Hi Rebecca,
Switching the external dependency to the below should resolve your issue:
"source":
"https://pkgs.dev.azure.com/projectmu/mu/_packaging/Basetools-Binary/nuget/v3/index.json;
"version": "20015.5.0"
Thanks,
Joey
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages
Thanks for the cleanup.
For Ampere Altra,
Reviewed-by: Nhi Pham
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119663): https://edk2.groups.io/g/devel/message/119663
Mute This Topic: https://groups.io/mt/106780877/21656
Group Owner:
Hello everyone,
I was scrolling through the UEFI HII and encountered an option which i failed
to find any proper explanation about it.
Could you please explain point of mitigating DMA access for PCI.Thanks
--- Forwarded Message ---
From: memristor2
Date: On Tuesday, June 18th, 2024 at
.io>
mailto:devel@edk2.groups.io>> 代表 Chang, Abner via
groups.io
发送时间: 2024年6月18日 10:50
收件人: Chesley, Brit mailto:brit.ches...@amd.com>>;
devel@edk2.groups.io<mailto:devel@edk2.groups.io>
主题: Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: UsbBusDxe: Rebuild Descriptor
Table
Hi H
?
Thanks
Liming
发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
mailto:devel@edk2.groups.io>> 代表 Chang, Abner via
groups.io
发送时间: 2024年6月18日 10:50
收件人: Chesley, Brit mailto:brit.ches...@amd.com>>;
devel@edk2.groups.io<mailto:devel@edk2.groups.io>
主题: Re: [e
Abner:
Is PR for this change?
Thanks
Liming
发件人: devel@edk2.groups.io 代表 Chang, Abner via groups.io
发送时间: 2024年6月18日 10:50
收件人: Chesley, Brit ; devel@edk2.groups.io
主题: Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: UsbBusDxe: Rebuild Descriptor
Table
Hi Hao,
What is your comment
Hi Hao,
What is your comment on the response from Brit? Hoping that I didn't miss the
latest conversation of this thread.
Thanks
Abner
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119598):
Zhihao:
I have no other comment for the change in MdeModulePkg. Please create pull
request for it.
Thanks
Liming
> -邮件原件-
> 发件人: Li, Zhihao
> 发送时间: 2024年6月11日 15:36
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: Chiu, Chasel ; Desimone, Nathaniel L
> ; Duggapu, Chinni B
> ; Chen, Gang
Can you create pull request for this change? I will add my review for it.
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Dhaval Sharma
> 发送时间: 2024年6月11日 12:09
> 收件人: devel@edk2.groups.io
> 抄送: Liming Gao
> 主题: [edk2-devel] [PATCH v1 1/1] MdeModulePkg: Avoid efi memory
allocation
> for SP
day, May 31, 2024 8:20 PM
> >> To: Tommy Huang ;
> devel@edk2.groups.io;
> >> quic_llind...@quicinc.com
> >> Cc: a...@kernel.org; nathaniel.l.desim...@intel.com;
> >> michael.d.kin...@intel.com; Ryan Chen ;
> >> BMC-SW
> >> Subject: Re: [edk2-d
uicinc.com
> Cc: a...@kernel.org; nathaniel.l.desim...@intel.com;
> michael.d.kin...@intel.com; Ryan Chen ;
> BMC-SW
> Subject: Re: [edk2-devel] [PATCH] ASpeed/ASpeedGopBinPkg: Update
> X64/AArch64 Gop UEFI Driver
>
> On 5/30/2024 8:33 AM, Tommy Huang wrote>> On 5/29/2024 8:
> On Jun 10, 2024, at 10:42 PM, Alistair Francis wrote:
>
> Hello,
>
> I'm trying to use SPDM over DOE as a EDKII_DEVICE_SECURITY_PROTOCOL
> implementation.
>
> I'm using the DeviceSecurity fork from staging, with my own DOE
> implementation [5].
>
> First I load `DeviceSecurityPolicyStub`
Thanks Tom!
Now, I've pushed it again to my github,
https://github.com/tianocore/edk2/pull/5594 re-ran the tasks but "Review
required" is still there so I assume re-posting patches won't help
getting them in as I need more reviews, right?
