE driver, 
+ however older  versions of CpuMpPei do not produce it. This PEIM will 
+ check if CpuMpPei  creates gMpInformation2HobGuid and if it does not it 
creates it.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include  #include 
+
+
+#include 
+#include 
+#include 
+
+typedef struct {
+  EDKII_PEI_MP_SERVICES2_PPI*CpuMpPpi2;
+  UINT8 *CoreTypes;
+} GET_PROCESSOR_CORE_TYPE_BUFFER;
+
+/**
+  Get CPU core type.
+
+  @param[in, out] Buffer  Argument of the procedure.
+**/
+VOID
+EFIAPI
+GetProcessorCoreType (
+  IN OUT VOID  *Buffer
+  )
+{
+  EFI_STATUS   Status;
+  UINT8*CoreTypes;
+  CPUID_NATIVE_MODEL_ID_AND_CORE_TYPE_EAX  NativeModelIdAndCoreTypeEax;
+  UINTNProcessorIndex;
+  GET_PROCESSOR_CORE_TYPE_BUFFER   *Params;
+
+  Params = (GET_PROCESSOR_CORE_TYPE_BUFFER *)Buffer;  Status = 
+ Params->CpuMpPpi2->WhoAmI (Params->CpuMpPpi2, );  
+ ASSERT_EFI_ERROR (Status);
+
+  CoreTypes = Params->CoreTypes;
+  AsmCpuidEx (CPUID_HYBRID_INFORMATION, 
+CPUID_HYBRID_INFORMATION_MAIN_LEAF, 
+, NULL, NULL, NULL);
+  CoreTypes[ProcessorIndex] = 
+(UINT8)NativeModelIdAndCoreTypeEax.Bits.CoreType;
+}
+
+/**
+  Create gMpInformation2HobGuid.
+**/
+VOID
+BuildMpInformationHob (
+  IN  EDKII_PEI_MP_SERVICES2_PPI  *CpuMpPpi2
+  )
+{
+  GET_PROCESSOR_CORE_TYPE_BUFFER  Buffer;
+  EFI_STATUS  Status;
+  UINTN   ProcessorIndex;
+  UINTN   NumberOfProcessors;
+  UINTN   NumberOfEnabledProcessors;
+  UINTN   NumberOfProcessorsInHob;
+  UINTN   MaxProcessorsPerHob;
+  MP_INFORMATION2_HOB_DATA*MpInformation2HobData;
+  MP_INFORMATION2_ENTRY   *MpInformation2Entry;
+  UINTN   Index;
+  UINT8   *CoreTypes;
+  UINT32  CpuidMaxInput;
+  UINTN   CoreTypePages;
+
+  ProcessorIndex= 0;
+  MpInformation2HobData = NULL;
+  MpInformation2Entry   = NULL;
+  CoreTypes = NULL;
+  CoreTypePages = 0;
+
+  Status = CpuMpPpi2->GetNumberOfProcessors (
+CpuMpPpi2,
+,
+
+);
+  ASSERT_EFI_ERROR (Status);
+  if (EFI_ERROR (Status)) {
+goto Done;
+  }
+
+  //
+  // Get Processors CoreType
+  //
+  AsmCpuid (CPUID_SIGNATURE, , NULL, NULL, NULL);  if 
+ (CpuidMaxInput >= CPUID_HYBRID_INFORMATION) {
+

回复: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[gaoliming via groups.io]

Doug:

  From the compatibility point,  may PcdEnforceSecureRngAlgorithms default 
value be set to FALSE?

 

Thanks

Liming

发件人: devel@edk2.groups.io  代表 Doug Flick via groups.io
发送时间: 2024年5月10日 2:21
收件人: Ard Biesheuvel ; devel@edk2.groups.io
主题: Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

 

So this patch is necessary as otherwise, QEMU fails to boot due to a missing 
source of randomness in the network drivers, right?

So I added this based on your initial suggestion to get the ArmVirtPkg working 
- running it locally (and against the pipelines) shows this isn't necessary. So 
I'll drop the commits.

There were concerns around compatibility, however the only fallback we would be 
able to do from NetworkPkg is depend on the time based LCG that we've 
considered a high profile CVE. This is where NetworkPkg must depend on the 
platform to provide it Rng and Hashing services. Fundamentally the platform 
must own it's own security.

RNDR raises another interesting problem, by the way - the ARM arch spec 
requires RNDR to be backed by an appropriate DRBG that complies with the NIST 
spec but it does not specify which one. IOW, it is backed by a DRBG not by a 
raw entropy source, but specifying which DRBG (by GUID) is not generally 
feasible, as the guest VM firmware cannot interrogate the host about which DRBG 
is behind RNDR.

This is why the PCD PcdEnforceSecureRngAlgorithms exists. The platform can make 
the determination to depend on default if they understand the security 
implications behind that. Additionally, the platform is free to override RngDxe 
and provide their own implementations.





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118779): https://edk2.groups.io/g/devel/message/118779
Mute This Topic: https://groups.io/mt/106013302/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

回复: [edk2-devel] [PATCH v7 0/5] Adding support for veborse UEFI Table dumping to Dmem.c

[gaoliming via groups.io]

Sam:
 Please help create PR.

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Sam Kaynor
> 发送时间: 2024年5月10日 4:51
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: 'Ray Ni' ; 'Zhichao Gao' ;
> 'Michael D Kinney' ; 'Zhiguang Liu'
> ; Stuart Yoder 
> 主题: Re: [edk2-devel] [PATCH v7 0/5] Adding support for veborse UEFI Table
> dumping to Dmem.c
> 
> Liming,
> 
> I have not made a Pull Request for this patch set, should I make one?
> 
> Thanks,
> Sam
> 
> -Original Message-
> From: gaoliming 
> Sent: Sunday, May 5, 2024 9:49 PM
> To: Sam Kaynor ; devel@edk2.groups.io
> Cc: 'Ray Ni' ; 'Zhichao Gao' ;
> 'Michael D Kinney' ; 'Zhiguang Liu'
> ; Stuart Yoder 
> Subject: 回复: [PATCH v7 0/5] Adding support for veborse UEFI Table dumping
> to Dmem.c
> 
> Sam:
> 
> Thanks for your update. This version patch is good to me. Reviewed-by:
> Liming Gao 
> 
> Besides, is there a Pull Request for this patch set?
> 
> Thanks
> Liming
> > -邮件原件-
> > 发件人: Sam Kaynor 
> > 发送时间: 2024年5月1日 22:58
> > 收件人: devel@edk2.groups.io
> > 抄送: Ray Ni ; Zhichao Gao ;
> > Michael D Kinney ; Liming Gao
> > ; Zhiguang Liu ;
> > Stuart Yoder 
> > 主题: [PATCH v7 0/5] Adding support for veborse UEFI Table dumping to
> > Dmem.c
> >
> > This adds an additional option to the dmem UEFI shell command for
> > verbose dumping of a couple of UEFI tables.
> >
> > The tables specified are the RT Properties Table, the Image Execution
> Table,
> > and the Conformance Profiles table.
> >
> > Supporting objects are added in the .inf and .uni files relating to
> > Dmem.c
> and
> > an additional header file for the Conformance Profiles table was added.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4352
> >
> > v6->v7:
> > - Additional patch to separate UEFI and EBBR Guids
> >
> > Cc: Ray Ni 
> > Cc: Zhichao Gao 
> > Cc: Michael D Kinney 
> > Cc: Liming Gao 
> > Cc: Zhiguang Liu 
> > Cc: Stuart Yoder 
> > Signed-off-by: Sam Kaynor 
> >
> > Sam Kaynor (5):
> >   ShellPkg: UefiShellDebug1CommandsLib: Dumping RT Properties in
> > Dmem.c
> >   ShellPkg: UefiShellDebug1CommandsLib: Image Execution Table in Dmem.c
> >   MdePkg: Adding support for EFI_CONFORMANCE_PROFILE_TABLE
> >   MdePkg: Adding EBBR EFI_CONFORMANCE_PROFILE_TABLE GUIDs
> >   ShellPkg: UefiShellDebug1CommandsLib: Conformance Profiles in Dmem.c
> >
> >  MdePkg/MdePkg.dec
> > |  10 +
> >
> > ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsL
> > ib.inf |   4 +
> >  MdePkg/Include/Guid/ConformanceProfiles.h
> > |  63 
> >  ShellPkg/Library/UefiShellDebug1CommandsLib/Dmem.c
> > | 321 ++--
> >
> > ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsL
> > ib.uni |  31 +-
> >  5 files changed, 402 insertions(+), 27 deletions(-)  create mode
> > 100644 MdePkg/Include/Guid/ConformanceProfiles.h
> >
> > --
> > 2.34.1
> 
> 
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended 
> recipient,
> please notify the sender immediately and do not disclose the contents to any
> other person, use it for any purpose, or store or copy the information in any
> medium. Thank you.
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118778): https://edk2.groups.io/g/devel/message/118778
Mute This Topic: https://groups.io/mt/106013237/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

回复: [edk2-devel] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 structure

[gaoliming via groups.io]

It has been merged. 

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Praveen Sankar
> N via groups.io
> 发送时间: 2024年5月9日 14:33
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: Srinivasan Mani ; Sundaresan S
> ; michael.d.kin...@intel.com; zhiguang@intel.com;
> Felix Polyudov ; Rabisha R 
> 主题: Re: [edk2-devel] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table
> Revision 4 structure
> 
> Hi Liming,
>   Pull request is done and pipelines are built successfully and the patch 
> is
> ready to push to the master.
> 
> Thanks,
> Praveen Sankar
> 
> -Original Message-
> From: gaoliming 
> Sent: Monday, May 6, 2024 7:53 AM
> To: Praveen Sankar N ; devel@edk2.groups.io
> Cc: Srinivasan Mani ; Sundaresan S
> ; michael.d.kin...@intel.com; zhiguang@intel.com;
> Felix Polyudov ; Rabisha R 
> Subject: [EXTERNAL] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table
> Revision 4 structure
> 
> 
> **CAUTION: The e-mail below is from an external source. Please exercise 
> caution
> before opening attachments, clicking links, or following guidance.**
> 
> Reviewed-by: Liming Gao 
> 
> > -邮件原件-
> > 发件人: Praveen Sankar N 
> > 发送时间: 2024年5月2日 19:16
> > 收件人: devel@edk2.groups.io
> > 抄送: gaolim...@byosoft.com.cn; Srinivasan Mani ;
> > Sundaresan S ; michael.d.kin...@intel.com;
> > zhiguang@intel.com; Felix Polyudov ; Rabisha R
> > 
> > 主题: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 structure
> >
> > In SPCR table, 4 structure members have been added newly as per SPCR
> > table Revision 4, which has to be added in
> > MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h.
> >
> > Signed-off-by: Praveen Sankar N praveensank...@ami.com
> >
> > Cc: michael.d.kin...@intel.com
> >
> > Cc: gaolim...@byosoft.com.cn
> >
> > Cc: zhiguang@intel.com
> >
> > Cc: fel...@ami.com
> >
> > Cc: srinivas...@ami.com
> >
> > Cc: sundares...@ami.com
> >
> > Cc: rabis...@ami.com
> > ---
> >  .../SerialPortConsoleRedirectionTable.h   | 32 +++
> >  1 file changed, 32 insertions(+)
> >
> > diff --git
> > a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> > b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> > index eb5ae28390..bf967880ab 100644
> > ---
> > a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> > +++
> > b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> > @@ -23,6 +23,7 @@
> >  ///
> >
> >  #define
> > EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION  0x02
> >
> >
> >
> > +#define
> > EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION
> > 0x04
> >
> >  ///
> >
> >  /// Serial Port Console Redirection Table Format
> >
> >  ///
> >
> > @@ -50,6 +51,37 @@ typedef struct {
> >UINT32Reserved3;
> >
> >  } EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
> >
> >
> >
> > +///
> >
> > +/// Serial Port Console Redirection Table Format Revision 4
> >
> > +///
> >
> > +typedef struct {
> >
> > +  EFI_ACPI_DESCRIPTION_HEADER   Header;
> >
> > +  UINT8 InterfaceType;
> >
> > +  UINT8 Reserved1[3];
> >
> > +  EFI_ACPI_5_0_GENERIC_ADDRESS_STRUCTUREBaseAddress;
> >
> > +  UINT8 InterruptType;
> >
> > +  UINT8 Irq;
> >
> > +  UINT32
> > GlobalSystemInterrupt;
> >
> > +  UINT8 BaudRate;
> >
> > +  UINT8 Parity;
> >
> > +  UINT8 StopBits;
> >
> > +  UINT8 FlowControl;
> >
> > +  UINT8 TerminalType;
> >
> > +  UINT8 Reserved2;
> >
> > +  UINT16PciDeviceId;
> >
> > +  UINT16PciVendorId;
> >
> > +  UINT8 PciBusNumber;
> >
> > +  UINT8 PciDeviceNumber;
> >
> > +  UINT8 PciFunctionNumber;
> >
> > +  UINT32PciFlags;
> >
> > +  UINT8 PciSegment;
> >
> > +  UINT32UartClockFrequency;
> >
> > +  UINT32PreciseBaudRate;
> >
> > +  UINT16
> > NameSpaceStrLength;
> >
> > +  UINT16
> > NameSpaceStrOffset;
> >
> > +  CHAR8
> > NameSpaceString[0];
> >
> > +} EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
> >
> > +
> >
> >  #pragma pack()
> >
> >
> >
> >  //
> >
> > --
> > 2.38.1.windows.1
> > -The information contained in this message may be confidential and
> > proprietary to American Megatrends (AMI). This communication is
> > intended
> to
> > be read only by the individual or entity to whom it is addressed or by
> their
> > designee. If the reader of this message 

Re: [edk2-devel] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 structure

[Praveen Sankar N via groups.io]

Hi Liming,
  Pull request is done and pipelines are built successfully and the patch 
is ready to push to the master.

Thanks,
Praveen Sankar

-Original Message-
From: gaoliming 
Sent: Monday, May 6, 2024 7:53 AM
To: Praveen Sankar N ; devel@edk2.groups.io
Cc: Srinivasan Mani ; Sundaresan S ; 
michael.d.kin...@intel.com; zhiguang@intel.com; Felix Polyudov 
; Rabisha R 
Subject: [EXTERNAL] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 
structure


**CAUTION: The e-mail below is from an external source. Please exercise caution 
before opening attachments, clicking links, or following guidance.**

Reviewed-by: Liming Gao 

> -邮件原件-
> 发件人: Praveen Sankar N 
> 发送时间: 2024年5月2日 19:16
> 收件人: devel@edk2.groups.io
> 抄送: gaolim...@byosoft.com.cn; Srinivasan Mani ;
> Sundaresan S ; michael.d.kin...@intel.com;
> zhiguang@intel.com; Felix Polyudov ; Rabisha R
> 
> 主题: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 structure
>
> In SPCR table, 4 structure members have been added newly as per SPCR
> table Revision 4, which has to be added in
> MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h.
>
> Signed-off-by: Praveen Sankar N praveensank...@ami.com
>
> Cc: michael.d.kin...@intel.com
>
> Cc: gaolim...@byosoft.com.cn
>
> Cc: zhiguang@intel.com
>
> Cc: fel...@ami.com
>
> Cc: srinivas...@ami.com
>
> Cc: sundares...@ami.com
>
> Cc: rabis...@ami.com
> ---
>  .../SerialPortConsoleRedirectionTable.h   | 32 +++
>  1 file changed, 32 insertions(+)
>
> diff --git
> a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> index eb5ae28390..bf967880ab 100644
> ---
> a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> +++
> b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> @@ -23,6 +23,7 @@
>  ///
>
>  #define
> EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION  0x02
>
>
>
> +#define
> EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION
> 0x04
>
>  ///
>
>  /// Serial Port Console Redirection Table Format
>
>  ///
>
> @@ -50,6 +51,37 @@ typedef struct {
>UINT32Reserved3;
>
>  } EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
>
>
>
> +///
>
> +/// Serial Port Console Redirection Table Format Revision 4
>
> +///
>
> +typedef struct {
>
> +  EFI_ACPI_DESCRIPTION_HEADER   Header;
>
> +  UINT8 InterfaceType;
>
> +  UINT8 Reserved1[3];
>
> +  EFI_ACPI_5_0_GENERIC_ADDRESS_STRUCTUREBaseAddress;
>
> +  UINT8 InterruptType;
>
> +  UINT8 Irq;
>
> +  UINT32
> GlobalSystemInterrupt;
>
> +  UINT8 BaudRate;
>
> +  UINT8 Parity;
>
> +  UINT8 StopBits;
>
> +  UINT8 FlowControl;
>
> +  UINT8 TerminalType;
>
> +  UINT8 Reserved2;
>
> +  UINT16PciDeviceId;
>
> +  UINT16PciVendorId;
>
> +  UINT8 PciBusNumber;
>
> +  UINT8 PciDeviceNumber;
>
> +  UINT8 PciFunctionNumber;
>
> +  UINT32PciFlags;
>
> +  UINT8 PciSegment;
>
> +  UINT32UartClockFrequency;
>
> +  UINT32PreciseBaudRate;
>
> +  UINT16
> NameSpaceStrLength;
>
> +  UINT16
> NameSpaceStrOffset;
>
> +  CHAR8
> NameSpaceString[0];
>
> +} EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
>
> +
>
>  #pragma pack()
>
>
>
>  //
>
> --
> 2.38.1.windows.1
> -The information contained in this message may be confidential and
> proprietary to American Megatrends (AMI). This communication is
> intended
to
> be read only by the individual or entity to whom it is addressed or by
their
> designee. If the reader of this message is not the intended recipient,
> you
are
> on notice that any distribution of this message, in any form, is
> strictly prohibited. Please promptly notify the sender by reply e-mail
> or by
telephone
> at 770-246-8600, and then delete or destroy all copies of the
transmission=


-The information contained in this message may be confidential and proprietary 
to American Megatrends (AMI). This communication is intended to be read only by 
the individual or entity to whom it is addressed or by their designee. If the 
reader of this message is not the intended recipient, you are on notice that 
any distribution of this message, in any form, is strictly prohibited. Please 
promptly notify the sender by reply e-mail or by telephone at 

Re: [edk2-devel] edk2-test Release candidate 2: edk2-test-rc2_202405 // RE: [PATCH v2 0/4] TCG2 protocol clean up

[David Wright]

Hi all,

Phoenix has completed testing on edk2-test-rc2_202405

Results have been uploaded to their respective folders.

[cid:image001.png@01DAA213.C980F100]


Thanks,
David Wright
QA Team Leader
david_wri...@phoenix.com
503-730-4537 Tel
[cid:image002.jpg@01DAA213.C980F100]
www.phoenix.com
THIS MESSAGE MAY CONTAIN CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED 
RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF 
YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER 
BY TELEPHONE OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES.




From: G Edhaya Chandran 
Sent: Friday, May 3, 2024 4:47 PM
To: Heinrich Schuchardt 
Cc: Alex Fox ; David Wright ; 
lic...@loongson.cn; Stuart Yoder ; devel@edk2.groups.io; 
gao...@byosoft.com.cn
Subject: edk2-test Release candidate 2: edk2-test-rc2_202405 // RE: [PATCH v2 
0/4] TCG2 protocol clean up


[Caution, this message was sent from an external sender.]

Hi All,

   A new release candidate is published after upstreaming Stuart's commits on 
build cleanup.
https://github.com/tianocore/edk2-test/tree/edk2-test-rc2_202405

The updates since the old tag are the following commits in the patch series:
[PATCH v2 0/4] TCG2 protocol clean up 
(groups.io)

The release candidate may be used for any further testing.

With Warm Regards,
Edhay



> -Original Message-
> From: G Edhaya Chandran
> Sent: Tuesday, April 23, 2024 4:52 AM
> To: Heinrich Schuchardt 
> mailto:heinrich.schucha...@canonical.com>>
> Cc: alex_...@phoenix.com; 
> david_wri...@phoenix.com;
> lic...@loongson.cn; Stuart Yoder 
> mailto:stuart.yo...@arm.com>>;
> devel@edk2.groups.io; 
> gao...@byosoft.com.cn
> Subject: RE: [PATCH v2 0/4] TCG2 protocol clean up
>
> Hi Heinrich,
>
>Yes. A new release candidate shall be published after review and upstream
> of the patches.
> Will further send an update.
>
> With Warm Regards,
> Edhay
>
>
> > -Original Message-
> > From: Heinrich Schuchardt 
> > mailto:heinrich.schucha...@canonical.com>>
> > Sent: Tuesday, April 23, 2024 12:46 AM
> > To: G Edhaya Chandran 
> > mailto:edhaya.chand...@arm.com>>
> > Cc: alex_...@phoenix.com; 
> > david_wri...@phoenix.com;
> > lic...@loongson.cn; Stuart Yoder 
> > mailto:stuart.yo...@arm.com>>;
> > devel@edk2.groups.io; 
> > gao...@byosoft.com.cn
> > Subject: Re: [PATCH v2 0/4] TCG2 protocol clean up
> >
> > On 4/16/24 16:53, Stuart Yoder wrote:
> > > This patch series cleans up some issues found when building
> > > edk2-test with a non-GCC compiler:
> > >-TPMT_HA struct had an error due to incorrect use of C flexible
> > > array
> > member
> > >-compute struct member offsets using OFFSET_OF, which is not GCC
> specific
> > >-clean up of #pragma pack in one file
> > >-resolve type conversion warnings
> > >
> > > Patches are in github here:
> > > https://github.com/stuyod01/edk2-test/tree/tcg2-cleanup
> > >
> > > Version 2
> > >-add SM3 hash type to TPM2.h
> > >-resolve type conversion warnings
> > >
> > > Stuart Yoder (4):
> > >uefi-sct/SctPkg: TCG2 Protocol: correct definition of TPMT_HA struct
> > >uefi-sct/SctPkg: TCG2 Protocol: use OFFSET_OF for computing offsets
> > >uefi-sct/SctPkg: TCG2 Protocol: #pragma pack cleanup
> > >uefi-sct/SctPkg: TCG2 Protocol: clean up type conversion warnings
> > >
> > >   uefi-
> >
> sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBBTe
> > st.h|  3 +--
> > >   uefi-sct/SctPkg/UEFI/Protocol/TCG2.h
> > >  | 17
> > +++--
> > >   uefi-
> > sct/SctPkg/TestCase/UEFI/EFI/Protocol/TCG2/BlackBoxTest/TCG2ProtocolBB
> > Te stConformance.c | 25 +---
> > >   3 files changed, 27 insertions(+), 18 deletions(-)
> > >
> >
> > Hello Edhaya,
> >
> > Will we have another release candidate with these patches included?
> >
> > Best regards
> >
> > Heinrich

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118776): https://edk2.groups.io/g/devel/message/118776
Mute This Topic: https://groups.io/mt/105898910/21656
Group 

Re: [edk2-devel] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 structure

[Praveen Sankar N via groups.io]

Liming,
Please refer the below link for reference to view the pipelines results.
https://github.com/tianocore/edk2/pull/5641

Thanks,
Praveen Sankar

-Original Message-
From: Praveen Sankar N
Sent: Thursday, May 9, 2024 12:03 PM
To: 'gaoliming' ; devel@edk2.groups.io
Cc: Srinivasan Mani ; Sundaresan S ; 
michael.d.kin...@intel.com; zhiguang@intel.com; Felix Polyudov 
; Rabisha R 
Subject: RE: [EXTERNAL] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table 
Revision 4 structure

Hi Liming,
  Pull request is done and pipelines are built successfully and the patch 
is ready to push to the master.

Thanks,
Praveen Sankar

-Original Message-
From: gaoliming 
Sent: Monday, May 6, 2024 7:53 AM
To: Praveen Sankar N ; devel@edk2.groups.io
Cc: Srinivasan Mani ; Sundaresan S ; 
michael.d.kin...@intel.com; zhiguang@intel.com; Felix Polyudov 
; Rabisha R 
Subject: [EXTERNAL] 回复: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 
structure


**CAUTION: The e-mail below is from an external source. Please exercise caution 
before opening attachments, clicking links, or following guidance.**

Reviewed-by: Liming Gao 

> -邮件原件-
> 发件人: Praveen Sankar N 
> 发送时间: 2024年5月2日 19:16
> 收件人: devel@edk2.groups.io
> 抄送: gaolim...@byosoft.com.cn; Srinivasan Mani ;
> Sundaresan S ; michael.d.kin...@intel.com;
> zhiguang@intel.com; Felix Polyudov ; Rabisha R
> 
> 主题: [PATCH v4 1/1] MdePkg: Added new SPCR table Revision 4 structure
>
> In SPCR table, 4 structure members have been added newly as per SPCR
> table Revision 4, which has to be added in
> MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h.
>
> Signed-off-by: Praveen Sankar N praveensank...@ami.com
>
> Cc: michael.d.kin...@intel.com
>
> Cc: gaolim...@byosoft.com.cn
>
> Cc: zhiguang@intel.com
>
> Cc: fel...@ami.com
>
> Cc: srinivas...@ami.com
>
> Cc: sundares...@ami.com
>
> Cc: rabis...@ami.com
> ---
>  .../SerialPortConsoleRedirectionTable.h   | 32 +++
>  1 file changed, 32 insertions(+)
>
> diff --git
> a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> index eb5ae28390..bf967880ab 100644
> ---
> a/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> +++
> b/MdePkg/Include/IndustryStandard/SerialPortConsoleRedirectionTable.h
> @@ -23,6 +23,7 @@
>  ///
>
>  #define
> EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION  0x02
>
>
>
> +#define
> EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_REVISION
> 0x04
>
>  ///
>
>  /// Serial Port Console Redirection Table Format
>
>  ///
>
> @@ -50,6 +51,37 @@ typedef struct {
>UINT32Reserved3;
>
>  } EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
>
>
>
> +///
>
> +/// Serial Port Console Redirection Table Format Revision 4
>
> +///
>
> +typedef struct {
>
> +  EFI_ACPI_DESCRIPTION_HEADER   Header;
>
> +  UINT8 InterfaceType;
>
> +  UINT8 Reserved1[3];
>
> +  EFI_ACPI_5_0_GENERIC_ADDRESS_STRUCTUREBaseAddress;
>
> +  UINT8 InterruptType;
>
> +  UINT8 Irq;
>
> +  UINT32
> GlobalSystemInterrupt;
>
> +  UINT8 BaudRate;
>
> +  UINT8 Parity;
>
> +  UINT8 StopBits;
>
> +  UINT8 FlowControl;
>
> +  UINT8 TerminalType;
>
> +  UINT8 Reserved2;
>
> +  UINT16PciDeviceId;
>
> +  UINT16PciVendorId;
>
> +  UINT8 PciBusNumber;
>
> +  UINT8 PciDeviceNumber;
>
> +  UINT8 PciFunctionNumber;
>
> +  UINT32PciFlags;
>
> +  UINT8 PciSegment;
>
> +  UINT32UartClockFrequency;
>
> +  UINT32PreciseBaudRate;
>
> +  UINT16
> NameSpaceStrLength;
>
> +  UINT16
> NameSpaceStrOffset;
>
> +  CHAR8
> NameSpaceString[0];
>
> +} EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE;
>
> +
>
>  #pragma pack()
>
>
>
>  //
>
> --
> 2.38.1.windows.1
> -The information contained in this message may be confidential and
> proprietary to American Megatrends (AMI). This communication is
> intended
to
> be read only by the individual or entity to whom it is addressed or by
their
> designee. If the reader of this message is not the intended recipient,
> you
are
> on notice that any distribution of this message, in any form, is
> strictly prohibited. Please promptly notify the sender by reply e-mail
> or by
telephone
> at 770-246-8600, and then delete or destroy all 

Re: [edk2-devel] [edk2-platforms] [PATCH v1 1/2] MinPlatform: Add MpInfo2HobPei

[Chiu, Chasel]

Hi Nate,

Change looks good.
Reviewed-by: Chasel Chiu 

Just one minor optimization you might consider in below inline when merging 
this patch series.

