[edk2] [patch 1/2] Add TPM2 definition in trusted computing group.

2015-08-11 Thread jiewen yao 
1) TCG Physical Presence Interface Specification 1.30 at 
http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
2) TCG EFI Protocol Specification for TPM 2.0 at 
http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
3) Update TPM2.0 header file to include Hash Algo definition.
4) Update UEFI TCG platform header file to include more TCG event structure.

Test Win8/Win10 with secure boot enabled, PCR7 shows bound.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen jiewen@intel.com
CC: Zhang, Chao B chao.b.zh...@intel.com
---
 .../Include/IndustryStandard/TcgPhysicalPresence.h | 129 
 MdePkg/Include/IndustryStandard/Tpm20.h|  11 +-
 MdePkg/Include/IndustryStandard/UefiTcgPlatform.h  | 110 ++-
 MdePkg/Include/Protocol/Tcg2Protocol.h | 341 +
 MdePkg/Include/Protocol/TrEEProtocol.h |  18 +-
 MdePkg/MdePkg.dec  |   4 +
 6 files changed, 594 insertions(+), 19 deletions(-)
 create mode 100644 MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h
 create mode 100644 MdePkg/Include/Protocol/Tcg2Protocol.h

diff --git a/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h 
b/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h
new file mode 100644
index 000..80ae7d3
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h
@@ -0,0 +1,129 @@
+/** @file
+  TCG Physical Presence definition.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.BR
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD 
License 
+which accompanies this distribution.  The full text of the license may be 
found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN AS IS BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_H_
+#define _TCG_PHYSICAL_PRESENCE_H_
+
+//
+// TCG PP definition for physical presence ACPI function
+//
+#define TCG_ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION  1
+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS   2
+#define TCG_ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS3
+#define TCG_ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS4
+#define TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS5
+#define TCG_ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE   6
+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7
+#define TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8
+
+//
+// TCG PP definition for TPM Operation Response to OS Environment
+//
+#define TCG_PP_OPERATION_RESPONSE_SUCCESS  0x0
+#define TCG_PP_OPERATION_RESPONSE_USER_ABORT   0xFFF0
+#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFF1
+
+//
+// TCG PP definition of return code for Return TPM Operation Response to OS 
Environment
+//
+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS   0
+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE   1
+
+//
+// TCG PP definition of return code for Sumbit TPM Request to Pre-OS 
Environment
+// and Sumbit TPM Request to Pre-OS Environment 2
+//
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 
 0
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 
 1
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 
 2
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS
 3
+
+//
+// TCG PP definition of return code for Get User Confirmation Status for 
Operation
+//
+#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED   
  0
+#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY 
  1
+#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 
  2
+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED   
  3
+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED   
  4
+
+//
+// TCG PP definition of physical presence operation actions for TPM12
+//
+#define TCG_PHYSICAL_PRESENCE_NO_ACTION   0
+#define TCG_PHYSICAL_PRESENCE_ENABLE  1
+#define TCG_PHYSICAL_PRESENCE_DISABLE 2
+#define TCG_PHYSICAL_PRESENCE_ACTIVATE3
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE  4 
+#define TCG_PHYSICAL_PRESENCE_CLEAR   5
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE  7
+#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE

[edk2] [patch] Clean up unused data type - BOOL.

2015-08-14 Thread jiewen yao 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen jiewen@intel.com
CC: Zhang, Chao B chao.b.zh...@intel.com
---
 MdePkg/Include/IndustryStandard/Tpm20.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MdePkg/Include/IndustryStandard/Tpm20.h 
b/MdePkg/Include/IndustryStandard/Tpm20.h
index 2abfc57..0505927 100644
--- a/MdePkg/Include/IndustryStandard/Tpm20.h
+++ b/MdePkg/Include/IndustryStandard/Tpm20.h
@@ -147,7 +147,6 @@ typedef UINT64CONTEXT_COUNTER;
 
 // Table 3 - Definition of Base Types
 typedef UINT8 BYTE;
-typedef UINT8 BOOL;
 
 // Table 4 - Definition of Types for Documentation Clarity
 //
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] Fix typo in BaseCrypto2HashInit() which causes sanity check incorrect.

2015-08-14 Thread jiewen yao 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen jiewen@intel.com
Cc: Zhang, Chao B chao.b.zh...@intel.com
---
 SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c 
b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
index 6a7ecf2..dab0299 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
@@ -454,7 +454,7 @@ BaseCrypto2HashInit (
   // Consistency Check
   //
   Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
-  if ((Instance-HashContext != NULL) || (Instance-HashInfoContext != 
HashInfo)) {
+  if ((Instance-HashContext != NULL) || (Instance-HashInfoContext != NULL)) {
 return EFI_ALREADY_STARTED;
   }
 
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] Add Secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx

2015-07-26 Thread jiewen yao 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen jiewen@intel.com
Reviewed-by: Zhang, Chao chao.zh...@intel.com
Cc: Zhang, Chao chao.zh...@intel.com
---
 .../MemoryOverwriteRequestControlLock.h|  43 +
 MdePkg/MdePkg.dec  |   3 +
 SecurityPkg/SecurityPkg.dsc|   2 +
 .../MemoryOverwriteRequestControlLock/TcgMorLock.c | 196 +
 .../MemoryOverwriteRequestControlLock/TcgMorLock.h | 122 +
 .../TcgMorLock.uni | Bin 0 - 1964 bytes
 .../TcgMorLockExtra.uni| Bin 0 - 1356 bytes
 .../TcgMorLockSmm.c| 153 
 .../TcgMorLockSmm.inf  |  66 +++
 9 files changed, 585 insertions(+)
 create mode 100644 
MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf

diff --git 
a/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h 
b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
new file mode 100644
index 000..771306b
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
@@ -0,0 +1,43 @@
+/** @file
+  Support for Microsoft Secure MOR implementation, defined at 
+  Microsoft Secure MOR implementation.
+  
https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
+
+  Copyright (c) 2015, Intel Corporation. All rights reserved.BR
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD 
License
+  which accompanies this distribution.  The full text of the license may be 
found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN AS IS BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
+#define __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
+
+#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_GUID \
+  { \
+0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 
0x92} \
+  }
+
+#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME 
LMemoryOverwriteRequestControlLock
+
+//
+// VendorGuid: {BB983CCF-151D-40E1-A07B-4A17BE168292}
+// Name:   MemoryOverwriteRequestControlLock
+// Attributes: NV+BS+RT
+// Size:   0x1 byte
+//
+// The BIOS initializes MemoryOverwriteRequestControlLock to a value of 0x00
+// before BDS (BOOT processing). When the OS loader calls SetVariable by
+// specifying 0x01, the access mode for both MemoryOverwriteRequestControlLock
+// and MemoryOverwriteRequestControl is changed to read-only. If any other
+// value is specified in the SetVariable call, it fails with the 
+// EFI_INVALID_PARAMETER error code.
+//
+
+extern EFI_GUID gEfiMemoryOverwriteRequestControlLockGuid;
+
+#endif
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 598a6d0..7d74b69 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -388,6 +388,9 @@
 
   ## Include/Guid/MemoryOverwriteControl.h
   gEfiMemoryOverwriteControlDataGuid = { 0xe20939be, 0x32d4, 0x41be, {0xa1, 
0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29 }}
+  
+  ## Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
+  gEfiMemoryOverwriteRequestControlLockGuid = { 0xBB983CCF, 0x151D, 0x40E1, 
{0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92}}
 
   ## Include/Guid/WinCertificate.h
   gEfiCertTypeRsa2048Sha256Guid = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 
0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf }}
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index fa94d90..2d464a0 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -234,6 +234,8 @@
   SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf
 
 [Components.IA32, Components.X64]
+
+  SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
   SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
   SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
   #
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c 
b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
new file mode 100644
index 000..7ca7079
--- /dev/null
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
@@ -0,0 +1,196 @@
+/** @file
+  TCG MOR (Memory Overwrite Request) Lock Control Driver.
+
+  This driver initilize

[edk2] [patch] FspNotifyDxe need handle 4G memory.

2015-07-26 Thread jiewen yao 
The FSP API is always 32bit, but FspNotifyDxe might load to 4G memory. In 
order to make thunk work, we need reload FspNotifyDxe to 4G memory.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen jiewen@intel.com
CC: Mudusuru, Giri P giri.p.mudus...@intel.com
Cc: Rangarajan, Ravi P ravi.p.rangara...@intel.com
Cc: Ma, Maurice maurice...@intel.com
---
 IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.c   |  24 
 IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.inf |   4 +
 IntelFspWrapperPkg/FspNotifyDxe/LoadBelow4G.c| 152 +++
 IntelFspWrapperPkg/IntelFspWrapperPkg.dsc|   2 +
 4 files changed, 182 insertions(+)
 create mode 100644 IntelFspWrapperPkg/FspNotifyDxe/LoadBelow4G.c

diff --git a/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.c 
b/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.c
index f8e8e82..1a1e4e6 100644
--- a/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.c
+++ b/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.c
@@ -23,6 +23,22 @@
 #include Library/UefiLib.h
 #include Library/FspApiLib.h
 
+/**
+  Relocate this image under 4G memory.
+
+  @param  ImageHandle  Handle of driver image.
+  @param  SystemTable  Pointer to system table.
+
+  @retval EFI_SUCCESS  Image successfully relocated.
+  @retval EFI_ABORTED  Failed to relocate image.
+
+**/
+EFI_STATUS
+RelocateImageUnder4GIfNeeded (
+  IN EFI_HANDLE   ImageHandle,
+  IN EFI_SYSTEM_TABLE *SystemTable
+  );
+
 FSP_INFO_HEADER *mFspHeader = NULL;
 
 /**
@@ -120,6 +136,14 @@ FspDxeEntryPoint (
   VOID   *Registration;
   EFI_EVENT  ProtocolNotifyEvent;
 
+  //
+  // Load this driver's image to memory
+  //
+  Status = RelocateImageUnder4GIfNeeded (ImageHandle, SystemTable);
+  if (EFI_ERROR (Status)) {
+return EFI_SUCCESS;
+  }
+
   if (PcdGet32 (PcdFlashFvSecondFspBase) == 0) {
 mFspHeader = FspFindFspHeader (PcdGet32 (PcdFlashFvFspBase));
   } else {
diff --git a/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.inf 
b/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.inf
index 8175dbd..66970cc 100644
--- a/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.inf
+++ b/IntelFspWrapperPkg/FspNotifyDxe/FspNotifyDxe.inf
@@ -30,6 +30,7 @@
 
 [Sources]
   FspNotifyDxe.c
+  LoadBelow4G.c
 
 [Packages]
   MdePkg/MdePkg.dec
@@ -43,6 +44,9 @@
   BaseMemoryLib
   UefiLib
   FspApiLib
+  PeCoffLib
+  CacheMaintenanceLib
+  DxeServicesLib
 
 [Protocols]
   gEfiPciEnumerationCompleteProtocolGuid## CONSUMES
diff --git a/IntelFspWrapperPkg/FspNotifyDxe/LoadBelow4G.c 
b/IntelFspWrapperPkg/FspNotifyDxe/LoadBelow4G.c
new file mode 100644
index 000..d39164e
--- /dev/null
+++ b/IntelFspWrapperPkg/FspNotifyDxe/LoadBelow4G.c
@@ -0,0 +1,152 @@
+/** @file
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.BR
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions
+of the BSD License which accompanies this distribution.  The
+full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN AS IS BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include Uefi.h
+#include Library/BaseLib.h
+#include Library/UefiDriverEntryPoint.h
+#include Library/BaseMemoryLib.h
+#include Library/DebugLib.h
+#include Library/PeCoffLib.h
+#include Library/UefiBootServicesTableLib.h
+#include Library/DxeServicesLib.h
+#include Library/CacheMaintenanceLib.h
+#include Library/UefiLib.h
+
+/**
+  Relocate this image under 4G memory.
+
+  @param  ImageHandle  Handle of driver image.
+  @param  SystemTable  Pointer to system table.
+
+  @retval EFI_SUCCESS  Image successfully relocated.
+  @retval EFI_ABORTED  Failed to relocate image.
+
+**/
+EFI_STATUS
+RelocateImageUnder4GIfNeeded (
+  IN EFI_HANDLE   ImageHandle,
+  IN EFI_SYSTEM_TABLE *SystemTable
+  )
+{
+  EFI_STATUSStatus;
+  UINT8 *Buffer;
+  UINTN BufferSize;
+  EFI_HANDLENewImageHandle;
+  UINTN Pages;
+  EFI_PHYSICAL_ADDRESS  FfsBuffer;
+  PE_COFF_LOADER_IMAGE_CONTEXT  ImageContext;
+  VOID  *Interface;
+
+  //
+  // If it is already 4G, no need do relocate
+  //
+  if ((UINTN)RelocateImageUnder4GIfNeeded  0x) {
+return EFI_SUCCESS;
+  }
+
+  //
+  // If locate gEfiCallerIdGuid success, it means 2nd entry.
+  //
+  Status = gBS-LocateProtocol (gEfiCallerIdGuid, NULL, Interface);
+  if (!EFI_ERROR (Status)) {
+DEBUG ((EFI_D_INFO, FspNotifyDxe - 2nd entry\n));
+return EFI_SUCCESS;
+  }
+
+  DEBUG ((EFI_D_INFO, FspNotifyDxe - 1st entry\n));
+
+  //
+  // Here we install a dummy handle
+  //
+  NewImageHandle = NULL;
+  Status = gBS-InstallProtocolInterface (
+

[edk2] [patch] Add Secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx

2015-07-26 Thread jiewen yao 
Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler 
to
 enforce MorLock Policy.
Only SMM version is added because MOR is only supported in SMM variable case. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen jiewen@intel.com
Reviewed-by: Zhang, Chao chao.zh...@intel.com
Cc: Zhang, Chao chao.zh...@intel.com
---
 .../MemoryOverwriteRequestControlLock.h|  43 +
 MdePkg/MdePkg.dec  |   3 +
 SecurityPkg/SecurityPkg.dsc|   2 +
 .../MemoryOverwriteRequestControlLock/TcgMorLock.c | 196 +
 .../MemoryOverwriteRequestControlLock/TcgMorLock.h | 122 +
 .../TcgMorLock.uni | Bin 0 - 1964 bytes
 .../TcgMorLockExtra.uni| Bin 0 - 1356 bytes
 .../TcgMorLockSmm.c| 153 
 .../TcgMorLockSmm.inf  |  66 +++
 9 files changed, 585 insertions(+)
 create mode 100644 
MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
 create mode 100644 
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf

diff --git 
a/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h 
b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
new file mode 100644
index 000..771306b
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
@@ -0,0 +1,43 @@
+/** @file
+  Support for Microsoft Secure MOR implementation, defined at 
+  Microsoft Secure MOR implementation.
+  
https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
+
+  Copyright (c) 2015, Intel Corporation. All rights reserved.BR
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD 
License
+  which accompanies this distribution.  The full text of the license may be 
found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN AS IS BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
+#define __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
+
+#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_GUID \
+  { \
+0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 
0x92} \
+  }
+
+#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME 
LMemoryOverwriteRequestControlLock
+
+//
+// VendorGuid: {BB983CCF-151D-40E1-A07B-4A17BE168292}
+// Name:   MemoryOverwriteRequestControlLock
+// Attributes: NV+BS+RT
+// Size:   0x1 byte
+//
+// The BIOS initializes MemoryOverwriteRequestControlLock to a value of 0x00
+// before BDS (BOOT processing). When the OS loader calls SetVariable by
+// specifying 0x01, the access mode for both MemoryOverwriteRequestControlLock
+// and MemoryOverwriteRequestControl is changed to read-only. If any other
+// value is specified in the SetVariable call, it fails with the 
+// EFI_INVALID_PARAMETER error code.
+//
+
+extern EFI_GUID gEfiMemoryOverwriteRequestControlLockGuid;
+
+#endif
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 598a6d0..7d74b69 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -388,6 +388,9 @@
 
   ## Include/Guid/MemoryOverwriteControl.h
   gEfiMemoryOverwriteControlDataGuid = { 0xe20939be, 0x32d4, 0x41be, {0xa1, 
0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29 }}
+  
+  ## Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
+  gEfiMemoryOverwriteRequestControlLockGuid = { 0xBB983CCF, 0x151D, 0x40E1, 
{0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92}}
 
   ## Include/Guid/WinCertificate.h
   gEfiCertTypeRsa2048Sha256Guid = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 
0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf }}
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index fa94d90..2d464a0 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -234,6 +234,8 @@
   SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf
 
 [Components.IA32, Components.X64]
+
+  SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
   SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
   SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
   #
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c 
b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
new file mode 100644
index 000..7ca7079
--- /dev/null
+++

[edk2] [patch] Downgrade one debug message level in DxeTpm2MeasureBootHandler from EFI_D_ERROR to EFI_D_INFO.

2015-07-26 Thread jiewen yao 
No TPM2 is considered as valid case. For example, a platform may only have 
TPM1.2, without TPM2.0 So this is NOT an ERROR message, but more an INFO 
message.

Signed-off-by: Yao, Jiewen jiewen@intel.com

Cc: Zhang, Chao chao.zh...@intel.com

---
 SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c 
b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
index 2f75219..a5d7fe5 100644
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@@ -447,7 +447,7 @@ DxeTpm2MeasureBootHandler (
 // TrEE protocol is not installed. So, TPM2 is not present.
 // Don't do any measurement, and directly return EFI_SUCCESS.
 //
-DEBUG ((EFI_D_ERROR, DxeTpm2MeasureBootHandler - TrEE - %r\n, Status));
+DEBUG ((EFI_D_INFO, DxeTpm2MeasureBootHandler - TrEE - %r\n, Status));
 return EFI_SUCCESS;
   }
 
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] Add MorLockDriverInit() definition to resolve build failure.

2015-07-26 Thread jiewen yao 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen jiewen@intel.com
Reviewed-by: Zhang, Chao chao.zh...@intel.com
Cc: Zhang, Chao chao.zh...@intel.com
---
 .../Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h| 15 +++
 1 file changed, 15 insertions(+)

diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h 
b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
index dbae913..50a656a 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
@@ -119,4 +119,19 @@ SetVariableCheckHandlerMor (
   IN VOID   *Data
   );
 
+/**
+  Entry Point for MOR Lock Control driver.
+
+  @param[in] ImageHandle  Image handle of this driver.
+  @param[in] SystemTable  A Pointer to the EFI System Table.
+
+  @retval EFI_SUCEESS 
+  @return Others  Some error occurs.
+**/
+EFI_STATUS
+EFIAPI
+MorLockDriverInit (
+  VOID
+  );
+
 #endif
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] Do not deadloop if Microcode not found in FspTempRamInit.

2015-10-25 Thread jiewen yao 
We do not consider microcode not found as critical error, because Microcode 
might already be already applied or be applied later.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Ma, Maurice ;
Cc: Rangarajan, Ravi P 
---
 .../Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.S| 10 ++
 .../Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.asm  | 12 +++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git 
a/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.S 
b/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.S
index 24bc36b..045f1fb 100644
--- a/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.S
+++ b/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.S
@@ -210,12 +210,22 @@ FspHeaderFound:
   jmp  *%eax
 
 TempRamInitDone:
+  cmp  $0x800E, %eax   #Check if EFI_NOT_FOUND returned. Error code for 
Microcode Update not found.
+  xorl %eax, %eax
+  je   CallSecFspInit  #If microcode not found, don't hang, but continue.
+
   cmp  $0x0, %eax
   jnz  FspApiFailed
 
   #   ECX: start of range
   #   EDX: end of range
+CallSecFspInit:
   movl%edx, %esp
+
+  # Align the stack at DWORD
+  addl  $3, %esp
+  andl  $0xFFFC, %esp
+
   pushl   %edx
   pushl   %ecx
   pushl   %eax # zero - no hob list yet
diff --git 
a/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.asm 
b/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.asm
index 0e0c5c5..3c0bca3 100644
--- a/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.asm
+++ b/IntelFspWrapperPkg/Library/SecPeiFspPlatformSecLibSample/Ia32/SecEntry.asm
@@ -220,12 +220,22 @@ FspHeaderFound:
   jmp eax
 
 TempRamInitDone:
-  cmp eax, 0
+  cmp eax, 800Eh  ;Check if EFI_NOT_FOUND returned. Error code for 
Microcode Update not found.
+  xor eax, eax
+  je  CallSecFspInit  ;If microcode not found, don't hang, but continue.
+
+  cmp eax, 0  ;Check if EFI_SUCCESS retuned.
   jnz FspApiFailed
 
   ;   ECX: start of range
   ;   EDX: end of range
+CallSecFspInit:
   mov esp, edx
+
+  ; Align the stack at DWORD
+  add  esp,  3
+  and  esp, 0FFFCh
+
   pushedx
   pushecx
   pusheax ; zero - no hob list yet
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] Publish FspHob to PEI Hob by default, because most platforms use such logic.

2015-10-26 Thread jiewen yao 
PcdDataBaseHobGuid GuidHob is excluded because PCD database in FSP is different 
with the one in PEI.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Ma, Maurice ;
Cc: Rangarajan, Ravi P 
Cc: Kinney, Michael D 
---
 .../FspHobProcessLibSample.c   | 38 ++
 .../PeiFspHobProcessLibSample.inf  |  1 +
 2 files changed, 39 insertions(+)

diff --git 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
index 099980e..471b0fa 100644
--- 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
+++ 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
@@ -25,6 +25,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
 //
@@ -335,6 +336,41 @@ FspHobProcessForMemoryResource (
 }
 
 /**
+  Process FSP HOB list
+
+  @param[in] FspHobList  Pointer to the HOB data structure produced by FSP.
+
+**/
+VOID
+ProcessFspHobList (
+  IN VOID *FspHobList
+  )
+{
+  EFI_PEI_HOB_POINTERS  FspHob;
+
+  FspHob.Raw = FspHobList;
+
+  //
+  // Add all the HOBs from FSP binary to FSP wrapper
+  //
+  while (!END_OF_HOB_LIST (FspHob)) {
+if (FspHob.Header->HobType == EFI_HOB_TYPE_GUID_EXTENSION) {
+  //
+  // Skip FSP binary creates PcdDataBaseHobGuid
+  //
+  if (!CompareGuid(>Name, )) { 
+BuildGuidDataHob (
+  >Name,
+  GET_GUID_HOB_DATA(FspHob),
+  GET_GUID_HOB_DATA_SIZE(FspHob)
+);
+  }
+}
+FspHob.Raw = GET_NEXT_HOB (FspHob);
+  }
+}
+
+/**
   BIOS process FspBobList for other data (not Memory Resource Descriptor).
 
   @param[in] FspHobList  Pointer to the HOB data structure produced by FSP.
@@ -347,6 +383,8 @@ FspHobProcessForOtherData (
   IN VOID *FspHobList
   )
 {
+  ProcessFspHobList (FspHobList);
+
   return EFI_SUCCESS;
 }
 
diff --git 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
index 12f922c..c7f35f7 100644
--- 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
+++ 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
@@ -70,6 +70,7 @@
 [Guids]
   gFspReservedMemoryResourceHobGuid   ## CONSUMES ## HOB
   gEfiMemoryTypeInformationGuid   ## CONSUMES ## GUID
+  gPcdDataBaseHobGuid ## CONSUMES ## HOB
 
 [Ppis]
   gEfiPeiCapsulePpiGuid   ## CONSUMES
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] Publish FspHob to PEI Hob by default, because most platforms use such logic.

2015-10-25 Thread jiewen yao 
PcdDataBaseHobGuid GuidHob is excluded because PCD database in FSP is different 
with the one in PEI.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Ma, Maurice ;
Cc: Rangarajan, Ravi P 
Cc: Kinney, Michael D 
---
 .../FspHobProcessLibSample.c   | 38 ++
 .../PeiFspHobProcessLibSample.inf  |  1 +
 2 files changed, 39 insertions(+)

diff --git 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
index 099980e..471b0fa 100644
--- 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
+++ 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
@@ -25,6 +25,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
 //
@@ -335,6 +336,41 @@ FspHobProcessForMemoryResource (
 }
 
 /**
+  Process FSP HOB list
+
+  @param[in] FspHobList  Pointer to the HOB data structure produced by FSP.
+
+**/
+VOID
+ProcessFspHobList (
+  IN VOID *FspHobList
+  )
+{
+  EFI_PEI_HOB_POINTERS  FspHob;
+
+  FspHob.Raw = FspHobList;
+
+  //
+  // Add all the HOBs from FSP binary to FSP wrapper
+  //
+  while (!END_OF_HOB_LIST (FspHob)) {
+if (FspHob.Header->HobType == EFI_HOB_TYPE_GUID_EXTENSION) {
+  //
+  // Skip FSP binary creates PcdDataBaseHobGuid
+  //
+  if (!CompareGuid(>Name, )) { 
+BuildGuidDataHob (
+  >Name,
+  (VOID *)(FspHob.Raw + sizeof (EFI_HOB_GENERIC_HEADER) + sizeof 
(EFI_GUID)),
+  FspHob.Header->HobLength
+);
+  }
+}
+FspHob.Raw = GET_NEXT_HOB (FspHob);
+  }
+}
+
+/**
   BIOS process FspBobList for other data (not Memory Resource Descriptor).
 
   @param[in] FspHobList  Pointer to the HOB data structure produced by FSP.
@@ -347,6 +383,8 @@ FspHobProcessForOtherData (
   IN VOID *FspHobList
   )
 {
+  ProcessFspHobList (FspHobList);
+
   return EFI_SUCCESS;
 }
 
diff --git 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
index 12f922c..c7f35f7 100644
--- 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
+++ 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/PeiFspHobProcessLibSample.inf
@@ -70,6 +70,7 @@
 [Guids]
   gFspReservedMemoryResourceHobGuid   ## CONSUMES ## HOB
   gEfiMemoryTypeInformationGuid   ## CONSUMES ## GUID
+  gPcdDataBaseHobGuid ## CONSUMES ## HOB
 
 [Ppis]
   gEfiPeiCapsulePpiGuid   ## CONSUMES
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 2/2] Move Smbios measurement from TCG driver to Smbios driver.

2015-10-26 Thread jiewen yao 
This is patch to add smbios measurement.

The problem of current SMBIOS measurement is:
1) TCG drivers do not support SMBIOS3.0 table.
2) TCG drivers do not follow TCG platform spec on: "Platform configuration 
information that is automatically updated,
 such as clock registers, and system unique information, such as asset numbers 
or serial numbers,
 MUST NOT be measured into PCR [1], or any other PCR."

So we decide to move Smbios measurement from TCG drivers to Smbios driver.
---
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.c| 617 +
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.h| 142 +
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf  |  68 +++
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.uni  | Bin 0 -> 1988 bytes
 .../SmbiosMeasurementDxeExtra.uni  | Bin 0 -> 1358 bytes
 6 files changed, 829 insertions(+), 2 deletions(-)
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.h
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.uni
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxeExtra.uni

diff --git a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c 
b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c
new file mode 100644
index 000..2152827
--- /dev/null
+++ b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c
@@ -0,0 +1,617 @@
+/** @file
+  This driver measures SMBIOS table to TPM.
+  
+Copyright (c) 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials  
+are licensed and made available under the terms and conditions of the BSD 
License 
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php 
   
+   
   
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,  
   
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.  
   
+
+**/
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define FIELD_SIZE_OF(TYPE, Field) ((UINTN)sizeof(((TYPE *)0)->Field))
+
+typedef struct {
+  UINT8  Type;
+  UINTN  Offset;
+  UINTN  Size;
+  UINT32 Flags;
+} SMBIOS_FILTER_TABLE;
+#define SMBIOS_FILTER_TABLE_FLAG_IS_STRING  BIT0
+
+typedef struct {
+  UINT8Type;
+  SMBIOS_FILTER_TABLE  *Filter; // NULL means all fields
+  UINTNFilterCount;
+} SMBIOS_FILTER_STRUCT;
+
+//
+// Platform Specific Policy
+//
+SMBIOS_FILTER_TABLE  mSmbiosFilterType1BlackList[] = {
+  {0x01, OFFSET_OF(SMBIOS_TABLE_TYPE1, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE1, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x01, OFFSET_OF(SMBIOS_TABLE_TYPE1, Uuid), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE1, Uuid), 0},
+  {0x01, OFFSET_OF(SMBIOS_TABLE_TYPE1, WakeUpType),   
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE1, WakeUpType),   0},
+};
+SMBIOS_FILTER_TABLE  mSmbiosFilterType2BlackList[] = {
+  {0x02, OFFSET_OF(SMBIOS_TABLE_TYPE2, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE2, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x02, OFFSET_OF(SMBIOS_TABLE_TYPE2, LocationInChassis),
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE2, LocationInChassis),
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+};
+SMBIOS_FILTER_TABLE  mSmbiosFilterType3BlackList[] = {
+  {0x03, OFFSET_OF(SMBIOS_TABLE_TYPE3, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE3, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x03, OFFSET_OF(SMBIOS_TABLE_TYPE3, AssetTag), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE3, AssetTag), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+};
+SMBIOS_FILTER_TABLE  mSmbiosFilterType4BlackList[] = {
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, AssetTag), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, AssetTag), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, PartNumber),   
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, PartNumber),   
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, CoreCount),
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, CoreCount),0},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, EnabledCoreCount), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4,

[edk2] [patch] Move Smbios measurement from TCG driver to Smbios driver.

2015-10-26 Thread jiewen yao 
This is patch to remove smbios measurement in TCG driver. There will be other 
patch to add it in Smbios driver.

The problem of current SMBIOS measurement is:
1) TCG drivers do not support SMBIOS3.0 table.
2) TCG drivers do not follow TCG platform spec on: "Platform configuration 
information that is automatically updated,
 such as clock registers, and system unique information, such as asset numbers 
or serial numbers,
 MUST NOT be measured into PCR [1], or any other PCR."

So we decide to move Smbios measurement from TCG drivers to Smbios driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Zhang, Chao B 
Cc: Zeng, Star 
---
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c   | 33 +
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf |  4 
 SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 33 +
 SecurityPkg/Tcg/TcgDxe/TcgDxe.inf   |  4 
 SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c   | 33 +
 SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf |  4 
 6 files changed, 3 insertions(+), 108 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c 
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 9ad970a..7076772 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -15,11 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 #include 
 #include 
 #include 
-#include 
 #include 
 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -1690,42 +1688,13 @@ MeasureHandoffTables (
   )
 {
   EFI_STATUSStatus;
-  SMBIOS_TABLE_ENTRY_POINT  *SmbiosTable;
   TCG_PCR_EVENT_HDR TcgEvent;
   EFI_HANDOFF_TABLE_POINTERSHandoffTables;
   UINTN ProcessorNum;
   EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
 
   ProcessorLocBuf = NULL;
-
-  //
-  // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1]
-  //
-  Status = EfiGetSystemConfigurationTable (
- ,
- (VOID **) 
- );
-
-  if (!EFI_ERROR (Status) && SmbiosTable != NULL) {
-TcgEvent.PCRIndex  = 1;
-TcgEvent.EventType = EV_EFI_HANDOFF_TABLES;
-TcgEvent.EventSize = sizeof (HandoffTables);
-
-HandoffTables.NumberOfTables = 1;
-HandoffTables.TableEntry[0].VendorGuid  = gEfiSmbiosTableGuid;
-HandoffTables.TableEntry[0].VendorTable = SmbiosTable;
-
-DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", 
SmbiosTable->TableAddress));
-DEBUG ((DEBUG_INFO, "The Smbios Table size: 0x%x\n", 
SmbiosTable->TableLength));
-
-Status = TcgDxeHashLogExtendEvent (
-   0,
-   (UINT8*)(UINTN)SmbiosTable->TableAddress,
-   SmbiosTable->TableLength,
-   ,
-   (UINT8*)
-   );
-  }
+  Status = EFI_SUCCESS;
 
   if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) {
 //
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf 
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index d6ac07e..ca6741b 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -61,10 +61,6 @@
   Tcg2PhysicalPresenceLib
 
 [Guids]
-  ## SOMETIMES_CONSUMES ## SystemTable   # Smbios Table
-  ## SOMETIMES_CONSUMES ## GUID  # Handoff Table for 
measurement.
-  gEfiSmbiosTableGuid
-  
   ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
   ## SOMETIMES_CONSUMES ## Variable:L"PK"
   ## SOMETIMES_CONSUMES ## Variable:L"KEK"
diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
index 4b9afe3..8091941 100644
--- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
+++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
@@ -23,11 +23,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 #include 
 #include 
 #include 
-#include 
 #include 
 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -748,42 +746,13 @@ MeasureHandoffTables (
   )
 {
   EFI_STATUSStatus;
-  SMBIOS_TABLE_ENTRY_POINT  *SmbiosTable;
   TCG_PCR_EVENT_HDR TcgEvent;
   EFI_HANDOFF_TABLE_POINTERSHandoffTables;
   UINTN ProcessorNum;
   EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
 
   ProcessorLocBuf = NULL;
-
-  //
-  // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1]
-  //
-  Status = EfiGetSystemConfigurationTable (
- ,
- (VOID **) 
- );
-
-  if (!EFI_ERROR (Status) && SmbiosTable != NULL) {
-TcgEvent.PCRIndex  = 1;
-TcgEvent.EventType = EV_EFI_HANDOFF_TABLES;
-TcgEvent.EventSize = sizeof (HandoffTables);
-
-HandoffTables.NumberOfTables = 1;
-HandoffTables.TableEntry[0].VendorGuid  = gEfiSmbiosTableGuid;
-HandoffTables.TableEntry[0].VendorTable = SmbiosTable;
-
-DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", 
SmbiosTable->TableAddress));
-

[edk2] [patch] Add suppressif around TCG hash seleciton checkbox in TCG2 cofiguration UI, based on TPM2 hardware capability.

