Hi Jeff,
On Wed, 1 Sept 2021 at 00:48, Jeff Brasen wrote:
>
> Add support under a pcd feature for using the new interface to pass
> initrd to the linux kernel.
>
> Signed-off-by: Jeff Brasen
> ---
> EmbeddedPkg/EmbeddedPkg.dec | 1 +
>
Hi Linus,
It looks like Python2.7 is not working with the EDK2 build system on Windows
(at least for Arm builds). Can you try using Python 3.7 instead?
I am using Python 3.7.3 and the build is working. Please let me know if
switching to Python 3.7 does not work.
Regards,
Sami Mujawar
From:
Hi Min
I agree with Gerd and Ard in this case.
It is NOT so obvious that the FTW is produced then consumed in the code. What
if the attacker prepares some special configuration to trigger the FTW process
at the first boot, the code will do *read* before *write*? That is a potential
attack
Good day Jeff,
On 01/09/2021 00:48, Jeff Brasen via groups.io wrote:
Add support under a pcd feature for using the new interface to pass
initrd to the linux kernel.
Signed-off-by: Jeff Brasen
---
EmbeddedPkg/EmbeddedPkg.dec | 1 +
Hey Ray,
Thanks for your response!
1) It would disrupt platform builds that use this INF.
2) We'd need a new library to satisfy MemoryAllocationLib dependencies.
If using the generic SMM one, libraries linked against the core would
start using the indirect table calls over the direct calls
On Tuesday, August 31, 2021 2:11 PM, Gerd Hoffmann wrote:
> > Motivation: Intel TDX provides memory encryption and integrity
> > multi-tenancy for hardware protection. A TD-guest uses TDCALL to
> > accept shared memory as private. However, accept whole system memory
> > may take a long time
Hi,
> Because the total patch-sets for TDVF upstreaming is too big and there are 2
> configurations.
> So we split the upstreaming into below waves.
> Config-A Config-B Phase
> Wave-1Y YResetVector
>
On Wed, 1 Sept 2021 at 09:20, Gerd Hoffmann wrote:
>
...
> Is it possible to have multiple drivers implementing the
> EfiTimerArchProtocol in one firmware binary, then just use the one which
> successfully initializes first? If so, can I define the initialization
> order? i.e. can I add a
Hi all,
I have push the commit to fix this issue to coreboot.org. Here is the link.
https://review.coreboot.org/c/coreboot/+/57296
This issue is caused because the coreboot implementation doesn’t handle the
existence of EFI_FIRMWARE_VOLUME_EXT_HEADER, resulting in address of
UefiPayloadEntry to
On Wed, 1 Sept 2021 at 08:10, Gerd Hoffmann wrote:
>
> Hi,
>
> > > I didn't fully investigate what kind of attacks one can do. I'm pretty
> > > sure simply
> > > making the variable store larger and the spare smaller works, so parts of
> > > the
> > > variable store are outside the area you
Hi,
> As to the spare part in varstore, it is not external input, is it?
It is part of the VARS file passed by the host to the guest.
With normal ovmf its part of the writable flash. I'd consider
that external input, although I think nothing actually uses it
so it should just be a zero-filled
On Wed, 1 Sept 2021 at 10:45, Grzegorz Bernacki wrote:
>
> Hi Ard,
>
> The problem is that for some reason EfiBootManagerRefreshAllBootOption
> () overwrites BootOrder. For example, if USB bootable device is
> removed from the top and added at the bottom of the list.
> I will debug the problem
Create PR https://github.com/tianocore/edk2/pull/1940 for this patch set.
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 duntan
> 发送时间: 2021年9月1日 11:32
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: 'Sean Brogan' ; 'Bret Barkelew'
> ; Kinney, Michael D
>
> 主题: Re: [edk2-devel] [PATCH 2/2]
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3361
DestMax must be > Length or StrnCpyS() and AsciiStrnCpyS()
return an error. Set DestMax to n + 1 for these LibC APIs.
Cc: Rebecca Cran
Cc: Jayaprakash Nevara
Signed-off-by: Michael D Kinney
---
StdLib/LibC/String/Copying.c | 2 +-
On September 1, 2021 2:57 PM, Ard Biesheuvel wrote:
> On Wed, 1 Sept 2021 at 08:10, Gerd Hoffmann wrote:
> >
> > Hi,
> >
> > > > I didn't fully investigate what kind of attacks one can do. I'm
> > > > pretty sure simply making the variable store larger and the spare
> > > > smaller works, so
On Tue, Aug 31, 2021 at 06:25:49PM +0200, Philippe Mathieu-Daudé wrote:
> On 8/31/21 11:57 AM, Gerd Hoffmann wrote:
> > Microvm has no acpi timer, so go use XenTimerDxe
> > which uses the local apic instead.