Thanks,
Chasel


> -Original Message-
> From: Desimone, Nathaniel L 
> Sent: Wednesday, May 8, 2024 5:09 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Liming Gao
> ; Dong, Eric ; Chaganty,
> Rangasai V ; Chuang, Rosen
> ; Kasbekar, Saloni 
> Subject: [edk2-platforms] [PATCH v1 1/2] MinPlatform: Add MpInfo2HobPei
> 
> MpInfo2HobPei provides backwards compatibility between FSP binaries built with
> older versions of EDK II and the latest EDK II.
> 
> Newer versions of CpuMpPei produce the gMpInformation2HobGuid. This HOB is
> required by newer implementations of the CPU DXE driver, however older
> versions of CpuMpPei do not produce it. This PEIM will check if CpuMpPei 
> creates
> gMpInformation2HobGuid and if it does not it creates it.
> 
> Cc: Chasel Chiu 
> Cc: Liming Gao 
> Cc: Eric Dong 
> Cc: Sai Chaganty 
> Cc: Rosen Chuang 
> Cc: Saloni Kasbekar 
> Signed-off-by: Nate DeSimone 
> ---
>  .../FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c  | 236 ++
>  .../MpInfo2HobPei/MpInfo2HobPei.inf   |  47 
>  .../Intel/MinPlatformPkg/MinPlatformPkg.dsc   |   3 +-
>  3 files changed, 285 insertions(+), 1 deletion(-)  create mode 100644
> Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c
>  create mode 100644
> Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.inf
> 
> diff --git
> a/Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c
> b/Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobPei.c
> new file mode 100644
> index 00..4cbc4cf7e6
> --- /dev/null
> +++
> b/Platform/Intel/MinPlatformPkg/FspWrapper/MpInfo2HobPei/MpInfo2HobP
> +++ ei.c
> @@ -0,0 +1,236 @@
> +/** @file
> +  Multi-processor Info 2 HOB PEIM.
> +
> +  The purpose of this PEIM is to provide backwards compatibility
> + between FSP  binaries built with older versions of EDK II and the latest 
> EDK II.
> +
> +  Newer versions of CpuMpPei produce the gMpInformation2HobGuid. This
> + HOB is  required by newer implementations of the CPU DXE driver,
> + however older  versions of CpuMpPei do not produce it. This PEIM will
> + check if CpuMpPei  creates gMpInformation2HobGuid and if it does not it
> creates it.
> +
> +Copyright (c) 2024, Intel Corporation. All rights reserved.
> +
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include  #include
> +
> +
> +#include 
> +#include 
> +#include 
> +
> +typedef struct {
> +  EDKII_PEI_MP_SERVICES2_PPI*CpuMpPpi2;
> +  UINT8 *CoreTypes;
> +} GET_PROCESSOR_CORE_TYPE_BUFFER;
> +
> +/**
> +  Get CPU core type.
> +
> +  @param[in, out] Buffer  Argument of the procedure.
> +**/
> +VOID
> +EFIAPI
> +GetProcessorCoreType (
> +  IN OUT VOID  *Buffer
> +  )
> +{
> +  EFI_STATUS   Status;
> +  UINT8*CoreTypes;
> +  CPUID_NATIVE_MODEL_ID_AND_CORE_TYPE_EAX
> NativeModelIdAndCoreTypeEax;
> +  UINTNProcessorIndex;
> +  GET_PROCESSOR_CORE_TYPE_BUFFER   *Params;
> +
> +  Params = (GET_PROCESSOR_CORE_TYPE_BUFFER *)Buffer;  Status =
> + Params->CpuMpPpi2->WhoAmI (Params->CpuMpPpi2, );
> + ASSERT_EFI_ERROR (Status);
> +
> +  CoreTypes = Params->CoreTypes;
> +  AsmCpuidEx (CPUID_HYBRID_INFORMATION,
> +CPUID_HYBRID_INFORMATION_MAIN_LEAF,
> +, NULL, NULL, NULL);
> +  CoreTypes[ProcessorIndex] =
> +(UINT8)NativeModelIdAndCoreTypeEax.Bits.CoreType;
> +}
> +
> +/**
> +  Create gMpInformation2HobGuid.
> +**/
> +VOID
> +BuildMpInformationHob (
> +  IN  EDKII_PEI_MP_SERVICES2_PPI  *CpuMpPpi2
> +  )
> +{
> +  GET_PROCESSOR_CORE_TYPE_BUFFER  Buffer;
> +  EFI_STATUS  Status;
> +  UINTN   ProcessorIndex;
> +  UINTN   NumberOfProcessors;
> +  UINTN   NumberOfEnabledProcessors;
> +  UINTN   NumberOfProcessorsInHob;
> +  UINTN   MaxProcessorsPerHob;
> +  MP_INFORMATION2_HOB_DATA*MpInformation2HobData;
> +  MP_INFORMATION2_ENTRY   *MpInformation2Entry;
> +  UINTN   Index;
> +  UINT8   *CoreTypes;
> +  UINT32  CpuidMaxInput;
> +  UINTN   CoreTypePages;
> +
> +  ProcessorIndex= 0;
> +  MpInformation2HobData = NULL;
> +  MpInformation2Entry   = NULL;
> +  CoreTypes = NULL;
> +  CoreTypePages = 0;
> +
> +  Status = CpuMpPpi2->GetNumberOfProcessors (
> +CpuMpPpi2,
> +,
> +
> +);
> +  ASSERT_EFI_ERROR (Status);
> +  if (EFI_ERROR (Status)) {
> +goto Done;
> +  }
> +
> +  //
> +  // Get Processors 

Re: [edk2-devel][edk2-stable202405] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Wenxing Hou]

Hi all,

Do you have any feedback?

 The current Patch Set status is:
This patch set was submitted before soft feature freeze.
Some reviewd-by was added before soft feature freeze starts.
Some reviewd-by was added after soft feature freeze starts.
And the Patch set is: Acked-by: Jiewen Yao 
 Reviewed-by: Yi Li 

Mike is on vacation, maybe he will not have feedback.

Dear Tianocore Stewards,  If you don't have any feedback.
We will merge it today.


Thanks!
Wenxing

-Original Message-
From: gaoliming  
Sent: Thursday, May 9, 2024 8:35 PM
To: Hou, Wenxing ; devel@edk2.groups.io; Li, Yi1 

Cc: Yao, Jiewen ; 'Leif Lindholm' 
; 'Andrew Fish' ; Kinney, Michael D 

Subject: 回复: [edk2-devel][edk2-stable202405] [PATCH v3 00/11] Add more crypt 
APIs based on Mbedtls

Include more people for feedback.

> -邮件原件-
> 发件人: Hou, Wenxing 
> 发送时间: 2024年5月9日 17:35
> 收件人: devel@edk2.groups.io; gaolim...@byosoft.com.cn; Li, Yi1 
> 
> 抄送: Yao, Jiewen 
> 主题: RE: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on 
> Mbedtls
> 
> Hi Liming,
> Thanks for your suggestion.
> 
> 
> Hi all,
> The current Patch Set status is:
>   This patch set was submitted before soft feature freeze.
>   It passed code review after soft feature freeze starts.
>   And the Patch set is: Acked-by: Jiewen Yao 
>Reviewed-by: Yi Li 
> 
> We want to catch this 202405 stable tag.
> If anyone have feedback, please let me know.
> 
> Thanks,
> Wenxing
> 
> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of 
> gaoliming via groups.io
> Sent: Thursday, May 9, 2024 4:59 PM
> To: devel@edk2.groups.io; Li, Yi1 ; Hou, Wenxing 
> 
> Cc: Yao, Jiewen 
> Subject: 回复: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based 
> on Mbedtls
> 
> Seemly, this change is new feature to add more crypt APIs based on Mbedtls.
> 
> This patch set was submitted before soft feature freeze. But, it 
> passed code review after soft feature freeze starts.
> 
> Based on current rule, this patch set is not allowed to be merged for 
> this stable tag 202405.
> 
> If you want to catch this stable tag, please raise this requirement to 
> the mail list and collect the feedback.
> 
> Thanks
> Liming
> > -邮件原件-
> > 发件人: devel@edk2.groups.io  代表 Li, Yi
> > 发送时间: 2024年5月9日 16:33
> > 收件人: Hou, Wenxing ; gaoliming 
> > ; devel@edk2.groups.io
> > 抄送: Yao, Jiewen 
> > 主题: Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on
> Mbedtls
> >
> > This patch set was submitted before soft freeze and will not affect 
> > other
> existed
> > codes, I am OK to merge it.
> >
> > Hi Liming,
> >
> > Do you have any comments?  I will merge it if no objections.
> >
> > Thanks,
> > Yi
> >
> > -Original Message-
> > From: Hou, Wenxing 
> > Sent: Thursday, May 9, 2024 4:29 PM
> > To: Li, Yi1 ; devel@edk2.groups.io
> > Cc: Yao, Jiewen ; gaoliming 
> > 
> > Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > Hi,
> >
> > Thanks for your feedback.
> > The new PR is: https://github.com/tianocore/edk2/pull/5645
> >
> > Could Li Yi help me merge the PR?
> >
> > Thanks,
> > Wenxing
> >
> > -Original Message-
> > From: Li, Yi1 
> > Sent: Thursday, May 9, 2024 2:54 PM
> > To: Hou, Wenxing ; devel@edk2.groups.io
> > Cc: Yao, Jiewen 
> > Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > For this patch set:
> >
> > Looks good to me.
> > Reviewed-by: Yi Li 
> >
> >
> > -Original Message-
> > From: Hou, Wenxing 
> > Sent: Thursday, May 9, 2024 2:27 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen ; Li, Yi1 
> > Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
> >
> > Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
> > RSA/PKCS5/pKCS7/Authenticode/Timestamp
> > implementation based on Mbedtls.
> >
> > The patch has passed the EDKII CI check:
> > https://github.com/tianocore/edk2/pull/5552
> >
> > And the patch has passed unit_test in EDKII and integration test for
> platform.
> > And the patch hass passed the fuzz test:
> > https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f779
> > 1d
> > 4
> > 68a184530b6ab89128
> >
> > v2 changes:
> >  - Fix format variable name/hardcode number issue;
> >  - Fix Pkcs7 memory leak;
> >
> > v3 changes:
> >  - Fix some issues form reviewer;
> >  - Add SHA3/SM3 implementation;
> >  - Update *.inf files;
> >
> > Cc: Jiewen Yao 
> > Cc: Yi Li 
> > Signed-off-by: Wenxing Hou 
> >
> > Wenxing Hou (11):
> >   CryptoPkg: Add AeadAesGcm based on Mbedtls
> >   CryptoPkg: Add rand function for BaseCryptLibMbedTls
> >   CryptoPkg: Add Pem APIs based on Mbedtls
> >   CryptoPkg: Add X509 functions based on Mbedtls
> >   CryptoPkg: Add Pkcs7 related functions based on Mbedtls
> >   CryptoPkg: Add Pkcs5 functions based on Mbedtls
> >   CryptoPkg: Add more RSA related 

Re: [edk2-devel] [PATCH v7 0/5] Adding support for veborse UEFI Table dumping to Dmem.c

[Sam Kaynor]

Liming,

I have not made a Pull Request for this patch set, should I make one?

Thanks,
Sam

-Original Message-
From: gaoliming 
Sent: Sunday, May 5, 2024 9:49 PM
To: Sam Kaynor ; devel@edk2.groups.io
Cc: 'Ray Ni' ; 'Zhichao Gao' ; 
'Michael D Kinney' ; 'Zhiguang Liu' 
; Stuart Yoder 
Subject: 回复: [PATCH v7 0/5] Adding support for veborse UEFI Table dumping to 
Dmem.c

Sam:

Thanks for your update. This version patch is good to me. Reviewed-by:
Liming Gao 

Besides, is there a Pull Request for this patch set?

Thanks
Liming
> -邮件原件-
> 发件人: Sam Kaynor 
> 发送时间: 2024年5月1日 22:58
> 收件人: devel@edk2.groups.io
> 抄送: Ray Ni ; Zhichao Gao ;
> Michael D Kinney ; Liming Gao
> ; Zhiguang Liu ;
> Stuart Yoder 
> 主题: [PATCH v7 0/5] Adding support for veborse UEFI Table dumping to
> Dmem.c
>
> This adds an additional option to the dmem UEFI shell command for
> verbose dumping of a couple of UEFI tables.
>
> The tables specified are the RT Properties Table, the Image Execution
Table,
> and the Conformance Profiles table.
>
> Supporting objects are added in the .inf and .uni files relating to
> Dmem.c
and
> an additional header file for the Conformance Profiles table was added.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4352
>
> v6->v7:
> - Additional patch to separate UEFI and EBBR Guids
>
> Cc: Ray Ni 
> Cc: Zhichao Gao 
> Cc: Michael D Kinney 
> Cc: Liming Gao 
> Cc: Zhiguang Liu 
> Cc: Stuart Yoder 
> Signed-off-by: Sam Kaynor 
>
> Sam Kaynor (5):
>   ShellPkg: UefiShellDebug1CommandsLib: Dumping RT Properties in
> Dmem.c
>   ShellPkg: UefiShellDebug1CommandsLib: Image Execution Table in Dmem.c
>   MdePkg: Adding support for EFI_CONFORMANCE_PROFILE_TABLE
>   MdePkg: Adding EBBR EFI_CONFORMANCE_PROFILE_TABLE GUIDs
>   ShellPkg: UefiShellDebug1CommandsLib: Conformance Profiles in Dmem.c
>
>  MdePkg/MdePkg.dec
> |  10 +
>
> ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsL
> ib.inf |   4 +
>  MdePkg/Include/Guid/ConformanceProfiles.h
> |  63 
>  ShellPkg/Library/UefiShellDebug1CommandsLib/Dmem.c
> | 321 ++--
>
> ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsL
> ib.uni |  31 +-
>  5 files changed, 402 insertions(+), 27 deletions(-)  create mode
> 100644 MdePkg/Include/Guid/ConformanceProfiles.h
>
> --
> 2.34.1



IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118771): https://edk2.groups.io/g/devel/message/118771
Mute This Topic: https://groups.io/mt/106009401/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1] MinPlatformPkg/Test: Fix DumpAcpiMadt infinite loop

[Nate DeSimone]

Pushed as 3f89df4

> -Original Message-
> From: Abdul Lateef Attar 
> Sent: Monday, April 22, 2024 7:04 AM
> To: devel@edk2.groups.io
> Cc: Abdul Lateef Attar ; Chiu, Chasel
> ; Desimone, Nathaniel L
> ; Liming Gao ;
> Dong, Eric 
> Subject: [PATCH v1] MinPlatformPkg/Test: Fix DumpAcpiMadt infinite loop
> 
> Update the MadtLen varaible before the next record is read, to void infinite
> loop.
> 
> Cc: Chasel Chiu 
> Cc: Nate DeSimone 
> Cc: Liming Gao 
> Cc: Eric Dong 
> Signed-off-by: Abdul Lateef Attar 
> ---
>  .../Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c  | 7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git 
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
>  
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
> index 7e29b47a0b..04cc6f963a 100644
> --- 
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
> +++ 
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
> @@ -1,6 +1,7 @@
>  /** @file
>  
>  Copyright (c) 2017, Intel Corporation. All rights reserved.
> +Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>  
>  **/
> @@ -235,8 +236,9 @@ DumpAcpiMadt (
>DEBUG ((DEBUG_INFO, "\n"));
>break;
>  }
> -ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
> +// Update MadtLen first to avoid the dead loop and system hang
>  MadtLen -= ApicStructHeader->Length;
> +ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
>}
>  }
>  
> @@ -324,8 +326,9 @@ CheckAcpiMadt (
>  default:
>break;
>  }
> -ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
> +// Update MadtLen first to avoid the dead loop and system hang
>  MadtLen -= ApicStructHeader->Length;
> +ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
>}
>return EFI_SUCCESS;
>  }
> \ No newline at end of file
> -- 
> 2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118770): https://edk2.groups.io/g/devel/message/118770
Mute This Topic: https://groups.io/mt/105669987/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1] MinPlatformPkg/Test: Fix DumpAcpiMadt infinite loop

[Nate DeSimone]

Reviewed-by: Nate DeSimone 

> -Original Message-
> From: Abdul Lateef Attar 
> Sent: Monday, April 22, 2024 7:04 AM
> To: devel@edk2.groups.io
> Cc: Abdul Lateef Attar ; Chiu, Chasel
> ; Desimone, Nathaniel L
> ; Liming Gao ;
> Dong, Eric 
> Subject: [PATCH v1] MinPlatformPkg/Test: Fix DumpAcpiMadt infinite loop
> 
> Update the MadtLen varaible before the next record is read, to void infinite
> loop.
> 
> Cc: Chasel Chiu 
> Cc: Nate DeSimone 
> Cc: Liming Gao 
> Cc: Eric Dong 
> Signed-off-by: Abdul Lateef Attar 
> ---
>  .../Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c  | 7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git 
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
>  
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
> index 7e29b47a0b..04cc6f963a 100644
> --- 
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
> +++ 
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/DxeCheckAcpiMadt.c
> @@ -1,6 +1,7 @@
>  /** @file
>  
>  Copyright (c) 2017, Intel Corporation. All rights reserved.
> +Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>  
>  **/
> @@ -235,8 +236,9 @@ DumpAcpiMadt (
>DEBUG ((DEBUG_INFO, "\n"));
>break;
>  }
> -ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
> +// Update MadtLen first to avoid the dead loop and system hang
>  MadtLen -= ApicStructHeader->Length;
> +ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
>}
>  }
>  
> @@ -324,8 +326,9 @@ CheckAcpiMadt (
>  default:
>break;
>  }
> -ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
> +// Update MadtLen first to avoid the dead loop and system hang
>  MadtLen -= ApicStructHeader->Length;
> +ApicStructHeader = (APIC_STRUCT_HEADER *)((UINT8 *)ApicStructHeader + 
> ApicStructHeader->Length);
>}
>return EFI_SUCCESS;
>  }
> \ No newline at end of file
> -- 
> 2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118769): https://edk2.groups.io/g/devel/message/118769
Mute This Topic: https://groups.io/mt/105669987/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] 回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[Doug Flick via groups.io]

>From the two CVE patches there should be no functional differences to a 
>platform assuming the platform provides them with a RNG implementation and 
>HASH2 implementation. 

The "NetworkPkg:: SECURITY PATCH CVE-2023-45237" change simply get's it's 
random numbers from outside of the NetworkPkg and makes it a platform decision.
The "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236" changes how the TCP Isn 
number is generated and puts the platform in compliance with the relevant 
specification. 

There is a functional change with  "SecurityPkg: RngDxe: Remove incorrect 
limitation on GetRng" as this will now allow a caller to call less than 32 
bytes. 

The other changes are unit tests and platform integration changes.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118768): https://edk2.groups.io/g/devel/message/118768
Mute This Topic: https://groups.io/mt/105998004/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

>
> So this patch is necessary as otherwise, QEMU fails to boot due to a
> missing source of randomness in the network drivers, right?
>

So I added this based on your initial suggestion to get the ArmVirtPkg working 
- running it locally (and against the pipelines) shows this isn't necessary. So 
I'll drop the commits.

There were concerns around compatibility, however the only fallback we would be 
able to do from NetworkPkg is depend on the time based LCG that we've 
considered a high profile CVE. This is where NetworkPkg must depend on the 
platform to provide it Rng and Hashing services. Fundamentally the platform 
must own it's own security. 

>
> RNDR raises another interesting problem, by the way - the ARM arch
> spec requires RNDR to be backed by an appropriate DRBG that complies
> with the NIST spec but it does not specify which one. IOW, it is
> backed by a DRBG not by a raw entropy source, but specifying which
> DRBG (by GUID) is not generally feasible, as the guest VM firmware
> cannot interrogate the host about which DRBG is behind RNDR.
>

This is why the PCD `PcdEnforceSecureRngAlgorithms` exists. The platform can 
make the determination to depend on default if they understand the security 
implications behind that. Additionally, the platform is free to override RngDxe 
and provide their own implementations. 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118767): https://edk2.groups.io/g/devel/message/118767
Mute This Topic: https://groups.io/mt/105996580/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: 回复: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: Adds integer to the AML package node

[Abdul Lateef Attar via groups.io]

Thanks Sami and Liming for quick response and creating the PR.

PR looks good : https://github.com/tianocore/edk2/pull/5647/

Thanks

AbduL


On 09-05-2024 18:06, gaoliming wrote:



Caution: This message originated from an External Source. Use proper 
caution when opening attachments, clicking links, or responding.



Sami:

Thanks for your update. I agree Pierre reviewed this patch before the 
soft feature freeze. So, this patch can be merged for this stable tag 
202405.


Thanks

Liming

*发件人:*devel@edk2.groups.io  *代表 *Sami Mujawar
*发送时间:*2024年5月9日18:18
*收件人:*devel@edk2.groups.io; gaolim...@byosoft.com.cn; 'Attar, 
AbdulLateef (Abdul Lateef)' 
*抄送:*Pierre Gondois ; 'Leif Lindholm' 
; 'Andrew Fish' ; 'Michael 
Kinney' 
*主题:*Re: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node


Hi Liming,

>What’s your comments for this patch?

The patch was reviewed by Pierre at 
https://edk2.groups.io/g/devel/message/118589 before the feature 
freeze email was sent out.


Pierre had some minor recommendations that Abdul has addressed in the 
V2 patch. Ideally Pierre’s the r-b tag could have been carried forward.


>Is this a required bug fix or new feature?

This is adding a new feature by introducing a new API, and I think it 
should not impact the existing functionality as such.


So, by merging this patch the risk of breaking existing functionality 
seems to be low.


This patch looks good to me.

Reviewed-by: Sami Mujawar 

Regards,

Sami Mujawar

*From: * on behalf of "gaoliming via groups.io" 

*Reply to: *"devel@edk2.groups.io" , 
"gaolim...@byosoft.com.cn" 

*Date: *Thursday 9 May 2024 at 10:01
*To: *"'Attar, AbdulLateef (Abdul Lateef)'" 
, "devel@edk2.groups.io" 
*Cc: *Pierre Gondois , Sami Mujawar 
, 'Leif Lindholm' , 
'Andrew Fish' , 'Michael Kinney' 

*Subject: *回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node

*Resent from: *
*Resent date: *Thursday 9 May 2024 at 10:00

Sami and Pierre:

What’s your comments for this patch? Is this a required bug fix or new 
feature?


Thanks

Liming

*发件人**:*Attar, AbdulLateef (Abdul Lateef) 
*发送时间**:*2024年5月9日16:39
*收件人**:*gaoliming ; devel@edk2.groups.io
*抄送**:*'Pierre Gondois' ; 'Sami Mujawar' 

*主题**:*Re: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node


[AMD Official Use Only - General]

Hi Liming,

    This patch provides an API to add integer value to AML package node.

Using this API user can create CXL device with two PNPID.

Without this API user has to rely on static ASL files.

This patch is required for platform who uses DynamicTablesPkg to 
generate ACPI tables based on this stable release.


Thanks

AbduL



*From:*gaoliming 
*Sent:* Thursday, May 9, 2024 1:10 PM
*To:* devel@edk2.groups.io ; Attar, AbdulLateef 
(Abdul Lateef) 
*Cc:* 'Pierre Gondois' ; 'Sami Mujawar' 

*Subject:* 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node


Caution: This message originated from an External Source. Use proper 
caution when opening attachments, clicking links, or responding.



