packages/edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!74 sync from branch 22.03-LTS with !68!72

Browse Source 
From: @yezengruan 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
This commit is contained in:
openeuler-ci-bot 2022-04-06 02:40:09 +00:00 committed by Gitee
commit ea66396291
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
42 changed files with 89 additions and 2398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
0001-CryptoPkg-OpensslLib-Modify-process_files.pl-for-Ope.patch
View File

@ -1,55 +0,0 @@
From 87c0bd44a43769905f3bb9bea4c8af307c58a79b Mon Sep 17 00:00:00 2001
From: Xiang Zheng <zhengxiang9@huawei.com>
Date: Fri, 17 Apr 2020 15:05:54 +0800
Subject: [PATCH 1/2] CryptoPkg/OpensslLib: Modify process_files.pl for OpenSSL
1.1.1f
Before upgrading the version of OpenSSL to 1.1.1f, we need to update
process_files.pl so that we can auto-generate the correct files.
This patch may confict with the opensource codes in the future, than
let it go with opensouce.
Change-Id: Id17969bab444bad8cdd139258ef53d5eed91ff88
Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
---
.../Library/Include/{internal => crypto}/dso_conf.h | 0
CryptoPkg/Library/OpensslLib/process_files.pl | 10 +++++-----
2 files changed, 5 insertions(+), 5 deletions(-)
rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (100%)
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
similarity index 100%
rename from CryptoPkg/Library/Include/internal/dso_conf.h
rename to CryptoPkg/Library/Include/crypto/dso_conf.h
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index bbcfa0d0..a99ad866 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -109,8 +109,8 @@ BEGIN {
# Generate dso_conf.h per config data
system(
"perl -I. -Mconfigdata util/dofile.pl " .
- "crypto/include/internal/dso_conf.h.in " .
- "> include/internal/dso_conf.h"
+ "include/crypto/dso_conf.h.in " .
+ "> include/crypto/dso_conf.h"
) == 0 ||
die "Failed to generate dso_conf.h!\n";
@@ -264,9 +264,9 @@ copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
$OPENSSL_PATH . "/../../Include/openssl/") ||
die "Cannot copy opensslconf.h!";
print "Done!";
-print "\n--> Duplicating dso_conf.h into Include/internal ... ";
-copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
- $OPENSSL_PATH . "/../../Include/internal/") ||
+print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
+copy($OPENSSL_PATH . "/include/crypto/dso_conf.h",
+ $OPENSSL_PATH . "/../../Include/crypto/") ||
die "Cannot copy dso_conf.h!";
print "Done!\n";
--
2.19.1

0
0018-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch → 0001-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch
View File

