[edk2-devel] [PATCH v3 1/1] BaseTools: Script for converting .aml to .hex

From: Pierre Gondois The "-tc" option of the iasl compiler allows to generate a .hex file containing a C array storing AML bytecode. An online discussion suggested that this "-tc" option was specific to the iasl compiler and it shouldn't be relied on. This conversation is available at:

Re: [edk2-devel] [Patch] CryptoPkg/BaseCryptLibNull: Add missing HkdfSha256ExtractAndExpand()

Jian, Thanks for the review. I did not modify that file at all. I just copied it from another directory. That is why I left the Copyright year unmodified. Mike > -Original Message- > From: Wang, Jian J > Sent: Tuesday, February 4, 2020 6:46 AM > To: devel@edk2.groups.io; Kinney,

Re: [edk2-devel] [Patch] BaseTools tools_def.template: Add back -fno-pie option in GCC49 tool chain

Liming, Can you please provide a few more details on the failure. For the UnitTestFrameworkPkg patch set, I had to add the following to get host based unit test applications to build and run. I was seeing link failures between FW libs and host libs when building the POSIX host application.

Re: [edk2-devel] [Patch] BaseTools tools_def.template: Add back -fno-pie option in GCC49 tool chain

On 02/04/20 13:52, Gao, Liming wrote: > Laszlo: > >> -Original Message- >> From: Laszlo Ersek >> Sent: Tuesday, February 4, 2020 8:02 PM >> To: devel@edk2.groups.io; Gao, Liming >> Cc: Feng, Bob C ; Ard Biesheuvel >> >> Subject: Re: [edk2-devel] [Patch] BaseTools tools_def.template:

Re: [edk2-devel] [PATCH v3 1/1] BaseTools: Script for converting .aml to .hex

[From Liming] > If so, this is not the error for other ACPI table. I suggest to print INFO > message and directly return with success return value. I've put a EdkLogger.warn(), so it doesn't stop the execution of the script and the message has a log level high enough to be printed. Regards,

[edk2-devel] [PATCH v3 1/1] BaseTools: Build ASL files before C files

From: Pierre Gondois The dependencies for C files are satisfied by the build system. However, there are use cases where source files with different languages are inter-dependent. The EDKII build framework currently doesn't have options to specify such dependencies. E.g. It may be necessary to

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Hi Jiewen and Mike, I agree with general statement that MD4 and MD5 are deprecated. However, Although not MD4, UEFI spec 2.8 still mentions MD5 (and does not mention that it is deprecated). That is the reason MD4 and MD5 were included. If there is going to be an update to UEFI spec deprecating

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Jiewen, I think UINT8 is fine. We can change default to 0x04 in DEC file. I will let Amol comment on why MD4 and MD5 are included. If they are not required, then I agree they should be removed. I do not see a reason to align with TCG spec. The HashApiLib is a layer on top of BaseCryptLib and

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Hi Mike, Jiewen and Jian, Do I need to follow any crypto review guidelines for this patch? I am not enabling any new crypto. Need your input. Thanks, Amol -Original Message- From: Sukerkar, Amol N Sent: Tuesday, February 04, 2020 10:10 AM To: Kinney, Michael D ; Yao, Jiewen ;

Re: [edk2-devel] [edk2-rfc] [RFC] code-first process for UEFI-forum specifications

Leif, A few comments included below. Thanks, Mike > -Original Message- > From: devel@edk2.groups.io On > Behalf Of Laszlo Ersek > Sent: Monday, January 20, 2020 10:42 AM > To: r...@edk2.groups.io; l...@nuviainc.com; > devel@edk2.groups.io > Subject: Re: [edk2-devel] [edk2-rfc] [RFC]

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Amol We are in the process to deprecating SHA1. Currently SHA256 is default one. Some products are moving from SHA256 to SHA384. We did crypto usage analysis before. In the current EDKII code base, there is no code using MD4. The only code that using MD5 is the iSCSI. TPM1.2 has to use SHA1 -

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Thank Amol. You may want to keep SHA1. I still feel that SHA1 is used in some special case. It is safety to just drop MD4 and MD5 at this moment. We may consider to drop SHA1 later, when we do not see any usage. With this patch, I believe it will be easy for us to move from SHA256 to SHA384