Abdul:
  Can you give more information why this change is required for this 
stable

tag 202405?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表Abdul Lateef
> Attar via groups.io
> 发送时间: 2024年5月9日12:49
> 收件人: devel@edk2.groups.io
> 抄送: Abdul Lateef Attar ; Pierre Gondois
> ; Sami Mujawar 
> 主题: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
> DynamicTablesPkg: Adds integer to the AML package node
>
> Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
> which adds an integer value to the package node.
>
> Cc: Pierre Gondois 
> Cc: Sami Mujawar 
> Signed-off-by: Abdul Lateef Attar 
> ---
> .../Include/Library/AmlLib/AmlLib.h   | 41 +++-
> .../Common/AmlLib/CodeGen/AmlCodeGen.c    | 67
> +++
>  2 files changed, 107 insertions(+), 1 deletion(-)
>
> diff --git a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> index 82d5464084..4427ab68fa 100644
> --- a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> +++ b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> @@ -2,7 +2,7 @@
>    AML Lib.
>
>    Copyright (c) 2019 - 2023, Arm Limited. All rights reserved.
> -  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights
reserved.
> +  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights
> reserved.
>
>    SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> @@ -1743,6 +1743,45 @@ AmlAddNameStringToNamedPackage (
>    IN AML_OBJECT_NODE_HANDLE  NamedNode
>    );
>
> +/** Add an integer value to the named package node.
> +
> +  AmlCodeGenNamePackage ("_CID", NULL, );
> +  AmlGetEisaIdFromString ("PNP0A03", );
> +  

Re: [edk2-devel] [edk2-redfish-client][PATCH] Tool/Redfish-Profile-Simulator: fix Werkzeug security issue

[Chang, Abner via groups.io]

[AMD Official Use Only - General]

Reviewed-by: Abner Chang 

> -Original Message-
> From: Nickle Wang 
> Sent: Wednesday, May 8, 2024 4:09 PM
> To: devel@edk2.groups.io
> Cc: Chang, Abner ; Igor Kulchytskyy
> ; Nick Ramirez 
> Subject: [edk2-redfish-client][PATCH] Tool/Redfish-Profile-Simulator: fix
> Werkzeug security issue
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> Upgrade Werkzeug to version 3.0.3 to address CVE-2024-34069
>
> Signed-off-by: Nickle Wang 
> Cc: Abner Chang 
> Cc: Igor Kulchytskyy 
> Cc: Nick Ramirez 
> ---
>  Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py | 7 ---
>  Tools/Redfish-Profile-Simulator/requirements.txt   | 6 ++
>  2 files changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
> b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
> index 91c792a2b..58697328a 100644
> --- a/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
> +++ b/Tools/Redfish-Profile-Simulator/redfishProfileSimulator.py
> @@ -1,6 +1,7 @@
>  # Copyright Notice:
>  #
>  # Copyright (c) 2019, Intel Corporation. All rights reserved.
> +# Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights
> reserved.
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
>  # Copyright Notice:
> @@ -89,8 +90,8 @@ class
> PreconditionRequired(werkzeug.exceptions.HTTPException):
>
>  def main(argv):
>  #Monkey patch the set_etag() method for conditional request.
> -_old_set_etag = werkzeug.ETagResponseMixin.set_etag
> -@functools.wraps(werkzeug.ETagResponseMixin.set_etag)
> +_old_set_etag = werkzeug.wrappers.Response.set_etag
> +@functools.wraps(werkzeug.wrappers.Response.set_etag)
>  def _new_set_etag(self, etag, weak=False):
>  # only check the first time through; when called twice
>  # we're modifying
> @@ -107,7 +108,7 @@ def main(argv):
>  raise NotModified
>  flask.g.condtnl_etags_start = False
>  _old_set_etag(self, etag, weak)
> -werkzeug.ETagResponseMixin.set_etag = _new_set_etag
> +werkzeug.wrappers.Response.set_etag = _new_set_etag
>
>  # set default option args
>  rf_profile_path = os.path.abspath("./MockupData/SimpleOcpServerV1")
> diff --git a/Tools/Redfish-Profile-Simulator/requirements.txt b/Tools/Redfish-
> Profile-Simulator/requirements.txt
> index 359a81446..83d2d8130 100644
> --- a/Tools/Redfish-Profile-Simulator/requirements.txt
> +++ b/Tools/Redfish-Profile-Simulator/requirements.txt
> @@ -1,5 +1,3 @@
> -Werkzeug==0.16
> -Jinja2==3.0.3
> -itsdangerous==2.0.1
> -flask==1.1.1
> +Werkzeug>=3.0.3
> +flask==3.0.0
>  pyOpenSSL
> --
> 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118765): https://edk2.groups.io/g/devel/message/118765
Mute This Topic: https://groups.io/mt/105977266/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

回复: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: Adds integer to the AML package node

[gaoliming via groups.io]

Sami:

  Thanks for your update. I agree Pierre reviewed this patch before the soft 
feature freeze. So, this patch can be merged for this stable tag 202405.

 

Thanks

Liming

发件人: devel@edk2.groups.io  代表 Sami Mujawar
发送时间: 2024年5月9日 18:18
收件人: devel@edk2.groups.io; gaolim...@byosoft.com.cn; 'Attar, AbdulLateef (Abdul 
Lateef)' 
抄送: Pierre Gondois ; 'Leif Lindholm' 
; 'Andrew Fish' ; 'Michael Kinney' 

主题: Re: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node

 

Hi Liming,

 

> What’s your comments for this patch?

The patch was reviewed by Pierre at 
https://edk2.groups.io/g/devel/message/118589 before the feature freeze email 
was sent out.

Pierre had some minor recommendations that Abdul has addressed in the V2 patch. 
Ideally Pierre’s the r-b tag could have been carried forward.

 

> Is this a required bug fix or new feature?

This is adding a new feature by introducing a new API, and I think it should 
not impact the existing functionality as such. 

So, by merging this patch the risk of breaking existing functionality seems to 
be low.

 

This patch looks good to me.

Reviewed-by: Sami Mujawar mailto:sami.muja...@arm.com> >

 

Regards,

 

Sami Mujawar

 

 

 

From: mailto:devel@edk2.groups.io> > on behalf of 
"gaoliming via groups.io" mailto:gaoliming=byosoft.com...@groups.io> >
Reply to: "devel@edk2.groups.io  " 
mailto:devel@edk2.groups.io> >, 
"gaolim...@byosoft.com.cn  " 
mailto:gaolim...@byosoft.com.cn> >
Date: Thursday 9 May 2024 at 10:01
To: "'Attar, AbdulLateef (Abdul Lateef)'" mailto:abdullateef.at...@amd.com> >, "devel@edk2.groups.io 
 " mailto:devel@edk2.groups.io> >
Cc: Pierre Gondois mailto:pierre.gond...@arm.com> >, 
Sami Mujawar mailto:sami.muja...@arm.com> >, 'Leif 
Lindholm' mailto:quic_llind...@quicinc.com> >, 
'Andrew Fish' mailto:af...@apple.com> >, 'Michael Kinney' 
mailto:michael.d.kin...@intel.com> >
Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node
Resent from: mailto:gaolim...@byosoft.com.cn> >
Resent date: Thursday 9 May 2024 at 10:00

 

Sami and Pierre:

  What’s your comments for this patch? Is this a required bug fix or new 
feature?

 

Thanks

Liming

发件人: Attar, AbdulLateef (Abdul Lateef) mailto:abdullateef.at...@amd.com> > 
发送时间: 2024年5月9日 16:39
收件人: gaoliming mailto:gaolim...@byosoft.com.cn> >; 
devel@edk2.groups.io  
抄送: 'Pierre Gondois' mailto:pierre.gond...@arm.com> >; 
'Sami Mujawar' mailto:sami.muja...@arm.com> >
主题: Re: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: 
Adds integer to the AML package node

 

[AMD Official Use Only - General]

 

Hi Liming,

This patch provides an API to add integer value to AML package node.

Using this API user can create CXL device with two PNPID.

Without this API user has to rely on static ASL files.

 

This patch is required for platform who uses DynamicTablesPkg to generate ACPI 
tables based on this stable release.

 

Thanks

AbduL

  _  

From: gaoliming mailto:gaolim...@byosoft.com.cn> >
Sent: Thursday, May 9, 2024 1:10 PM
To: devel@edk2.groups.io   mailto:devel@edk2.groups.io> >; Attar, AbdulLateef (Abdul Lateef) 
mailto:abdullateef.at...@amd.com> >
Cc: 'Pierre Gondois' mailto:pierre.gond...@arm.com> >; 
'Sami Mujawar' mailto:sami.muja...@arm.com> >
Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node 

 

Caution: This message originated from an External Source. Use proper caution 
when opening attachments, clicking links, or responding.


Abdul:
  Can you give more information why this change is required for this stable
tag 202405?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io   
> mailto:devel@edk2.groups.io> > 代表 Abdul Lateef
> Attar via groups.io
> 发送时间: 2024年5月9日 12:49
> 收件人: devel@edk2.groups.io  
> 抄送: Abdul Lateef Attar   >; Pierre Gondois
> mailto:pierre.gond...@arm.com> >; Sami Mujawar 
> mailto:sami.muja...@arm.com> >
> 主题: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
> DynamicTablesPkg: Adds integer to the AML package node
>
> Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
> which adds an integer value to the package node.
>
> Cc: Pierre Gondois mailto:pierre.gond...@arm.com> >
> Cc: Sami Mujawar mailto:sami.muja...@arm.com> >
> Signed-off-by: Abdul Lateef Attar   >
> ---
>  .../Include/Library/AmlLib/AmlLib.h   | 41 +++-
>  .../Common/AmlLib/CodeGen/AmlCodeGen.c| 67
> +++
>  2 files changed, 107 insertions(+), 1 deletion(-)
>
> diff --git a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> 

回复: [edk2-devel][edk2-stable202405] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[gaoliming via groups.io]

Include more people for feedback.

> -邮件原件-
> 发件人: Hou, Wenxing 
> 发送时间: 2024年5月9日 17:35
> 收件人: devel@edk2.groups.io; gaolim...@byosoft.com.cn; Li, Yi1
> 
> 抄送: Yao, Jiewen 
> 主题: RE: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> Hi Liming,
> Thanks for your suggestion.
> 
> 
> Hi all,
> The current Patch Set status is:
>   This patch set was submitted before soft feature freeze.
>   It passed code review after soft feature freeze starts.
>   And the Patch set is: Acked-by: Jiewen Yao 
>Reviewed-by: Yi Li 
> 
> We want to catch this 202405 stable tag.
> If anyone have feedback, please let me know.
> 
> Thanks,
> Wenxing
> 
> -Original Message-
> From: devel@edk2.groups.io  On Behalf Of gaoliming
> via groups.io
> Sent: Thursday, May 9, 2024 4:59 PM
> To: devel@edk2.groups.io; Li, Yi1 ; Hou, Wenxing
> 
> Cc: Yao, Jiewen 
> Subject: 回复: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on
> Mbedtls
> 
> Seemly, this change is new feature to add more crypt APIs based on Mbedtls.
> 
> This patch set was submitted before soft feature freeze. But, it passed code 
> review
> after soft feature freeze starts.
> 
> Based on current rule, this patch set is not allowed to be merged for this 
> stable
> tag 202405.
> 
> If you want to catch this stable tag, please raise this requirement to the 
> mail list
> and collect the feedback.
> 
> Thanks
> Liming
> > -邮件原件-
> > 发件人: devel@edk2.groups.io  代表 Li, Yi
> > 发送时间: 2024年5月9日 16:33
> > 收件人: Hou, Wenxing ; gaoliming
> > ; devel@edk2.groups.io
> > 抄送: Yao, Jiewen 
> > 主题: Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on
> Mbedtls
> >
> > This patch set was submitted before soft freeze and will not affect
> > other
> existed
> > codes, I am OK to merge it.
> >
> > Hi Liming,
> >
> > Do you have any comments?  I will merge it if no objections.
> >
> > Thanks,
> > Yi
> >
> > -Original Message-
> > From: Hou, Wenxing 
> > Sent: Thursday, May 9, 2024 4:29 PM
> > To: Li, Yi1 ; devel@edk2.groups.io
> > Cc: Yao, Jiewen ; gaoliming
> > 
> > Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > Hi,
> >
> > Thanks for your feedback.
> > The new PR is: https://github.com/tianocore/edk2/pull/5645
> >
> > Could Li Yi help me merge the PR?
> >
> > Thanks,
> > Wenxing
> >
> > -Original Message-
> > From: Li, Yi1 
> > Sent: Thursday, May 9, 2024 2:54 PM
> > To: Hou, Wenxing ; devel@edk2.groups.io
> > Cc: Yao, Jiewen 
> > Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > For this patch set:
> >
> > Looks good to me.
> > Reviewed-by: Yi Li 
> >
> >
> > -Original Message-
> > From: Hou, Wenxing 
> > Sent: Thursday, May 9, 2024 2:27 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen ; Li, Yi1 
> > Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
> >
> > Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More
> > RSA/PKCS5/pKCS7/Authenticode/Timestamp
> > implementation based on Mbedtls.
> >
> > The patch has passed the EDKII CI check:
> > https://github.com/tianocore/edk2/pull/5552
> >
> > And the patch has passed unit_test in EDKII and integration test for
> platform.
> > And the patch hass passed the fuzz test:
> > https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d
> > 4
> > 68a184530b6ab89128
> >
> > v2 changes:
> >  - Fix format variable name/hardcode number issue;
> >  - Fix Pkcs7 memory leak;
> >
> > v3 changes:
> >  - Fix some issues form reviewer;
> >  - Add SHA3/SM3 implementation;
> >  - Update *.inf files;
> >
> > Cc: Jiewen Yao 
> > Cc: Yi Li 
> > Signed-off-by: Wenxing Hou 
> >
> > Wenxing Hou (11):
> >   CryptoPkg: Add AeadAesGcm based on Mbedtls
> >   CryptoPkg: Add rand function for BaseCryptLibMbedTls
> >   CryptoPkg: Add Pem APIs based on Mbedtls
> >   CryptoPkg: Add X509 functions based on Mbedtls
> >   CryptoPkg: Add Pkcs7 related functions based on Mbedtls
> >   CryptoPkg: Add Pkcs5 functions based on Mbedtls
> >   CryptoPkg: Add more RSA related functions based on Mbedtls
> >   CryptoPkg: Add AuthenticodeVerify based on Mbedtls
> >   CryptoPkg: Add ImageTimestampVerify based on Mbedtls
> >   CryptoPkg: Update *.inf in BaseCryptLibMbedTls
> >   Add SHA3/SM3 functions with openssl for Mbedtls
> >
> >  CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
> >  .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
> >  .../Cipher/CryptAeadAesGcm.c  |  227 ++
> >  .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
> >  .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
> >  .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
> >  .../Pk/CryptAuthenticode.c|  214 ++
> >  .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
> >  .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
> >  .../Pk/CryptPkcs7Internal.h   |   29 

Re: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: Adds integer to the AML package node

[Sami Mujawar]

Hi Liming,

If the decision is to merge this patch, I have created a pull request at 
https://github.com/tianocore/edk2/pull/5647

Regards,

Sami Mujawar

From:  on behalf of "Sami Mujawar via groups.io" 

Reply to: "devel@edk2.groups.io" , Sami Mujawar 

Date: Thursday 9 May 2024 at 11:18
To: "devel@edk2.groups.io" , "gaolim...@byosoft.com.cn" 
, "'Attar, AbdulLateef (Abdul Lateef)'" 

Cc: Pierre Gondois , 'Leif Lindholm' 
, 'Andrew Fish' , 'Michael Kinney' 

Subject: Re: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node
Resent from: 
Resent date: Thursday 9 May 2024 at 11:18

Hi Liming,

> What’s your comments for this patch?
The patch was reviewed by Pierre at 
https://edk2.groups.io/g/devel/message/118589 before the feature freeze email 
was sent out.
Pierre had some minor recommendations that Abdul has addressed in the V2 patch. 
Ideally Pierre’s the r-b tag could have been carried forward.

> Is this a required bug fix or new feature?
This is adding a new feature by introducing a new API, and I think it should 
not impact the existing functionality as such.
So, by merging this patch the risk of breaking existing functionality seems to 
be low.

This patch looks good to me.
Reviewed-by: Sami Mujawar 

Regards,

Sami Mujawar



From:  on behalf of "gaoliming via groups.io" 

Reply to: "devel@edk2.groups.io" , 
"gaolim...@byosoft.com.cn" 
Date: Thursday 9 May 2024 at 10:01
To: "'Attar, AbdulLateef (Abdul Lateef)'" , 
"devel@edk2.groups.io" 
Cc: Pierre Gondois , Sami Mujawar 
, 'Leif Lindholm' , 'Andrew 
Fish' , 'Michael Kinney' 
Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node
Resent from: 
Resent date: Thursday 9 May 2024 at 10:00

Sami and Pierre:
  What’s your comments for this patch? Is this a required bug fix or new 
feature?

Thanks
Liming
发件人: Attar, AbdulLateef (Abdul Lateef) 
发送时间: 2024年5月9日 16:39
收件人: gaoliming ; devel@edk2.groups.io
抄送: 'Pierre Gondois' ; 'Sami Mujawar' 

主题: Re: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: 
Adds integer to the AML package node


[AMD Official Use Only - General]

Hi Liming,
This patch provides an API to add integer value to AML package node.
Using this API user can create CXL device with two PNPID.
Without this API user has to rely on static ASL files.

This patch is required for platform who uses DynamicTablesPkg to generate ACPI 
tables based on this stable release.

Thanks
AbduL

From: gaoliming mailto:gaolim...@byosoft.com.cn>>
Sent: Thursday, May 9, 2024 1:10 PM
To: devel@edk2.groups.io 
mailto:devel@edk2.groups.io>>; Attar, AbdulLateef (Abdul 
Lateef) mailto:abdullateef.at...@amd.com>>
Cc: 'Pierre Gondois' mailto:pierre.gond...@arm.com>>; 
'Sami Mujawar' mailto:sami.muja...@arm.com>>
Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node

Caution: This message originated from an External Source. Use proper caution 
when opening attachments, clicking links, or responding.


Abdul:
  Can you give more information why this change is required for this stable
tag 202405?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 
> mailto:devel@edk2.groups.io>> 代表 Abdul Lateef
> Attar via groups.io
> 发送时间: 2024年5月9日 12:49
> 收件人: devel@edk2.groups.io
> 抄送: Abdul Lateef Attar 
> mailto:abdullateef.at...@amd.com>>; Pierre Gondois
> mailto:pierre.gond...@arm.com>>; Sami Mujawar 
> mailto:sami.muja...@arm.com>>
> 主题: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
> DynamicTablesPkg: Adds integer to the AML package node
>
> Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
> which adds an integer value to the package node.
>
> Cc: Pierre Gondois mailto:pierre.gond...@arm.com>>
> Cc: Sami Mujawar mailto:sami.muja...@arm.com>>
> Signed-off-by: Abdul Lateef Attar 
> mailto:abdullateef.at...@amd.com>>
> ---
>  .../Include/Library/AmlLib/AmlLib.h   | 41 +++-
>  .../Common/AmlLib/CodeGen/AmlCodeGen.c| 67
> +++
>  2 files changed, 107 insertions(+), 1 deletion(-)
>
> diff --git a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> index 82d5464084..4427ab68fa 100644
> --- a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> +++ b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> @@ -2,7 +2,7 @@
>AML Lib.
>
>Copyright (c) 2019 - 2023, Arm Limited. All rights reserved.
> -  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights
reserved.
> +  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights
> reserved.
>
>SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> @@ -1743,6 +1743,45 @@ AmlAddNameStringToNamedPackage (
>IN AML_OBJECT_NODE_HANDLE  NamedNode
>);
>
> +/** Add an 

Re: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: Adds integer to the AML package node

[Sami Mujawar]

Hi Liming,

> What’s your comments for this patch?
The patch was reviewed by Pierre at 
https://edk2.groups.io/g/devel/message/118589 before the feature freeze email 
was sent out.
Pierre had some minor recommendations that Abdul has addressed in the V2 patch. 
Ideally Pierre’s the r-b tag could have been carried forward.

> Is this a required bug fix or new feature?
This is adding a new feature by introducing a new API, and I think it should 
not impact the existing functionality as such.
So, by merging this patch the risk of breaking existing functionality seems to 
be low.

This patch looks good to me.
Reviewed-by: Sami Mujawar 

Regards,

Sami Mujawar


From:  on behalf of "gaoliming via groups.io" 

Reply to: "devel@edk2.groups.io" , 
"gaolim...@byosoft.com.cn" 
Date: Thursday 9 May 2024 at 10:01
To: "'Attar, AbdulLateef (Abdul Lateef)'" , 
"devel@edk2.groups.io" 
Cc: Pierre Gondois , Sami Mujawar 
, 'Leif Lindholm' , 'Andrew 
Fish' , 'Michael Kinney' 
Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node
Resent from: 
Resent date: Thursday 9 May 2024 at 10:00

Sami and Pierre:
  What’s your comments for this patch? Is this a required bug fix or new 
feature?

Thanks
Liming
发件人: Attar, AbdulLateef (Abdul Lateef) 
发送时间: 2024年5月9日 16:39
收件人: gaoliming ; devel@edk2.groups.io
抄送: 'Pierre Gondois' ; 'Sami Mujawar' 

主题: Re: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: 
Adds integer to the AML package node


[AMD Official Use Only - General]

Hi Liming,
This patch provides an API to add integer value to AML package node.
Using this API user can create CXL device with two PNPID.
Without this API user has to rely on static ASL files.

This patch is required for platform who uses DynamicTablesPkg to generate ACPI 
tables based on this stable release.

Thanks
AbduL

From: gaoliming mailto:gaolim...@byosoft.com.cn>>
Sent: Thursday, May 9, 2024 1:10 PM
To: devel@edk2.groups.io 
mailto:devel@edk2.groups.io>>; Attar, AbdulLateef (Abdul 
Lateef) mailto:abdullateef.at...@amd.com>>
Cc: 'Pierre Gondois' mailto:pierre.gond...@arm.com>>; 
'Sami Mujawar' mailto:sami.muja...@arm.com>>
Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node

Caution: This message originated from an External Source. Use proper caution 
when opening attachments, clicking links, or responding.


Abdul:
  Can you give more information why this change is required for this stable
tag 202405?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 
> mailto:devel@edk2.groups.io>> 代表 Abdul Lateef
> Attar via groups.io
> 发送时间: 2024年5月9日 12:49
> 收件人: devel@edk2.groups.io
> 抄送: Abdul Lateef Attar 
> mailto:abdullateef.at...@amd.com>>; Pierre Gondois
> mailto:pierre.gond...@arm.com>>; Sami Mujawar 
> mailto:sami.muja...@arm.com>>
> 主题: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
> DynamicTablesPkg: Adds integer to the AML package node
>
> Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
> which adds an integer value to the package node.
>
> Cc: Pierre Gondois mailto:pierre.gond...@arm.com>>
> Cc: Sami Mujawar mailto:sami.muja...@arm.com>>
> Signed-off-by: Abdul Lateef Attar 
> mailto:abdullateef.at...@amd.com>>
> ---
>  .../Include/Library/AmlLib/AmlLib.h   | 41 +++-
>  .../Common/AmlLib/CodeGen/AmlCodeGen.c| 67
> +++
>  2 files changed, 107 insertions(+), 1 deletion(-)
>
> diff --git a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> index 82d5464084..4427ab68fa 100644
> --- a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> +++ b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> @@ -2,7 +2,7 @@
>AML Lib.
>
>Copyright (c) 2019 - 2023, Arm Limited. All rights reserved.
> -  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights
reserved.
> +  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights
> reserved.
>
>SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> @@ -1743,6 +1743,45 @@ AmlAddNameStringToNamedPackage (
>IN AML_OBJECT_NODE_HANDLE  NamedNode
>);
>
> +/** Add an integer value to the named package node.
> +
> +  AmlCodeGenNamePackage ("_CID", NULL, );
> +  AmlGetEisaIdFromString ("PNP0A03", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +  AmlGetEisaIdFromString ("PNP0A08", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +
> +  equivalent of the following ASL code:
> +  Name (_CID, Package (0x02)  // _CID: Compatible ID
> +  {
> +  EisaId ("PNP0A03"),
> +  EisaId ("PNP0A08")
> +  })
> +
> +  The package is added at the tail of the list of the input package node
> +  name:
> +Name ("NamePackageNode", Package () {
> +  [Pre-existing package entries],
> +  [Newly 

回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[gaoliming via groups.io]

Doug:
  Is there any functionality impact by these two CVE fixes?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Doug Flick via
> groups.io
> 发送时间: 2024年5月9日 13:56
> 收件人: devel@edk2.groups.io
> 抄送: Liming Gao 
> 主题: [edk2-devel] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
> 
>
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-
edk-ii-
> ipv6-network-stack.html
> 
> This patch series patches the following CVEs:
> - CVE-2023-45236: Predictable TCP Initial Sequence Numbers
> - CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
> 
> In order to patch these CVEs, the following changes were made:
> - NetworkPkg no longer performs it's own random number generation,
>   instead it uses EFI_RNG_PROTOCOL provided by the plaform to
>   generate random numbers.
>   - This change was made such that any future random number
> generation vulnerabilities will be a result of the platforms
> implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg
> 
> - NetworkPkg uses the TCP initial sequence number algorithm as described
>   in RFC 6528 to generate the initial sequence number for TCP connections.
>   - This change was made to ensure that the initial sequence number
> is not predictable and therefore cannot be used in a TCP hijacking
> attack.
> 
> In addition to the above changes, the following changes were made:
> - EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
>   Hash2DxeCrypto driver to support TCP ISN generation using
>   EFI_HASH2_PROTOCOL
> 
> - EmulatorPkg was updated to include the
>   RngDxe driver to support random number generation using the
>   EFI_RNG_PROTOCOL
> 
> - OvmfPkg, and ArmVirtPkg were updated to include the
>   virtio-rng-pci device to support random number generation using the
>   EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver
> 
> - SecurityPkg was updated to fix an incorrect limitation on the
>   GetRng function in the RngDxe driver where the minimum amount of
>   random data that could be requested was 32 bytes (256 bits) instead
>   of what the caller requested
> 
> - MdePkg was updated to include MockUefiBootServicesTableLib,
>   MockRng, and MockHash2 protocols for testing
> 
> - NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
>   due to underlying changes
> 
> Cc: Liming Gao 
> 
> Signed-off-by: Doug Flick [MSFT] 
> 
> Doug Flick (13):
>   EmulatorPkg: : Add RngDxe to EmulatorPkg
>   EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
>   OvmfPkg:PlatformCI: Support virtio-rng-pci
>   OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
>   ArmVirtPkg:PlatformCI: Support virtio-rng-pci
>   ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
>   SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
>   NetworkPkg:: SECURITY PATCH CVE-2023-45237
>   NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
>   MdePkg: : Add MockUefiBootServicesTableLib
>   MdePkg: : Adds Protocol for MockRng
>   MdePkg: Add MockHash2 Protocol for testing
>   NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
> 
>  NetworkPkg/NetworkPkg.dec
> |   7 +
>  ArmVirtPkg/ArmVirtQemu.dsc
> |   5 +
>  ArmVirtPkg/ArmVirtQemuKernel.dsc
> |   5 +
>  EmulatorPkg/EmulatorPkg.dsc
> |  14 +-
>  MdePkg/Test/MdePkgHostTest.dsc
> |   1 +
>  NetworkPkg/Test/NetworkPkgHostTest.dsc
> |   1 +
>  OvmfPkg/OvmfPkgIa32.dsc
> |   6 +-
>  OvmfPkg/OvmfPkgIa32X64.dsc
> |   6 +-
>  OvmfPkg/OvmfPkgX64.dsc
> |   6 +-
>  OvmfPkg/OvmfXen.dsc
> |   5 +
>  EmulatorPkg/EmulatorPkg.fdf
> |  11 +-
>  OvmfPkg/OvmfPkgIa32.fdf
> |   5 +
>  OvmfPkg/OvmfPkgIa32X64.fdf
> |   5 +
>  OvmfPkg/OvmfPkgX64.fdf
> |   5 +
>  OvmfPkg/OvmfXen.fdf
> |   5 +
> 
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.inf |  32 +++
>  NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
> |  13 +-
>  NetworkPkg/TcpDxe/TcpDxe.inf
> |  11 +-
>  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
> |   3 +-
> 
> MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.
> h|  78 +++
>  MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
> |  67 ++
>  MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
> |  48 
>  NetworkPkg/IScsiDxe/IScsiMisc.h
> |   6 +-
>  NetworkPkg/Include/Library/NetLib.h
> |  40 +++-
>  NetworkPkg/Ip6Dxe/Ip6Nd.h
> |   8 +-
>  NetworkPkg/TcpDxe/TcpFunc.h
> |  23 +-
>  NetworkPkg/TcpDxe/TcpMain.h
> |  59 -
>  NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
> |  10 +-
>  NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
> |  11 +-
>  NetworkPkg/DnsDxe/DnsDhcp.c
> |  10 +-
>  NetworkPkg/DnsDxe/DnsImpl.c
> |  11 +-
>  NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
> |  10 +-
>  NetworkPkg/IScsiDxe/IScsiCHAP.c
> |  19 +-
>  NetworkPkg/IScsiDxe/IScsiMisc.c
> |  14 +-
>  NetworkPkg/Ip4Dxe/Ip4Driver.c
> |  10 +-
>  NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
> |   9 +-
>  NetworkPkg/Ip6Dxe/Ip6Driver.c
> |  17 +-
>  NetworkPkg/Ip6Dxe/Ip6If.c
> |  12 +-
>  

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Wenxing Hou]

Hi Liming,
Thanks for your suggestion.


