[edk2] [patch 1/2] Add TPM2 definition in trusted computing group.

1) TCG Physical Presence Interface Specification 1.30 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification 2) TCG EFI Protocol Specification for TPM 2.0 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification 3) Update TPM2.0

[edk2] [patch] Clean up unused data type - BOOL.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen jiewen@intel.com CC: Zhang, Chao B chao.b.zh...@intel.com --- MdePkg/Include/IndustryStandard/Tpm20.h | 1 - 1 file changed, 1 deletion(-) diff --git a/MdePkg/Include/IndustryStandard/Tpm20.h

[edk2] [patch] Fix typo in BaseCrypto2HashInit() which causes sanity check incorrect.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen jiewen@intel.com Cc: Zhang, Chao B chao.b.zh...@intel.com --- SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[edk2] [patch] Add Secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen jiewen@intel.com Reviewed-by: Zhang, Chao chao.zh...@intel.com Cc: Zhang, Chao chao.zh...@intel.com --- .../MemoryOverwriteRequestControlLock.h| 43 + MdePkg/MdePkg.dec

[edk2] [patch] FspNotifyDxe need handle 4G memory.

The FSP API is always 32bit, but FspNotifyDxe might load to 4G memory. In order to make thunk work, we need reload FspNotifyDxe to 4G memory. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen jiewen@intel.com CC: Mudusuru, Giri P giri.p.mudus...@intel.com Cc:

[edk2] [patch] Add Secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx

Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler to enforce MorLock Policy. Only SMM version is added because MOR is only supported in SMM variable case. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen jiewen@intel.com

[edk2] [patch] Downgrade one debug message level in DxeTpm2MeasureBootHandler from EFI_D_ERROR to EFI_D_INFO.

No TPM2 is considered as valid case. For example, a platform may only have TPM1.2, without TPM2.0 So this is NOT an ERROR message, but more an INFO message. Signed-off-by: Yao, Jiewen jiewen@intel.com Cc: Zhang, Chao chao.zh...@intel.com ---

[edk2] [patch] Add MorLockDriverInit() definition to resolve build failure.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen jiewen@intel.com Reviewed-by: Zhang, Chao chao.zh...@intel.com Cc: Zhang, Chao chao.zh...@intel.com --- .../Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h| 15 +++ 1 file changed, 15

[edk2] [patch] Do not deadloop if Microcode not found in FspTempRamInit.

We do not consider microcode not found as critical error, because Microcode might already be already applied or be applied later. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen Cc: Ma, Maurice ; Cc: Rangarajan, Ravi

[edk2] [patch] Publish FspHob to PEI Hob by default, because most platforms use such logic.

PcdDataBaseHobGuid GuidHob is excluded because PCD database in FSP is different with the one in PEI. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen Cc: Ma, Maurice ; Cc: Rangarajan, Ravi P

[edk2] [patch] Publish FspHob to PEI Hob by default, because most platforms use such logic.

PcdDataBaseHobGuid GuidHob is excluded because PCD database in FSP is different with the one in PEI. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen Cc: Ma, Maurice ; Cc: Rangarajan, Ravi P

[edk2] [patch 2/2] Move Smbios measurement from TCG driver to Smbios driver.

This is patch to add smbios measurement. The problem of current SMBIOS measurement is: 1) TCG drivers do not support SMBIOS3.0 table. 2) TCG drivers do not follow TCG platform spec on: "Platform configuration information that is automatically updated, such as clock registers, and system unique

[edk2] [patch] Move Smbios measurement from TCG driver to Smbios driver.

This is patch to remove smbios measurement in TCG driver. There will be other patch to add it in Smbios driver. The problem of current SMBIOS measurement is: 1) TCG drivers do not support SMBIOS3.0 table. 2) TCG drivers do not follow TCG platform spec on: "Platform configuration information

[edk2] [patch] Add suppressif around TCG hash seleciton checkbox in TCG2 cofiguration UI, based on TPM2 hardware capability.

