Reviewed-by: Hao Wu
Best Regards,
Hao Wu
> -Original Message-
> From: Dong, Eric
> Sent: Monday, September 17, 2018 11:11 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A; Chu, Maggie
> Subject: [Patch] SecurityPkg/TcgStorageOpalLib: Fixed correct user password
> not works issue.
>
> A
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1194
Speculative execution is used by processor to avoid having to wait for
data to arrive from memory, or for previous operations to finish, the
processor may speculate as to what will be executed.
If the speculation is incorrect, the speculativ
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1194
Speculative execution is used by processor to avoid having to wait for
data to arrive from memory, or for previous operations to finish, the
processor may speculate as to what will be executed.
If the speculation is incorrect, the speculativ
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1194
Speculative execution is used by processor to avoid having to wait for
data to arrive from memory, or for previous operations to finish, the
processor may speculate as to what will be executed.
If the speculation is incorrect, the speculativ
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1194
Speculative execution is used by processor to avoid having to wait for
data to arrive from memory, or for previous operations to finish, the
processor may speculate as to what will be executed.
If the speculation is incorrect, the speculativ
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193
This commit will add a new BaseLib API LoadFence(). This API will perform
a serializing operation on all load-from-memory instructions that were
issued prior to the call of this function.
The purpose of adding this API is to mitigate of the
The series aims to mitigate the Bounds Check Bypass (CVE-2017-5753) issues
within SMI handlers.
A more detailed explanation of the purpose of the series is under the
'Bounds check bypass mitigation' section of the below link:
https://software.intel.com/security-software-guidance/insights/host-firm
> v2 changes:
>a. remove macros no longer needed
>b. remove DEBUG and ASSERT in ToEnableExecuteDisableFeature()
>c. change ToEnableExecuteDisableFeature to EnableNonExec
BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
Currently IA32_EFER.NXE is only set against PcdSetNxFo
> v2 changes:
>Newly added patch to clarify PCDs usage.
BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
The usage of following PCDs described in MdeModulePkg.dec don't match
the implementation exactly. This patch updates related description in
both .dec and .uni files to avoid co
> v2 changes:
>Incorporates review comments from Laszlo and Star.
BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
Test:
a. try all related PCDs combinations and check the page table attributes
b. boot to shell on real intel platform with valid PCD setting combinations
(IA32/X
Hi Laszlo,
I agree there is no document to describe the detailed difference against the
overlapped network drivers the between NetworkPkg and MdeModulePkg (except
IPv4/IPv6 support ). We only declared that those drivers should not be used at
the same
(https://github.com/tianocore/tianocore.gi
No concern at all.
I have given R-B for the whole patch series. :-)
> -Original Message-
> From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
> Sent: Thursday, September 20, 2018 5:47 AM
> To: Laszlo Ersek
> Cc: edk2-devel@lists.01.org; Zeng, Star ; Wang, Jian J
> ; Kinney, Michael
Hi Patrick,
> If the autoconversion is not considered good enough, I'd propose keeping out
> patch 1 of this series that adds the #! line and the executable bit, and
> instead expect people to always call the script with "python
> $path/SplitFspBin.py" to keep confusion at a minimum.
There wa
Of all the gin joints in all the towns in all the world, Vladimir Olovyannikov
had to walk into mine at 16:58 on Wednesday 19 September 2018 and say:
> >From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
> >Sent: Wednesday, September 19, 2018 4:38 PM
> >To: Vladimir Olovyannikov
> >Cc: edk2-
On 19 September 2018 at 16:58, Vladimir Olovyannikov <
vladimir.olovyanni...@broadcom.com> wrote:
> >From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
> >Sent: Wednesday, September 19, 2018 4:38 PM
> >To: Vladimir Olovyannikov
> >Cc: edk2-devel@lists.01.org
> >Subject: Re: Stack issue after
>From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
>Sent: Wednesday, September 19, 2018 4:38 PM
>To: Vladimir Olovyannikov
>Cc: edk2-devel@lists.01.org
>Subject: Re: Stack issue after warm UEFI reset and MMU enabling on an Armv8
>platform
>On 19 September 2018 at 15:55, Vladimir Olovyanniko
On 19 September 2018 at 15:55, Vladimir Olovyannikov <
vladimir.olovyanni...@broadcom.com> wrote:
> Hi All,
>
>
>
> I need UEFI experts help on the problem with Armv8 board on warm UEFI
> reset.
>
> Cold reset works fine.
>
>
>
> Here is how I set up a warm reset:
>
>
>
> STATIC
>
> EFI_STATUS
>
>
Hi All,
I need UEFI experts help on the problem with Armv8 board on warm UEFI reset.
Cold reset works fine.
Here is how I set up a warm reset:
STATIC
EFI_STATUS
ShutdownUefiBootServices (
VOID
)
{
EFI_STATUS Status;
UINTN MemoryMapSize;
EFI
On 7 September 2018 at 01:28, Laszlo Ersek wrote:
> On 09/07/18 07:42, Ard Biesheuvel wrote:
>> Now that Itanium support has been dropped, we can remove the various
>> occurrences of the ELILO on Itanium PE/COFF header workaround.