Re: [edk2-devel] [PATCH 0/3] BaseTools/Scripts: .mailmap improvements

On 02/04/20 23:49, Philippe Mathieu-Daudé wrote: > Hi, > > This series improves PatchCheck.py so Mergify can catch > the emails rewritten by the mailing list. > Also it enable mailmap usage by default in the git config. > > Regards, > > Phil. > > Cc: Bob Feng > Cc: Liming Gao > > Philippe

[edk2-devel] [PATCH 0/3] BaseTools/Scripts: .mailmap improvements

Hi, This series improves PatchCheck.py so Mergify can catch the emails rewritten by the mailing list. Also it enable mailmap usage by default in the git config. Regards, Phil. Cc: Bob Feng Cc: Liming Gao Philippe Mathieu-Daudé (3): BaseTools/Scripts/PatchCheck.py: Do not use mailmap

[edk2-devel] [PATCH 2/3] BaseTools/Scripts/PatchCheck.py: Detect emails rewritten by Groups.Io

From: Philippe Mathieu-Daudé Due to strict DMARC / DKIM / SPF rules, Groups.Io sometimes rewrite the author email. See for example commit df851da3ceff5b6bcf5e12616. Add a check to detect these rewrites with PatchCheck.py. Cc: Bob Feng Cc: Liming Gao Signed-off-by: Philippe Mathieu-Daude ---

[edk2-devel] [PATCH 3/3] BaseTools/Scripts: Add log.mailmap to SetupGit.py

From: Philippe Mathieu-Daudé We added .mailmap to the repository in commit 4a1aeca3bd02d04e01c2d to display commit mistakes fixed. Use this option by default in our git setup. Cc: Bob Feng Cc: Liming Gao Signed-off-by: Philippe Mathieu-Daude --- BaseTools/Scripts/SetupGit.py | 1 + 1 file

[edk2-devel] [PATCH 1/3] BaseTools/Scripts/PatchCheck.py: Do not use mailmap

From: Philippe Mathieu-Daudé We check the author/committer name/email are properly displayed since commits 8ffa47fb3ab..c0328cf3803. However if PatchCheck.py uses the mailmap, it will check sanitized names/emails. Use the --no-use-mailmap option so PatchCheck.py will check unsanitized input.

[edk2-devel] [PATCH v4 36/40] UefiCpuPkg/MpInitLib: Add a CPU MP data flag to indicate if SEV-ES is enabled

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 When starting APs in an SMP configuration, the AP needs to know if it is running as an SEV-ES guest in order to assign a GHCB page. Add a field to the CPU_MP_DATA structure that will indicate if SEV-ES is enabled. This new field is set

[edk2-devel] [PATCH v4 34/40] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with SEV-ES is enabled

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The flash detection routine will attempt to determine how the flash device behaves (e.g. ROM, RAM, Flash). But when SEV-ES is enabled and the flash device behaves as a ROM device (meaning it is marked read-only by the hypervisor), this check

[edk2-devel] [PATCH v4 30/40] OvmfPkg: Reserve a page in memory for the SEV-ES usage

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Reserve a fixed area of memory for SEV-ES use and set a fixed PCD, PcdSevEsWorkAreaBase, to this value. This area will be used by SEV-ES support for two purposes: 1. Communicating the SEV-ES status during BSP boot to SEC: Using a

[edk2-devel] [PATCH v4 33/40] OvmfPkg/Sec: Enable cache early to speed up booting

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Currently, the OVMF code relies on the hypervisor to enable the cache support on the processor in order to improve the boot speed. However, with SEV-ES, the hypervisor is not allowed to change the CR0 register to enable caching. Update the

[edk2-devel] [PATCH v4 39/40] OvmfPkg: Move the GHCB allocations into reserved memory

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 After having transitioned from UEFI to the OS, the OS will need to boot the APs. For an SEV-ES guest, the APs will have been parked by UEFI using GHCB pages allocated by UEFI. The hypervisor will write to the GHCB SW_EXITINFO2 field of the

[edk2-devel] [PATCH v4 29/40] UefiCpuPkg: Create an SEV-ES workarea PCD

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Create an SEV-ES workarea PCD. This PCD will be used for BSP communication during SEC and for AP startup during PEI and DXE phases, the latter is the reason for creating it in the UefiCpuPkg. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek

[edk2-devel] [PATCH v4 35/40] UefiCpuPkg: Add a 16-bit protected mode code segment descriptor

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A hypervisor is not allowed to update an SEV-ES guests register state, so when booting an SEV-ES guest AP, the hypervisor is not allowed to set the RIP to the guest requested value. Instead, an SEV-ES AP must be transition from 64-bit long

[edk2-devel] [PATCH v4 38/40] OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A hypervisor is not allowed to update an SEV-ES guest's register state, so when booting an SEV-ES guest AP, the hypervisor is not allowed to set the RIP to the guest requested value. Instead an SEV-ES AP must be re-directed from within the

[edk2-devel] [PATCH v4 24/40] OvmfPkg: Add support to perform SEV-ES initialization

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 When SEV-ES is enabled, then SEV is also enabled. Add support to the SEV initialization function to also check for SEV-ES being enabled, and if enabled, set the SEV-ES enabled PCD (PcdSevEsIsEnabled). Cc: Jordan Justen Cc: Laszlo Ersek

[edk2-devel] [PATCH v4 26/40] OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is supported

Protect the memory used by an SEV-ES guest when S3 is supported. This includes the page table used to break down the 2MB page that contains the GHCB so that it can be marked un-encrypted, as well as the GHCB area. Regarding the lifecycle of the GHCB-related memory areas:

[edk2-devel] [PATCH v4 31/40] OvmfPkg/ResetVector: Add support for a 32-bit SEV check

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 During BSP startup, the reset vector code will issue a CPUID instruction while in 32-bit mode. When running as an SEV-ES guest, this will trigger a #VC exception. Add exception handling support to the early reset vector code to catch these

[edk2-devel] [PATCH v4 28/40] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The SEV support will clear the C-bit from non-RAM areas. The early GDT lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT will be read as un-encrypted even though it is encrypted. This will result in a failure to be

[edk2-devel] [PATCH v4 25/40] OvmfPkg: Create a GHCB page for use during Sec phase

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 A GHCB page is needed during the Sec phase, so this new page must be created. Since the #VC exception handler routines assume that a per-CPU variable area is immediately after the GHCB, this per-CPU variable area must also be created. Since

[edk2-devel] [PATCH v4 27/40] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Allocate memory for the GHCB pages and the per-CPU variable pages during SEV initialization for use during Pei and Dxe phases. The GHCB page(s) must be shared pages, so clear the encryption mask from the current page table entries. Upon

[edk2-devel] [PATCH v4 05/40] MdePkg/BaseLib: Add support for the XGETBV instruction

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a CPUID instruction requires the current value of the XCR0 register. In order to retrieve that value, the XGETBV instruction needs to be executed. Provide the necessary support to execute the XGETBV instruction. Cc: Michael D

Re: [edk2-devel] [PATCH v2 0/2] ShellPkg: Document the use of EFI_INVALID_PARAMETER by two functions

On 1/31/20 6:31 AM, Gao, Zhichao wrote: Hi, I have tried with the commit. It pass the check. Good news, thanks for checking :) Is there anything else I should do to get this series applied? Thanks, Phil. -Original Message- From: devel@edk2.groups.io [mailto:devel@edk2.groups.io]

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Thanks for the feedback, Jiewen! In that case, I agree we should deprecate MD4, MD5 and SHA1 in BaseHashApiLib. If the above statement is accurate, I can start next set of patches to remove the deprecated algorithms by creating a Bugzilla ticket. Please confirm. Thanks, Amol -Original

Re: [edk2-devel] [Patch] BaseTools/DscBuildData: Fix PCD autogen include file conflict

Liming, I have entered the following BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2503 Mike > -Original Message- > From: Gao, Liming > Sent: Monday, February 3, 2020 10:45 PM > To: Kinney, Michael D ; > devel@edk2.groups.io > Cc: Feng, Bob C ; Gao, Liming > > Subject: RE:

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Thanks, Jiewen! I will start the process. ~ Amol -Original Message- From: Yao, Jiewen Sent: Tuesday, February 04, 2020 4:20 PM To: Sukerkar, Amol N ; Kinney, Michael D ; devel@edk2.groups.io Cc: Wang, Jian J Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified

[edk2-devel] [PATCH] MdePkg: Add PCI Express 5.0 Header File

The header includes Physical Layer PCI Express Extended Capability definitions based on section 7.7.6 of PCI Express Base Specification 5.0. Signed-off-by: Felix Polyudov --- MdePkg/Include/IndustryStandard/PciExpress50.h | 136 + 1 file changed, 136 insertions(+)

[edk2-devel] [PATCH 1/1] SecurityPkg: Fix incorrect return value in documentation

The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype can not return EFI_INVALID_PARAMETER. The prototype documentation states it returns EFI_ACCESS_DENIED if: "The file specified by File and FileBuffer did not

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Mike The problem of defining a set of algo ID is that I have to remember the ID. I feel frustrated whenever I need match one ID to the other ID. Currently, UEFI secure boot and TCG trusted boot are important feature. If we can align to one of them, it is easier. I believe if we have a consistent

[edk2-devel] [PATCH v4 09/40] UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a IOIO_PROT intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to construct the required GHCB values to support a IOIO_PROT NAE event. Parse the instruction

[edk2-devel] [PATCH v4 12/40] UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a MSR_PROT intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to construct the required GHCB values to support an MSR_PROT NAE event. Parse the instruction

[edk2-devel] [PATCH v4 13/40] UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE events (MMIO)

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a NPF intercept for an NPT entry with a reserved bit set generates a #VC exception. This condition is assumed to be an MMIO access. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to

[edk2-devel] [PATCH v4 07/40] UefiCpuPkg: Implement library support for VMGEXIT

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 To support issuing a VMGEXIT instruction, create a library that can be used to perform GHCB and VMGEXIT related operations and to issue the actual VMGEXIT instruction when using the GHCB. Additionally, two VMGEXIT / MMIO related functions

[edk2-devel] [PATCH v4 14/40] UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a WBINVD intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c

[edk2-devel] [PATCH v4 17/40] UefiCpuPkg/CpuExceptionHandler: Add support for INVD NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a INVD intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c

[edk2-devel] [PATCH v4 02/40] MdePkg: Add the MSR definition for the GHCB register

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 For SEV-ES, the GHCB page address is stored in the GHCB MSR register (0xc0010130). Define the register and the format used for register during GHCB protocol negotiation. Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Tom Lendacky ---

[edk2-devel] [PATCH v4 20/40] UefiCpuPkg/CpuExceptionHandler: Add support for MONITOR/MONITORX NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a MONITOR/MONITORX intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky ---

[edk2-devel] [PATCH v4 00/40] SEV-ES guest support

This patch series provides support for running EDK2/OVMF under SEV-ES. Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the SEV support to protect the guest register state from the hypervisor. See "AMD64 Architecture Programmer's Manual Volume 2: System Programming", section

[edk2-devel] [PATCH v4 08/40] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Add base support to handle #VC exceptions. This includes a stub routine to invoke when a #VC exception occurs and special checks in the common exception handlers to invoke the #VC exception handler routine. Cc: Eric Dong Cc: Ray Ni Cc:

[edk2-devel] [PATCH v4 03/40] MdePkg: Add a structure definition for the GHCB

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The GHCB is used by an SEV-ES guest for communicating between the guest and the hypervisor. Create the GHCB definition as defined by the GHCB protocol definition. Cc: Michael D Kinney Cc: Liming Gao Signed-off-by: Tom Lendacky ---

[edk2-devel] [PATCH v4 11/40] UefiCpuPkg/CpuExceptionHandler: Add support for CPUID NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a CPUID intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to construct the required GHCB values to support a CPUID NAE event. Additionally, CPUID

[edk2-devel] [PATCH v4 10/40] UefiCpuPkg/CpuExceptionHandler: Support string IO for IOIO_PROT NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Add support to the #VC exception handler to handle string IO. This requires expanding the IO instruction parsing to recognize string based IO instructions as well as preparing an un-encrypted buffer to be used to transfer (either to or from

[edk2-devel] [PATCH v4 06/40] MdePkg/BaseLib: Add support for the VMGEXIT instruction

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 VMGEXIT is a new instruction used for Hypervisor/Guest communication when running as an SEV-ES guest. A VMGEXIT will cause an automatic exit (AE) to occur, resulting in a #VMEXIT with an exit code value of 0x403. Provide the necessary

