| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Allows ignore lines in the CI YAML file to use git ignore syntax.
This is especially useful for ignore files recursively in directories
like those that may exist in an external dependency folder.
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BZ #4456
Fixed a bug which led to an ASSERT due to the USB device
context being maintained after a port reset, but the
underlying XHCI context was uninitialized. Specifically,
Xhc->UsbDevContext is freed after a reset and only
re-allocates the default [0] enpoint transfer ring.
In order to avoid a memory leak, device enumeration is
performed after freeing the necessary buffers. This
allocates the Xhc->UsbDevContext for all endpoints of
the USB device.
Signed-off-by: Britton Chesley <Brit.Chesley@amd.com>
|
| |
|
|
|
|
|
| |
Pass build variables (those passed to build.py through -D) to the DSC
parser to provide a more accurate parsing of the DSC file.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed firmware measurements are allowed to be passed along to in the
TCG and CC event logs according to the TCG PC Client Platform Firware
Profile. The event logs include events that Tcg2Dxe reads from
appropriately GUIDed HOBs, so allow opt/org.tianocode/sp800155evt/%d to
pass along events that the VMM sees fit to provide. One event per
number, starting from 0, increasing by 1 until there are no more
contiguous files.
The VMM may provide reference measurements through UEFI variables that
it references from the SP800-155 event3 structure given the appropriate
RIM locator type, or via URL, etc.
Each event read from fw_cfg, is written one-by-one to
a EFI_HOB_GUID_TYPE HOB created for the event. The name they target
gTcg800155PlatformIdEventHobGuid for the later Dxe driver to use to
extend the event log.
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The TCG_Sp800_155_PlatformId_Event2 and 3 structures both list the
platform model string twice, which is incorrect according to the
TCG PC Client Platform Firmware Profile.
Also add constant definitions for the locator types added in the
December 2023 revision.
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new contributor has a name not describable by the character set
developed for 1960s US teleprinters, causing the CI to object and
blocking their code from being merged due to the copyright statement.
While we do want to keep the code clean from characters other
contributors cannot trivially reproduce, this should not extend to
requiring intentionally misstating legal claims.
Until we figure out the long-term fix, add an exception for the surname
triggering the failure.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
| |
|
|
|
|
|
|
|
| |
Consume gEdkiiTcg2AcpiCommunicateBufferHobGuid in Tcg2Acpi
driver. Tcg2Acpi will use the buffer stored in the HOB to
exchange information with Tcg2StandaloneMm by the
MM_COMMUNICATION_PROTOCOL.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Install a callback of gEfiPeiMemoryDiscoveredPpiGuid to
build the gEdkiiTcg2AcpiCommunicateBufferHobGuid in the
Tcg2ConfigPei PEIM.
The HOB contains a buffer reserved by MmUnblockMemoryLib.
The buffer will be used in Tcg2Acpi driver to retrive
information from standalone mm environment.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add a new GUID HOB gEdkiiTcg2AcpiCommunicateBufferHobGuid.
This Tcg2 Acpi Communicate Buffer HOB is used to store the
address of a buffer reserved for Tcg2Acpi driver. The buffer
will be used to retrive information from Standalone mm
environment.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
|
| |
Consume gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid in
StandaloneMmTcg2PhysicalPresenceLib. This is to avoid
using the dynamic PcdTcgPhysicalPresenceInterfaceVer in
StandaloneMm module.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
| |
Consume gEdkiiTpmInstanceHobGuid in Tcg2StandaloneMm
driver. It's to avoid using dynamic PcdTpmInstanceGuid
in StandaloneMm driver.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Build following two new HOBs:
gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid
gEdkiiTpmInstanceHobGuid
The two HOBs will be used by Tcg2StandaloneMm driver
to avoid using the related dynamic PCDs.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a new gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid.
