Re: [edk2] [Patch 2/3] OvmfPkg: use new BDS and UiApp in MdeModulePkg

2015-08-12 Thread Laszlo Ersek
Continuing: On 08/12/15 00:53, Laszlo Ersek wrote: On 08/03/15 07:41, Ruiyu Ni wrote: Compare to the old BDS, the new BDS separates the UI part to a standalone application UiApp. QemuBootOrderLib was changed to depend on the UefiBootManagerLib. I've covered the following files thus far:

Re: [edk2] [PATCH] BaseTools X64: prevent .eh_frame sections from being generated

2015-08-12 Thread Laszlo Ersek
On 08/12/15 20:57, Ard Biesheuvel wrote: After the recent GNU linker script changes, the following warning is emitted many times during the OVMF/X86 build: BFD: ...: warning: Empty loadable segment detected, is this intentional ? This is caused by the fact that, now that the section layout

Re: [edk2] [Patch] MdeModulePkg: Fix issue about Ip4Dxe implementation for DHCP DORA process

2015-08-12 Thread El-Haj-Mahmoud, Samer
There is an issue in this implementation 1. This patch addresses the problem of DHCP being triggered during boot up. 2. But the below piece of code will not let the DHCP DORA get triggered when, for instance, running ifconfig -s eth0 dhcp in the UEFI Shell: if (NewPolicy == Instance-Policy)

Re: [edk2] [RFC PATCH 0/4] unify GCC command line options

2015-08-12 Thread David Woodhouse
On Wed, 2015-08-12 at 09:08 +0200, Ard Biesheuvel wrote: Is there any reason these are kept out of sync? Are UNIXGCC and CYGGCC known to be widely used in some particular environment? If not, I think it makes sense to merge them, i.e., retain the UNIXGCC and CYGGCC toolchain names, but make

[edk2] OEMs: hire LegbaCore to secure your systems

2015-08-12 Thread Blibbet
I just did an 'interview' with LegbaCore today: http://firmwaresecurity.com/2015/08/12/interview-with-legbacore-and-their-oprom-checker-ships/ In addition to previous UEFI Forum plugfest advice from Phoenix (RUN CHIPSEC!!), also note below comment from LegbaCore. They were professional enough

Re: [edk2] [PATCH] ArmPkg/CpuDxe: Disable interrupt before restoring context

2015-08-12 Thread Heyi Guo
On 08/13/2015 11:10 AM, Heyi Guo wrote: Interrupt must be disabled before we storing ELR and other system registers, or else ELR will be overridden by interrupt reentrance. This bug is critical as we may get occasional exception or dead loop when interrupt reentrance occurs: After

Re: [edk2] [Patch] MdeModulePkg: Fix issue about Ip4Dxe implementation for DHCP DORA process

2015-08-12 Thread Wu, Jiaxin
Hi Samer, This changing caused ifconfig in shell failed to get the address from dhcp with the command ifconfig -s eth0 dhcp since the default policy is dhcp already. Yes, it does. We have been aware of this ifconfig issue and will fix it by following the rule to starting the Ip4 auto

Re: [edk2] [PATCH v2] BaseTools IA32/X64: prevent .eh_frame sections from being generated

2015-08-12 Thread Gao, Liming
Reviewed-by: Liming Gao liming@intel.com -Original Message- From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Thursday, August 13, 2015 1:19 PM To: edk2-devel@lists.01.org; ler...@redhat.com; Liu, Yingke D Cc: Gao, Liming; Ard Biesheuvel Subject: [PATCH v2] BaseTools

Re: [edk2] [patch 1/2] Add TPM2 definition in trusted computing group.

2015-08-12 Thread Zhang, Chao B
Hi Jiewen: Comments for ManufacturerID in tdEFI_TCG2_BOOT_SERVICE_CAPABILITY from Tcg2Protocol.h have unreadable character. Others are good to me. Reviewed-by: Chao Zhang chao.b.zh...@intel.com Thanks Best regards Chao Zhang -Original Message- From: Yao, Jiewen Sent:

Re: [edk2] [RFC PATCH 0/4] unify GCC command line options

2015-08-12 Thread Scott Duplichan
Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] wrote: ]Sent: Friday, August 07, 2015 10:05 AM ]To: edk2-de...@ml01.01.org; jordan.l.jus...@intel.com; yingke.d@intel.com ]Cc: Ard Biesheuvel ard.biesheu...@linaro.org ]Subject: [edk2] [RFC PATCH 0/4] unify GCC command line options ] ]This

[edk2] [PATCH v2] BaseTools IA32/X64: prevent .eh_frame sections from being generated

2015-08-12 Thread Ard Biesheuvel
After the recent GNU linker script changes, the following warning is emitted many times during the OVMF build: BFD: ...: warning: Empty loadable segment detected, is this intentional ? This is caused by the fact that, now that the section layout has changed somewhat, the .eh_frame section is

Re: [edk2] [patch 1/2] Add TPM2 definition in trusted computing group.