Previous TCG2 configuration UI always add all TCG defined hash algorithm to let user select which one need be used. This brings risk that user might select unsupported hash, and selection is rejected later. So we enhance to UI to hide unsupported hash algorithm. Contributed-under: TianoCore

[edk2] [patch] Fix issue that calling GetS3MemoryInfo() with wrong order.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen Cc: Ma, Maurice ; Cc: Rangarajan, Ravi P --- .../Library/PeiFspHobProcessLibSample/FspHobProcessLibSample.c | 2 +- 1 file

[edk2] [patch 2/2] Move Smbios measurement from TCG driver to Smbios driver.

This is patch to add smbios measurement. The problem of current SMBIOS measurement is: 1) TCG drivers do not support SMBIOS3.0 table. 2) TCG drivers do not follow TCG platform spec on: "Platform configuration information that is automatically updated, such as clock registers, and system unique

[edk2] [patch] SecurityPkg/Tcg2Pei: Add error handling for TPM in S3 resume failure.

If TPM2_Startup(TPM_SU_STATE) to return an error, the system firmware that resumes from S3 MUST deal with a TPM2_Startup error appropriately. For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and configuring the device securely by taking actions like extending a separator with an error

[edk2] [patch] Add error handling for TPM in S3 resume failure.

If TPM2_Startup(TPM_SU_STATE) to return an error, the system firmware that resumes from S3 MUST deal with a TPM2_Startup error appropriately. For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and configuring the device securely by taking actions like extending a separator with an error

[edk2] [patch] MdeModulePkg: add clarification for PcdAcpiDefault value PCD.

Add clarification for PcdAcpiDefaultOemTableId, PcdAcpiDefaultOemRevision, PcdAcpiDefaultCreatorId, PcdAcpiDefaultCreatorRevision. According to ACPI spec, they are used as special meaning for SSDT, so we ignore them in updating generic SSDT provided by EDKII. Contributed-under: TianoCore

[edk2] [patch] IntelFspWrapperPkg: Fix >4G issue on IDT not restored correctly.

Idtr might be changed inside of FSP. 32bit FSP only knows the <4G address. If IDTR.Base is >4G, FSP can not handle. So we need save/restore IDTR here. Interrupt is already disabled here, so it is safety to update IDTR. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao,

[edk2] [patch] SecurityPkg: Clear AuthSession content after use.

Some commands in Tpm2CommandLib accept AuthSession as input parameter and copy to local command buffer. After use, this AuthSession content should be zeroed, because there might be some secrete there. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen"

[edk2] [patch] SecurityPkg: Add Tpm2Startup return code check.

Tpm2Startup does not check TPM device return code. It might cause problem, that error is not detected in Tcg2Peim, for example, S3 resume case. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zhang, Chao B"

[edk2] [patch] SecurityPkg: MOR drivers use Tcg2Protocol instead of TrEE.

The official TCG standard uses Tcg2Protocol, instead of TrEE. We should update TCG driver to use Tcg2Protocol, too. TrEE should be used only for old TrEE implementation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zhang, Chao B"

[edk2] [patch REPOST 1/3] UefiCpuPkg/PiSmmCpu: Add 2 APIs in SmmCpuFeaturesLib.

SmmCpuFeaturesCompleteSmmReadyToLock() is a hook point to allow CPU specific code to do more registers setting after the gEfiSmmReadyToLockProtocolGuid notification is completely processed. SmmCpuFeaturesAllocatePageTableMemory() is an API to allow CPU to allocate a specific region for storing

[edk2] [patch REPOST 3/3] UefiCpuPkg/PiSmmCpu: Update function call for 2 new APIs.

