| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Details about a particular pipeline change over time - such as the
specific Linux distro or toolchain version. At the same time, the
pipeline files are directly referenced in Azure Pipelines to run the
pipeline and few users have access to change those details.
To make the files less likely to refer to outdated information over
time and reduce the need for an Azure Pipeline administrator to get
involved, the files are updated to drop specific details apart from
the host OS environment used in the pipeline.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
|
This patch adds additional support for the new CAMM form factor
defined in SMBIOS specification 3.8.0
Signed-off-by: Shveta Gupta <shvetag@nvidia.com>
|
|
Remove unused gEfiDevicePathProtocolGuid in Base UefiDevicePathLib
since it's not used.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
|
Commit aef50446ced0662c8dfd968ab0ea05cc88b989ae
removed gEdkiiPeiMpServices2PpiGuid from UefiCpuPkg.dec
which causes build breaks if an INF [Ppis] section
lists gEdkiiPeiMpServices2PpiGuid. There is no method
for a DEC file for conditionally declare a PPI.
In order to support the migration from use of
gEdkiiPeiMpServices2PpiGuid to the preferred use of the
gPeiMpServices2Ppi, update MpServices2.h in MdePkg
to define EDKII_PEI_MP_SERVICES2_PPI_GUID and
EDKII_PEI_MP_SERVICES2_PPI.
All references to the EDK II PEI MP Services 2 PPI can be
removed after all downstream consumers have had a chance
to perform the migration.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
Commit aef50446ced0662c8dfd968ab0ea05cc88b989ae
removed gEdkiiPeiMpServices2PpiGuid from UefiCpuPkg.dec
which causes build breaks if an INF [Ppis] section
lists gEdkiiPeiMpServices2PpiGuid. There is no method
for a DEC file for conditionally declare a PPI.
In order to support the migration from use of
gEdkiiPeiMpServices2PpiGuid to the preferred use of the
gPeiMpServices2Ppi, add gEdkiiPeiMpServices2PpiGuid back
to the UefiCpuPkg.dec.
All references to the EDK II PEI MP Services 2 PPI can be
removed after all downstream consumers have had a chance
to perform the migration.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
The Full variant enables support for EC, which in turn is needed for TLS
1.3. It also increases the size, so turn this on for 4M builds only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Reduce dsc file duplication and simplify updates by moving openssl + tls
configuration to an include file. No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Fix an issue where input parameters in SCMI messages may be overwritten by
return values during repeated transactions when retrieving large data sets.
This issue affects:
1. ClockDescribeRates: when the number of clock rates exceeds the transfer
limit. According to the SCMI specification (Section 4.6.2.5), the first
and second parameters are initially used to pass clock_id and rate_index.
However, due to SCMI’s shared memory communication mechanism, these same
memory locations are later reused to return status and num_rate_flags.
2. PerformanceDescribeLevels: when the number of performance levels is too
large to return in a single response. As described in Section 4.5.3.5,
the first and second parameters are initially used for domain_id and
level_index, but are overwritten with status and num_levels in the return.
Because SCMI reuses the same shared memory buffer for both input and output,
the return values can override input parameters if the buffer is not properly
re-initialized before each request. This patch ensures that the first and
second parameters are correctly set before every transaction to preserve
input integrity and ensure correct protocol behavior.
Signed-off-by: jie.fu <jie.fu@cixtech.com>
|
|
This patch adds support for the new CAMM form factor
defined in SMBIOS specification 3.8.0
Signed-off-by: Nick Ramirez <nramirez@nvidia.com>
|
|
There is a typo when calculating smrr base on S3 path.
This change fixes the typo.
Signed-off-by: Guo Dong <guo.dong@intel.com>
|
|
MemoryTypeInformation HOB was built in FD and FIT image format UEFI payload.
But this HOB was not built in ELF image format UEFI payload. Adding this HOB
for ELF image format to keep payload consistent in different image format.
When this HOB is missing, DXE/SMM driver might be dispatched above 4GB and
MemoryType information HOB assists GCD with defragmenting the memory map.
Signed-off-by: Guo Dong <guo.dong@intel.com>
|
|
when SMM_SUPPORT is enabled, a build failure was seen since two SMM
libraries are missing. Just add them in the DSC file to fix it.
Signed-off-by: Guo Dong <guo.dong@intel.com>
|
|
With current implemenation, all 3 SmmCommunication* functions go through
the same routine, which will dereference the incoming pointer to inspect
whether this is a V3 buffer or not.