2015-10-26 Thread jiewen yao 
Previous TCG2 configuration UI always add all TCG defined hash algorithm to let 
user select which one need be used.
This brings risk that user might select unsupported hash, and selection is 
rejected later.
So we enhance to UI to hide unsupported hash algorithm.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Zhang, Chao B 
---
 SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 16 +
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c   | 48 +++
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 ++-
 3 files changed, 75 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr 
b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index fe0ef14..b350444 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -19,6 +19,12 @@ formset
   title = STRING_TOKEN(STR_TCG2_TITLE),
   help  = STRING_TOKEN(STR_TCG2_HELP),
   classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
+  
+  efivarstore TCG2_CONFIGURATION_INFO,
+varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID,
+attribute = 0x02,  // EFI variable attribures  
EFI_VARIABLE_BOOTSERVICE_ACCESS
+name  = TCG2_CONFIGURATION_INFO,
+guid  = TCG2_CONFIG_FORM_SET_GUID;
 
   efivarstore TCG2_CONFIGURATION,
 varid = TCG2_CONFIGURATION_VARSTORE_ID,
@@ -120,6 +126,7 @@ formset
 
 subtitle text = STRING_TOKEN(STR_NULL);
 
+  suppressif ideqval TCG2_CONFIGURATION_INFO.Sha1Supported == 0;
 checkbox name = TCG2ActivatePCRBank0,
 questionid = KEY_TPM2_PCR_BANKS_REQUEST_0,
 prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1),
@@ -127,7 +134,9 @@ formset
 flags  = INTERACTIVE,
 default= 1,
 endcheckbox;
+  endif;
 
+  suppressif ideqval TCG2_CONFIGURATION_INFO.Sha256Supported == 0;
 checkbox name = TCG2ActivatePCRBank1,
 questionid = KEY_TPM2_PCR_BANKS_REQUEST_1,
 prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256),
@@ -135,7 +144,9 @@ formset
 flags  = INTERACTIVE,
 default= 0,
 endcheckbox;
+  endif;
 
+  suppressif ideqval TCG2_CONFIGURATION_INFO.Sha384Supported == 0;
 checkbox name = TCG2ActivatePCRBank2,
 questionid = KEY_TPM2_PCR_BANKS_REQUEST_2,
 prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384),
@@ -143,7 +154,9 @@ formset
 flags  = INTERACTIVE,
 default= 0,
 endcheckbox;
+  endif;
 
+  suppressif ideqval TCG2_CONFIGURATION_INFO.Sha512Supported == 0;
 checkbox name = TCG2ActivatePCRBank3,
 questionid = KEY_TPM2_PCR_BANKS_REQUEST_3,
 prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512),
@@ -151,7 +164,9 @@ formset
 flags  = INTERACTIVE,
 default= 0,
 endcheckbox;
+  endif;
 
+  suppressif ideqval TCG2_CONFIGURATION_INFO.Sm3Supported == 0;
 checkbox name = TCG2ActivatePCRBank4,
 questionid = KEY_TPM2_PCR_BANKS_REQUEST_4,
 prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256),
@@ -159,6 +174,7 @@ formset
 flags  = INTERACTIVE,
 default= 0,
 endcheckbox;
+  endif;
 
 endif;
 
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c 
b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
index 2453769..0d29560 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -387,6 +387,38 @@ FillBufferWithBootHashAlg (
 }
 
 /**
+  Set ConfigInfo according to TpmAlgHash.
+
+  @param[in,out] Tcg2ConfigInfo   TCG2 config info.
+  @param[in] TpmAlgHash   TpmAlgHash.
+
+**/
+VOID
+SetConfigInfo (
+  IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo,
+  IN UINT32  TpmAlgHash
+  )
+{
+  switch (TpmAlgHash) {
+  case TPM_ALG_SHA1:
+Tcg2ConfigInfo->Sha1Supported = TRUE;
+break;
+  case TPM_ALG_SHA256:
+Tcg2ConfigInfo->Sha256Supported = TRUE;
+break;
+  case TPM_ALG_SHA384:
+Tcg2ConfigInfo->Sha384Supported = TRUE;
+break;
+  case TPM_ALG_SHA512:
+Tcg2ConfigInfo->Sha512Supported = TRUE;
+break;
+  case TPM_ALG_SM3_256:
+Tcg2ConfigInfo->Sm3Supported = TRUE;
+break;
+  }
+}
+
+/**
   Fill Buffer With TCG2EventLogFormat.
 
   @param[in] Buffer   Buffer to be filled.
@@ -471,6 +503,7 @@ InstallTcg2ConfigForm (
   UINTN   Index;
   TPML_PCR_SELECTION  Pcrs;
   CHAR16  TempBuffer[1024];
+  TCG2_CONFIGURATION_INFO Tcg2ConfigInfo;
 
   DriverHandle = NULL;
   ConfigAccess = >ConfigAccess;
@@ -531,6 +564,7 @@ InstallTcg2ConfigForm (
 break;
   }
 
+  ZeroMem (, sizeof(Tcg2ConfigInfo));
   Status = Tpm2GetCapabilityPcrs ();
   if (EFI_ERROR (Status)) {
 HiiSetString (PrivateData->HiiHandle, STRING_TOKEN 
(STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL);
@@

[edk2] [patch] Fix issue that calling GetS3MemoryInfo() with wrong order.

2015-10-26 Thread jiewen yao 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Ma, Maurice ;
Cc: Rangarajan, Ravi P 
---
 .../Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
index 82af87f..099980e 100644
--- 
a/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
+++ 
b/IntelFspWrapperPkg/Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c
@@ -246,7 +246,7 @@ FspHobProcessForMemoryResource (
 
 S3PeiMemBase = 0;
 S3PeiMemSize = 0;
-Status = GetS3MemoryInfo (, );
+Status = GetS3MemoryInfo (, );
 ASSERT_EFI_ERROR (Status);
 DEBUG((DEBUG_INFO, "S3 memory %Xh - %Xh bytes\n", S3PeiMemBase, 
S3PeiMemSize));
 
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 2/2] Move Smbios measurement from TCG driver to Smbios driver.

2015-10-26 Thread jiewen yao 
This is patch to add smbios measurement.

The problem of current SMBIOS measurement is:
1) TCG drivers do not support SMBIOS3.0 table.
2) TCG drivers do not follow TCG platform spec on: "Platform configuration 
information that is automatically updated,
 such as clock registers, and system unique information, such as asset numbers 
or serial numbers,
 MUST NOT be measured into PCR [1], or any other PCR."

So we decide to move Smbios measurement from TCG drivers to Smbios driver.
---
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.c| 617 +
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.h| 142 +
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf  |  68 +++
 .../SmbiosMeasurementDxe/SmbiosMeasurementDxe.uni  | Bin 0 -> 1988 bytes
 .../SmbiosMeasurementDxeExtra.uni  | Bin 0 -> 1358 bytes
 6 files changed, 829 insertions(+), 2 deletions(-)
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.h
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.uni
 create mode 100644 
MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxeExtra.uni

diff --git a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c 
b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c
new file mode 100644
index 000..2152827
--- /dev/null
+++ b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c
@@ -0,0 +1,617 @@
+/** @file
+  This driver measures SMBIOS table to TPM.
+  
+Copyright (c) 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials  
+are licensed and made available under the terms and conditions of the BSD 
License 
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php 
   
+   
   
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,  
   
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.  
   
+
+**/
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define FIELD_SIZE_OF(TYPE, Field) ((UINTN)sizeof(((TYPE *)0)->Field))
+
+typedef struct {
+  UINT8  Type;
+  UINTN  Offset;
+  UINTN  Size;
+  UINT32 Flags;
+} SMBIOS_FILTER_TABLE;
+#define SMBIOS_FILTER_TABLE_FLAG_IS_STRING  BIT0
+
+typedef struct {
+  UINT8Type;
+  SMBIOS_FILTER_TABLE  *Filter; // NULL means all fields
+  UINTNFilterCount;
+} SMBIOS_FILTER_STRUCT;
+
+//
+// Platform Specific Policy
+//
+SMBIOS_FILTER_TABLE  mSmbiosFilterType1BlackList[] = {
+  {0x01, OFFSET_OF(SMBIOS_TABLE_TYPE1, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE1, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x01, OFFSET_OF(SMBIOS_TABLE_TYPE1, Uuid), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE1, Uuid), 0},
+  {0x01, OFFSET_OF(SMBIOS_TABLE_TYPE1, WakeUpType),   
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE1, WakeUpType),   0},
+};
+SMBIOS_FILTER_TABLE  mSmbiosFilterType2BlackList[] = {
+  {0x02, OFFSET_OF(SMBIOS_TABLE_TYPE2, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE2, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x02, OFFSET_OF(SMBIOS_TABLE_TYPE2, LocationInChassis),
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE2, LocationInChassis),
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+};
+SMBIOS_FILTER_TABLE  mSmbiosFilterType3BlackList[] = {
+  {0x03, OFFSET_OF(SMBIOS_TABLE_TYPE3, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE3, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x03, OFFSET_OF(SMBIOS_TABLE_TYPE3, AssetTag), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE3, AssetTag), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+};
+SMBIOS_FILTER_TABLE  mSmbiosFilterType4BlackList[] = {
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, SerialNumber), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, SerialNumber), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, AssetTag), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, AssetTag), 
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, PartNumber),   
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, PartNumber),   
SMBIOS_FILTER_TABLE_FLAG_IS_STRING},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, CoreCount),
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4, CoreCount),0},
+  {0x04, OFFSET_OF(SMBIOS_TABLE_TYPE4, EnabledCoreCount), 
FIELD_SIZE_OF(SMBIOS_TABLE_TYPE4,

[edk2] [patch] SecurityPkg/Tcg2Pei: Add error handling for TPM in S3 resume failure.

2015-11-09 Thread jiewen yao 
If TPM2_Startup(TPM_SU_STATE) to return an error, the system
 firmware that resumes from S3 MUST deal with a TPM2_Startup
 error appropriately.
For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and
 configuring the device securely by taking actions like extending
 a separator with an error digest (0x01) into PCRs 0 through 7.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Zhang, Chao B 
---
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 50 +++
 1 file changed, 50 insertions(+)

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c 
b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 4ecfbe3..3f5192f 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -829,6 +829,33 @@ PeimEntryMP (
 }
 
 /**
+  Measure and log Separator event with error, and extend the measurement 
result into a specific PCR.
+
+  @param[in] PCRIndex PCR index.  
+
+  @retval EFI_SUCCESS Operation completed successfully.
+  @retval EFI_DEVICE_ERRORThe operation was unsuccessful.
+
+**/
+EFI_STATUS
+MeasureSeparatorEventWithError (
+  IN  TPM_PCRINDEX  PCRIndex
+  )
+{
+  TCG_PCR_EVENT_HDR TcgEvent;
+  UINT32EventData;
+
+  //
+  // Use EventData 0x1 to indicate there is error.
+  //
+  EventData = 0x1;
+  TcgEvent.PCRIndex  = PCRIndex;
+  TcgEvent.EventType = EV_SEPARATOR;
+  TcgEvent.EventSize = (UINT32)sizeof (EventData);
+  return HashLogExtendEvent(0,(UINT8 *), TcgEvent.EventSize, 
,(UINT8 *));
+}
+
+/**
   Entry point of this module.
 
   @param[in] FileHandle   Handle of the file being invoked.
@@ -847,6 +874,8 @@ PeimEntryMA (
   EFI_STATUSStatus;
   EFI_STATUSStatus2;
   EFI_BOOT_MODE BootMode;
+  TPM_PCRINDEX  PcrIndex;
+  BOOLEAN   S3ErrorReport;
 
   if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), 
) ||
   CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), 
)){
@@ -885,11 +914,15 @@ PeimEntryMA (
   goto Done;
 }
 
+S3ErrorReport = FALSE;
 if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) {
   if (BootMode == BOOT_ON_S3_RESUME) {
 Status = Tpm2Startup (TPM_SU_STATE);
 if (EFI_ERROR (Status) ) {
   Status = Tpm2Startup (TPM_SU_CLEAR);
+  if (!EFI_ERROR(Status)) {
+S3ErrorReport = TRUE;
+  }
 }
   } else {
 Status = Tpm2Startup (TPM_SU_CLEAR);
@@ -903,6 +936,23 @@ PeimEntryMA (
 // Update Tpm2HashMask according to PCR bank.
 //
 SetTpm2HashMask ();
+
+if (S3ErrorReport) {
+  //
+  // The system firmware that resumes from S3 MUST deal with a
+  // TPM2_Startup error appropriately.
+  // For example, issue a TPM2_Startup(TPM_SU_CLEAR) command and
+  // configuring the device securely by taking actions like extending a
+  // separator with an error digest (0x01) into PCRs 0 through 7.
+  //
+  for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
+Status = MeasureSeparatorEventWithError (PcrIndex);
+if (EFI_ERROR (Status)) {
+  DEBUG ((EFI_D_ERROR, "Seperator Event with Error not Measured. 
Error!\n"));
+}
+  }
+}
+
 //
 // TpmSelfTest is optional on S3 path, skip it to save S3 time
 //
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] Add error handling for TPM in S3 resume failure.

2015-11-06 Thread jiewen yao 
If TPM2_Startup(TPM_SU_STATE) to return an error, the system
 firmware that resumes from S3 MUST deal with a TPM2_Startup
 error appropriately.
For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and
 configuring the device securely by taking actions like extending
 a separator with an error digest (0x01) into PCRs 0 through 7.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Zhang, Chao B 
---
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 43 +++
 1 file changed, 43 insertions(+)

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c 
b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 4ecfbe3..2e4ad53 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -829,6 +829,33 @@ PeimEntryMP (
 }
 
 /**
+  Measure and log Separator event with error, and extend the measurement 
result into a specific PCR.
+
+  @param[in] PCRIndex PCR index.  
+
+  @retval EFI_SUCCESS Operation completed successfully.
+  @retval EFI_DEVICE_ERRORThe operation was unsuccessful.
+
+**/
+EFI_STATUS
+MeasureSeparatorEventWithError (
+  IN  TPM_PCRINDEX  PCRIndex
+  )
+{
+  TCG_PCR_EVENT_HDR TcgEvent;
+  UINT32EventData;
+
+  //
+  // Use EventData 0x1 to indicate there is error.
+  //
+  EventData = 0x1;
+  TcgEvent.PCRIndex  = PCRIndex;
+  TcgEvent.EventType = EV_SEPARATOR;
+  TcgEvent.EventSize = (UINT32)sizeof (EventData);
+  return HashLogExtendEvent(0,(UINT8 *), TcgEvent.EventSize, 
,(UINT8 *));
+}
+
+/**
   Entry point of this module.
 
   @param[in] FileHandle   Handle of the file being invoked.
@@ -847,6 +874,7 @@ PeimEntryMA (
   EFI_STATUSStatus;
   EFI_STATUSStatus2;
   EFI_BOOT_MODE BootMode;
+  TPM_PCRINDEX  PcrIndex;
 
   if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), 
) ||
   CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), 
)){
@@ -889,7 +917,22 @@ PeimEntryMA (
   if (BootMode == BOOT_ON_S3_RESUME) {
 Status = Tpm2Startup (TPM_SU_STATE);
 if (EFI_ERROR (Status) ) {
+  //
+  // The system firmware that resumes from S3 MUST deal with a
+  // TPM2_Startup error appropriately.
+  // For example, issue a TPM2_Startup(TPM_SU_CLEAR) command and
+  // configuring the device securely by taking actions like extending a
+  // separator with an error digest (0x01) into PCRs 0 through 7.
+  //
   Status = Tpm2Startup (TPM_SU_CLEAR);
+  if (!EFI_ERROR(Status)) {
+for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
+  Status = MeasureSeparatorEventWithError (PcrIndex);
+  if (EFI_ERROR (Status)) {
+DEBUG ((EFI_D_ERROR, "Seperator Event with Error not Measured. 
Error!\n"));
+  }
+}
+  }
 }
   } else {
 Status = Tpm2Startup (TPM_SU_CLEAR);
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] MdeModulePkg: add clarification for PcdAcpiDefault value PCD.

2015-12-10 Thread jiewen yao 
Add clarification for PcdAcpiDefaultOemTableId, PcdAcpiDefaultOemRevision,
PcdAcpiDefaultCreatorId, PcdAcpiDefaultCreatorRevision.
According to ACPI spec, they are used as special meaning for SSDT,
so we ignore them in updating generic SSDT provided by EDKII.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" com>
---
 MdeModulePkg/MdeModulePkg.dec | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 5ec37c5..e2e0b75 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1408,18 +1408,32 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId|"INTEL "|VOID*|0x30001034
 
   ## Default OEM Table ID for ACPI table creation, it is "EDK2".
+  #  Accroding to ACPI specification, this field is particularly useful when
+  #  defining a definition block to distinguish definition block functions.
+  #  The OEM assigns each dissimilar table a new OEM Table ID.
+  #  This PCD is ignored for definition block.
   # @Prompt Default OEM Table ID for ACPI table creation.
   
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId|0x20202020324B4445|UINT64|0x30001035
 
   ## Default OEM Revision for ACPI table creation.
+  #  Accroding to ACPI specification, for LoadTable() opcode, the OS can also
+  #  check the OEM Table ID and Revision ID against a database for a newer
+  #  revision Definition Block of the same OEM Table ID and load it instead.
+  #  This PCD is ignored for definition block.
   # @Prompt Default OEM Revision for ACPI table creation.
   
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision|0x0002|UINT32|0x30001036
 
   ## Default Creator ID for ACPI table creation.
+  #  Accroding to ACPI specification, for tables containing Definition Blocks,
+  #  this is the ID for the ASL Compiler.
+  #  This PCD is ignored for definition block.
   # @Prompt Default Creator ID for ACPI table creation.
   
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId|0x20202020|UINT32|0x30001037
 
   ## Default Creator Revision for ACPI table creation.
+  #  Accroding to ACPI specification, for tables containing Definition Blocks,
+  #  this is the revision for the ASL Compiler.
+  #  This PCD is ignored for definition block.
   # @Prompt Default Creator Revision for ACPI table creation.
   
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision|0x0113|UINT32|0x30001038
 
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] IntelFspWrapperPkg: Fix >4G issue on IDT not restored correctly.

2015-12-10 Thread jiewen yao 
Idtr might be changed inside of FSP. 32bit FSP only knows the <4G address.
If IDTR.Base is >4G, FSP can not handle. So we need save/restore IDTR here.
Interrupt is already disabled here, so it is safety to update IDTR.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Ma, Maurice" 
Cc: "Rangarajan, Ravi P" 
Cc: "Mudusuru, Giri P" 
Cc: "Chan, Amy" 
---
 .../Library/BaseFspApiLib/X64/DispatchExecute.c| 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/IntelFspWrapperPkg/Library/BaseFspApiLib/X64/DispatchExecute.c 
b/IntelFspWrapperPkg/Library/BaseFspApiLib/X64/DispatchExecute.c
index e2f4422..360327e 100644
--- a/IntelFspWrapperPkg/Library/BaseFspApiLib/X64/DispatchExecute.c
+++ b/IntelFspWrapperPkg/Library/BaseFspApiLib/X64/DispatchExecute.c
@@ -89,6 +89,18 @@ Execute32BitCode (
   IN UINT64  Param1
   )
 {
-  return AsmExecute32BitCode (Function, Param1, 0, );
+  EFI_STATUS   Status;
+  IA32_DESCRIPTOR  Idtr;
+
+  //
+  // Idtr might be changed inside of FSP. 32bit FSP only knows the <4G address.
+  // If IDTR.Base is >4G, FSP can not handle. So we need save/restore IDTR 
here for X64 only.
+  // Interrupt is already disabled here, so it is safety to update IDTR.
+  //
+  AsmReadIdtr ();
+  Status = AsmExecute32BitCode (Function, Param1, 0, );
+  AsmWriteIdtr ();
+
+  return Status;
 }
 
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] SecurityPkg: Clear AuthSession content after use.

2016-01-08 Thread jiewen yao 
Some commands in Tpm2CommandLib accept AuthSession
as input parameter and copy to local command buffer.
After use, this AuthSession content should be zeroed,
because there might be some secrete there.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
---
 .../Library/Tpm2CommandLib/Tpm2DictionaryAttack.c  |  34 +++-
 .../Tpm2CommandLib/Tpm2EnhancedAuthorization.c |  18 +-
 SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c | 138 ++---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c |  22 +-
 .../Library/Tpm2CommandLib/Tpm2Miscellaneous.c |  18 +-
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 225 +++--
 6 files changed, 333 insertions(+), 122 deletions(-)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c 
b/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
index 2f6488f..3198b8a 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
@@ -1,7 +1,7 @@
 /** @file
   Implement TPM2 DictionaryAttack related command.
 
-Copyright (c) 2013, Intel Corporation. All rights reserved. 
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -104,19 +104,27 @@ Tpm2DictionaryAttackLockReset (
   RecvBufferSize = sizeof (RecvBuffer);
   Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *), 
, (UINT8 *));
   if (EFI_ERROR (Status)) {
-return Status;
+goto Done;
   }
 
   if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error 
- %x\n", RecvBufferSize));
-return EFI_DEVICE_ERROR;
+Status = EFI_DEVICE_ERROR;
+goto Done;
   }
   if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - 
%x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
-return EFI_DEVICE_ERROR;
+Status = EFI_DEVICE_ERROR;
+goto Done;
   }
 
-  return EFI_SUCCESS;
+Done:
+  //
+  // Clear AuthSession Content
+  //
+  ZeroMem (, sizeof(SendBuffer));
+  ZeroMem (, sizeof(RecvBuffer));
+  return Status;
 }
 
 /**
@@ -187,17 +195,25 @@ Tpm2DictionaryAttackParameters (
   RecvBufferSize = sizeof (RecvBuffer);
   Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *), 
, (UINT8 *));
   if (EFI_ERROR (Status)) {
-return Status;
+goto Done;
   }
 
   if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize 
Error - %x\n", RecvBufferSize));
-return EFI_DEVICE_ERROR;
+Status = EFI_DEVICE_ERROR;
+goto Done;
   }
   if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - responseCode - 
%x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
-return EFI_DEVICE_ERROR;
+Status = EFI_DEVICE_ERROR;
+goto Done;
   }
 
-  return EFI_SUCCESS;
+Done:
+  //
+  // Clear AuthSession Content
+  //
+  ZeroMem (, sizeof(SendBufferSize));
+  ZeroMem (, sizeof(RecvBuffer));
+  return Status;
 }
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c 
b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
index d11f543..6f6b369 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
@@ -1,7 +1,7 @@
 /** @file
   Implement TPM2 EnhancedAuthorization related command.
 
-Copyright (c) 2014, Intel Corporation. All rights reserved. 
+Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved. 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -161,16 +161,18 @@ Tpm2PolicySecret (
   RecvBufferSize = sizeof (RecvBuffer);
   Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *), 
, (UINT8 *));
   if (EFI_ERROR (Status)) {
-return Status;
+goto Done;
   }
 
   if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
 DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", 
RecvBufferSize));
-return EFI_DEVICE_ERROR;
+Status = EFI_DEVICE_ERROR;
+goto Done;
   }
   if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
 DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", 
SwapBytes32(RecvBuffer.Header.responseCode)));
-return EFI_DEVICE_ERROR;
+Status = EFI_DEVICE_ERROR;
+goto Done;
   }
 
   //
@@ -189,7 +191,13 @@ Tpm2PolicySecret (
   Buffer += sizeof(UINT16);
   CopyMem

[edk2] [patch] SecurityPkg: Add Tpm2Startup return code check.

2016-01-08 Thread jiewen yao 
Tpm2Startup does not check TPM device return code.
It might cause problem, that error is not detected
in Tcg2Peim, for example, S3 resume case.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c | 29 
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c 
b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c
index e8af403..f67043b 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c
@@ -1,7 +1,7 @@
 /** @file
   Implement TPM2 Startup related command.
 
-Copyright (c) 2013, Intel Corporation. All rights reserved. 
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. 
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -59,6 +59,7 @@ Tpm2Startup (
   TPM2_STARTUP_COMMAND  Cmd;
   TPM2_STARTUP_RESPONSE Res;
   UINT32ResultBufSize;
+  TPM_RCResponseCode;
 
   Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
   Cmd.Header.paramSize   = SwapBytes32(sizeof(Cmd));
@@ -67,8 +68,20 @@ Tpm2Startup (
 
   ResultBufSize = sizeof(Res);
   Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *), , 
(UINT8 *));
-
-  return Status;
+  if (EFI_ERROR(Status)) {
+return Status;
+  }
+
+  ResponseCode = SwapBytes32(Res.Header.responseCode);
+  switch (ResponseCode)  {
+  case TPM_RC_SUCCESS:
+  case TPM_RC_INITIALIZE:
+// TPM_RC_INITIALIZE can be returned if Tpm2Startup is not required.
+return EFI_SUCCESS;
+  default:
+DEBUG ((EFI_D_ERROR, "Tpm2Startup: Response Code error! 0x%08x\r\n", 
ResponseCode));
+return EFI_DEVICE_ERROR;
+  }
 }
 
 /**
@@ -97,6 +110,14 @@ Tpm2Shutdown (
 
   ResultBufSize = sizeof(Res);
   Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *), , 
(UINT8 *));
+  if (EFI_ERROR(Status)) {
+return Status;
+  }
+
+  if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
+DEBUG ((EFI_D_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", 
SwapBytes32(Res.Header.responseCode)));
+return EFI_DEVICE_ERROR;
+  }
 
-  return Status;
+  return EFI_SUCCESS;
 }
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] SecurityPkg: MOR drivers use Tcg2Protocol instead of TrEE.

2016-01-07 Thread jiewen yao 
The official TCG standard uses Tcg2Protocol, instead of TrEE.
We should update TCG driver to use Tcg2Protocol, too.
TrEE should be used only for old TrEE implementation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
---
 SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf   | 2 +-
 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf 
b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
index d5a7da8..a131342 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
@@ -61,7 +61,7 @@
 [Depex]
   gEfiVariableArchProtocolGuid AND
   gEfiVariableWriteArchProtocolGuid AND
-  ( gEfiTcgProtocolGuid OR gEfiTrEEProtocolGuid )
+  ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
 
 [UserExtensions.TianoCore."ExtraFiles"]
   TcgMorExtra.uni
diff --git 
a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf 
b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
index bde03bb..a35a01f 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
@@ -61,7 +61,7 @@
 [Depex]
   gEfiSmmVariableProtocolGuid AND
   gSmmVariableWriteGuid AND
-  ( gEfiTcgProtocolGuid OR gEfiTrEEProtocolGuid )
+  ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
 
 [UserExtensions.TianoCore."ExtraFiles"]
   TcgMorLockExtra.uni
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch REPOST 1/3] UefiCpuPkg/PiSmmCpu: Add 2 APIs in SmmCpuFeaturesLib.

2015-11-27 Thread jiewen yao 
SmmCpuFeaturesCompleteSmmReadyToLock() is a hook point to
allow CPU specific code to do more registers setting after
the gEfiSmmReadyToLockProtocolGuid notification is completely
processed.

SmmCpuFeaturesAllocatePageTableMemory() is an API to allow
CPU to allocate a specific region for storing page tables.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Reviewed-by: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
---
 UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h | 35 ++
 1 file changed, 35 insertions(+)

diff --git a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h 
b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
index d1c7a8a..4478003 100644
--- a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
+++ b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
@@ -363,4 +363,39 @@ SmmCpuFeaturesWriteSaveStateRegister (
   IN CONST VOID   *Buffer
   );
 
+/**
+  This function is hook point called after the gEfiSmmReadyToLockProtocolGuid
+  notification is completely processed.
+**/
+VOID
+EFIAPI
+SmmCpuFeaturesCompleteSmmReadyToLock (
+  VOID
+  );
+
+/**
+  This API provides a method for a CPU to allocate a specific region for 
storing page tables.
+
+  This API can be called more once to allocate memory for page tables.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+
+  This function can also return NULL if there is no preference on where the 
page tables are allocated in SMRAM.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer for page tables.
+  @retval NULL  Fail to allocate a specific region for storing page tables,
+Or there is no preference on where the page tables are 
allocated in SMRAM.
+
+**/
+VOID *
+EFIAPI
+SmmCpuFeaturesAllocatePageTableMemory (
+  IN UINTN   Pages
+  );
+
 #endif
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch REPOST 3/3] UefiCpuPkg/PiSmmCpu: Update function call for 2 new APIs.

2015-11-27 Thread jiewen yao 
All page table allocation will use AllocatePageTableMemory().
Add SmmCpuFeaturesCompleteSmmReadyToLock() to PerformRemainingTasks()
and PerformPreTasks().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Reviewed-by: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  |  4 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 37 --
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 21 +
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c |  2 +-
 4 files changed, 59 insertions(+), 5 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 83f5bf9..06ffc6d 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -770,7 +770,7 @@ Gen4GPageTable (
   //
   // Allocate the page table
   //
-  PageTable = AllocatePages (ExtraPages + 5 + PagesNeeded);
+  PageTable = AllocatePageTableMemory (ExtraPages + 5 + PagesNeeded);
   ASSERT (PageTable != NULL);
 
   PageTable = (VOID *)((UINTN)PageTable + EFI_PAGES_TO_SIZE (ExtraPages));
@@ -872,7 +872,7 @@ SetCacheability (
 //
 // Allocate a page from SMRAM
 //
-NewPageTableAddress = AllocatePages (1);
+NewPageTableAddress = AllocatePageTableMemory (1);
 ASSERT (NewPageTableAddress != NULL);
 
 NewPageTable = (UINT64 *)NewPageTableAddress;
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
index 670a5cf..fb46551 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -970,9 +970,9 @@ PiCpuSmmEntry (
   //
   BufferPages = EFI_SIZE_TO_PAGES (SIZE_32KB + TileSize * (mMaxNumberOfCpus - 
1));
   if ((FamilyId == 4) || (FamilyId == 5)) {
-Buffer = AllocateAlignedCodePages (BufferPages, SIZE_32KB);
+Buffer = AllocateAlignedPages (BufferPages, SIZE_32KB);
   } else {
-Buffer = AllocateAlignedCodePages (BufferPages, SIZE_4KB);
+Buffer = AllocateAlignedPages (BufferPages, SIZE_4KB);
   }
   ASSERT (Buffer != NULL);
   DEBUG ((EFI_D_INFO, "SMRAM SaveState Buffer (0x%08x, 0x%08x)\n", Buffer, 
EFI_PAGES_TO_SIZE(BufferPages)));
@@ -1416,6 +1416,35 @@ ConfigSmmCodeAccessCheck (
 }
 
 /**
+  This API provides a way to allocate memory for page table.
+
+  This API can be called more once to allocate memory for page tables.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+AllocatePageTableMemory (
+  IN UINTN   Pages
+  )
+{
+  VOID  *Buffer;
+
+  Buffer = SmmCpuFeaturesAllocatePageTableMemory (Pages);
+  if (Buffer != NULL) {
+return Buffer;
+  }
+  return AllocatePages (Pages);
+}
+
+/**
   Perform the remaining tasks.
 
 **/
@@ -1440,6 +1469,8 @@ PerformRemainingTasks (
 //
 ConfigSmmCodeAccessCheck ();
 
+SmmCpuFeaturesCompleteSmmReadyToLock ();
+
 //
 // Clean SMM ready to lock flag
 //
@@ -1465,6 +1496,8 @@ PerformPreTasks (
 //
 ConfigSmmCodeAccessCheck ();
 
+SmmCpuFeaturesCompleteSmmReadyToLock ();
+
 mRestoreSmmConfigurationInS3 = FALSE;
   }
 }
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index 66d85d8..f2a9165 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -718,4 +718,25 @@ VOID
 DumpModuleInfoByIp (
   IN  UINTN  CallerIpAddress
   );
+
+/**
+  This API provides a way to allocate memory for page table.
+
+  This API can be called more once to allocate memory for page tables.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+AllocatePageTableMemory (
+  IN UINTN   Pages
+  );
+
 #endif
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 8ddde9a..ff4e28e 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -552,7 +552,7 @@ InitPaging (
   //
   ASSERT

[edk2] [patch REPOST 2/3] UefiCpuPkg/PiSmmCpu: Add NULL func for 2 new APIs in SmmCpuFeaturesLib.

2015-11-27 Thread jiewen yao 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Reviewed-by: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
---
 .../Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c  | 41 ++
 1 file changed, 41 insertions(+)

diff --git a/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c 
b/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
index b839d31..3e480e1 100644
--- a/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
+++ b/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
@@ -615,3 +615,44 @@ SmmCpuFeaturesWriteSaveStateRegister (
 {
   return EFI_UNSUPPORTED;
 }
+
+/**
+  This function is hook point called after the gEfiSmmReadyToLockProtocolGuid
+  notification is completely processed.
+**/
+VOID
+EFIAPI
+SmmCpuFeaturesCompleteSmmReadyToLock (
+  VOID
+  )
+{
+}
+
+/**
+  This API provides a method for a CPU to allocate a specific region for 
storing page tables.
+
+  This API can be called more once to allocate memory for page tables.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+
+  This function can also return NULL if there is no preference on where the 
page tables are allocated in SMRAM.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer for page tables.
+  @retval NULL  Fail to allocate a specific region for storing page tables,
+Or there is no preference on where the page tables are 
allocated in SMRAM.
+
+**/
+VOID *
+EFIAPI
+SmmCpuFeaturesAllocatePageTableMemory (
+  IN UINTN   Pages
+  )
+{
+  return NULL;
+}
+
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch REPOST 0/3] Add 2 APIs in SmmCpuFeaturesLib.

2015-11-27 Thread jiewen yao 
This series add 2 APIs in SmmCpuFeatureLib.

SmmCpuFeaturesCompleteSmmReadyToLock() is a hook point to
allow CPU specific code to do more registers setting after
the gEfiSmmReadyToLockProtocolGuid notification is completely
processed.

SmmCpuFeaturesAllocatePageTableMemory() is an API to allow
CPU to allocate a specific region for storing page tables.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen@intel.com>
Reviewed-by: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: "Fan, Jeff" <jeff@intel.com>
Cc: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: "Laszlo Ersek" <ler...@redhat.com>

jiewen yao (3):
  UefiCpuPkg/PiSmmCpu: Add 2 APIs in SmmCpuFeaturesLib.
  UefiCpuPkg/PiSmmCpu: Add NULL func for 2 new APIs in
SmmCpuFeaturesLib.
  UefiCpuPkg/PiSmmCpu: Update function call for 2 new APIs in
SmmCpuFeatureLib.

 UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h | 35 ++
 .../Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c  | 41 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  |  4 +--
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 37 +--
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 21 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c |  2 +-
 6 files changed, 135 insertions(+), 5 deletions(-)

-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 1/2] UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.

2015-11-27 Thread jiewen yao 
So that we can use write-protection for code later.

This is REPOST.
It includes the bug fix from "Paolo Bonzini" .
Title: fix generation of 32-bit PAE page tables
Bits 1 and 2 are reserved in 32-bit PAE Page Directory Pointer Table
Entries (PDPTEs); see Table 4-8 in the SDM.  With VMX extended page
tables, the processor notices and fails the VM entry as soon as
CR0.PG is set to 1.

And thanks "Laszlo Ersek"  to validate the fix.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Signed-off-by: "Paolo Bonzini" 
Tested-by: "Laszlo Ersek" 
Reviewed-by: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
Cc: "Paolo Bonzini" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c|  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c   | 14 --
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h  | 13 -
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c  | 12 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c |  8 
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c  | 14 +++---
 7 files changed, 39 insertions(+), 26 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index edebaab..5d29904 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -60,7 +60,7 @@ SmmInitPageTable (
   if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
 InitializeIDTSmmStackGuard ();
   }
-  return Gen4GPageTable (0);
+  return Gen4GPageTable (0, TRUE);
 }
 
 /**
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
index 85756d0..767cb69 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
@@ -24,7 +24,7 @@ InitSmmS3Cr3 (
   VOID
   )
 {
-  mSmmS3ResumeState->SmmS3Cr3 = Gen4GPageTable (0);
+  mSmmS3ResumeState->SmmS3Cr3 = Gen4GPageTable (0, TRUE);
 
   return ;
 }
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 06ffc6d..620b013 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -732,12 +732,14 @@ APHandler (
   Create 4G PageTable in SMRAM.
 