This new Guid HOB contains a a string of the Version of
Physical Presence interface which is the same as
PcdTcgPhysicalPresenceInterfaceVer. The HOB is used for
StandaloneMm driver which needs to consume the dynamic
PcdTcgPhysicalPresenceInterfaceVer.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
|
| |
This new Guid HOB contains a TPM instance Guid which
is the same as PcdTpmInstanceGuid. The HOB is used for
StandaloneMm driver which needs to consume the dynamic
PcdTpmInstanceGuid.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
| |
|
|
|
|
|
|
| |
Now that CONST input strings to the AmlLib APIs
are properly marked as CONST we don't need to cast
them to non-CONST before passing them.
Signed-off-by: Jeshua Smith <jeshuas@nvidia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Several input strings to AmlLib APIs are treated
as CONST but were missing the CONST keyword,
requiring their callers to create unnecessary r/w
copies of r/o input strings. This change properly
marks these input strings as CONST.
Signed-off-by: Jeshua Smith <jeshuas@nvidia.com>
Reviewed-by: Jeff Brasen <jbrasen@nvidia.com>
|
| |
|
|
|
|
|
|
|
| |
The xdrlib dependency was removed in commit
5cadb8ce2148979b6c464f6da5a8cd97425c5165 but the actual import of the
module was not removed. This commit removes the import of xdrlib and
sorts the imports.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library) from 0.21.5 to 0.21.8.
- [Release notes](https://github.com/tianocore/edk2-pytool-library/releases)
- [Commits](https://github.com/tianocore/edk2-pytool-library/compare/v0.21.5...v0.21.8)
---
updated-dependencies:
- dependency-name: edk2-pytool-library
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) from 0.27.5 to 0.27.6.
- [Release notes](https://github.com/tianocore/edk2-pytool-extensions/releases)
- [Commits](https://github.com/tianocore/edk2-pytool-extensions/compare/v0.27.5...v0.27.6)
---
updated-dependencies:
- dependency-name: edk2-pytool-extensions
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is a list of allowed rng algorithms, if /one/ of them is not
supported this is not a problem, only /all/ of them failing is an
error condition.
Downgrade the message for a single unsupported algorithm from ERROR to
VERBOSE. Add an error message in case we finish the loop without
finding a supported algorithm.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| |
|
|
|
|
|
|
| |
BZ #4790
Support "^" and "V" key stokes on the pop-up form. Align the
implementation with key support on the regular HII form.
Signed-off-by: Gaurav Pandya <gaurav.pandya@amd.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The presense of PdbPointer (PDB file name) is not an error. Hence, the
debug message should be categorized as VERBOSE or INFO. However, the
DEBUG_VERBOSE is more appropriate since the PDB file name is already
output by the PeCoffLoaderRelocateImageExtraAction() function with the
inline "add-symbol-file" when a platform uses the library instance
DebugPeCoffExtraActionLib.
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
|
| |
|
|
|
|
|
|
| |
Fix the wrong comment.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Yi Li <yi1.li@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
|
| |
|
|
| |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| |
|
|
| |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| |
|
|
| |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifically before running lzma uncompress of the main firmware volume.
This is needed to make sure caching is enabled, otherwise the uncompress
can be extremely slow.
Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes.
Background: Depending on virtual machine configuration kvm may uses EPT
memory types to apply guest MTRR settings. In case MTRRs are disabled
kvm will use the uncachable memory type for all mappings. The
vmx_get_mt_mask() function in the linux kernel handles this and can be
found here:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580
In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In
case the VM has a mdev device assigned that is not the case though.
Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable
should not be set by default in CR0") kvm also ended up using
MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit
kvm evaluates guest mtrr settings, which why setting up MTRRs early is
important now.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch add mbedtls submodule license.
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
PcdArmArchTimerFreqInHz lets platforms override the architectural timer
frequency, but this really isn't supported in hardware by anything lower
than EL3. And we no longer support running edk2 at EL3.