On 6/6/24 04:54, Tom Lendacky wrote:
On 6/4/24
I have verified that the EDK2 basetools does not process `SPEC` under the
`DEFINES` section as mentioned in the documentation and it does not work.
I went through the commit history of basetools around this, it looks like this
has not worked pretty much ever, (I went only as far as GitHub would
> Phone: *+49 234 68 94 188 <+492346894188>*
>
> Mobile: *+49 176 76 113842 <+4917676113842>*
>
>
>
> Registered office: Bochum
>
> Commercial register: Amtsgericht Bochum, HRB 17519
>
> Management: Sebastian German, Eray Bazaar
>
>
> Data pr
For this series,
Reviewed-by: Nhi Pham
Thanks,
Nhi
On 6/6/2024 10:04 AM, Rebecca Cran wrote:
These are a set of bug fixes I made to the Mt Jade and common Ampere
code while working on updating and improving ADLINK's edk2_aadp
project.
Rebecca Cran (6):
Silicon/Ampere: Fix capitalization
ile: +49 176 76 113842
Registered office: Bochum
Commercial register: Amtsgericht Bochum, HRB 17519
Management: Sebastian German, Eray Bazaar
Data protection information according to Art. 13
GDPR<https://9elements.com/privacy>
On Mon, 3 Jun 2024 at 23:20, Witt, Sebastian via groups.i
On 6/5/2024 4:21 PM, Michael D Kinney via groups.io wrote:
* Some PRs have been merged using the "Rebase and Merge" button in the
PR after all required reviews completed and all CI checks pass. Instead,
the "push" label should continue to be used. There does not
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
Write the feature bit into PcdConfidentialComputingGuestAttr
and enable DebugVirtualization in PEI, SEC, DXE.
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: Jiewen Yao
Cc: Michael Roth
Cc: Min Xu
Cc: Tom Lendacky
Signed-off-by:
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since the previous commit.
Fix AmdMemEncryptionAttrCheck to check the level and feature
correctly and add DebugVirtualization support.
Since the actual
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
The SEV-ES DebugVirtualization feature enables type B swapping of
debug registers on #VMEXIT and makes #DB and DR7 intercepts
unnecessary and unwanted.
When DebugVirtualization is enabled, this stops booting if
#VC for #DB or DB7 read/write occurs as
On 6/4/24 21:09, Alexey Kardashevskiy wrote:
For now we need DebugSwap but others are likely to be needed too.
Cc: Tom Lendacky
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Alexey Kardashevskiy
Reviewed-by: Tom Lendacky
---
Changes:
v4:
* added more from
merge it after the
stable tag.
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
mailto:devel@edk2.groups.io> > 代表 Chang, Abner via
> groups.io
> 发送时间: 2024年5月16日 8:50
> 收件人: Hsueh, Hong-Chih (Neo) mailto:Hong-Chih.
hs...@amd.c
Could you help push my patch to Tianocore/edk2-platforms once approved,
while I don't have write permission?
Thanks,
Nhi
On 6/5/2024 11:10 AM, Rebecca Cran wrote:
Reviewed-by: Rebecca Cran
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply
Reviewed-by: Rebecca Cran
--
Rebecca Cran
On 6/4/2024 6:57 PM, Nhi Pham wrote:
This allows to initialize secure boot with the default factory keys
embedded in firmware flash image.
For example, to incorporate PK, KEK, and DB default keys, specify the
corresponding key files in the Jade.dsc
Write the feature bit into PcdConfidentialComputingGuestAttr
and enable DebugVirtualization in PEI, SEC, DXE.
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Cc: Jiewen Yao
Cc: Michael Roth
Cc: Min Xu
Cc: Tom Lendacky
Signed-off-by: Alexey Kardashevskiy
---
Changes:
v4:
*
CONFIDENTIAL_COMPUTING_GUEST_ATTR is not a simple SEV level anymore
and includes a feature mask since the previous commit.
Fix AmdMemEncryptionAttrCheck to check the level and feature
correctly and add DebugVirtualization support.