All page table allocation will use AllocatePageTableMemory(). Add SmmCpuFeaturesCompleteSmmReadyToLock() to PerformRemainingTasks() and PerformPreTasks(). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Reviewed-by: "Kinney, Michael D"

[edk2] [patch REPOST 2/3] UefiCpuPkg/PiSmmCpu: Add NULL func for 2 new APIs in SmmCpuFeaturesLib.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Reviewed-by: "Kinney, Michael D" Cc: "Fan, Jeff" Cc: "Kinney, Michael D" Cc: "Laszlo Ersek"

[edk2] [patch REPOST 0/3] Add 2 APIs in SmmCpuFeaturesLib.

lt;jeff@intel.com> Cc: "Kinney, Michael D" <michael.d.kin...@intel.com> Cc: "Laszlo Ersek" <ler...@redhat.com> jiewen yao (3): UefiCpuPkg/PiSmmCpu: Add 2 APIs in SmmCpuFeaturesLib. UefiCpuPkg/PiSmmCpu: Add NULL func for 2 new APIs in SmmCpuFeaturesLib.

[edk2] [patch 1/2] UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.

So that we can use write-protection for code later. This is REPOST. It includes the bug fix from "Paolo Bonzini" . Title: fix generation of 32-bit PAE page tables Bits 1 and 2 are reserved in 32-bit PAE Page Directory Pointer Table Entries (PDPTEs); see Table 4-8 in the SDM.

[edk2] [patch 2/2] UefiCpuPkg/PiSmmCpu: Always set WP in CR0.

So that we can use write-protection for code later. It is REPOST. It includes suggestion from "Kinney, Michael D" For IA32 assembly, can we combine into a single OR instruction that sets both page enable and WP? For X64, does it make sense to use single OR instruction

[edk2] [patch 0/2] UefiCpuPkg/PiSmmCpu: Enable Write Protection in SMM.

> Cc: "Fan, Jeff" <jeff@intel.com> Cc: "Kinney, Michael D" <michael.d.kin...@intel.com> Cc: "Laszlo Ersek" <ler...@redhat.com> Cc: "Paolo Bonzini" <pbonz...@redhat.com> jiewen yao (2): UefiCpuPkg/PiSmmCpu: Always set RW+P b

[edk2] [patch V2 1/2] UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.

So that we can use write-protection for code later. This is REPOST. It includes the bug fix from "Paolo Bonzini" . Title: fix generation of 32-bit PAE page tables Bits 1 and 2 are reserved in 32-bit PAE Page Directory Pointer Table Entries (PDPTEs); see Table 4-8 in the SDM.

[edk2] [patch V2 0/2] UefiCpuPkg/PiSmmCpu: Enable Write Protection in SMM.

> Cc: "Fan, Jeff" <jeff@intel.com> Cc: "Kinney, Michael D" <michael.d.kin...@intel.com> Cc: "Laszlo Ersek" <ler...@redhat.com> Cc: "Paolo Bonzini" <pbonz...@redhat.com> jiewen yao (2): UefiCpuPkg/PiSmmCpu: Always set RW+P b

[edk2] [patch V2 2/2] UefiCpuPkg/PiSmmCpu: Always set WP in CR0.

So that we can use write-protection for code later. It is REPOST. It includes suggestion from "Kinney, Michael D" For IA32 assembly, can we combine into a single OR instruction that sets both page enable and WP? For X64, does it make sense to use single OR instruction

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move XD enable to ASM before paging enable.

There might be page table set SMM data region be XD. So we have to enable XD before enable paging. Or #PF might be generated. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff" Cc: "Kinney, Michael D"

[edk2] [patch 1/2] UefiCpuPkg/PiSmmCpu: Always set RW+P bit for page table by default.

So that we can use write-protection for code later. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff" Cc: "Kinney, Michael D" --- UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c

[edk2] [patch 3/7] MdeModulePkg/PiSmmCore: Add GetMemoryMap suppport in SmmCore.

We enhanced Paging support and record information in MemoryMap link list. Most code is from DxeCore. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zeng, Star" Cc: "Kinney, Michael D"

[edk2] [patch 4/7] MdeModulePkg/PiSmmCore: Add free SMRAM before allocated SMRAM.