> >
> > FIXME: timer frequency is wrong.
>
> Xen seems to expect a 10MHz timer. Maybe
Hi,
> > I didn't fully investigate what kind of attacks one can do. I'm pretty
> > sure simply
> > making the variable store larger and the spare smaller works, so parts of
> > the
> > variable store are outside the area you are measuring. Not fully sure
> > whenever
> > one can actually
Reviewed-by: Michael D Kinney
> -Original Message-
> From: Desimone, Nathaniel L
> Sent: Tuesday, August 31, 2021 4:40 PM
> To: devel@edk2.groups.io
> Cc: Agyeman, Prince ; Kinney, Michael D
>
> Subject: [edk2-platforms] [PATCH V1] SimicsOpenBoardPkg: Fix GCC Build
>
> Cc: Agyeman
On Tue, Aug 31, 2021 at 02:32:45PM +, Yao, Jiewen wrote:
> Thank you. That confirms my guess.
>
> If you can add all those info in readme, that would be great, especially the
> URL https://qemu.readthedocs.io/en/latest/system/i386/microvm.html, as well
> as the scope.
Current README below
Hi Ard,
The problem is that for some reason EfiBootManagerRefreshAllBootOption
() overwrites BootOrder. For example, if USB bootable device is
removed from the top and added at the bottom of the list.
I will debug the problem further, however this patch is needed to
retain correct boot order
Hi Linus,
The problem you are seeing appears to be with your development environment
setup. It may be worth trying the settings described in ‘Laszlo's unkempt git
guide for edk2 contributors and maintainers’ at
Hi Linus,
I ran in the same error as you on linux while using Python2.7. The command
completed successfully with Python 3.6.9, so Python 3.X should work.
Regards,
Pierre
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80071):
Pushed:
https://github.com/tianocore/edk2/commit/12e33dca4c0612a0975265e5ba641c6261a26455
Thanks,
Chasel
> -Original Message-
> From: Loo, Tung Lun
> Sent: Tuesday, August 17, 2021 3:43 PM
> To: devel@edk2.groups.io
> Cc: Loo, Tung Lun ; Ma, Maurice
> ; Desimone, Nathaniel L
> ;
With the upcoming release of Windows 11, Microsoft has introduced a new USB
Device-Specific Method (_DSM) function to enforce 64-bit xHCI registers to
be accessed through two sequential 32-bit requests. The new function (Query
controller register access type - Function 6) is documented at:
On Wed, 2021-09-01 at 08:59 +, Yao, Jiewen wrote:
> Hi Min
> I agree with Gerd and Ard in this case.
>
> It is NOT so obvious that the FTW is produced then consumed in the
> code. What if the attacker prepares some special configuration to
> trigger the FTW process at the first boot, the code
Reviewed-by: Rebecca Cran
--
Rebecca Cran
On 9/1/21 1:18 AM, Michael D Kinney wrote:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3361
DestMax must be > Length or StrnCpyS() and AsciiStrnCpyS()
return an error. Set DestMax to n + 1 for these LibC APIs.
Cc: Rebecca Cran
Cc:
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Groups.io Inc//Groups.io Calendar//EN
METHOD:PUBLISH
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:Asia/Colombo
LAST-MODIFIED:20201011T015911Z
TZURL:http://tzurl.org/zoneinfo-outlook/Asia/Colombo
X-LIC-LOCATION:Asia/Colombo
BEGIN:STANDARD
TZNAME:+0530
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that the physical address of the GHCB must
be registered with the hypervisor before using it. See the GHCB
specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MpInitLib uses the PcdSevSnpIsEnabled to determine whether the SEV-SNP
is active. If the SEV-SNP is active, then set the PCD to TRUE.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
clear the memory encryption attribute in the page table. When SEV-SNP
is active, we also need to change the page state in the RMP table so that
it is in sync with the
From: Michael Roth
During AP bringup, just after switching to long mode, APs will do some
cpuid calls to verify that the extended topology leaf (0xB) is available
so they can fetch their x2 APIC IDs from it. In the case of SEV-ES,
these cpuid instructions must be handled by direct use of the
When SEV-SNP is active, the CPUID and Secrets memory range contains the
information that is used during the VM boot. The content need to be persist
across the kexec boot. Mark the memory range as Reserved in the EFI map
so that guest OS or firmware does not use the range as a system RAM.