Since the actual feature flag is not set yet, this should cause
The SEV-ES DebugVirtualization feature enables type B swapping of
debug registers on #VMEXIT and makes #DB and DR7 intercepts
unnecessary and unwanted.
When DebugVirtualization is enabled, this stops booting if
#VC for #DB or DB7 read/write occurs as this signals unwanted
interaction from the HV.
PcdConfidentialComputingGuestAttr so far only contained an SEV mode bit
but there are more other features which do not translate to levels
such as DebugVirtualization or SecureTsc.
Add the feature mask and the DebugVirtualization feature bit to the PCD.
Cc: Liming Gao
Cc: Michael D Kinney
Cc:
For now we need DebugSwap but others are likely to be needed too.
Cc: Tom Lendacky
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Alexey Kardashevskiy
---
Changes:
v4:
* added more from April/2024 APM
---
MdePkg/Include/Register/Amd/Fam17Msr.h | 95 +++-
This is to prevent #DB interception on SEV-ES VM with
enabled DebugVirtualization feature.
The previous conversation is here:
https://edk2.groups.io/g/devel/topic/patch_ovmf_v3_0_5_enable/105863808
This is based on sha1
7772e339bdbb Chao Li "ArmVirtPkg: Enable the non-hardcode version
This allows to initialize secure boot with the default factory keys
embedded in firmware flash image.
For example, to incorporate PK, KEK, and DB default keys, specify the
corresponding key files in the Jade.dsc as follows:
DEFINE DEFAULT_KEYS= TRUE
DEFINE PK_DEFAULT_FILE =
Hello All,
I am new to working with EDK2 and have just been able to compile it up
on my Ubuntu 22.04 (x64) system.
Some of my initial interest is in that I am wanting to learn all about
using EDK2 as well as am seeming a UEFI Ramdisk in which I was able to
build up the edk2 RamDiskDxe.efi
caution
when opening attachments, clicking links, or responding.
Abner:
This change is good to me. Reviewed-by: Liming Gao
But, this is not critical issue. So, I suggest to merge it after the stable
tag.
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Chang, Abn
h and add BZ link to
> commit message?
>
> Edk2 has switched to github pr code review process, you can raise PR in
> https://github.com/tianocore/edk2/pulls
> directly.
>
> Regards,
> Yi
>
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Wit
...@byosoft.com.cn
发件人: Yoshinoya
发送时间: 2024-06-03 16:24
收件人: devel; fanjianfeng
主题: Re:回复: [edk2-devel] Is DEBUG output function safe for MP case?
Hi, Jeff:
If AP code use base-typed debuglib, then it's mp safe?
Thanks
At 2024-05-31 14:33:40, "Jeff Fan via groups.io"
wrote:
AP cannot ru
Fix calculation of first section in FileFindSection for FILE2 headers in
UefiPayloadEntry module.
Signed-of-by: Sebastian Witt
---
UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
strcpy fails when strSource is closer than 4096 bytes after strDest.
This is caused by an overlap check in AsciiStrCpyS:
//
// 5. Copying shall not take place between objects that overlap.
//
SAFE_STRING_CONSTRAINT_CHECK (InternalSafeStringNoAsciiStrOverlap
(Destination, DestMax, (CHAR8
On 5/30/2024 8:33 AM, Tommy Huang wrote>> On 5/29/2024 8:18 PM, Leif
Lindholm via groups.io wrote:
+Nhi,
Could you check/verify these work fine on your systems?
Yes, I can. Thanks Leif for reaching out to me.
Hi Tommy Huang - Could you please create a Pull Request (PR) or share a
branc
for serial to detect modems. A factory updated Windows on a PC
that controlled a CnC machine and the modem auto detect AT commands got sent to
the CnC machine, and this told the CnC machine to start drilling holes in the
CnC machine.
> On May 31, 2024, at 4:59 AM, Andrew Fish via groups
ime. So that should
imply they deal with virtual address mapping and locks.