So drop this Pcd and update ArmArchTimerLib to unconditionally use
ArmGenericTimerGetTimerFreq () instead.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
| |
|
|
|
|
|
|
|
|
| |
PcdArmArchTimerFreqInHz lets platforms override the architectural timer
frequency, but this really isn't supported in hardware by anything lower
than EL3. Setting it to 0 skips the override - but that is also the
default. So drop the explicit setting in ArmVirtPkg platforms in
preparation for deleting the Pcd completely.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a bit of legacy code in ArmArchTimerLib that attempts to program
the generic timer based on a Pcd. This was only ever done for (32-bit)
ARM in case the cpu lacked the Security Extensions (because if they were
there, Secure firmware would be expected to have configured this before
switching to Non-secure state).
We don't support operation without Secure firmware anymore, but also the
code has been incorrectly invoked only on platforms that *do* implement
the Security Extensions since December 2020 and commit 0dd0d42ab5b6
("ArmPkg: use helper to check for Security extensions in ArmArchTimerLib")
As a result, edk2 has been overriding any programming done by Secure
Firmware on ARM platforms. Which is wrong.
Drop this programming in preparation for deleting the Pcd completely.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Cpucfg fetch is a 32-bit register, and AsmCpucfg's function
declaration is a 32-bit address storage operation in BaseLib.h,
So, fix it by replacing stptr.d with stptr.w instrcution.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4797
Cc: Chao Li <lichao@loongson.cn>
Signed-off-by: Dongyan Qian <qiandongyan@loongson.cn>
Co-authored-by: Chao Li <lichao@loongson.cn>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On the LoongArch platform:
the a0 register can be used as both a function parameter and a return value.
Due to parameter EFI_SYSTEM_CONTEXT being overwritten by an invalid context address,
when calling GetExceptionType, incorrect parameter address causes memory access exception.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4796
Cc: Chao Li <lichao@loongson.cn>
Signed-off-by: Dongyan Qian <qiandongyan@loongson.cn>
|
| |
|
|
|
|
|
|
|
| |
The error codes during TLS handshake errors are sometimes
not enough to understand the root cause of the problem.
Extending the debug output by the function and optional data helps
in some cases.
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Webservers hosting multiple websites require the TLS SNI
(Server Name Indication) in the ClientHello to know which certificate
to return.
The current TLS code does not include the server name in the
ClientHello handshake, which leads to failed HTTPS boots when the
server does not return the correct certificate.
This sets the host name for SNI in TlsSetVerifyHost which receives the
host name also for verification against the certificates.
Signed-off-by: Sebastian Witt <sebastian.witt@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A malicious host may be able to undermine the fw_cfg
interface such that loading a blob fails.
In this case rather than continuing to the next boot
option, the blob verifier should halt.
For non-confidential guests, the error should be non-fatal.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Blob Verifier checks boot artifacts against a hash table
injected by the hypervisor and measured by hardware.
Update the Blob Verifier to enter a dead loop if the artifacts
do not match.
The verifier still returns ACCESS_DENIED in some cases, but this
is considered non-fatal. These non-fatal cases occur when the
artifact cannot be verified because the hashes table makes no
claims about the artifiact (e.g. if the hashes table is not present
or if there is no entry for the blob in question).
Since the hash table is reflected in the launch measurement,
it is okay to continue the boot in these cases.
If the hash table does contain expected hash values, the boot cannot
continue if the provided blobs do not match.
In these cases we enter a dead loop to make sure no guest can boot
with a TCB that does not reflect the launch measurement.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
|
| |
|
|
|
|
|
| |
This patch removes unused references to ResetNotification code.
ACPI table generation refined by removing excessive CopyMem() call.