[edk2-devel] [PATCH v4 01/40] MdePkg: Create PCDs to be used in support of SEV-ES

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Two new fixed PCDs are needed to support SEV-ES under OVMF: - PcdSecGhcbBase UINT64 value that is the base address of the GHCB used during the SEC phase. - PcdSecGhcbSize UINT64 value that is the size, in bytes, of

[edk2-devel] [PATCH v4 16/40] UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a RDPMC intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c

[edk2-devel] [PATCH v4 04/40] MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 GHCB pages must be mapped as shared pages, so modify the process of creating identity mapped pagetable entries so that GHCB entries are created without the encryption bit set. Cc: Jian J Wang Cc: Hao A Wu Cc: Dandan Bi Cc: Liming Gao

[edk2-devel] [PATCH v4 21/40] UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWAITX NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a MWAIT/MWAITX intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c

[edk2-devel] [PATCH v4 22/40] UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a DR7 read or write intercept generates a #VC exception. The #VC handler must provide special support to the guest for this. On a DR7 write, the #VC handler must cache the value and issue a VMGEXIT to notify the hypervisor of

[edk2-devel] [PATCH v4 23/40] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Create a function that can be used to determine if the VM is running as an SEV-ES guest. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky ---

[edk2-devel] [PATCH v4 15/40] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a RDTSC intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c

[edk2-devel] [PATCH v4 19/40] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a RDTSCP intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c

[edk2-devel] [PATCH v4 18/40] UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL NAE events

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a VMMCALL intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c

Re: [edk2-devel] [RFC] VariablePolicy - Protocol, Libraries, and Implementation for VariableLock Alternative

Bret, We like the new functionality. Our concern is our customers / we will need to modify all of the code that are consumers of EDKII_VARIABLE_LOCK_PROTOCOL to use the new protocols. If you could review that issue we would be 100% happy. Of course, that’s not always appropriate and we

Re: [edk2-devel] [PATCH 1/1] SecurityPkg: Fix incorrect return value in documentation

Hi Phil, On 02/04/20 23:26, Philippe Mathieu-Daudé wrote: > The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers > are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype > can not return EFI_INVALID_PARAMETER. > > The prototype documentation states it returns

[edk2-devel] [edk2-platform][patch v2] FitGen: Fix the issue to run in X64 linux machine

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2466 Memory allocation (malloc) may return the buffer address be above 4G. Current logic always converts the memory address to UINT32. It will cause memory read and free corrupt. This patch uses pointer to store the allocated memory address. Cc:

Re: [edk2-devel] [RFC] VariablePolicy - Protocol, Libraries, and Implementation for VariableLock Alternative

Expanding the audience beyond the RFC list…. If no one has additional input, I’ll try to start formatting these as patches later this week. Thanks! - Bret From: Bret Barkelew Sent: Tuesday, January 28, 2020 5:36 PM To:

Re: [edk2-devel] [Patch 5/5] CryptoPkg/CryptoPkg.dsc: Add build of Crypto libraries/modules

Reviewed-by: Jian J Wang Regards, Jian > -Original Message- > From: Kinney, Michael D > Sent: Thursday, January 30, 2020 3:01 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: [Patch 5/5] CryptoPkg/CryptoPkg.dsc: Add build of Crypto > libraries/modules > >

Re: [edk2-devel] [Patch] BaseTools tools_def.template: Add back -fno-pie option in GCC49 tool chain

(+Ard) On 02/04/20 05:54, Liming Gao wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2502 > This option is required to make GCC49 tool chain work with the high > version GCC compiler. > > Cc: Bob Feng > Signed-off-by: Liming Gao > --- > BaseTools/Conf/tools_def.template | 4 ++-- >

Re: [edk2-devel] [PATCH v2 1/1] BaseTools: Rationalise makefile generation

Hello Liming and Bob, To answer Liming's questions, I am building the DynamicTablesPkg with the patch with the AARCH64-DEBUG and the following configurations: Windows - GCC- GNUmake Windows - GCC- nmake Windows - VS2017 - GNUmake Windows - VS2017 - nmake Linux - GCC5 - GNUmake For the

Re: [edk2-devel] [PATCH V2] UefiCpuPkg RegisterCpuFeaturesLib: Match data type and format specifier