However, the caller always pass in the physical addresses, which could
cause the system to page fault after OS take over the runtime control.
This change reverted the common routine to its previous form to handle MM
communicate v1 and v2. Additionally, a specific communicate function for
v3 was created to support MM communicate v3.
Co-authored-by: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
This patch updates several CodeQL errors for potential null pointer
access and unguarded header conclusion across production and test
code that have been flagged in the build/security tab in GitHub.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
|
|
propery -> property
lof -> log
evnent -> event
Signed-off-by: Paul Huang <aphroteus@gmail.com>
|
|
- Updated Maintainers.txt to include Kun Qin as a maintainer for the ARM-
FFA sections in SecurityPkg.
- Added his contact information: email and GitHub username.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
This change introduces a `Tpm2InstanceLibFfa` library to support TPM over
FF-A and works with Tpm2DeviceLibRouter* libraries.
The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/
The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
This change introduces a `Tpm2DeviceLibFfa` library to support TPM over
FF-A.
The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/
The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.
Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
TPM over FF-A is a mechanism enabling the normal world to communicate
with TPM devices offered as a FF-A service in the secure world.
This update introduces a header file containing definitions from the TPM
over FF-A specification, as detailed in the following documentation:
https://developer.arm.com/documentation/den0138/latest/
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
This change adds a new driver Tcg2AcpiFfa. It will publish the TPM2 and
the corresponding SSDT table that is responsible for supporting the
physical presence interface through ASL methods during OS runtime.
Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
This change adds a new library instance of SmmTcg2PhysicalPresenceLib. It
will directly check on the PCD value instead of relying on the HOB value,
which will require change on the TFA/SPMC side.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
This change adds a new driver Tcg2StandaloneMmArm. It will register an
MMI handler that is responsible for supporting the physical presence
interface from ASL methods during OS runtime.
Platforms need to expose the PPI ACPI function GUID in the Standalone MM
secure partition.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
This change adds a GUID for the physical presence interface. This is
defined in TCG Physical Presence Interface v1.30, Rev. 00.52: Section
8.1 ACPI Functions.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg. EDKII_PEI_MP_SERVICES2_PPI structure and PPI GUID
are provided as backward compatible references.
These references have been wrapped under a conditional to aid with
its eventual removal.
To enable, define ENABLE_DEPRECATED_EDKII_MP_SERVICES2.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
The related header and PPI GUID has been removed from UefiCpuPkg
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
EFI_PEI_MP_SERVICES2_PPI has been added to MdePkg.
This PPI earlier existed as EDKII_PEI_MP_SERVICES2_PPI in UefiCpuPkg.
EDKII_PEI_MP_SERVICES2_PPI structure and PPI GUID are provided as
references for backwards compatibility.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
This commit is to add two new APIs in EmbeddedPkg
PrePiHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
|
This commit is to add two new APIs in ArmVirtDxeHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
|
This commit is to add two new APIs in StandaloneMmPkg
StandaloneMmHobLib and StandaloneMmCoreHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
|
This commit is to add two new APIs in UefiPayloadPkg
DxeHobLib and PayloadEntryHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
|
This commit is to add two new APIs in MdeModulePkg
BaseHobLibNull:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
|
This commit is to add two new APIs in MdePkg PeiHobLib,
DxeHobLib, DxeCoreHobLib and MockHobLib:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
|
This commit is to add two new APIs in HobLib.h:
GetNextMemoryAllocationGuidHob ()
TagMemoryAllocationHobWithGuid ()
The UEFI_PI_SPEC defines the EFI_GUID Name in the
EFI_HOB_MEMORY_ALLOCATION_HEADER as:
A GUID that defines the memory allocation region’s type
and purpose, as well as other fields within the memory
allocation HOB.
Currently there is no API in HobLib to handle this Name
GUID in EFI_HOB_MEMORY_ALLOCATION_HEADER, and the code
logic is common. So the following 2 APIs are added to:
1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.
2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.
Signed-off-by: Dun Tan <dun.tan@intel.com>
|
|
Refer to TCG spec section 3.4.2 "SMBIOS structures that contain static
configuration information (e.g. Platform Manufacturer Enterprise Number
assigned by IANA, platform model number, Vendor and Device IDs for each
SMBIOS table) that is relevant to the security of the platform MUST be
measured using the event type EV_EFI_HANDOFF_TABLES2"
Smbios tables shall be measured as defined in the spec.