Thanks,
Andrew Fish
> On May 31, 2024, at 1:33 AM, Jeff Fan via groups.io
> wrote:
>
> AP cannot run any UEFI Service. Please make sure AP code use base-typed
> DebugLib instance (Such as BaseDebugLibS
AP cannot run any UEFI Service. Please make sure AP code use base-typed
DebugLib instance (Such as BaseDebugLibSerialport.inf from MdePkg)
fanjianf...@byosoft.com.cn
发件人: Yoshinoya
发送时间: 2024-05-31 14:22
收件人: devel@edk2.groups.io
主题: [edk2-devel] Is DEBUG output function safe for MP case?
On 5/6/24 15:27, Tobin Feldman-Fitzthum wrote:
A malicious host may be able to undermine the fw_cfg
interface such that loading a blob fails.
In this case rather than continuing to the next boot
option, the blob verifier should halt.
For non-confidential guests, the error should be non-fatal.
On 5/6/24 15:27, Tobin Feldman-Fitzthum wrote:
The Blob Verifier checks boot artifacts against a hash table
injected by the hypervisor and measured by hardware.
Update the Blob Verifier to enter a dead loop if the artifacts
do not match.
There are some changes to messages from ERROR to WARN
Zhihao:
If Fsp-T/M is not installed, are they still used in PEI boot? If they are
used, I agree they should be measured.
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Li, Zhihao
> 发送时间: 2024年5月29日 11:36
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: Chiu, Chasel ; Desimone,
NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> On Thu, May 23, 2024 at 10:44:52PM GMT, Doug Flick via groups.io wrote:
> >
> >
>
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-
edk-ii-
> ipv6-network-stack.html
> >
> > This p
Lin:
I see there is some discussion. Have you made the agreement with this
change?
Thanks
Liming
发件人: devel@edk2.groups.io 代表 Du Lin
发送时间: 2024年5月29日 21:05
收件人: devel@edk2.groups.io
抄送: Liming Gao ; Ni, Ray ;
Lin, Du
主题: Re: [edk2-devel] [PATCH] MdeModulePkg: Update GCD attribute
Reviewed-by: Liming Gao
> -邮件原件-
> 发件人: Tan, Dun
> 发送时间: 2024年5月28日 17:44
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: Ni, Ray ; Wang, Jian J
> 主题: RE: [edk2-devel] [Patch V2 17/18] MdeModulePkg:Remove MpService2Ppi
> field in SMM_S3_RESUME_STATE
>
> Liming,
>
> Sure, I think we can
From: Pete Batard
Sent: Wednesday, May 29, 2024 11:18 AM
To: devel@edk2.groups.io; Yao, Jiewen ; Kinney,
Michael
D ; mikub...@linux.microsoft.com
Subject: Re: [edk2-devel] libspdm Breaking Builds
Hello all,
On 2024.05.24 03:13, Yao, Jiewen via groups.io wrote:
Please let us know if
Hello all,
On 2024.05.24 03:13, Yao, Jiewen via groups.io wrote:
Please let us know if the preference for libspdm submodule. (Below options)
1) Keep current libspdm official 3.3.0 release, and update to next release at
the beginning of July.
2) Update libspdm immediately with the new cmocka
ches, and 'push' label" on edk2-platforms, but no
> further discussions then.
>
> Thanks
> Abner
>
> > -Original Message-
> > From: devel@edk2.groups.io On Behalf Of Michael D
> > Kinney via groups.io
> > Sent: Wednesday, May 29, 2024 2:54 AM
> > T
On 5/29/2024 8:18 PM, Leif Lindholm via groups.io wrote:
> +Nhi,
>
> Could you check/verify these work fine on your systems?
Yes, I can. Thanks Leif for reaching out to me.
Hi Tommy Huang - Could you please create a Pull Request (PR) or share a
branch so I can easily apply and test th
-platforms, but no
further discussions then.