Cc:
The SetMemoryEncDec() is used by the higher level routines to set or clear
the page encryption mask for system RAM and Mmio address. When SEV-SNP is
active, in addition to set/clear page mask it also updates the RMP table.
The RMP table updates are required for the system RAM address and not
the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The initial page built during the SEC phase is used by the
MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The
page validation process requires using the PVALIDATE instruction; the
instruction accepts a virtual address of
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The VMM launch sequence should have pre-validated all the data pages used
in the Reset vector. The range does not cover the data pages used during
the SEC phase (mainly PEI and DXE firmware volume decompression memory).
When SEV-SNP is
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that both the secrets and cpuid pages are reserved in the HOB,
extract the location details through fixed PCD and make it available
to the guest OS through the configuration table.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc:
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Use the SEV-SNP AP Creation NAE event to create and launch APs under
SEV-SNP. This capability will be advertised in the SEV Hypervisor
Feature Support PCD (PcdSevEsHypervisorFeatures).
Cc: Michael Roth
Cc: Eric Dong
From: Michael Roth
SEV-SNP firmware allows a special guest page to be populated with
guest CPUID values so that they can be validated against supported
host features before being loaded into encrypted guest memory to be
used instead of hypervisor-provided values [1].
Add handling for this in
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure
that MMIO is only performed against the un-encrypted memory. If MMIO
is performed against encrypted memory, a #GP is raised.
The AmdSevDxe uses the functions provided
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the
system RAM. As the boot progress, each phase validates a fixed region of
the RAM. In the PEI phase, the PlatformPei detects all the available RAM
and calls to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Many of the integrity guarantees of SEV-SNP are enforced through the
Reverse Map Table (RMP). Each RMP entry contains the GPA at which a
particular page of DRAM should be mapped. The guest can request the
hypervisor to add pages in the RMP
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added the support to query the
hypervisor feature bitmap. The feature bitmap provide information
such as whether to use the AP create VmgExit or use the AP jump table
approach to create the APs. The
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
When SEV-SNP is active, a memory region mapped encrypted in the page
table must be validated before access. There are two approaches that
can be taken to validate the system RAM detected during the PEI phase:
1) Validate on-demand
OR
2)
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that OvmfPkg supports version 2 of the GHCB specification, bump the
protocol version.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The GHCB page is part of a pre-validated memory range specified through
the SnpBootBlock GUID. When SEV-SNP is active, the GHCB page is
pre-validated by the hyperivosr during the SNP guest creation. On boot,
the reset vector maps the GHCB
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
must be validated before being accessed.
The validation process consist of the following sequence:
1) Set the memory encryption attribute in the page table (aka
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Create a function that can be used to determine if VM is running as an
SEV-SNP guest.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Define the PCDs used by the MpInitLib while creating the AP when SEV-SNP
is active in the guest VM.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan
Move all the SEV specific function in AmdSev.c.
No functional change intended.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Signed-off-by: Brijesh Singh
---
OvmfPkg/Sec/SecMain.inf | 1 +
From: Michael Roth
CPUID instructions are issued during early boot to do things like probe
for SEV support. Currently these are handled by a minimal #VC handler
that uses the MSR-based GHCB protocol to fetch the CPUID values from
the hypervisor. When SEV-SNP is enabled, use the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based memory protections. SEV-SNP adds strong memory integrity
protection to help prevent malicious hypervisor-based attacks like data
replay, memory
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Introduce a new SEV-SNP boot-specific GUID block. The block is used to
communicate the secrets and cpuid memory area reserved by the guest BIOS.
When SEV-SNP is enabled, the hypervisor will locate the SEV-SNP boot
block to get the location
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Virtual Machine Privilege Level (VMPL) is an optional feature in the
SEV-SNP architecture, which allows a guest VM to divide its address space
into four levels. The level can be used to provide the hardware isolated
abstraction layers with a
> On Sep 1, 2021, at 9:53 AM, James Bottomley wrote:
>
> On Wed, 2021-09-01 at 08:59 +, Yao, Jiewen wrote:
>> Hi Min
>> I agree with Gerd and Ard in this case.
>>
>> It is NOT so obvious that the FTW is produced then consumed in the
>> code. What if the attacker prepares some special
I upload it again. Now, it has been merged.