   @param  ExtraPages   Additional page numbers besides for 4G 
memory
+  @param  Is32BitPageTable Whether the page table is 32-bit PAE
   @return PageTable Address
 
 **/
 UINT32
 Gen4GPageTable (
-  IN  UINTN ExtraPages
+  IN  UINTN ExtraPages,
+  IN  BOOLEAN   Is32BitPageTable
   )
 {
   VOID*PageTable;
@@ -785,7 +787,7 @@ Gen4GPageTable (
   // Set Page Directory Pointers
   //
   for (Index = 0; Index < 4; Index++) {
-Pte[Index] = (UINTN)PageTable + EFI_PAGE_SIZE * (Index + 1) + IA32_PG_P;
+Pte[Index] = (UINTN)PageTable + EFI_PAGE_SIZE * (Index + 1) + 
(Is32BitPageTable ? IA32_PAE_PDPTE_ATTRIBUTE_BITS : PAGE_ATTRIBUTE_BITS);
   }
   Pte += EFI_PAGE_SIZE / sizeof (*Pte);
 
@@ -793,7 +795,7 @@ Gen4GPageTable (
   // Fill in Page Directory Entries
   //
   for (Index = 0; Index < EFI_PAGE_SIZE * 4 / sizeof (*Pte); Index++) {
-Pte[Index] = (Index << 21) + IA32_PG_PS + IA32_PG_RW + IA32_PG_P;
+Pte[Index] = (Index << 21) | IA32_PG_PS | PAGE_ATTRIBUTE_BITS;
   }
 
   if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
@@ -802,7 +804,7 @@ Gen4GPageTable (
 Pdpte = (UINT64*)PageTable;
 for (PageIndex = Low2MBoundary; PageIndex <= High2MBoundary; PageIndex += 
SIZE_2MB) {
   Pte = (UINT64*)(UINTN)(Pdpte[BitFieldRead32 ((UINT32)PageIndex, 30, 31)] 
& ~(EFI_PAGE_SIZE - 1));
-  Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages + 
IA32_PG_RW + IA32_PG_P;
+  Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages | 
PAGE_ATTRIBUTE_BITS;
   //
   // Fill in Page Table Entries
   //
@@ -819,7 +821,7 @@ Gen4GPageTable (
 GuardPage = 0;
   }
 } else {
-  Pte[Index] = PageAddress + IA32_PG_RW + IA32_PG_P;
+  Pte[Index] = PageAddress | PAGE_ATTRIBUTE_BITS;
 }
 PageAddress+= EFI_PAGE_SIZE;
   }
@@ -886,7 +888,7 @@ SetCacheability (
   NewPageTable[Index] |= (UINT64)(Index << EFI_PAGE_SHIFT);
 }
 
-PageTable[PTIndex] = ((UINTN)NewPageTableAddress & gPhyMask) | IA32_PG_P;
+PageTable[PTIndex] = ((UINTN)NewPageTableAddress & gPhyMask) | 
PAGE_ATTRIBUTE_BITS;
   }
 
   ASSERT (PageTable[PTIndex] & IA32_PG_P);
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index f2a9165..9920cd1 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h

[edk2] [patch 2/2] UefiCpuPkg/PiSmmCpu: Always set WP in CR0.

2015-11-27 Thread jiewen yao 
So that we can use write-protection for code later.

It is REPOST.
It includes suggestion from "Kinney, Michael D" 
For IA32 assembly, can we combine into a single OR
instruction that sets both page enable and WP?
For X64, does it make sense to use single OR instruction
instead of 2 BTS instructions as well?

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Suggested-by: "Kinney, Michael D" 
Reviewed-by: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
Cc: "Paolo Bonzini" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S   | 2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm | 2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S| 2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
index fbaa072..ec5b9a0 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
@@ -123,7 +123,7 @@ L11:
 L12:   # as cr4.PGE is not set here, 
refresh cr3
 movl%eax, %cr4 # in PreModifyMtrrs() to flush TLB.
 movl%cr0, %ebx
-orl $0x08000, %ebx # enable paging
+orl $0x08001, %ebx # enable paging + WP
 movl%ebx, %cr0
 lealDSC_OFFSET(%edi),%ebx
 movwDSC_DS(%ebx),%ax
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
index 8a12927..ac1a9b4 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
@@ -129,7 +129,7 @@ gSmiCr3 DD  ?
 @@: ; as cr4.PGE is not set here, refresh 
cr3
 mov cr4, eax; in PreModifyMtrrs() to flush TLB.
 mov ebx, cr0
-or  ebx, 08000h ; enable paging
+or  ebx, 08001h ; enable paging + WP
 mov cr0, ebx
 lea ebx, [edi + DSC_OFFSET]
 mov ax, [ebx + DSC_DS]
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
index b488b74..7e9ac58 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
@@ -144,7 +144,7 @@ Base:
 orb $1,%ah
 wrmsr
 movq%cr0, %rbx
-btsl$31, %ebx
+orl $0x08001, %ebx  # enable paging + WP
 movq%rbx, %cr0
 retf
 LongMode:   # long mode (64-bit code) starts here
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
index 4f5c03c..094cf2c 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
@@ -140,7 +140,7 @@ Base:
 or  ah, 1
 wrmsr
 mov rbx, cr0
-bts ebx, 31
+or  ebx, 08001h; enable paging + WP
 mov cr0, rbx
 retf
 @LongMode:  ; long mode (64-bit code) starts here
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 0/2] UefiCpuPkg/PiSmmCpu: Enable Write Protection in SMM.

2015-11-27 Thread jiewen yao 
This series patch enables write protection in SMM.
We always set RW+P bit for page table by default, and set WP in CR0.
So that we can use page table write-protection for code later.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen@intel.com>
Signed-off-by: "Paolo Bonzini" <pbonz...@redhat.com>
Suggested-by: "Kinney, Michael D" <michael.d.kin...@intel.com>
Tested-by: "Laszlo Ersek" <ler...@redhat.com>
Reviewed-by: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: "Fan, Jeff" <jeff@intel.com>
Cc: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: "Laszlo Ersek" <ler...@redhat.com>
Cc: "Paolo Bonzini" <pbonz...@redhat.com>

jiewen yao (2):
  UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.
  UefiCpuPkg/PiSmmCpu: Always set WP in CR0.

 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c|  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S   |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c   | 14 --
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h  | 13 -
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c  | 12 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c |  8 
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S|  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm  |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c  | 14 +++---
 11 files changed, 43 insertions(+), 30 deletions(-)

-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch V2 1/2] UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.

2015-11-27 Thread jiewen yao 
So that we can use write-protection for code later.

This is REPOST.
It includes the bug fix from "Paolo Bonzini" .
Title: fix generation of 32-bit PAE page tables
Bits 1 and 2 are reserved in 32-bit PAE Page Directory Pointer Table
Entries (PDPTEs); see Table 4-8 in the SDM.  With VMX extended page
tables, the processor notices and fails the VM entry as soon as
CR0.PG is set to 1.

And thanks "Laszlo Ersek"  to validate the fix.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Signed-off-by: "Paolo Bonzini" 
Tested-by: "Laszlo Ersek" 
Reviewed-by: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
Cc: "Paolo Bonzini" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c|  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c   | 14 --
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h  | 13 -
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c  | 12 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c |  8 
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c  | 14 +++---
 7 files changed, 39 insertions(+), 26 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index edebaab..5d29904 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -60,7 +60,7 @@ SmmInitPageTable (
   if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
 InitializeIDTSmmStackGuard ();
   }
-  return Gen4GPageTable (0);
+  return Gen4GPageTable (0, TRUE);
 }
 
 /**
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
index 85756d0..767cb69 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
@@ -24,7 +24,7 @@ InitSmmS3Cr3 (
   VOID
   )
 {
-  mSmmS3ResumeState->SmmS3Cr3 = Gen4GPageTable (0);
+  mSmmS3ResumeState->SmmS3Cr3 = Gen4GPageTable (0, TRUE);
 
   return ;
 }
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 06ffc6d..620b013 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -732,12 +732,14 @@ APHandler (
   Create 4G PageTable in SMRAM.
 
   @param  ExtraPages   Additional page numbers besides for 4G 
memory
+  @param  Is32BitPageTable Whether the page table is 32-bit PAE
   @return PageTable Address
 
 **/
 UINT32
 Gen4GPageTable (
-  IN  UINTN ExtraPages
+  IN  UINTN ExtraPages,
+  IN  BOOLEAN   Is32BitPageTable
   )
 {
   VOID*PageTable;
@@ -785,7 +787,7 @@ Gen4GPageTable (
   // Set Page Directory Pointers
   //
   for (Index = 0; Index < 4; Index++) {
-Pte[Index] = (UINTN)PageTable + EFI_PAGE_SIZE * (Index + 1) + IA32_PG_P;
+Pte[Index] = (UINTN)PageTable + EFI_PAGE_SIZE * (Index + 1) + 
(Is32BitPageTable ? IA32_PAE_PDPTE_ATTRIBUTE_BITS : PAGE_ATTRIBUTE_BITS);
   }
   Pte += EFI_PAGE_SIZE / sizeof (*Pte);
 
@@ -793,7 +795,7 @@ Gen4GPageTable (
   // Fill in Page Directory Entries
   //
   for (Index = 0; Index < EFI_PAGE_SIZE * 4 / sizeof (*Pte); Index++) {
-Pte[Index] = (Index << 21) + IA32_PG_PS + IA32_PG_RW + IA32_PG_P;
+Pte[Index] = (Index << 21) | IA32_PG_PS | PAGE_ATTRIBUTE_BITS;
   }
 
   if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
@@ -802,7 +804,7 @@ Gen4GPageTable (
 Pdpte = (UINT64*)PageTable;
 for (PageIndex = Low2MBoundary; PageIndex <= High2MBoundary; PageIndex += 
SIZE_2MB) {
   Pte = (UINT64*)(UINTN)(Pdpte[BitFieldRead32 ((UINT32)PageIndex, 30, 31)] 
& ~(EFI_PAGE_SIZE - 1));
-  Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages + 
IA32_PG_RW + IA32_PG_P;
+  Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages | 
PAGE_ATTRIBUTE_BITS;
   //
   // Fill in Page Table Entries
   //
@@ -819,7 +821,7 @@ Gen4GPageTable (
 GuardPage = 0;
   }
 } else {
-  Pte[Index] = PageAddress + IA32_PG_RW + IA32_PG_P;
+  Pte[Index] = PageAddress | PAGE_ATTRIBUTE_BITS;
 }
 PageAddress+= EFI_PAGE_SIZE;
   }
@@ -886,7 +888,7 @@ SetCacheability (
   NewPageTable[Index] |= (UINT64)(Index << EFI_PAGE_SHIFT);
 }
 
-PageTable[PTIndex] = ((UINTN)NewPageTableAddress & gPhyMask) | IA32_PG_P;
+PageTable[PTIndex] = ((UINTN)NewPageTableAddress & gPhyMask) | 
PAGE_ATTRIBUTE_BITS;
   }
 
   ASSERT (PageTable[PTIndex] & IA32_PG_P);
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index f2a9165..9920cd1 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h

[edk2] [patch V2 0/2] UefiCpuPkg/PiSmmCpu: Enable Write Protection in SMM.

2015-11-27 Thread jiewen yao 
This series patch enables write protection in SMM.
We always set RW+P bit for page table by default, and set WP in CR0.
So that we can use page table write-protection for code later.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen@intel.com>
Signed-off-by: "Paolo Bonzini" <pbonz...@redhat.com>
Suggested-by: "Kinney, Michael D" <michael.d.kin...@intel.com>
Tested-by: "Laszlo Ersek" <ler...@redhat.com>
Reviewed-by: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: "Fan, Jeff" <jeff@intel.com>
Cc: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: "Laszlo Ersek" <ler...@redhat.com>
Cc: "Paolo Bonzini" <pbonz...@redhat.com>

jiewen yao (2):
  UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.
  UefiCpuPkg/PiSmmCpu: Always set WP in CR0.

 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c|  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S   |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c   | 14 --
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h  | 13 -
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c  | 12 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c |  8 
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S|  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm  |  2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c  | 14 +++---
 11 files changed, 43 insertions(+), 30 deletions(-)

-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch V2 2/2] UefiCpuPkg/PiSmmCpu: Always set WP in CR0.

2015-11-27 Thread jiewen yao 
So that we can use write-protection for code later.

It is REPOST.
It includes suggestion from "Kinney, Michael D" 
For IA32 assembly, can we combine into a single OR
instruction that sets both page enable and WP?
For X64, does it make sense to use single OR instruction
instead of 2 BTS instructions as well?

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Suggested-by: "Kinney, Michael D" 
Reviewed-by: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
Cc: "Paolo Bonzini" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S   | 2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm | 2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S| 2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
index fbaa072..ec5b9a0 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
@@ -123,7 +123,7 @@ L11:
 L12:   # as cr4.PGE is not set here, 
refresh cr3
 movl%eax, %cr4 # in PreModifyMtrrs() to flush TLB.
 movl%cr0, %ebx
-orl $0x08000, %ebx # enable paging
+orl $0x08001, %ebx # enable paging + WP
 movl%ebx, %cr0
 lealDSC_OFFSET(%edi),%ebx
 movwDSC_DS(%ebx),%ax
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
index 8a12927..ac1a9b4 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
@@ -129,7 +129,7 @@ gSmiCr3 DD  ?
 @@: ; as cr4.PGE is not set here, refresh 
cr3
 mov cr4, eax; in PreModifyMtrrs() to flush TLB.
 mov ebx, cr0
-or  ebx, 08000h ; enable paging
+or  ebx, 08001h ; enable paging + WP
 mov cr0, ebx
 lea ebx, [edi + DSC_OFFSET]
 mov ax, [ebx + DSC_DS]
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
index b488b74..7e9ac58 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
@@ -144,7 +144,7 @@ Base:
 orb $1,%ah
 wrmsr
 movq%cr0, %rbx
-btsl$31, %ebx
+orl $0x08001, %ebx  # enable paging + WP
 movq%rbx, %cr0
 retf
 LongMode:   # long mode (64-bit code) starts here
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
index 4f5c03c..094cf2c 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
@@ -140,7 +140,7 @@ Base:
 or  ah, 1
 wrmsr
 mov rbx, cr0
-bts ebx, 31
+or  ebx, 08001h; enable paging + WP
 mov cr0, rbx
 retf
 @LongMode:  ; long mode (64-bit code) starts here
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move XD enable to ASM before paging enable.

2015-11-25 Thread jiewen yao 
There might be page table set SMM data region be XD.
So we have to enable XD before enable paging. Or #PF might be generated.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S   | 18 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm | 18 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c   |  7 ---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S| 20 +++-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm  | 20 +++-
 5 files changed, 74 insertions(+), 9 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
index fbaa072..7e1787c 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
@@ -122,6 +122,24 @@ L11:
 orl $BIT10, %eax
 L12:   # as cr4.PGE is not set here, 
refresh cr3
 movl%eax, %cr4 # in PreModifyMtrrs() to flush TLB.
+
+#
+# Need to test for XD support
+#
+movl$0x8000, %eax
+cpuid
+cmpl$0x8000, %eax
+jbe L13
+movl$0x8001, %eax
+cpuid
+testl   $BIT20, %edx
+jz  L13
+movl$0xc080, %ecx
+rdmsr
+orb $8,%ah # enable NXE
+wrmsr
+L13:
+
 movl%cr0, %ebx
 orl $0x08000, %ebx # enable paging
 movl%ebx, %cr0
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
index 8a12927..e6af344 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
@@ -128,6 +128,24 @@ gSmiCr3 DD  ?
 or  eax, BIT10
 @@: ; as cr4.PGE is not set here, refresh 
cr3
 mov cr4, eax; in PreModifyMtrrs() to flush TLB.
+
+;
+; Need to test for XD support
+;
+mov eax, 08000h
+cpuid
+cmp eax, 08000h
+jbe @f
+mov eax, 08001h
+cpuid
+testedx, BIT20
+jz  @f
+mov ecx, 0c080h
+rdmsr
+or  ah, 8   ; enable NXE
+wrmsr
+@@:
+
 mov ebx, cr0
 or  ebx, 08000h ; enable paging
 mov cr0, ebx
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 031a5fe..26c9a0f 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -1075,13 +1075,6 @@ SmiRendezvous (
   InitializeSpinLock (>CpuData[CpuIndex].Busy);
 }
 
-//
-// Try to enable NX
-//
-if (mXdSupported) {
-  ActivateXd ();
-}
-
 if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
   ActivateSmmProfile (CpuIndex);
 }
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
index b488b74..1d40819 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
@@ -139,9 +139,27 @@ ASM_PFX(gSmiCr3):.space  4
 call Base # push return address for retf later
 Base:
 addl$(LongMode - Base), (%rsp)  # offset for far retf, seg is the 1st 
arg
+
+#
+# Need to test for XD support
+#
+movl$0x8000, %eax
+cpuid
+cmpl$0x8000, %eax
+jbe NxeDone
+movl$0x8001, %eax
+cpuid
+testl   $BIT20, %edx
+jz  NxeDone
+movl$0xc080, %ecx
+rdmsr
+orb $8,%ah  # enable NXE
+wrmsr
+NxeDone:
+
 movl$0xc080, %ecx
 rdmsr
-orb $1,%ah
+orb $1,%ah  # enable LME
 wrmsr
 movq%cr0, %rbx
 btsl$31, %ebx
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
index 4f5c03c..6e1d3f1 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
@@ -135,9 +135,27 @@ gSmiCr3 DD  ?
 callBase   ; push return address for retf later
 Base:
 add dword ptr [rsp], @LongMode - Base; offset for far retf, seg is the 
1st arg
+
+;
+; Need to test for XD support
+;
+mov eax, 08000h
+cpuid
+cmp eax, 08000h
+jbe @f
+mov eax, 08001h
+cpuid
+testedx, BIT20
+jz  @f
+mov ecx, 0c080h
+rdmsr
+or  ah, 8  ; enable NXE
+wrmsr
+@@:
+
 mov ecx, 0c080h
 rdmsr
-or  ah, 1
+or  ah, 1  ; enable LME
 wrmsr
 mov rbx, cr0
 bts ebx, 31
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org

[edk2] [patch 1/2] UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.

2015-11-25 Thread jiewen yao 
So that we can use write-protection for code later.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  | 10 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h |  4 
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 12 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c|  6 +++---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c | 12 ++--
 5 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 26c9a0f..084d217 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -785,7 +785,7 @@ Gen4GPageTable (
   // Set Page Directory Pointers
   //
   for (Index = 0; Index < 4; Index++) {
-Pte[Index] = (UINTN)PageTable + EFI_PAGE_SIZE * (Index + 1) + IA32_PG_P;
+Pte[Index] = (UINTN)PageTable + EFI_PAGE_SIZE * (Index + 1) + 
PAGE_ATTRIBUTE_BITS;
   }
   Pte += EFI_PAGE_SIZE / sizeof (*Pte);
 
@@ -793,7 +793,7 @@ Gen4GPageTable (
   // Fill in Page Directory Entries
   //
   for (Index = 0; Index < EFI_PAGE_SIZE * 4 / sizeof (*Pte); Index++) {
-Pte[Index] = (Index << 21) + IA32_PG_PS + IA32_PG_RW + IA32_PG_P;
+Pte[Index] = (Index << 21) | IA32_PG_PS | PAGE_ATTRIBUTE_BITS;
   }
 
   if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
@@ -802,7 +802,7 @@ Gen4GPageTable (
 Pdpte = (UINT64*)PageTable;
 for (PageIndex = Low2MBoundary; PageIndex <= High2MBoundary; PageIndex += 
SIZE_2MB) {
   Pte = (UINT64*)(UINTN)(Pdpte[BitFieldRead32 ((UINT32)PageIndex, 30, 31)] 
& ~(EFI_PAGE_SIZE - 1));
-  Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages + 
IA32_PG_RW + IA32_PG_P;
+  Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages | 
PAGE_ATTRIBUTE_BITS;
   //
   // Fill in Page Table Entries
   //
@@ -819,7 +819,7 @@ Gen4GPageTable (
 GuardPage = 0;
   }
 } else {
-  Pte[Index] = PageAddress + IA32_PG_RW + IA32_PG_P;
+  Pte[Index] = PageAddress | PAGE_ATTRIBUTE_BITS;
 }
 PageAddress+= EFI_PAGE_SIZE;
   }
@@ -886,7 +886,7 @@ SetCacheability (
   NewPageTable[Index] |= (UINT64)(Index << EFI_PAGE_SHIFT);
 }
 
-PageTable[PTIndex] = ((UINTN)NewPageTableAddress & gPhyMask) | IA32_PG_P;
+PageTable[PTIndex] = ((UINTN)NewPageTableAddress & gPhyMask) | 
PAGE_ATTRIBUTE_BITS;
   }
 
   ASSERT (PageTable[PTIndex] & IA32_PG_P);
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index 9caccb5..cce2a09 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -71,15 +71,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 ///
 #define IA32_PG_P   BIT0
 #define IA32_PG_RW  BIT1
+#define IA32_PG_U   BIT2
 #define IA32_PG_WT  BIT3
 #define IA32_PG_CD  BIT4
 #define IA32_PG_A   BIT5
+#define IA32_PG_D   BIT6
 #define IA32_PG_PS  BIT7
 #define IA32_PG_PAT_2M  BIT12
 #define IA32_PG_PAT_4K  IA32_PG_PS
 #define IA32_PG_PMNTBIT62
 #define IA32_PG_NX  BIT63
 
+#define PAGE_ATTRIBUTE_BITS (IA32_PG_RW | IA32_PG_P)
+
 //
 // Size of Task-State Segment defined in IA32 Manual
 //
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index ff4e28e..ec4ec9b 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -557,9 +557,9 @@ InitPaging (
 
   // Split it
   for (Level4 = 0; Level4 < SIZE_4KB / sizeof(*Pt); Level4++) {
-Pt[Level4] = Address + ((Level4 << 12) | IA32_PG_RW | IA32_PG_P);
+Pt[Level4] = Address + ((Level4 << 12) | PAGE_ATTRIBUTE_BITS);
   } // end for PT
-  *Pte = (UINTN)Pt | IA32_PG_RW | IA32_PG_P;
+  *Pte = (UINTN)Pt | PAGE_ATTRIBUTE_BITS;
 } // end if IsAddressSplit
   } // end for PTE
 } // end for PDE
@@ -608,7 +608,7 @@ InitPaging (
 //
 // Patch to remove Present flag and RW flag
 //
-*Pte = *Pte & (INTN)(INT32)(~(IA32_PG_RW | IA32_PG_P));
+*Pte = *Pte & (INTN)(INT32)(~PAGE_ATTRIBUTE_BITS);
   }
   if (Nx && mXdSupported) {
 *Pte = *Pte | IA32_PG_NX;
@@ -621,7 +621,7 @@ InitPaging (
   }
   for (Level4 = 0; Level4 < SIZE_4KB / sizeof(*Pt); Level4++, Pt++) {
 if (!IsAddressValid (Address, )) {
-  *Pt = *Pt & (INTN)(INT32)(~(IA32_PG_RW | IA32_PG_P));
+  *Pt = *Pt & (INTN)(INT32)(~PAGE_ATTRIBUTE_BITS);
 }
 if

[edk2] [patch 3/7] MdeModulePkg/PiSmmCore: Add GetMemoryMap suppport in SmmCore.

2015-11-25 Thread jiewen yao 
We enhanced Paging support and record information in MemoryMap link list.
Most code is from DxeCore.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" 
Cc: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
---
 MdeModulePkg/Core/PiSmmCore/Page.c | 740 -
 1 file changed, 730 insertions(+), 10 deletions(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/Page.c 
b/MdeModulePkg/Core/PiSmmCore/Page.c
index 9cc2a4c..c5e094d 100644
--- a/MdeModulePkg/Core/PiSmmCore/Page.c
+++ b/MdeModulePkg/Core/PiSmmCore/Page.c
@@ -1,7 +1,7 @@
 /** @file
   SMM Memory page management functions.
 
-  Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
   This program and the accompanying materials are licensed and made available 
   under the terms and conditions of the BSD License which accompanies this 
   distribution.  The full text of the license may be found at
@@ -13,11 +13,564 @@
 **/
 
 #include "PiSmmCore.h"
+#include 
 
 #define TRUNCATE_TO_PAGES(a)  ((a) >> EFI_PAGE_SHIFT)
 
 LIST_ENTRY  mSmmMemoryMap = INITIALIZE_LIST_HEAD_VARIABLE (mSmmMemoryMap);
 
+//
+// For GetMemoryMap()
+//
+
+#define MEMORY_MAP_SIGNATURE   SIGNATURE_32('m','m','a','p')
+typedef struct {
+  UINTN   Signature;
+  LIST_ENTRY  Link;
+
+  BOOLEAN FromStack;
+  EFI_MEMORY_TYPE Type;
+  UINT64  Start;
+  UINT64  End;
+
+} MEMORY_MAP;
+
+LIST_ENTRYgMemoryMap  = INITIALIZE_LIST_HEAD_VARIABLE (gMemoryMap);
+
+
+#define MAX_MAP_DEPTH 6
+
+///
+/// mMapDepth - depth of new descriptor stack
+///
+UINTN mMapDepth = 0;
+///
+/// mMapStack - space to use as temp storage to build new map descriptors
+///
+MEMORY_MAPmMapStack[MAX_MAP_DEPTH];
+UINTN mFreeMapStack = 0;
+///
+/// This list maintain the free memory map list
+///
+LIST_ENTRY   mFreeMemoryMapEntryList = INITIALIZE_LIST_HEAD_VARIABLE 
(mFreeMemoryMapEntryList);
+
+/**
+  Allocates pages from the memory map.
+
+  @param  Type   The type of allocation to perform.
+  @param  MemoryType The type of memory to turn the allocated pages
+ into.
+  @param  NumberOfPages  The number of pages to allocate.
+  @param  Memory A pointer to receive the base allocated memory
+ address.
+  @param  AddRegion  If this memory is new added region.
+
+  @retval EFI_INVALID_PARAMETER  Parameters violate checking rules defined in 
spec.
+  @retval EFI_NOT_FOUND  Could not allocate pages match the 
requirement.
+  @retval EFI_OUT_OF_RESOURCES   No enough pages to allocate.
+  @retval EFI_SUCCESSPages successfully allocated.
+
+**/
+EFI_STATUS
+SmmInternalAllocatePagesEx (
+  IN  EFI_ALLOCATE_TYPE Type,
+  IN  EFI_MEMORY_TYPE   MemoryType,
+  IN  UINTN NumberOfPages,
+  OUT EFI_PHYSICAL_ADDRESS  *Memory,
+  IN  BOOLEAN   AddRegion
+  );
+  
+/**
+  Internal function.  Deque a descriptor entry from the 
mFreeMemoryMapEntryList.
+  If the list is emtry, then allocate a new page to refuel the list.
+  Please Note this algorithm to allocate the memory map descriptor has a 
property
+  that the memory allocated for memory entries always grows, and will never 
really be freed.
+
+  @return The Memory map descriptor dequed from the mFreeMemoryMapEntryList
+
+**/
+MEMORY_MAP *
+AllocateMemoryMapEntry (
+  VOID
+  )
+{
+  EFI_PHYSICAL_ADDRESS   Mem;
+  EFI_STATUS Status;
+  MEMORY_MAP*FreeDescriptorEntries;
+  MEMORY_MAP*Entry;
+  UINTN  Index;
+
+  if (IsListEmpty ()) {
+//
+// The list is empty, to allocate one page to refuel the list
+//
+Status = SmmInternalAllocatePagesEx (
+   AllocateAnyPages,
+   EfiRuntimeServicesData,
+   EFI_SIZE_TO_PAGES(DEFAULT_PAGE_ALLOCATION),
+   ,
+   TRUE
+   );
+ASSERT_EFI_ERROR (Status);
+if(!EFI_ERROR (Status)) {
+  FreeDescriptorEntries = (MEMORY_MAP *)(UINTN)Mem;
+  //
+  // Enque the free memmory map entries into the list
+  //
+  for (Index = 0; Index< DEFAULT_PAGE_ALLOCATION / sizeof(MEMORY_MAP); 
Index++) {
+FreeDescriptorEntries[Index].Signature = MEMORY_MAP_SIGNATURE;
+InsertTailList (, 
[Index].Link);
+  }
+} else {
+  return NULL;
+}
+  }
+  //
+  // dequeue the first descriptor from the list
+  //
+  Entry = CR (mFreeMemoryMapEntryList.ForwardLink, MEMORY_MAP, Link, 
MEMORY_MAP_SIGNATURE);
+  RemoveEntryList (>Link);
+
+  return Entry;
+}
+
+
+/**
+  Internal function.  Moves any memory descriptors that are on the
+  temporary descriptor stack to heap.
+
+**/
+VOID
+CoreFreeMemoryMapStack (
+

[edk2] [patch 4/7] MdeModulePkg/PiSmmCore: Add free SMRAM before allocated SMRAM.

2015-11-25 Thread jiewen yao 
In order record SMM memory map information, we need add free SMRAM at first,
then allocated SMRAM. The reason is that, once a new SMRAM region is added,
the memory map link list will be allocated to record such information.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" 
Cc: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
---
 MdeModulePkg/Core/PiSmmCore/Pool.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c 
b/MdeModulePkg/Core/PiSmmCore/Pool.c
index 761988e..64f09b3 100644
--- a/MdeModulePkg/Core/PiSmmCore/Pool.c
+++ b/MdeModulePkg/Core/PiSmmCore/Pool.c
@@ -86,8 +86,24 @@ SmmInitializeMemoryServices (
   }
   //
   // Initialize free SMRAM regions
+  // Need add Free memory at first, to let gSmmMemoryMap record data
   //
   for (Index = 0; Index < SmramRangeCount; Index++) {
+if ((SmramRanges[Index].RegionState & (EFI_ALLOCATED | EFI_NEEDS_TESTING | 
EFI_NEEDS_ECC_INITIALIZATION)) != 0) {
+  continue;
+}
+SmmAddMemoryRegion (
+  SmramRanges[Index].CpuStart,
+  SmramRanges[Index].PhysicalSize,
+  EfiConventionalMemory,
+  SmramRanges[Index].RegionState
+  );
+  }
+
+  for (Index = 0; Index < SmramRangeCount; Index++) {
+if ((SmramRanges[Index].RegionState & (EFI_ALLOCATED | EFI_NEEDS_TESTING | 
EFI_NEEDS_ECC_INITIALIZATION)) == 0) {
+  continue;
+}
 SmmAddMemoryRegion (
   SmramRanges[Index].CpuStart,
   SmramRanges[Index].PhysicalSize,
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 6/7] MdeModulePkg/PiSmmCore: Add PiSmmMemoryAttributesTable support.

2015-11-25 Thread jiewen yao 
Add function declaration in header file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" 
Cc: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
---
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 75 +
 1 file changed, 75 insertions(+)

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h 
b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
index 0e9c92a..7dbf9fc 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
@@ -956,6 +956,81 @@ SmramProfileReadyToLock (
   VOID
   );
 
+/**
+  Initialize MemoryAttributes support.
+**/
+VOID
+EFIAPI
+SmmCoreInitializeMemoryAttributesTable (
+  VOID
+  );
+
+/**
+  Insert image record.
+
+  @param  RuntimeImageRuntime image information
+**/
+VOID
+SmmInsertImageRecord (
+  IN EFI_SMM_DRIVER_ENTRY   *DriverEntry
+  );
+
+/**
+  Remove Image record.
+
+  @param  RuntimeImageRuntime image information
+**/
+VOID
+SmmRemoveImageRecord (
+  IN EFI_SMM_DRIVER_ENTRY   *DriverEntry
+  );
+
+/**
+  This function returns a copy of the current memory map. The map is an array 
of
+  memory descriptors, each of which describes a contiguous block of memory.
+
+  @param  MemoryMapSize  A pointer to the size, in bytes, of the
+ MemoryMap buffer. On input, this is the size 
of
+ the buffer allocated by the caller.  On 
output,
+ it is the size of the buffer returned by the
+ firmware  if the buffer was large enough, or 
the
+ size of the buffer needed  to contain the map 
if
+ the buffer was too small.
+  @param  MemoryMap  A pointer to the buffer in which firmware 
places
+ the current memory map.
+  @param  MapKey A pointer to the location in which firmware
+ returns the key for the current memory map.
+  @param  DescriptorSize A pointer to the location in which firmware
+ returns the size, in bytes, of an individual
+ EFI_MEMORY_DESCRIPTOR.
+  @param  DescriptorVersion  A pointer to the location in which firmware
+ returns the version number associated with the
+ EFI_MEMORY_DESCRIPTOR.
+
+  @retval EFI_SUCCESSThe memory map was returned in the MemoryMap
+ buffer.
+  @retval EFI_BUFFER_TOO_SMALL   The MemoryMap buffer was too small. The 
current
+ buffer size needed to hold the memory map is
+ returned in MemoryMapSize.
+  @retval EFI_INVALID_PARAMETER  One of the parameters has an invalid value.
+
+**/
+EFI_STATUS
+EFIAPI
+SmmCoreGetMemoryMap (
+  IN OUT UINTN  *MemoryMapSize,
+  IN OUT EFI_MEMORY_DESCRIPTOR  *MemoryMap,
+  OUT UINTN *MapKey,
+  OUT UINTN *DescriptorSize,
+  OUT UINT32*DescriptorVersion
+  );
+
+///
+/// For generic EFI machines make the default allocations 4K aligned
+///
+#define EFI_ACPI_RUNTIME_PAGE_ALLOCATION_ALIGNMENT  (EFI_PAGE_SIZE)
+#define DEFAULT_PAGE_ALLOCATION (EFI_PAGE_SIZE)
+
 extern UINTNmFullSmramRangeCount;
 extern EFI_SMRAM_DESCRIPTOR *mFullSmramRanges;
 
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 1/7] MdeModulePkg/PiSmmCore: Add EDKII PI SMM Memory Attribute table.