Thanks
Abner
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Michael D
> Kinney via groups.io
> Sent: Wednesday, May 29, 2024 2:54 AM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D
> Subject: [edk2-devel] Gi
[AMD Official Use Only - AMD Internal Distribution Only]
Reviewed-by: Abner Chang
> -Original Message-
> From: Abdul Lateef Attar
> Sent: Tuesday, May 28, 2024 10:08 PM
> To: devel@edk2.groups.io
> Cc: Attar, AbdulLateef (Abdul Lateef) ; Chang,
> Abner ; Grimes, Paul
> Subject:
[AMD Official Use Only - AMD Internal Distribution Only]
Reviewed-by: Abner Chang
> -Original Message-
> From: Abdul Lateef Attar
> Sent: Tuesday, May 28, 2024 10:08 PM
> To: devel@edk2.groups.io
> Cc: Attar, AbdulLateef (Abdul Lateef) ; Chang,
> Abner ; Grimes, Paul
> Subject:
[AMD Official Use Only - AMD Internal Distribution Only]
Reviewed-by: Abner Chang
> -Original Message-
> From: Abdul Lateef Attar
> Sent: Tuesday, May 28, 2024 10:08 PM
> To: devel@edk2.groups.io
> Cc: Attar, AbdulLateef (Abdul Lateef) ; Chang,
> Abner ; Grimes, Paul
> Subject:
Implements SmmCorePlatformHookLib library for AMD platform.
Cc: Abner Chang
Cc: Paul Grimes
Signed-off-by: Abdul Lateef Attar
---
.../AMD/AmdPlatformPkg/AmdPlatformPkg.dec | 5 +
.../AMD/AmdPlatformPkg/AmdPlatformPkg.dsc | 6 +
.../Library/AmdSmmCorePlatformHookLib.h | 68
Register a smm core platform hook handler for SPI device,
using AMD SmmCorePlatformHookLib library.
This platform hook saves the SPI host controller state.
Cc: Abner Chang
Cc: Paul Grimes
Signed-off-by: Abdul Lateef Attar
---
.../AMD/AmdPlatformPkg/AmdPlatformPkg.dec | 3 +
Removes unused gBoardBdsBootFromDevicePathProtocolGuid protocol,
and its corresponding code changes.
Adds missing Pcd/SmbiosPcd.h file.
Cc: Abner Chang
Cc: Paul Grimes
Signed-off-by: Abdul Lateef Attar
---
.../AmdPlatformPkg/Include/Pcd/SmbiosPcd.h| 58
PR: https://github.com/tianocore/edk2-platforms/pull/148
Fix the build failure for SmbiosDxe driver by removing
unused protocol.
Adds PCD defines for smbios.
Adds SPI supporting libraries.
Cc: Abner Chang
Cc: Paul Grimes
Abdul Lateef Attar (3):
AmdPlatformPkg: Removes unused
Zhihao:
Could you explain the situation that FSP-T/M is not migrated by PeiCore?
Thanks
Liming
> -邮件原件-
> 发件人: Zhihao Li
> 发送时间: 2024年4月29日 11:20
> 收件人: devel@edk2.groups.io
> 抄送: Chasel Chiu ; Nate DeSimone
> ; Duggapu Chinni B
> ; Chen Gang C ; Liming
> Gao
> 主题: [PATCH v1 1/2]
Dun:
If you confirm that there is no impact on the existing module, you can remove
it.
Thanks
Liming
> -邮件原件-
> 发件人: Tan, Dun
> 发送时间: 2024年5月28日 17:34
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: Ni, Ray ; Wang, Jian J
> 主题: RE: [edk2-devel] [Patch V2 17/18] MdeModulePkg:Remove
Dun:
To be compatible, I suggest to keep the same layout of
SMM_S3_RESUME_STATE. MpService2Ppi field can be kept, but it is not used any
more.
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 duntan
> 发送时间: 2024年5月28日 14:35
> 收件人: devel@edk2.groups.io; Tan, Dun ; Liming Gao
>
>
Reviewed-by: Liming Gao
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 duntan
> 发送时间: 2024年5月28日 14:37
> 收件人: devel@edk2.groups.io; Tan, Dun ; Liming Gao
>
> 抄送: Ni, Ray ; Wu, Jiaxin
> 主题: Re: [edk2-devel] [Patch V2 01/18] MdeModulePkg: Add
> gEdkiiS3MtrrSettingGuid
>
> Hi Liming,
>
>
[AMD Official Use Only - AMD Internal Distribution Only]
This patch set was reviewed on GitHub PR.