Hi all,
The current Patch Set status is:
This patch set was submitted before soft feature freeze. 
It passed code review after soft feature freeze starts.
And the Patch set is: Acked-by: Jiewen Yao 
 Reviewed-by: Yi Li 

We want to catch this 202405 stable tag.
If anyone have feedback, please let me know.

Thanks,
Wenxing

-Original Message-
From: devel@edk2.groups.io  On Behalf Of gaoliming via 
groups.io
Sent: Thursday, May 9, 2024 4:59 PM
To: devel@edk2.groups.io; Li, Yi1 ; Hou, Wenxing 

Cc: Yao, Jiewen 
Subject: 回复: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

Seemly, this change is new feature to add more crypt APIs based on Mbedtls.

This patch set was submitted before soft feature freeze. But, it passed code 
review after soft feature freeze starts. 

Based on current rule, this patch set is not allowed to be merged for this 
stable tag 202405. 

If you want to catch this stable tag, please raise this requirement to the mail 
list and collect the feedback. 

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Li, Yi
> 发送时间: 2024年5月9日 16:33
> 收件人: Hou, Wenxing ; gaoliming 
> ; devel@edk2.groups.io
> 抄送: Yao, Jiewen 
> 主题: Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on
Mbedtls
> 
> This patch set was submitted before soft freeze and will not affect 
> other
existed
> codes, I am OK to merge it.
> 
> Hi Liming,
> 
> Do you have any comments?  I will merge it if no objections.
> 
> Thanks,
> Yi
> 
> -Original Message-
> From: Hou, Wenxing 
> Sent: Thursday, May 9, 2024 4:29 PM
> To: Li, Yi1 ; devel@edk2.groups.io
> Cc: Yao, Jiewen ; gaoliming 
> 
> Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> Hi,
> 
> Thanks for your feedback.
> The new PR is: https://github.com/tianocore/edk2/pull/5645
> 
> Could Li Yi help me merge the PR?
> 
> Thanks,
> Wenxing
> 
> -Original Message-
> From: Li, Yi1 
> Sent: Thursday, May 9, 2024 2:54 PM
> To: Hou, Wenxing ; devel@edk2.groups.io
> Cc: Yao, Jiewen 
> Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> For this patch set:
> 
> Looks good to me.
> Reviewed-by: Yi Li 
> 
> 
> -Original Message-
> From: Hou, Wenxing 
> Sent: Thursday, May 9, 2024 2:27 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Li, Yi1 
> Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
> 
> Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
> RSA/PKCS5/pKCS7/Authenticode/Timestamp
> implementation based on Mbedtls.
> 
> The patch has passed the EDKII CI check:
> https://github.com/tianocore/edk2/pull/5552
> 
> And the patch has passed unit_test in EDKII and integration test for
platform.
> And the patch hass passed the fuzz test:
> https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d
> 4
> 68a184530b6ab89128
> 
> v2 changes:
>  - Fix format variable name/hardcode number issue;
>  - Fix Pkcs7 memory leak;
> 
> v3 changes:
>  - Fix some issues form reviewer;
>  - Add SHA3/SM3 implementation;
>  - Update *.inf files;
> 
> Cc: Jiewen Yao 
> Cc: Yi Li 
> Signed-off-by: Wenxing Hou 
> 
> Wenxing Hou (11):
>   CryptoPkg: Add AeadAesGcm based on Mbedtls
>   CryptoPkg: Add rand function for BaseCryptLibMbedTls
>   CryptoPkg: Add Pem APIs based on Mbedtls
>   CryptoPkg: Add X509 functions based on Mbedtls
>   CryptoPkg: Add Pkcs7 related functions based on Mbedtls
>   CryptoPkg: Add Pkcs5 functions based on Mbedtls
>   CryptoPkg: Add more RSA related functions based on Mbedtls
>   CryptoPkg: Add AuthenticodeVerify based on Mbedtls
>   CryptoPkg: Add ImageTimestampVerify based on Mbedtls
>   CryptoPkg: Update *.inf in BaseCryptLibMbedTls
>   Add SHA3/SM3 functions with openssl for Mbedtls
> 
>  CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
>  .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
>  .../Cipher/CryptAeadAesGcm.c  |  227 ++
>  .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
>  .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
>  .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
>  .../Pk/CryptAuthenticode.c|  214 ++
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
>  .../Pk/CryptPkcs7Internal.h   |   29 +-
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
>  .../Pk/CryptPkcs7VerifyBase.c |  113 +
>  .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
>  .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
>  .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
>  .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140
> ++  .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
>  .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940
> +
>  

回复: 回复：[Internet]Re: [edk2-devel] [PATCH] Added support for ACPI related data structures for RISC_V64 platform

[gaoliming via groups.io]

MdePkg includes the definitions from the public specification. 

Those definitions are the implement related definition. So, they should be 
added into RISC-V platform package instead of MdePkg.

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Sunil V L
> 发送时间: 2024年5月9日 16:36
> 收件人: dylanlhdu(杜林恒) 
> 抄送: devel ; gaoliming 
> 主题: Re: 回复：[Internet]Re: [edk2-devel] [PATCH] Added support for ACPI
> related data structures for RISC_V64 platform
> 
> On Mon, May 06, 2024 at 10:54:45AM +0800, dylanlhdu(杜林恒) wrote:
> > Hi Sunil,
> >
> >
> >
> > We mainly want to use UEFI+ACPI mode to start RISCV64 server. However,
> during the development process, we found that ACPI(6.5) in the current version
> of UEFI does not support riscv for the time being. In order to solve this 
> problem,
> We refer to the upstream RISC-V ACPI platform specification provided by 
> Ventana
> to implement RISC-V ACPI support, so adding this header file can make ACPI
> support RISCV architecture until the new version of ACPI specification 
> supports
> RISCV architecture.
> >
> Understood. But adding as 6_5* doesn't make sense.
> 
> I will let maintainers of MdePkg to comment. I don't know
> whether they can accept approved ECRs but not yet released spec.
> 
> Thanks,
> Sunil
> 
> >
> >
> >
> >
> >
> >
> > Thanks
> >
> >
> >
> >
> > 发自我的企业微信
> >
> >
> >
> >
> >
> >  --回复的邮件信息--
> >Sunil V L 20:02 写道：
> >
> > Hi Lingheng Du,
> >
> > What is the use of adding this header file and how did you create it? I
> > think EDK2 needs ACPI spec to be released to get these definitions
> > added. Also, these are not part of 6.5 and hence names like
> > EFI_ACPI_6_5* are incorrect. So, it will be helpful if you add some
> > commit message why do we need this header.
> >
> > Thanks,
> > Sunil
> > On Mon, Apr 29, 2024 at 05:53:55PM +0800, gaoliming via groups.io wrote:
> >  From: dylanlhdu  > 
> >  Signed-off-by:
> Lingheng Du  >  Reviewed-by:
> Song Huang  >  Reviewed-by:
> Bing Fan  >  ---
> >  .../Include/IndustryStandard/AcpiRiscv64.h |
> 176 ++
> >  1 file changed, 176 insertions(+)
> >  create mode 100644
> edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h
> > 
> >  diff --git a/edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h
> b/edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h
> >  new file mode 100644
> >  index ..4111b3ea
> >  --- /dev/null
> >  +++ b/edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h
> >  @@ -0,0 +1,176 @@
> >  +/** @file
> >  + RISCV64 platform ACPI related support April, 2022.
> >  +
> >  + SPDX-License-Identifier: BSD-2-Clause-Patent
> >  +**/
> >  +
> >  +#ifndef ACPI_RISCV64_H_
> >  +#define ACPI_RISCV64_H_
> >  +
> >  +//
> >  +// Ensure proper structure formats
> >  +//
> >  +#pragma pack(1)
> >  +
> >  +///
> >  +/// RISC-V Interrupt Type
> >  +///
> >  +#define EFI_ACPI_6_5_INC_RINTC_TYPE 0x18
> >  +#define EFI_ACPI_6_5_INC_IMSIC_TYPE 0x19
> >  +#define EFI_ACPI_6_5_INC_APLIC_TYPE 0x1A
> >  +#define EFI_ACPI_6_5_INC_PLIC_TYPE 0x1B
> >  +
> >  +///
> >  +/// RISC-V Interrupt Controller (RINTC)
> >  +///
> >  +typedef struct {
> >  + UINT8 Type;
> >  + UINT8 Length;
> >  + UINT8 Version;
> >  + UINT8 Reserved;
> >  + UINT32 Flags;
> >  + UINT64 HartId;
> >  + UINT32 Uid;
> >  + UINT32 ExtIntcId;
> >  + UINT64 ImsicAddr;
> >  + UINT32 ImsicSize;
> >  +} EFI_ACPI_6_5_INC_RINTC_STRUCTURE;
> >  +
> >  +///
> >  +/// Incoming MSI Controller (IMSIC)
> >  +///
> >  +typedef struct {
> >  + UINT8 Type;
> >  + UINT8 Length;
> >  + UINT8 Version;
> >  + UINT8 Reserved;
> >  + UINT32 Flags;
> >  + UINT16 NumIds;
> >  + UINT16 NumGuestIds;
> >  + UINT8 GuestIndexBits;
> >  + UINT8 HartIndexBits;
> >  + UINT8 GroupIndexBits;
> >  + UINT8 GroupIndexShift;
> >  +} EFI_ACPI_6_5_INC_IMSIC_STRUCTURE;
> >  +
> >  +///
> >  +/// RISC-V Advanced Platform Level Interrupt Controller (APLIC)
> >  +///
> >  +typedef struct {
> >  + UINT8 Type;
> >  + UINT8 Length;
> >  + UINT8 Version;
> >  + UINT8 AplicId;
> >  + UINT32 Flags;
> >  + UINT8 HW_ID[8];
> >  + UINT16 NumIdc;
> >  + UINT16 ExternSoureceSupport;
> >  + UINT32 GSysInterruptBase;
> >  + UINT64 AplicAddress;
> >  + UINT32 AplicSize;
> >  +} EFI_ACPI_6_5_INC_APLIC_STRUCTURE;
> >  +
> >  +///
> >  +/// RISC-V Platform Level Interrupt Controller (PLIC)
> >  +///
> >  +typedef struct {
> >  + UINT8 Type;
> >  + UINT8 Length;
> >  + UINT8 Version;
> >  + UINT8 PlicId;
> >  + UINT8 HwId[8];
> >  + UINT16 NumIrqs;
> >  + UINT16 MaxPrio;
> >  + UINT32 Flags;
> >  + UINT32 PlicSize;
> >  + UINT64 PlicAddress;
> >  + UINT32 GsiBase;
> >  +} EFI_ACPI_6_5_INC_PLIC_STRUCTURE;
> >  +
> >  +///
> >  +/// RISC-V Hart Capabilities Table (RHCT)
> >  +///
> >  +typedef struct {
> >  + EFI_ACPI_DESCRIPTION_HEADER Header;
> >  +} EFI_ACPI_6_5_PROCESSOR_PROPERTIES_TOPOLOGY_TABLE_HEADER;
> >  +
> >  +///
> >  +/// RHCT Revision
> >  +///
> >  +#define
> EFI_ACPI_6_5_RHCT_APIC_DESCRIPTION_TABLE_REVISION 0x05
> >  +
> >  +///
> >  

回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: Adds integer to the AML package node

[gaoliming via groups.io]

Sami and Pierre:

  What’s your comments for this patch? Is this a required bug fix or new
feature?

 

Thanks

Liming

发件人: Attar, AbdulLateef (Abdul Lateef)  
发送时间: 2024年5月9日 16:39
收件人: gaoliming ; devel@edk2.groups.io
抄送: 'Pierre Gondois' ; 'Sami Mujawar'

主题: Re: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
DynamicTablesPkg: Adds integer to the AML package node

 

[AMD Official Use Only - General]

 

Hi Liming,

This patch provides an API to add integer value to AML package node.

Using this API user can create CXL device with two PNPID.

Without this API user has to rely on static ASL files.

 

This patch is required for platform who uses DynamicTablesPkg to generate
ACPI tables based on this stable release.

 

Thanks

AbduL

  _  

From: gaoliming mailto:gaolim...@byosoft.com.cn>
>
Sent: Thursday, May 9, 2024 1:10 PM
To: devel@edk2.groups.io 
mailto:devel@edk2.groups.io> >; Attar, AbdulLateef
(Abdul Lateef) mailto:abdullateef.at...@amd.com>
>
Cc: 'Pierre Gondois' mailto:pierre.gond...@arm.com>
>; 'Sami Mujawar' mailto:sami.muja...@arm.com> >
Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
DynamicTablesPkg: Adds integer to the AML package node 

 

Caution: This message originated from an External Source. Use proper caution
when opening attachments, clicking links, or responding.


Abdul:
  Can you give more information why this change is required for this stable
tag 202405?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 
mailto:devel@edk2.groups.io> > 代表 Abdul Lateef
> Attar via groups.io
> 发送时间: 2024年5月9日 12:49
> 收件人: devel@edk2.groups.io  
> 抄送: Abdul Lateef Attar mailto:abdullateef.at...@amd.com> >; Pierre Gondois
> mailto:pierre.gond...@arm.com> >; Sami Mujawar
mailto:sami.muja...@arm.com> >
> 主题: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
> DynamicTablesPkg: Adds integer to the AML package node
>
> Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
> which adds an integer value to the package node.
>
> Cc: Pierre Gondois mailto:pierre.gond...@arm.com>
>
> Cc: Sami Mujawar mailto:sami.muja...@arm.com> >
> Signed-off-by: Abdul Lateef Attar mailto:abdullateef.at...@amd.com> >
> ---
>  .../Include/Library/AmlLib/AmlLib.h   | 41 +++-
>  .../Common/AmlLib/CodeGen/AmlCodeGen.c| 67
> +++
>  2 files changed, 107 insertions(+), 1 deletion(-)
>
> diff --git a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> index 82d5464084..4427ab68fa 100644
> --- a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> +++ b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> @@ -2,7 +2,7 @@
>AML Lib.
>
>Copyright (c) 2019 - 2023, Arm Limited. All rights reserved.
> -  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights
reserved.
> +  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights
> reserved.
>
>SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> @@ -1743,6 +1743,45 @@ AmlAddNameStringToNamedPackage (
>IN AML_OBJECT_NODE_HANDLE  NamedNode
>);
>
> +/** Add an integer value to the named package node.
> +
> +  AmlCodeGenNamePackage ("_CID", NULL, );
> +  AmlGetEisaIdFromString ("PNP0A03", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +  AmlGetEisaIdFromString ("PNP0A08", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +
> +  equivalent of the following ASL code:
> +  Name (_CID, Package (0x02)  // _CID: Compatible ID
> +  {
> +  EisaId ("PNP0A03"),
> +  EisaId ("PNP0A08")
> +  })
> +
> +  The package is added at the tail of the list of the input package node
> +  name:
> +Name ("NamePackageNode", Package () {
> +  [Pre-existing package entries],
> +  [Newly created integer entry]
> +})
> +
> +
> +  @ingroup CodeGenApis
> +
> +  @param [in]   Integer   Integer value that need to be added to
> package node.
> +  @param [in, out]  NameNode  Package named node to add the object
> to.
> +
> +  @retval EFI_SUCCESS Success.
> +  @retval EFI_INVALID_PARAMETER   Invalid parameter.
> +  @retval Others  Error occurred during the operation.
> +**/
> +EFI_STATUS
> +EFIAPI
> +AmlAddIntegerToNamedPackage (
> +  INUINT32  Integer,
> +  IN  OUT   AML_OBJECT_NODE_HANDLE  NameNode
> +  );
> +
>  /** AML code generation to invoke/call another method.
>
>This method is a subset implementation of MethodInvocation
> diff --git a/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> b/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> index 22c2d598d0..89fa4e06f8 100644
> --- a/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> +++ b/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> @@ -3871,6 +3871,73 @@ exit_handler:
>return Status;
>  }
>
> +/** Add an integer value to the named package node.

回复: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[gaoliming via groups.io]

Seemly, this change is new feature to add more crypt APIs based on Mbedtls.

This patch set was submitted before soft feature freeze. But, it passed code
review after soft feature freeze starts. 

Based on current rule, this patch set is not allowed to be merged for this
stable tag 202405. 

If you want to catch this stable tag, please raise this requirement to the
mail list and collect the feedback. 

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Li, Yi
> 发送时间: 2024年5月9日 16:33
> 收件人: Hou, Wenxing ; gaoliming
> ; devel@edk2.groups.io
> 抄送: Yao, Jiewen 
> 主题: Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on
Mbedtls
> 
> This patch set was submitted before soft freeze and will not affect other
existed
> codes, I am OK to merge it.
> 
> Hi Liming,
> 
> Do you have any comments?  I will merge it if no objections.
> 
> Thanks,
> Yi
> 
> -Original Message-
> From: Hou, Wenxing 
> Sent: Thursday, May 9, 2024 4:29 PM
> To: Li, Yi1 ; devel@edk2.groups.io
> Cc: Yao, Jiewen ; gaoliming
> 
> Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> Hi,
> 
> Thanks for your feedback.
> The new PR is: https://github.com/tianocore/edk2/pull/5645
> 
> Could Li Yi help me merge the PR?
> 
> Thanks,
> Wenxing
> 
> -Original Message-
> From: Li, Yi1 
> Sent: Thursday, May 9, 2024 2:54 PM
> To: Hou, Wenxing ; devel@edk2.groups.io
> Cc: Yao, Jiewen 
> Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> For this patch set:
> 
> Looks good to me.
> Reviewed-by: Yi Li 
> 
> 
> -Original Message-
> From: Hou, Wenxing 
> Sent: Thursday, May 9, 2024 2:27 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Li, Yi1 
> Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
> 
> Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More
> RSA/PKCS5/pKCS7/Authenticode/Timestamp
> implementation based on Mbedtls.
> 
> The patch has passed the EDKII CI check:
> https://github.com/tianocore/edk2/pull/5552
> 
> And the patch has passed unit_test in EDKII and integration test for
platform.
> And the patch hass passed the fuzz test:
> https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d4
> 68a184530b6ab89128
> 
> v2 changes:
>  - Fix format variable name/hardcode number issue;
>  - Fix Pkcs7 memory leak;
> 
> v3 changes:
>  - Fix some issues form reviewer;
>  - Add SHA3/SM3 implementation;
>  - Update *.inf files;
> 
> Cc: Jiewen Yao 
> Cc: Yi Li 
> Signed-off-by: Wenxing Hou 
> 
> Wenxing Hou (11):
>   CryptoPkg: Add AeadAesGcm based on Mbedtls
>   CryptoPkg: Add rand function for BaseCryptLibMbedTls
>   CryptoPkg: Add Pem APIs based on Mbedtls
>   CryptoPkg: Add X509 functions based on Mbedtls
>   CryptoPkg: Add Pkcs7 related functions based on Mbedtls
>   CryptoPkg: Add Pkcs5 functions based on Mbedtls
>   CryptoPkg: Add more RSA related functions based on Mbedtls
>   CryptoPkg: Add AuthenticodeVerify based on Mbedtls
>   CryptoPkg: Add ImageTimestampVerify based on Mbedtls
>   CryptoPkg: Update *.inf in BaseCryptLibMbedTls
>   Add SHA3/SM3 functions with openssl for Mbedtls
> 
>  CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
>  .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
>  .../Cipher/CryptAeadAesGcm.c  |  227 ++
>  .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
>  .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
>  .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
>  .../Pk/CryptAuthenticode.c|  214 ++
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
>  .../Pk/CryptPkcs7Internal.h   |   29 +-
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
>  .../Pk/CryptPkcs7VerifyBase.c |  113 +
>  .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
>  .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
>  .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
>  .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140
> ++  .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
>  .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940
> +
>  .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
>  .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
>  .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
>  .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
>  .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
>  CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
>  .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
>  25 files changed, 6973 insertions(+), 85 deletions(-)  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
>  create mode 100644
> 

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Yao, Jiewen]

Acked-by: Jiewen Yao 

> -Original Message-
> From: Li, Yi1 
> Sent: Thursday, May 9, 2024 4:33 PM
> To: Hou, Wenxing ; gaoliming
> ; devel@edk2.groups.io
> Cc: Yao, Jiewen 
> Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> This patch set was submitted before soft freeze and will not affect other 
> existed
> codes, I am OK to merge it.
> 
> Hi Liming,
> 
> Do you have any comments?  I will merge it if no objections.
> 
> Thanks,
> Yi
> 
> -Original Message-
> From: Hou, Wenxing 
> Sent: Thursday, May 9, 2024 4:29 PM
> To: Li, Yi1 ; devel@edk2.groups.io
> Cc: Yao, Jiewen ; gaoliming
> 
> Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> Hi,
> 
> Thanks for your feedback.
> The new PR is: https://github.com/tianocore/edk2/pull/5645
> 
> Could Li Yi help me merge the PR?
> 
> Thanks,
> Wenxing
> 
> -Original Message-
> From: Li, Yi1 
> Sent: Thursday, May 9, 2024 2:54 PM
> To: Hou, Wenxing ; devel@edk2.groups.io
> Cc: Yao, Jiewen 
> Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> For this patch set:
> 
> Looks good to me.
> Reviewed-by: Yi Li 
> 
> 
> -Original Message-
> From: Hou, Wenxing 
> Sent: Thursday, May 9, 2024 2:27 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Li, Yi1 
> Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177
> 
> Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More
> RSA/PKCS5/pKCS7/Authenticode/Timestamp
> implementation based on Mbedtls.
> 
> The patch has passed the EDKII CI check:
> https://github.com/tianocore/edk2/pull/5552
> 
> And the patch has passed unit_test in EDKII and integration test for platform.
> And the patch hass passed the fuzz test:
> https://github.com/tianocore/edk2-
> staging/commit/4f19398053c92e4f7791d468a184530b6ab89128
> 
> v2 changes:
>  - Fix format variable name/hardcode number issue;
>  - Fix Pkcs7 memory leak;
> 
> v3 changes:
>  - Fix some issues form reviewer;
>  - Add SHA3/SM3 implementation;
>  - Update *.inf files;
> 
> Cc: Jiewen Yao 
> Cc: Yi Li 
> Signed-off-by: Wenxing Hou 
> 
> Wenxing Hou (11):
>   CryptoPkg: Add AeadAesGcm based on Mbedtls
>   CryptoPkg: Add rand function for BaseCryptLibMbedTls
>   CryptoPkg: Add Pem APIs based on Mbedtls
>   CryptoPkg: Add X509 functions based on Mbedtls
>   CryptoPkg: Add Pkcs7 related functions based on Mbedtls
>   CryptoPkg: Add Pkcs5 functions based on Mbedtls
>   CryptoPkg: Add more RSA related functions based on Mbedtls
>   CryptoPkg: Add AuthenticodeVerify based on Mbedtls
>   CryptoPkg: Add ImageTimestampVerify based on Mbedtls
>   CryptoPkg: Update *.inf in BaseCryptLibMbedTls
>   Add SHA3/SM3 functions with openssl for Mbedtls
> 
>  CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
>  .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
>  .../Cipher/CryptAeadAesGcm.c  |  227 ++
>  .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
>  .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
>  .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
>  .../Pk/CryptAuthenticode.c|  214 ++
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
>  .../Pk/CryptPkcs7Internal.h   |   29 +-
>  .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
>  .../Pk/CryptPkcs7VerifyBase.c |  113 +
>  .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
>  .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
>  .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
>  .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140
> ++  .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
>  .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
>  .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
>  .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
>  .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
>  .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
>  .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
>  CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
>  .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
>  25 files changed, 6973 insertions(+), 85 deletions(-)  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
>  create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
>  create mode 100644
> CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
>  

Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Ard Biesheuvel]

Apologies, I meant this as a reply to the ArmVirtPkg change, not the OVMF one.