337
0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1f.patch
View File

@ -1,337 +0,0 @@
From 55d39c51a03048f4bb1218fc70a9ed445e2b75f6 Mon Sep 17 00:00:00 2001
From: Xiang Zheng <zhengxiang9@huawei.com>
Date: Mon, 20 Apr 2020 17:40:25 +0800
Subject: [PATCH 2/2] CryptoPkg: Upgrade OpenSSL to 1.1.1f
Upgrade OpenSLL to 1.1.1f
Signed-off-by: Xiang Zheng <zhengxiang9@huawei.com>
---
CryptoPkg/CryptoPkg.dec | 1 -
.../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +-
CryptoPkg/Library/Include/crypto/dso_conf.h | 6 +-
.../Library/Include/openssl/opensslconf.h | 3 -
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 88 +++++++++----------
.../Library/OpensslLib/OpensslLibCrypto.inf | 78 ++++++++--------
CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +-
8 files changed, 90 insertions(+), 94 deletions(-)
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 4d1a1368..5888941b 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -23,7 +23,6 @@
Private
Library/Include
Library/OpensslLib/openssl/include
- Library/OpensslLib/openssl/crypto/include
[LibraryClasses]
## @libraryclass Provides basic library functions for cryptographic primitives.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
index eacf4826..235331c2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
-#include "internal/sm3.h"
+#include "crypto/sm3.h"
/**
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
index 229c244b..c9fdb65b 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
@@ -15,13 +15,13 @@
#include <openssl/asn1.h>
#include <openssl/x509.h>
#include <openssl/bio.h>
-#include <internal/x509_int.h>
+#include <crypto/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/bn.h>
#include <openssl/x509_vfy.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
-#include <internal/asn1_int.h>
+#include <crypto/asn1.h>
/**
This function will return the leaf signer certificate in a chain. This is
diff --git a/CryptoPkg/Library/Include/crypto/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
index 43c89158..abbbf62c 100644
--- a/CryptoPkg/Library/Include/crypto/dso_conf.h
+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
@@ -1,5 +1,5 @@
/* WARNING: do not edit! */
-/* Generated from crypto/include/internal/dso_conf.h.in */
+/* Generated from include/crypto/dso_conf.h.in */
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
*
@@ -9,8 +9,8 @@
* https://www.openssl.org/source/license.html
*/
-#ifndef HEADER_DSO_CONF_H
-# define HEADER_DSO_CONF_H
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
# define DSO_NONE
# define DSO_EXTENSION ".so"
#endif
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 2b4d538e..a27aa658 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -241,9 +241,6 @@ extern "C" {
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
# define OPENSSL_NO_DYNAMIC_ENGINE
#endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
/*
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 3fa52f55..a010e6bc 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -494,57 +494,57 @@
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
- $(OPENSSL_PATH)/crypto/store/store_locl.h
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
+ $(OPENSSL_PATH)/crypto/rc4/rc4_local.h
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
+ $(OPENSSL_PATH)/crypto/async/async_local.h
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+ $(OPENSSL_PATH)/crypto/md4/md4_local.h
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+ $(OPENSSL_PATH)/crypto/des/des_local.h
+ $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/arm_arch.h
$(OPENSSL_PATH)/crypto/mips_arch.h
$(OPENSSL_PATH)/crypto/ppc_arch.h
$(OPENSSL_PATH)/crypto/s390x_arch.h
$(OPENSSL_PATH)/crypto/sparc_arch.h
$(OPENSSL_PATH)/crypto/vms_rms.h
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
+ $(OPENSSL_PATH)/crypto/store/store_local.h
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
- $(OPENSSL_PATH)/crypto/async/async_locl.h
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
$(OPENSSL_PATH)/ssl/bio_ssl.c
$(OPENSSL_PATH)/ssl/d1_lib.c
$(OPENSSL_PATH)/ssl/d1_msg.c
@@ -589,13 +589,13 @@
$(OPENSSL_PATH)/ssl/t1_trce.c
$(OPENSSL_PATH)/ssl/tls13_enc.c
$(OPENSSL_PATH)/ssl/tls_srp.c
- $(OPENSSL_PATH)/ssl/statem/statem.h
- $(OPENSSL_PATH)/ssl/statem/statem_locl.h
- $(OPENSSL_PATH)/ssl/packet_locl.h
+ $(OPENSSL_PATH)/ssl/packet_local.h
$(OPENSSL_PATH)/ssl/ssl_cert_table.h
- $(OPENSSL_PATH)/ssl/ssl_locl.h
+ $(OPENSSL_PATH)/ssl/ssl_local.h
+ $(OPENSSL_PATH)/ssl/statem/statem.h
+ $(OPENSSL_PATH)/ssl/statem/statem_local.h
$(OPENSSL_PATH)/ssl/record/record.h
- $(OPENSSL_PATH)/ssl/record/record_locl.h
+ $(OPENSSL_PATH)/ssl/record/record_local.h
# Autogenerated files list ends here
buildinf.h
rand_pool_noise.h
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index f1f9fbb9..de8a9ef2 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -494,57 +494,57 @@
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
- $(OPENSSL_PATH)/crypto/store/store_locl.h
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
+ $(OPENSSL_PATH)/crypto/rc4/rc4_local.h
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
+ $(OPENSSL_PATH)/crypto/async/async_local.h
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+ $(OPENSSL_PATH)/crypto/md4/md4_local.h
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+ $(OPENSSL_PATH)/crypto/des/des_local.h
+ $(OPENSSL_PATH)/crypto/des/spr.h
$(OPENSSL_PATH)/crypto/arm_arch.h
$(OPENSSL_PATH)/crypto/mips_arch.h
$(OPENSSL_PATH)/crypto/ppc_arch.h
$(OPENSSL_PATH)/crypto/s390x_arch.h
$(OPENSSL_PATH)/crypto/sparc_arch.h
$(OPENSSL_PATH)/crypto/vms_rms.h
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
+ $(OPENSSL_PATH)/crypto/store/store_local.h
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
- $(OPENSSL_PATH)/crypto/des/spr.h
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
- $(OPENSSL_PATH)/crypto/async/async_locl.h
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
# Autogenerated files list ends here
buildinf.h
rand_pool_noise.h
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
index 9f3983f7..9e0179b0 100644
--- a/CryptoPkg/Library/OpensslLib/rand_pool.c
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-#include "internal/rand_int.h"
+#include "crypto/rand.h"
#include <openssl/aes.h>
#include <Uefi.h>
--
2.19.1

0
0019-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch → 0002-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch
View File

0
0020-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch → 0003-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch
View File

61
0003-OvmfPkg-Tcg2ConfigPei-introduce-a-signalling-PPI-to-.patch
View File

@ -1,61 +0,0 @@
From bf5008f94fd887f7f9c1daf1a09f47c0733d38ed Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:06 +0100
Subject: [PATCH 03/13] OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to
depex on
On ARM systems, the TPM does not live at a fixed address, and so we
need the platform to discover it first. So introduce a PPI that signals
that the TPM address has been discovered and recorded in the appropriate
PCD, and make Tcg2ConfigPei depex on it when built for ARM or AARCH64.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
OvmfPkg/OvmfPkg.dec | 5 +++++
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 6 +++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 4c5b651..7c27f01 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -87,6 +87,11 @@
gEfiLegacyBiosGuid = {0x2E3044AC, 0x879F, 0x490F, {0x97, 0x60, 0xBB, 0xDF, 0xAF, 0x69, 0x5F, 0x50}}
gEfiLegacyDevOrderVariableGuid = {0xa56074db, 0x65fe, 0x45f7, {0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}}
+[Ppis]
+ # PPI whose presence in the PPI database signals that the TPM base address
+ # has been discovered and recorded
+ gOvmfTpmDiscoveredPpiGuid = {0xb9a61ad0, 0x2802, 0x41f3, {0xb5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}}
+
[Protocols]
gVirtioDeviceProtocolGuid = {0xfa920010, 0x6785, 0x4941, {0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}}
gXenBusProtocolGuid = {0x3d3ca290, 0xb9a5, 0x11e3, {0xb7, 0x5d, 0xb8, 0xac, 0x6f, 0x7d, 0x65, 0xe6}}
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index e34cd62..6673ce0 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -25,6 +25,7 @@
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
@@ -43,5 +44,8 @@
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES
-[Depex]
+[Depex.IA32, Depex.X64]
TRUE
+
+[Depex.ARM, Depex.AARCH64]
+ gOvmfTpmDiscoveredPpiGuid
--
2.18.2