2015-11-25 Thread jiewen yao 
This table is to let SMM core report SMM memory layout,
especially SMM PE/COFF driver information.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" 
Cc: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
---
 .../Include/Guid/PiSmmMemoryAttributesTable.h  | 49 ++
 MdeModulePkg/MdeModulePkg.dec  |  4 +-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h

diff --git a/MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h 
b/MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h
new file mode 100644
index 000..12c2f9a
--- /dev/null
+++ b/MdeModulePkg/Include/Guid/PiSmmMemoryAttributesTable.h
@@ -0,0 +1,49 @@
+/** @file
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available 
under 
+the terms and conditions of the BSD License that accompanies this 
distribution.  
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
  
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,  
   
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _PI_SMM_MEMORY_ATTRIBUTES_TABLE_H_
+#define _PI_SMM_MEMORY_ATTRIBUTES_TABLE_H_
+
+#define EDKII_PI_SMM_MEMORY_ATTRIBUTES_TABLE_GUID {\
+  0x6b9fd3f7, 0x16df, 0x45e8, {0xbd, 0x39, 0xb9, 0x4a, 0x66, 0x54, 0x1a, 0x5d} 
\
+}
+
+//
+// The PI SMM memory attribute table contains the SMM memory map for SMM image.
+//
+// This table is installed to SMST as SMM configuration table.
+//
+// This table is published at gEfiSmmEndOfDxeProtocolGuid notification, because
+// there should be no more SMM driver loaded after that. The 
EfiRuntimeServicesCode
+// region should not be changed any more.
+//
+// This table is published, if and only if all SMM PE/COFFs have aligned 
section
+// as specified in UEFI specification Section 2.3. For example, IA32/X64 
alignment is 4KiB.
+//
+// If this table is published, the EfiRuntimeServicesCode contains code only
+// and it is EFI_MEMORY_RO; the EfiRuntimeServicesData contains data only
+// and it is EFI_MEMORY_XP.
+//
+typedef struct {
+  UINT32Version;
+  UINT32NumberOfEntries;
+  UINT32DescriptorSize;
+  UINT32Reserved;
+//EFI_MEMORY_DESCRIPTOR Entry[1];
+} EDKII_PI_SMM_MEMORY_ATTRIBUTES_TABLE;
+
+#define EDKII_PI_SMM_MEMORY_ATTRIBUTES_TABLE_VERSION  0x0001
+
+extern EFI_GUID gEdkiiPiSmmMemoryAttributesTableGuid;
+
+#endif
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 270277e..f48e361 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -334,7 +334,9 @@
 
   gEfiIfrFrontPageGuid= { 0xe58809f8, 0xfbc1, 0x48e2, { 0x88, 0x3a, 
0xa3, 0x0f, 0xdc, 0x4b, 0x44, 0x1e } }
 
-  
+  ## Include/Guid/PiSmmMemoryAttributesTable.h
+  gEdkiiPiSmmMemoryAttributesTableGuid = { 0x6b9fd3f7, 0x16df, 0x45e8, {0xbd, 
0x39, 0xb9, 0x4a, 0x66, 0x54, 0x1a, 0x5d}}
+
 [Ppis]
   ## Include/Ppi/AtaController.h
   gPeiAtaControllerPpiGuid   = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a, 
0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 5/7] MdeModulePkg/PiSmmCore: Add PiSmmMemoryAttributesTable support.

2015-11-25 Thread jiewen yao 
Add SmmCoreInitializeMemoryAttributesTable() in PiSmmCore entrypoint.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" 
Cc: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
---
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c 
b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
index 7245f20..7df99a3 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
@@ -635,5 +635,7 @@ SmmMain (
 
   SmmCoreInstallLoadedImage ();
 
+  SmmCoreInitializeMemoryAttributesTable ();
+
   return EFI_SUCCESS;
 }
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 7/7] MdeModulePkg/PiSmmCore: Add PiSmmMemoryAttributesTable support.

2015-11-25 Thread jiewen yao 
Add new file and library in INF.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" 
Cc: "Kinney, Michael D" 
Cc: "Fan, Jeff" 
---
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf 
b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
index 9c06b2a..d893279 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
@@ -38,6 +38,7 @@
   Smi.c
   InstallConfigurationTable.c
   SmramProfileRecord.c
+  MemoryAttributesTable.c
 
 [Packages]
   MdePkg/MdePkg.dec
@@ -61,6 +62,7 @@
   TimerLib
   HobLib
   SmmMemLib
+  PeCoffGetEntryPointLib
 
 [Protocols]
   gEfiDxeSmmReadyToLockProtocolGuid ## UNDEFINED # 
SmiHandlerRegister
@@ -93,6 +95,7 @@
   ## SOMETIMES_PRODUCES   ## GUID # SmiHandlerRegister
   gEdkiiMemoryProfileGuid
   gZeroGuid ## SOMETIMES_CONSUMES   ## GUID
+  gEdkiiPiSmmMemoryAttributesTableGuid  ## SOMETIMES_PRODUCES   ## 
SmmSystemTable
 
 [UserExtensions.TianoCore."ExtraFiles"]
   PiSmmCoreExtra.uni
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Allocate Tile size based on Page.

2015-11-24 Thread jiewen yao 
We had better separate code from data in tile in page level,
so that other program may use page level protection on that.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 17 +
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
index 2489848..9ca3620 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -760,6 +760,9 @@ PiCpuSmmEntry (
   UINTN  NumberOfEnabledProcessors;
   UINTN  Index;
   VOID   *Buffer;
+  UINTN  BufferPages;
+  UINTN  TileCodeSize;
+  UINTN  TileDataSize;
   UINTN  TileSize;
   VOID   *GuidHob;
   EFI_SMRAM_DESCRIPTOR   *SmramDescriptor;
@@ -937,9 +940,13 @@ PiCpuSmmEntry (
   // specific context in a PROCESSOR_SMM_DESCRIPTOR, and the SMI entry point.  
This size
   // is rounded up to nearest power of 2.
   //
-  TileSize = sizeof (SMRAM_SAVE_STATE_MAP) + sizeof (PROCESSOR_SMM_DESCRIPTOR) 
+ GetSmiHandlerSize () - 1;
+  TileCodeSize = GetSmiHandlerSize ();
+  TileCodeSize = ALIGN_VALUE(TileCodeSize, SIZE_4KB);
+  TileDataSize = sizeof (SMRAM_SAVE_STATE_MAP) + sizeof 
(PROCESSOR_SMM_DESCRIPTOR);
+  TileDataSize = ALIGN_VALUE(TileDataSize, SIZE_4KB);
+  TileSize = TileDataSize + TileCodeSize - 1;
   TileSize = 2 * GetPowerOfTwo32 ((UINT32)TileSize);
-  DEBUG ((EFI_D_INFO, "SMRAM TileSize = %08x\n", TileSize));
+  DEBUG ((EFI_D_INFO, "SMRAM TileSize = 0x%08x (0x%08x, 0x%08x)\n", TileSize, 
TileCodeSize, TileDataSize));
 
   //
   // If the TileSize is larger than space available for the SMI Handler of 
CPU[i],
@@ -961,12 +968,14 @@ PiCpuSmmEntry (
   // Intel486 processors: FamilyId is 4
   // Pentium processors : FamilyId is 5
   //
+  BufferPages = EFI_SIZE_TO_PAGES (SIZE_32KB + TileSize * (mMaxNumberOfCpus - 
1));
   if ((FamilyId == 4) || (FamilyId == 5)) {
-Buffer = AllocateAlignedPages (EFI_SIZE_TO_PAGES (SIZE_32KB + TileSize * 
(mMaxNumberOfCpus - 1)), SIZE_32KB);
+Buffer = AllocateAlignedPages (BufferPages, SIZE_32KB);
   } else {
-Buffer = AllocatePages (EFI_SIZE_TO_PAGES (SIZE_32KB + TileSize * 
(mMaxNumberOfCpus - 1)));
+Buffer = AllocateAlignedPages (BufferPages, SIZE_4KB);
   }
   ASSERT (Buffer != NULL);
+  DEBUG ((EFI_D_INFO, "SMRAM SaveState Buffer (0x%08x, 0x%08x)\n", Buffer, 
EFI_PAGES_TO_SIZE(BufferPages)));
 
   //
   // Allocate buffer for pointers to array in  SMM_CPU_PRIVATE_DATA.
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 3/3] UefiCpuPkg/PiSmmCpu: Update function call for 2 new APIs in SmmCpuFeatureLib.

2015-11-24 Thread jiewen yao 
All page table allocation will use AllocatePageTableMemory().
Add SmmCpuFeaturesCompleteSmmReadyToLock() to PerformRemainingTasks() and 
PerformPreTasks().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  |  4 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 31 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 18 +
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c |  2 +-
 4 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 8a77280..b4ec36e 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -770,7 +770,7 @@ Gen4GPageTable (
   //
   // Allocate the page table
   //
-  PageTable = AllocatePages (ExtraPages + 5 + PagesNeeded);
+  PageTable = AllocatePageTableMemory (ExtraPages + 5 + PagesNeeded);
   ASSERT (PageTable != NULL);
 
   PageTable = (VOID *)((UINTN)PageTable + EFI_PAGES_TO_SIZE (ExtraPages));
@@ -872,7 +872,7 @@ SetCacheability (
 //
 // Allocate a page from SMRAM
 //
-NewPageTableAddress = AllocatePages (1);
+NewPageTableAddress = AllocatePageTableMemory (1);
 ASSERT (NewPageTableAddress != NULL);
 
 NewPageTable = (UINT64 *)NewPageTableAddress;
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
index 9ca3620..bc571ec 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -1416,6 +1416,33 @@ ConfigSmmCodeAccessCheck (
 }
 
 /**
+  This API provides a way to allocate memory for page table.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+AllocatePageTableMemory (
+  IN UINTN   Pages
+  )
+{
+  VOID  *Buffer;
+
+  Buffer = SmmCpuFeaturesAllocatePageTableMemory (Pages);
+  if (Buffer != NULL) {
+return Buffer;
+  }
+  return AllocatePages (Pages);
+}
+
+/**
   Perform the remaining tasks.
 
 **/
@@ -1440,6 +1467,8 @@ PerformRemainingTasks (
 //
 ConfigSmmCodeAccessCheck ();
 
+SmmCpuFeaturesCompleteSmmReadyToLock ();
+
 //
 // Clean SMM ready to lock flag
 //
@@ -1464,6 +1493,8 @@ PerformPreTasks (
 // Configure SMM Code Access Check feature if available.
 //
 ConfigSmmCodeAccessCheck ();
+
+SmmCpuFeaturesCompleteSmmReadyToLock ();
 
 mRestoreSmmConfigurationInS3 = FALSE;
   }
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index 96d55c0..867bf2f 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -703,4 +703,22 @@ VOID
 DumpModuleInfoByIp (
   IN  UINTN  CallerIpAddress
   );
+
+/**
+  This API provides a way to allocate memory for page table.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+AllocatePageTableMemory (
+  IN UINTN   Pages
+  );
 #endif
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 8ddde9a..ff4e28e 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -552,7 +552,7 @@ InitPaging (
   //
   ASSERT (Address == (*Pte & PHYSICAL_ADDRESS_MASK));
 
-  Pt = AllocatePages (1);
+  Pt = AllocatePageTableMemory (1);
   ASSERT (Pt != NULL);
 
   // Split it
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 1/3] UefiCpuPkg/PiSmmCpu: Add 2 APIs in SmmCpuFeaturesLib.

2015-11-24 Thread jiewen yao 
SmmCpuFeaturesCompleteSmmReadyToLock() is a hook point to allow
CPU specific code to do more registers setting after
the gEfiSmmReadyToLockProtocolGuid notification is completely processed.

SmmCpuFeaturesAllocatePageTableMemory() is an API to allow
CPU to allocate a specific region for storing page tables.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h | 33 ++
 1 file changed, 33 insertions(+)

diff --git a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h 
b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
index d1c7a8a..dba78f0 100644
--- a/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
+++ b/UefiCpuPkg/Include/Library/SmmCpuFeaturesLib.h
@@ -363,4 +363,37 @@ SmmCpuFeaturesWriteSaveStateRegister (
   IN CONST VOID   *Buffer
   );
 
+/**
+  This function is hook point called after the gEfiSmmReadyToLockProtocolGuid
+  notification is completely processed.
+**/
+VOID
+EFIAPI
+SmmCpuFeaturesCompleteSmmReadyToLock (
+  VOID
+  );
+
+/**
+  This API provides a method for a CPU to allocate a specific region for 
storing page tables.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+  
+  This function can also return NULL if there is no preference on where the 
page tables are allocated in SMRAM.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer for page tables.
+  @retval NULL  Fail to allocate a specific region for storing page tables,
+Or there is no preference on where the page tables are 
allocated in SMRAM.
+
+**/
+VOID *
+EFIAPI
+SmmCpuFeaturesAllocatePageTableMemory (
+  IN UINTN   Pages
+  );
+
 #endif
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 2/3] UefiCpuPkg/PiSmmCpu: Add NULL func for 2 new APIs in SmmCpuFeaturesLib.

2015-11-24 Thread jiewen yao 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 .../Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c  | 39 ++
 1 file changed, 39 insertions(+)

diff --git a/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c 
b/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
index b839d31..d193f6c 100644
--- a/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
+++ b/UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
@@ -615,3 +615,42 @@ SmmCpuFeaturesWriteSaveStateRegister (
 {
   return EFI_UNSUPPORTED;
 }
+
+/**
+  This function is hook point called after the gEfiSmmReadyToLockProtocolGuid
+  notification is completely processed.
+**/
+VOID
+EFIAPI
+SmmCpuFeaturesCompleteSmmReadyToLock (
+  VOID
+  )
+{
+}
+
+/**
+  This API provides a method for a CPU to allocate a specific region for 
storing page tables.
+
+  Allocates the number of 4KB pages of type EfiRuntimeServicesData and returns 
a pointer to the
+  allocated buffer.  The buffer returned is aligned on a 4KB boundary.  If 
Pages is 0, then NULL
+  is returned.  If there is not enough memory remaining to satisfy the 
request, then NULL is
+  returned.
+  
+  This function can also return NULL if there is no preference on where the 
page tables are allocated in SMRAM.
+
+  @param  Pages The number of 4 KB pages to allocate.
+
+  @return A pointer to the allocated buffer for page tables.
+  @retval NULL  Fail to allocate a specific region for storing page tables,
+Or there is no preference on where the page tables are 
allocated in SMRAM.
+
+**/
+VOID *
+EFIAPI
+SmmCpuFeaturesAllocatePageTableMemory (
+  IN UINTN   Pages
+  )
+{
+  return NULL;
+}
+
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move IDT to page aligned memory.

2015-11-24 Thread jiewen yao 
The previous IDT is not in page aligned memory.
We allocate and copy it in page aligned memory, so that
other program may use page level protection on that.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 06ffc6d..031a5fe 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -1218,6 +1218,7 @@ InitializeMpServiceData (
   PROCESSOR_SMM_DESCRIPTOR  *Psd;
   UINT8 *GdtTssTables;
   UINTN GdtTableStepSize;
+  VOID  *IdtBase;
 
   //
   // Initialize physical address mask
@@ -1232,6 +1233,14 @@ InitializeMpServiceData (
   //
   Cr3 = SmmInitPageTable ();
 
+  //
+  // Allocate and Copy because previous IdtBase might not be 4K aligned.
+  //
+  IdtBase  = AllocatePages (EFI_SIZE_TO_PAGES(gcSmiIdtr.Limit + 1));
+  ASSERT (IdtBase != 0);
+  CopyMem (IdtBase, (VOID *)gcSmiIdtr.Base, gcSmiIdtr.Limit + 1);
+  gcSmiIdtr.Base = (UINTN)IdtBase;
+
   GdtTssTables = InitGdt (Cr3, );
 
   //
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move XD enable to ASM before paging enable.

2015-11-25 Thread jiewen yao 
There might be page table set SMM data region be XD.
So we have to enable XD before enable paging. Or #PF might be generated.

mXdSupported is moved from C to ASM, because protected mode code can not refer 
global variable in long mode ASM.
MSR_EFER/MSR_EFER_XD macro is moved from H to ASM as well.
Unused ActivateXd() function is totally removed.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S  | 16 
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm| 16 
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  |  7 ---
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 24 
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.h | 15 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h |  3 ---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S   | 20 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm | 19 +--
 8 files changed, 73 insertions(+), 47 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
index ec5b9a0..9587496 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
@@ -24,9 +24,13 @@ ASM_GLOBAL  ASM_PFX(gcSmiHandlerSize)
 ASM_GLOBAL  ASM_PFX(gSmiCr3)
 ASM_GLOBAL  ASM_PFX(gSmiStack)
 ASM_GLOBAL  ASM_PFX(gSmbase)
+ASM_GLOBAL  ASM_PFX(mXdSupported)
 ASM_GLOBAL  ASM_PFX(FeaturePcdGet (PcdCpuSmmStackGuard))
 ASM_GLOBAL  ASM_PFX(gSmiHandlerIdtr)
 
+.equMSR_EFER, 0xc080
+.equMSR_EFER_XD, 0x800
+
 .equDSC_OFFSET, 0xfb00
 .equDSC_GDTPTR, 0x30
 .equDSC_GDTSIZ, 0x38
@@ -122,6 +126,18 @@ L11:
 orl $BIT10, %eax
 L12:   # as cr4.PGE is not set here, 
refresh cr3
 movl%eax, %cr4 # in PreModifyMtrrs() to flush TLB.
+
+# enable NXE if supported
+.byte   0xb0   # mov al, imm8
+ASM_PFX(mXdSupported): .space 1
+cmpb$0, %al
+jz  L13
+movl$MSR_EFER, %ecx
+rdmsr
+orw $MSR_EFER_XD,%ax   # enable NXE
+wrmsr
+L13:
+
 movl%cr0, %ebx
 orl $0x08001, %ebx # enable paging + WP
 movl%ebx, %cr0
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
index ac1a9b4..5a112e1 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
@@ -22,6 +22,9 @@
 .model  flat,C
 .xmm
 
+MSR_EFER  EQU 0c080h
+MSR_EFER_XD   EQU 0800h
+
 DSC_OFFSETEQU 0fb00h
 DSC_GDTPTREQU 30h
 DSC_GDTSIZEQU 38h
@@ -43,6 +46,7 @@ EXTERNDEF   gcSmiHandlerSize:WORD
 EXTERNDEF   gSmiCr3:DWORD
 EXTERNDEF   gSmiStack:DWORD
 EXTERNDEF   gSmbase:DWORD
+EXTERNDEF   mXdSupported:BYTE
 EXTERNDEF   FeaturePcdGet (PcdCpuSmmStackGuard):BYTE
 EXTERNDEF   gSmiHandlerIdtr:FWORD
 
@@ -128,6 +132,18 @@ gSmiCr3 DD  ?
 or  eax, BIT10
 @@: ; as cr4.PGE is not set here, refresh 
cr3
 mov cr4, eax; in PreModifyMtrrs() to flush TLB.
+
+; enable NXE if supported
+DB  0b0h; mov al, imm8
+mXdSupported DB  0
+cmp al, 0
+jz  @f
+mov ecx, MSR_EFER
+rdmsr
+or  ax, MSR_EFER_XD ; enable NXE
+wrmsr
+@@:
+
 mov ebx, cr0
 or  ebx, 08001h ; enable paging + WP
 mov cr0, ebx
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 99d03c4..41f57c0 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -1075,13 +1075,6 @@ SmiRendezvous (
   InitializeSpinLock (>CpuData[CpuIndex].Busy);
 }
 
-//
-// Try to enable NX
-//
-if (mXdSupported) {
-  ActivateXd ();
-}
-
 if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
   ActivateSmmProfile (CpuIndex);
 }
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index ec4ec9b..f65ae87 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -30,11 +30,6 @@ UINTN mSmmProfileSize;
 UINTN mMsrDsAreaSize   = SMM_PROFILE_DTS_SIZE;
 
 //
-// The flag indicates if execute-disable is supported by processor.
-//
-BOOLEAN   mXdSupported = FALSE;
-
-//
 // The flag indicates if execute-disable is enabled on processor.
 //
 BOOLEAN   mXdEnabled   = FALSE;
@@ -1020,25 +1015,6 @@ CheckProcessorFeature (
 }
 
 /**
-  Enable XD feature.
-
-**/
-VOID
-ActivateXd (
-  VOID
-  )
-{
-  UINT64

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move IDT to page aligned memory.

2015-11-26 Thread jiewen yao 
The IDT in ASM is removed. We rely on C code to allocate IDT.
We also move InitializeIDTSmmStackGuard() from ASM to C file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S   | 224 +
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm |  34 +---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c   |  24 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c  |  13 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S| 249 +---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm  |  33 +---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c|  21 ++
 7 files changed, 72 insertions(+), 526 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S
index 4130bf5..eb41410 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S
@@ -24,6 +24,7 @@ ASM_GLOBAL  ASM_PFX(PageFaultStubFunction)
 ASM_GLOBAL  ASM_PFX(gSmiMtrrs)
 ASM_GLOBAL  ASM_PFX(gcSmiIdtr)
 ASM_GLOBAL  ASM_PFX(gcSmiGdtr)
+ASM_GLOBAL  ASM_PFX(gTaskGateDescriptor)
 ASM_GLOBAL  ASM_PFX(gcPsd)
 ASM_GLOBAL  ASM_PFX(FeaturePcdGet (PcdCpuSmmProfileEnable))
 
@@ -236,207 +237,10 @@ ASM_PFX(gcPsd):
 ASM_PFX(gcSmiGdtr):  .word  GDT_SIZE - 1
  .long  NullSeg
 
-ASM_PFX(gcSmiIdtr):  .word  IDT_SIZE - 1
- .long  _SmiIDT
-
-_SmiIDT:
-# The following segment repeats 32 times:
-# No. 1
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 2
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 3
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 4
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 5
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 6
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 7
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 8
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 9
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 10
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 11
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 12
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-.word 0 # Offset 16:31
-# No. 13
-.word 0 # Offset 0:15
-.word  CODE_SEL
-.byte 0 # Unused
-.byte 0x8e  # Interrupt Gate, Present
-

[edk2] [patch] UefiCpuPkg/CpuExceptionHandlerLib: Skip CR restore for SMM handler.

2015-11-26 Thread jiewen yao 
In SMM, we skip CR restore. The CR should always be right
and should no be touched.
mDoFarReturnFlag is changed to mSmmFlag to indicate all
difference between normal mode and SMM.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 .../Library/CpuExceptionHandlerLib/CpuExceptionCommon.h   |  2 +-
 UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c  |  2 +-
 .../CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.S | 14 --
 .../CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.asm   | 14 --
 .../Library/CpuExceptionHandlerLib/SecPeiCpuException.c   |  2 +-
 UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmException.c  |  2 +-
 .../CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.S  | 15 +--
 .../CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.asm| 14 --
 8 files changed, 53 insertions(+), 12 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
index b28e9c5..9fc0bd5 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
@@ -42,7 +42,7 @@ typedef struct {
 
 extern CONST UINT32mErrorCodeFlag;
 extern CONST UINTN mImageAlignSize;
-extern CONST UINTN mDoFarReturnFlag;
+extern CONST UINTN mSmmFlag;
 extern RESERVED_VECTORS_DATA   *mReservedVectors;
 
 /**
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c
index 6739a2c..c11fb96 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c
@@ -17,7 +17,7 @@
 #include 
 #include 
 
-CONST UINTNmDoFarReturnFlag  = 0;
+CONST UINTNmSmmFlag  = 0;
 
 extern SPIN_LOCK   mDisplayMessageSpinLock;
 extern EFI_CPU_INTERRUPT_HANDLER   *mExternalInterruptHandler;
diff --git 
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.S 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.S
index 3676809..8d65e76 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.S
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.S
@@ -26,7 +26,7 @@ ASM_GLOBAL ASM_PFX(CommonInterruptEntry)
 ASM_GLOBAL ASM_PFX(HookAfterStubHeaderEnd)
 
 #EXTRN ASM_PFX(mErrorCodeFlag):DWORD   # Error code flags for 
exceptions
-#EXTRN ASM_PFX(mDoFarReturnFlag):DWORD # Do far return flag
+#EXTRN ASM_PFX(mSmmFlag):DWORD # Is it handler for SMM?
 
 .text
 
@@ -456,6 +456,7 @@ ErrorCodeAndVectorOnStack:
 popl%ebx # retore value of ebx that was 
overwritten
  # by CPUID 
 movl%cr4, %eax
+movl%eax, %ecx
 pushl   %eax # push cr4 firstly
 testl   $BIT24, %edx # Test for FXSAVE/FXRESTOR support
 jz  L1
@@ -465,7 +466,10 @@ L1:
 jz  L2
 orl $BIT3, %eax  # Set CR4.DE
 L2:
+cmpl%ecx, %eax
+jz  Cr4Done
 movl%eax, %cr4
+Cr4Done:
 movl%cr3, %eax
 pushl   %eax
 movl%cr2, %eax
@@ -536,6 +540,11 @@ L4:
 #; or debuggers set breakpoint in interrupt/exception context
 addl$24, %esp
 
+cmpl$0, ASM_PFX(mSmmFlag)   # Check if need skip WriteCr
+jz  CrRestore
+addl$20, %esp
+jmp CrDone
+CrRestore:
 #; UINT32  Cr0, Cr1, Cr2, Cr3, Cr4;
 popl%eax
 movl%eax, %cr0
@@ -546,6 +555,7 @@ L4:
 movl%eax, %cr3
 popl%eax
 movl%eax, %cr4
+CrDone:
 
 #; UINT32  EFlags;
 popl20(%ebp)
@@ -595,7 +605,7 @@ ErrorCode:
 jmp *-12(%esp)
 
 DoReturn:
-cmpl$0, ASM_PFX(mDoFarReturnFlag)
+cmpl$0, ASM_PFX(mSmmFlag)
 jz  DoIret
 pushl   8(%esp)   # save EFLAGS
 addl$16, %esp
diff --git 
a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.asm 
b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.asm
index 12bbec0..177bdd9 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.asm
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.asm
@@ -31,7 +31,7 @@ CommonExceptionHandler PROTO   C
 .data
 
 EXTRN mErrorCodeFlag:DWORD; Error code flags for exceptions
-EXTRN mDoFarReturnFlag:DWORD  ; Do far return flag
+EXTRN mSmmFlag:DWORD  ; Is it handler for SMM?
 
 .code
 
@@ -256,6 +256,7 @@ ErrorCodeAndVectorOnStack:
 ; are supported
 pop ebx ; retore value of ebx that was overwritten by CPUID 
 mov eax, cr4
+

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Correct TSS segment.

2015-11-23 Thread jiewen yao 
TSS segment should use (SIZE - 1) as limit, and do not set G bit (highest bit 
of LimitHigh) because limit means byte count.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Fan, Jeff 
Cc: Kinney, Michael D 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S   | 8 
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm | 8 
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S| 4 ++--
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm  | 4 ++--
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S
index 69dfd94..4130bf5 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.S
@@ -82,18 +82,18 @@ CodeSeg64:
 .equ  GDT_SIZE, .- NullSeg
 
 TssSeg:
-.word  TSS_DESC_SIZE   # LimitLow
+.word  TSS_DESC_SIZE -1# LimitLow
 .word  0   # BaseLow
 .byte  0   # BaseMid
 .byte  0x89
-.byte  0x80# LimitHigh
+.byte  0x00# LimitHigh
 .byte  0   # BaseHigh
 ExceptionTssSeg:
-.word  TSS_DESC_SIZE   # LimitLow
+.word  TSS_DESC_SIZE - 1   # LimitLow
 .word  0   # BaseLow
 .byte  0   # BaseMid
 .byte  0x89
-.byte  0x80# LimitHigh
+.byte  0x00# LimitHigh
 .byte  0   # BaseHigh
 
 .equ  CODE_SEL,  CodeSeg32 - NullSeg
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm
index 65a120e..b4eb492 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.asm
@@ -85,18 +85,18 @@ CodeSeg64   LABEL   QWORD
 GDT_SIZE = $ - offset NullSeg
 
 TssSeg  LABEL   QWORD
-DW  TSS_DESC_SIZE   ; LimitLow
+DW  TSS_DESC_SIZE - 1   ; LimitLow
 DW  0   ; BaseLow
 DB  0   ; BaseMid
 DB  89h
-DB  080h; LimitHigh
+DB  00h ; LimitHigh
 DB  0   ; BaseHigh
 ExceptionTssSeg LABEL   QWORD
-DW  TSS_DESC_SIZE   ; LimitLow
+DW  TSS_DESC_SIZE - 1   ; LimitLow
 DW  0   ; BaseLow
 DB  0   ; BaseMid
 DB  89h
-DB  080h; LimitHigh
+DB  00h ; LimitHigh
 DB  0   ; BaseHigh
 
 CODE_SEL  = offset CodeSeg32 - offset NullSeg
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S
index 6dbcaa5..2ae6f2c 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.S
@@ -79,11 +79,11 @@ CodeSeg64:
 .byte 0 # BaseHigh
 # TSS Segment for X64 specially
 TssSeg:
-.word TSS_DESC_SIZE # LimitLow
+.word TSS_DESC_SIZE - 1 # LimitLow
 .word 0 # BaseLow
 .byte 0 # BaseMid
 .byte 0x89
-.byte 0xDB  # LimitHigh
+.byte 0x00  # LimitHigh
 .byte 0 # BaseHigh
 .long 0 # BaseUpper
 .long 0 # Reserved
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm
index 3d841c6..ab71645 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.asm
@@ -78,11 +78,11 @@ CodeSeg64   LABEL   QWORD
 DB  0   ; BaseHigh
 ; TSS Segment for X64 specially
 TssSeg  LABEL   QWORD
-DW  TSS_DESC_SIZE   ; LimitLow
+DW  TSS_DESC_SIZE - 1   ; LimitLow
 DW  0   ; BaseLow
 DB  0   ; BaseMid
 DB  89h
-DB  080h; LimitHigh
+DB  00h ; LimitHigh
 DB  0   ; BaseHigh
 DD  0   ; BaseUpper
 DD  0   ; Reserved
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] MdeModulePkg/PiSmmCore: Check InternalAllocPoolByIndex status before refer buffer.

2015-11-23 Thread jiewen yao 
Original code refers FreePoolHdr without check Status. It is obvious wrong and 
has risk.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zeng, Star 
Reviewed-by: Yao, Jiewen 
Cc: Fan, Jeff 
Cc: Kinney, Michael D 
---
 MdeModulePkg/Core/PiSmmCore/Pool.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c 
b/MdeModulePkg/Core/PiSmmCore/Pool.c
index 34dcc93..8b696d1 100644
--- a/MdeModulePkg/Core/PiSmmCore/Pool.c
+++ b/MdeModulePkg/Core/PiSmmCore/Pool.c
@@ -228,7 +228,9 @@ SmmInternalAllocatePool (
   }
 
   Status = InternalAllocPoolByIndex (PoolIndex, );
-  *Buffer = >Header + 1;
+  if (!EFI_ERROR(Status)) {
+*Buffer = >Header + 1;
+  }
   return Status;
 }
 
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] MdeModulePkg/PiSmmCore: Uninstall LoadedImage protocol if SMM driver returns error and is unloaded.

2015-11-23 Thread jiewen yao 
Original code does not uninstall LoadedImage protocol if SMM driver returns 
error and is unloaded.
It causes a wrong LoadedImage protocol existing in system.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Zeng, Star 
Cc: Fan, Jeff 
Cc: Kinney, Michael D 
---
 MdeModulePkg/Core/PiSmmCore/Dispatcher.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c 
b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
index 81e8a0d..cbaf549 100644
--- a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
+++ b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
@@ -881,6 +881,20 @@ SmmDispatcher (
   if (EFI_ERROR(Status)){
 UnregisterSmramProfileImage (DriverEntry, TRUE);
 SmmFreePages(DriverEntry->ImageBuffer, DriverEntry->NumberOfPage);
+//
+// Uninstall LoadedImage
+//
+Status = gBS->UninstallProtocolInterface (
+DriverEntry->ImageHandle,
+,
+DriverEntry->LoadedImage
+);
+if (!EFI_ERROR (Status)) {
+  if (DriverEntry->LoadedImage->FilePath != NULL) {
+gBS->FreePool (DriverEntry->LoadedImage->FilePath);
+  }
+  gBS->FreePool (DriverEntry->LoadedImage);
+}
   }
 
   REPORT_STATUS_CODE_WITH_EXTENDED_DATA (
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] EdkCompatibilityPkg/SmmBaseHelper: Install LoadedImage protocol for ECP SMM driver.