In order record SMM memory map information, we need add free SMRAM at first, then allocated SMRAM. The reason is that, once a new SMRAM region is added, the memory map link list will be allocated to record such information. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by:

[edk2] [patch 6/7] MdeModulePkg/PiSmmCore: Add PiSmmMemoryAttributesTable support.

Add function declaration in header file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zeng, Star" Cc: "Kinney, Michael D" Cc: "Fan, Jeff" ---

[edk2] [patch 1/7] MdeModulePkg/PiSmmCore: Add EDKII PI SMM Memory Attribute table.

This table is to let SMM core report SMM memory layout, especially SMM PE/COFF driver information. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zeng, Star" Cc: "Kinney, Michael D"

[edk2] [patch 5/7] MdeModulePkg/PiSmmCore: Add PiSmmMemoryAttributesTable support.

Add SmmCoreInitializeMemoryAttributesTable() in PiSmmCore entrypoint. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zeng, Star" Cc: "Kinney, Michael D" Cc: "Fan, Jeff"

[edk2] [patch 7/7] MdeModulePkg/PiSmmCore: Add PiSmmMemoryAttributesTable support.

Add new file and library in INF. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zeng, Star" Cc: "Kinney, Michael D" Cc: "Fan, Jeff" ---

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Allocate Tile size based on Page.

We had better separate code from data in tile in page level, so that other program may use page level protection on that. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff" Cc: "Kinney, Michael D"

[edk2] [patch 3/3] UefiCpuPkg/PiSmmCpu: Update function call for 2 new APIs in SmmCpuFeatureLib.

All page table allocation will use AllocatePageTableMemory(). Add SmmCpuFeaturesCompleteSmmReadyToLock() to PerformRemainingTasks() and PerformPreTasks(). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff"

[edk2] [patch 1/3] UefiCpuPkg/PiSmmCpu: Add 2 APIs in SmmCpuFeaturesLib.

SmmCpuFeaturesCompleteSmmReadyToLock() is a hook point to allow CPU specific code to do more registers setting after the gEfiSmmReadyToLockProtocolGuid notification is completely processed. SmmCpuFeaturesAllocatePageTableMemory() is an API to allow CPU to allocate a specific region for storing

[edk2] [patch 2/3] UefiCpuPkg/PiSmmCpu: Add NULL func for 2 new APIs in SmmCpuFeaturesLib.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff" Cc: "Kinney, Michael D" --- .../Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 39 ++ 1 file changed,

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move IDT to page aligned memory.

The previous IDT is not in page aligned memory. We allocate and copy it in page aligned memory, so that other program may use page level protection on that. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff"

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move XD enable to ASM before paging enable.

There might be page table set SMM data region be XD. So we have to enable XD before enable paging. Or #PF might be generated. mXdSupported is moved from C to ASM, because protected mode code can not refer global variable in long mode ASM. MSR_EFER/MSR_EFER_XD macro is moved from H to ASM as

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move IDT to page aligned memory.

The IDT in ASM is removed. We rely on C code to allocate IDT. We also move InitializeIDTSmmStackGuard() from ASM to C file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff" Cc: "Kinney, Michael D"

[edk2] [patch] UefiCpuPkg/CpuExceptionHandlerLib: Skip CR restore for SMM handler.

In SMM, we skip CR restore. The CR should always be right and should no be touched. mDoFarReturnFlag is changed to mSmmFlag to indicate all difference between normal mode and SMM. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan,

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Correct TSS segment.

TSS segment should use (SIZE - 1) as limit, and do not set G bit (highest bit of LimitHigh) because limit means byte count. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen Cc: Fan, Jeff Cc: Kinney, Michael D

[edk2] [patch] MdeModulePkg/PiSmmCore: Check InternalAllocPoolByIndex status before refer buffer.