37
0004-ArmVirtPkg-PlatformPeiLib-make-PcdLib-dependency-exp.patch
View File

@ -1,37 +0,0 @@
From 4b9b1a6908eae0440b0d230d3ac39c6ff2a3f15f Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:07 +0100
Subject: [PATCH 04/13] ArmVirtPkg/PlatformPeiLib: make PcdLib dependency
explicit in .INF
We currently include PcdLib.h in PlatformPeiLib, without declaring
this dependency in its .INF description. Since all the PCDs we use
resolve to fixed type in practice, this does not really matter at
the moment, but since we will be adding dynamic PCD references in
a subsequent patch, let's make the PcdLib dependency explicit, so
that its dispatch is guaranteed to be ordered correctly with respect
to the provider of the dynamic PCD PPI.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 1 +
1 file changed, 1 insertion(+)
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
index 46db117..1ef04d1 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
@@ -29,6 +29,7 @@
DebugLib
HobLib
FdtLib
+ PcdLib
[FixedPcd]
gArmTokenSpaceGuid.PcdFvSize
--
2.18.2

0
0021-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch → 0004-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch
View File

318
0005-ArmVirtPkg-PlatformPeiLib-discover-the-TPM-base-addr.patch
View File

@ -1,318 +0,0 @@
From f1bb8ca123be4d0194a9f65b93a9c65c85861b50 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:08 +0100
Subject: [PATCH 05/13] ArmVirtPkg/PlatformPeiLib: discover the TPM base
address from the DT
Introduce a boolean PCD that tells us whether TPM support is enabled
in the build, and if it is, record the TPM base address in the existing
routine that traverses the device tree in the platform PEIM.
If a TPM is found, install the gOvmfTpmDiscoveredPpiGuid signalling PPI
that will unlock the dispatch of OvmfPkg's Tcg2ConfigPei. If TPM2
support is enabled in the build but no TPM2 device is found, install the
gPeiTpmInitializationDonePpiGuid PPI, which is normally installed by
Tcg2ConfigPei if no TPM2 is found, but in our case Tcg2ConfigPei will
never run so let's do it here instead.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirtPkg.dec | 6 ++
ArmVirtPkg/ArmVirtQemu.dsc | 5 +
ArmVirtPkg/ArmVirtQemuKernel.dsc | 6 ++
ArmVirtPkg/ArmVirtXen.dsc | 6 ++
.../Library/PlatformPeiLib/PlatformPeiLib.c | 101 ++++++++++++++++--
.../Library/PlatformPeiLib/PlatformPeiLib.inf | 19 +++-
6 files changed, 129 insertions(+), 14 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec
index a019cc2..0619efc 100644
--- a/ArmVirtPkg/ArmVirtPkg.dec
+++ b/ArmVirtPkg/ArmVirtPkg.dec
@@ -36,6 +36,12 @@
[Protocols]
gFdtClientProtocolGuid = { 0xE11FACA0, 0x4710, 0x4C8E, { 0xA7, 0xA2, 0x01, 0xBA, 0xA2, 0x59, 0x1B, 0x4C } }
+[PcdsFeatureFlag]
+ #
+ # Feature Flag PCD that defines whether TPM2 support is enabled
+ #
+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004
+
[PcdsFixedAtBuild, PcdsPatchableInModule]
#
# This is the physical address where the device tree is expected to be stored
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7ae6702..984df5c 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -237,6 +237,11 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
+ #
+ # TPM2 support
+ #
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 3b0f049..8243876 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -172,6 +172,12 @@
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|3
[PcdsPatchableInModule.common]
+ # we need to provide a resolution for this PCD that supports PcdSet64()
+ # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c,
+ # even though that call will be compiled out on this platform as it does
+ # not (and cannot) support the TPM2 driver stack
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+
#
# This will be overridden in the code
#
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 1b42a9a..8a6ace2 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -95,6 +95,12 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|TRUE
[PcdsPatchableInModule.common]
+ # we need to provide a resolution for this PCD that supports PcdSet64()
+ # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c,
+ # even though that call will be compiled out on this platform as it does
+ # not (and cannot) support the TPM2 driver stack
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+
#
# This will be overridden in the code
#
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
index 0a14695..eabd800 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
@@ -1,7 +1,7 @@
/** @file
*
* Copyright (c) 2011-2014, ARM Limited. All rights reserved.
-* Copyright (c) 2014, Linaro Limited. All rights reserved.
+* Copyright (c) 2014-2020, Linaro Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*
@@ -13,11 +13,24 @@