Hi Abdul, please go ahead to push this patch.
Thanks!
Reviewed-by: Abner Chang
> -Original Message-
> From: Abdul Lateef Attar
> Sent: Tuesday, May 28, 2024 11:28 AM
> To:
Fix windows VC compilattion warning for AcpiCommon driver.
Cc: Paul Grimes
Cc: Abner Chang
Signed-off-by: Abdul Lateef Attar
---
.../AMD/AmdPlatformPkg/Universal/Acpi/AcpiCommon/PciSsdt.c| 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
PR: https://github.com/tianocore/edk2-platforms/pull/146
Cc: Paul Grimes
Cc: Abner Chang
Abdul Lateef Attar (2):
AmdPlatformPkg: Corrects file path of LogoDxe driver
AmdPlatformPkg: Fix windows VC compilation warning
.../Universal/Acpi/AcpiCommon/PciSsdt.c | 4 +-
Removes extra directory.
Cc: Paul Grimes
Cc: Abner Chang
Signed-off-by: Abdul Lateef Attar
---
.../LogoDxe/{LogoDxe => }/JpegLogo.idf| 0
.../LogoDxe/{LogoDxe => }/JpegLogoDxe.inf | 0
.../Universal/LogoDxe/{LogoDxe => }/Logo.bmp | Bin
1.Update the X64/AArch64 UEFI GOP driver into v1.13.04.
2.Update the .inf version.
3.Fix display flick on ast2600.
4.Remove 800x600@56 from mode list.
5.Add check EDID header behavior.
6.Signed .efi files for secuity boot needing.
Cc: Ard Biesheuvel
Cc: Isaac Oram
Cc: Nate DeSimone
Cc: Leif
phase. It
plans to catch this stable tag.
[Mike] This patch series uses ‘..’ in INF to access source files in another
component. This is not legal. I am surprised this was not caught in code
review.
DEFINE OPENSSL_PATH= ../OpensslLib/openssl
DEFINE BASE_CRYPT_PATH = ../Bas
= ../OpensslLib/openssl
DEFINE BASE_CRYPT_PATH = ../BaseCryptLib
[Mike] I see a reference to some “platform integration” testing. Given that
this patch series implements a number of
crypto service APIs and is a large number of new lines of code, it would be
good to know if all o
Jiewen:
If the patch is urgent to be merged, I will help add push label to merge
it with current process.
If the patch is not urgent, it can be merged after TianoCore Code Review
is switched from email to GitHub Pull Requests on US Tuesday.
Thanks
Liming
> -邮件原件-
> 发件人:
Ray:
This PR doesn’t pass CI. Please check.
Thanks
Liming
发件人: devel@edk2.groups.io 代表 Ni, Ray
发送时间: 2024年5月25日 9:35
收件人: Feng, Ning ; devel@edk2.groups.io; Ni, Ray
; Gao, Liming
主题: Re: [edk2-devel] [PATCH] UefiCpuPkg/MpLib:Do not assume BSP is #0.
I created PR for merge:
Doug:
What’s impact if no EFI_HASH2_PROTOCOL? Does network boot work or not?
Thanks
Liming
发件人: devel@edk2.groups.io 代表 Doug Flick via groups.io
发送时间: 2024年5月25日 0:51
收件人: gaoliming ; devel@edk2.groups.io
主题: Re: [edk2-devel] 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg:
CVE-2023-45236
To be clear, it requires EFI_RNG_PROTOCOL and EFI_HASH2_PROTOCOL. Both should
be mentioned in the release notes
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119260): https://edk2.groups.io/g/devel/message/119260
Mute This Topic:
Hi, all
Because this patch fixes two CVE, I decide to include them in this stable
tag 202405.
https://github.com/tianocore/edk2/pull/5582 has been merged.
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 gaoliming via
> groups.io
> 发送时间: 2024年5月24日 22:51
>
te:
> > On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
> > wrote:
> > >
> > > Ard:
> > > Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that
> includes 20 commits. You can check them.