2015-11-23 Thread jiewen yao 
PiSmmCore installs LoadedImage for each SMM driver. However ECP SMM driver is 
missing.
Since SmmBaseHelper loads ECP SMM driver, we let SmmBaseHelper installs 
LoadedImage protocol for SMM driver.
So that the SMM image information is complete.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Zeng, Star 
Cc: Fan, Jeff 
Cc: Gao, Liming 
Cc: Kinney, Michael D 
---
 .../Compatibility/SmmBaseHelper/SmmBaseHelper.c| 56 --
 .../Compatibility/SmmBaseHelper/SmmBaseHelper.inf  |  3 ++
 2 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.c 
b/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.c
index 1d16449..4393143 100644
--- a/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.c
+++ b/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.c
@@ -43,6 +43,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /**
   Register SMM image to SMRAM profile.
@@ -682,10 +683,13 @@ LoadImage (
   OUT EFI_HANDLE*ImageHandle
   )
 {
-  EFI_STATUSStatus;
-  UINTN PageCount;
-  UINTN OrgPageCount;
-  EFI_PHYSICAL_ADDRESS  DstBuffer;
+  EFI_STATUS Status;
+  UINTN  PageCount;
+  UINTN  OrgPageCount;
+  EFI_PHYSICAL_ADDRESS   DstBuffer;
+  EFI_HANDLE SmmImageHandle;
+  EFI_LOADED_IMAGE_PROTOCOL  *SmmLoadedImage;
+  EFI_LOADED_IMAGE_PROTOCOL  *ParentLoadedImage;
 
   if (FilePath == NULL || ImageHandle == NULL) {
 return EFI_INVALID_PARAMETER;
@@ -730,10 +734,54 @@ LoadImage (
 mFrameworkSmst->NumberOfCpus  = mNumberOfProcessors;
 mFrameworkSmst->CurrentlyExecutingCpu = gSmst->CurrentlyExecutingCpu;
 
+Status = gBS->HandleProtocol (
+ParentImageHandle,
+,
+(VOID **) 
+);
+ASSERT_EFI_ERROR (Status);
+
+//
+// Allocate a Loaded Image Protocol in EfiBootServicesData
+//
+Status = gBS->AllocatePool (EfiBootServicesData, sizeof 
(EFI_LOADED_IMAGE_PROTOCOL), (VOID **));
+ASSERT_EFI_ERROR (Status);
+
+ZeroMem (SmmLoadedImage, sizeof (EFI_LOADED_IMAGE_PROTOCOL));
+//
+// Fill in the remaining fields of the Loaded Image Protocol instance.
+// Note: ImageBase is an SMRAM address that can not be accessed outside of 
SMRAM if SMRAM window is closed.
+//
+SmmLoadedImage->Revision  = EFI_LOADED_IMAGE_PROTOCOL_REVISION;
+SmmLoadedImage->ParentHandle  = ParentImageHandle;
+SmmLoadedImage->SystemTable   = gST;
+SmmLoadedImage->DeviceHandle  = ParentLoadedImage->DeviceHandle;
+ 
+SmmLoadedImage->ImageBase = (VOID *)(UINTN)DstBuffer;
+SmmLoadedImage->ImageSize = EFI_PAGES_TO_SIZE(PageCount);
+SmmLoadedImage->ImageCodeType = EfiRuntimeServicesCode;
+SmmLoadedImage->ImageDataType = EfiRuntimeServicesData;
+
+//
+// Create a new image handle in the UEFI handle database for the SMM Driver
+//
+SmmImageHandle = NULL;
+Status = gBS->InstallMultipleProtocolInterfaces (
+,
+, SmmLoadedImage,
+NULL
+);
+ASSERT_EFI_ERROR (Status);
+
 RegisterSmramProfileImage (FilePath, DstBuffer, PageCount);
 Status = gBS->StartImage (*ImageHandle, NULL, NULL);
 if (EFI_ERROR (Status)) {
   UnregisterSmramProfileImage (FilePath, DstBuffer, PageCount);
+  gBS->UninstallProtocolInterface (
+ SmmImageHandle,
+ ,
+ SmmLoadedImage
+ );
   mLoadPe32Image->UnLoadPeImage (mLoadPe32Image, *ImageHandle);
   *ImageHandle = NULL;
   FreePages ((VOID *)(UINTN)DstBuffer, PageCount);
diff --git a/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.inf 
b/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.inf
index 8e967dc..256b4cc 100644
--- a/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.inf
+++ b/EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.inf
@@ -77,6 +77,9 @@
   gEfiSmmReadyToLockProtocolGuid # PROTOCOL ALWAYS_CONSUMED
   gEfiSmmAccess2ProtocolGuid # PROTOCOL ALWAYS_CONSUMED
   gEfiSmmCommunicationProtocolGuid
+  ## PRODUCES
+  ## CONSUMES
+  gEfiLoadedImageProtocolGuid
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Eliminate EFI_IMAGE_MACHINE_TYPE_SUPPORTED(EFI_IMAGE_MACHINE_X64).

2015-11-23 Thread jiewen yao 
Move Gdt initialization from InitializeMpServiceData() to CPU Arch specific 
function.
We create SmmFuncsArch.c for hold CPU specific function, so that
EFI_IMAGE_MACHINE_TYPE_SUPPORTED(EFI_IMAGE_MACHINE_X64) can be removed.

For IA32 version, we always allocate new page for GDT entry, for easy 
maintenance.
For X64 version, we fixed TssBase in GDT entry to make sure TSS data is correct.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Fan, Jeff 
Cc: Kinney, Michael D 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 96 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 82 ++-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h| 15 +
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf  |  2 +
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c  | 70 +++
 5 files changed, 187 insertions(+), 78 deletions(-)
 create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
 create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
new file mode 100644
index 000..545b534
--- /dev/null
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
@@ -0,0 +1,96 @@
+/** @file
+  SMM CPU misc functions for Ia32 arch specific.
+  
+Copyright (c) 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD 
License
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "PiSmmCpuDxeSmm.h"
+
+/**
+  Initialize Gdt for all processors.
+  
+  @param[in]   Cr3  CR3 value.
+  @param[out]  GdtStepSize  The step size for GDT table.
+
+  @return GdtBase for processor 0.
+  GdtBase for processor X is: GdtBase + (GdtStepSize * X)
+**/
+VOID *
+InitGdt (
+  IN  UINTN  Cr3,
+  OUT UINTN  *GdtStepSize
+  )
+{
+  UINTN Index;
+  IA32_SEGMENT_DESCRIPTOR   *GdtDescriptor;
+  UINTN TssBase;
+  UINTN GdtTssTableSize;
+  UINT8 *GdtTssTables;
+  UINTN GdtTableStepSize;
+
+  if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
+//
+// For IA32 SMM, if SMM Stack Guard feature is enabled, we use 2 TSS.
+// in this case, we allocate separate GDT/TSS for each CPUs to avoid TSS 
load contention
+// on each SMI entry.
+//
+
+//
+// Enlarge GDT to contain 2 TSS descriptors
+//
+gcSmiGdtr.Limit += (UINT16)(2 * sizeof (IA32_SEGMENT_DESCRIPTOR));
+
+GdtTssTableSize = (gcSmiGdtr.Limit + 1 + TSS_SIZE * 2 + 7) & ~7; // 8 
bytes aligned
+GdtTssTables = (UINT8*)AllocatePages (EFI_SIZE_TO_PAGES (GdtTssTableSize * 
gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus));
+ASSERT (GdtTssTables != NULL);
+GdtTableStepSize = GdtTssTableSize;
+
+for (Index = 0; Index < gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus; 
Index++) {
+  CopyMem (GdtTssTables + GdtTableStepSize * Index, 
(VOID*)(UINTN)gcSmiGdtr.Base, gcSmiGdtr.Limit + 1 + TSS_SIZE * 2);
+  //
+  // Fixup TSS descriptors
+  //
+  TssBase = (UINTN)(GdtTssTables + GdtTableStepSize * Index + 
gcSmiGdtr.Limit + 1);
+  GdtDescriptor = (IA32_SEGMENT_DESCRIPTOR *)(TssBase) - 2;
+  GdtDescriptor->Bits.BaseLow = (UINT16)TssBase;
+  GdtDescriptor->Bits.BaseMid = (UINT8)(TssBase >> 16);
+  GdtDescriptor->Bits.BaseHigh = (UINT8)(TssBase >> 24);
+
+  TssBase += TSS_SIZE;
+  GdtDescriptor++;
+  GdtDescriptor->Bits.BaseLow = (UINT16)TssBase;
+  GdtDescriptor->Bits.BaseMid = (UINT8)(TssBase >> 16);
+  GdtDescriptor->Bits.BaseHigh = (UINT8)(TssBase >> 24);
+  //
+  // Fixup TSS segments
+  //
+  // ESP as known good stack
+  //
+  *(UINTN *)(TssBase + TSS_IA32_ESP_OFFSET) =  mSmmStackArrayBase + 
EFI_PAGE_SIZE + Index * mSmmStackSize;
+  *(UINT32 *)(TssBase + TSS_IA32_CR3_OFFSET) = Cr3;
+}
+  } else {
+//
+// Just use original table, AllocatePage and copy them here to make sure 
GDTs are covered in page memory.
+//
+GdtTssTableSize = gcSmiGdtr.Limit + 1;
+GdtTssTables = (UINT8*)AllocatePages (EFI_SIZE_TO_PAGES (GdtTssTableSize * 
gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus));
+ASSERT (GdtTssTables != NULL);
+GdtTableStepSize = GdtTssTableSize;
+
+for (Index = 0; Index < gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus; 
Index++) {
+  CopyMem (GdtTssTables + GdtTableStepSize * Index, 
(VOID*)(UINTN)gcSmiGdtr.Base, gcSmiGdtr.Limit + 1);
+}
+  }
+
+  *GdtStepSize = GdtTableStepSize;
+  return GdtTssTables;
+}
diff

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move RestoreSmmConfigurationInS3 from BSPHandler() to PerformRemainingTasks().

2015-11-23 Thread jiewen yao 
In this way, we can centralize the silicon configuration in 
PerformRemainingTasks() function.
If there are more features need to be configured, they can put in 
PerformRemainingTasks() only.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Fan, Jeff 
Cc: Kinney, Michael D 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  | 11 ---
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 11 +++
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 730c32d..d9c5ae4 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -412,17 +412,6 @@ BSPHandler (
   AcquireSpinLockOrFail (>CpuData[CpuIndex].Busy);
 
   //
-  // Restore SMM Configuration in S3 boot path.
-  //
-  if (mRestoreSmmConfigurationInS3) {
-//
-// Configure SMM Code Access Check feature if available.
-//
-ConfigSmmCodeAccessCheck ();
-mRestoreSmmConfigurationInS3 = FALSE;
-  }
-
-  //
   // Invoke SMM Foundation EntryPoint with the processor information context.
   //
   gSmmCpuPrivate->SmmCoreEntry (>SmmCoreEntryContext);
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
index de681c0..e5cbdbd 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -1443,4 +1443,15 @@ PerformRemainingTasks (
 //
 mSmmReadyToLock = FALSE;
   }
+
+  //
+  // Restore SMM Configuration in S3 boot path.
+  //
+  if (mRestoreSmmConfigurationInS3) {
+//
+// Configure SMM Code Access Check feature if available.
+//
+ConfigSmmCodeAccessCheck ();
+mRestoreSmmConfigurationInS3 = FALSE;
+  }
 }
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Remove TSS fixup in GDT.

2015-11-23 Thread jiewen yao 
The TSS is already fixed in PiSmmCpuDxeSmm/X64/SmmFuncsArch.c, InitGdt().
There is no need to fix it again.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao, Jiewen 
Cc: Fan, Jeff 
Cc: Kinney, Michael D 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S   | 8 
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm | 8 
 2 files changed, 16 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
index 8315593..95e6dfa 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S
@@ -128,14 +128,6 @@ ASM_PFX(gSmiCr3):.space  4
 sgdt(%rsp)
 movl2(%rsp), %eax   # eax = GDT base
 addl$8, %esp
-movl%eax, %edx
-addl$GDT_SIZE, %edx
-movb%dl, (TSS_SEGMENT + 2)(%rax)
-movb%dh, (TSS_SEGMENT + 3)(%rax)
-.byte   0xc1, 0xea, 0x10 # shr edx, 16
-movb%dl, (TSS_SEGMENT + 4)(%rax)
-movb%dh, (TSS_SEGMENT + 7)(%rax)
-movl%eax, %edx
 movb$0x89, %dl
 movb%dl, (TSS_SEGMENT + 5)(%rax) # clear busy flag
 movl$TSS_SEGMENT, %eax
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
index c556bf5..4d53db5 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm
@@ -124,14 +124,6 @@ gSmiCr3 DD  ?
 sgdtfword ptr [rsp]
 mov eax, [rsp + 2]  ; eax = GDT base
 add esp, 8
-mov edx, eax
-add edx, GDT_SIZE
-mov [rax + TSS_SEGMENT + 2], dl
-mov [rax + TSS_SEGMENT + 3], dh
-DB  0c1h, 0eah, 10h ; shr edx, 16
-mov [rax + TSS_SEGMENT + 4], dl
-mov [rax + TSS_SEGMENT + 7], dh
-mov edx, eax
 mov dl, 89h
 mov [rax + TSS_SEGMENT + 5], dl ; clear busy flag
 mov eax, TSS_SEGMENT
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move RestoreSmmConfigurationInS3 function to PerformPreTasks().

2015-11-24 Thread jiewen yao 
In this way, we can centralize the silicon configuration in
 PerformRemainingTasks()/PerformPreTasks() function.
If there are more features need to be configured, they can put in
 PerformRemainingTasks()/PerformPreTasks() only.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
Cc: "Laszlo Ersek" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c  | 10 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 22 ++
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h |  9 +
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 730c32d..d20aa27 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -412,15 +412,9 @@ BSPHandler (
   AcquireSpinLockOrFail (>CpuData[CpuIndex].Busy);
 
   //
-  // Restore SMM Configuration in S3 boot path.
+  // Perform the pre tasks
   //
-  if (mRestoreSmmConfigurationInS3) {
-//
-// Configure SMM Code Access Check feature if available.
-//
-ConfigSmmCodeAccessCheck ();
-mRestoreSmmConfigurationInS3 = FALSE;
-  }
+  PerformPreTasks ();
 
   //
   // Invoke SMM Foundation EntryPoint with the processor information context.
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
index 532ac09..2489848 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -1437,3 +1437,25 @@ PerformRemainingTasks (
 mSmmReadyToLock = FALSE;
   }
 }
+
+/**
+  Perform the pre tasks.
+
+**/
+VOID
+PerformPreTasks (
+  VOID
+  )
+{
+  //
+  // Restore SMM Configuration in S3 boot path.
+  //
+  if (mRestoreSmmConfigurationInS3) {
+//
+// Configure SMM Code Access Check feature if available.
+//
+ConfigSmmCodeAccessCheck ();
+
+mRestoreSmmConfigurationInS3 = FALSE;
+  }
+}
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h 
b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index cfbf2ca..96d55c0 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -572,6 +572,15 @@ PerformRemainingTasks (
   );
 
 /**
+  Perform the pre tasks.
+
+**/
+VOID
+PerformPreTasks (
+  VOID
+  );
+
+/**
   Initialize MSR spin lock by MSR index.
 
   @param  MsrIndex   MSR index value.
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move SmmDebug from ASM to C.

2015-11-24 Thread jiewen yao 
SmmDebug feature is implemented in ASM, which is not easy to maintain.
SO we move it to C function.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S   | 44 ++---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm | 48 ---
 UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c   | 59 +
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.S| 39 +++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.asm  | 47 ---
 5 files changed, 114 insertions(+), 123 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
index 6fcf41a..fbaa072 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.S
@@ -24,7 +24,6 @@ ASM_GLOBAL  ASM_PFX(gcSmiHandlerSize)
 ASM_GLOBAL  ASM_PFX(gSmiCr3)
 ASM_GLOBAL  ASM_PFX(gSmiStack)
 ASM_GLOBAL  ASM_PFX(gSmbase)
-ASM_GLOBAL  ASM_PFX(FeaturePcdGet (PcdCpuSmmDebug))
 ASM_GLOBAL  ASM_PFX(FeaturePcdGet (PcdCpuSmmStackGuard))
 ASM_GLOBAL  ASM_PFX(gSmiHandlerIdtr)
 
@@ -148,43 +147,22 @@ L5:
 #   jmp _SmiHandler # instruction is not needed
 
 _SmiHandler:
-cmpb$0, ASM_PFX(FeaturePcdGet (PcdCpuSmmDebug))
-jz  L3
-
-L6:
-callL1
-L1:
-popl%ebp
-movl$0x8001, %eax
-cpuid
-btl $29, %edx   # check cpuid to identify X64 or IA32
-leal(0x7fc8 - (L1 - _SmiEntryPoint))(%ebp), %edi
-leal4(%edi), %esi
-jnc L2
-addl$4, %esi
-L2:
-movl(%esi), %ecx
-movl(%edi), %edx
-L7:
-movl%ecx, %dr6
-movl%edx, %dr7  # restore DR6 & DR7 before running C 
code
-L3:
-
-pushl   (%esp)
+movl(%esp), %ebx
 
+pushl   %ebx
+movl$ASM_PFX(CpuSmmDebugEntry), %eax
+call*%eax
+popl%ecx
+
+pushl   %ebx
 movl$ASM_PFX(SmiRendezvous), %eax
 call*%eax
 popl%ecx
 
-
-cmpb$0, ASM_PFX(FeaturePcdGet (PcdCpuSmmDebug))
-jz  L4
-
-movl%dr6, %ecx
-movl%dr7, %edx
-movl%ecx, (%esi)
-movl%edx, (%edi)
-L4:
+pushl   %ebx
+movl$ASM_PFX(CpuSmmDebugExit), %eax
+call*%eax
+popl%ecx
 
 rsm
 
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm 
b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
index b628fe8..8a12927 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.asm
@@ -34,14 +34,15 @@ PROTECT_MODE_CS EQU   08h
 PROTECT_MODE_DS EQU   20h
 TSS_SEGMENT EQU   40h
 
-SmiRendezvous   PROTO   C
+SmiRendezvous  PROTO   C
+CpuSmmDebugEntry   PROTO   C
+CpuSmmDebugExitPROTO   C
 
 EXTERNDEF   gcSmiHandlerTemplate:BYTE
 EXTERNDEF   gcSmiHandlerSize:WORD
 EXTERNDEF   gSmiCr3:DWORD
 EXTERNDEF   gSmiStack:DWORD
 EXTERNDEF   gSmbase:DWORD
-EXTERNDEF   FeaturePcdGet (PcdCpuSmmDebug):BYTE
 EXTERNDEF   FeaturePcdGet (PcdCpuSmmStackGuard):BYTE
 EXTERNDEF   gSmiHandlerIdtr:FWORD
 
@@ -151,40 +152,23 @@ gSmiCr3 DD  ?
 ;   jmp _SmiHandler ; instruction is not needed
 
 _SmiHandler PROC
-cmp FeaturePcdGet (PcdCpuSmmDebug), 0
-jz  @3
-call@1
-@1:
-pop ebp
-mov eax, 8001h
-cpuid
-bt  edx, 29 ; check cpuid to identify X64 or IA32
-lea edi, [ebp - (@1 - _SmiEntryPoint) + 7fc8h]
-lea esi, [edi + 4]
-jnc @2
-add esi, 4
-@2:
-mov ecx, [esi]
-mov edx, [edi]
-@5:
-mov dr6, ecx
-mov dr7, edx; restore DR6 & DR7 before running C 
code
-@3:
-mov ecx, [esp]  ; CPU Index
-
-pushecx
-mov eax, SmiRendezvous
+mov ebx, [esp]  ; CPU Index
+
+pushebx
+mov eax, CpuSmmDebugEntry
 calleax
 pop ecx
 
-cmp FeaturePcdGet (PcdCpuSmmDebug), 0
-jz  @4
+pushebx
+mov eax, SmiRendezvous
+calleax
+pop ecx
+
+pushebx
+mov eax, CpuSmmDebugExit
+calleax
+pop ecx
 
-mov ecx, dr6
-mov edx, dr7
-mov [esi], ecx
-mov [edi], edx
-@4:
 rsm
 _SmiHandler ENDP
 
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index d20aa27..8a77280 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -941,6 +941,65 @@ SmmStartupThisAp (
 }
 
 /**
+  This funciton sets DR6 & DR7 according to SMM save state, before running SMM 
C code.
+  They are useful when you want to enable hardware breakpoints in SMM without 
entry SMM mode.
+
+  NOTE: It might not be appreciated in runtime since it might
+conflict with OS

[edk2] [patch] MdeModulePkg/PiSmmIpl: Move CommunicationBuffer from stack to global variable.

2015-11-24 Thread jiewen yao 
We had put communication buffer to Runtime memory,
so that SMI handler can know it is not used by OS.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zeng, Star" 
Cc: "Fan, Jeff" 
Cc: "Kinney, Michael D" 
---
 MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c | 26 +-
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c 
b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
index c534ee3..50c3b34 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
@@ -246,6 +246,8 @@ BOOLEANmSmmLocked = FALSE;
 EFI_PHYSICAL_ADDRESS   mSmramCacheBase;
 UINT64 mSmramCacheSize;
 
+EFI_SMM_COMMUNICATE_HEADER mCommunicateHeader;
+
 //
 // Table of Protocol notification and GUIDed Event notifications that the SMM 
IPL requires
 //
@@ -538,21 +540,20 @@ SmmIplGuidedEventNotify (
   IN VOID   *Context
   )
 {
-  EFI_SMM_COMMUNICATE_HEADER  CommunicateHeader;
   UINTN   Size;
 
   //
   // Use Guid to initialize EFI_SMM_COMMUNICATE_HEADER structure 
   //
-  CopyGuid (, (EFI_GUID *)Context);
-  CommunicateHeader.MessageLength = 1;
-  CommunicateHeader.Data[0] = 0;
+  CopyGuid (, (EFI_GUID *)Context);
+  mCommunicateHeader.MessageLength = 1;
+  mCommunicateHeader.Data[0] = 0;
 
   //
   // Generate the Software SMI and return the result
   //
-  Size = sizeof (CommunicateHeader);
-  SmmCommunicationCommunicate (, , );
+  Size = sizeof (mCommunicateHeader);
+  SmmCommunicationCommunicate (, , );
 }
 
 /**
@@ -569,7 +570,6 @@ SmmIplDxeDispatchEventNotify (
   IN VOID   *Context
   )
 {
-  EFI_SMM_COMMUNICATE_HEADER  CommunicateHeader;
   UINTN   Size;
   EFI_STATUS  Status;
 
@@ -582,20 +582,20 @@ SmmIplDxeDispatchEventNotify (
 // Clear the buffer passed into the Software SMI.  This buffer will return
 // the status of the SMM Core Dispatcher.
 //
-CopyGuid (, (EFI_GUID *)Context);
-CommunicateHeader.MessageLength = 1;
-CommunicateHeader.Data[0] = 0;
+CopyGuid (, (EFI_GUID *)Context);
+mCommunicateHeader.MessageLength = 1;
+mCommunicateHeader.Data[0] = 0;
 
 //
 // Generate the Software SMI and return the result
 //
-Size = sizeof (CommunicateHeader);
-SmmCommunicationCommunicate (, , 
);
+Size = sizeof (mCommunicateHeader);
+SmmCommunicationCommunicate (, , 
);
 
 //
 // Return if there is no request to restart the SMM Core Dispatcher
 //
-if (CommunicateHeader.Data[0] != COMM_BUFFER_SMM_DISPATCH_RESTART) {
+if (mCommunicateHeader.Data[0] != COMM_BUFFER_SMM_DISPATCH_RESTART) {
   return;
 }
   
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH] InterFsp2Pkg:Tool: Add user manual for SplitFspBin tool.

2016-06-14 Thread Jiewen Yao 
Besides Split FSP binary, we added some more feature to SplitFspBin tool.
Here we add user manual for it to describe all usage.

Cc: Giri P Mudusuru <giri.p.mudus...@intel.com>
Cc: Maurice Ma <maurice...@intel.com>
Cc: Satya P Yarlagadda <satya.p.yarlaga...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen@intel.com>
---
 .../Tools/UserManuals/SplitFspBinUserManual.md | 69 ++
 1 file changed, 69 insertions(+)
 create mode 100644 IntelFsp2Pkg/Tools/UserManuals/SplitFspBinUserManual.md

diff --git a/IntelFsp2Pkg/Tools/UserManuals/SplitFspBinUserManual.md 
b/IntelFsp2Pkg/Tools/UserManuals/SplitFspBinUserManual.md
new file mode 100644
index 000..064e0ac
--- /dev/null
+++ b/IntelFsp2Pkg/Tools/UserManuals/SplitFspBinUserManual.md
@@ -0,0 +1,69 @@
+# SplitFspBin.py is a python script to support some operations on Intel FSP 
2.0 image.
+
+It supports:
+
+- Split Intel FSP 2.0 image into individual FSP-T/M/S/O component
+
+- Rebase Intel FSP 2.0 components to different base addresses
+
+- Generate Intel FSP 2.0 C header file
+
+- Display Intel FSP 2.0 information header for each FSP component
+
+## Split Intel FSP 2.0 image
+
+To split individual FSP component in Intel FSP 2.0 image, the following
+command can be used:
+
+   **python SplitFspBin.py split [-h] -f FSPBINARY [-o OUTPUTDIR] [-n 
NAMETEMPLATE]**
+
+For example:  
+
+   `python SplitFspBin.py split -f FSP.bin`
+
+   It will create FSP_T.bin, FSP_M.bin and FSP_S.bin in current directory.
+
+## Rebase Intel FSP 2.0 components
+
+To rebase one or multiple FSP components in Intel FSP 2.0 image, the following
+command can be used:
+
+   **python SplitFspBin.py rebase [-h] -f FSPBINARY -c {t,m,s,o} [{t,m,s,o} 
...] -b FSPBASE [FSPBASE ...] [-o OUTPUTDIR] [-n OUTPUTFILE]**
+
+For example:  
+
+   `python SplitFspBin.py rebase -f FSP.bin –c t –b 0xFFF0 –n FSP_new.bin`
+
+   It will rebase FSP-T component inside FSP.bin to new base 0xFFF0 and 
save the
+   rebased Intel FSP 2.0 image into file FSP_new.bin.
+
+   `python SplitFspBin.py rebase -f FSP.bin –c t m –b 0xFFF0 0xFEF8 –n 
FSP_new.bin`
+
+   It will rebase FSP-T and FSP-M components inside FSP.bin to new base 
0xFFF0
+   and 0xFEF8 respectively, and save the rebased Intel FSP 2.0 image into 
file 
+   FSP_new.bin file.
+
+## Generate Intel FSP 2.0 C header file
+
+To generate Intel FSP 2.0 C header file, the following command can be used:
+
+   **Python SplitFspBin.py genhdr [-h] -f FSPBINARY [-o OUTPUTDIR] [-n 
HFILENAME]**
+
+For example:  
+
+   `python SplitFspBin.py genhdr -f FSP.bin –n FSP.h`
+
+   It will create the C header file FSP.h containing the image ID, revision, 
offset
+   and size for each individual FSP component.
+
+## Display Intel FSP 2.0 information header
+
+To display Intel FSP 2.0 information headers, the following command can be 
used:
+
+   **Python SplitFspBin.py info [-h] -f FSPBINARY**
+
+For example:  
+
+   `python SplitFspBin.py info -f FSP.bin`
+
+   It will print out the FSP information header for each FSP component.
-- 
2.7.4.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH 0/2] Add IntelSiliconPkg

2016-05-31 Thread Jiewen Yao 
This series patch adds the initial version of IntelSiliconPkg
and an include file.

We will use IntelSiliconPkg for open source common Intel silicon
related modules.


Jiewen Yao (2):
  IntelSiliconPkg: Add initial version.
  IntelSiliconPkg/IgdOpRegion: Add definition for Intel IGD OpRegion.

 IntelSiliconPkg/Contributions.txt  | 218 

 IntelSiliconPkg/Include/IndustryStandard/IgdOpRegion.h | 119 +++
 IntelSiliconPkg/IntelSiliconPkg.dec|  24 +++
 IntelSiliconPkg/License.txt|  25 +++
 4 files changed, 386 insertions(+)
 create mode 100644 IntelSiliconPkg/Contributions.txt
 create mode 100644 IntelSiliconPkg/Include/IndustryStandard/IgdOpRegion.h
 create mode 100644 IntelSiliconPkg/IntelSiliconPkg.dec
 create mode 100644 IntelSiliconPkg/License.txt

-- 
2.7.4.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH 1/2] IntelSiliconPkg: Add initial version.

2016-05-31 Thread Jiewen Yao 
This package will include open source common Intel silicon related modules.

Cc: Giri P Mudusuru <giri.p.mudus...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen@intel.com>
---
 IntelSiliconPkg/Contributions.txt   | 218 
 IntelSiliconPkg/IntelSiliconPkg.dec |  24 +++
 IntelSiliconPkg/License.txt |  25 +++
 3 files changed, 267 insertions(+)

diff --git a/IntelSiliconPkg/Contributions.txt 
b/IntelSiliconPkg/Contributions.txt
new file mode 100644
index 000..f87cbd7
--- /dev/null
+++ b/IntelSiliconPkg/Contributions.txt
@@ -0,0 +1,218 @@
+
+==
+= Code Contributions =
+==
+
+To make a contribution to a TianoCore project, follow these steps.
+1. Create a change description in the format specified below to
+   use in the source control commit log.
+2. Your commit message must include your "Signed-off-by" signature,
+   and "Contributed-under" message.
+3. Your "Contributed-under" message explicitly states that the
+   contribution is made under the terms of the specified
+   contribution agreement.  Your "Contributed-under" message
+   must include the name of contribution agreement and version.
+   For example: Contributed-under: TianoCore Contribution Agreement 1.0
+   The "TianoCore Contribution Agreement" is included below in
+   this document.
+4. Submit your code to the TianoCore project using the process
+   that the project documents on its web page.  If the process is
+   not documented, then submit the code on development email list
+   for the project.
+5. It is preferred that contributions are submitted using the same
+   copyright license as the base project. When that is not possible,
+   then contributions using the following licenses can be accepted:
+   * BSD (2-clause): http://opensource.org/licenses/BSD-2-Clause
+   * BSD (3-clause): http://opensource.org/licenses/BSD-3-Clause
+   * MIT: http://opensource.org/licenses/MIT
+   * Python-2.0: http://opensource.org/licenses/Python-2.0
+   * Zlib: http://opensource.org/licenses/Zlib
+
+   Contributions of code put into the public domain can also be
+   accepted.
+
+   Contributions using other licenses might be accepted, but further
+   review will be required.
+
+=
+= Change Description / Commit Message / Patch Email =
+=
+
+Your change description should use the standard format for a
+commit message, and must include your "Signed-off-by" signature
+and the "Contributed-under" message.
+
+== Sample Change Description / Commit Message =
+
+=== Start of sample patch email message ===
+
+From: Contributor Name <contribu...@example.com>
+Subject: [PATCH] CodeModule: Brief-single-line-summary
+
+Full-commit-message
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Contributor Name <contribu...@example.com>
+---
+
+An extra message for the patch email which will not be considered part
+of the commit message can be added here.
+
+Patch content inline or attached
+
+=== End of sample patch email message ===
+
+=== Notes for sample patch email ===
+
+* The first line of commit message is taken from the email's subject
+  line following [PATCH]. The remaining portion of the commit message
+  is the email's content until the '---' line.
+* git format-patch is one way to create this format
+
+=== Definitions for sample patch email ===
+
+* "CodeModule" is a short idenfier for the affected code.  For
+  example MdePkg, or MdeModulePkg UsbBusDxe.
+* "Brief-single-line-summary" is a short summary of the change.
+* The entire first line should be less than ~70 characters.
+* "Full-commit-message" a verbose multiple line comment describing
+  the change.  Each line should be less than ~70 characters.
+* "Contributed-under" explicitely states that the contribution is
+  made under the terms of the contribtion agreement.  This
+  agreement is included below in this document.
+* "Signed-off-by" is the contributor's signature identifying them
+  by their real/legal name and their email address.
+
+
+= TianoCore Contribution Agreement 1.0 =
+
+
+INTEL CORPORATION ("INTEL") MAKES AVAILABLE SOFTWARE, DOCUMENTATION,
+INFORMATION AND/OR OTHER MATERIALS FOR USE IN THE TIANOCORE OPEN SOURCE
+PROJECT (COLLECTIVELY "CONTENT"). USE OF THE CONTENT IS GOVERNED BY THE
+TERMS AND CONDITIONS OF THIS AGREEMENT BETWEEN YOU AND INTEL AND/OR THE
+TERMS AND CONDITIONS OF LICENSE AGREEMENTS OR NOTICES INDICATED OR
+REFERENCED BELOW. BY USING THE CONTENT, YOU AGREE THAT YOUR USE OF THE
+CONTENT IS GOVERNED BY THIS AGREEMENT AND/OR THE TERMS AND CONDITIONS
+OF ANY APPLICABLE LICENSE AGREEMENTS

[edk2] [PATCH 2/2] IntelSiliconPkg/IgdOpRegion: Add definition for Intel IGD OpRegion.

2016-05-31 Thread Jiewen Yao 
Add IGD OpRegion definition from Intel Integrated Graphics Device OpRegion
Specification.
at https://01.org/sites/default/files/documentation/acpi_igd_opregion_spec_0.pdf

Cc: Giri P Mudusuru <giri.p.mudus...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen@intel.com>
---
 IntelSiliconPkg/Include/IndustryStandard/IgdOpRegion.h | 119 

 1 file changed, 119 insertions(+)

diff --git a/IntelSiliconPkg/Include/IndustryStandard/IgdOpRegion.h 
b/IntelSiliconPkg/Include/IndustryStandard/IgdOpRegion.h
new file mode 100644
index 000..0e2fc79
--- /dev/null
+++ b/IntelSiliconPkg/Include/IndustryStandard/IgdOpRegion.h
@@ -0,0 +1,119 @@
+/** @file
+  IGD OpRegion definition from Intel Integrated Graphics Device OpRegion
+  Specification.
+
+  https://01.org/sites/default/files/documentation/acpi_igd_opregion_spec_0.pdf
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD 
License
+  which accompanies this distribution.  The full text of the license may be 
found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#ifndef _IGD_OPREGION_H_
+#define _IGD_OPREGION_H_
+
+/**
+ OpRegion structures:
+ Sub-structures define the different parts of the OpRegion followed by the
+ main structure representing the entire OpRegion.
+
+ Note: These structures are packed to 1 byte offsets because the exact
+ data location is requred by the supporting design specification due to
+ the fact that the data is used by ASL and Graphics driver code compiled
+ separatly.
+**/
+#pragma pack(1)
+///
+/// OpRegion header (mailbox 0) structure and defines.
+///
+typedef struct {
+  CHAR8   SIGN[0x10]; ///< Offset 0OpRegion Signature
+  UINT32  SIZE;   ///< Offset 16   OpRegion Size
+  UINT32  OVER;   ///< Offset 20   OpRegion Structure Version
+  UINT8   SVER[0x20]; ///< Offset 24   System BIOS Build Version
+  UINT8   VVER[0x10]; ///< Offset 56   Video BIOS Build Version
+  UINT8   GVER[0x10]; ///< Offset 72   Graphic Driver Build Version
+  UINT32  MBOX;   ///< Offset 88   Supported Mailboxes
+  UINT32  DMOD;   ///< Offset 92   Driver Model
+  UINT8   RSV1[0xA0]; ///< Offset 96   Reserved
+} INTEL_IGD_OPREGION_HEADER;
+
+///
+/// OpRegion mailbox 1 (public ACPI Methods).
+///
+typedef struct {
+  UINT32  DRDY;   ///< Offset 0Driver Readiness
+  UINT32  CSTS;   ///< Offset 4Status
+  UINT32  CEVT;   ///< Offset 8Current Event
+  UINT8   RSV2[0x14]; ///< Offset 12   Reserved
+  UINT32  DIDL[8];///< Offset 32   Supported Display Devices ID List
+  UINT32  CPDL[8];///< Offset 64   Currently Attached Display Devices List
+  UINT32  CADL[8];///< Offset 96   Currently Active Display Devices List
+  UINT32  NADL[8];///< Offset 128  Next Active Devices List
+  UINT32  ASLP;   ///< Offset 160  ASL Sleep Time Out
+  UINT32  TIDX;   ///< Offset 164  Toggle Table Index
+  UINT32  CHPD;   ///< Offset 168  Current Hotplug Enable Indicator
+  UINT32  CLID;   ///< Offset 172  Current Lid State Indicator
+  UINT32  CDCK;   ///< Offset 176  Current Docking State Indicator
+  UINT32  SXSW;   ///< Offset 180  Display Switch Notification on Sx State 
Resume
+  UINT32  EVTS;   ///< Offset 184  Events supported by ASL
+  UINT32  CNOT;   ///< Offset 188  Current OS Notification
+  UINT32  NRDY;   ///< Offset 192  Driver Status
+  UINT8   RSV3[0x3C]; ///< Offset 196  Reserved
+} INTEL_IGD_OPREGION_MBOX1;
+
+///
+/// OpRegion mailbox 2 (Software SCI Interface).
+///
+typedef struct {
+  UINT32  SCIC;   ///< Offset 0Software SCI Command / Status / Data
+  UINT32  PARM;   ///< Offset 4Software SCI Parameters
+  UINT32  DSLP;   ///< Offset 8Driver Sleep Time Out
+  UINT8   RSV4[0xF4]; ///< Offset 12   Reserved
+} INTEL_IGD_OPREGION_MBOX2;
+
+///
+/// OpRegion mailbox 3 (BIOS/Driver Communication - ASLE Support).
+///
+typedef struct {
+  UINT32  ARDY;   ///< Offset 0Driver Readiness
+  UINT32  ASLC;   ///< Offset 4ASLE Interrupt Command / Status
+  UINT32  TCHE;   ///< Offset 8Technology Enabled Indicator
+  UINT32  ALSI;   ///< Offset 12   Current ALS Luminance Reading
+  UINT32  BCLP;   ///< Offset 16   Requested Backlight Britness
+  UINT32  PFIT;   ///< Offset 20   Panel Fitting State or Request
+  UINT32  CBLV;   ///< Offset 24   Current Brightness Level
+  UINT16  BCLM[0x14]; ///< Offset 28   Backlight Brightness Levels Duty Cycle 
Mapping Table
+  UINT32  CPFM;   ///< Offset 68   Current Pane

[edk2] [PATCH] MdePkg/Hsti: Fix a memory allocation check issue.