#include <Library/DebugLib.h>
#include <Library/HobLib.h>
#include <Library/PcdLib.h>
+#include <Library/PeiServicesLib.h>
#include <libfdt.h>
#include <Guid/EarlyPL011BaseAddress.h>
#include <Guid/FdtHob.h>
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gOvmfTpmDiscoveredPpiGuid,
+ NULL
+};
+
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2InitializationDonePpi = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gPeiTpmInitializationDonePpiGuid,
+ NULL
+};
+
EFI_STATUS
EFIAPI
PlatformPeim (
@@ -31,14 +44,18 @@ PlatformPeim (
UINT64 *FdtHobData;
UINT64 *UartHobData;
INT32 Node, Prev;
+ INT32 Parent, Depth;
CONST CHAR8 *Compatible;
CONST CHAR8 *CompItem;
CONST CHAR8 *NodeStatus;
INT32 Len;
+ INT32 RangesLen;
INT32 StatusLen;
CONST UINT64 *RegProp;
+ CONST UINT32 *RangesProp;
UINT64 UartBase;
-
+ UINT64 TpmBase;
+ EFI_STATUS Status;
Base = (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress);
ASSERT (Base != NULL);
@@ -58,18 +75,18 @@ PlatformPeim (
ASSERT (UartHobData != NULL);
*UartHobData = 0;
- //
- // Look for a UART node
- //
- for (Prev = 0;; Prev = Node) {
- Node = fdt_next_node (Base, Prev, NULL);
+ TpmBase = 0;
+
+ for (Prev = Depth = 0;; Prev = Node) {
+ Node = fdt_next_node (Base, Prev, &Depth);
if (Node < 0) {
break;
}
- //
- // Check for UART node
- //
+ if (Depth == 1) {
+ Parent = Node;
+ }
+
Compatible = fdt_getprop (Base, Node, "compatible", &Len);
//
@@ -93,10 +110,74 @@ PlatformPeim (
*UartHobData = UartBase;
break;
+ } else if (FeaturePcdGet (PcdTpm2SupportEnabled) &&
+ AsciiStrCmp (CompItem, "tcg,tpm-tis-mmio") == 0) {
+
+ RegProp = fdt_getprop (Base, Node, "reg", &Len);
+ ASSERT (Len == 8 || Len == 16);
+ if (Len == 8) {
+ TpmBase = fdt32_to_cpu (RegProp[0]);
+ } else if (Len == 16) {
+ TpmBase = fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RegProp));
+ }
+
+ if (Depth > 1) {
+ //
+ // QEMU/mach-virt may put the TPM on the platform bus, in which case
+ // we have to take its 'ranges' property into account to translate the
+ // MMIO address. This consists of a <child base, parent base, size>
+ // tuple, where the child base and the size use the same number of
+ // cells as the 'reg' property above, and the parent base uses 2 cells
+ //
+ RangesProp = fdt_getprop (Base, Parent, "ranges", &RangesLen);
+ ASSERT (RangesProp != NULL);
+
+ //
+ // a plain 'ranges' attribute without a value implies a 1:1 mapping
+ //
+ if (RangesLen != 0) {
+ //
+ // assume a single translated range with 2 cells for the parent base
+ //
+ if (RangesLen != Len + 2 * sizeof (UINT32)) {
+ DEBUG ((DEBUG_WARN,
+ "%a: 'ranges' property has unexpected size %d\n",
+ __FUNCTION__, RangesLen));
+ break;
+ }
+
+ if (Len == 8) {
+ TpmBase -= fdt32_to_cpu (RangesProp[0]);
+ } else {
+ TpmBase -= fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp));
+ }
+
+ //
+ // advance RangesProp to the parent bus address
+ //
+ RangesProp = (UINT32 *)((UINT8 *)RangesProp + Len / 2);
+ TpmBase += fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp));
+ }
+ }
+ break;
}
}
}
+ if (FeaturePcdGet (PcdTpm2SupportEnabled)) {
+ if (TpmBase != 0) {
+ DEBUG ((DEBUG_INFO, "%a: TPM @ 0x%lx\n", __FUNCTION__, TpmBase));
+
+ Status = (EFI_STATUS)PcdSet64S (PcdTpmBaseAddress, TpmBase);
+ ASSERT_EFI_ERROR (Status);
+
+ Status = PeiServicesInstallPpi (&mTpm2DiscoveredPpi);
+ } else {
+ Status = PeiServicesInstallPpi (&mTpm2InitializationDonePpi);
+ }
+ ASSERT_EFI_ERROR (Status);
+ }
+
BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize));
return EFI_SUCCESS;
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
index 1ef04d1..5dae4df 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
@@ -1,7 +1,7 @@
#/** @file
#
# Copyright (c) 2011-2015, ARM Limited. All rights reserved.
-# Copyright (c) 2014, Linaro Limited. All rights reserved.
+# Copyright (c) 2014-2020, Linaro Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -11,7 +11,7 @@
INF_VERSION = 0x00010005
BASE_NAME = PlatformPeiLib
FILE_GUID = 59C11815-F8DA-4F49-B4FB-EC1E41ED1F06
- MODULE_TYPE = SEC
+ MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = PlatformPeiLib
@@ -21,15 +21,21 @@
[Packages]
ArmPkg/ArmPkg.dec
ArmVirtPkg/ArmVirtPkg.dec
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
EmbeddedPkg/EmbeddedPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[FeaturePcd]
+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled
[LibraryClasses]
DebugLib
HobLib
FdtLib
PcdLib
+ PeiServicesLib
[FixedPcd]
gArmTokenSpaceGuid.PcdFvSize
@@ -38,6 +44,11 @@
[Pcd]
gArmTokenSpaceGuid.PcdFvBaseAddress
gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRODUCES
+
+[Ppis]
+ gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRODUCES
+ gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES
[Guids]
gEarlyPL011BaseAddressGuid
--
2.18.2