On Thu, 9 May 2024 at 10:45, Ard Biesheuvel  wrote:
>
> So this patch is necessary as otherwise, QEMU fails to boot due to a
> missing source of randomness in the network drivers, right?
>
> Does this imply that all QEMU deployments that rely on the bundled
> firmware images (e.g., for micro-VMs and container use cases) will now
> fail to boot if the pre-existing QEMU launch script happens to omit
> the virtio-rng device?
>
> If so, we absolutely need a fallback here - RngDxe based on TRNG (for
> KVM use cases) as well as RNDR (for TCG with CPU max). This may still
> break some deployments, but the vast majority should be covered.
>
> RNDR raises another interesting problem, by the way - the ARM arch
> spec requires RNDR to be backed by an appropriate DRBG that complies
> with the NIST spec but it does not specify which one. IOW, it is
> backed by a DRBG not by a raw entropy source, but specifying which
> DRBG (by GUID) is not generally feasible, as the guest VM firmware
> cannot interrogate the host about which DRBG is behind RNDR.
>
> TL;DR there are a couple of loose ends here, and so rushing it through
> doesn't seem wise imho. I'd rather leave ARM behind with these CVE
> fixes than break many different use cases in different ways.
>
>
>
> On Thu, 9 May 2024 at 07:56, Doug Flick  wrote:
> >
> > This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
> > This adds Rng services to the guest VM
> >
> > Cc: Ard Biesheuvel 
> > Cc: Jiewen Yao 
> > Cc: Gerd Hoffmann 
> >
> > Signed-off-by: Doug Flick [MSFT] 
> > ---
> >  OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py 
> > b/OvmfPkg/PlatformCI/PlatformBuildLib.py
> > index 00d454954bff..3fe80f5c1caa 100644
> > --- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
> > +++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
> > @@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, 
> > BuildSettingsManager):
> >  args += " -net none"   
> >  # turn off network
> >  args += " -smp 4"
> >  args += f" -drive 
> > file=fat:rw:{VirtualDrive},format=raw,media=disk" # Mount disk with 
> > startup.nsh
> > +# Provides Rng services to the Guest VM
> > +args += " -device virtio-rng-pci"
> >
> >  if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
> >  args += " -display none"  # no graphics
> > --
> > 2.34.1
> >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118754): https://edk2.groups.io/g/devel/message/118754
Mute This Topic: https://groups.io/mt/105996580/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Ard Biesheuvel]

So this patch is necessary as otherwise, QEMU fails to boot due to a
missing source of randomness in the network drivers, right?

Does this imply that all QEMU deployments that rely on the bundled
firmware images (e.g., for micro-VMs and container use cases) will now
fail to boot if the pre-existing QEMU launch script happens to omit
the virtio-rng device?

If so, we absolutely need a fallback here - RngDxe based on TRNG (for
KVM use cases) as well as RNDR (for TCG with CPU max). This may still
break some deployments, but the vast majority should be covered.

RNDR raises another interesting problem, by the way - the ARM arch
spec requires RNDR to be backed by an appropriate DRBG that complies
with the NIST spec but it does not specify which one. IOW, it is
backed by a DRBG not by a raw entropy source, but specifying which
DRBG (by GUID) is not generally feasible, as the guest VM firmware
cannot interrogate the host about which DRBG is behind RNDR.

TL;DR there are a couple of loose ends here, and so rushing it through
doesn't seem wise imho. I'd rather leave ARM behind with these CVE
fixes than break many different use cases in different ways.



On Thu, 9 May 2024 at 07:56, Doug Flick  wrote:
>
> This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
> This adds Rng services to the guest VM
>
> Cc: Ard Biesheuvel 
> Cc: Jiewen Yao 
> Cc: Gerd Hoffmann 
>
> Signed-off-by: Doug Flick [MSFT] 
> ---
>  OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py 
> b/OvmfPkg/PlatformCI/PlatformBuildLib.py
> index 00d454954bff..3fe80f5c1caa 100644
> --- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
> +++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
> @@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager):
>  args += " -net none"
> # turn off network
>  args += " -smp 4"
>  args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" 
> # Mount disk with startup.nsh
> +# Provides Rng services to the Guest VM
> +args += " -device virtio-rng-pci"
>
>  if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
>  args += " -display none"  # no graphics
> --
> 2.34.1
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118753): https://edk2.groups.io/g/devel/message/118753
Mute This Topic: https://groups.io/mt/105996580/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: Adds integer to the AML package node

[Abdul Lateef Attar via groups.io]

[AMD Official Use Only - General]

Hi Liming,
This patch provides an API to add integer value to AML package node.
Using this API user can create CXL device with two PNPID.
Without this API user has to rely on static ASL files.

This patch is required for platform who uses DynamicTablesPkg to generate ACPI 
tables based on this stable release.

Thanks
AbduL

From: gaoliming 
Sent: Thursday, May 9, 2024 1:10 PM
To: devel@edk2.groups.io ; Attar, AbdulLateef (Abdul 
Lateef) 
Cc: 'Pierre Gondois' ; 'Sami Mujawar' 

Subject: 回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] 
DynamicTablesPkg: Adds integer to the AML package node

Caution: This message originated from an External Source. Use proper caution 
when opening attachments, clicking links, or responding.


Abdul:
  Can you give more information why this change is required for this stable
tag 202405?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Abdul Lateef
> Attar via groups.io
> 发送时间: 2024年5月9日 12:49
> 收件人: devel@edk2.groups.io
> 抄送: Abdul Lateef Attar ; Pierre Gondois
> ; Sami Mujawar 
> 主题: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
> DynamicTablesPkg: Adds integer to the AML package node
>
> Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
> which adds an integer value to the package node.
>
> Cc: Pierre Gondois 
> Cc: Sami Mujawar 
> Signed-off-by: Abdul Lateef Attar 
> ---
>  .../Include/Library/AmlLib/AmlLib.h   | 41 +++-
>  .../Common/AmlLib/CodeGen/AmlCodeGen.c| 67
> +++
>  2 files changed, 107 insertions(+), 1 deletion(-)
>
> diff --git a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> index 82d5464084..4427ab68fa 100644
> --- a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> +++ b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> @@ -2,7 +2,7 @@
>AML Lib.
>
>Copyright (c) 2019 - 2023, Arm Limited. All rights reserved.
> -  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights
reserved.
> +  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights
> reserved.
>
>SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> @@ -1743,6 +1743,45 @@ AmlAddNameStringToNamedPackage (
>IN AML_OBJECT_NODE_HANDLE  NamedNode
>);
>
> +/** Add an integer value to the named package node.
> +
> +  AmlCodeGenNamePackage ("_CID", NULL, );
> +  AmlGetEisaIdFromString ("PNP0A03", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +  AmlGetEisaIdFromString ("PNP0A08", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +
> +  equivalent of the following ASL code:
> +  Name (_CID, Package (0x02)  // _CID: Compatible ID
> +  {
> +  EisaId ("PNP0A03"),
> +  EisaId ("PNP0A08")
> +  })
> +
> +  The package is added at the tail of the list of the input package node
> +  name:
> +Name ("NamePackageNode", Package () {
> +  [Pre-existing package entries],
> +  [Newly created integer entry]
> +})
> +
> +
> +  @ingroup CodeGenApis
> +
> +  @param [in]   Integer   Integer value that need to be added to
> package node.
> +  @param [in, out]  NameNode  Package named node to add the object
> to.
> +
> +  @retval EFI_SUCCESS Success.
> +  @retval EFI_INVALID_PARAMETER   Invalid parameter.
> +  @retval Others  Error occurred during the operation.
> +**/
> +EFI_STATUS
> +EFIAPI
> +AmlAddIntegerToNamedPackage (
> +  INUINT32  Integer,
> +  IN  OUT   AML_OBJECT_NODE_HANDLE  NameNode
> +  );
> +
>  /** AML code generation to invoke/call another method.
>
>This method is a subset implementation of MethodInvocation
> diff --git a/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> b/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> index 22c2d598d0..89fa4e06f8 100644
> --- a/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> +++ b/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> @@ -3871,6 +3871,73 @@ exit_handler:
>return Status;
>  }
>
> +/** Add an integer value to the named package node.
> +
> +  AmlCodeGenNamePackage ("_CID", NULL, );
> +  AmlGetEisaIdFromString ("PNP0A03", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +  AmlGetEisaIdFromString ("PNP0A08", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +
> +  equivalent of the following ASL code:
> +  Name (_CID, Package (0x02)  // _CID: Compatible ID
> +  {
> +  EisaId ("PNP0A03"),
> +  EisaId ("PNP0A08")
> +  })
> +
> +  The package is added at the tail of the list of the input package node
> +  name:
> +Name ("NamePackageNode", Package () {
> +  [Pre-existing package entries],
> +  [Newly created integer entry]
> +})
> +
> +
> +  @ingroup CodeGenApis
> +
> +  @param [in]   Integer   Integer value that need to be added to
> package node.
> +  @param [in, out]  NameNode  Package named node to add the object

Re: 回复：[Internet]Re: [edk2-devel] [PATCH] Added support for ACPI related data structures for RISC_V64 platform

[Sunil V L]

On Mon, May 06, 2024 at 10:54:45AM +0800, dylanlhdu(杜林恒) wrote:
> Hi Sunil,
> 
> 
> 
> We mainly want to use UEFI+ACPI mode to start RISCV64 server. However, during 
> the development process, we found that ACPI(6.5) in the current version of 
> UEFI does not support riscv for the time being. In order to solve this 
> problem, We refer to the upstream RISC-V ACPI platform specification provided 
> by Ventana to implement RISC-V ACPI support, so adding this header file can 
> make ACPI support RISCV architecture until the new version of ACPI 
> specification supports RISCV architecture.
> 
Understood. But adding as 6_5* doesn't make sense.

I will let maintainers of MdePkg to comment. I don't know
whether they can accept approved ECRs but not yet released spec.

Thanks,
Sunil

> 
> 
> 
> 
> 
> 
> Thanks
> 
> 
> 
> 
> 发自我的企业微信
> 
> 
> 
> 
> 
>  --回复的邮件信息--
>Sunil V L 
> Hi Lingheng Du,
> 
> What is the use of adding this header file and how did you create it? I
> think EDK2 needs ACPI spec to be released to get these definitions
> added. Also, these are not part of 6.5 and hence names like
> EFI_ACPI_6_5* are incorrect. So, it will be helpful if you add some
> commit message why do we need this header.
> 
> Thanks,
> Sunil
> On Mon, Apr 29, 2024 at 05:53:55PM +0800, gaoliming via groups.io wrote:
>  From: dylanlhdu   
>  Signed-off-by: Lingheng 
> Du   Reviewed-by: Song 
> Huang   Reviewed-by: Bing Fan 
>   ---
>  .../Include/IndustryStandard/AcpiRiscv64.h | 176 
> ++
>  1 file changed, 176 insertions(+)
>  create mode 100644 
> edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h
>  
>  diff --git a/edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h 
> b/edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h
>  new file mode 100644
>  index ..4111b3ea
>  --- /dev/null
>  +++ b/edk2/MdePkg/Include/IndustryStandard/AcpiRiscv64.h
>  @@ -0,0 +1,176 @@
>  +/** @file
>  + RISCV64 platform ACPI related support April, 2022.
>  +
>  + SPDX-License-Identifier: BSD-2-Clause-Patent
>  +**/
>  +
>  +#ifndef ACPI_RISCV64_H_
>  +#define ACPI_RISCV64_H_
>  +
>  +//
>  +// Ensure proper structure formats
>  +//
>  +#pragma pack(1)
>  +
>  +///
>  +/// RISC-V Interrupt Type
>  +///
>  +#define EFI_ACPI_6_5_INC_RINTC_TYPE 0x18
>  +#define EFI_ACPI_6_5_INC_IMSIC_TYPE 0x19
>  +#define EFI_ACPI_6_5_INC_APLIC_TYPE 0x1A
>  +#define EFI_ACPI_6_5_INC_PLIC_TYPE 0x1B
>  +
>  +///
>  +/// RISC-V Interrupt Controller (RINTC)
>  +///
>  +typedef struct {
>  + UINT8 Type;
>  + UINT8 Length;
>  + UINT8 Version;
>  + UINT8 Reserved;
>  + UINT32 Flags;
>  + UINT64 HartId;
>  + UINT32 Uid;
>  + UINT32 ExtIntcId;
>  + UINT64 ImsicAddr;
>  + UINT32 ImsicSize;
>  +} EFI_ACPI_6_5_INC_RINTC_STRUCTURE;
>  +
>  +///
>  +/// Incoming MSI Controller (IMSIC)
>  +///
>  +typedef struct {
>  + UINT8 Type;
>  + UINT8 Length;
>  + UINT8 Version;
>  + UINT8 Reserved;
>  + UINT32 Flags;
>  + UINT16 NumIds;
>  + UINT16 NumGuestIds;
>  + UINT8 GuestIndexBits;
>  + UINT8 HartIndexBits;
>  + UINT8 GroupIndexBits;
>  + UINT8 GroupIndexShift;
>  +} EFI_ACPI_6_5_INC_IMSIC_STRUCTURE;
>  +
>  +///
>  +/// RISC-V Advanced Platform Level Interrupt Controller (APLIC)
>  +///
>  +typedef struct {
>  + UINT8 Type;
>  + UINT8 Length;
>  + UINT8 Version;
>  + UINT8 AplicId;
>  + UINT32 Flags;
>  + UINT8 HW_ID[8];
>  + UINT16 NumIdc;
>  + UINT16 ExternSoureceSupport;
>  + UINT32 GSysInterruptBase;
>  + UINT64 AplicAddress;
>  + UINT32 AplicSize;
>  +} EFI_ACPI_6_5_INC_APLIC_STRUCTURE;
>  +
>  +///
>  +/// RISC-V Platform Level Interrupt Controller (PLIC)
>  +///
>  +typedef struct {
>  + UINT8 Type;
>  + UINT8 Length;
>  + UINT8 Version;
>  + UINT8 PlicId;
>  + UINT8 HwId[8];
>  + UINT16 NumIrqs;
>  + UINT16 MaxPrio;
>  + UINT32 Flags;
>  + UINT32 PlicSize;
>  + UINT64 PlicAddress;
>  + UINT32 GsiBase;
>  +} EFI_ACPI_6_5_INC_PLIC_STRUCTURE;
>  +
>  +///
>  +/// RISC-V Hart Capabilities Table (RHCT)
>  +///
>  +typedef struct {
>  + EFI_ACPI_DESCRIPTION_HEADER Header;
>  +} EFI_ACPI_6_5_PROCESSOR_PROPERTIES_TOPOLOGY_TABLE_HEADER;
>  +
>  +///
>  +/// RHCT Revision
>  +///
>  +#define EFI_ACPI_6_5_RHCT_APIC_DESCRIPTION_TABLE_REVISION 0x05
>  +
>  +///
>  +/// RHCT types
>  +///
>  +#define EFI_ACPI_6_5_NODE_ISA_TYPE 
> 0x0
>  +#define EFI_ACPI_6_5_NODE_CM0_TYPE 
> 0x1
>  +#define EFI_ACPI_6_5_NODE_MMU_TYPE 
> 0x2
>  +#define EFI_ACPI_6_5_NODE_RESERVED_TYPE 0x3
>  +#define EFI_ACPI_6_5_NODE_HART_TYPE 0x
>  +
>  +///
>  +/// RHCT Flags
>  +///
>  +#define ACPI_RHCT_TIMER_CANNOT_WAKEUP_CPU (1)
>  +
>  +///
>  +/// ISA string node
>  +///
>  +typedef struct {
>  + UINT16 Type;
>  + UINT16 Length;
>  + UINT16 Revision;
>  + UINT16 IsaLength;
>  + UINT8 IsaString[];
>  +} EFI_ACPI_6_5_NODE_ISA_STRING_STRUCTURE;
>  +
>  +///
>  +/// CM0 node
>  +///
>  +typedef struct {
>  + UINT16 Type;
>  + UINT16 Length;
>  + UINT16 Revision;
>  + UINT8 Reserved;
>  + UINT8 CbomSize;
>  + UINT8 CbopSize;
>  + UINT8 CbozSize;
>  +} 

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Li, Yi]

This patch set was submitted before soft freeze and will not affect other 
existed codes, I am OK to merge it.

Hi Liming,

Do you have any comments?  I will merge it if no objections.

Thanks,
Yi

-Original Message-
From: Hou, Wenxing  
Sent: Thursday, May 9, 2024 4:29 PM
To: Li, Yi1 ; devel@edk2.groups.io
Cc: Yao, Jiewen ; gaoliming 
Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

Hi,

Thanks for your feedback.
The new PR is: https://github.com/tianocore/edk2/pull/5645

Could Li Yi help me merge the PR?

Thanks,
Wenxing

-Original Message-
From: Li, Yi1  
Sent: Thursday, May 9, 2024 2:54 PM
To: Hou, Wenxing ; devel@edk2.groups.io
Cc: Yao, Jiewen 
Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

For this patch set:

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Thursday, May 9, 2024 2:27 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128

v2 changes:
 - Fix format variable name/hardcode number issue;
 - Fix Pkcs7 memory leak;

v3 changes:
 - Fix some issues form reviewer;
 - Add SHA3/SM3 implementation;
 - Update *.inf files;

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls
  CryptoPkg: Update *.inf in BaseCryptLibMbedTls
  Add SHA3/SM3 functions with openssl for Mbedtls

 CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
 .../Cipher/CryptAeadAesGcm.c  |  227 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
 .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
 .../Pk/CryptAuthenticode.c|  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
 .../Pk/CryptPkcs7VerifyBase.c |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
 .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140 ++  
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
 .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
 25 files changed, 6973 insertions(+), 85 deletions(-)  create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Wenxing Hou]

Hi,

Thanks for your feedback.
The new PR is: https://github.com/tianocore/edk2/pull/5645

Could Li Yi help me merge the PR?

Thanks,
Wenxing

-Original Message-
From: Li, Yi1  
Sent: Thursday, May 9, 2024 2:54 PM
To: Hou, Wenxing ; devel@edk2.groups.io
Cc: Yao, Jiewen 
Subject: RE: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

For this patch set:

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Thursday, May 9, 2024 2:27 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128

v2 changes:
 - Fix format variable name/hardcode number issue;
 - Fix Pkcs7 memory leak;

v3 changes:
 - Fix some issues form reviewer;
 - Add SHA3/SM3 implementation;
 - Update *.inf files;

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls
  CryptoPkg: Update *.inf in BaseCryptLibMbedTls
  Add SHA3/SM3 functions with openssl for Mbedtls

 CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
 .../Cipher/CryptAeadAesGcm.c  |  227 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
 .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
 .../Pk/CryptAuthenticode.c|  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
 .../Pk/CryptPkcs7VerifyBase.c |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
 .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140 ++  
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
 .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
 25 files changed, 6973 insertions(+), 85 deletions(-)  create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c

--
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118749): https://edk2.groups.io/g/devel/message/118749
Mute This Topic: https://groups.io/mt/105996826/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 00/14] Add SmmRelocationLib

[Ard Biesheuvel]

Thanks Liming.

On Thu, 9 May 2024 at 09:36, gaoliming via groups.io
 wrote:
>
> Ard:
>   Gerd is the reviewer of OvmfPkg. He gave Acked-by before soft feature 
> freeze. So, this patch set can be merged for this stable tag 202405.
>
>   And, this patch set has been merged.
>
> Thanks
> Liming
> > -邮件原件-
> > 发件人: devel@edk2.groups.io  代表 Ard Biesheuvel
> > 发送时间: 2024年5月9日 0:44
> > 收件人: Wu, Jiaxin ; Liming Gao (Byosoft address)
> > 
> > 抄送: Yao, Jiewen ; Ni, Ray ;
> > devel@edk2.groups.io; Zeng, Star ; Gerd Hoffmann
> > ; Kumar, Rahul R ; Dong, Guo
> > ; Rhodes, Sean ; Lu, James
> > ; Guo, Gua ; Abdul Lateef Attar
> > ; Abner Chang ; Tom
> > Lendacky 
> > 主题: Re: [edk2-devel] [PATCH v4 00/14] Add SmmRelocationLib
> >
> > Happy to merge this.
> >
> > Liming, please let me know if this meets the soft freeze requirements?
> >
> > Thanks,
> >
> >
> > On Tue, 7 May 2024 at 07:18, Wu, Jiaxin  wrote:
> > >
> > > Thanks Jiewen.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > From: Yao, Jiewen 
> > > Sent: Tuesday, May 7, 2024 12:59 PM
> > > To: Wu, Jiaxin ; Ni, Ray ;
> > devel@edk2.groups.io; Ard Biesheuvel 
> > > Cc: Zeng, Star ; Gerd Hoffmann ;
> > Kumar, Rahul R ; Dong, Guo ;
> > Rhodes, Sean ; Lu, James ; Guo,
> > Gua ; Abdul Lateef Attar ;
> > Abner Chang ; Tom Lendacky
> > 
> > > Subject: RE: [PATCH v4 00/14] Add SmmRelocationLib
> > >
> > >
> > >
> > > Acked-by: Jiewen Yao 
> > >
> > >
> > >
> > > From: Wu, Jiaxin 
> > > Sent: Tuesday, May 7, 2024 11:39 AM
> > > To: Ni, Ray ; devel@edk2.groups.io; Ard Biesheuvel
> > ; Yao, Jiewen 
> > > Cc: Zeng, Star ; Gerd Hoffmann ;
> > Kumar, Rahul R ; Dong, Guo ;
> > Rhodes, Sean ; Lu, James ; Guo,
> > Gua ; Abdul Lateef Attar ;
> > Abner Chang ; Tom Lendacky
> > 
> > > Subject: RE: [PATCH v4 00/14] Add SmmRelocationLib
> > >
> > >
> > >
> > > Hi Jiewen and Ard,
> > >
> > >
> > >
> > > @Yao, Jiewen, @Ard Biesheuvel, do you agree we merge the change related to
> > OVMF package since you are the OVMF maintainers. Please help check /review.
> > >
> > >
> > >
> > > The patches have been acked/tested by the Gerd.
> > >
> > >
> > >
> > >   [PATCH v4 08/14] OvmfPkg/SmmRelocationLib: Add library instance for
> > OVMF
> > >   [PATCH v4 09/14] OvmfPkg/PlatformInitLib: Create
> > gEfiSmmSmramMemoryGuid
> > >   [PATCH v4 10/14]  OvmfPkg: Refine SmmAccess implementation
> > >   [PATCH v4 11/14] OvmfPkg/SmmCpuFeaturesLib: Check Smbase Relocation
> > is done or not
> > >   [PATCH v4 12/14] OvmfPkg/PlatformPei: Relocate SmBases in PEI phase
> > >
> > >
> > >
> > > Thanks,
> > >
> > > Jiaxin
> > >
> > >
> > >
> > > From: Wu, Jiaxin
> > > Sent: Tuesday, April 30, 2024 6:14 PM
> > > To: Ni, Ray ; devel@edk2.groups.io
> > > Cc: Zeng, Star ; Gerd Hoffmann ;
> > Kumar, Rahul R ; Dong, Guo ;
> > Rhodes, Sean ; Lu, James ; Guo,
> > Gua ; Ard Biesheuvel ; Yao,
> > Jiewen ; Abdul Lateef Attar
> > ; Abner Chang ; Tom
> > Lendacky 
> > > Subject: RE: [PATCH v4 00/14] Add SmmRelocationLib
> > >
> > >
> > >
> > > Thanks Ray, I missed to add some already reviewed-by tag in v4. All V4 
> > > patches
> > are tested & acted by Gerd:
> > >
> > > Tested-by: Gerd Hoffmann 
> > >
> > > Acked-by: Gerd Hoffmann 
> > >
> > >
> > >
> > > For each one: listed as below, *so need Ray “reviewed-by” tag on the 
> > > patch:
> > 05/06/14, need Gerd “reviewed-by” tag on the patch:  08/09/10/11/12*
> > >
> > >
> > >
> > >   [PATCH v4 01/14] UefiCpuPkg: Add SmmRelocationLib class
> > >
> > > Reviewed-by: Ray Ni   --> no change compared to V3
> > >
> > >
> > >   [PATCH v4 02/14] UefiCpuPkg/SmmRelocationLib: Add SmmRelocationLib
> > library instance
> > >
> > > Reviewed-by: Ray Ni  --> no change compared to V3
> > >
> > >
> > >   [PATCH v4 03/14] UefiCpuPkg/SmmRelocationLib: Rename global variables
> > >
> > > Reviewed-by: Ray Ni  --> no change compared to V3
> > >
> > >
> > >  [PATCH v4 04/14]  UefiCpuPkg/SmmRelocationLib: Avoid unnecessary
> > memory allocation
> > >
> > > Reviewed-by: Ray Ni  --> no change compared to V3
> > >
> > >
> > >   [PATCH v4 05/14] UefiCpuPkg/SmmRelocationLib: Remove unnecessary
> > global variable
> > >   [PATCH v4 06/14] UefiCpuPkg/SmmRelocationLib: Remove unnecessary
> > CpuIndex
> > >
> > > * Change Based on Ray’s comment on V3: split the removal of CpuIndex
> > parameter in a new patch, so add the 06 patch in V4.*
> > >
> > >
> > >   [PATCH v4 07/14] UefiCpuPkg/SmmRelocationLib: Add library instance for
> > AMD
> > >
> > > Reviewed-by: Abdul Lateef Attar  --> no change
> > compared to V3
> > >
> > >
> > >   [PATCH v4 08/14] OvmfPkg/SmmRelocationLib: Add library instance for
> > OVMF
> > >   [PATCH v4 09/14] OvmfPkg/PlatformInitLib: Create
> > gEfiSmmSmramMemoryGuid
> > >   [PATCH v4 10/14]  OvmfPkg: Refine SmmAccess implementation
> > >   [PATCH v4 11/14] OvmfPkg/SmmCpuFeaturesLib: Check Smbase Relocation
> > is done or not
> > >   [PATCH v4 12/14] OvmfPkg/PlatformPei: Relocate SmBases in PEI phase
> > >
> > > *Change Based on Gerd’s  comment on V3: 1. Creating the
> > 

回复: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1] DynamicTablesPkg: Adds integer to the AML package node

[gaoliming via groups.io]

Abdul:
  Can you give more information why this change is required for this stable
tag 202405?