On 02/04/20 08:02, Star Zeng wrote: > Match data type and format specifier for printing. > 1. Type cast ProcessorNumber and FeatureIndex to UINT32 > as %d only expects a UINT32. > 2. Use %08x instead of %08lx for CacheControl to print Index > as it is UINT32 type. > 3. Use %016lx instead of

[edk2-devel] [PATCH v2 1/1] BaseTools: Rationalise makefile generation

From: Pierre Gondois The GenMake.py script tests the platform environment to determine the type of makefile that needs to be generated. If a Windows build host is detected, the makefile generated is of Nmake type. Otherwise a GNUmake type is generated. Furthermore, the ___MAKE_PATH option in

Re: [edk2-devel] [PATCH v2 00/11] support QEMU's "SMRAM at default SMBASE" feature

On Wed, 29 Jan 2020 at 21:44, Laszlo Ersek wrote: > > Ref:https://bugzilla.tianocore.org/show_bug.cgi?id=1512 > Repo: https://github.com/lersek/edk2.git > Branch: smram_at_default_smbase_bz_1512_wave_1_v2 > Supersedes: <20190924113505.27272-1-ler...@redhat.com> > > V1 is

Re: [edk2-devel] [PATCH V2] UefiCpuPkg RegisterCpuFeaturesLib: Match data type and format specifier

Reviewed-by: Eric Dong -Original Message- From: devel@edk2.groups.io On Behalf Of Zeng, Star Sent: Tuesday, February 4, 2020 3:02 PM To: devel@edk2.groups.io Cc: Zeng, Star ; Dong, Eric ; Ni, Ray ; Laszlo Ersek Subject: [edk2-devel] [PATCH V2] UefiCpuPkg RegisterCpuFeaturesLib: Match

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Jiewen, Thanks for pointing to the content in MdePkg. I agree that we could include in BaseHashApiLib implementation and use the subset of TPM_ALG_* define values for both the lib implementation and the PCD description. This will allow us to remove the extra #defines from the HashApiLib.h

[edk2-devel] [Patch v7 0/5] CryptoPkg: Add modules that produce BaseCryptLib services

New in V7 * Sync with edk2/master to align with HashApiLib commits * Fix typos and comment spelling * Update supported archs https://bugzilla.tianocore.org/show_bug.cgi?id=2420 Based on the following package with changes to merge into CryptoPkg.

[edk2-devel] [Patch v7 1/5] CryptoPkg/BaseCryptLib: Add X509ConstructCertificateStackV().

https://bugzilla.tianocore.org/show_bug.cgi?id=2420 Add X509ConstructCertificateStackV() to BaseCryptLib that is identical in behavior to X509ConstructCertificateStack(), but it takes a VA_LIST parameter for the variable argument list. The VA_LIST form of this function is required for

[edk2-devel] [Patch v7 5/5] CryptoPkg/CryptoPkg.dsc: Add build of Crypto libraries/modules

https://bugzilla.tianocore.org/show_bug.cgi?id=2420 Based on the following package with changes to merge into CryptoPkg. https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg Add Crypto library instances and modules that consume/produce the EDK II Crypto Protocols/PPIs to the

Re: [edk2-devel] [Patch v7 0/5] CryptoPkg: Add modules that produce BaseCryptLib services

For the whole patch series, Reviewed-by: Jian J Wang Regards, Jian > -Original Message- > From: Kinney, Michael D > Sent: Wednesday, February 05, 2020 10:59 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Lu, XiaoyuX > Subject: [Patch v7 0/5] CryptoPkg: Add modules that produce

Re: [edk2-devel] [PATCH 1/4] MdeModulePkg/SdMmcPciHcDxe: Enhance driver traces

Hello Mateusz, Try to provide some feedbacks before I can test the patch. Some inline comments below: > -Original Message- > From: Albecki, Mateusz > Sent: Monday, February 03, 2020 10:19 PM > To: devel@edk2.groups.io > Cc: Albecki, Mateusz; Wu, Hao A; Marcin Wojtas; Gao, Zhichao; Gao,