Spec: PC-Client-Platform-Firmware-Profile-Version-1.06-Revision-52
https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Hunter Adrian <adrian.hunter@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
The SPCR specification at
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/serial-port-console-redirection-table
states that baud rate 0 is interpreted as "as-is". This indicates that the
OS should rely on the current UART configuration until the full featured
driver is initialized.
Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>
|
|
The SPCR specification at
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/serial-port-console-redirection-table
states that baud rate 0 is interpreted as "as-is". This indicates that the
OS should rely on the current UART configuration until the full featured
driver is initialized.
Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>
|
|
Revision 4 adds fields for UART clock frequency, precise baud rate and ACPI
object namespace string. The revision 4 specification is at
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/serial-port-console-redirection-table
Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>
|
|
Revision 4 adds fields for UART clock frequency, precise baud rate and ACPI
object namespace string. The revision 4 specification is at
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/serial-port-console-redirection-table
Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>
|
|
Improve OpalDriverGetDriverDeviceName function that gets device name
through the component name protocol. Currently the function searches for
all handles (as controller handle) to find the right GetControllerName
service for the child handle. The update improves the way to get device
name and supports better performance (e.g. 1681(μs) -> 3(μs) for 1 NVMe
device). This can prevent a compatibility issue for GetControllerName
service of some drivers, which is not flexible for handle parameter
information (e.g. it was found that an EFI driver caused an exception
error/hang when GetControllerName service for the driver is called in
OpalDriverGetDeviceNameByProtocol function).
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
|
|
AmdSvsmLib currently doesn't check if SNP enabled, thus using AmdSvsmLib
may errantly cause the caller code to believe SVSM is present. This
leads to boot failure on non-SNP enabled VMs.
We use the PcdConfidentialComputingGuestAttr since it remains valid
after MpInitLib runs which invalidates PcdSevEsWorkArea's cached
sev-status msr which we use to check for SNP enabled in other places.
The added functions ConfidentialComputingGuestHas() and
AmdMemEncryptionAttrCheck() are copied from MpLib.c, which is intended
to be replaced later on with a more minimal library perhaps in MdePkg to
cleanup some of the circular dependencies currently surrounding SvsmLib.
Signed-off-by: Jacob Xu <jacobhxu@google.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
|
|
Updates SecureBootVariableLibUnitTest to use a valid
EFI_SIGNATURE_LIST and EFI_SIGNATURE_DATA
Signed-off-by: Doug Flick <dougflick@microsoft.com>
|
|
This commit adds the ability to skip the setting the Dbx variable if
the Default being provided is less than the size of the
EFI_SIGNATURE_LIST structure. This is to prevent the
setting of an invalid DBX which would cause the system to fail to boot.
Additionally, this can be used to signal that setting the DBX
should leave DBX undefined for Platforms that want to let the OS
be the sole servicer of the DBX.
Breakdown of the math is as follows:
1. **`sizeof(EFI_SIGNATURE_LIST)`**:
- This is the size of the `EFI_SIGNATURE_LIST` structure itself,
which includes:
- `EFI_GUID SignatureType` (16 bytes)
- `UINT32 SignatureListSize` (4 bytes)
- `UINT32 SignatureHeaderSize` (4 bytes)
- `UINT32 SignatureSize` (4 bytes)
- Total: `16 + 4 + 4 + 4 = 28 bytes`
2. **`SignatureHeaderSize`**:
- This is the size of the optional signature header. If no header is
provided, this value is `0`.
3. **`SignatureSize`**:
- This is the size of each `EFI_SIGNATURE_DATA` entry. For an empty
list, this value is `0`.
The total size of an empty `EFI_SIGNATURE_LIST` is:
```c
sizeof(EFI_SIGNATURE_LIST) + SignatureHeaderSize
```
1. **No Signature Header**:
- If `SignatureHeaderSize = 0`, the size is:
```c
28 + 0 = 28 bytes
```
2. **With a Signature Header**:
- If `SignatureHeaderSize = 16` (example size for a header), the
size is:
```c
28 + 16 = 44 bytes
```
- **Minimum Size**: `28 bytes` (if `SignatureHeaderSize = 0`).
- **Additional Size**: Add the value of `SignatureHeaderSize` if a
header is included.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
|
|
Signed-off-by: Anbazhagan Baraneedharan <anbazhagan@hp.com>
|