Original code refers FreePoolHdr without check Status. It is obvious wrong and has risk. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zeng, Star Reviewed-by: Yao, Jiewen Cc: Fan, Jeff Cc: Kinney, Michael

[edk2] [patch] MdeModulePkg/PiSmmCore: Uninstall LoadedImage protocol if SMM driver returns error and is unloaded.

Original code does not uninstall LoadedImage protocol if SMM driver returns error and is unloaded. It causes a wrong LoadedImage protocol existing in system. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen Cc: Zeng, Star

[edk2] [patch] EdkCompatibilityPkg/SmmBaseHelper: Install LoadedImage protocol for ECP SMM driver.

PiSmmCore installs LoadedImage for each SMM driver. However ECP SMM driver is missing. Since SmmBaseHelper loads ECP SMM driver, we let SmmBaseHelper installs LoadedImage protocol for SMM driver. So that the SMM image information is complete. Contributed-under: TianoCore Contribution Agreement

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Eliminate EFI_IMAGE_MACHINE_TYPE_SUPPORTED(EFI_IMAGE_MACHINE_X64).

Move Gdt initialization from InitializeMpServiceData() to CPU Arch specific function. We create SmmFuncsArch.c for hold CPU specific function, so that EFI_IMAGE_MACHINE_TYPE_SUPPORTED(EFI_IMAGE_MACHINE_X64) can be removed. For IA32 version, we always allocate new page for GDT entry, for easy

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move RestoreSmmConfigurationInS3 from BSPHandler() to PerformRemainingTasks().

In this way, we can centralize the silicon configuration in PerformRemainingTasks() function. If there are more features need to be configured, they can put in PerformRemainingTasks() only. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Remove TSS fixup in GDT.

The TSS is already fixed in PiSmmCpuDxeSmm/X64/SmmFuncsArch.c, InitGdt(). There is no need to fix it again. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen Cc: Fan, Jeff Cc: Kinney, Michael D

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move RestoreSmmConfigurationInS3 function to PerformPreTasks().

In this way, we can centralize the silicon configuration in PerformRemainingTasks()/PerformPreTasks() function. If there are more features need to be configured, they can put in PerformRemainingTasks()/PerformPreTasks() only. Contributed-under: TianoCore Contribution Agreement 1.0

[edk2] [patch] UefiCpuPkg/PiSmmCpu: Move SmmDebug from ASM to C.

SmmDebug feature is implemented in ASM, which is not easy to maintain. SO we move it to C function. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Fan, Jeff" Cc: "Kinney, Michael D"

[edk2] [patch] MdeModulePkg/PiSmmIpl: Move CommunicationBuffer from stack to global variable.

We had put communication buffer to Runtime memory, so that SMI handler can know it is not used by OS. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zeng, Star" Cc: "Fan, Jeff" Cc:

[edk2] [PATCH] InterFsp2Pkg:Tool: Add user manual for SplitFspBin tool.

d-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen@intel.com> --- .../Tools/UserManuals/SplitFspBinUserManual.md | 69 ++ 1 file changed, 69 insertions(+) create mode 100644 IntelFsp2Pkg/Tools/UserManuals/SplitFspBinUserManual.md d

[edk2] [PATCH 0/2] Add IntelSiliconPkg

This series patch adds the initial version of IntelSiliconPkg and an include file. We will use IntelSiliconPkg for open source common Intel silicon related modules. Jiewen Yao (2): IntelSiliconPkg: Add initial version. IntelSiliconPkg/IgdOpRegion: Add definition for Intel IGD OpRegion

[edk2] [PATCH 1/2] IntelSiliconPkg: Add initial version.

This package will include open source common Intel silicon related modules. Cc: Giri P Mudusuru <giri.p.mudus...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen@intel.com> --- IntelSiliconPkg/Contributions

[edk2] [PATCH 2/2] IntelSiliconPkg/IgdOpRegion: Add definition for Intel IGD OpRegion.