2015-08-12 Thread Yao, Jiewen
Right. Thanks a lot to catch it. I will fix it before check in. Thank you Yao Jiewen -Original Message- From: Zhang, Chao B Sent: Thursday, August 13, 2015 9:32 AM To: Yao, Jiewen; edk2-devel@lists.01.org Subject: RE: [patch 1/2] Add TPM2 definition in trusted computing group. Hi

[edk2] [PATCH] ArmPkg/CpuDxe: Disable interrupt before restoring context

2015-08-12 Thread Heyi Guo
Interrupt must be disabled before we storing ELR and other system registers, or else ELR will be overridden by interrupt reentrance. This bug is critical as we may get occasional exception or dead loop when interrupt reentrance occurs: After increasing SP ... Before popping out registers Or

Re: [edk2] [RFC PATCH 0/4] unify GCC command line options

2015-08-12 Thread Gao, Liming
I agree to unify GCC option and add -std=gun89 flag. Thanks Liming -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Scott Duplichan Sent: Thursday, August 13, 2015 9:25 AM To: 'Ard Biesheuvel'; edk2-de...@ml01.01.org; Justen, Jordan L; Liu,

[edk2] [PATCH 3/3] ArmPlatformPkg/FVP: unify support for Foundation and Base models

2015-08-12 Thread Ard Biesheuvel
Now that the PL180 and PL111 drivers know how to behave when executed on the Foundation model that does not emulate the hardware, we can remove the ARM_FOUNDATION_FVP ifdefs and produce a single build that runs on both the Foundation model and the Base model. Contributed-under: TianoCore

[edk2] [PATCH 2/3] ArmPlatformPkg/LcdGraphicsOutputDxe: check PrimeCell ID before initializing

2015-08-12 Thread Ard Biesheuvel
To deal gracefully with the absence of the PL111 hardware on the Foundation model, check the PrimeCell ID before proceeding with the installation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheu...@linaro.org ---

[edk2] [PATCH 1/3] ArmPlatformPkg/PL180MciDxe: check PrimeCell ID before initializing

2015-08-12 Thread Ard Biesheuvel
To deal gracefully with the absence of the PL180 hardware on the Foundation model, check the PrimeCell ID before proceeding with the installation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheu...@linaro.org ---

Re: [edk2] [RFC PATCH 0/4] unify GCC command line options

2015-08-12 Thread Ard Biesheuvel
On 10 August 2015 at 10:00, Gao, Liming liming@intel.com wrote: Ard: This patch introduces GCC4X_ for common GCC option. It may be common for GCC5, GCC6... So, how about use GCC_ prefix for all GCC common option? OK, I have been looking into this. It is mostly possible to fold all GCC

[edk2] [PATCH v3 09/16] CryptoPkg: Fix OpenSSL BN wordsize and OPENSSL_SYS_UEFI handling

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com We were manually setting -DSIXTY_FOUR_BIT_LONG or -DTHIRTY_TWO_BIT on the compiler command line when building OpensslLib itself, but not when building BaseCryptLib. But when building BaseCryptLib, we weren't setting OPENSSL_SYS_UEFI *either*. This

[edk2] [PATCH v3 11/16] CryptoPkg/OpensslLib: Move OPENSSL_NO_xxx defines into opensslconf.h

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com Putting these on the command line as we do at the moment means that they are *only* visible when actually building the OpenSSL code itself. When building other things like BaseCryptLib, they were missing. Which could lead to discrepancies in

[edk2] [PATCH v3 02/16] CryptoPkg/BaseCryptLib: Use i2d_X509_NAME() instead of abusing X509_NAME

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com In OpenSSL 1.1, the X509_NAME becomes an opaque structure and we will no longer get away with accessing its members directly. Use i2d_X509_NAME() instead. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse

[edk2] [PATCH v3 01/16] CryptoPkg/BaseCryptLib: Add missing OpenSSL includes

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com OpenSSL 1.1 has cleaned up its include files a little, and it will now be necessary to directly include things like openssl/bn.h if we want to use them, rather than assuming they are included indirectly from other headers. Contributed-under:

[edk2] [PATCH v3 04/16] CryptoPkg/BaseCryptLib: Use accessor functions for ASN1_OBJECT

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com OpenSSL 1.1 introduces new OBJ_get0_data() and OBJ_length() accessor functions and makes ASN1_OBJECT an opaque type. Unlike the accessors in previous commits which *did* actually exist already but just weren't mandatory, these don't exist in older

[edk2] [PATCH v3 10/16] CryptoPkg/OpensslLib: Eliminate GETPID_IS_MEANINGLESS definition

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com OpenSSL ought to work this out for itself when OPENSSL_SYS_UEFI is set. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse david.woodho...@intel.com --- CryptoPkg/Library/OpensslLib/EDKII_openssl-1.0.2d.patch |

[edk2] [PATCH v3 08/16] CryptoPkg/OpensslLib: Undefine NO_BUILTIN_VA_FUNCS to fix varargs breakage

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com Instead of patching OpenSSL to add EFIAPI to the one varargs function we actually *noticed* breakage in, let's fix the problem in a more coherent way by undefining NO_BUILTIN_VA_FUNCS. That way, the VA_START and similar macros will actually do the

[edk2] [PATCH v3 06/16] CryptoPkg/BaseCryptLib: Use X509_V_FLAG_PARTIAL_CHAIN

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com Since OpenSSL 1.0.2 we can set this flag on the X509_STORE to instruct OpenSSL to accept non-self-signed certificates as trusted. So we don't need two entirely identical copies of a verify_cb() function which makes it ignore the resulting errors.

[edk2] [PATCH v3 0/16] CryptoPkg: OpenSSL update

2015-08-12 Thread David Woodhouse
Not sure which version this is; let's call it v3 despite the fact that I think it's actually the first time all this lot has been posted together in a single coherent series. All the OpenSSL fixes are filed in upstream RT and in my git tree at http://git.infradead.org/users/dwmw2/openssl.git/ —

[edk2] [PATCH v3 05/16] CryptoPkg/BaseCryptLib: Clean up checking of PKCS#7 contents type

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com Use the new OBJ_get0_data() accessor to compare the data, and actually check the length of the object too. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: David Woodhouse david.woodho...@intel.com Tested-by: Laszlo Ersek

[edk2] [PATCH v3 03/16] CryptoPkg/BaseCryptLib: Use accessor functions for X509_ATTRIBUTE

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com In OpenSSL 1.1, the X509_ATTRIBUTE becomes an opaque structure and we will no longer get away with accessing its members directly. Use the accessor functions X509_ATTRIBUTE_get0_object0() and X509_ATTRIBUTE_get0_type() instead. Also be slightly

[edk2] [PATCH v3 16/16] CryptoPkg: Support building with OpenSSL HEAD (1.1.0-devel)

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com This requires a version of OpenSSL HEAD with the following fixes: RT3628: Allow filenames to be eliminated from compiled library RT3955: Reduce stack usage in PKCS7_verify() and PKCS7_decrypt() RT3964: Fix OPENSSL_NO_STDIO build RT3965:

[edk2] [PATCH v3 14/16] CryptoPkg/OpensslLib: Update OpenSSL patch

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com This updates to a version of the OpenSSL changes which is being submitted upstream for inclusion in HEAD (which will be OpenSSL 1.1.x) and hopefully also 1.0.2. Generated from the OpenSSL_1_0_2-stable branch of git repository at

[edk2] [PATCH v3 15/16] CryptoPkg/OpensslLib: Automatically configure OpenSSL and generate file list

2015-08-12 Thread David Woodhouse
From: David Woodhouse david.woodho...@intel.com With the patches which are going into upstream OpenSSL, we are able to run the standard Configure script and import the result into the EDK II source repository for others to build natively. The opensslconf.h file and the list of files in

[edk2] [PATCH] BaseTools X64: prevent .eh_frame sections from being generated

2015-08-12 Thread Ard Biesheuvel
After the recent GNU linker script changes, the following warning is emitted many times during the OVMF/X86 build: BFD: ...: warning: Empty loadable segment detected, is this intentional ? This is caused by the fact that, now that the section layout has changed somewhat, the .eh_frame section is