0
0022-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch → 0005-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch
View File

311
0006-ArmVirtPkg-implement-ArmVirtPsciResetSystemPeiLib.patch
View File

@ -1,311 +0,0 @@
From be6f854c61807ab26d7cc6db797876ed00d54469 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:09 +0100
Subject: [PATCH 06/13] ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib
Implement a ArmVirtPkg specific version of the PSCI ResetSystemLib that
is usable in the PEI phase, as the existing one relies on the FDT client
protocol, making it unsuitable.
Note that accessing the device tree passed by QEMU via its initial base
address is guaranteed to be safe at any time during the PEI phase, so we
can defer discovery of the PSCI method until the time the reset library
is actually invoked (which is rarely)
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
.../ArmVirtPsciResetSystemPeiLib.c | 232 ++++++++++++++++++
.../ArmVirtPsciResetSystemPeiLib.inf | 39 +++
2 files changed, 271 insertions(+)
create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c
create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c
new file mode 100644
index 0000000..9cfd55d
--- /dev/null
+++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c
@@ -0,0 +1,232 @@
+/** @file
+ Reset System lib using PSCI hypervisor or secure monitor calls
+
+ Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
+ Copyright (c) 2013, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.<BR>
+ Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <libfdt.h>
+#include <Library/ArmHvcLib.h>
+#include <Library/ArmSmcLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/ResetSystemLib.h>
+
+#include <IndustryStandard/ArmStdSmc.h>
+
+typedef enum {
+ PsciMethodUnknown,
+ PsciMethodSmc,
+ PsciMethodHvc,
+} PSCI_METHOD;
+
+STATIC
+PSCI_METHOD
+DiscoverPsciMethod (
+ VOID
+ )
+{
+ VOID *DeviceTreeBase;
+ INT32 Node, Prev;
+ INT32 Len;
+ CONST CHAR8 *Compatible;
+ CONST CHAR8 *CompatibleItem;
+ CONST VOID *Prop;
+
+ DeviceTreeBase = (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress);
+ ASSERT (fdt_check_header (DeviceTreeBase) == 0);
+
+ //
+ // Enumerate all FDT nodes looking for the PSCI node and capture the method
+ //
+ for (Prev = 0;; Prev = Node) {
+ Node = fdt_next_node (DeviceTreeBase, Prev, NULL);
+ if (Node < 0) {
+ break;
+ }
+
+ Compatible = fdt_getprop (DeviceTreeBase, Node, "compatible", &Len);
+ if (Compatible == NULL) {
+ continue;
+ }
+
+ //
+ // Iterate over the NULL-separated items in the compatible string
+ //
+ for (CompatibleItem = Compatible; CompatibleItem < Compatible + Len;
+ CompatibleItem += 1 + AsciiStrLen (CompatibleItem)) {
+
+ if (AsciiStrCmp (CompatibleItem, "arm,psci-0.2") != 0) {
+ continue;
+ }
+
+ Prop = fdt_getprop (DeviceTreeBase, Node, "method", NULL);
+ if (!Prop) {
+ DEBUG ((DEBUG_ERROR, "%a: Missing PSCI method property\n",
+ __FUNCTION__));
+ return PsciMethodUnknown;
+ }
+
+ if (AsciiStrnCmp (Prop, "hvc", 3) == 0) {
+ return PsciMethodHvc;
+ } else if (AsciiStrnCmp (Prop, "smc", 3) == 0) {
+ return PsciMethodSmc;
+ } else {
+ DEBUG ((DEBUG_ERROR, "%a: Unknown PSCI method \"%a\"\n", __FUNCTION__,
+ Prop));
+ return PsciMethodUnknown;
+ }
+ }
+ }
+ return PsciMethodUnknown;
+}
+
+STATIC
+VOID
+PerformPsciAction (
+ IN UINTN Arg0
+ )
+{
+ ARM_SMC_ARGS ArmSmcArgs;
+ ARM_HVC_ARGS ArmHvcArgs;
+
+ ArmSmcArgs.Arg0 = Arg0;
+ ArmHvcArgs.Arg0 = Arg0;
+
+ switch (DiscoverPsciMethod ()) {
+ case PsciMethodHvc:
+ ArmCallHvc (&ArmHvcArgs);
+ break;
+
+ case PsciMethodSmc:
+ ArmCallSmc (&ArmSmcArgs);
+ break;
+
+ default:
+ DEBUG ((DEBUG_ERROR, "%a: no PSCI method defined\n", __FUNCTION__));
+ ASSERT (FALSE);
+ }
+}
+
+/**
+ This function causes a system-wide reset (cold reset), in which
+ all circuitry within the system returns to its initial state. This type of reset
+ is asynchronous to system operation and operates without regard to
+ cycle boundaries.
+
+ If this function returns, it means that the system does not support cold reset.
+**/
+VOID
+EFIAPI
+ResetCold (
+ VOID
+ )
+{
+ // Send a PSCI 0.2 SYSTEM_RESET command
+ PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_RESET);
+}
+
+/**
+ This function causes a system-wide initialization (warm reset), in which all processors
+ are set to their initial state. Pending cycles are not corrupted.
+
+ If this function returns, it means that the system does not support warm reset.
+**/
+VOID
+EFIAPI
+ResetWarm (
+ VOID
+ )
+{
+ // Map a warm reset into a cold reset
+ ResetCold ();
+}
+
+/**
+ This function causes the system to enter a power state equivalent
+ to the ACPI G2/S5 or G3 states.
+
+ If this function returns, it means that the system does not support shutdown reset.
+**/
+VOID
+EFIAPI
+ResetShutdown (
+ VOID
+ )
+{
+ // Send a PSCI 0.2 SYSTEM_OFF command
+ PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_OFF);
+}
+
+/**
+ This function causes a systemwide reset. The exact type of the reset is
+ defined by the EFI_GUID that follows the Null-terminated Unicode string passed
+ into ResetData. If the platform does not recognize the EFI_GUID in ResetData
+ the platform must pick a supported reset type to perform.The platform may
+ optionally log the parameters from any non-normal reset that occurs.
+
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData The data buffer starts with a Null-terminated string,
+ followed by the EFI_GUID.
+**/
+VOID
+EFIAPI
+ResetPlatformSpecific (
+ IN UINTN DataSize,
+ IN VOID *ResetData
+ )
+{
+ // Map the platform specific reset as reboot
+ ResetCold ();
+}
+
+/**
+ The ResetSystem function resets the entire platform.
+
+ @param[in] ResetType The type of reset to perform.
+ @param[in] ResetStatus The status code for the reset.
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or EfiResetShutdown
+ the data buffer starts with a Null-terminated string, optionally
+ followed by additional binary data. The string is a description
+ that the caller may use to further indicate the reason for the
+ system reset.
+**/
+VOID
+EFIAPI
+ResetSystem (
+ IN EFI_RESET_TYPE ResetType,
+ IN EFI_STATUS ResetStatus,
+ IN UINTN DataSize,
+ IN VOID *ResetData OPTIONAL
+ )
+{
+ switch (ResetType) {
+ case EfiResetWarm:
+ ResetWarm ();
+ break;
+
+ case EfiResetCold:
+ ResetCold ();
+ break;
+
+ case EfiResetShutdown:
+ ResetShutdown ();
+ return;
+
+ case EfiResetPlatformSpecific:
+ ResetPlatformSpecific (DataSize, ResetData);
+ return;
+
+ default:
+ return;
+ }
+}
diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
new file mode 100644
index 0000000..b480cae
--- /dev/null
+++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
@@ -0,0 +1,39 @@
+#/** @file
+# Reset System lib using PSCI hypervisor or secure monitor calls
+#
+# Copyright (c) 2008, Apple Inc. All rights reserved.<BR>
+# Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+#**/
+
+[Defines]
+ INF_VERSION = 1.27
+ BASE_NAME = ArmVirtPsciResetSystemPeiLib
+ FILE_GUID = 551cfb98-c185-41a3-86bf-8cdb7e2a530c
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = ResetSystemLib|PEIM
+
+[Sources]
+ ArmVirtPsciResetSystemPeiLib.c
+
+[Packages]
+ ArmPkg/ArmPkg.dec
+ ArmVirtPkg/ArmVirtPkg.dec
+ EmbeddedPkg/EmbeddedPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ ArmSmcLib
+ ArmHvcLib
+ BaseLib
+ DebugLib
+ FdtLib
+ HobLib
+
+[Pcd]
+ gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
--
2.18.2