> > >
> >
> > This looks
a...@redhat.com; Michael D Kinney
> ; Andrew Fish ;
> quic_llind...@quicinc.com
> 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> On Fri, 24 May 2024 at 09:01, gaoliming via groups.io
> wrote:
> >
> > Ard and Gerd:
Ard and Gerd:
Doug updated this patch set based on your suggestion. Could you give
reviewed-by or acked-by for the changes in OvmfPkg and ArmVirtPkg if you
have no other comments?
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Doug Flick via
> groups.io
> 发送时间: 2024
Reviewed-by: Liming Gao
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Doug Flick via
> groups.io
> 发送时间: 2024年5月24日 13:45
> 收件人: devel@edk2.groups.io
> 抄送: Michael D Kinney ; Liming Gao
> ; Zhiguang Liu
> 主题: [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH
From: Ard Biesheuvel
Currently, only TPM2 builds enable the PCD PEIM, which is a prerequisite
for being able to use dynamic PCDs already at the PEI stage. This
facility will be used for other reasons too so move those pieces out of
code block that are conditional on TPM2_ENABLE
Cc: Ard
From: Ard Biesheuvel
On ARM systems, whether SMC or HVC instructions need to be used to issue
monitor calls is typically dependent on the exception level, but there
are also cases where EL1 might use SMC instructions, so there is no hard
and fast rule.
For ArmVirtQemu, this does depend strictly
From: Ard Biesheuvel
BaseRngLib on AARCH64 will discover whether or not RNDR instructions are
supported, by inspecting the ISAR0 identification register, and setting
a global boolean accordingly. This boolean is used in subsequent
execution to decide whether or not to issue the instruction.
The
This moves the PcdMonitorConduitHvc from PcdsFeatureFlag.Common to
PcdsFixedAtBuild.Common
This is a follow on to the previous commit:
ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC
From: Doug Flick
This commit adds a new MockHash2 protocol to the MdePkg. This allows
the unit tests to pick up the new protocol and use it for testing.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
From: Ard Biesheuvel
ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC instructions instead of HVC instructions.
Whether or not this is the case can only be decided at runtime, and so
the associated PCD needs to be settable at runtime, if the platform
From: Doug Flick
This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
- Random now comes from the RngLib Protocol
- The TCP ISN is now generated by the hash function
Cc: Saloni Kasbekar
Cc: Zachary Clark-williams
Signed-off-by:
From: Doug Flick
This commit adds a mock library for UefiBootServicesTableLib.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/MdePkgHostTest.dsc
| 1 +
From: Doug Flick
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
Bug Overview:
PixieFail Bug #8
CVE-2023-45236
From: Doug Flick
This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.
Cc: Michael D Kinney
Cc: Liming Gao
Cc: Zhiguang Liu
Signed-off-by: Doug Flick [MSFT]
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48
From: Doug Flick
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of a Weak PseudoRandom Number Generator
Change
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
diff --git
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 +
From: Doug Flick
This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Gerd Hoffmann
Signed-off-by: Doug Flick [MSFT]
---
OvmfPkg/OvmfPkgIa32.dsc| 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 6
This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.
Cc: Andrew Fish
Cc: Ray Ni
Signed-off-by: Doug Flick [MSFT]
Reviewed-by: Ray Ni
---
EmulatorPkg/EmulatorPkg.dsc | 7 ++-
EmulatorPkg/EmulatorPkg.fdf | 6 +-
2
From: Doug Flick
This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Andrew Fish
Cc: Ray Ni
Signed-off-by: Doug Flick [MSFT]
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++--
EmulatorPkg/EmulatorPkg.fdf | 5 +
2 files
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch
From: Ard Biesheuvel
On ARM systems, whether SMC or HVC instructions need to be used to issue
monitor calls is typically dependent on the exception level, but there
are also cases where EL1 might use SMC instructions, so there is no hard
and fast rule.
For ArmVirtQemu, this does depend strictly
1 - 100 of 7436 matches
Mail list logo