2016-06-02 Thread Jiewen Yao 
Cc: Liming Gao <liming@intel.com>
Cc: Amy Chan <amy.c...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen@intel.com>
---
 MdePkg/Library/DxeHstiLib/HstiDxe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdePkg/Library/DxeHstiLib/HstiDxe.c 
b/MdePkg/Library/DxeHstiLib/HstiDxe.c
index 114a767..c032a98 100644
--- a/MdePkg/Library/DxeHstiLib/HstiDxe.c
+++ b/MdePkg/Library/DxeHstiLib/HstiDxe.c
@@ -297,7 +297,7 @@ HstiLibSetTable (
 return EFI_OUT_OF_RESOURCES;
   }
   HstiAip->Hsti = AllocateCopyPool (HstiSize, Hsti);
-  if (HstiAip == NULL) {
+  if (HstiAip->Hsti == NULL) {
 FreePool (HstiAip);
 return EFI_OUT_OF_RESOURCES;
   }
-- 
2.7.4.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH] MdePkg/BaseLib: Add 2 more safe string functions.

2016-06-02 Thread Jiewen Yao 
Add UnicodeStrToAsciiStrS() and AsciiStrToUnicodeStrS() API.
These 2 safe version APIs are used to replace UnicodeStrToAsciiStr() and
AsciiStrToUnicodeStr() API.

The safe version string convert APIs use similar check as StrCpyS().

Cc: Liming Gao <liming@intel.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen@intel.com>
---
 MdePkg/Include/Library/BaseLib.h|  94 -
 MdePkg/Library/BaseLib/SafeString.c | 196 +++-
 2 files changed, 288 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 6f6bd85..c58f9aa 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -2,7 +2,7 @@
   Provides string functions, linked list functions, math functions, 
synchronization
   functions, file path functions, and CPU architecture-specific functions.
 
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
@@ -1060,6 +1060,54 @@ UnicodeStrToAsciiStr (
   OUT CHAR8 *Destination
   );
 
+/**
+  Convert a Null-terminated Unicode string to a Null-terminated
+  ASCII string.
+
+  This function is similar as AsciiStrCpyS.
+
+  This function converts the content of the Unicode string Source
+  to the ASCII string Destination by copying the lower 8 bits of
+  each Unicode character. The function terminates the ASCII string
+  Destination by appending a Null-terminator character at the end.
+
+  The caller is responsible to make sure Destination points to a buffer with 
size
+  equal or greater than ((StrLen (Source) + 1) * sizeof (CHAR8)) in bytes.
+
+  If any Unicode characters in Source contain non-zero value in
+  the upper 8 bits, then ASSERT().
+
+  If Source is not aligned on a 16-bit boundary, then ASSERT().
+  If an error would be returned, then the function will also ASSERT().
+
+  If an error is returned, then the Destination is unmodified.
+
+  @param  SourceThe pointer to a Null-terminated Unicode string.
+  @param  Destination   The pointer to a Null-terminated ASCII string.
+  @param  DestMax   The maximum number of Destination Ascii
+char, including terminating null char.
+
+  @retval RETURN_SUCCESS   String is converted.
+  @retval RETURN_BUFFER_TOO_SMALL  If DestMax is NOT greater than 
StrLen(Source).
+  @retval RETURN_INVALID_PARAMETER If Destination is NULL.
+   If Source is NULL.
+   If PcdMaximumAsciiStringLength is not zero,
+and DestMax is greater than
+PcdMaximumAsciiStringLength.
+   If PcdMaximumUnicodeStringLength is not 
zero,
+and DestMax is greater than
+PcdMaximumUnicodeStringLength.
+   If DestMax is 0.
+  @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
+
+**/
+RETURN_STATUS
+EFIAPI
+UnicodeStrToAsciiStrS (
+  IN  CONST CHAR16  *Source,
+  OUT CHAR8 *Destination,
+  IN  UINTN DestMax
+  );
 
 #ifndef DISABLE_NEW_DEPRECATED_INTERFACES
 
@@ -1598,6 +1646,50 @@ AsciiStrToUnicodeStr (
   OUT CHAR16*Destination
   );
 
+/**
+  Convert one Null-terminated ASCII string to a Null-terminated
+  Unicode string.
+
+  This function is similar as StrCpyS.
+
+  This function converts the contents of the ASCII string Source to the Unicode
+  string Destination. The function terminates the Unicode string Destination by
+  appending a Null-terminator character at the end.
+
+  The caller is responsible to make sure Destination points to a buffer with 
size
+  equal or greater than ((AsciiStrLen (Source) + 1) * sizeof (CHAR16)) in 
bytes.
+
+  If Destination is not aligned on a 16-bit boundary, then ASSERT().
+  If an error would be returned, then the function will also ASSERT().
+
+  If an error is returned, then the Destination is unmodified.
+
+  @param  SourceThe pointer to a Null-terminated ASCII string.
+  @param  Destination   The pointer to a Null-terminated Unicode string.
+  @param  DestMax   The maximum number of Destination Unicode
+char, including terminating null char.
+
+  @retval RETURN_SUCCESS   String is converted.
+  @retval RETURN_BUFFER_TOO_SMALL  If DestMax is NOT greater than 
StrLen(Source).
+  @retval RETURN_INVALID_PARAMETER If D

[edk2] [PATCH] IntelFsp2Pkg: rename GetFspVpdDataPointer() to GetFspCfgRegionDataPointer()

2016-06-17 Thread Jiewen Yao 
FSP2.0 removed VPD concept.
Rename GetFspVpdDataPointer() to GetFspCfgRegionDataPointer() to follow FSP2.0
specification (CfgRegionOffset).

Cc: Giri P Mudusuru <giri.p.mudus...@intel.com>
Cc: Amy Chan <amy.c...@intel.com>
Cc: Satya Yarlagadda <satya.p.yarlaga...@intel.com>
Cc: Maurice Ma <maurice...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen@intel.com>
---
 IntelFsp2Pkg/Include/Library/FspCommonLib.h  | 6 +++---
 IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/IntelFsp2Pkg/Include/Library/FspCommonLib.h 
b/IntelFsp2Pkg/Include/Library/FspCommonLib.h
index 0bb0c53..e13d0c3 100644
--- a/IntelFsp2Pkg/Include/Library/FspCommonLib.h
+++ b/IntelFsp2Pkg/Include/Library/FspCommonLib.h
@@ -234,13 +234,13 @@ GetFspInfoHeaderFromApiContext (
   );
 
 /**
-  This function gets the VPD data pointer.
+  This function gets the CfgRegion data pointer.
 
-  @return VpdDataRgnPtr   VPD data pointer.
+  @return CfgRegion data pointer.
 **/
 VOID *
 EFIAPI
-GetFspVpdDataPointer (
+GetFspCfgRegionDataPointer (
   VOID
   );
 
diff --git a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c 
b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c
index efd55f4..151b189 100644
--- a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c
+++ b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c
@@ -425,13 +425,13 @@ GetFspInfoHeaderFromApiContext (
 }
 
 /**
-  This function gets the VPD data pointer.
+  This function gets the CfgRegion data pointer.
 
-  @return VpdDataRgnPtr   VPD data pointer.
+  @return CfgRegion data pointer.
 **/
 VOID *
 EFIAPI
-GetFspVpdDataPointer (
+GetFspCfgRegionDataPointer (
   VOID
   )
 {
-- 
2.7.4.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH] IntelFsp2WrapperPkg: Add support to handle ResetRequired return Status from FSP.

2016-06-16 Thread Jiewen Yao 
As per FSP 2.0 spec, FSP shall not trigger system reset and instead it
shall return from the FSP API to the BL/Wrapper with the required reset
type. The changes are to handle the ResetRequired return code from FSP
APIs and provide lib interface for platform to trigger the actual reset.

Cc: Giri P Mudusuru <giri.p.mudus...@intel.com>
Cc: Amy Chan <amy.c...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Satya Yarlagadda <satya.p.yarlaga...@intel.com>
Signed-off-by: Jiewen Yao <jiewen@intel.com>
---
 .../FspWrapperNotifyDxe/FspWrapperNotifyDxe.c  | 28 ++
 .../FspWrapperNotifyDxe/FspWrapperNotifyDxe.inf|  1 +
 .../FspmWrapperPeim/FspmWrapperPeim.c  |  9 ++
 .../FspsWrapperPeim/FspsWrapperPeim.c  | 33 ++
 .../Include/Library/FspWrapperPlatformLib.h| 13 +
 .../FspWrapperPlatformLibSample.c  | 22 ++-
 6 files changed, 105 insertions(+), 1 deletion(-)

diff --git a/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.c 
b/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.c
index 30c06b8..0797f44 100644
--- a/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.c
+++ b/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.c
@@ -22,6 +22,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 
@@ -93,6 +94,15 @@ OnPciEnumerationComplete (
   PERF_START_EX(, "EventRec", NULL, 0, 0x6000);
   Status = CallFspNotifyPhase ();
   PERF_END_EX(, "EventRec", NULL, 0, 0x607F);
+
+  //
+  // Reset the system if FSP API returned FSP_STATUS_RESET_REQUIRED status
+  //
+  if ((Status >= FSP_STATUS_RESET_REQUIRED_COLD) && (Status <= 
FSP_STATUS_RESET_REQUIRED_8)) {
+DEBUG((DEBUG_INFO, "FSP NotifyPhase AfterPciEnumeration requested reset 
0x%x\n", Status));
+CallFspWrapperResetSystem ((UINT32)Status);
+  }
+
   if (Status != EFI_SUCCESS) {
 DEBUG((DEBUG_ERROR, "FSP NotifyPhase AfterPciEnumeration failed, status: 
0x%x\n", Status));
   } else {
@@ -130,6 +140,15 @@ OnReadyToBoot (
   PERF_START_EX(, "EventRec", NULL, 0, 0x4000);
   Status = CallFspNotifyPhase ();
   PERF_END_EX(, "EventRec", NULL, 0, 0x407F);
+
+  //
+  // Reset the system if FSP API returned FSP_STATUS_RESET_REQUIRED status
+  //
+  if ((Status >= FSP_STATUS_RESET_REQUIRED_COLD) && (Status <= 
FSP_STATUS_RESET_REQUIRED_8)) {
+DEBUG((DEBUG_INFO, "FSP NotifyPhase ReadyToBoot requested reset 0x%x\n", 
Status));
+CallFspWrapperResetSystem ((UINT32)Status);
+  }
+
   if (Status != EFI_SUCCESS) {
 DEBUG((DEBUG_ERROR, "FSP NotifyPhase ReadyToBoot failed, status: 0x%x\n", 
Status));
   } else {
@@ -179,6 +198,15 @@ OnEndOfFirmware (
   PERF_START_EX(, "EventRec", NULL, 0, 0x2000);
   Status = CallFspNotifyPhase ();
   PERF_END_EX(, "EventRec", NULL, 0, 0x207F);
+
+  //
+  // Reset the system if FSP API returned FSP_STATUS_RESET_REQUIRED status
+  //
+  if ((Status >= FSP_STATUS_RESET_REQUIRED_COLD) && (Status <= 
FSP_STATUS_RESET_REQUIRED_8)) {
+DEBUG((DEBUG_INFO, "FSP NotifyPhase EndOfFirmware requested reset 0x%x\n", 
Status));
+CallFspWrapperResetSystem ((UINT32)Status);
+  }
+
   if (Status != EFI_SUCCESS) {
 DEBUG((DEBUG_ERROR, "FSP NotifyPhase EndOfFirmware failed, status: 
0x%x\n", Status));
   } else {
diff --git a/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.inf 
b/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.inf
index d8af0aa..f851f68 100644
--- a/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.inf
+++ b/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/FspWrapperNotifyDxe.inf
@@ -49,6 +49,7 @@
   DxeServicesLib
   PerformanceLib
   HobLib
+  FspWrapperPlatformLib
 
 [Protocols]
   gEfiPciEnumerationCompleteProtocolGuid## CONSUMES
diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c 
b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
index 2eb3625..6144ad7 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
@@ -88,6 +88,15 @@ PeiFspMemoryInit (
   PERF_START_EX(, "EventRec", NULL, 
TimeStampCounterStart, 0xD000);
   PERF_END_EX(, "EventRec", NULL, 0, 0xD07F);
   DEBUG ((DEBUG_INFO, "Total time spent executing FspMemoryInitApi: %d 
millisecond\n", DivU64x32 (GetTimeInNanoSecond (AsmReadTsc () - 
TimeStampCounterStart), 100)));
+
+  //
+  // Reset the system if FSP API returned FSP_STATUS_RESET_REQUIRED status
+  //
+  if ((Status >= FSP_STATUS_RESET_REQUIRED_COLD) && (Status <= 
FSP_STATUS_RESET_REQUIRED_8)) {
+DEBUG((DEBUG_INFO, "FspMemoryInitApi requested reset 0x%x\n", Status));
+CallFspWrapperResetSystem ((UINT32)Status);
+  }

[edk2] [patch] SecurityPkg: Mark MorLock module deprecated.

2016-01-17 Thread jiewen yao 
This module only handles MOR lock v1.
Now MOR lock V2 solution is published and added in variable
driver. So this module can be deprecated.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
Cc: "Zeng, Star" 
---
 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git 
a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf 
b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
index a35a01f..1623bd0 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
@@ -3,7 +3,10 @@
 #
 #  This module will add Variable Hook and allow 
MemoryOverwriteRequestControlLock variable set only once.
 #
-# Copyright (c) 2015, Intel Corporation. All rights reserved.
+#  NOTE: This module only handles secure MOR V1 and is deprecated.
+#  The secure MOR V2 is handled inside of variable driver.
+#
+# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD 
License
 # which accompanies this distribution. The full text of the license may be 
found at
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch V2 1/3] MdeModulePkg: Add MorLockSmm to variable driver.

2016-01-17 Thread jiewen yao 
Microsoft published secure MOR implementation at
https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
with revision 2 update. See URL for tech detail.
Previous revision 1 is handled in SecurityPkg\Tcg\
MemoryOverwriteRequestControlLock.
But the VarCheck API can not satisfy revision 2 requirement.
So we decide include MOR lock control into variable driver
directly.

This patch add standalone TcgMorLockSmm implementation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
Cc: "Zeng, Star" 
---
 .../Universal/Variable/RuntimeDxe/TcgMorLockSmm.c  | 394 +
 1 file changed, 394 insertions(+)
 create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
new file mode 100644
index 000..dade10a
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -0,0 +1,394 @@
+/** @file
+  TCG MOR (Memory Overwrite Request) Lock Control support (SMM version).
+
+  This module initilizes MemoryOverwriteRequestControlLock variable.
+  This module adds Variable Hook and check MemoryOverwriteRequestControlLock.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD 
License
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "Variable.h"
+
+typedef struct {
+  CHAR16 *VariableName;
+  EFI_GUID   *VendorGuid;
+} VARIABLE_TYPE;
+
+VARIABLE_TYPE  mMorVariableType[] = {
+  {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,  
},
+  {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,  
},
+};
+
+#define MOR_LOCK_DATA_UNLOCKED   0x0
+#define MOR_LOCK_DATA_LOCKED_WITHOUT_KEY 0x1
+#define MOR_LOCK_DATA_LOCKED_WITH_KEY0x2
+
+#define MOR_LOCK_V1_SIZE  1
+#define MOR_LOCK_V2_KEY_SIZE  8
+
+typedef enum {
+  MorLockStateUnlocked = 0,
+  MorLockStateLocked = 1,
+} MOR_LOCK_STATE;
+
+UINT8   mMorLockKey[MOR_LOCK_V2_KEY_SIZE];
+BOOLEAN mMorLockKeyEmpty = TRUE;
+BOOLEAN mMorLockPassThru = FALSE;
+MOR_LOCK_STATE  mMorLockState = MorLockStateUnlocked;
+
+/**
+  Returns if this is MOR related variable.
+
+  @param  VariableName the name of the vendor's variable, it's a 
Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+
+  @retval  TRUEThe variable is MOR related.
+  @retval  FALSE   The variable is NOT MOR related.
+**/
+BOOLEAN
+IsAnyMorVariable (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid
+  )
+{
+  UINTN   Index;
+
+  for (Index = 0; Index < 
sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
+if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) && 
+(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
+  return TRUE;
+}
+  }
+  return FALSE;
+}
+
+/**
+  Returns if this is MOR lock variable.
+
+  @param  VariableName the name of the vendor's variable, it's a 
Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+
+  @retval  TRUEThe variable is MOR lock variable.
+  @retval  FALSE   The variable is NOT MOR lock variable.
+**/
+BOOLEAN
+IsMorLockVariable (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid
+  )
+{
+  if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) 
&& 
+  (CompareGuid (VendorGuid, ))) {
+return TRUE;
+  }
+  return FALSE;
+}
+
+/**
+  Set MOR lock variable.
+
+  @param  Data MOR Lock variable data.
+
+  @retval  EFI_SUCCESSThe firmware has successfully stored the 
variable and its data as
+  defined by the Attributes.
+  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits was 
supplied, or the
+  DataSize exceeds the maximum allowed.
+  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
+  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the 
variable and its data.
+  @retval  EFI_DEVICE_ERROR   The variable could not be saved due to a 
hardware failure.
+  @retval  EFI_WRITE_PROTECTEDThe variable in question is read-only.
+  @retval  EFI_WRITE_PROTECTEDThe

[edk2] [patch V2 0/3] Add MorLock to variable driver

2016-01-17 Thread jiewen yao 
Microsoft published secure MOR implementation at
https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
with revision 2 update.
This series patches add MOR lock revision 2
to variable driver.

jiewen yao (3):
  MdeModulePkg: Add MorLockSmm to variable driver.
  MdeModulePkg: Add MorLockDxe to variable driver.
  MdeModulePkg: Add MorLock to variable driver.

 .../Universal/Variable/RuntimeDxe/TcgMorLockDxe.c  |  89 +
 .../Universal/Variable/RuntimeDxe/TcgMorLockSmm.c  | 394 +
 .../Universal/Variable/RuntimeDxe/Variable.c   |  60 +++-
 .../Variable/RuntimeDxe/VariableRuntimeDxe.inf |   6 +-
 .../Universal/Variable/RuntimeDxe/VariableSmm.inf  |   6 +-
 5 files changed, 552 insertions(+), 3 deletions(-)
 create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
 create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c

-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch V2 3/3] MdeModulePkg: Add MorLock to variable driver.

2016-01-17 Thread jiewen yao 
This patch adds MorLock function to Variable main function.
It also updates corresponding INF file to pass build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
Cc: "Zeng, Star" 
---
 .../Universal/Variable/RuntimeDxe/Variable.c   | 60 +-
 .../Variable/RuntimeDxe/VariableRuntimeDxe.inf |  6 ++-
 .../Universal/Variable/RuntimeDxe/VariableSmm.inf  |  6 ++-
 3 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index 2dc3038..5e39d44 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -16,7 +16,7 @@
   VariableServiceSetVariable() should also check authenticate data to avoid 
buffer overflow,
   integer overflow. It should also check attribute to avoid authentication 
bypass.
 
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
@@ -112,6 +112,43 @@ SecureBootHook (
   );
 
 /**
+  Initialization for MOR Lock Control.
+
+  @retval EFI_SUCEESS MorLock initialization success.
+  @return Others  Some error occurs.
+**/
+EFI_STATUS
+MorLockInit (
+  VOID
+  );
+
+/**
+  This service is an MOR/MorLock checker handler for the SetVariable().
+
+  @param  VariableName the name of the vendor's variable, as a
+   Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+  @param  Attributes   Point to memory location to return the attributes of 
variable. If the point
+   is NULL, the parameter would be ignored.
+  @param  DataSize The size in bytes of Data-Buffer.
+  @param  Data Point to the content of the variable.
+
+  @retval  EFI_SUCCESSThe MOR/MorLock check pass, and Variable 
driver can store the variable data.
+  @retval  EFI_INVALID_PARAMETER  The MOR/MorLock data or data size or 
attributes is not allowed for MOR variable.
+  @retval  EFI_ACCESS_DENIED  The MOR/MorLock is locked.
+  @retval  EFI_ALREADY_STARTEDThe MorLock variable is handled inside this 
function.
+  Variable driver can just return EFI_SUCCESS.
+**/
+EFI_STATUS
+SetVariableCheckHandlerMor (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid,
+  IN UINT32 Attributes,
+  IN UINTN  DataSize,
+  IN VOID   *Data
+  );
+
+/**
   Routine used to track statistical information about variable usage.
   The data is stored in the EFI system table so it can be accessed later.
   VariableInfo.efi can dump out the table. Only Boot Services variable
@@ -3192,6 +3229,21 @@ VariableServiceSetVariable (
 }
   }
 
+  //
+  // Special Handling for MOR Lock variable.
+  //
+  Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, 
PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
+  if (Status == EFI_ALREADY_STARTED) {
+//
+// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of 
SetVariableCheckHandlerMor().
+// Variable driver can just return SUCCESS.
+//
+return EFI_SUCCESS;
+  }
+  if (EFI_ERROR (Status)) {
+return Status;
+  }
+
   Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, 
PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);
   if (EFI_ERROR (Status)) {
 return Status;
@@ -3966,6 +4018,12 @@ VariableWriteServiceInitialize (
   }
 
   ReleaseLockOnlyAtBootTime 
(>VariableGlobal.VariableServicesLock);
+
+  //
+  // Initialize MOR Lock variable.
+  //
+  MorLockInit ();
+
   return Status;
 }
 
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 62c1568..da9b8bb 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -9,7 +9,7 @@
 #  This external input must be validated carefully to avoid security issues 
such as
 #  buffer overflow or integer overflow.
 #
-# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD 
License
 # which accompanies this distribution. The full text of the license may be 
found at
@@ -42,6 +42,7 @@
   VariableDxe.c
   Variable.h
   Measurement.c
+  TcgMorLockDxe.c
   VarCheck.c
   VariableExLib.c
 
@@ -95,6

[edk2] [patch V2 2/3] MdeModulePkg: Add MorLockDxe to variable driver.

2016-01-17 Thread jiewen yao 
Per secure MOR implementation document, it is not
proper to add MOR lock in non-SMM version, because
DXE version can not provide protection.

This patch add standalone TcgMorLockDxe implementation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
Cc: "Zeng, Star" 
---
 .../Universal/Variable/RuntimeDxe/TcgMorLockDxe.c  | 89 ++
 1 file changed, 89 insertions(+)
 create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
new file mode 100644
index 000..501d1a0
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
@@ -0,0 +1,89 @@
+/** @file
+  TCG MOR (Memory Overwrite Request) Lock Control support (DXE version).
+
+  This module clears MemoryOverwriteRequestControlLock variable to indicate
+  MOR lock control unsupported.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD 
License
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "Variable.h"
+
+extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
+
+/**
+  This service is an MOR/MorLock checker handler for the SetVariable().
+
+  @param  VariableName the name of the vendor's variable, as a
+   Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+  @param  Attributes   Point to memory location to return the attributes of 
variable. If the point
+   is NULL, the parameter would be ignored.
+  @param  DataSize The size in bytes of Data-Buffer.
+  @param  Data Point to the content of the variable.
+
+  @retval  EFI_SUCCESSThe MOR/MorLock check pass, and Variable 
driver can store the variable data.
+  @retval  EFI_INVALID_PARAMETER  The MOR/MorLock data or data size or 
attributes is not allowed for MOR variable.
+  @retval  EFI_ACCESS_DENIED  The MOR/MorLock is locked.
+  @retval  EFI_ALREADY_STARTEDThe MorLock variable is handled inside this 
function.
+  Variable driver can just return EFI_SUCCESS.
+**/
+EFI_STATUS
+SetVariableCheckHandlerMor (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid,
+  IN UINT32 Attributes,
+  IN UINTN  DataSize,
+  IN VOID   *Data
+  )
+{
+  //
+  // Just let it pass. No need provide protection for DXE version.
+  //
+  return EFI_SUCCESS;
+}
+
+/**
+  Initialization for MOR Lock Control.
+
+  @retval EFI_SUCEESS MorLock initialization success.
+  @return Others  Some error occurs.
+**/
+EFI_STATUS
+MorLockInit (
+  VOID
+  )
+{
+  //
+  // Always clear variable to report unsupported to OS.
+  // The reason is that the DXE version is not proper to provide *protection*.
+  // BIOS should use SMM version variable driver to provide such capability.
+  //
+  VariableServiceSetVariable (
+MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
+,
+EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | 
EFI_VARIABLE_RUNTIME_ACCESS,
+0,
+NULL
+);
+
+  //
+  // Need set this variable to be read-only to prevent other module set it.
+  //
+  VariableLockRequestToLock (, 
MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, 
);
+  return EFI_SUCCESS;
+}
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] SecurityPkg: Update final event log calculation.

2016-01-14 Thread jiewen yao 
This patch updated final event log calculation based on
TCG EFI PROTOCOL rev9, 7.1.2 "All options implementation".
The previous logic is to save event to final event log
once GetEventLog() is called. 7.1.1 shows that we should
save event log to both normal even log area and final event
log area after GetEventLog() is called.
And there is no need to record TCG12 format log to final
event log area, and normal event log area can be BootServices
memory because OS will not access it directly.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
---
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 122 ++
 1 file changed, 84 insertions(+), 38 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c 
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index c4926f6..b1c885e 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -817,11 +817,10 @@ TcgDxeLogEvent (
 return EFI_INVALID_PARAMETER;
   }
 
-  if (!mTcgDxeData.GetEventLogCalled[Index]) {
-EventLogAreaStruct = [Index];
-  } else {
-EventLogAreaStruct = [Index];
-  }
+  //
+  // Record to normal event log
+  //
+  EventLogAreaStruct = [Index];
 
   if (EventLogAreaStruct->EventLogTruncated) {
 return EFI_VOLUME_FULL;
@@ -838,15 +837,50 @@ TcgDxeLogEvent (
  NewEventSize
  );
   
-  if (Status == EFI_DEVICE_ERROR) {
-return EFI_DEVICE_ERROR;
-  } else if (Status == EFI_OUT_OF_RESOURCES) {
+  if (Status == EFI_OUT_OF_RESOURCES) {
 EventLogAreaStruct->EventLogTruncated = TRUE;
 return EFI_VOLUME_FULL;
   } else if (Status == EFI_SUCCESS) {
 EventLogAreaStruct->EventLogStarted = TRUE;
-if (mTcgDxeData.GetEventLogCalled[Index]) {
+  }
+
+  //
+  // If GetEventLog is called, record to FinalEventsTable, too.
+  //
+  if (mTcgDxeData.GetEventLogCalled[Index]) {
+if (mTcgDxeData.FinalEventsTable[Index] == NULL) {
+  //
+  // no need for FinalEventsTable
+  //
+  return EFI_SUCCESS;
+}
+EventLogAreaStruct = [Index];
+
+if (EventLogAreaStruct->EventLogTruncated) {
+  return EFI_VOLUME_FULL;
+}
+
+EventLogAreaStruct->LastEvent = (UINT8*)(UINTN)EventLogAreaStruct->Lasa;
+Status = TcgCommLogEvent (
+   >LastEvent,
+   >EventLogSize,
+   (UINTN)EventLogAreaStruct->Laml,
+   NewEventHdr,
+   NewEventHdrSize,
+   NewEventData,
+   NewEventSize
+   );
+if (Status == EFI_OUT_OF_RESOURCES) {
+  EventLogAreaStruct->EventLogTruncated = TRUE;
+  return EFI_VOLUME_FULL;
+} else if (Status == EFI_SUCCESS) {
+  EventLogAreaStruct->EventLogStarted = TRUE;
+  //
+  // Increase the NumberOfEvents in FinalEventsTable
+  //
   (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++;
+  DEBUG ((EFI_D_INFO, "FinalEventsTable->NumberOfEvents - 0x%x\n", 
(mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents));
+  DEBUG ((EFI_D_INFO, "  Size - 0x%x\n", 
(UINTN)EventLogAreaStruct->LastEvent - 
(UINTN)mTcgDxeData.FinalEventsTable[Index]));
 }
   }
 
@@ -1466,7 +1500,7 @@ SetupEventLog (
   Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);
   Status = gBS->AllocatePages (
   AllocateMaxAddress,
-  EfiACPIMemoryNVS,
+  EfiBootServicesData,
   EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)),
   
   );
@@ -1564,41 +1598,53 @@ SetupEventLog (
   //
   for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); 
Index++) {
 if ((mTcgDxeData.BsCap.SupportedEventLogs & 
mTcg2EventInfo[Index].LogFormat) != 0) {
-  Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);
-  Status = gBS->AllocatePages (
-  AllocateMaxAddress,
-  EfiACPIMemoryNVS,
-  EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)),
-  
-  );
-  if (EFI_ERROR (Status)) {
-return Status;
-  }
-  SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF);
+  if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {
+Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);
+Status = gBS->AllocatePages (
+AllocateMaxAddress,
+EfiACPIMemoryNVS,
+EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)),
+
+);
+if (EFI_ERROR (Status)) {
+  return Status;
+}
+SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF);
 
-  //
-  // Initialize
-  //
-  mTcgDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa;
-  (mTcgDxeData.FinalEventsTable[Index])->Version =

[edk2] [patch] SecurityPkg: Correct NumberOfPCRBanks calculation.

2016-01-14 Thread jiewen yao 
Previously, NumberOfPCRBanks is calculated based on TPM
capability. However, there might be a case that TPM hardware
support 1 algorithm, but BIOS does not support and BIOS
mask it via PCD. This causes the conflict between
HashAlgorithmBitmap and NumberOfPCRBanks.
So we move the NumberOfPCRBanks calculation based on
HashAlgorithmBitmap to make sure the data is consistent.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
---
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 17 ++---
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c 
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 973e8cb..c4926f6 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2412,11 +2412,9 @@ DriverEntry (
   if (EFI_ERROR (Status)) {
 DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
 TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
-NumberOfPCRBanks = 1;
 ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
   } else {
 DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
-NumberOfPCRBanks = 0;
 TpmHashAlgorithmBitmap = 0;
 ActivePCRBanks = 0;
 for (Index = 0; Index < Pcrs.count; Index++) {
@@ -2424,35 +2422,30 @@ DriverEntry (
   switch (Pcrs.pcrSelections[Index].hash) {
   case TPM_ALG_SHA1:
 TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
-NumberOfPCRBanks ++;
 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, 
Pcrs.pcrSelections[Index].sizeofSelect)) {
   ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
 }
 break;
   case TPM_ALG_SHA256:
 TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
-NumberOfPCRBanks ++;
 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, 
Pcrs.pcrSelections[Index].sizeofSelect)) {
   ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
 }
 break;
   case TPM_ALG_SHA384:
 TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
-NumberOfPCRBanks ++;
 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, 
Pcrs.pcrSelections[Index].sizeofSelect)) {
   ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
 }
 break;
   case TPM_ALG_SHA512:
 TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
-NumberOfPCRBanks ++;
 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, 
Pcrs.pcrSelections[Index].sizeofSelect)) {
   ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
 }
 break;
   case TPM_ALG_SM3_256:
 TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
-NumberOfPCRBanks ++;
 if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, 
Pcrs.pcrSelections[Index].sizeofSelect)) {
   ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
 }
@@ -2463,6 +2456,16 @@ DriverEntry (
   mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 
(PcdTcg2HashAlgorithmBitmap);
   mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 
(PcdTcg2HashAlgorithmBitmap);
 
+  //
+  // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might 
be removed by PCD.
+  //
+  NumberOfPCRBanks = 0;
+  for (Index = 0; Index < 32; Index++) {
+if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) {
+  NumberOfPCRBanks++;
+}
+  }
+
   if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {
 mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;
   } else {
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] SecurityPkg: Replace TREE macro with TCG2.

2016-01-14 Thread jiewen yao 
Since Tcg2Dxe driver follows TCG spec, we should use
TCG2 MACRO, instead of TREE macro.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
---
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c 
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index f0dbbac..973e8cb 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2474,11 +2474,11 @@ DriverEntry (
   }
 
   mTcgDxeData.BsCap.SupportedEventLogs = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | 
EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
-  if ((mTcgDxeData.BsCap.ActivePcrBanks & TREE_BOOT_HASH_ALG_SHA1) == 0) {
+  if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) == 0) {
 //
 // No need to expose TCG1.2 event log if SHA1 bank does not exist.
 //
-mTcgDxeData.BsCap.SupportedEventLogs &= ~TREE_EVENT_LOG_FORMAT_TCG_1_2;
+mTcgDxeData.BsCap.SupportedEventLogs &= ~EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
   }
 
   DEBUG ((EFI_D_INFO, "Tcg2.SupportedEventLogs - 0x%08x\n", 
mTcgDxeData.BsCap.SupportedEventLogs));
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 0/2] Update Secure MOR implementation to revision 2.

2016-01-14 Thread jiewen yao 
Microsoft secure MOR implementation is updated to revision 2.
These series patches follow Secure MOR implementation update.

jiewen yao (2):
  MdePkg: Update MorLock comment to latest doc.
  MdeModulePkg: Include MorLock check into variable driver.

 .MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLock.c | 404 
+
 .MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c   |  60 +++
 .MdeModulePkg/Variable/RuntimeDxe/VariableRuntimeDxe.inf |   4 +
 .MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf  |   4 +
 .MdePkg/MemoryOverwriteRequestControlLock.h|  16 +-
 5 files changed, 480 insertions(+), 8 deletions(-)
 create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLock.c

-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 2/2] MdeModulePkg: Include MorLock check into variable driver.