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 duntan
> 发送时间: 2021年9月2日 9:24
> 收件人: gaoliming ; devel@edk2.groups.io
> 抄送: 'Sean Brogan' ; 'Bret Barkelew'
> ; Kinney, Michael D
>
> 主题: Re: [edk2-devel] [PATCH 2/2] .azurepipelines: Add
On 8/31/21 5:57 AM, Gerd Hoffmann wrote:
Microvm has no TPM support.
Signed-off-by: Gerd Hoffmann
Reviewed-by: Stefan Berger
---
OvmfPkg/Microvm/MicrovmX64.dsc | 76 +-
OvmfPkg/Microvm/MicrovmX64.fdf | 18
2 files changed, 1 insertion(+), 93
Hi Liming,
I have seen the link to push my commits to master of edk2. The result shows
that the Ci test failed in ArmPlatformPkg. But I think my commits will not
affect the ArmPlatformPkg. Here is the link.
https://github.com/tianocore/edk2/pull/1940the
So is there anything I need to do?
Add support under a pcd feature for using the new interface to pass
initrd to the linux kernel.
Signed-off-by: Jeff Brasen
---
EmbeddedPkg/EmbeddedPkg.dec | 1 +
.../AndroidBootImgLib/AndroidBootImgLib.inf | 3 +
.../AndroidBootImgLib/AndroidBootImgLib.c | 147
Update AndroidBootImgBoot to use a single return point
Make sure Kernel args are freed and Image is unloaded.
Signed-off-by: Jeff Brasen
---
.../AndroidBootImgLib/AndroidBootImgLib.c | 50 +++
1 file changed, 29 insertions(+), 21 deletions(-)
diff --git
Added support for using loadfile2 approach for passing ramdisk to linux.
Created patch series for general error handling improvments based on
review feedback.
[v2]
-Added review feedback
-General improvements to error handling
[v1]
- Intial revision
Jeff Brasen (2):
EmbeddedPkg:
Thanks a lot!
Thanks,
Dun
-Original Message-
From: gaoliming
Sent: Thursday, September 2, 2021 10:10 AM
To: devel@edk2.groups.io; Tan, Dun
Cc: 'Sean Brogan' ; 'Bret Barkelew'
; Kinney, Michael D
Subject: 回复: [edk2-devel] [PATCH 2/2] .azurepipelines: Add UefiPayloadPkg in
This series imports code from the edk2-platforms project related to
disabling the TPM2 platform hierarchy in Ovmf and ArmVirtPkg. It
addresses the Ovmf aspects of the following bugs:
https://bugzilla.tianocore.org/show_bug.cgi?id=3510
https://bugzilla.tianocore.org/show_bug.cgi?id=3499
I have
Add a NULL implementation of the library class TpmPlatformHierarchyLib
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.c | 19
.../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++
2 files changed, 50 insertions(+)
create mode 100644
Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.c | 23 +--
1 file changed, 6 insertions(+), 17 deletions(-)
diff --git
Compile the added TPM related code now.
Signed-off-by: Stefan Berger
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++
OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
.../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 +
Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.inf | 3 +--
SecurityPkg/SecurityPkg.dec | 6 ++
2 files changed, 7 insertions(+), 2
Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms.
Signed-off-by: Stefan Berger
---
.../Include/Library/TpmPlatformHierarchyLib.h | 27 ++
.../PeiDxeTpmPlatformHierarchyLib.c | 266 ++
.../PeiDxeTpmPlatformHierarchyLib.inf | 45 +++
3 files changed,
Signed-off-by: Stefan Berger
---
ArmVirtPkg/ArmVirtCloudHv.dsc | 1 +
ArmVirtPkg/ArmVirtQemu.dsc | 3 +++
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 +
ArmVirtPkg/ArmVirtXen.dsc
Use the newly added function to disable the TPM2 platform hierarchy.
Signed-off-by: Stefan Berger
---
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++
OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c | 7 +++
This series imports code from the edk2-platforms project related to
disabling the TPM2 platform hierarchy in Ovmf and ArmVirtPkg. It
addresses the Ovmf aspects of the following bugs:
https://bugzilla.tianocore.org/show_bug.cgi?id=3510
https://bugzilla.tianocore.org/show_bug.cgi?id=3499
I have
Add a NULL implementation of the library class TpmPlatformHierarchyLib
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.c | 19
.../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++
2 files changed, 50 insertions(+)
create mode 100644
Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.inf | 3 +--
SecurityPkg/SecurityPkg.dec | 6 ++
2 files changed, 7 insertions(+), 2
Compile the added TPM related code now.