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Abdul Lateef
> Attar via groups.io
> 发送时间: 2024年5月9日 12:49
> 收件人: devel@edk2.groups.io
> 抄送: Abdul Lateef Attar ; Pierre Gondois
> ; Sami Mujawar 
> 主题: [edk2-devel] [edk2-stable202405 RESEND PATCH v2 1/1]
> DynamicTablesPkg: Adds integer to the AML package node
> 
> Adds an AmlAddIntegerToNamedPackage() API to generate AML code,
> which adds an integer value to the package node.
> 
> Cc: Pierre Gondois 
> Cc: Sami Mujawar 
> Signed-off-by: Abdul Lateef Attar 
> ---
>  .../Include/Library/AmlLib/AmlLib.h   | 41 +++-
>  .../Common/AmlLib/CodeGen/AmlCodeGen.c| 67
> +++
>  2 files changed, 107 insertions(+), 1 deletion(-)
> 
> diff --git a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> index 82d5464084..4427ab68fa 100644
> --- a/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> +++ b/DynamicTablesPkg/Include/Library/AmlLib/AmlLib.h
> @@ -2,7 +2,7 @@
>AML Lib.
> 
>Copyright (c) 2019 - 2023, Arm Limited. All rights reserved.
> -  Copyright (C) 2023 Advanced Micro Devices, Inc. All rights
reserved.
> +  Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights
> reserved.
> 
>SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
> @@ -1743,6 +1743,45 @@ AmlAddNameStringToNamedPackage (
>IN AML_OBJECT_NODE_HANDLE  NamedNode
>);
> 
> +/** Add an integer value to the named package node.
> +
> +  AmlCodeGenNamePackage ("_CID", NULL, );
> +  AmlGetEisaIdFromString ("PNP0A03", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +  AmlGetEisaIdFromString ("PNP0A08", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +
> +  equivalent of the following ASL code:
> +  Name (_CID, Package (0x02)  // _CID: Compatible ID
> +  {
> +  EisaId ("PNP0A03"),
> +  EisaId ("PNP0A08")
> +  })
> +
> +  The package is added at the tail of the list of the input package node
> +  name:
> +Name ("NamePackageNode", Package () {
> +  [Pre-existing package entries],
> +  [Newly created integer entry]
> +})
> +
> +
> +  @ingroup CodeGenApis
> +
> +  @param [in]   Integer   Integer value that need to be added to
> package node.
> +  @param [in, out]  NameNode  Package named node to add the object
> to.
> +
> +  @retval EFI_SUCCESS Success.
> +  @retval EFI_INVALID_PARAMETER   Invalid parameter.
> +  @retval Others  Error occurred during the operation.
> +**/
> +EFI_STATUS
> +EFIAPI
> +AmlAddIntegerToNamedPackage (
> +  INUINT32  Integer,
> +  IN  OUT   AML_OBJECT_NODE_HANDLE  NameNode
> +  );
> +
>  /** AML code generation to invoke/call another method.
> 
>This method is a subset implementation of MethodInvocation
> diff --git a/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> b/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> index 22c2d598d0..89fa4e06f8 100644
> --- a/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> +++ b/DynamicTablesPkg/Library/Common/AmlLib/CodeGen/AmlCodeGen.c
> @@ -3871,6 +3871,73 @@ exit_handler:
>return Status;
>  }
> 
> +/** Add an integer value to the named package node.
> +
> +  AmlCodeGenNamePackage ("_CID", NULL, );
> +  AmlGetEisaIdFromString ("PNP0A03", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +  AmlGetEisaIdFromString ("PNP0A08", );
> +  AmlAddIntegerToNamedPackage (EisaId, NameNode);
> +
> +  equivalent of the following ASL code:
> +  Name (_CID, Package (0x02)  // _CID: Compatible ID
> +  {
> +  EisaId ("PNP0A03"),
> +  EisaId ("PNP0A08")
> +  })
> +
> +  The package is added at the tail of the list of the input package node
> +  name:
> +Name ("NamePackageNode", Package () {
> +  [Pre-existing package entries],
> +  [Newly created integer entry]
> +})
> +
> +
> +  @ingroup CodeGenApis
> +
> +  @param [in]   Integer   Integer value that need to be added to
> package node.
> +  @param [in, out]  NameNode  Package named node to add the object
> to.
> +
> +  @retval EFI_SUCCESS Success.
> +  @retval EFI_INVALID_PARAMETER   Invalid parameter.
> +  @retval Others  Error occurred during the operation.
> +**/
> +EFI_STATUS
> +EFIAPI
> +AmlAddIntegerToNamedPackage (
> +  INUINT32  Integer,
> +  IN  OUT   AML_OBJECT_NODE_HANDLE  NameNode
> +  )
> +{
> +  EFI_STATUS   Status;
> +  AML_OBJECT_NODE  *PackageNode;
> +
> +  if (NameNode == NULL) {
> +ASSERT_EFI_ERROR (FALSE);
> +return EFI_INVALID_PARAMETER;
> +  }
> +
> +  PackageNode = (AML_OBJECT_NODE_HANDLE)AmlGetFixedArgument (
> +  NameNode,
> +  EAmlParseIndexTerm1
> +  );
> +  if ((PackageNode == NULL)
> 

回复: [edk2-devel] [PATCH v4 00/14] Add SmmRelocationLib

[gaoliming via groups.io]

Ard:
  Gerd is the reviewer of OvmfPkg. He gave Acked-by before soft feature freeze. 
So, this patch set can be merged for this stable tag 202405. 

  And, this patch set has been merged. 

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Ard Biesheuvel
> 发送时间: 2024年5月9日 0:44
> 收件人: Wu, Jiaxin ; Liming Gao (Byosoft address)
> 
> 抄送: Yao, Jiewen ; Ni, Ray ;
> devel@edk2.groups.io; Zeng, Star ; Gerd Hoffmann
> ; Kumar, Rahul R ; Dong, Guo
> ; Rhodes, Sean ; Lu, James
> ; Guo, Gua ; Abdul Lateef Attar
> ; Abner Chang ; Tom
> Lendacky 
> 主题: Re: [edk2-devel] [PATCH v4 00/14] Add SmmRelocationLib
> 
> Happy to merge this.
> 
> Liming, please let me know if this meets the soft freeze requirements?
> 
> Thanks,
> 
> 
> On Tue, 7 May 2024 at 07:18, Wu, Jiaxin  wrote:
> >
> > Thanks Jiewen.
> >
> >
> >
> >
> >
> >
> >
> > From: Yao, Jiewen 
> > Sent: Tuesday, May 7, 2024 12:59 PM
> > To: Wu, Jiaxin ; Ni, Ray ;
> devel@edk2.groups.io; Ard Biesheuvel 
> > Cc: Zeng, Star ; Gerd Hoffmann ;
> Kumar, Rahul R ; Dong, Guo ;
> Rhodes, Sean ; Lu, James ; Guo,
> Gua ; Abdul Lateef Attar ;
> Abner Chang ; Tom Lendacky
> 
> > Subject: RE: [PATCH v4 00/14] Add SmmRelocationLib
> >
> >
> >
> > Acked-by: Jiewen Yao 
> >
> >
> >
> > From: Wu, Jiaxin 
> > Sent: Tuesday, May 7, 2024 11:39 AM
> > To: Ni, Ray ; devel@edk2.groups.io; Ard Biesheuvel
> ; Yao, Jiewen 
> > Cc: Zeng, Star ; Gerd Hoffmann ;
> Kumar, Rahul R ; Dong, Guo ;
> Rhodes, Sean ; Lu, James ; Guo,
> Gua ; Abdul Lateef Attar ;
> Abner Chang ; Tom Lendacky
> 
> > Subject: RE: [PATCH v4 00/14] Add SmmRelocationLib
> >
> >
> >
> > Hi Jiewen and Ard,
> >
> >
> >
> > @Yao, Jiewen, @Ard Biesheuvel, do you agree we merge the change related to
> OVMF package since you are the OVMF maintainers. Please help check /review.
> >
> >
> >
> > The patches have been acked/tested by the Gerd.
> >
> >
> >
> >   [PATCH v4 08/14] OvmfPkg/SmmRelocationLib: Add library instance for
> OVMF
> >   [PATCH v4 09/14] OvmfPkg/PlatformInitLib: Create
> gEfiSmmSmramMemoryGuid
> >   [PATCH v4 10/14]  OvmfPkg: Refine SmmAccess implementation
> >   [PATCH v4 11/14] OvmfPkg/SmmCpuFeaturesLib: Check Smbase Relocation
> is done or not
> >   [PATCH v4 12/14] OvmfPkg/PlatformPei: Relocate SmBases in PEI phase
> >
> >
> >
> > Thanks,
> >
> > Jiaxin
> >
> >
> >
> > From: Wu, Jiaxin
> > Sent: Tuesday, April 30, 2024 6:14 PM
> > To: Ni, Ray ; devel@edk2.groups.io
> > Cc: Zeng, Star ; Gerd Hoffmann ;
> Kumar, Rahul R ; Dong, Guo ;
> Rhodes, Sean ; Lu, James ; Guo,
> Gua ; Ard Biesheuvel ; Yao,
> Jiewen ; Abdul Lateef Attar
> ; Abner Chang ; Tom
> Lendacky 
> > Subject: RE: [PATCH v4 00/14] Add SmmRelocationLib
> >
> >
> >
> > Thanks Ray, I missed to add some already reviewed-by tag in v4. All V4 
> > patches
> are tested & acted by Gerd:
> >
> > Tested-by: Gerd Hoffmann 
> >
> > Acked-by: Gerd Hoffmann 
> >
> >
> >
> > For each one: listed as below, *so need Ray “reviewed-by” tag on the patch:
> 05/06/14, need Gerd “reviewed-by” tag on the patch:  08/09/10/11/12*
> >
> >
> >
> >   [PATCH v4 01/14] UefiCpuPkg: Add SmmRelocationLib class
> >
> > Reviewed-by: Ray Ni   --> no change compared to V3
> >
> >
> >   [PATCH v4 02/14] UefiCpuPkg/SmmRelocationLib: Add SmmRelocationLib
> library instance
> >
> > Reviewed-by: Ray Ni  --> no change compared to V3
> >
> >
> >   [PATCH v4 03/14] UefiCpuPkg/SmmRelocationLib: Rename global variables
> >
> > Reviewed-by: Ray Ni  --> no change compared to V3
> >
> >
> >  [PATCH v4 04/14]  UefiCpuPkg/SmmRelocationLib: Avoid unnecessary
> memory allocation
> >
> > Reviewed-by: Ray Ni  --> no change compared to V3
> >
> >
> >   [PATCH v4 05/14] UefiCpuPkg/SmmRelocationLib: Remove unnecessary
> global variable
> >   [PATCH v4 06/14] UefiCpuPkg/SmmRelocationLib: Remove unnecessary
> CpuIndex
> >
> > * Change Based on Ray’s comment on V3: split the removal of CpuIndex
> parameter in a new patch, so add the 06 patch in V4.*
> >
> >
> >   [PATCH v4 07/14] UefiCpuPkg/SmmRelocationLib: Add library instance for
> AMD
> >
> > Reviewed-by: Abdul Lateef Attar  --> no change
> compared to V3
> >
> >
> >   [PATCH v4 08/14] OvmfPkg/SmmRelocationLib: Add library instance for
> OVMF
> >   [PATCH v4 09/14] OvmfPkg/PlatformInitLib: Create
> gEfiSmmSmramMemoryGuid
> >   [PATCH v4 10/14]  OvmfPkg: Refine SmmAccess implementation
> >   [PATCH v4 11/14] OvmfPkg/SmmCpuFeaturesLib: Check Smbase Relocation
> is done or not
> >   [PATCH v4 12/14] OvmfPkg/PlatformPei: Relocate SmBases in PEI phase
> >
> > *Change Based on Gerd’s  comment on V3: 1. Creating the
> EFI_SMM_SMRAM_MEMORY_GUID HOB should be moved to its own function.
> 2) refine the comment in SmmAccess 3) refine the commit log.*
> >
> >
> >   [PATCH v4 13/14] UefiPayloadPkg/UefiPayloadPkg.dsc: Include
> SmmRelocationLib
> >
> > Reviewed-by: Gua Guo 
> >
> > Reviewed-by: Guo Dong 
> >
> >
> >   [PATCH v4 14/14] UefiCpuPkg/PiSmmCpuDxeSmm: Remove SmBases
> relocation logic
> >
> > *Change Based on Ray’s comment on V3: move the "TileSize" 

回复: [edk2-devel][edk2-stable202405][PATCH] MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount

[gaoliming via groups.io]

Reviewed-by: Liming Gao 

This is a security fix. So, I think it should catch this stable tag 202405

Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io  代表 Pakkirisamy
> ShanmugavelX
> 发送时间: 2024年5月6日 17:53
> 收件人: devel@edk2.groups.io
> 抄送: Shanmugavel Pakkirisamy ;
> Zhiguang Liu ; Dandan Bi ;
> Liming Gao 
> 主题: [edk2-devel] [PATCH] MdeModulePkg: Potential UINT32 overflow in S3
> ResumeCount
> 
> From: Shanmugavel Pakkirisamy 
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
> 
> Attacker able to modify physical memory and ResumeCount.
> System will crash/DoS when ResumeCount reaches its MAX_UINT32.
> 
> Cc: Zhiguang Liu 
> Cc: Dandan Bi 
> Cc: Liming Gao 
> 
> Signed-off-by: Pakkirisamy ShanmugavelX
> 
> ---
> 
> MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePe
> rformancePei.c | 14 +-
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git
> a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware
> PerformancePei.c
> b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware
> PerformancePei.c
> index 2f2b2a80b2..1035ed8640 100644
> ---
> a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware
> PerformancePei.c
> +++
> b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/Firmware
> PerformancePei.c
> @@ -112,11 +112,15 @@ FpdtStatusCodeListenerPei (
>//
>S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume,
> AcpiS3ResumeRecord->ResumeCount);
>AcpiS3ResumeRecord->ResumeCount++;
> -  AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal +
> AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
> -
> -  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount
> = %d\n", AcpiS3ResumeRecord->ResumeCount));
> -  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume
> = %ld\n", AcpiS3ResumeRecord->FullResume));
> -  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume
> = %ld\n", AcpiS3ResumeRecord->AverageResume));
> +  if (AcpiS3ResumeRecord->ResumeCount > 0) {
> +AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal +
> AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
> +DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance -
> AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));
> +  }
> +  else {
> +DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the
> MAX_UINT32 value. S3 ResumeCount record reset to Zero."));
> +  }
> +  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount   =
> 0x%x\n", AcpiS3ResumeRecord->ResumeCount));
> +  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume=
> 0x%x\n", AcpiS3ResumeRecord->FullResume));
> 
>//
>// Update S3 Suspend Performance Record.
> --
> 2.45.0.windows.1
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118745): https://edk2.groups.io/g/devel/message/118745
Mute This Topic: https://groups.io/mt/105997183/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

回复: [edk2-devel] pr for stable tag

[gaoliming via groups.io]

Ard:
  I am OK to merge this regression bug fix for stable tag 202405. If no other 
comments, I will merge it. 

Thanks
Liming
> -邮件原件-
> 发件人: Ard Biesheuvel 
> 发送时间: 2024年5月9日 0:15
> 收件人: devel@edk2.groups.io; gaolim...@byosoft.com.cn
> 抄送: Michael Kinney ; Leif Lindholm
> ; Peter Batard 
> 主题: Re: [edk2-devel] pr for stable tag
> 
> Yes
> 
> On Wed, 8 May 2024 at 17:36, gaoliming via groups.io
>  wrote:
> >
> > Ard:
> >   So, this patch needs to catch this stable tag. Right?
> >
> > Thanks
> > Liming
> > > -邮件原件-
> > > 发件人: devel@edk2.groups.io  代表 Ard
> Biesheuvel
> > > 发送时间: 2024年5月8日 20:41
> > > 收件人: Liming Gao (Byosoft address) ; Michael
> > > Kinney ; Leif Lindholm
> > > ; edk2-devel-groups-io 
> > > 抄送: Peter Batard 
> > > 主题: [edk2-devel] pr for stable tag
> > >
> > > Please set the push label on
> > >
> > > https://github.com/tianocore/edk2/pull/5642
> > >
> > > discussed here:
> > >
> > > https://openfw.io/edk2-devel/20240508085148.1725-1-p...@akeo.ie/
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> > 
> >
> >




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118744): https://edk2.groups.io/g/devel/message/118744
Mute This Topic: https://groups.io/mt/105997173/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Li, Yi]

For this patch set:

Looks good to me.
Reviewed-by: Yi Li 


-Original Message-
From: Hou, Wenxing  
Sent: Thursday, May 9, 2024 2:27 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen ; Li, Yi1 
Subject: [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128

v2 changes:
 - Fix format variable name/hardcode number issue;
 - Fix Pkcs7 memory leak;

v3 changes:
 - Fix some issues form reviewer;
 - Add SHA3/SM3 implementation;
 - Update *.inf files;

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls
  CryptoPkg: Update *.inf in BaseCryptLibMbedTls
  Add SHA3/SM3 functions with openssl for Mbedtls

 CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
 .../Cipher/CryptAeadAesGcm.c  |  227 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
 .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
 .../Pk/CryptAuthenticode.c|  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
 .../Pk/CryptPkcs7VerifyBase.c |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
 .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140 ++  
.../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
 .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
 25 files changed, 6973 insertions(+), 85 deletions(-)  create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c

--
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118743): https://edk2.groups.io/g/devel/message/118743
Mute This Topic: https://groups.io/mt/105996826/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 11/11] Add SHA3/SM3 functions with openssl for Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Because the Mbedlts 3.3.0 doesn't have SHA3 and Sm3, the SHA3 and Sm3
implementaion based on Openssl.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../Library/BaseCryptLibMbedTls/BaseCryptLib.inf  | 11 +++
 CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf |  9 +++--
 .../Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf   |  3 ++-
 CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf |  9 +++--
 .../Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf  |  3 ++-
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |  6 ++
 CryptoPkg/Library/MbedTlsLib/MbedTlsLibFull.inf   |  6 ++
 7 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
index cb282fe648..f015d5afbd 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
@@ -18,6 +18,7 @@
   MODULE_TYPE= DXE_DRIVER
   VERSION_STRING = 1.0
   LIBRARY_CLASS  = BaseCryptLib|DXE_DRIVER DXE_CORE 
UEFI_APPLICATION UEFI_DRIVER
+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
 
 #
 # The following information is for reference only and not required by the 
build tools.
@@ -31,10 +32,12 @@
   Hash/CryptSha1.c
   Hash/CryptSha256.c
   Hash/CryptSha512.c
-  Hash/CryptSm3Null.c
-
-  Hash/CryptParallelHashNull.c
-
+  $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c
+  $(BASE_CRYPT_PATH)/Hash/CryptDispatchApDxe.c
+  $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c
+  $(BASE_CRYPT_PATH)/Hash/CryptSha3.c
+  $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
+  $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c
   Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
index 660e11a96e..479bb2f87d 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
@@ -26,6 +26,7 @@
   MODULE_TYPE= PEIM
   VERSION_STRING = 1.0
   LIBRARY_CLASS  = BaseCryptLib|PEIM PEI_CORE
+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
 
 #
 # The following information is for reference only and not required by the 
build tools.
@@ -38,9 +39,13 @@
   Hash/CryptMd5.c
   Hash/CryptSha1.c
   Hash/CryptSha256.c
-  Hash/CryptSm3Null.c
   Hash/CryptSha512.c
-  Hash/CryptParallelHashNull.c
+  $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c
+  $(BASE_CRYPT_PATH)/Hash/CryptDispatchApPei.c
+  $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c
+  $(BASE_CRYPT_PATH)/Hash/CryptSha3.c
+  $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
+  $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c
   Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
index 280b1a9c29..0179640e03 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
@@ -25,6 +25,7 @@
   VERSION_STRING = 1.0
   LIBRARY_CLASS  = BaseCryptLib|DXE_RUNTIME_DRIVER
   CONSTRUCTOR= RuntimeCryptLibConstructor
+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
 
 #
 # The following information is for reference only and not required by the 
build tools.
@@ -37,9 +38,9 @@
   Hash/CryptMd5.c
   Hash/CryptSha1.c
   Hash/CryptSha256.c
-  Hash/CryptSm3Null.c
   Hash/CryptSha512.c
   Hash/CryptParallelHashNull.c
+  $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
   Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
index 4a519b06ee..92013bd514 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
@@ -24,6 +24,7 @@
   VERSION_STRING = 1.0
   PI_SPECIFICATION_VERSION   = 0x0001000A
   LIBRARY_CLASS  = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE 
MM_STANDALONE
+  DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
 
 #
 # The following information is for reference only and not required by the 
build tools.
@@ -36,9 +37,13 @@
   Hash/CryptMd5.c
   Hash/CryptSha1.c
   Hash/CryptSha256.c
-  Hash/CryptSm3Null.c
   Hash/CryptSha512.c
-  Hash/CryptParallelHashNull.c
+  $(BASE_CRYPT_PATH)/Hash/CryptCShake256.c
+  $(BASE_CRYPT_PATH)/Hash/CryptDispatchApMm.c
+  $(BASE_CRYPT_PATH)/Hash/CryptParallelHash.c
+  $(BASE_CRYPT_PATH)/Hash/CryptSha3.c
+  $(BASE_CRYPT_PATH)/Hash/CryptSm3.c
+  $(BASE_CRYPT_PATH)/Hash/CryptXkcp.c
   Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
   Cipher/CryptAes.c
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/TestBaseCryptLib.inf 

[edk2-devel] [PATCH v3 07/11] CryptoPkg: Add more RSA related functions based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Implement more RSA functions such as RsaPkcs1Sign based Mbedlts.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   | 278 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  | 352 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  | 140 +++
 3 files changed, 770 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
new file mode 100644
index 00..61ccdd78e6
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
@@ -0,0 +1,278 @@
+/** @file
+  This file contains UEFI wrapper functions for RSA PKCS1v2 OAEP encryption 
routines.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  Copyright (c) 2024, Intel Corporation. All rights reserved.
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+#include 
+#include 
+
+/**
+  Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  encrypted message in a newly allocated buffer.
+
+  Things that can cause a failure include:
+  - X509 key size does not match any known key size.
+  - Fail to parse X509 certificate.
+  - Fail to allocate an intermediate buffer.
+  - Null pointer provided for a non-optional parameter.
+  - Data size is too large for the provided key size (max size is a function 
of key size
+and hash digest size).
+
+  @param[in]  PublicKey   A pointer to the DER-encoded X509 
certificate that
+  will be used to encrypt the data.
+  @param[in]  PublicKeySize   Size of the X509 cert buffer.
+  @param[in]  InData  Data to be encrypted.
+  @param[in]  InDataSize  Size of the data buffer.
+  @param[in]  PrngSeed[Optional] If provided, a pointer to a 
random seed buffer
+  to be used when initializing the PRNG. NULL 
otherwise.
+  @param[in]  PrngSeedSize[Optional] If provided, size of the random 
seed buffer.
+  0 otherwise.
+  @param[out] EncryptedData   Pointer to an allocated buffer containing 
the encrypted
+  message.
+  @param[out] EncryptedDataSize   Size of the encrypted message buffer.
+
+  @retval TRUEEncryption was successful.
+  @retval FALSE   Encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs1v2Encrypt (
+  IN CONST UINT8  *PublicKey,
+  IN UINTNPublicKeySize,
+  IN UINT8*InData,
+  IN UINTNInDataSize,
+  IN CONST UINT8  *PrngSeed OPTIONAL,
+  IN UINTNPrngSeedSize OPTIONAL,
+  OUT UINT8   **EncryptedData,
+  OUT UINTN   *EncryptedDataSize
+  )
+{
+  BOOLEAN  Result;
+  UINT32   Ret;
+  UINT8*OutData;
+  mbedtls_x509_crt CertContext;
+  mbedtls_rsa_context  RsaContext;
+
+  //
+  // Check input parameters.
+  //
+  if ((PublicKey == NULL) || (InData == NULL) ||
+  (EncryptedData == NULL) || (EncryptedDataSize == NULL))
+  {
+return FALSE;
+  }
+
+  //
+  // Check public key size.
+  //
+  if (PublicKeySize > UINT_MAX) {
+//
+// Public key size is too large for implementation.
+//
+return FALSE;
+  }
+
+  *EncryptedData = NULL;
+  *EncryptedDataSize = 0;
+  Result = FALSE;
+  OutData= NULL;
+
+  mbedtls_x509_crt_init ();
+
+  if (mbedtls_x509_crt_parse_der (, PublicKey, 
(UINT32)PublicKeySize) != 0) {
+goto _Exit;
+  }
+
+  if (mbedtls_pk_get_type () != MBEDTLS_PK_RSA) {
+goto _Exit;
+  }
+
+  mbedtls_rsa_init ();
+  if (mbedtls_rsa_set_padding (, MBEDTLS_RSA_PKCS_V21, 
MBEDTLS_MD_NONE) != 0) {
+goto _Exit;
+  }
+
+  Ret = mbedtls_rsa_copy (, mbedtls_pk_rsa (CertContext.pk));
+  if (Ret != 0) {
+goto _Exit;
+  }
+
+  *EncryptedDataSize = RsaContext.len;
+
+  //
+  // Allocate a buffer for the output data.
+  //
+  OutData = AllocateZeroPool (*EncryptedDataSize);
+  if (OutData == NULL) {
+//
+// Fail to allocate the output buffer.
+//
+goto _Exit;
+  }
+
+  Ret = mbedtls_rsa_pkcs1_encrypt (
+  ,
+  MbedtlsRand,
+  NULL,
+  InDataSize,
+  InData,
+  OutData
+  );
+  if (Ret != 0) {
+FreePool (OutData);
+OutData = NULL;
+goto _Exit;
+  }
+
+  *EncryptedData = OutData;
+  Result = TRUE;
+
+_Exit:
+  //
+  // Release Resources
+  //
+  if ( != NULL) {
+mbedtls_x509_crt_free ();
+  }
+
+  if ( != NULL) {
+mbedtls_rsa_free ();
+  }
+
+  return Result;
+}
+
+/**
+  Encrypts a blob using PKCS1v2 (RSAES-OAEP) schema. On success, will return 
the
+  encrypted message in a 

[edk2-devel] [PATCH v3 10/11] CryptoPkg: Update *.inf in BaseCryptLibMbedTls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Update all *.inf in BaseCryptLibMbedTls based on new implementation.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  | 42 ++-
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   | 18 
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   | 23 +-
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   | 27 ++--
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  | 36 
 5 files changed, 80 insertions(+), 66 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
index 16def792c5..cb282fe648 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/BaseCryptLib.inf
@@ -27,33 +27,37 @@
 