Add IGD OpRegion definition from Intel Integrated Graphics Device OpRegion Specification. at https://01.org/sites/default/files/documentation/acpi_igd_opregion_spec_0.pdf Cc: Giri P Mudusuru <giri.p.mudus...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by:

[edk2] [PATCH] MdePkg/Hsti: Fix a memory allocation check issue.

Cc: Liming Gao <liming@intel.com> Cc: Amy Chan <amy.c...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen@intel.com> --- MdePkg/Library/DxeHstiLib/HstiDxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) d

[edk2] [PATCH] MdePkg/BaseLib: Add 2 more safe string functions.

Kinney <michael.d.kin...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen@intel.com> --- MdePkg/Include/Library/BaseLib.h| 94 - MdePkg/Library/BaseLib/SafeString.c | 196 +++- 2

[edk2] [PATCH] IntelFsp2Pkg: rename GetFspVpdDataPointer() to GetFspCfgRegionDataPointer()

aurice Ma <maurice...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen@intel.com> --- IntelFsp2Pkg/Include/Library/FspCommonLib.h | 6 +++--- IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c | 6 +++--- 2 files changed

[edk2] [PATCH] IntelFsp2WrapperPkg: Add support to handle ResetRequired return Status from FSP.

Mudusuru <giri.p.mudus...@intel.com> Cc: Amy Chan <amy.c...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Satya Yarlagadda <satya.p.yarlaga...@intel.com> Signed-off-by: Jiewen Yao <jiewen@intel.com> --- .../FspWrapperNotifyDxe/FspWrap

[edk2] [patch] SecurityPkg: Mark MorLock module deprecated.

This module only handles MOR lock v1. Now MOR lock V2 solution is published and added in variable driver. So this module can be deprecated. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zhang, Chao B" Cc:

[edk2] [patch V2 1/3] MdeModulePkg: Add MorLockSmm to variable driver.

Microsoft published secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx with revision 2 update. See URL for tech detail. Previous revision 1 is handled in SecurityPkg\Tcg\ MemoryOverwriteRequestControlLock. But the VarCheck API can not

[edk2] [patch V2 0/3] Add MorLock to variable driver

Microsoft published secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx with revision 2 update. This series patches add MOR lock revision 2 to variable driver. jiewen yao (3): MdeModulePkg: Add MorLockSmm to variable driver

[edk2] [patch V2 3/3] MdeModulePkg: Add MorLock to variable driver.

This patch adds MorLock function to Variable main function. It also updates corresponding INF file to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zhang, Chao B" Cc: "Zeng, Star"

[edk2] [patch V2 2/3] MdeModulePkg: Add MorLockDxe to variable driver.

Per secure MOR implementation document, it is not proper to add MOR lock in non-SMM version, because DXE version can not provide protection. This patch add standalone TcgMorLockDxe implementation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen"

[edk2] [patch] SecurityPkg: Update final event log calculation.

This patch updated final event log calculation based on TCG EFI PROTOCOL rev9, 7.1.2 "All options implementation". The previous logic is to save event to final event log once GetEventLog() is called. 7.1.1 shows that we should save event log to both normal even log area and final event log area

[edk2] [patch] SecurityPkg: Correct NumberOfPCRBanks calculation.

Previously, NumberOfPCRBanks is calculated based on TPM capability. However, there might be a case that TPM hardware support 1 algorithm, but BIOS does not support and BIOS mask it via PCD. This causes the conflict between HashAlgorithmBitmap and NumberOfPCRBanks. So we move the NumberOfPCRBanks

[edk2] [patch] SecurityPkg: Replace TREE macro with TCG2.

Since Tcg2Dxe driver follows TCG spec, we should use TCG2 MACRO, instead of TREE macro. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zhang, Chao B" --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 4 ++-- 1 file

[edk2] [patch 0/2] Update Secure MOR implementation to revision 2.