Re: [edk2-devel] [PATCH 4/4] MdeModulePkg/SdMmcPciHcDxe: Fix PIO transfer mode

> -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Albecki, Mateusz > Sent: Monday, February 03, 2020 10:19 PM > To: devel@edk2.groups.io > Cc: Albecki, Mateusz; Wu, Hao A; Marcin Wojtas; Gao, Zhichao; Gao, Liming > Subject: [edk2-devel] [PATCH

Re: [edk2-devel] [PATCH 2/4] MdeModulePkg/SdMmcPciHcDxe: Read response on command completion

One question below: > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Albecki, Mateusz > Sent: Monday, February 03, 2020 10:19 PM > To: devel@edk2.groups.io > Cc: Albecki, Mateusz; Wu, Hao A; Marcin Wojtas; Gao, Zhichao; Gao, Liming > Subject:

Re: [edk2-devel] [PATCH 3/4] MdeModulePkg/SdMmcPciHcDxe: Refactor data transfer completion

Just a similar question to PATCH 2/4 below: > -Original Message- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Albecki, Mateusz > Sent: Monday, February 03, 2020 10:19 PM > To: devel@edk2.groups.io > Cc: Albecki, Mateusz; Wu, Hao A; Marcin Wojtas; Gao,

Re: [edk2-devel] [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified Hash Calculation API

Thank you Mike. > -Original Message- > From: Kinney, Michael D > Sent: Wednesday, February 5, 2020 9:04 AM > To: Yao, Jiewen ; devel@edk2.groups.io; Sukerkar, > Amol N ; Kinney, Michael D > > Cc: Wang, Jian J > Subject: RE: [Patch v10 2/2] CryptoPkg/BaseHashApiLib: Implement Unified

Re: [edk2-devel] [PATCH v2 1/1] BaseTools: Rationalise makefile generation

Hello Liming, > I think below three configurations are common. With this patch, they can > work fine, right? [1] Windows - GCC- GNUmake [2] Windows - VS2017 - nmake [3] Linux - GCC5 - GNUmake I tested the following setups: * On AARCH64 - DEBUG build - [ShellPkg], configurations [1],

Re: [edk2-devel] [Patch] CryptoPkg/BaseCryptLibNull: Add missing HkdfSha256ExtractAndExpand()

The copyright year of file CryptHkdfNull.c was not updated. With it addressed, Reviewed-by: Jian J Wang Regards, Jian > -Original Message- > From: devel@edk2.groups.io On Behalf Of Michael D > Kinney > Sent: Thursday, January 30, 2020 8:17 AM > To: devel@edk2.groups.io > Cc: Wang,

Re: [edk2-devel] [PATCH v2 1/1] BaseTools: Rationalise makefile generation

Pierre: I think below three configurations are common. With this patch, they can work fine, right? And, do you mean Windows - GCC- GNUmake is still blocked by the change "0c3e8e9947a6c13b4327dd11b20acb95441701cf BaseTools: Enhance Basetool for incremental build"? > Windows - GCC-

Re: [edk2-devel] [PATCH v2 1/1] BaseTools: Build ASL files before C files

Pierre: I see you use ':' to describe the dependency between the different source file. This is makefile syntax for the dependency. If one file depends on more than one files, other files will list after this file with the separator space ' '. So, I think the example should be like below. >

Re: [edk2-devel] [Patch] BaseTools tools_def.template: Add back -fno-pie option in GCC49 tool chain

Laszlo: > -Original Message- > From: Laszlo Ersek > Sent: Tuesday, February 4, 2020 8:02 PM > To: devel@edk2.groups.io; Gao, Liming > Cc: Feng, Bob C ; Ard Biesheuvel > > Subject: Re: [edk2-devel] [Patch] BaseTools tools_def.template: Add back > -fno-pie option in GCC49 tool chain >

Re: [edk2-devel] [PATCH v1] UefiCpuPkg/MpInitLib: Always get CPUID & PlatformID in MicrocodeDetect()

Reviewed-by: Eric Dong -Original Message- From: devel@edk2.groups.io On Behalf Of Wu, Hao A Sent: Monday, February 3, 2020 8:35 AM To: devel@edk2.groups.io Cc: Wu, Hao A ; Dong, Eric ; Ni, Ray ; Laszlo Ersek ; Fu, Siyuan ; Kinney, Michael D Subject: [edk2-devel] [PATCH v1]