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes an error in calculating cache sizes for cores from
different Dies. The original code incorrectly cleared cache sizes for
different core types during intermediate calculation steps, leading to
mistakes in counting duplicate entries. This patch adds a check for
cache size to distinguish between different cache types.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: xieyuanh <yuanhao.xie@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building AArch64 code, cpp gets run with the `-undef` flag which on
Fedora 40 with gcc version 14.1.1 20240607 (Red Hat 14.1.1-5) causes
__has_builtin to be undefined. When running the check for
__builtin_unreachable in Base.h it causes an error
"missing binary operator before token "("".
Check that we have __has_builtin before trying to use it.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
|
| |
|
|
|
|
|
|
| |
Drop obsolete library declarations that are no longer (and should not
be) implemented in EDK2 or UEFI, given that they are specific to the
secure world.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop logic from the ARM architectural support libraries that can only
execute in EL3 on AArch64 or Monitor mode on 32-bit ARM. While early
32-bit ports (and even some early 64-bit code) included some monitor
logic in EDK2, UEFI per the spec runs in non-secure execution contexts
only, and secure monitor and other secure world duties are usually
delegated to TF-A (Trusted Firmware for the A profile).
Since there are no longer users of this code in EDK2 or the
edk2-platforms tree, let's remove it from the core support libraries.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HBM/CXL memory systems are treated as special purpose memories. In many
cases it is desirable not to use special purpose memory for regular edk2
usages as these memories (HBm/CXL) are either meant for special purposes
or are less reliable to be used. Until such memory systems evolve and
we have better clarity from UEFI spec, avoid using them for edk2
boot memory purposes.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Oliver Smith-Denny <osde@linux.microsoft.com>
Signed-off-by: Dhaval Sharma <dhaval@rivosinc.com>
Co-authored-by: Tim Wawrzynczak <tim@rivosinc.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit "MdeModulePkg/DxeCapsuleLibFmp: Fix crash if no ESRT is
found" leads to a compilation error in
MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf. The issue
occurs because the variable mDxeCapsuleLibReadyToBootEvent which is
declared as extern does not exist, while it is defined in
DxeCapsuleRuntime.c, a file not included in DxeCapsuleLib.inf. This
patch is to fix this by moving the variable defintion to DxeCapsuleLib.c
and declare it as extern in DxeCapsuleRuntime.c.
Reported-by: Gua Guo <gua.guo@intel.com>
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some platforms (such as SBSA-QEMU on recent builds of the emulator) only
tolerate misaligned accesses to normal memory, and raise alignment
faults on such accesses to device memory, which is the default for PCIe
MMIO BARs.
When emulating a PCIe graphics controller, the framebuffer is typically
exposed via a MMIO BAR, while the disposition of the region is closer to
memory (no side effects on reads or writes, except for the changing
picture on the screen; direct random access to any pixel in the image).
In order to permit the use of such controllers on platforms that only
tolerate these types of accesses for normal memory, it is necessary to
remap the memory. Use the DXE services to set the desired capabilities
and attributes.
Hide this behavior under a feature PCD so only platforms that really
need it can enable it. (OVMF on x86 has no need for this)
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bhyve has added support for the bootorder FwCfg file some time ago
[1][2]. This FwCfg file is currently ignored by the OVMF and has no
effect. Copy the relevant code from Qemu to Bhyve to make it usable.
[1] https://github.com/freebsd/freebsd-src/commit/6632a0a4e3ab68b0e31b612e8aeca14de3fc8159
[2] https://github.com/freebsd/freebsd-src/commit/480bef9481f0c44b19ac4b2adb09f6c3191acd41
Signed-off-by: Corvin Köhne <c.koehne@beckhoff.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update Maintainers.txt to add Chao Li and Bibo Mao as LoongArchVirt Qemu
virt-machine platform maintainers, add Xianglai Li as the reviewer.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Bibo Mao <maobibo@loongson.cn>
Cc: Xianglai Li <lixianglai@loongson.cn>
Signed-off-by: Chao Li <lichao@loongson.cn>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add support for building LoongArchVirtQemu platform in CI
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
|