Signed-off-by: Stefan Berger
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++
OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
.../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 +
Use the newly added function to disable the TPM2 platform hierarchy.
Signed-off-by: Stefan Berger
---
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++
OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c | 7 +++
Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.inf | 3 +--
SecurityPkg/SecurityPkg.dec | 6 ++
2 files changed, 7 insertions(+), 2
Use the newly added function to disable the TPM2 platform hierarchy.
Signed-off-by: Stefan Berger
---
ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++
.../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 +
2 files changed, 7 insertions(+)
diff --git
Signed-off-by: Stefan Berger
---
ArmVirtPkg/ArmVirtCloudHv.dsc | 1 +
ArmVirtPkg/ArmVirtQemu.dsc | 3 +++
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 +
ArmVirtPkg/ArmVirtXen.dsc
Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.c | 23 +--
1 file changed, 6 insertions(+), 17 deletions(-)
diff --git
Use the newly added function to disable the TPM2 platform hierarchy.
Signed-off-by: Stefan Berger
---
ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++
.../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 +
2 files changed, 7 insertions(+)
diff --git
Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.c | 23 +--
1 file changed, 6 insertions(+), 17 deletions(-)
diff --git
Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms.
Signed-off-by: Stefan Berger
---
.../Include/Library/TpmPlatformHierarchyLib.h | 27 ++
.../PeiDxeTpmPlatformHierarchyLib.c | 266 ++
.../PeiDxeTpmPlatformHierarchyLib.inf | 45 +++
3 files changed,
Use the newly added function to disable the TPM2 platform hierarchy.
Signed-off-by: Stefan Berger
---
ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++
.../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 +
2 files changed, 7 insertions(+)
diff --git
Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms.
Signed-off-by: Stefan Berger
---
.../Include/Library/TpmPlatformHierarchyLib.h | 27 ++
.../PeiDxeTpmPlatformHierarchyLib.c | 266 ++
.../PeiDxeTpmPlatformHierarchyLib.inf | 45 +++
3 files changed,
Add a NULL implementation of the library class TpmPlatformHierarchyLib
Signed-off-by: Stefan Berger
---
.../PeiDxeTpmPlatformHierarchyLib.c | 19
.../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++
2 files changed, 50 insertions(+)
create mode 100644
This series imports code from the edk2-platforms project related to
disabling the TPM2 platform hierarchy in Ovmf and ArmVirtPkg. It
addresses the Ovmf aspects of the following bugs:
https://bugzilla.tianocore.org/show_bug.cgi?id=3510
https://bugzilla.tianocore.org/show_bug.cgi?id=3499
I have
Use the newly added function to disable the TPM2 platform hierarchy.
Signed-off-by: Stefan Berger
---
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++
OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c | 7 +++
Signed-off-by: Stefan Berger
---
ArmVirtPkg/ArmVirtCloudHv.dsc | 1 +
ArmVirtPkg/ArmVirtQemu.dsc | 3 +++
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 +
ArmVirtPkg/ArmVirtXen.dsc
Compile the added TPM related code now.
Signed-off-by: Stefan Berger
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++
OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
.../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 +
On August 31, 2021 1:35 PM, Gerd Hoffmann wrote:
> On Tue, Aug 31, 2021 at 03:09:08AM +, Xu, Min M wrote:
> > On Monday, August 30, 2021 3:41 PM, Gerd Hoffmann wrote:
> > > Hi,
> > >
> > > > _TdxPageTable:
> > > > If 5-level page table is supported (GPAW is 52), a top level page
> > > >
I apologize that you see this 3 times now. I thought something went
wrong with the smtp delivery since the messages didn't appear as fast as
expected, but obviously that wasn't the case and now it really went wrong.
Stefan
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages
On Wed, 1 Sept 2021 at 18:46, Pete Batard wrote:
>
> With the upcoming release of Windows 11, Microsoft has introduced a new USB
> Device-Specific Method (_DSM) function to enforce 64-bit xHCI registers to
> be accessed through two sequential 32-bit requests. The new function (Query
> controller
Wonderful! Thank you Pete!!
> -Original Message-
> From: Pete Batard
> Sent: Wednesday, September 1, 2021 12:46 PM
> To: devel@edk2.groups.io
> Cc: ardb+tianoc...@kernel.org; l...@nuviainc.com; Samer El-Haj-Mahmoud
>
> Subject: [edk2-platforms][PATCH 1/1] Platform/RaspberryPi/RPi4: Add
96 matches
Mail list logo