Microsoft secure MOR implementation is updated to revision 2. These series patches follow Secure MOR implementation update. jiewen yao (2): MdePkg: Update MorLock comment to latest doc. MdeModulePkg: Include MorLock check into variable driver. .MdeModulePkg/Universal/Variable/RuntimeDxe

[edk2] [patch 2/2] MdeModulePkg: Include MorLock check into variable driver.

Microsoft published secure MOR implementation at https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx with revision 2 update. See URL for tech detail. Previous revision 1 is handled in SecurityPkg\Tcg\ MemoryOverwriteRequestControlLock. But the VarCheck API can not

[edk2] [patch 3/7] MdeModulePkg: Add MemoryAttributesTable generation.

Add MemoryAttributesTable generation in DxeCore. We leverage the information collected by original PropertiesTable, and publish runtime code/data to another standalone table. So that this is a compatible solution to report more PE Code/Data information. Contributed-under: TianoCore Contribution

[edk2] [patch 5/7] MdeModulePkg: Add CoreInitializeMemoryAttributesTable() to header file.

Add CoreInitializeMemoryAttributesTable() to DXE Core header file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" --- MdeModulePkg/Core/Dxe/DxeMain.h | 11 ++- 1 file changed, 10

[edk2] [patch 6/7] MdePkg: Call CoreInitializeMemoryAttributesTable() in DXE Entrypoint.

Call CoreInitializeMemoryAttributesTable() in DXE Entrypoint. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" --- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 3 ++- 1 file changed, 2 insertions(+),

[edk2] [patch 1/7] MdePkg: Add UEFI2.6 MemoryAttributes Table definition.

Add UEFI2.6 MemoryAttributes Table definition header file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" --- MdePkg/Include/Guid/MemoryAttributesTable.h | 34 + 1

[edk2] [patch 2/7] MdePkg: Add UEFI2.6 MemoryAttributesTable GUID

Add UEFI2.6 MemoryAttributesTable GUID definition. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" --- MdePkg/MdePkg.dec | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff

[edk2] [patch 4/7] MdeModulePkg: Update PropertiesTable for MemoryAttributesTable.

MemoryAttributesTable generation need information in PropertiesTable. In memory attributes table generation path, PropertiesTable need record original memory map and do not merge the new memory map entry cross original memory map boundary. Contributed-under: TianoCore Contribution Agreement 1.0

[edk2] [patch 0/7] Add UEFI2.6 MemoryAttributesTable support.

Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen@intel.com> Cc: "Gao, Liming" <liming@intel.com> jiewen yao (7): MdePkg: Add UEFI2.6 MemoryAttributes Table definition. MdePkg: Add UEFI2.6 MemoryAttributesTable GUID MdeModulePkg: Add MemoryAttributes

[edk2] [patch 7/7] MdePkg: Update DxeCore INF for MemoryAttributesTable.

Update DxeCore INF for MemoryAttributesTable. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" --- MdeModulePkg/Core/Dxe/DxeMain.inf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff

[edk2] [patch] MdePkg: Add missing definition for ACPI6.0.

Add missing definition in ACPI6.0 specification. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" --- MdePkg/Include/IndustryStandard/Acpi60.h | 5 - 1 file changed, 4 insertions(+), 1

[edk2] [patch] MdePkg: Update Acpi.h to include 6.1.

Update Acpi.h to include latest Acpi6.1 header file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" --- MdePkg/Include/IndustryStandard/Acpi.h | 4 ++-- 1 file changed, 2 insertions(+), 2

[edk2] [patch V3] MdeModulePkg: Fix Memory Attributes table type issue

According to the spec, each entry in the Memory Attributes table shall have the same type as the region it was carved out of in the UEFI memory map. The current attribute uses RTData for PE Data, but it should be RTCode. This patch fixed the issue. It is validated with or without PropertiesTable.

[edk2] [patch] SecurityPkg: Update TCG PPI "1.3" for TCG2.