0
0023-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch → 0006-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch
View File

89
0007-ArmVirtPkg-ArmVirtQemu-add-ResetSystem-PEIM-for-upco.patch
View File

@ -1,89 +0,0 @@
From 1cb4d8d12542e95274881c7fce1c95816bd883ff Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:10 +0100
Subject: [PATCH 07/13] ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for
upcoming TPM2 support
As a first step in gradually adding TPM2 support to ArmVirtQemu, add
the TPM2_ENABLE configurable to the [Defines] section, and if it is
set, add the ResetSystem PEIM to the build, along with the library
class references that we will need to support it:
- wire ArmVirtPsciResetSystemPeiLib into the ResetSystem PEIM itself,
which will be in charge of performing the actual reset
- add PeiResetSystemLib as the common ResetSystemLib resolution for
PEIM class modules, so that other PEIMs will invoke the PPI
published by the ResetSystem PEIM.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 14 ++++++++++++++
ArmVirtPkg/ArmVirtQemu.fdf | 4 ++++
2 files changed, 18 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 984df5c..3bbc79c 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -29,6 +29,7 @@
#
DEFINE TTY_TERMINAL = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
+ DEFINE TPM2_ENABLE = FALSE
#
# Network definition
@@ -77,6 +78,10 @@
[LibraryClasses.common.PEIM]
ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf
+!if $(TPM2_ENABLE) == TRUE
+ ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf
+!endif
+
[LibraryClasses.common.DXE_DRIVER]
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
@@ -100,6 +105,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE
+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
+
[PcdsFixedAtBuild.common]
!if $(ARCH) == AARCH64
gArmTokenSpaceGuid.PcdVFPEnabled|1
@@ -266,6 +273,13 @@
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
+!if $(TPM2_ENABLE) == TRUE
+ MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf {
+ <LibraryClasses>
+ ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
+ }
+!endif
+
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 2c8936a..69fa501 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -113,6 +113,10 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+!if $(TPM2_ENABLE) == TRUE
+ INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
+!endif
+
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
SECTION FV_IMAGE = FVMAIN
--
2.18.2

0
0024-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch → 0007-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch
View File

99
0008-ArmVirtPkg-ArmVirtQemu-enable-TPM2-support-in-the-PE.patch
View File

@ -1,99 +0,0 @@
From 806d668dee96ddbb81737675b9f074e04334fb13 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:11 +0100
Subject: [PATCH 08/13] ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI
phase
Incorporate the PEI components and the associated library class
resolutions and PCD declarations to enable TPM2 support in the
PEI phase.
This patch ports (parts of) the following OvmfPkg commits to
ArmVirtQemu:
- 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone",
2018-03-09)
- 4672a4892867 ("OvmfPkg: include Tcg2Pei module", 2018-03-09)
- b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei
and Tcg2Dxe", 2018-08-16)
- 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe",
2019-07-19)
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask defaults to 0x0 so
that the TPM init code adopts the currently active PCR banks as
the ones that are enabled by default.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 20 ++++++++++++++++++++
ArmVirtPkg/ArmVirtQemu.fdf | 2 ++
2 files changed, 22 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 3bbc79c..44138e5 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -75,11 +75,17 @@
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
+!if $(TPM2_ENABLE) == TRUE
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+!endif
+
[LibraryClasses.common.PEIM]
ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf
!if $(TPM2_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
[LibraryClasses.common.DXE_DRIVER]
@@ -248,6 +254,10 @@
# TPM2 support
#
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+!if $(TPM2_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+!endif
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
@@ -278,6 +288,16 @@
<LibraryClasses>
ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
}
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+ }
!endif
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 69fa501..8488300 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -115,6 +115,8 @@ READ_LOCK_STATUS = TRUE
!if $(TPM2_ENABLE) == TRUE
INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
+ INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
--
2.18.2

0
0025-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch → 0008-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch
View File