>>
>> Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816
>> C
On 19 September 2018 at 12:35, Andrew Fish wrote:
>
>
>> On Sep 15, 2018, at 6:28 AM, Ard Biesheuvel
>> wrote:
>>
>> On 13 September 2018 at 19:20, Kinney, Michael D
>> wrote:
>>> Ard,
>>>
>>> I think there is a fundamental assumption that
>>> the sizeof(UINTN) and size of pointers of
>>> the n
> On Sep 15, 2018, at 6:28 AM, Ard Biesheuvel wrote:
>
> On 13 September 2018 at 19:20, Kinney, Michael D
> wrote:
>> Ard,
>>
>> I think there is a fundamental assumption that
>> the sizeof(UINTN) and size of pointers of
>> the native CPU are the same as the emulated CPU.
>> If that is not t
Prabin,
There is not an easy answer to your question.
1) What video resolution is available can be a function of what monitor is
plugged in to the graphics card.
2) The monitor can publish an EDID that defines what resolutions the monitor
supports. EDID is a VESA standard.
3) An EFI Platform
Laszlo:
I understand your point. I agree your suggestion. BZ
https://bugzilla.tianocore.org/show_bug.cgi?id=1191 has been submitted. Yes.
PiSmmCpuSmiEntryFixupAddress() is called in the driver entry point to fix up
the address first.
I will send V2 patch with the detail commit message and
Hello,
Our product uses a Baytrail with Minnowboard Max bios firmware ( version
0.93). Every now and then we see SPI flash corruption due to power cuts
while the unit is booting which causes the unit not to boot anymore. After
investigation we noticed that the VPD area is all FFs (address
44000->
Ok. Cool!
> -Original Message-
> From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
> Sent: Wednesday, September 19, 2018 9:55 PM
> To: Yao, Jiewen
> Cc: Ni, Ruiyu ; Zimmer, Vincent
> ; Dong, Eric ;
> edk2-devel@lists.01.org; Andrew Fish ; Gao, Liming
> ; Kinney, Michael D ;
> Richa
On 19 September 2018 at 02:29, Yao, Jiewen wrote:
> Thank you Ard. Good to know.
>
> Did you also try some security test, such as input a bad image to see if the
> code can return failure gracefully?
>
> Or enable secure boot to see if the image verification process still works
> well ?
>
> One
On 09/19/18 11:13, Wang, Jian J wrote:
> If no more new comments, I'll do following changes in v2, including review
> comments got so far:
>
> a. change ToEnableExecuteDisableFeature() to EnableNonExec()
> b. remove the ASSERT and DEBUG in current ToEnableExecuteDisableFeature()
> c. update dec/un
On 09/19/18 04:20, Wu, Jiaxin wrote:
>> On 09/17/18 07:43, Jiaxin Wu wrote:
>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=886
>>>
>>> The series patches are to support the TFTP windowsize option described in
>> RFC 7440.
>>> TFTP shell command and UEFI PXE driver will use the feature to b
On 09/19/18 03:31, Wu, Jiaxin wrote:
>>> Subject: [Patch v2] NetworkPkg: UefiPxeBcDxe: Add EXCLUSIVE attribute
>> when opening SNP protocol installed by PXE.
>>>
>>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1152
>>>
>>> v2: Sync the same logic to Ipv6 and update code comments.
>>>
>>> Th
On 09/18/18 20:02, Jordan Justen wrote:
> I guess the git config sendemail.from setting did not help your
> patches. ?? It still is coming through with a From field of
> .
>
> Regarding this patch, I suppose it is worth asking if &StackBase in
> the old code could possibly be an address not on the
One more, did you enable tpm to see if tpm measurement still works well ?
Also did defer image solution still takes effect with this change?
Sorry to ask many questions, I want to make sure the current security design
still work with this new capability.
thank you!
Yao, Jiewen
> 在 2018年9月19日
Thank you Ard. Good to know.
Did you also try some security test, such as input a bad image to see if the
code can return failure gracefully?
Or enable secure boot to see if the image verification process still works well
?
thank you!
Yao, Jiewen
> 在 2018年9月18日,下午9:53,Ard Biesheuvel 写道:
>
If no more new comments, I'll do following changes in v2, including review
comments got so far:
a. change ToEnableExecuteDisableFeature() to EnableNonExec()
b. remove the ASSERT and DEBUG in current ToEnableExecuteDisableFeature()
c. update dec/uni file to clarify the usage of following PCDs
P
On 9/18/2018 10:57 PM, Duran, Leo wrote:
-Original Message-
From: Ni, Ruiyu [mailto:ruiyu...@intel.com]
Sent: Tuesday, September 18, 2018 3:34 AM
To: Laszlo Ersek ; Duran, Leo ;
edk2-devel@lists.01.org
Cc: Dong, Eric
Subject: Re: [edk2] [PATCH] UefiCpuPkg/MtrrLib: Add flag to skip dis
34 matches
Mail list logo