The Tcg2Smm follows TCG PPI 1.3 specification. This patch updates the ASL code string to 1.3. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Zhang, Chao B" --- SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 2 +- 1

[edk2] [patch 2/6] MdePkg: Add TPM TIS definition.

TPM TIS (TPM Interface Specification) is TCG standard. Add definition here. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" CC: "Zhang, Chao B" --- MdePkg/Include/IndustryStandard/TpmTis.h | 183

[edk2] [patch 5/6] SecurityPkg: Add TPM PTP detection in TPM12 device lib.

The TPM RequestUseTpm API can only set register to use the hardware, but it can not be used to distinguish TPM12 or TPM2 device. TPM PTP defines same address with TIS, so we need detect the TPM device is PTP or TIS in RequestUseTpm. Also, Tcg2Config driver call RequestUseTpm to detect TPM hardware

[edk2] [patch 4/6] SecurityPkg: Add TPM PTP support in TCG2 SMM.

TPM2 hardware may support PTP FIFO/TIS interface or PTP CRB interface. The original ACPI table only handles PTP FIFO/TIS interface. This patch adds PTP CRB interface support. The current logic is that SMM driver will runtime detect TPM device interface (CRB or FIFO/TIS) and publish TPM2 table

[edk2] [patch 0/6] Add TPM PTP CRB support.

This series patches enable TPM PTP CRB support in EDKII. TPM PTP (Platform TPM Profile) is TCG standard. It covers both FIFO/TIS and CRB (Command-Response-Buffer). jiewen yao (6): MdePkg: Add TPM PTP definition. MdePkg: Add TPM TIS definition. SecurityPkg: Add TPM PTP support in TPM2 device

[edk2] [patch 1/6] MdePkg: Add TPM PTP definition.

TPM PTP (Platform TPM Profile) is TCG standard. Add definition here. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" CC: "Zhang, Chao B" --- MdePkg/Include/IndustryStandard/TpmPtp.h | 522

[edk2] [patch 6/6] SecurityPkg: Add TPM PTP support in TCG2 Config.

This patch add PTP CRB support in BIOS Setup. It can: 1) Display the PTP capability (TIS/FIFO/CRB) 2) Display the PTP current interface (TIS/FIFO/CRB) 3) Let user select CRB/FIFO, if supported. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen"

[edk2] [patch] SecurityPkg: Correct data copy in Tpm2NvReadPublic.

1) NvPublic.dataSize data should be got from original receive buffer, instead of returned NvPublic. 2) NvNameSize means the size of NvName without size field. The original code treats it to be size of NvName with size field, so the last 2 bytes are missing. This patch fixed problem.

[edk2] [patch] SecurityPkg: Add TPM PTP detection in Tpm12SubmitCommand.

Previously, we only add PTP detection in Tpm12RequestUseTpm, because RequestUseTpm does not check TPM command. This patch also adds similar check in Tpm12SubmitCommand. PTP device does not accept TPM12 command, so that it can return error on PTP device, instead of wait till timeout.

[edk2] [patch] MdePkg: Change PcdPropertiesTableEnable default value to FALSE

UEFI2.6 specification does not recommend to use BIT0 attribute for PropertiesTable, so we change default value to FALSE. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Cc: "Gao, Liming" ---

[edk2] [patch] MdeModulePkg: Fix Memory Attributes table type issue

According to the spec, each entry in the Memory Attributes table shall have the same type as the region it was carved out of in the UEFI memory map. The current attribute uses RTData for PE Data, but it should be RTCode. This patch fixed the issue. It is validated with or without PropertiesTable.

[edk2] [patch V2] MdeModulePkg: Fix Memory Attributes table type issue

According to the spec, each entry in the Memory Attributes table shall have the same type as the region it was carved out of in the UEFI memory map. The current attribute uses RTData for PE Data, but it should be RTCode. This patch fixed the issue. It is validated with or without PropertiesTable.

  1   2   3   4   5   6   7   8   >