48
0009-ArmVirtPkg-avoid-DxeTpmMeasurementLib-in-shared-.DSC.patch
View File

@ -1,48 +0,0 @@
From 785f0c94c6fa7bfbf307d2e5faa90964dca155a9 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Thu, 27 Feb 2020 15:12:32 +0100
Subject: [PATCH 09/13] ArmVirtPkg; avoid DxeTpmMeasurementLib in shared .DSC
DxeTpmMeasurementLib should only be used on platforms that implement
measured boot, which we will do in a future patch, but only for
ArmVirtQemu, as the remaining ones are fundamentally incompatible,
given that they do not implement a PEI phase.
So use TpmMeasurementLibNull as the default resolution for all
ArmVirtPkg platforms, regardless of how they are built.
This mirrors commit 1ec05b81e59f ("OvmfPkg: use DxeTpmMeasurementLib
if and only if TPM2_ENABLE", 2019-07-04).
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 10037c9..398aa7b 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -165,15 +165,14 @@
# Secure Boot dependencies
#
!if $(SECURE_BOOT_ENABLE) == TRUE
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
# re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
!else
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
--
2.18.2

0
0026-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch → 0009-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch
View File

72
0010-ArmVirtPkg-unshare-TpmMeasurementLib-resolution-betw.patch
View File

@ -1,72 +0,0 @@
From 454595840418dce7e227a70ff297b1d11593e768 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Thu, 27 Feb 2020 15:24:21 +0100
Subject: [PATCH 10/13] ArmVirtPkg: unshare TpmMeasurementLib resolution
between platforms
In preparation of conditializing the choice of resolution based on
TPM2_ENABLE for ArmVirtQemu, move the TpmMeasurementLib out of the
shared .DSC include and into the individual DSCs.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 1 -
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 +
ArmVirtPkg/ArmVirtXen.dsc | 1 +
4 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 398aa7b..0a28d3a 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -172,7 +172,6 @@
!else
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 44138e5..83c4dea 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -74,6 +74,7 @@
PciPcdProducerLib|ArmVirtPkg/Library/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
!if $(TPM2_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 8243876..7bd50e4 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -73,6 +73,7 @@
PciPcdProducerLib|ArmVirtPkg/Library/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
[LibraryClasses.common.DXE_DRIVER]
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 8a6ace2..2a4ef8d 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -47,6 +47,7 @@
BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
[LibraryClasses.common.UEFI_DRIVER]
UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
--
2.18.2

0
0027-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch → 0010-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch
View File

115
0011-ArmVirtPkg-ArmVirtQemu-enable-the-DXE-phase-TPM2-sup.patch
View File

@ -1,115 +0,0 @@
From d77e86c43972cd56b37d8f4b34c253f82aa65f54 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:12 +0100
Subject: [PATCH 11/13] ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2
support module
Enable the TPM2 support module in the DXE phase, and the associated
libraries and PCDs that it requires. This will be wired into the
measured boot support code in a subsequent patch.
Note that Tcg2Dxe.inf is added to ArmVirtQemuFvMain.fdf.inc, which
is shared with other platforms in ArmVirtPkg, but as those will not
set the TPM2_ENABLE define, this change does not affect them.
This patch ports (parts of) the following OvmfPkg commits to
ArmVirtQemu:
- 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe module", 2018-03-09)
- b9777bb42e4f ("OvmfPkg: add Tcg2PhysicalPresenceLibQemu", 2018-05-22)
-- only to match OVMF's current lib class resolutions
- 1ec05b81e59f ("OvmfPkg: use DxeTpmMeasurementLib if and only if
TPM2_ENABLE", 2019-07-04)
- b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei
and Tcg2Dxe", 2018-08-16)
- 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe",
2019-07-19)
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 26 +++++++++++++++++++++++++-
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 7 +++++++
2 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 83c4dea..291210a 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -74,10 +74,13 @@
PciPcdProducerLib|ArmVirtPkg/Library/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
!if $(TPM2_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
!endif
[LibraryClasses.common.PEIM]
@@ -92,6 +95,10 @@
[LibraryClasses.common.DXE_DRIVER]
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+!if $(TPM2_ENABLE) == TRUE
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
+!endif
+
[LibraryClasses.common.UEFI_DRIVER]
UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
@@ -470,6 +477,23 @@
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # TPM2 support
+ #
+!if $(TPM2_ENABLE) == TRUE
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+ }
+!endif
+
#
# ACPI Support
#
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 31f615a..047e99c 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -173,6 +173,13 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # TPM2 support
+ #
+!if $(TPM2_ENABLE) == TRUE
+ INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+!endif
+
#
# TianoCore logo (splash screen)
#
--
2.18.2

0
0030-MdeModulePkg-FPDT-Lock-boot-performance-table-addres.patch → 0011-MdeModulePkg-FPDT-Lock-boot-performance-table-addres.patch
View File

81
0012-ArmVirtPkg-ArmVirtQemu-enable-the-TPM2-configuration.patch
View File

@ -1,81 +0,0 @@
From c3b182fe9189137280a5397426cc08b1110aac39 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:13 +0100
Subject: [PATCH 12/13] ArmVirtPkg/ArmVirtQemu: enable the TPM2 configuration
module
Enable the DXE phase component that publishes the HII pages and
associated logic to enable TPM2 parameters to be configured by
the user via the setup menu.
This patch ports (parts of) the following commits to ArmVirtQemu:
- 3103389043bd ("OvmfPkg: Add TCG2 Configuration menu to the Device
Manager menu", 2019-02-11)
- cf3ad972a210 ("OvmfPkg: reorganize TPM2 support in DSC/FDF files",
2020-01-09)
- f55477fe2d62 ("OvmfPkg: use HII type PCDs for TPM2 config related
variables", 2020-01-09)
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 9 +++++++++
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 3 +++
2 files changed, 12 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 291210a..93b982a 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -30,6 +30,7 @@
DEFINE TTY_TERMINAL = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE TPM2_ENABLE = FALSE
+ DEFINE TPM2_CONFIG_ENABLE = FALSE
#
# Network definition
@@ -270,6 +271,11 @@
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
+!endif
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform
@@ -492,6 +498,9 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
!endif
#
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 047e99c..2fa69ce 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -178,6 +178,9 @@ READ_LOCK_STATUS = TRUE
#
!if $(TPM2_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+ INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
!endif
#
--
2.18.2