2016-01-14 Thread jiewen yao 
Microsoft published secure MOR implementation at
https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
with revision 2 update. See URL for tech detail.
Previous revision 1 is handled in SecurityPkg\Tcg\
MemoryOverwriteRequestControlLock.
But the VarCheck API can not satisfy revision 2 requirement.
So we decide include MOR lock control into variable driver
directly.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
Cc: "Zeng, Star" 
---
 .../Universal/Variable/RuntimeDxe/TcgMorLock.c | 404 +
 .../Universal/Variable/RuntimeDxe/Variable.c   |  60 +++
 .../Variable/RuntimeDxe/VariableRuntimeDxe.inf |   4 +
 .../Universal/Variable/RuntimeDxe/VariableSmm.inf  |   4 +
 4 files changed, 472 insertions(+)
 create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLock.c

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLock.c 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLock.c
new file mode 100644
index 000..087e85a
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLock.c
@@ -0,0 +1,404 @@
+/** @file
+  TCG MOR (Memory Overwrite Request) Lock Control support.
+
+  This module initilizes MemoryOverwriteRequestControlLock variable.
+  This module adds Variable Hook and check MemoryOverwriteRequestControlLock.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD 
License 
+which accompanies this distribution.  The full text of the license may be 
found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "Variable.h"
+
+typedef struct {
+  CHAR16 *VariableName;
+  EFI_GUID   *VendorGuid;
+} VARIABLE_TYPE;
+
+VARIABLE_TYPE  mMorVariableType[] = {
+  {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,  
},
+  {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,  
},
+};
+
+#define MOR_LOCK_DATA_UNLOCKED   0x0
+#define MOR_LOCK_DATA_LOCKED_WITHOUT_KEY 0x1
+#define MOR_LOCK_DATA_LOCKED_WITH_KEY0x2
+
+#define MOR_LOCK_V1_SIZE  1
+#define MOR_LOCK_V2_KEY_SIZE  8
+
+typedef enum {
+  MorLockStateUnlocked = 0,
+  MorLockStateLocked = 1,
+} MOR_LOCK_STATE;
+
+UINT8   mMorLockKey[MOR_LOCK_V2_KEY_SIZE];
+BOOLEAN mMorLockKeyEmpty = TRUE;
+BOOLEAN mMorLockPassThru = FALSE;
+MOR_LOCK_STATE  mMorLockState = MorLockStateUnlocked;
+
+/**
+  Returns if this is MOR related variable.
+
+  @param  VariableName the name of the vendor's variable, it's a 
Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+
+  @retval  TRUEThe variable is MOR related.
+  @retval  FALSE   The variable is NOT MOR related.
+**/
+BOOLEAN
+IsAnyMorVariable (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid
+  )
+{
+  UINTN   Index;
+
+  for (Index = 0; Index < 
sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
+if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) && 
+(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
+  return TRUE;
+}
+  }
+  return FALSE;
+}
+
+/**
+  Returns if this is MOR lock variable.
+
+  @param  VariableName the name of the vendor's variable, it's a 
Null-Terminated Unicode String
+  @param  VendorGuid   Unify identifier for vendor.
+
+  @retval  TRUEThe variable is MOR lock variable.
+  @retval  FALSE   The variable is NOT MOR lock variable.
+**/
+BOOLEAN
+IsMorLockVariable (
+  IN CHAR16 *VariableName,
+  IN EFI_GUID   *VendorGuid
+  )
+{
+  if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) 
&& 
+  (CompareGuid (VendorGuid, ))) {
+return TRUE;
+  }
+  return FALSE;
+}
+
+/**
+  Set MOR lock variable.
+
+  @param  Data MOR Lock variable data.
+
+  @retval  EFI_SUCCESSThe firmware has successfully stored the 
variable and its data as
+  defined by the Attributes.
+  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits was 
supplied, or the
+  DataSize exceeds the maximum allowed.
+  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
+  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the 
variable and its data.
+  @retval  EFI_DEVICE_ERROR   The variable could not be saved due to a 
hardware failure.
+  @retval

[edk2] [patch 3/7] MdeModulePkg: Add MemoryAttributesTable generation.

2016-01-29 Thread jiewen yao 
Add MemoryAttributesTable generation in DxeCore.
We leverage the information collected by original
PropertiesTable, and publish runtime code/data to
another standalone table. So that this is a
compatible solution to report more PE Code/Data
information.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 214 +
 1 file changed, 214 insertions(+)
 create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c 
b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
new file mode 100644
index 000..c84146a
--- /dev/null
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
@@ -0,0 +1,214 @@
+/** @file
+  UEFI MemoryAttributesTable support
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD 
License
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include 
+#include 
+
+#include "DxeMain.h"
+
+/**
+  This function for GetMemoryMap() with properties table capability.
+
+  It calls original GetMemoryMap() to get the original memory map information. 
Then
+  plus the additional memory map entries for PE Code/Data seperation.
+
+  @param  MemoryMapSize  A pointer to the size, in bytes, of the
+ MemoryMap buffer. On input, this is the size 
of
+ the buffer allocated by the caller.  On 
output,
+ it is the size of the buffer returned by the
+ firmware  if the buffer was large enough, or 
the
+ size of the buffer needed  to contain the map 
if
+ the buffer was too small.
+  @param  MemoryMap  A pointer to the buffer in which firmware 
places
+ the current memory map.
+  @param  MapKey A pointer to the location in which firmware
+ returns the key for the current memory map.
+  @param  DescriptorSize A pointer to the location in which firmware
+ returns the size, in bytes, of an individual
+ EFI_MEMORY_DESCRIPTOR.
+  @param  DescriptorVersion  A pointer to the location in which firmware
+ returns the version number associated with the
+ EFI_MEMORY_DESCRIPTOR.
+
+  @retval EFI_SUCCESSThe memory map was returned in the MemoryMap
+ buffer.
+  @retval EFI_BUFFER_TOO_SMALL   The MemoryMap buffer was too small. The 
current
+ buffer size needed to hold the memory map is
+ returned in MemoryMapSize.
+  @retval EFI_INVALID_PARAMETER  One of the parameters has an invalid value.
+
+**/
+EFI_STATUS
+EFIAPI
+CoreGetMemoryMapPropertiesTable (
+  IN OUT UINTN  *MemoryMapSize,
+  IN OUT EFI_MEMORY_DESCRIPTOR  *MemoryMap,
+  OUT UINTN *MapKey,
+  OUT UINTN *DescriptorSize,
+  OUT UINT32*DescriptorVersion
+  );
+
+extern EFI_PROPERTIES_TABLE  mPropertiesTable;
+
+BOOLEAN mIsConstructingMemoryAttributesTable = FALSE;
+
+/**
+  Install MemoryAttributesTable.
+
+  @param[in]  Event The Event this notify function registered to.
+  @param[in]  Context   Pointer to the context data registered to the Event.
+**/
+VOID
+EFIAPI
+InstallMemoryAttributesTable (
+  EFI_EVENT   Event,
+  VOID*Context
+  )
+{
+  UINTN  MemoryMapSize;
+  EFI_MEMORY_DESCRIPTOR  *MemoryMap;
+  EFI_MEMORY_DESCRIPTOR  *MemoryMapStart;
+  UINTN  MapKey;
+  UINTN  DescriptorSize;
+  UINT32 DescriptorVersion;
+  UINTN  Index;
+  EFI_STATUS Status;
+  UINT32 RuntimeEntryCount;
+  EFI_MEMORY_ATTRIBUTES_TABLE*MemoryAttributesTable;
+  EFI_MEMORY_DESCRIPTOR  *MemoryAttributesEntry;
+
+  if ((mPropertiesTable.MemoryProtectionAttribute & 
EFI_PROPERTIES_RUNTIME_MEMORY_PROTECTION_NON_EXECUTABLE_PE_DATA) == 0) {
+DEBUG ((EFI_D_VERBOSE, "MemoryProtectionAttribute NON_EXECUTABLE_PE_DATA 
is not

[edk2] [patch 5/7] MdeModulePkg: Add CoreInitializeMemoryAttributesTable() to header file.

2016-01-29 Thread jiewen yao 
Add CoreInitializeMemoryAttributesTable() to DXE Core
header file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/DxeMain.h | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index 06b865c..fefe5be 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -2,7 +2,7 @@
   The internal header file includes the common header files, defines
   internal structure and functions used by DxeCore module.
 
-Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -2893,6 +2893,15 @@ CoreInitializePropertiesTable (
   );
 
 /**
+  Initialize MemoryAttrubutesTable support.
+**/
+VOID
+EFIAPI
+CoreInitializeMemoryAttributesTable (
+  VOID
+  );
+
+/**
   Insert image record.
 
   @param  RuntimeImageRuntime image information
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 6/7] MdePkg: Call CoreInitializeMemoryAttributesTable() in DXE Entrypoint.

2016-01-29 Thread jiewen yao 
Call CoreInitializeMemoryAttributesTable() in DXE Entrypoint.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c 
b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
index e60d2f2..0a34711 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
+++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -1,7 +1,7 @@
 /** @file
   DXE Core Main Entry Point
 
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -388,6 +388,7 @@ DxeMain (
   MemoryProfileInstallProtocol ();
 
   CoreInitializePropertiesTable ();
+  CoreInitializeMemoryAttributesTable ();
 
   //
   // Get persisted vector hand-off info from GUIDeed HOB again due to HobStart 
may be updated,
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 1/7] MdePkg: Add UEFI2.6 MemoryAttributes Table definition.

2016-01-29 Thread jiewen yao 
Add UEFI2.6 MemoryAttributes Table definition header
file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdePkg/Include/Guid/MemoryAttributesTable.h | 34 +
 1 file changed, 34 insertions(+)
 create mode 100644 MdePkg/Include/Guid/MemoryAttributesTable.h

diff --git a/MdePkg/Include/Guid/MemoryAttributesTable.h 
b/MdePkg/Include/Guid/MemoryAttributesTable.h
new file mode 100644
index 000..a2db936
--- /dev/null
+++ b/MdePkg/Include/Guid/MemoryAttributesTable.h
@@ -0,0 +1,34 @@
+/** @file
+  GUIDs used for UEFI Memory Attributes Table in the UEFI 2.6 specification.
+
+  Copyright (c) 2016, Intel Corporation. All rights reserved.
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD 
License
+  which accompanies this distribution.  The full text of the license may be 
found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __UEFI_MEMORY_ATTRIBUTES_TABLE_H__
+#define __UEFI_MEMORY_ATTRIBUTES_TABLE_H__
+
+#define EFI_MEMORY_ATTRIBUTES_TABLE_GUID {\
+  0xdcfa911d, 0x26eb, 0x469f, {0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20} 
\
+}
+
+typedef struct {
+  UINT32Version;
+  UINT32NumberOfEntries;
+  UINT32DescriptorSize;
+  UINT32Reserved;
+//EFI_MEMORY_DESCRIPTOR Entry[1];
+} EFI_MEMORY_ATTRIBUTES_TABLE;
+
+#define EFI_MEMORY_ATTRIBUTES_TABLE_VERSION  0x0001
+
+extern EFI_GUID gEfiMemoryAttributesTableGuid;
+
+#endif
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 2/7] MdePkg: Add UEFI2.6 MemoryAttributesTable GUID

2016-01-29 Thread jiewen yao 
Add UEFI2.6 MemoryAttributesTable GUID definition.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdePkg/MdePkg.dec | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 7ab0cbb..c84a745 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -2,9 +2,9 @@
 # This Package provides all definitions, library classes and libraries 
instances.
 #
 # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of
-# EFI1.10/UEFI2.5/PI1.4 and some Industry Standards.
+# EFI1.10/UEFI2.6/PI1.4 and some Industry Standards.
 #
-# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.
 # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
 #
 # This program and the accompanying materials are licensed and made available 
under
@@ -612,6 +612,13 @@
   gEfiPersistentVirtualCdGuid= { 0x08018188, 0x42CD, 0xBB48, {0x10, 0x0F, 
0x53, 0x87, 0xD5, 0x3D, 0xED, 0x3D }}
 
   #
+  # GUIDs defined in UEFI2.6
+  #
+
+  ## Include/Guid/MemoryAttributesTable.h
+  gEfiMemoryAttributesTableGuid= { 0xdcfa911d, 0x26eb, 0x469f, {0xa2, 
0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20}}
+
+  #
   # GUID defined in PI1.0
   #
   ## Include/Guid/AprioriFileName.h
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 4/7] MdeModulePkg: Update PropertiesTable for MemoryAttributesTable.

2016-01-29 Thread jiewen yao 
MemoryAttributesTable generation need information in
PropertiesTable.
In memory attributes table generation path,
PropertiesTable need record original memory map and do
not merge the new memory map entry cross original
memory map boundary.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 100 ---
 1 file changed, 90 insertions(+), 10 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c 
b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
index 1b40b3c..6e5ad03 100644
--- a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
@@ -81,6 +81,15 @@ EFI_PROPERTIES_TABLE  mPropertiesTable = {
 EFI_LOCK   mPropertiesTableLock = EFI_INITIALIZE_LOCK_VARIABLE 
(TPL_NOTIFY);
 
 //
+// Temporary save for original memory map.
+// This is for MemoryAttributesTable only.
+//
+extern BOOLEAN mIsConstructingMemoryAttributesTable;
+EFI_MEMORY_DESCRIPTOR  *mMemoryMapOrg;
+UINTN  mMemoryMapOrgSize;
+UINTN  mDescriptorSize;
+
+//
 // Below functions are for MemoryMap
 //
 
@@ -190,6 +199,42 @@ SortMemoryMap (
 }
 
 /**
+  Check if this memory entry spans across original memory map boundary.
+
+  @param PhysicalStart   The PhysicalStart of memory
+  @param NumberOfPages   The NumberOfPages of memory
+
+  @retval TRUE  This memory entry spans across original memory map boundary.
+  @retval FALSE This memory entry does not span cross original memory map 
boundary.
+**/
+STATIC
+BOOLEAN
+DoesEntrySpanAcrossBoundary (
+  IN UINT64  PhysicalStart,
+  IN UINT64  NumberOfPages
+  )
+{
+  EFI_MEMORY_DESCRIPTOR   *MemoryMapEntry;
+  EFI_MEMORY_DESCRIPTOR   *MemoryMapEnd;
+  UINT64  MemoryBlockLength;
+
+  MemoryMapEntry = mMemoryMapOrg;
+  MemoryMapEnd   = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) mMemoryMapOrg + 
mMemoryMapOrgSize);
+  while (MemoryMapEntry < MemoryMapEnd) {
+MemoryBlockLength = (UINT64) (EfiPagesToSize 
(MemoryMapEntry->NumberOfPages));
+
+if ((MemoryMapEntry->PhysicalStart <= PhysicalStart) &&
+(MemoryMapEntry->PhysicalStart + MemoryBlockLength > PhysicalStart) &&
+(MemoryMapEntry->PhysicalStart + MemoryBlockLength < PhysicalStart + 
EfiPagesToSize (NumberOfPages))) {
+  return TRUE;
+}
+
+MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, mDescriptorSize);
+  }
+  return FALSE;
+}
+
+/**
   Merge continous memory map entries whose have same attributes.
 
   @param  MemoryMap  A pointer to the buffer in which firmware 
places
@@ -221,14 +266,25 @@ MergeMemoryMap (
 CopyMem (NewMemoryMapEntry, MemoryMapEntry, sizeof(EFI_MEMORY_DESCRIPTOR));
 NextMemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, 
DescriptorSize);
 
-MemoryBlockLength = (UINT64) (EfiPagesToSize 
(MemoryMapEntry->NumberOfPages));
-if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
-(MemoryMapEntry->Type == NextMemoryMapEntry->Type) &&
-(MemoryMapEntry->Attribute == NextMemoryMapEntry->Attribute) &&
-((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart)) {
-  NewMemoryMapEntry->NumberOfPages += NextMemoryMapEntry->NumberOfPages;
-  MemoryMapEntry = NextMemoryMapEntry;
-}
+do {
+  MemoryBlockLength = (UINT64) (EfiPagesToSize 
(MemoryMapEntry->NumberOfPages));
+  if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
+  (MemoryMapEntry->Type == NextMemoryMapEntry->Type) &&
+  (MemoryMapEntry->Attribute == NextMemoryMapEntry->Attribute) &&
+  ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart) &&
+  (!DoesEntrySpanAcrossBoundary (MemoryMapEntry->PhysicalStart, 
MemoryMapEntry->NumberOfPages + NextMemoryMapEntry->NumberOfPages))) {
+MemoryMapEntry->NumberOfPages += NextMemoryMapEntry->NumberOfPages;
+if (NewMemoryMapEntry != MemoryMapEntry) {
+  NewMemoryMapEntry->NumberOfPages += 
NextMemoryMapEntry->NumberOfPages;
+}
+
+NextMemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (NextMemoryMapEntry, 
DescriptorSize);
+continue;
+  } else {
+MemoryMapEntry = PREVIOUS_MEMORY_DESCRIPTOR (NextMemoryMapEntry, 
DescriptorSize);
+break;
+  }
+} while (TRUE);
 
 MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorSize);
 NewMemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (NewMemoryMapEntry, 
DescriptorSize);
@@ -686,7 +742,7 @@ SplitTable (
 }
 
 /**
-  This function for GetMemoryMap() with properties table.
+  This function for GetMemoryMap() with properties table capability.
 
   It calls original GetMemoryMap() to get the original memory map information. 
Then
   plus the additional memory map entries for PE

[edk2] [patch 0/7] Add UEFI2.6 MemoryAttributesTable support.

2016-01-29 Thread jiewen yao 
This series patches add UEFI2.6 MemoryAttributesTable support.
This table is used to retire old PropertiesTable.
This is standalone table published by DxeCore, so there is no
compatibility issue.

The patch is validated with or without properties table.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen@intel.com>
Cc: "Gao, Liming" <liming@intel.com>

jiewen yao (7):
  MdePkg: Add UEFI2.6 MemoryAttributes Table definition.
  MdePkg: Add UEFI2.6 MemoryAttributesTable GUID
  MdeModulePkg: Add MemoryAttributesTable generation.
  MdeModulePkg: Update PropertiesTable for MemoryAttributesTable.
  MdeModulePkg: Add CoreInitializeMemoryAttributesTable() to header
file.
  MdePkg: Call CoreInitializeMemoryAttributesTable() in DXE Entrypoint.
  MdePkg: Update DxeCore INF for MemoryAttributesTable.

 MdeModulePkg/Core/Dxe/DxeMain.h|  11 +-
 MdeModulePkg/Core/Dxe/DxeMain.inf  |   4 +-
 MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c|   3 +-
 MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 214 +
 MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c   | 100 +-
 MdePkg/Include/Guid/MemoryAttributesTable.h|  34 
 MdePkg/MdePkg.dec  |  11 +-
 7 files changed, 362 insertions(+), 15 deletions(-)
 create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
 create mode 100644 MdePkg/Include/Guid/MemoryAttributesTable.h

-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 7/7] MdePkg: Update DxeCore INF for MemoryAttributesTable.

2016-01-29 Thread jiewen yao 
Update DxeCore INF for MemoryAttributesTable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/DxeMain.inf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf 
b/MdeModulePkg/Core/Dxe/DxeMain.inf
index 7ebf0d7..e3e4d03 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -3,7 +3,7 @@
 #
 #  It provides an implementation of DXE Core that is compliant with DXE CIS.
 #  
-#  Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+#  Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD 
License
 #  which accompanies this distribution.  The full text of the license may be 
found at
@@ -41,6 +41,7 @@
   Misc/SetWatchdogTimer.c
   Misc/InstallConfigurationTable.c
   Misc/PropertiesTable.c
+  Misc/MemoryAttributesTable.c
   Library/Library.c
   Hand/DriverSupport.c
   Hand/Notify.c
@@ -125,6 +126,7 @@
   gEdkiiMemoryProfileGuid   ## SOMETIMES_PRODUCES   ## 
GUID # Install protocol
   gZeroGuid ## SOMETIMES_CONSUMES   ## GUID
   gEfiPropertiesTableGuid   ## SOMETIMES_PRODUCES   ## 
SystemTable
+  gEfiMemoryAttributesTableGuid ## SOMETIMES_PRODUCES   ## 
SystemTable
   gEfiEndOfDxeEventGroupGuid## SOMETIMES_CONSUMES   ## 
Event
 
 [Ppis]
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] MdePkg: Add missing definition for ACPI6.0.

2016-01-28 Thread jiewen yao 
Add missing definition in ACPI6.0 specification.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdePkg/Include/IndustryStandard/Acpi60.h | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/IndustryStandard/Acpi60.h 
b/MdePkg/Include/IndustryStandard/Acpi60.h
index f0e4151..d736979 100644
--- a/MdePkg/Include/IndustryStandard/Acpi60.h
+++ b/MdePkg/Include/IndustryStandard/Acpi60.h
@@ -1,7 +1,7 @@
 /** @file   
   ACPI 6.0 definitions from the ACPI Specification Revision 6.0 April, 2015.
 
-  Copyright (c) 2015, Intel Corporation. All rights reserved.
+  Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
  (C) Copyright 2015 Hewlett Packard Enterprise Development LP  
   This program and the accompanying materials  
   are licensed and made available under the terms and conditions of the BSD 
License 
@@ -1666,6 +1666,9 @@ typedef struct {
 #define EFI_ACPI_6_0_HARDWARE_ERROR_NOTIFICATION_LOCAL_INTERRUPT   0x02
 #define EFI_ACPI_6_0_HARDWARE_ERROR_NOTIFICATION_SCI   0x03
 #define EFI_ACPI_6_0_HARDWARE_ERROR_NOTIFICATION_NMI   0x04
+#define EFI_ACPI_6_0_HARDWARE_ERROR_NOTIFICATION_CMCI  0x05
+#define EFI_ACPI_6_0_HARDWARE_ERROR_NOTIFICATION_MCE   0x06
+#define EFI_ACPI_6_0_HARDWARE_ERROR_NOTIFICATION_GPIO_SIGNAL   0x07
 
 ///
 /// Hardware Error Notification Configuration Write Enable Structure Definition
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] MdePkg: Update Acpi.h to include 6.1.

2016-01-28 Thread jiewen yao 
Update Acpi.h to include latest Acpi6.1
header file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdePkg/Include/IndustryStandard/Acpi.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/IndustryStandard/Acpi.h 
b/MdePkg/Include/IndustryStandard/Acpi.h
index be91b0f..ad8504a 100644
--- a/MdePkg/Include/IndustryStandard/Acpi.h
+++ b/MdePkg/Include/IndustryStandard/Acpi.h
@@ -2,7 +2,7 @@
   This file contains the latest ACPI definitions that are
   consumed by drivers that do not care about ACPI versions.
 
-  Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+  Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD 
License
   which accompanies this distribution.  The full text of the license may be 
found at
@@ -16,6 +16,6 @@
 #ifndef _ACPI_H_
 #define _ACPI_H_
 
-#include 
+#include 
 
 #endif
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch V3] MdeModulePkg: Fix Memory Attributes table type issue

2016-02-22 Thread Jiewen Yao 
According to the spec, each entry in the Memory
Attributes table shall have the same type as
the region it was carved out of in the UEFI memory map.
The current attribute uses RTData for PE Data, but
it should be RTCode.

This patch fixed the issue. It is validated with or
without PropertiesTable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Ard Biesheuvel" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c |   6 --
 MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c   | 114 +++--
 2 files changed, 37 insertions(+), 83 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c 
b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
index c84146a..416ed3d 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
@@ -72,8 +72,6 @@ CoreGetMemoryMapPropertiesTable (
 
 extern EFI_PROPERTIES_TABLE  mPropertiesTable;
 
-BOOLEAN mIsConstructingMemoryAttributesTable = FALSE;
-
 /**
   Install MemoryAttributesTable.
 
@@ -105,8 +103,6 @@ InstallMemoryAttributesTable (
 return ;
   }
 
-  mIsConstructingMemoryAttributesTable = TRUE;
-
   MemoryMapSize = 0;
   MemoryMap = NULL;
   Status = CoreGetMemoryMapPropertiesTable (
@@ -181,8 +177,6 @@ InstallMemoryAttributesTable (
 
   Status = gBS->InstallConfigurationTable (, 
MemoryAttributesTable);
   ASSERT_EFI_ERROR (Status);
-
-  mIsConstructingMemoryAttributesTable = FALSE;
 }
 
 /**
diff --git a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c 
b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
index 6e5ad03..ebe7096 100644
--- a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
@@ -1,7 +1,7 @@
 /** @file
   UEFI PropertiesTable support
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -80,14 +80,7 @@ EFI_PROPERTIES_TABLE  mPropertiesTable = {
 
 EFI_LOCK   mPropertiesTableLock = EFI_INITIALIZE_LOCK_VARIABLE 
(TPL_NOTIFY);
 
-//
-// Temporary save for original memory map.
-// This is for MemoryAttributesTable only.
-//
-extern BOOLEAN mIsConstructingMemoryAttributesTable;
-EFI_MEMORY_DESCRIPTOR  *mMemoryMapOrg;
-UINTN  mMemoryMapOrgSize;
-UINTN  mDescriptorSize;
+BOOLEANmPropertiesTableEnable;
 
 //
 // Below functions are for MemoryMap
@@ -199,42 +192,6 @@ SortMemoryMap (
 }
 
 /**
-  Check if this memory entry spans across original memory map boundary.
-
-  @param PhysicalStart   The PhysicalStart of memory
-  @param NumberOfPages   The NumberOfPages of memory
-
-  @retval TRUE  This memory entry spans across original memory map boundary.
-  @retval FALSE This memory entry does not span cross original memory map 
boundary.
-**/
-STATIC
-BOOLEAN
-DoesEntrySpanAcrossBoundary (
-  IN UINT64  PhysicalStart,
-  IN UINT64  NumberOfPages
-  )
-{
-  EFI_MEMORY_DESCRIPTOR   *MemoryMapEntry;
-  EFI_MEMORY_DESCRIPTOR   *MemoryMapEnd;
-  UINT64  MemoryBlockLength;
-
-  MemoryMapEntry = mMemoryMapOrg;
-  MemoryMapEnd   = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) mMemoryMapOrg + 
mMemoryMapOrgSize);
-  while (MemoryMapEntry < MemoryMapEnd) {
-MemoryBlockLength = (UINT64) (EfiPagesToSize 
(MemoryMapEntry->NumberOfPages));
-
-if ((MemoryMapEntry->PhysicalStart <= PhysicalStart) &&
-(MemoryMapEntry->PhysicalStart + MemoryBlockLength > PhysicalStart) &&
-(MemoryMapEntry->PhysicalStart + MemoryBlockLength < PhysicalStart + 
EfiPagesToSize (NumberOfPages))) {
-  return TRUE;
-}
-
-MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, mDescriptorSize);
-  }
-  return FALSE;
-}
-
-/**
   Merge continous memory map entries whose have same attributes.
 
   @param  MemoryMap  A pointer to the buffer in which firmware 
places
@@ -271,8 +228,7 @@ MergeMemoryMap (
   if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
   (MemoryMapEntry->Type == NextMemoryMapEntry->Type) &&
   (MemoryMapEntry->Attribute == NextMemoryMapEntry->Attribute) &&
-  ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart) &&
-  (!DoesEntrySpanAcrossBoundary (MemoryMapEntry->PhysicalStart, 
MemoryMapEntry->NumberOfPages + NextMemoryMapEntry->NumberOfPages))) {
+  ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart)) {
 MemoryMapEntry->NumberOfPages += NextMemoryMapEntry->NumberOfPages;
 if (NewMemoryMapEntry != MemoryMapEntry) {

[edk2] [patch] SecurityPkg: Update TCG PPI "1.3" for TCG2.

2016-01-21 Thread jiewen yao 
The Tcg2Smm follows TCG PPI 1.3 specification.
This patch updates the ASL code string to 1.3.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Zhang, Chao B" 
---
 SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl
index 80dfb3b..776f43e 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl
@@ -187,7 +187,7 @@ DefinitionBlock (
 //
 // a) Get Physical Presence Interface Version
 //
-Return ("1.2")
+Return ("1.3")
   }
   Case (2)
   {
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 2/6] MdePkg: Add TPM TIS definition.

2016-01-21 Thread jiewen yao 
TPM TIS (TPM Interface Specification) is TCG standard.
Add definition here.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
CC: "Zhang, Chao B" 
---
 MdePkg/Include/IndustryStandard/TpmTis.h | 183 +++
 1 file changed, 183 insertions(+)
 create mode 100644 MdePkg/Include/IndustryStandard/TpmTis.h

diff --git a/MdePkg/Include/IndustryStandard/TpmTis.h 
b/MdePkg/Include/IndustryStandard/TpmTis.h
new file mode 100644
index 000..519fa79
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/TpmTis.h
@@ -0,0 +1,183 @@
+/** @file
+  TPM Interface Specification definition.
+  It covers both TPM1.2 and TPM2.0.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD 
License
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TPM_TIS_H_
+#define _TPM_TIS_H_
+
+//
+// Set structure alignment to 1-byte
+//
+#pragma pack (1)
+
+//
+// Register set map as specified in TIS specification Chapter 10
+//
+typedef struct {
+  ///
+  /// Used to gain ownership for this particular port.
+  ///
+  UINT8 Access; // 0
+  UINT8 Reserved1[7];   // 1
+  ///
+  /// Controls interrupts.
+  ///
+  UINT32IntEnable;  // 8
+  ///
+  /// SIRQ vector to be used by the TPM.
+  ///
+  UINT8 IntVector;  // 0ch
+  UINT8 Reserved2[3];   // 0dh
+  ///
+  /// What caused interrupt.
+  ///
+  UINT32IntSts; // 10h
+  ///
+  /// Shows which interrupts are supported by that particular TPM.
+  ///
+  UINT32IntfCapability; // 14h
+  ///
+  /// Status Register. Provides status of the TPM.
+  ///
+  UINT8 Status; // 18h
+  ///
+  /// Number of consecutive writes that can be done to the TPM.
+  ///
+  UINT16BurstCount; // 19h
+  UINT8 Reserved3[9];
+  ///
+  /// Read or write FIFO, depending on transaction.
+  ///
+  UINT32DataFifo;   // 24h
+  UINT8 Reserved4[0xed8];   // 28h
+  ///
+  /// Vendor ID
+  ///
+  UINT16Vid;// 0f00h
+  ///
+  /// Device ID
+  ///
+  UINT16Did;// 0f02h
+  ///
+  /// Revision ID
+  ///
+  UINT8 Rid;// 0f04h
+  UINT8 Reserved[0x7b]; // 0f05h
+  ///
+  /// Alias to I/O legacy space.
+  ///
+  UINT32LegacyAddress1; // 0f80h
+  ///
+  /// Additional 8 bits for I/O legacy space extension.
+  ///
+  UINT32LegacyAddress1Ex;   // 0f84h
+  ///
+  /// Alias to second I/O legacy space.
+  ///
+  UINT32LegacyAddress2; // 0f88h
+  ///
+  /// Additional 8 bits for second I/O legacy space extension.
+  ///
+  UINT32LegacyAddress2Ex;   // 0f8ch
+  ///
+  /// Vendor-defined configuration registers.
+  ///
+  UINT8 VendorDefined[0x70];// 0f90h
+} TIS_PC_REGISTERS;
+
+//
+// Restore original structure alignment
+//
+#pragma pack ()
+
+//
+// Define pointer types used to access TIS registers on PC
+//
+typedef TIS_PC_REGISTERS  *TIS_PC_REGISTERS_PTR;
+
+//
+// Define bits of ACCESS and STATUS registers
+//
+
+///
+/// This bit is a 1 to indicate that the other bits in this register are valid.
+///
+#define TIS_PC_VALIDBIT7
+///
+/// Indicate that this locality is active.
+///
+#define TIS_PC_ACC_ACTIVE   BIT5
+///
+/// Set to 1 to indicate that this locality had the TPM taken away while
+/// this locality had the TIS_PC_ACC_ACTIVE bit set.
+///
+#define TIS_PC_ACC_SEIZED   BIT4
+///
+/// Set to 1 to indicate that TPM MUST reset the
+/// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the
+/// locality that is writing this bit.
+///
+#define TIS_PC_ACC_SEIZEBIT3
+///
+/// When this bit is 1, another locality is requesting usage of the TPM.
+///
+#define TIS_PC_ACC_PENDIND  BIT2
+///
+/// Set to 1 to indicate that this locality is requesting to use TPM.
+///
+#define TIS_PC_ACC_RQUUSE   BIT1
+///
+/// A value of 1 indicates that a T/OS has not been established on the platform
+///
+#define TIS_PC_ACC_ESTABLISHBIT0
+
+///
+/// This field indicates that STS_DATA and

[edk2] [patch 5/6] SecurityPkg: Add TPM PTP detection in TPM12 device lib.

2016-01-21 Thread jiewen yao 
The TPM RequestUseTpm API can only set register to
use the hardware, but it can not be used to distinguish
TPM12 or TPM2 device.
TPM PTP defines same address with TIS, so we need
detect the TPM device is PTP or TIS in RequestUseTpm.
Also, Tcg2Config driver call RequestUseTpm to detect
TPM hardware device. So we have to add check here.
There is no need to support PTP CRB style SubmitCommand(),
because TPM2 device can not accept TPM12 style command.

This patch also uses TpmTis.h instead of duplicate
definition.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
CC: "Zhang, Chao B" 
---
 SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 281 ++
 1 file changed, 122 insertions(+), 159 deletions(-)

diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c 
b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
index b8d13aa..eaaf065 100644
--- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
+++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
@@ -1,7 +1,7 @@
 /** @file
   TIS (TPM Interface Specification) functions used by TPM1.2.
   