 [Sources]
   InternalCryptLib.h
-  Cipher/CryptAeadAesGcmNull.c
-  Cipher/CryptAes.c
+  Hash/CryptMd5.c
+  Hash/CryptSha1.c
   Hash/CryptSha256.c
   Hash/CryptSha512.c
-  Hash/CryptParallelHashNull.c
   Hash/CryptSm3Null.c
-  Hash/CryptMd5.c
-  Hash/CryptSha1.c
+
+  Hash/CryptParallelHashNull.c
+
   Hmac/CryptHmac.c
   Kdf/CryptHkdf.c
+  Cipher/CryptAes.c
+  Cipher/CryptAeadAesGcm.c
   Pk/CryptRsaBasic.c
-  Pk/CryptRsaExtNull.c
-  Pk/CryptRsaPss.c
-  Pk/CryptRsaPssSignNull.c
-  Bn/CryptBnNull.c
-  Pem/CryptPemNull.c
+  Pk/CryptRsaExt.c
+  Pk/CryptPkcs1Oaep.c
+  Pk/CryptPkcs5Pbkdf2.c
+  Pk/CryptPkcs7Sign.c
+  Pk/CryptPkcs7VerifyCommon.c
+  Pk/CryptPkcs7VerifyBase.c
+  Pk/CryptPkcs7VerifyEku.c
   Pk/CryptDhNull.c
+  Pk/CryptX509.c
+  Pk/CryptAuthenticode.c
+  Pk/CryptTs.c
+  Pk/CryptRsaPss.c
+  Pk/CryptRsaPssSign.c
   Pk/CryptEcNull.c
-  Pk/CryptPkcs1OaepNull.c
-  Pk/CryptPkcs5Pbkdf2Null.c
-  Pk/CryptPkcs7SignNull.c
-  Pk/CryptPkcs7VerifyNull.c
-  Pk/CryptPkcs7VerifyEkuNull.c
-  Pk/CryptX509Null.c
-  Pk/CryptAuthenticodeNull.c
-  Pk/CryptTsNull.c
-  Rand/CryptRandNull.c
+  Pem/CryptPem.c
+  Bn/CryptBnNull.c
+  Rand/CryptRand.c
+
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
 
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
index 72b22a24e8..660e11a96e 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/PeiCryptLib.inf
@@ -47,21 +47,23 @@
   Cipher/CryptAeadAesGcmNull.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
-  Pk/CryptRsaPss.c
-  Pk/CryptRsaPssSignNull.c
-  Bn/CryptBnNull.c
-  Pem/CryptPemNull.c
-  Pk/CryptDhNull.c
-  Pk/CryptEcNull.c
   Pk/CryptPkcs1OaepNull.c
   Pk/CryptPkcs5Pbkdf2Null.c
   Pk/CryptPkcs7SignNull.c
-  Pk/CryptPkcs7VerifyNull.c
-  Pk/CryptPkcs7VerifyEkuNull.c
+  Pk/CryptPkcs7VerifyCommon.c
+  Pk/CryptPkcs7VerifyBase.c
+  Pk/CryptPkcs7VerifyEku.c
+  Pk/CryptDhNull.c
   Pk/CryptX509Null.c
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
+  Pk/CryptRsaPss.c
+  Pk/CryptRsaPssSignNull.c
+  Pk/CryptEcNull.c
+  Pem/CryptPemNull.c
   Rand/CryptRandNull.c
+  Bn/CryptBnNull.c
+
   SysCall/CrtWrapper.c
   SysCall/ConstantTimeClock.c
 
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
index 9f17ef00bf..280b1a9c29 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/RuntimeCryptLib.inf
@@ -46,21 +46,23 @@
   Cipher/CryptAeadAesGcmNull.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
-  Pk/CryptRsaPssNull.c
-  Pk/CryptRsaPssSignNull.c
-  Bn/CryptBnNull.c
-  Pem/CryptPemNull.c
-  Pk/CryptDhNull.c
-  Pk/CryptEcNull.c
   Pk/CryptPkcs1OaepNull.c
   Pk/CryptPkcs5Pbkdf2Null.c
   Pk/CryptPkcs7SignNull.c
-  Pk/CryptPkcs7VerifyNull.c
-  Pk/CryptPkcs7VerifyEkuNull.c
-  Pk/CryptX509Null.c
+  Pk/CryptPkcs7VerifyCommon.c
+  Pk/CryptPkcs7VerifyRuntime.c
+  Pk/CryptPkcs7VerifyEkuRuntime.c
+  Pk/CryptDhNull.c
+  Pk/CryptX509.c
   Pk/CryptAuthenticodeNull.c
   Pk/CryptTsNull.c
-  Rand/CryptRandNull.c
+  Pk/CryptRsaPssNull.c
+  Pk/CryptRsaPssSignNull.c
+  Pk/CryptEcNull.c
+  Pem/CryptPem.c
+  Bn/CryptBnNull.c
+  Rand/CryptRand.c
+
   SysCall/CrtWrapper.c
   SysCall/TimerWrapper.c
   SysCall/RuntimeMemAllocation.c
@@ -77,6 +79,7 @@
   MbedTlsLib
   IntrinsicLib
   PrintLib
+  RngLib
 
 #
 # Remove these [BuildOptions] after this library is cleaned up
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf 
b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
index 40c56d1b7d..4a519b06ee 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/SmmCryptLib.inf
@@ -45,21 +45,23 @@
   Cipher/CryptAeadAesGcmNull.c
   Pk/CryptRsaBasic.c
   Pk/CryptRsaExtNull.c
-  Pk/CryptRsaPss.c
-  Pk/CryptRsaPssSignNull.c
-  Bn/CryptBnNull.c
-  Pem/CryptPemNull.c
-  Pk/CryptDhNull.c
-  Pk/CryptEcNull.c
-  Pk/CryptPkcs1OaepNull.c
-  Pk/CryptPkcs5Pbkdf2Null.c
+  Pk/CryptPkcs1Oaep.c
+  Pk/CryptPkcs5Pbkdf2.c
   Pk/CryptPkcs7SignNull.c
- 

[edk2-devel] [PATCH v3 09/11] CryptoPkg: Add ImageTimestampVerify based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Timestamp Countersignature Verification implementaion based on Mbedtls.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  | 381 ++
 1 file changed, 381 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
new file mode 100644
index 00..d3fa205f9c
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
@@ -0,0 +1,381 @@
+/** @file
+  RFC3161 Timestamp Countersignature Verification Wrapper Implementation which 
does
+  not provide real capabilities.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+
+//
+// OID ASN.1 Value for SPC_RFC3161_OBJID ("1.3.6.1.4.1.311.3.3.1")
+//
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8  mSpcRFC3161OidValue[] = {
+  0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x03, 0x03, 0x01
+};
+
+/**
+  Convert ASN.1 GeneralizedTime to EFI Time.
+
+  @param[in]  Ptr  Pointer to the ASN.1 GeneralizedTime to be 
converted.
+  @param[out] EfiTime  Return the corresponding EFI Time.
+
+  @retval  TRUE   The time conversion succeeds.
+  @retval  FALSE  Invalid parameters.
+
+**/
+STATIC
+BOOLEAN
+ConvertAsn1TimeToEfiTime (
+  IN  UINT8 *Ptr,
+  OUT EFI_TIME  *EfiTime
+  )
+{
+  CONST CHAR8  *Str;
+  UINTNIndex;
+
+  if ((Ptr == NULL) || (EfiTime == NULL)) {
+return FALSE;
+  }
+
+  Str = (CONST CHAR8 *)Ptr;
+  SetMem (EfiTime, sizeof (EFI_TIME), 0);
+
+  Index = 0;
+
+  /* four digit year */
+  EfiTime->Year  = (Str[Index++] - '0') * 1000;
+  EfiTime->Year += (Str[Index++] - '0') * 100;
+  EfiTime->Year += (Str[Index++] - '0') * 10;
+  EfiTime->Year += (Str[Index++] - '0');
+  if ((EfiTime->Year < 1900) || (EfiTime->Year > )) {
+return FALSE;
+  }
+
+  EfiTime->Month  = (Str[Index++] - '0') * 10;
+  EfiTime->Month += (Str[Index++] - '0');
+  if ((EfiTime->Month < 1) || (EfiTime->Month > 12)) {
+return FALSE;
+  }
+
+  EfiTime->Day  = (Str[Index++] - '0') * 10;
+  EfiTime->Day += (Str[Index++] - '0');
+  if ((EfiTime->Day < 1) || (EfiTime->Day > 31)) {
+return FALSE;
+  }
+
+  EfiTime->Hour  = (Str[Index++] - '0') * 10;
+  EfiTime->Hour += (Str[Index++] - '0');
+  if (EfiTime->Hour > 23) {
+return FALSE;
+  }
+
+  EfiTime->Minute  = (Str[Index++] - '0') * 10;
+  EfiTime->Minute += (Str[Index++] - '0');
+  if (EfiTime->Minute > 59) {
+return FALSE;
+  }
+
+  EfiTime->Second  = (Str[Index++] - '0') * 10;
+  EfiTime->Second += (Str[Index++] - '0');
+  if (EfiTime->Second > 59) {
+return FALSE;
+  }
+
+  /* Note: we did not adjust the time based on time zone information */
+
+  return TRUE;
+}
+
+/**
+  Verifies the validity of a RFC3161 Timestamp CounterSignature embedded in 
PE/COFF Authenticode
+  signature.
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in]  AuthData Pointer to the Authenticode Signature retrieved 
from signed
+   PE/COFF image to be verified.
+  @param[in]  DataSize Size of the Authenticode Signature in bytes.
+  @param[in]  TsaCert  Pointer to a trusted/root TSA certificate encoded 
in DER, which
+   is used for TSA certificate chain verification.
+  @param[in]  CertSize Size of the trusted certificate in bytes.
+  @param[out] SigningTime  Return the time of timestamp generation time if the 
timestamp
+   signature is valid.
+
+  @retval  FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+ImageTimestampVerify (
+  IN  CONST UINT8  *AuthData,
+  IN  UINTNDataSize,
+  IN  CONST UINT8  *TsaCert,
+  IN  UINTNCertSize,
+  OUT EFI_TIME *SigningTime
+  )
+{
+  BOOLEAN  Status;
+  UINT8*Ptr;
+  UINT8*End;
+  INT32Len;
+  UINTNObjLen;
+  UINT8*TempPtr;
+
+  //
+  // Initializations
+  //
+  if (SigningTime != NULL) {
+SetMem (SigningTime, sizeof (EFI_TIME), 0);
+  }
+
+  //
+  // Input Parameters Checking.
+  //
+  if ((AuthData == NULL) || (TsaCert == NULL)) {
+return FALSE;
+  }
+
+  if ((DataSize > INT_MAX) || (CertSize > INT_MAX)) {
+return FALSE;
+  }
+
+  Ptr = (UINT8 *)(UINTN)AuthData;
+  Len = (UINT32)DataSize;
+  End = Ptr + Len;
+
+  // ContentInfo
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_SEQUENCE) != 0) {
+return FALSE;
+  }
+
+  // ContentType
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_OID) != 0) {
+return FALSE;
+  }
+
+  Ptr += ObjLen;
+  // content
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) {
+return FALSE;
+  }
+
+  End = Ptr + ObjLen;
+  // signedData
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 

[edk2-devel] [PATCH v3 08/11] CryptoPkg: Add AuthenticodeVerify based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Implement AuthenticodeVerify based on Mbedtls.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../Pk/CryptAuthenticode.c| 214 ++
 1 file changed, 214 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
new file mode 100644
index 00..9d8301b2c0
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
@@ -0,0 +1,214 @@
+/** @file
+  Authenticode Portable Executable Signature Verification which does not 
provide
+  real capabilities.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+
+//
+// OID ASN.1 Value for SPC_INDIRECT_DATA_OBJID
+//
+GLOBAL_REMOVE_IF_UNREFERENCED const UINT8  mSpcIndirectOidValue[] = {
+  0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04
+};
+
+/**
+  Verifies the validity of a PE/COFF Authenticode Signature as described in 
"Windows
+  Authenticode Portable Executable Signature Format".
+
+  Return FALSE to indicate this interface is not supported.
+
+  @param[in]  AuthData Pointer to the Authenticode Signature retrieved 
from signed
+   PE/COFF image to be verified.
+  @param[in]  DataSize Size of the Authenticode Signature in bytes.
+  @param[in]  TrustedCert  Pointer to a trusted/root certificate encoded in 
DER, which
+   is used for certificate chain verification.
+  @param[in]  CertSize Size of the trusted certificate in bytes.
+  @param[in]  ImageHashPointer to the original image file hash value. The 
procedure
+   for calculating the image hash value is described 
in Authenticode
+   specification.
+  @param[in]  HashSize Size of Image hash value in bytes.
+
+  @retval FALSE  This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+AuthenticodeVerify (
+  IN CONST UINT8  *AuthData,
+  IN UINTNDataSize,
+  IN CONST UINT8  *TrustedCert,
+  IN UINTNCertSize,
+  IN CONST UINT8  *ImageHash,
+  IN UINTNHashSize
+  )
+{
+  BOOLEAN  Status;
+  CONST UINT8  *OrigAuthData;
+  UINT8*SpcIndirectDataContent;
+  UINT8Asn1Byte;
+  UINTNContentSize;
+  CONST UINT8  *SpcIndirectDataOid;
+  UINT8*Ptr;
+  UINT8*End;
+  INT32Len;
+  UINTNObjLen;
+
+  OrigAuthData = AuthData;
+
+  //
+  // Check input parameters.
+  //
+  if ((AuthData == NULL) || (TrustedCert == NULL) || (ImageHash == NULL)) {
+return FALSE;
+  }
+
+  if ((DataSize > INT_MAX) || (CertSize > INT_MAX) || (HashSize > INT_MAX)) {
+return FALSE;
+  }
+
+  if (DataSize <= HashSize) {
+return FALSE;
+  }
+
+  Ptr = (UINT8 *)(UINTN)AuthData;
+  Len = (UINT32)DataSize;
+  End = Ptr + Len;
+
+  // ContentInfo
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_SEQUENCE) != 0) {
+return FALSE;
+  }
+
+  // ContentType
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_OID) != 0) {
+return FALSE;
+  }
+
+  Ptr += ObjLen;
+  // content
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) {
+return FALSE;
+  }
+
+  End = Ptr + ObjLen;
+  // signedData
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_SEQUENCE) != 0) {
+return FALSE;
+  }
+
+  // version
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_INTEGER) != 0) {
+return FALSE;
+  }
+
+  Ptr += ObjLen;
+  // digestAlgo
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_SET) != 0) {
+return FALSE;
+  }
+
+  Ptr += ObjLen;
+
+  // encapContentInfo
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_SEQUENCE) != 0) {
+return FALSE;
+  }
+
+  End = Ptr + ObjLen;
+  // eContentType
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_OID) != 0) {
+return FALSE;
+  }
+
+  Status = FALSE;
+
+  SpcIndirectDataOid = Ptr;
+  if ((ObjLen != sizeof (mSpcIndirectOidValue)) ||
+  (CompareMem (
+ SpcIndirectDataOid,
+ mSpcIndirectOidValue,
+ sizeof (mSpcIndirectOidValue)
+ ) != 0))
+  {
+//
+// Un-matched SPC_INDIRECT_DATA_OBJID.
+//
+goto _Exit;
+  }
+
+  Ptr += ObjLen;
+  // eContent
+  if (mbedtls_asn1_get_tag (, End, , MBEDTLS_ASN1_CONSTRUCTED | 
MBEDTLS_ASN1_CONTEXT_SPECIFIC) != 0) {
+return FALSE;
+  }
+
+  SpcIndirectDataContent = Ptr;
+
+  //
+  // Retrieve the SEQUENCE data size from ASN.1-encoded SpcIndirectDataContent.
+  //
+  Asn1Byte = *(SpcIndirectDataContent + 1);
+
+  if ((Asn1Byte & 0x80) == 0) {
+//
+// Short Form of Length Encoding (Length < 128)
+//
+ContentSize = (UINTN)(Asn1Byte 

[edk2-devel] [PATCH v3 04/11] CryptoPkg: Add X509 functions based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

X.509 Certificate Handler Wrapper Implementation over MbedTLS.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
 1 file changed, 1940 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
new file mode 100644
index 00..84b67c8f0a
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
@@ -0,0 +1,1940 @@
+/** @file
+  X.509 Certificate Handler Wrapper Implementation over MbedTLS.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+///
+/// OID
+///
+STATIC CONST UINT8  OID_commonName[] = {
+  0x55, 0x04, 0x03
+};
+STATIC CONST UINT8  OID_organizationName[] = {
+  0x55, 0x04, 0x0A
+};
+STATIC CONST UINT8  OID_extKeyUsage[] = {
+  0x55, 0x1D, 0x25
+};
+STATIC CONST UINT8  OID_BasicConstraints[] = {
+  0x55, 0x1D, 0x13
+};
+
+/* Profile for backward compatibility. Allows RSA 1024, unlike the default
+   profile. */
+STATIC mbedtls_x509_crt_profile  gCompatProfile =
+{
+  /* Hashes from SHA-256 and above. Note that this selection
+   * should be aligned with ssl_preset_default_hashes in ssl_tls.c. */
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA256) |
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA384) |
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_MD_SHA512),
+  0xFFF,   /* Any PK alg*/
+
+  /* Curves at or above 128-bit security level. Note that this selection
+   * should be aligned with ssl_preset_default_curves in ssl_tls.c. */
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP256R1) |
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP384R1) |
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_SECP521R1) |
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP256R1) |
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP384R1) |
+  MBEDTLS_X509_ID_FLAG (MBEDTLS_ECP_DP_BP512R1) |
+  0,
+  1024,
+};
+
+/**
+  Construct a X509 object from DER-encoded certificate data.
+
+  If Cert is NULL, then return FALSE.
+  If SingleX509Cert is NULL, then return FALSE.
+
+  @param[in]  CertPointer to the DER-encoded certificate data.
+  @param[in]  CertSizeThe size of certificate data in bytes.
+  @param[out] SingleX509Cert  The generated X509 object.
+
+  @retval TRUEThe X509 object generation succeeded.
+  @retval FALSE   The operation failed.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificate (
+  IN CONST UINT8  *Cert,
+  IN UINTNCertSize,
+  OUT UINT8   **SingleX509Cert
+  )
+{
+  mbedtls_x509_crt  *MbedTlsCert;
+  INT32 Ret;
+
+  if ((Cert == NULL) || (SingleX509Cert == NULL) || (CertSize == 0)) {
+return FALSE;
+  }
+
+  MbedTlsCert = AllocateZeroPool (sizeof (mbedtls_x509_crt));
+  if (MbedTlsCert == NULL) {
+return FALSE;
+  }
+
+  mbedtls_x509_crt_init (MbedTlsCert);
+
+  *SingleX509Cert = (UINT8 *)(VOID *)MbedTlsCert;
+  Ret = mbedtls_x509_crt_parse_der (MbedTlsCert, Cert, CertSize);
+  if (Ret == 0) {
+return TRUE;
+  } else {
+mbedtls_x509_crt_free (MbedTlsCert);
+FreePool (MbedTlsCert);
+return FALSE;
+  }
+}
+
+/**
+  Construct a X509 stack object from a list of DER-encoded certificate data.
+
+  If X509Stack is NULL, then return FALSE.
+  If this interface is not supported, then return FALSE.
+
+  @param[in, out]  X509Stack  On input, pointer to an existing or NULL X509 
stack object.
+  On output, pointer to the X509 stack object with 
new
+  inserted X509 certificate.
+  @param[in]   Args   VA_LIST marker for the variable argument list.
+  A list of DER-encoded single certificate data 
followed
+  by certificate size. A NULL terminates the list. 
The
+  pairs are the arguments to 
X509ConstructCertificate().
+
+  @retval TRUEThe X509 stack construction succeeded.
+  @retval FALSE   The construction operation failed.
+  @retval FALSE   This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+X509ConstructCertificateStackV (
+  IN OUT UINT8  **X509Stack,
+  IN VA_LISTArgs
+  )
+{
+  UINT8 *Cert;
+  UINTN CertSize;
+  INT32 Index;
+  INT32 Ret;
+  mbedtls_x509_crt  *Crt;
+
+  if (X509Stack == NULL) {
+return FALSE;
+  }
+
+  Ret = 0;
+  Crt = NULL;
+  if (*X509Stack == NULL) {
+Crt = AllocateZeroPool (sizeof (mbedtls_x509_crt));
+if (Crt == NULL) {
+  return FALSE;
+}
+
+mbedtls_x509_crt_init (Crt);
+*X509Stack = (UINT8 *)Crt;
+  }
+
+  for (Index = 0; ; Index++) {
+//
+// If Cert is NULL, then it is the end 

[edk2-devel] [PATCH v3 06/11] CryptoPkg: Add Pkcs5 functions based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c | 100 ++
 1 file changed, 100 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
new file mode 100644
index 00..94f1fcfa3b
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
@@ -0,0 +1,100 @@
+/** @file
+  PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+
+/**
+  Derives a key from a password using a salt and iteration count, based on 
PKCS#5 v2.0
+  password based encryption key derivation function PBKDF2, as specified in 
RFC 2898.
+
+  If Password or Salt or OutKey is NULL, then return FALSE.
+  If the hash algorithm could not be determined, then return FALSE.
+
+  @param[in]  PasswordLength  Length of input password in bytes.
+  @param[in]  PasswordPointer to the array for the password.
+  @param[in]  SaltLength  Size of the Salt in bytes.
+  @param[in]  SaltPointer to the Salt.
+  @param[in]  IterationCount  Number of iterations to perform. Its value 
should be
+  greater than or equal to 1.
+  @param[in]  DigestSize  Size of the message digest to be used (eg. 
SHA256_DIGEST_SIZE).
+  NOTE: DigestSize will be used to determine the 
hash algorithm.
+Only SHA1_DIGEST_SIZE or 
SHA256_DIGEST_SIZE is supported.
+  @param[in]  KeyLength   Size of the derived key buffer in bytes.
+  @param[out] OutKey  Pointer to the output derived key buffer.
+
+  @retval  TRUE   A key was derived successfully.
+  @retval  FALSE  One of the pointers was NULL or one of the sizes was too 
large.
+  @retval  FALSE  The hash algorithm could not be determined from the digest 
size.
+  @retval  FALSE  The key derivation operation failed.
+
+**/
+BOOLEAN
+EFIAPI
+Pkcs5HashPassword (
+  IN UINTNPasswordLength,
+  IN CONST CHAR8  *Password,
+  IN UINTNSaltLength,
+  IN CONST UINT8  *Salt,
+  IN UINTNIterationCount,
+  IN UINTNDigestSize,
+  IN UINTNKeyLength,
+  OUT UINT8   *OutKey
+  )
+{
+  mbedtls_md_type_t  HashAlg;
+
+  //
+  // Parameter Checking.
+  //
+  if ((Password == NULL) || (Salt == NULL) || (OutKey == NULL)) {
+return FALSE;
+  }
+
+  if ((PasswordLength == 0) || (PasswordLength > INT_MAX) ||
+  (SaltLength == 0) || (SaltLength > INT_MAX) ||
+  (KeyLength == 0) || (KeyLength > INT_MAX) ||
+  (IterationCount < 1) || (IterationCount > INT_MAX))
+  {
+return FALSE;
+  }
+
+  //
+  // Make sure the digest algorithm is supported.
+  //
+  switch (DigestSize) {
+case SHA1_DIGEST_SIZE:
+  HashAlg = MBEDTLS_MD_SHA1;
+  break;
+case SHA256_DIGEST_SIZE:
+  HashAlg = MBEDTLS_MD_SHA256;
+  break;
+default:
+  return FALSE;
+  break;
+  }
+
+  //
+  // Perform password-based key derivation routines.
+  //
+  if (mbedtls_pkcs5_pbkdf2_hmac_ext (
+HashAlg,
+(CONST UINT8 *)Password,
+(int)PasswordLength,
+(CONST UINT8 *)Salt,
+(int)SaltLength,
+(int)IterationCount,
+(int)KeyLength,
+(UINT8 *)OutKey
+) != 0)
+  {
+return FALSE;
+  } else {
+return TRUE;
+  }
+}
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118737): https://edk2.groups.io/g/devel/message/118737
Mute This Topic: https://groups.io/mt/105996832/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 05/11] CryptoPkg: Add Pkcs7 related functions based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Because the current Mbedlts pkcs7 library doesn't support
authenticatedAttributes:
Mbed-TLS/mbedtls@bb82ab7
and only support 0 or 1 certificates in Signed data:
tianocore/edk2-staging@9c5b26b

The patch implement Pkcs7 by low Mbedtls Api.
And the implementation has pass unit_tes and integration test.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/Include/Library/BaseCryptLib.h  |2 +
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   33 +
 .../Pk/CryptPkcs7Internal.h   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 
 .../Pk/CryptPkcs7VerifyBase.c |  113 ++
 .../Pk/CryptPkcs7VerifyCommon.c   | 1354 +
 .../Pk/CryptPkcs7VerifyEku.c  |  689 +
 7 files changed, 2843 insertions(+), 12 deletions(-)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index 111df8e78b..ac5841f1d9 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -2351,6 +2351,8 @@ Pkcs7FreeSigners (
   unchained to the signer's certificates.
   The input signed data could be wrapped in a ContentInfo structure.
 
+  Pkcs7GetCertificatesList has not been implemented in BaseCryptoLibMbedTls.
+
   @param[in]  P7DataPointer to the PKCS#7 message.
   @param[in]  P7Length  Length of the PKCS#7 message in bytes.
   @param[out] SignerChainCerts  Pointer to the certificates list chained to 
signer's
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
index a30666cef4..c9f19dd0cd 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
@@ -38,4 +38,37 @@ MbedtlsRand (
   UINT8  *Output,
   UINTN  Len
   );
+
+/**
+  Check input P7Data is a wrapped ContentInfo structure or not. If not 
construct
+  a new structure to wrap P7Data.
+
+  Caution: This function may receive untrusted input.
+  UEFI Authenticated Variable is external input, so this function will do basic
+  check for PKCS#7 data structure.
+
+  @param[in]  P7Data   Pointer to the PKCS#7 message to verify.
+  @param[in]  P7Length Length of the PKCS#7 message in bytes.
+  @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise
+   return FALSE.
+  @param[out] WrapData If return status of this function is TRUE:
+   1) when WrapFlag is TRUE, pointer to P7Data.
+   2) when WrapFlag is FALSE, pointer to a new 
ContentInfo
+   structure. It's caller's responsibility to free this
+   buffer.
+  @param[out] WrapDataSize Length of ContentInfo structure in bytes.
+
+  @retval TRUE The operation is finished successfully.
+  @retval FALSEThe operation is failed due to lack of resources.
+
+**/
+BOOLEAN
+WrapPkcs7Data (
+  IN  CONST UINT8  *P7Data,
+  IN  UINTNP7Length,
+  OUT BOOLEAN  *WrapFlag,
+  OUT UINT8**WrapData,
+  OUT UINTN*WrapDataSize
+  );
+
 #endif
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
index 207f493cbb..cbdd1dc530 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Internal.h
@@ -4,7 +4,7 @@
 
   RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5
 
-Copyright (c) 2023, Intel Corporation. All rights reserved.
+Copyright (c) 2023-2024, Intel Corporation. All rights reserved.
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -31,10 +31,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define MBEDTLS_OID_PKCS7_DIGESTED_DATA  MBEDTLS_OID_PKCS7 "\x05"
 #define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06"
 
-typedef mbedtls_asn1_buf MBEDTLSPKCS7BUF;
-typedef mbedtls_asn1_named_data  MBEDTLSPKCS7NAME;
-typedef mbedtls_asn1_sequenceMBEDTLSPKCS7SEQUENCE;
-
 ///
 /// PKCS7 SignerInfo type
 /// https://tools.ietf.org/html/rfc2315#section-9.2
@@ -48,8 +44,8 @@ typedef struct MbedtlsPkcs7SignerInfo {
   mbedtls_x509_buf SigAlgIdentifier;
   mbedtls_x509_buf AuthAttr;
   mbedtls_x509_buf Sig;
-  struct MBEDTLSPKCS7SIGNERINFO*Next;
-} MBEDTLSPKCS7SIGNERINFO;
+  struct MbedtlsPkcs7SignerInfo*Next;
+} MbedtlsPkcs7SignerInfo;

[edk2-devel] [PATCH v3 03/11] CryptoPkg: Add Pem APIs based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Implement Pem API based on Mbedtls.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../BaseCryptLibMbedTls/Pem/CryptPem.c| 138 ++
 1 file changed, 138 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
new file mode 100644
index 00..56411174dd
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
@@ -0,0 +1,138 @@
+/** @file
+  PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over 
MbedTLS.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+  Retrieve the RSA Private Key from the password-protected PEM key data.
+
+  @param[in]  PemData  Pointer to the PEM-encoded key data to be retrieved.
+  @param[in]  PemSize  Size of the PEM key data in bytes.
+  @param[in]  Password NULL-terminated passphrase used for encrypted PEM 
key data.
+  @param[out] RsaContext   Pointer to new-generated RSA context which contain 
the retrieved
+   RSA private key component. Use RsaFree() function 
to free the
+   resource.
+
+  If PemData is NULL, then return FALSE.
+  If RsaContext is NULL, then return FALSE.
+
+  @retval  TRUE   RSA Private Key was retrieved successfully.
+  @retval  FALSE  Invalid PEM key data or incorrect password.
+
+**/
+BOOLEAN
+EFIAPI
+RsaGetPrivateKeyFromPem (
+  IN   CONST UINT8  *PemData,
+  IN   UINTNPemSize,
+  IN   CONST CHAR8  *Password,
+  OUT  VOID **RsaContext
+  )
+{
+  INT32Ret;
+  mbedtls_pk_context   Pk;
+  mbedtls_rsa_context  *Rsa;
+  UINT8*NewPemData;
+  UINTNPasswordLen;
+
+  if ((PemData == NULL) || (RsaContext == NULL) || (PemSize > INT_MAX)) {
+return FALSE;
+  }
+
+  NewPemData = NULL;
+  if (PemData[PemSize - 1] != 0) {
+NewPemData = AllocateZeroPool (PemSize + 1);
+if (NewPemData == NULL) {
+  return FALSE;
+}
+
+CopyMem (NewPemData, PemData, PemSize + 1);
+NewPemData[PemSize] = 0;
+PemData = NewPemData;
+PemSize+= 1;
+  }
+
+  mbedtls_pk_init ();
+
+  if (Password != NULL) {
+PasswordLen = AsciiStrLen (Password);
+  } else {
+PasswordLen = 0;
+  }
+
+  Ret = mbedtls_pk_parse_key (, PemData, PemSize, (CONST UINT8 *)Password, 
PasswordLen, NULL, NULL);
+
+  if (NewPemData != NULL) {
+FreePool (NewPemData);
+NewPemData = NULL;
+  }
+
+  if (Ret != 0) {
+mbedtls_pk_free ();
+return FALSE;
+  }
+
+  if (mbedtls_pk_get_type () != MBEDTLS_PK_RSA) {
+mbedtls_pk_free ();
+return FALSE;
+  }
+
+  Rsa = RsaNew ();
+  if (Rsa == NULL) {
+mbedtls_pk_free ();
+return FALSE;
+  }
+
+  Ret = mbedtls_rsa_copy (Rsa, mbedtls_pk_rsa (Pk));
+  if (Ret != 0) {
+RsaFree (Rsa);
+mbedtls_pk_free ();
+return FALSE;
+  }
+
+  mbedtls_pk_free ();
+
+  *RsaContext = Rsa;
+  return TRUE;
+}
+
+/**
+  Retrieve the EC Private Key from the password-protected PEM key data.
+
+  @param[in]  PemData  Pointer to the PEM-encoded key data to be retrieved.
+  @param[in]  PemSize  Size of the PEM key data in bytes.
+  @param[in]  Password NULL-terminated passphrase used for encrypted PEM 
key data.
+  @param[out] EcContextPointer to new-generated EC DSA context which 
contain the retrieved
+   EC private key component. Use EcFree() function to 
free the
+   resource.
+
+  If PemData is NULL, then return FALSE.
+  If EcContext is NULL, then return FALSE.
+
+  @retval  TRUE   EC Private Key was retrieved successfully.
+  @retval  FALSE  Invalid PEM key data or incorrect password.
+
+**/
+BOOLEAN
+EFIAPI
+EcGetPrivateKeyFromPem (
+  IN   CONST UINT8  *PemData,
+  IN   UINTNPemSize,
+  IN   CONST CHAR8  *Password,
+  OUT  VOID **EcContext
+  )
+{
+  ASSERT (FALSE);
+  return FALSE;
+}
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118734): https://edk2.groups.io/g/devel/message/118734
Mute This Topic: https://groups.io/mt/105996829/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 02/11] CryptoPkg: Add rand function for BaseCryptLibMbedTls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add rand function for BaseCryptLibMbedTls.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 CryptoPkg/Include/Library/BaseCryptLib.h  |   2 +
 .../BaseCryptLibMbedTls/InternalCryptLib.h|  16 +++
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  | 114 ++
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   | 114 ++
 4 files changed, 246 insertions(+)
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c

diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h 
b/CryptoPkg/Include/Library/BaseCryptLib.h
index 86f784a1d2..111df8e78b 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -3139,6 +3139,8 @@ DhComputeKey (
   If Seed is NULL, then default seed is used.
   If this interface is not supported, then return FALSE.
 
+  RandomSeed has not been implemented in BaseCryptoLibMbedTls.
+
   @param[in]  Seed  Pointer to seed value.
 If NULL, default seed is used.
   @param[in]  SeedSize  Size of seed value.
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h 
b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
index 039aa32028..a30666cef4 100644
--- a/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/InternalCryptLib.h
@@ -22,4 +22,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 //
 #include 
 
+/**
+  The MbedTLS function f_rng, which MbedtlsRand implements.
+
+  @param[in]   RngState Not used, just for compatibility with mbedlts.
+  @param[out]  Output  Pointer to buffer to receive random value.
+  @param[in]   LenSize of random bytes to generate.
+
+  @retval 0  Pseudorandom byte stream generated successfully.
+  @retval Non-0  Pseudorandom number generator fails to generate due to lack 
of entropy.
+**/
+INT32
+MbedtlsRand (
+  VOID   *RngState,
+  UINT8  *Output,
+  UINTN  Len
+  );
 #endif
diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
new file mode 100644
index 00..e01aabc0de
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
@@ -0,0 +1,114 @@
+/** @file
+  Pseudorandom Number Generator Wrapper Implementation over MbedTLS.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+
+/**
+  Sets up the seed value for the pseudorandom number generator.
+
+  This function sets up the seed value for the pseudorandom number generator.
+  If Seed is not NULL, then the seed passed in is used.
+  If Seed is NULL, then default seed is used.
+
+  @param[in]  Seed  Pointer to seed value.
+If NULL, default seed is used.
+  @param[in]  SeedSize  Size of seed value.
+If Seed is NULL, this parameter is ignored.
+
+  @retval TRUE   Pseudorandom number generator has enough entropy for random 
generation.
+  @retval FALSE  Pseudorandom number generator does not have enough entropy 
for random generation.
+
+**/
+BOOLEAN
+EFIAPI
+RandomSeed (
+  IN  CONST  UINT8  *Seed  OPTIONAL,
+  IN  UINTN SeedSize
+  )
+{
+  return TRUE;
+}
+
+/**
+  Generates a pseudorandom byte stream of the specified size.
+
+  If Output is NULL, then return FALSE.
+
+  @param[out]  Output  Pointer to buffer to receive random value.
+  @param[in]   SizeSize of random bytes to generate.
+
+  @retval TRUE   Pseudorandom byte stream generated successfully.
+  @retval FALSE  Pseudorandom number generator fails to generate due to lack 
of entropy.
+
+**/
+BOOLEAN
+EFIAPI
+RandomBytes (
+  OUT  UINT8  *Output,
+  IN   UINTN  Size
+  )
+{
+  BOOLEAN  Ret;
+  volatile UINT64  TempRand;
+
+  //
+  // Check input parameters.
+  //
+  if ((Output == NULL) || (Size > INT_MAX)) {
+return FALSE;
+  }
+
+  Ret = FALSE;
+
+  while (Size > 0) {
+// Use RngLib to get random number
+Ret = GetRandomNumber64 ((UINT64 *));
+
+if (!Ret) {
+  TempRand = 0;
+  return Ret;
+}
+
+if (Size >= sizeof (TempRand)) {
+  *((UINT64 *)Output) = TempRand;
+  Output += sizeof (UINT64);
+  Size   -= sizeof (TempRand);
+} else {
+  CopyMem (Output, (VOID *), Size);
+  Size = 0;
+}
+  }
+
+  TempRand = 0;
+  return Ret;
+}
+
+/**
+  The MbedTLS function f_rng, which MbedtlsRand implements.
+
+  @param[in]   RngState Not used, just for compatibility with mbedlts.
+  @param[out]  Output  Pointer to buffer to receive random value.
+  @param[in]   LenSize of random bytes to generate.
+
+  @retval 0  Pseudorandom byte stream generated successfully.
+  @retval Non-0  Pseudorandom number generator fails to generate due to lack 
of entropy.
+**/
+INT32
+MbedtlsRand (

[edk2-devel] [PATCH v3 01/11] CryptoPkg: Add AeadAesGcm based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

AeadAesGcm implementation based on Mbedtls.

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 
---
 .../Cipher/CryptAeadAesGcm.c  | 227 ++
 1 file changed, 227 insertions(+)
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c

diff --git a/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c 
b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
new file mode 100644
index 00..b49d6f9f87
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
@@ -0,0 +1,227 @@
+/** @file
+  AEAD (AES-GCM) Wrapper Implementation over MbedTLS.
+
+  RFC 5116 - An Interface and Algorithms for Authenticated Encryption
+  NIST SP800-38d - Cipher Modes of Operation: Galois / Counter Mode(GCM) and 
GMAC
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include 
+
+/**
+  Performs AEAD AES-GCM authenticated encryption on a data buffer and 
additional authenticated data (AAD).
+
+  IvSize must be 12, otherwise FALSE is returned.
+  KeySize must be 16, 24 or 32, otherwise FALSE is returned.
+  TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.
+
+  @param[in]   Key Pointer to the encryption key.
+  @param[in]   KeySize Size of the encryption key in bytes.
+  @param[in]   Iv  Pointer to the IV value.
+  @param[in]   IvSize  Size of the IV value in bytes.
+  @param[in]   AData   Pointer to the additional authenticated data (AAD).
+  @param[in]   ADataSize   Size of the additional authenticated data (AAD) in 
bytes.
+  @param[in]   DataIn  Pointer to the input data buffer to be encrypted.
+  @param[in]   DataInSize  Size of the input data buffer in bytes.
+  @param[out]  TagOut  Pointer to a buffer that receives the 
authentication tag output.
+  @param[in]   TagSize Size of the authentication tag in bytes.
+  @param[out]  DataOut Pointer to a buffer that receives the encryption 
output.
+  @param[out]  DataOutSize Size of the output data buffer in bytes.
+
+  @retval TRUE   AEAD AES-GCM authenticated encryption succeeded.
+  @retval FALSE  AEAD AES-GCM authenticated encryption failed.
+
+**/
+BOOLEAN
+EFIAPI
+AeadAesGcmEncrypt (
+  IN   CONST UINT8  *Key,
+  IN   UINTNKeySize,
+  IN   CONST UINT8  *Iv,
+  IN   UINTNIvSize,
+  IN   CONST UINT8  *AData,
+  IN   UINTNADataSize,
+  IN   CONST UINT8  *DataIn,
+  IN   UINTNDataInSize,
+  OUT  UINT8*TagOut,
+  IN   UINTNTagSize,
+  OUT  UINT8*DataOut,
+  OUT  UINTN*DataOutSize
+  )
+{
+  mbedtls_gcm_context  Ctx;
+  INT32Ret;
+
+  if (DataInSize > INT_MAX) {
+return FALSE;
+  }
+
+  if (ADataSize > INT_MAX) {
+return FALSE;
+  }
+
+  if (IvSize != 12) {
+return FALSE;
+  }
+
+  switch (KeySize) {
+case 16:
+case 24:
+case 32:
+  break;
+default:
+  return FALSE;
+  }
+
+  if ((TagSize != 12) && (TagSize != 13) && (TagSize != 14) && (TagSize != 15) 
&& (TagSize != 16)) {
+return FALSE;
+  }
+
+  if (DataOutSize != NULL) {
+if ((*DataOutSize > INT_MAX) || (*DataOutSize < DataInSize)) {
+  return FALSE;
+}
+  }
+
+  mbedtls_gcm_init ();
+
+  Ret = mbedtls_gcm_setkey (, MBEDTLS_CIPHER_ID_AES, Key, (UINT32)(KeySize 
* 8));
+  if (Ret != 0) {
+return FALSE;
+  }
+
+  Ret = mbedtls_gcm_crypt_and_tag (
+  ,
+  MBEDTLS_GCM_ENCRYPT,
+  (UINT32)DataInSize,
+  Iv,
+  (UINT32)IvSize,
+  AData,
+  (UINT32)ADataSize,
+  DataIn,
+  DataOut,
+  TagSize,
+  TagOut
+  );
+  mbedtls_gcm_free ();
+  if (Ret != 0) {
+return FALSE;
+  }
+
+  if (DataOutSize != NULL) {
+*DataOutSize = DataInSize;
+  }
+
+  return TRUE;
+}
+
+/**
+  Performs AEAD AES-GCM authenticated decryption on a data buffer and 
additional authenticated data (AAD).
+
+  IvSize must be 12, otherwise FALSE is returned.
+  KeySize must be 16, 24 or 32, otherwise FALSE is returned.
+  TagSize must be 12, 13, 14, 15, 16, otherwise FALSE is returned.
+  If additional authenticated data verification fails, FALSE is returned.
+
+  @param[in]   Key Pointer to the encryption key.
+  @param[in]   KeySize Size of the encryption key in bytes.
+  @param[in]   Iv  Pointer to the IV value.
+  @param[in]   IvSize  Size of the IV value in bytes.
+  @param[in]   AData   Pointer to the additional authenticated data (AAD).
+  @param[in]   ADataSize   Size of the additional authenticated data (AAD) in 
bytes.
+  @param[in]   DataIn  Pointer to the input data buffer to be decrypted.
+  @param[in]   DataInSize  Size of the input data buffer in bytes.
+  @param[in]   Tag Pointer to a buffer that contains the 
authentication tag.
+  @param[in]   TagSize 

[edk2-devel] [PATCH v3 00/11] Add more crypt APIs based on Mbedtls

[Wenxing Hou]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177

Add AeadAesGcm/Pem(only RSA)/X509(only RSA)/More 
RSA/PKCS5/pKCS7/Authenticode/Timestamp
implementation based on Mbedtls.

The patch has passed the EDKII CI check:
https://github.com/tianocore/edk2/pull/5552

And the patch has passed unit_test in EDKII and integration test for platform.
And the patch hass passed the fuzz test:
https://github.com/tianocore/edk2-staging/commit/4f19398053c92e4f7791d468a184530b6ab89128

v2 changes:
 - Fix format variable name/hardcode number issue;
 - Fix Pkcs7 memory leak;

v3 changes:
 - Fix some issues form reviewer;
 - Add SHA3/SM3 implementation;
 - Update *.inf files;

Cc: Jiewen Yao 
Cc: Yi Li 
Signed-off-by: Wenxing Hou 

Wenxing Hou (11):
  CryptoPkg: Add AeadAesGcm based on Mbedtls
  CryptoPkg: Add rand function for BaseCryptLibMbedTls
  CryptoPkg: Add Pem APIs based on Mbedtls
  CryptoPkg: Add X509 functions based on Mbedtls
  CryptoPkg: Add Pkcs7 related functions based on Mbedtls
  CryptoPkg: Add Pkcs5 functions based on Mbedtls
  CryptoPkg: Add more RSA related functions based on Mbedtls
  CryptoPkg: Add AuthenticodeVerify based on Mbedtls
  CryptoPkg: Add ImageTimestampVerify based on Mbedtls
  CryptoPkg: Update *.inf in BaseCryptLibMbedTls
  Add SHA3/SM3 functions with openssl for Mbedtls

 CryptoPkg/Include/Library/BaseCryptLib.h  |4 +
 .../BaseCryptLibMbedTls/BaseCryptLib.inf  |   47 +-
 .../Cipher/CryptAeadAesGcm.c  |  227 ++
 .../BaseCryptLibMbedTls/InternalCryptLib.h|   49 +
 .../BaseCryptLibMbedTls/PeiCryptLib.inf   |   27 +-
 .../BaseCryptLibMbedTls/Pem/CryptPem.c|  138 ++
 .../Pk/CryptAuthenticode.c|  214 ++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c   |  278 +++
 .../BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c |  100 +
 .../Pk/CryptPkcs7Internal.h   |   29 +-
 .../BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c   |  635 ++
 .../Pk/CryptPkcs7VerifyBase.c |  113 +
 .../Pk/CryptPkcs7VerifyCommon.c   | 1354 
 .../Pk/CryptPkcs7VerifyEku.c  |  689 ++
 .../BaseCryptLibMbedTls/Pk/CryptRsaExt.c  |  352 +++
 .../BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c  |  140 ++
 .../Library/BaseCryptLibMbedTls/Pk/CryptTs.c  |  381 
 .../BaseCryptLibMbedTls/Pk/CryptX509.c| 1940 +
 .../BaseCryptLibMbedTls/Rand/CryptRand.c  |  114 +
 .../BaseCryptLibMbedTls/Rand/CryptRandTsc.c   |  114 +
 .../BaseCryptLibMbedTls/RuntimeCryptLib.inf   |   26 +-
 .../BaseCryptLibMbedTls/SmmCryptLib.inf   |   36 +-
 .../BaseCryptLibMbedTls/TestBaseCryptLib.inf  |   39 +-
 CryptoPkg/Library/MbedTlsLib/MbedTlsLib.inf   |6 +
 .../Library/MbedTlsLib/MbedTlsLibFull.inf |6 +
 25 files changed, 6973 insertions(+), 85 deletions(-)
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Cipher/CryptAeadAesGcm.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pem/CryptPem.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptAuthenticode.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs1Oaep.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs5Pbkdf2.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7Sign.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyBase.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyCommon.c
 create mode 100644 
CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptPkcs7VerifyEku.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaExt.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptRsaPssSign.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptTs.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Pk/CryptX509.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRand.c
 create mode 100644 CryptoPkg/Library/BaseCryptLibMbedTls/Rand/CryptRandTsc.c

-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118731): https://edk2.groups.io/g/devel/message/118731
Mute This Topic: https://groups.io/mt/105996826/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH RESEND edk2-platforms][PATCH V2 12/14] Platform/ARM: Add CadenceQspiNorFlashDeviceLib for NorFlashDxe

[sahil]

Hi Pierre, Thanks for reviewing the patchset. Please find my comment inline
below.

On Thu, 2 May 2024 at 18:47, PierreGondois via groups.io  wrote:
>
> Hello Sahil,
>
> On 4/23/24 07:56, Sahil Kaushal via groups.io wrote:
> > From: sahil 
> >
> > In N1Sdp platform, the SoC is connected to IOFPGA which has a
> > Cadence Quad SPI (QSPI) controller. This QSPI controller manages
> > the flash chip device via QSPI bus.
> >
> > This patch adds CadenceQspiNorFlashDeviceLib which is used to
> > manage and access the above configuration.
> >
> > Signed-off-by: sahil 
> > ---
> >
Platform/ARM/Library/CadenceQspiNorFlashDeviceLib/CadenceQspiNorFlashDeviceLib.inf
|   32 +
> >
Platform/ARM/Library/CadenceQspiNorFlashDeviceLib/CadenceQspiNorFlashDeviceLib.h
  |   44 +
> >
Platform/ARM/Library/CadenceQspiNorFlashDeviceLib/CadenceQspiNorFlashDeviceLib.c
  | 1011 
> >   3 files changed, 1087 insertions(+)
> >
>
> [snip]
>
> > +
> > +/**
> > +  Converts milliseconds into number of ticks of the performance
counter.
> > +
> > +  @param[in] Milliseconds  Milliseconds to convert into ticks.
> > +
> > +  @retval Milliseconds expressed as number of ticks.
> > +
> > +**/
> > +STATIC
> > +UINT64
> > +MilliSecondsToTicks (
> > +  IN UINTN  Milliseconds
> > +  )
> > +{
> > +  CONST UINT64  NanoSecondsPerTick = GetTimeInNanoSecond (1);
> > +
> > +  return (Milliseconds * 100) / NanoSecondsPerTick;
>
> Should use DivU64x64Remainder() here:
> {
>UINT64  NanoSecondsPerTick;
>UINT64  NanoSeconds;
>
>NanoSecondsPerTick = GetTimeInNanoSecond (1);
>NanoSeconds = MultU64x32 (Milliseconds, 100);
>
>return DivU64x64Remainder (NanoSeconds, NanoSecondsPerTick, NULL);
> }
>
> > +}
> > +
> > +/**
> > +  Poll Status register for NOR flash erase/write completion.
> > +
> > +  @param[in]  Instance   NOR flash Instance.
> > +
> > +  @retval EFI_SUCCESSRequest is executed successfully.
> > +  @retval EFI_TIMEOUTOperation timed out.
> > +  @retval EFI_DEVICE_ERROR   Controller operartion failed.
>
> operartion -> typo
> (same at another place I think)
>
> [snip]
>
> > +
> > +/**
> > +  Read from nor flash.
> > +
> > +  @param[in] Instance   NOR flash Instance of variable
store region.
> > +  @param[in] LbaThe starting logical block
index to read from.
> > +  @param[in] Offset Offset into the block at which
to begin reading.
> > +  @param[in] BufferSizeInBytes  The number of bytes to read.
> > +  @param[out]Buffer The pointer to a
caller-allocated buffer that
> > +should copied with read data.
> > +
> > +  @retvalEFI_SUCCESSThe read is completed.
> > +  @retvalEFI_INVALID_PARAMETER  Invalid parameters passed.
> > +**/
> > +EFI_STATUS
> > +NorFlashRead (
> > +  IN NOR_FLASH_INSTANCE  *Instance,
> > +  IN EFI_LBA Lba,
> > +  IN UINTN   Offset,
> > +  IN UINTN   BufferSizeInBytes,
> > +  OUT VOID   *Buffer
> > +  )
> > +{
> > +  UINTN  StartAddress;
> > +
> > +  // The buffer must be valid
> > +  if (Buffer == NULL) {
> > +return EFI_INVALID_PARAMETER;
> > +  }
> > +
> > +  // Return if we do not have any byte to read
> > +  if (BufferSizeInBytes == 0) {
> > +return EFI_SUCCESS;
> > +  }
> > +
> > +  if (((Lba * Instance->Media.BlockSize) + Offset + BufferSizeInBytes)
>
> > +  Instance->Size)
> > +  {
> > +DEBUG ((
> > +  DEBUG_ERROR,
> > +  "NorFlashRead: ERROR - Read will exceed device size.\n"
> > +  ));
> > +return EFI_INVALID_PARAMETER;
> > +  }
> > +
> > +  // Get the address to start reading from
> > +  StartAddress = GET_NOR_BLOCK_ADDRESS (
> > +   Instance->RegionBaseAddress,
> > +   Lba,
> > +   Instance->Media.BlockSize
> > +   );
> > +
> > +  // Readout the data
> > +  CopyMem (Buffer, (UINTN *)(StartAddress + Offset),
BufferSizeInBytes);
>
> The original code at:
>Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlashDeviceLib.c
>
> implements and uses AlignedCopyMem()/NorFlashWriteBuffer() which seems
> to be more efficient.
> Just to be sure I understand correctly, is the maximal read/write size
> of 4 bytes ? Meaning that these functions are not needed ?
>
> ---
>
> NorFlashWriteBuffer() is not implemented here IIUC won't be implemtned as
not
> needed. Maybe in an additional patch, the function could be removed from
the
> library interface at:
>Platform/ARM/Include/Library/NorFlashDeviceLib.h
> and made static in:
>Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlashDeviceLib.c
>
CopyMem() and AlignedCopyMem() have nearly identical implementations,
therefore I think we can
continue using CopyMem() here.

For NorFlashWriteBuffer(), in the P30 spec, it looks like buffered
programming is one of the features
of the IP whereas there is no