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD 
License 
@@ -23,164 +23,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 #include 
 #include 
 
-//
-// Set structure alignment to 1-byte
-//
-#pragma pack (1)
-
-//
-// Register set map as specified in TIS specification Chapter 10
-//
-typedef struct {
-  ///
-  /// Used to gain ownership for this particular port.
-  ///
-  UINT8 Access; // 0
-  UINT8 Reserved1[7];   // 1
-  ///
-  /// Controls interrupts.
-  ///
-  UINT32IntEnable;  // 8
-  ///
-  /// SIRQ vector to be used by the TPM.
-  ///
-  UINT8 IntVector;  // 0ch
-  UINT8 Reserved2[3];   // 0dh
-  ///
-  /// What caused interrupt.
-  ///
-  UINT32IntSts; // 10h
-  ///
-  /// Shows which interrupts are supported by that particular TPM.
-  ///
-  UINT32IntfCapability; // 14h
-  ///
-  /// Status Register. Provides status of the TPM.
-  ///
-  UINT8 Status; // 18h
-  ///
-  /// Number of consecutive writes that can be done to the TPM.
-  ///
-  UINT16BurstCount; // 19h
-  UINT8 Reserved3[9];
-  ///
-  /// Read or write FIFO, depending on transaction.
-  ///
-  UINT32DataFifo;   // 24h
-  UINT8 Reserved4[0xed8];   // 28h
-  ///
-  /// Vendor ID
-  ///
-  UINT16Vid;// 0f00h
-  ///
-  /// Device ID
-  ///
-  UINT16Did;// 0f02h
-  ///
-  /// Revision ID
-  ///
-  UINT8 Rid;// 0f04h
-  ///
-  /// TCG defined configuration registers.
-  ///
-  UINT8 TcgDefined[0x7b];   // 0f05h
-  ///
-  /// Alias to I/O legacy space.
-  ///
-  UINT32LegacyAddress1; // 0f80h
-  ///
-  /// Additional 8 bits for I/O legacy space extension.
-  ///
-  UINT32LegacyAddress1Ex;   // 0f84h
-  ///
-  /// Alias to second I/O legacy space.
-  ///
-  UINT32LegacyAddress2; // 0f88h
-  ///
-  /// Additional 8 bits for second I/O legacy space extension.
-  ///
-  UINT32LegacyAddress2Ex;   // 0f8ch
-  ///
-  /// Vendor-defined configuration registers.
-  ///
-  UINT8 VendorDefined[0x70];// 0f90h
-} TIS_PC_REGISTERS;
-
-//
-// Restore original structure alignment
-//
-#pragma pack ()
-
-//
-// Define pointer types used to access TIS registers on PC
-//
-typedef TIS_PC_REGISTERS  *TIS_PC_REGISTERS_PTR;
-
-//
-// Define bits of ACCESS and STATUS registers
-//
-
-///
-/// This bit is a 1 to indicate that the other bits in this register are valid.
-///
-#define TIS_PC_VALIDBIT7
-///
-/// Indicate that this locality is active.
-///
-#define TIS_PC_ACC_ACTIVE   BIT5
-///
-/// Set to 1 to indicate that this locality had the TPM taken away while
-/// this locality had the TIS_PC_ACC_ACTIVE bit set.
-///
-#define TIS_PC_ACC_SEIZED   BIT4
-///
-/// Set to 1 to indicate that TPM MUST reset the
-/// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the
-/// locality that is writing this bit.
-///
-#define TIS_PC_ACC_SEIZEBIT3
-///
-/// When

[edk2] [patch 4/6] SecurityPkg: Add TPM PTP support in TCG2 SMM.

2016-01-21 Thread jiewen yao 
TPM2 hardware may support PTP FIFO/TIS interface
or PTP CRB interface. The original ACPI table only
handles PTP FIFO/TIS interface. This patch adds
PTP CRB interface support.
The current logic is that SMM driver will runtime
detect TPM device interface (CRB or FIFO/TIS) and
publish TPM2 table based on result.

It is compatible for old TPM2 FIFO/TIS device and
new TPM2 CRB device.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
CC: "Zhang, Chao B" 
---
 SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c   | 64 -
 SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h   |  5 ++-
 SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf |  4 ++-
 3 files changed, 70 insertions(+), 3 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c 
b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
index 503cc18..dab1f53 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -9,7 +9,7 @@
 
   PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted 
input and do some check.
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD 
License 
 which accompanies this distribution.  The full text of the license may be 
found at 
@@ -22,6 +22,48 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 
 #include "Tcg2Smm.h"
 
+typedef enum {
+  PtpInterfaceTis,
+  PtpInterfaceFifo,
+  PtpInterfaceCrb,
+  PtpInterfaceMax,
+} PTP_INTERFACE_TYPE;
+
+/**
+  Return PTP interface type.
+
+  @param[in] RegisterPointer to PTP register.
+
+  @return PTP interface type.
+**/
+PTP_INTERFACE_TYPE
+GetPtpInterface (
+  IN VOID *Register
+  )
+{
+  PTP_CRB_INTERFACE_IDENTIFIER  InterfaceId;
+  PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
+
+  //
+  // Check interface id
+  //
+  InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS 
*)Register)->InterfaceId);
+  InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS 
*)Register)->InterfaceCapability);
+
+  if ((InterfaceId.Bits.InterfaceType == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
+  (InterfaceId.Bits.InterfaceVersion == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
+  (InterfaceId.Bits.CapCRB != 0)) {
+return PtpInterfaceCrb;
+  }
+  if ((InterfaceId.Bits.InterfaceType == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
+  (InterfaceId.Bits.InterfaceVersion == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
+  (InterfaceId.Bits.CapFIFO != 0) &&
+  (InterfaceCapability.Bits.InterfaceVersion == 
INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
+return PtpInterfaceFifo;
+  }
+  return PtpInterfaceTis;
+}
+
 EFI_TPM2_ACPI_TABLE  mTpm2AcpiTemplate = {
   {
 EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
@@ -288,6 +330,8 @@ PublishTpm2 (
   EFI_ACPI_TABLE_PROTOCOL*AcpiTable;
   UINTN  TableKey;
   UINT64 OemTableId;
+  EFI_TPM2_ACPI_CONTROL_AREA *ControlArea;
+  PTP_INTERFACE_TYPE InterfaceType;
 
   //
   // Measure to PCR[0] with event EV_POST_CODE ACPI DATA
@@ -301,6 +345,24 @@ PublishTpm2 (
 sizeof(mTpm2AcpiTemplate)
 );
 
+  InterfaceType = GetPtpInterface ((VOID *) (UINTN) PcdGet64 
(PcdTpmBaseAddress));
+  switch (InterfaceType) {
+  case PtpInterfaceCrb:
+mTpm2AcpiTemplate.StartMethod = 
EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE;
+mTpm2AcpiTemplate.AddressOfControlArea = PcdGet64 (PcdTpmBaseAddress) + 
0x40;
+ControlArea = (EFI_TPM2_ACPI_CONTROL_AREA 
*)(UINTN)mTpm2AcpiTemplate.AddressOfControlArea;
+ControlArea->CommandSize  = 0xF80;
+ControlArea->ResponseSize = 0xF80;
+ControlArea->Command  = PcdGet64 (PcdTpmBaseAddress) + 0x80;
+ControlArea->Response = PcdGet64 (PcdTpmBaseAddress) + 0x80;
+break;
+  case PtpInterfaceFifo:
+  case PtpInterfaceTis:
+break;
+  default:
+break;
+  }
+
   CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), 
sizeof (mTpm2AcpiTemplate.Header.OemId));
   OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
   CopyMem (, , sizeof (UINT64));
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h 
b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
index ebd71ed..62374a2 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
@@ -1,7 +1,7 @@
 /** @file
   The header file for Tcg2 SMM driver.
   
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD 
License 
 which accompanies this distribution.  The full text of the license may be 
found at 
@@ -37,6 +37,9 @@

[edk2] [patch 0/6] Add TPM PTP CRB support.

2016-01-21 Thread jiewen yao 
This series patches enable TPM PTP CRB support in EDKII.
TPM PTP (Platform TPM Profile) is TCG standard.
It covers both FIFO/TIS and CRB (Command-Response-Buffer).

jiewen yao (6):
  MdePkg: Add TPM PTP definition.
  MdePkg: Add TPM TIS definition.
  SecurityPkg: Add TPM PTP support in TPM2 device lib.
  SecurityPkg: Add TPM PTP support in TCG2 SMM.
  SecurityPkg: Add TPM PTP detection in TPM12 device lib.
  SecurityPkg: Add TPM PTP support in TCG2 Config.

 MdePkg/Include/IndustryStandard/TpmPtp.h   | 522 
 MdePkg/Include/IndustryStandard/TpmTis.h   | 183 +++
 SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c  | 281 +--
 .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf|  10 +-
 .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.uni|  11 +-
 .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c|  15 +-
 .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf  |  10 +-
 .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.uni  |  11 +-
 SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c| 537 +
 SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c| 169 +--
 SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr  |  28 +-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c  |  31 +-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf   |   4 +-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c| 221 -
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h  |  22 +-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni   |  20 +-
 SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c  |  64 ++-
 SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h  |   5 +-
 SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf|   4 +-
 19 files changed, 1775 insertions(+), 373 deletions(-)
 create mode 100644 MdePkg/Include/IndustryStandard/TpmPtp.h
 create mode 100644 MdePkg/Include/IndustryStandard/TpmTis.h
 create mode 100644 SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c

-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch 1/6] MdePkg: Add TPM PTP definition.

2016-01-21 Thread jiewen yao 
TPM PTP (Platform TPM Profile) is TCG standard.
Add definition here.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
CC: "Zhang, Chao B" 
---
 MdePkg/Include/IndustryStandard/TpmPtp.h | 522 +++
 1 file changed, 522 insertions(+)
 create mode 100644 MdePkg/Include/IndustryStandard/TpmPtp.h

diff --git a/MdePkg/Include/IndustryStandard/TpmPtp.h 
b/MdePkg/Include/IndustryStandard/TpmPtp.h
new file mode 100644
index 000..0796512
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/TpmPtp.h
@@ -0,0 +1,522 @@
+/** @file
+  Platform TPM Profile Specification definition for TPM2.0.
+  It covers both FIFO and CRB interface.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD 
License
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TPM_PTP_H_
+#define _TPM_PTP_H_
+
+//
+// PTP FIFO definition
+//
+
+//
+// Set structure alignment to 1-byte
+//
+#pragma pack (1)
+
+//
+// Register set map as specified in PTP specification Chapter 5
+//
+typedef struct {
+  ///
+  /// Used to gain ownership for this particular port.
+  ///
+  UINT8 Access; // 0
+  UINT8 Reserved1[7];   // 1
+  ///
+  /// Controls interrupts.
+  ///
+  UINT32IntEnable;  // 8
+  ///
+  /// SIRQ vector to be used by the TPM.
+  ///
+  UINT8 IntVector;  // 0ch
+  UINT8 Reserved2[3];   // 0dh
+  ///
+  /// What caused interrupt.
+  ///
+  UINT32IntSts; // 10h
+  ///
+  /// Shows which interrupts are supported by that particular TPM.
+  ///
+  UINT32InterfaceCapability;// 14h
+  ///
+  /// Status Register. Provides status of the TPM.
+  ///
+  UINT8 Status; // 18h
+  ///
+  /// Number of consecutive writes that can be done to the TPM.
+  ///
+  UINT16BurstCount; // 19h
+  ///
+  /// Additional Status Register.
+  ///
+  UINT8 StatusEx;   // 1Bh
+  UINT8 Reserved3[8];
+  ///
+  /// Read or write FIFO, depending on transaction.
+  ///
+  UINT32DataFifo;   // 24h
+  UINT8 Reserved4[8];   // 28h
+  ///
+  /// Used to identify the Interface types supported by the TPM.
+  ///
+  UINT32InterfaceId;// 30h
+  UINT8 Reserved5[0x4c];// 34h
+  ///
+  /// Extended ReadFIFO or WriteFIFO, depending on the current bus cycle (read 
or write)
+  ///
+  UINT32XDataFifo;  // 80h
+  UINT8 Reserved6[0xe7c];   // 84h
+  ///
+  /// Vendor ID
+  ///
+  UINT16Vid;// 0f00h
+  ///
+  /// Device ID
+  ///
+  UINT16Did;// 0f02h
+  ///
+  /// Revision ID
+  ///
+  UINT8 Rid;// 0f04h
+  UINT8 Reserved[0xfb]; // 0f05h
+} PTP_FIFO_REGISTERS;
+
+//
+// Restore original structure alignment
+//
+#pragma pack ()
+
+//
+// Define pointer types used to access TIS registers on PC
+//
+typedef PTP_FIFO_REGISTERS  *PTP_FIFO_REGISTERS_PTR;
+
+//
+// Define bits of FIFO Interface Identifier Register
+//
+typedef union {
+  struct {
+UINT32   InterfaceType:4;
+UINT32   InterfaceVersion:4;
+UINT32   CapLocality:1;
+UINT32   Reserved1:2;
+UINT32   CapDataXferSizeSupport:2;
+UINT32   CapFIFO:1;
+UINT32   CapCRB:1;
+UINT32   CapIFRes:2;
+UINT32   InterfaceSelector:2;
+UINT32   IntfSelLock:1;
+UINT32   Reserved2:4;
+UINT32   Reserved3:8;
+  } Bits;
+  UINT32   Uint32;
+} PTP_FIFO_INTERFACE_IDENTIFIER;
+
+//
+// Define bits of FIFO Interface Capability Register
+//
+typedef union {
+  struct {
+UINT32   DataAvailIntSupport:1;
+UINT32   StsValidIntSupport:1;
+UINT32   LocalityChangeIntSupport:1;
+UINT32   InterruptLevelHigh:1;
+UINT32   InterruptLevelLow:1;
+UINT32   InterruptEdgeRising:1;
+UINT32   InterruptEdgeFalling:1;
+UINT32   CommandReadyIntSupport:1;
+UINT32   BurstCountStatic:1;
+UINT32   DataTransferSizeSupport:2;
+UINT32   Reserved:17;
+UINT32   InterfaceVersion:3;
+UINT32   Reserved2:1;
+  } Bits;
+  UINT32   Uint32;
+} PTP_FIFO_INTERFACE_CAPABILITY;
+
+///
+///

[edk2] [patch 6/6] SecurityPkg: Add TPM PTP support in TCG2 Config.

2016-01-21 Thread jiewen yao 
This patch add PTP CRB support in BIOS Setup.
It can:
1) Display the PTP capability (TIS/FIFO/CRB)
2) Display the PTP current interface (TIS/FIFO/CRB)
3) Let user select CRB/FIFO, if supported.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
CC: "Zhang, Chao B" 
---
 SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr|  28 ++-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c|  31 ++--
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf |   4 +-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c  | 221 ++-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h|  22 ++-
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni |  20 +-
 6 files changed, 299 insertions(+), 27 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr 
b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
index b350444..a72f824 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr
@@ -1,7 +1,7 @@
 /** @file
   VFR file used by the TCG2 configuration component.
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD 
License 
 which accompanies this distribution.  The full text of the license may be 
found at 
@@ -51,6 +51,32 @@ formset
 option text = STRING_TOKEN(STR_TCG2_TPM_2_0_DTPM), value = 
TPM_DEVICE_2_0_DTPM, flags = RESET_REQUIRED;
 endoneof;
 
+suppressif ideqvallist TCG2_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL 
TPM_DEVICE_1_2;
+text
+  help   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_HELP),
+  text   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT),
+text   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT);
+
+text
+  help   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_CAPABILITY_HELP),
+  text   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_CAPABILITY_PROMPT),
+text   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT);
+
+suppressif ideqval 
TCG2_CONFIGURATION_INFO.TpmDeviceInterfacePtpFifoSupported == 0
+OR ideqval 
TCG2_CONFIGURATION_INFO.TpmDeviceInterfacePtpCrbSupported == 0;
+oneof varid  = TCG2_CONFIGURATION_INFO.TpmDeviceInterfaceAttempt,
+  questionid = KEY_TPM_DEVICE_INTERFACE,
+  prompt = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_PROMPT),
+  help   = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_HELP),
+  flags  = INTERACTIVE,
+option text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_TIS), 
 value = TPM_DEVICE_INTERFACE_TIS,  flags = RESET_REQUIRED;
+option text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_PTP_FIFO),
 value = TPM_DEVICE_INTERFACE_PTP_FIFO, flags = RESET_REQUIRED;
+option text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_PTP_CRB), 
 value = TPM_DEVICE_INTERFACE_PTP_CRB,  flags = DEFAULT | MANUFACTURING | 
RESET_REQUIRED;
+endoneof;
+endif;
+
+endif;
+
 subtitle text = STRING_TOKEN(STR_NULL);
 
 suppressif ideqvallist TCG2_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL 
TPM_DEVICE_1_2;
diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c 
b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
index 8813683..968670f 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
@@ -1,7 +1,7 @@
 /** @file
   The module entry point for Tcg2 configuration module.
 
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
 This program and the accompanying materials 
 are licensed and made available under the terms and conditions of the BSD 
License 
 which accompanies this distribution.  The full text of the license may be 
found at 
@@ -159,20 +159,6 @@ Tcg2ConfigDriverEntryPoint (
   UpdateDefaultPCRBanks (Tcg2ConfigBin + sizeof(UINT32), 
ReadUnaligned32((UINT32 *)Tcg2ConfigBin) - sizeof(UINT32), 
CurrentActivePCRBanks);
 
   //
-  // Save to variable so platform driver can get it.
-  //
-  Status = gRT->SetVariable (
-  TCG2_STORAGE_NAME,
-  ,
-  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
-  sizeof(Tcg2Configuration),
-  
-  );
-  if (EFI_ERROR (Status)) {
-DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_NAME\n"));
-  }
-
-  //
   // Sync data from PCD to variable, so that we do not need detect again in S3 
phase.
   //
   Tcg2DeviceDetection.TpmDeviceDetected = TPM_DEVICE_NULL;
@@ -184,6 +170,7 @@ Tcg2ConfigDriverEntryPoint (
   }
 
   PrivateData->TpmDeviceDetected = Tcg2DeviceDetection.TpmDeviceDetected;
+  Tcg2Configuration.TpmDevice = Tcg2DeviceDetection.TpmDeviceDetected;
 
   //
   // Save to variable so

[edk2] [patch] SecurityPkg: Correct data copy in Tpm2NvReadPublic.

2016-01-25 Thread jiewen yao 
1) NvPublic.dataSize data should be got from original
receive buffer, instead of returned NvPublic.

2) NvNameSize means the size of NvName without size field.
The original code treats it to be size of NvName with size
field, so the last 2 bytes are missing.

This patch fixed problem.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
CC: "Zhang, Chao B" 
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c 
b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 5fe48e1..9508022 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -250,11 +250,11 @@ Tpm2NvReadPublic (
   NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg);
   WriteUnaligned32 ((UINT32 *)>nvPublic.attributes, SwapBytes32 
(ReadUnaligned32 ((UINT32 *)>nvPublic.attributes)));
   NvPublic->nvPublic.authPolicy.size = SwapBytes16 
(NvPublic->nvPublic.authPolicy.size);
-  Buffer = (UINT8 *)>nvPublic.authPolicy;
+  Buffer = (UINT8 *)
   Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size;
   NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 
*)Buffer));
 
-  CopyMem (NvName, (UINT8 *) + sizeof(TPM2_RESPONSE_HEADER) + 
sizeof(UINT16) + NvPublicSize, NvNameSize);
+  CopyMem (NvName->name, (UINT8 *) + sizeof(TPM2_RESPONSE_HEADER) + 
sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize);
   NvName->size = NvNameSize;
   
   return EFI_SUCCESS;
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] SecurityPkg: Add TPM PTP detection in Tpm12SubmitCommand.

2016-01-25 Thread jiewen yao 
Previously, we only add PTP detection in Tpm12RequestUseTpm,
because RequestUseTpm does not check TPM command.
This patch also adds similar check in Tpm12SubmitCommand.
PTP device does not accept TPM12 command, so that it can
return error on PTP device, instead of wait till timeout.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
CC: "Zhang, Chao B" 
---
 SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 99 +--
 1 file changed, 58 insertions(+), 41 deletions(-)

diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c 
b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
index eaaf065..4e04299 100644
--- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
+++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
@@ -58,6 +58,44 @@ Tpm12TisPcPresenceCheck (
 }
 
 /**
+  Return PTP interface type.
+
+  @param[in] RegisterPointer to PTP register.
+
+  @return PTP interface type.
+**/
+PTP_INTERFACE_TYPE
+Tpm12GetPtpInterface (
+  IN VOID *Register
+  )
+{
+  PTP_CRB_INTERFACE_IDENTIFIER  InterfaceId;
+  PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
+
+  if (!Tpm12TisPcPresenceCheck (Register)) {
+return PtpInterfaceMax;
+  }
+  //
+  // Check interface id
+  //
+  InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS 
*)Register)->InterfaceId);
+  InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS 
*)Register)->InterfaceCapability);
+
+  if ((InterfaceId.Bits.InterfaceType == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
+  (InterfaceId.Bits.InterfaceVersion == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
+  (InterfaceId.Bits.CapCRB != 0)) {
+return PtpInterfaceCrb;
+  }
+  if ((InterfaceId.Bits.InterfaceType == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
+  (InterfaceId.Bits.InterfaceVersion == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
+  (InterfaceId.Bits.CapFIFO != 0) &&
+  (InterfaceCapability.Bits.InterfaceVersion == 
INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
+return PtpInterfaceFifo;
+  }
+  return PtpInterfaceTis;
+}
+
+/**
   Check whether the value of a TPM chip register satisfies the input BIT 
setting.
 
   @param[in]  Register Address port of register to be checked.
@@ -393,51 +431,30 @@ Tpm12SubmitCommand (
   IN UINT8 *OutputParameterBlock
   )
 {
-  return Tpm12TisTpmCommand (
-   (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
-   InputParameterBlock,
-   InputParameterBlockSize,
-   OutputParameterBlock,
-   OutputParameterBlockSize
-   );
-}
-
-/**
-  Return PTP interface type.
-
-  @param[in] RegisterPointer to PTP register.
-
-  @return PTP interface type.
-**/
-PTP_INTERFACE_TYPE
-Tpm12GetPtpInterface (
-  IN VOID *Register
-  )
-{
-  PTP_CRB_INTERFACE_IDENTIFIER  InterfaceId;
-  PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability;
+  PTP_INTERFACE_TYPE  PtpInterface;
 
-  if (!Tpm12TisPcPresenceCheck (Register)) {
-return PtpInterfaceMax;
-  }
   //
-  // Check interface id
+  // Special handle for TPM1.2 to check PTP too, because PTP/TIS share same 
register address.
   //
-  InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS 
*)Register)->InterfaceId);
-  InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS 
*)Register)->InterfaceCapability);
-
-  if ((InterfaceId.Bits.InterfaceType == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
-  (InterfaceId.Bits.InterfaceVersion == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
-  (InterfaceId.Bits.CapCRB != 0)) {
-return PtpInterfaceCrb;
-  }
-  if ((InterfaceId.Bits.InterfaceType == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
-  (InterfaceId.Bits.InterfaceVersion == 
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
-  (InterfaceId.Bits.CapFIFO != 0) &&
-  (InterfaceCapability.Bits.InterfaceVersion == 
INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
-return PtpInterfaceFifo;
+  PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 
(PcdTpmBaseAddress));
+  switch (PtpInterface) {
+  case PtpInterfaceFifo:
+  case PtpInterfaceTis:
+return Tpm12TisTpmCommand (
+ (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress),
+ InputParameterBlock,
+ InputParameterBlockSize,
+ OutputParameterBlock,
+ OutputParameterBlockSize
+ );
+  case PtpInterfaceCrb:
+//
+// No need to support CRB because it is only accept TPM2 command.
+//
+  default:
+return EFI_DEVICE_ERROR;
   }
-  return PtpInterfaceTis;
+
 }
 
 /**
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] MdePkg: Change PcdPropertiesTableEnable default value to FALSE

2016-02-17 Thread Jiewen Yao 
UEFI2.6 specification does not recommend to use BIT0
attribute for PropertiesTable, so we change default
value to FALSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/MdeModulePkg.dec | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 5c5a9ee..2df8c19 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1415,8 +1415,10 @@
   # this PCD to be TURE if and only if all runtime driver has seperated 
Code/Data
   # section. If PE code/data sections are merged, the result is unpredictable.
   #
+  # UEFI 2.6 specification does not recommand to use this BIT0 attribute.
+  #
   # @Prompt Publish UEFI PropertiesTable.
-  
gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|TRUE|BOOLEAN|0x006e
+  
gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable|FALSE|BOOLEAN|0x006e
 
   ## Default OEM ID for ACPI table creation, its length must be 0x6 bytes to 
follow ACPI specification.
   # @Prompt Default OEM ID for ACPI table creation.
-- 
1.9.5.msysgit.0

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [patch] MdeModulePkg: Fix Memory Attributes table type issue

2016-02-19 Thread Jiewen Yao 
According to the spec, each entry in the Memory
Attributes table shall have the same type as
the region it was carved out of in the UEFI memory map.
The current attribute uses RTData for PE Data, but
it should be RTCode.

This patch fixed the issue. It is validated with or
without PropertiesTable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Ard Biesheuvel" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 89 ++--
 1 file changed, 19 insertions(+), 70 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c 
b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
index 6e5ad03..b052148 100644
--- a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
@@ -81,13 +81,10 @@ EFI_PROPERTIES_TABLE  mPropertiesTable = {
 EFI_LOCK   mPropertiesTableLock = EFI_INITIALIZE_LOCK_VARIABLE 
(TPL_NOTIFY);
 
 //
-// Temporary save for original memory map.
 // This is for MemoryAttributesTable only.
 //
 extern BOOLEAN mIsConstructingMemoryAttributesTable;
-EFI_MEMORY_DESCRIPTOR  *mMemoryMapOrg;
-UINTN  mMemoryMapOrgSize;
-UINTN  mDescriptorSize;
+BOOLEANmPropertiesTableEnable;
 
 //
 // Below functions are for MemoryMap
@@ -199,42 +196,6 @@ SortMemoryMap (
 }
 
 /**
-  Check if this memory entry spans across original memory map boundary.
-
-  @param PhysicalStart   The PhysicalStart of memory
-  @param NumberOfPages   The NumberOfPages of memory
-
-  @retval TRUE  This memory entry spans across original memory map boundary.
-  @retval FALSE This memory entry does not span cross original memory map 
boundary.
-**/
-STATIC
-BOOLEAN
-DoesEntrySpanAcrossBoundary (
-  IN UINT64  PhysicalStart,
-  IN UINT64  NumberOfPages
-  )
-{
-  EFI_MEMORY_DESCRIPTOR   *MemoryMapEntry;
-  EFI_MEMORY_DESCRIPTOR   *MemoryMapEnd;
-  UINT64  MemoryBlockLength;
-
-  MemoryMapEntry = mMemoryMapOrg;
-  MemoryMapEnd   = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) mMemoryMapOrg + 
mMemoryMapOrgSize);
-  while (MemoryMapEntry < MemoryMapEnd) {
-MemoryBlockLength = (UINT64) (EfiPagesToSize 
(MemoryMapEntry->NumberOfPages));
-
-if ((MemoryMapEntry->PhysicalStart <= PhysicalStart) &&
-(MemoryMapEntry->PhysicalStart + MemoryBlockLength > PhysicalStart) &&
-(MemoryMapEntry->PhysicalStart + MemoryBlockLength < PhysicalStart + 
EfiPagesToSize (NumberOfPages))) {
-  return TRUE;
-}
-
-MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, mDescriptorSize);
-  }
-  return FALSE;
-}
-
-/**
   Merge continous memory map entries whose have same attributes.
 
   @param  MemoryMap  A pointer to the buffer in which firmware 
places
@@ -271,8 +232,7 @@ MergeMemoryMap (
   if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
   (MemoryMapEntry->Type == NextMemoryMapEntry->Type) &&
   (MemoryMapEntry->Attribute == NextMemoryMapEntry->Attribute) &&
-  ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart) &&
-  (!DoesEntrySpanAcrossBoundary (MemoryMapEntry->PhysicalStart, 
MemoryMapEntry->NumberOfPages + NextMemoryMapEntry->NumberOfPages))) {
+  ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart)) {
 MemoryMapEntry->NumberOfPages += NextMemoryMapEntry->NumberOfPages;
 if (NewMemoryMapEntry != MemoryMapEntry) {
   NewMemoryMapEntry->NumberOfPages += 
NextMemoryMapEntry->NumberOfPages;
@@ -430,7 +390,11 @@ SetNewRecord (
   //
   // DATA
   //
-  NewRecord->Type = EfiRuntimeServicesData;
+  if (mIsConstructingMemoryAttributesTable && !mPropertiesTableEnable) {
+NewRecord->Type = TempRecord.Type;
+  } else {
+NewRecord->Type = EfiRuntimeServicesData;
+  }
   NewRecord->PhysicalStart = TempRecord.PhysicalStart;
   NewRecord->VirtualStart  = 0;
   NewRecord->NumberOfPages = 
EfiSizeToPages(ImageRecordCodeSection->CodeSegmentBase - 
NewRecord->PhysicalStart);
@@ -443,7 +407,11 @@ SetNewRecord (
   //
   // CODE
   //
-  NewRecord->Type = EfiRuntimeServicesCode;
+  if (mIsConstructingMemoryAttributesTable && !mPropertiesTableEnable) {
+NewRecord->Type = TempRecord.Type;
+  } else {
+NewRecord->Type = EfiRuntimeServicesCode;
+  }
   NewRecord->PhysicalStart = ImageRecordCodeSection->CodeSegmentBase;
   NewRecord->VirtualStart  = 0;
   NewRecord->NumberOfPages = 
EfiSizeToPages(ImageRecordCodeSection->CodeSegmentSize);
@@ -467,7 +435,11 @@ SetNewRecord (
   // Final DATA
   //
   if (TempRecord.PhysicalStart < ImageEnd) {
-NewRecord->Type = EfiRuntimeServicesData;
+if (mIsConstructingMemoryAttributesTable && !mPropertiesTableEnable)

[edk2] [patch V2] MdeModulePkg: Fix Memory Attributes table type issue

2016-02-19 Thread Jiewen Yao 
According to the spec, each entry in the Memory
Attributes table shall have the same type as
the region it was carved out of in the UEFI memory map.
The current attribute uses RTData for PE Data, but
it should be RTCode.

This patch fixed the issue. It is validated with or
without PropertiesTable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" 
Cc: "Ard Biesheuvel" 
Cc: "Gao, Liming" 
---
 MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 108 +--
 1 file changed, 36 insertions(+), 72 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c 
b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
index 6e5ad03..66c5eb6 100644
--- a/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c
@@ -81,13 +81,10 @@ EFI_PROPERTIES_TABLE  mPropertiesTable = {
 EFI_LOCK   mPropertiesTableLock = EFI_INITIALIZE_LOCK_VARIABLE 
(TPL_NOTIFY);
 
 //
-// Temporary save for original memory map.
 // This is for MemoryAttributesTable only.
 //
 extern BOOLEAN mIsConstructingMemoryAttributesTable;
-EFI_MEMORY_DESCRIPTOR  *mMemoryMapOrg;
-UINTN  mMemoryMapOrgSize;
-UINTN  mDescriptorSize;
+BOOLEANmPropertiesTableEnable;
 
 //
 // Below functions are for MemoryMap
@@ -199,42 +196,6 @@ SortMemoryMap (
 }
 
 /**
-  Check if this memory entry spans across original memory map boundary.
-
-  @param PhysicalStart   The PhysicalStart of memory
-  @param NumberOfPages   The NumberOfPages of memory
-
-  @retval TRUE  This memory entry spans across original memory map boundary.
-  @retval FALSE This memory entry does not span cross original memory map 
boundary.
-**/
-STATIC
-BOOLEAN
-DoesEntrySpanAcrossBoundary (
-  IN UINT64  PhysicalStart,
-  IN UINT64  NumberOfPages
-  )
-{
-  EFI_MEMORY_DESCRIPTOR   *MemoryMapEntry;
-  EFI_MEMORY_DESCRIPTOR   *MemoryMapEnd;
-  UINT64  MemoryBlockLength;
-
-  MemoryMapEntry = mMemoryMapOrg;
-  MemoryMapEnd   = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) mMemoryMapOrg + 
mMemoryMapOrgSize);
-  while (MemoryMapEntry < MemoryMapEnd) {
-MemoryBlockLength = (UINT64) (EfiPagesToSize 
(MemoryMapEntry->NumberOfPages));
-
-if ((MemoryMapEntry->PhysicalStart <= PhysicalStart) &&
-(MemoryMapEntry->PhysicalStart + MemoryBlockLength > PhysicalStart) &&
-(MemoryMapEntry->PhysicalStart + MemoryBlockLength < PhysicalStart + 
EfiPagesToSize (NumberOfPages))) {
-  return TRUE;
-}
-
-MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, mDescriptorSize);
-  }
-  return FALSE;
-}
-
-/**
   Merge continous memory map entries whose have same attributes.
 
   @param  MemoryMap  A pointer to the buffer in which firmware 
places
@@ -271,8 +232,7 @@ MergeMemoryMap (
   if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
   (MemoryMapEntry->Type == NextMemoryMapEntry->Type) &&
   (MemoryMapEntry->Attribute == NextMemoryMapEntry->Attribute) &&
-  ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart) &&
-  (!DoesEntrySpanAcrossBoundary (MemoryMapEntry->PhysicalStart, 
MemoryMapEntry->NumberOfPages + NextMemoryMapEntry->NumberOfPages))) {
+  ((MemoryMapEntry->PhysicalStart + MemoryBlockLength) == 
NextMemoryMapEntry->PhysicalStart)) {
 MemoryMapEntry->NumberOfPages += NextMemoryMapEntry->NumberOfPages;
 if (NewMemoryMapEntry != MemoryMapEntry) {
   NewMemoryMapEntry->NumberOfPages += 
NextMemoryMapEntry->NumberOfPages;
@@ -430,7 +390,11 @@ SetNewRecord (
   //
   // DATA
   //
-  NewRecord->Type = EfiRuntimeServicesData;
+  if (mIsConstructingMemoryAttributesTable && !mPropertiesTableEnable) {
+NewRecord->Type = TempRecord.Type;
+  } else {
+NewRecord->Type = EfiRuntimeServicesData;
+  }
   NewRecord->PhysicalStart = TempRecord.PhysicalStart;
   NewRecord->VirtualStart  = 0;
   NewRecord->NumberOfPages = 
EfiSizeToPages(ImageRecordCodeSection->CodeSegmentBase - 
NewRecord->PhysicalStart);
@@ -443,7 +407,11 @@ SetNewRecord (
   //
   // CODE
   //
-  NewRecord->Type = EfiRuntimeServicesCode;
+  if (mIsConstructingMemoryAttributesTable && !mPropertiesTableEnable) {
+NewRecord->Type = TempRecord.Type;
+  } else {
+NewRecord->Type = EfiRuntimeServicesCode;
+  }
   NewRecord->PhysicalStart = ImageRecordCodeSection->CodeSegmentBase;
   NewRecord->VirtualStart  = 0;
   NewRecord->NumberOfPages = 
EfiSizeToPages(ImageRecordCodeSection->CodeSegmentSize);
@@ -467,7 +435,11 @@ SetNewRecord (
   // Final DATA
   //
   if (TempRecord.PhysicalStart < ImageEnd) {
-NewRecord->Type = EfiRuntimeServicesData;
+if (mIsConstructingMemoryAttributesTable && !mPropertiesTableEnable)

  1   2   3   4   5   6   7   8   >