0
0031-SecurityPkg-TPM-Import-PeiDxeTpmPlatformHierarchyLib.patch → 0012-SecurityPkg-TPM-Import-PeiDxeTpmPlatformHierarchyLib.patch
View File

37
0013-ArmVirtPkg-ArmVirtQemu-enable-TPM2-based-measured-bo.patch
View File

@ -1,37 +0,0 @@
From d9c8dd64dd827cea4a533d012f344d0db6569127 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 26 Feb 2020 20:05:14 +0100
Subject: [PATCH 13/13] ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot
Now that all the TPM2 related plumbing is in place, we can add the
final piece that performs the measurements of loaded images into
the appropriate PCRs.
This patch ports commit d5a002aba0aa ("OvmfPkg: plug
DxeTpm2MeasureBootLib into SecurityStubDxe", 2018-03-09) to ArmVirtQemu.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: jiangfangjie <jiangfangjie@huawei.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 93b982a..a07d546 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -348,6 +348,9 @@
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!if $(TPM2_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
+!endif
}
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
--
2.18.2

0
0032-SecurityPkg-TPM-Fix-bugs-in-imported-PeiDxeTpmPlatfo.patch → 0013-SecurityPkg-TPM-Fix-bugs-in-imported-PeiDxeTpmPlatfo.patch
View File

106
0014-MdeModulePkg-Core-Dxe-assert-SectionInstance-invariant-in-FindChildNode.patch
View File

@ -1,106 +0,0 @@
From 4ea70df0973caf3763aa306e8d6571fc37aa35e5 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 28 Sep 2020 16:29:01 +0200
Subject: [PATCH v2 1/2] MdeModulePkg/Core/Dxe: assert SectionInstance
invariant in FindChildNode()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
FindChildNode() has two callers: GetSection(), and FindChildNode() itself.
- At the GetSection() call site, a positive (i.e., nonzero)
SectionInstance is passed. This is because GetSection() takes a
zero-based (UINTN) SectionInstance, and then passes
Instance=(SectionInstance+1) to FindChildNode().
- For reaching the recursive FindChildNode() call site, a section type
mismatch, or a section instance mismatch, is necessary. This means,
respectively, that SectionInstance will either not have been decreased,
or not to zero anyway, at the recursive FindChildNode() call site.
Add two ASSERT()s to FindChildNode(), for expressing the (SectionSize>0)
invariant.
In turn, the invariant provides the explanation why, after the recursive
call, a zero SectionInstance implies success. Capture it in a comment.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
v2:
- no change
MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 23 +++++++++++++++-----
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
index d678166db475..d7f7ef427422 100644
--- a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
+++ b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
@@ -952,8 +952,8 @@ CreateChildNode (
search.
@param SearchType Indicates the type of section to search for.
@param SectionInstance Indicates which instance of section to find.
- This is an in/out parameter to deal with
- recursions.
+ This is an in/out parameter and it is 1-based,
+ to deal with recursions.
@param SectionDefinitionGuid Guid of section definition
@param FoundChild Output indicating the child node that is found.
@param FoundStream Output indicating which section stream the child
@@ -988,6 +988,8 @@ FindChildNode (
EFI_STATUS ErrorStatus;
EFI_STATUS Status;
+ ASSERT (*SectionInstance > 0);
+
CurrentChildNode = NULL;
ErrorStatus = EFI_NOT_FOUND;
@@ -1037,6 +1039,11 @@ FindChildNode (
}
}
+ //
+ // Type mismatch, or we haven't found the desired instance yet.
+ //
+ ASSERT (*SectionInstance > 0);
+
if (CurrentChildNode->EncapsulatedStreamHandle != NULL_STREAM_HANDLE) {
//
// If the current node is an encapsulating node, recurse into it...
@@ -1050,16 +1057,20 @@ FindChildNode (
&RecursedFoundStream,
AuthenticationStatus
);
- //
- // If the status is not EFI_SUCCESS, just save the error code and continue
- // to find the request child node in the rest stream.
- //
if (*SectionInstance == 0) {
+ //
+ // The recursive FindChildNode() call decreased (*SectionInstance) to
+ // zero.
+ //
ASSERT_EFI_ERROR (Status);
*FoundChild = RecursedChildNode;
*FoundStream = RecursedFoundStream;
return EFI_SUCCESS;
} else {
+ //
+ // If the status is not EFI_SUCCESS, just save the error code and
+ // continue to find the request child node in the rest stream.
+ //
ErrorStatus = Status;
}
} else if ((CurrentChildNode->Type == EFI_SECTION_GUID_DEFINED) && (SearchType != EFI_SECTION_GUID_DEFINED)) {
--
2.19.1.3.g30247aa5d201

0
0033-SecrutiyPkg-Tcg-Import-Tcg2PlatformDxe-from-edk2-pla.patch → 0014-SecrutiyPkg-Tcg-Import-Tcg2PlatformDxe-from-edk2-pla.patch
View File

202
0015-MdeModulePkg-Core-Dxe-limit-FwVol-encapsulation-section-recursion.patch
View File

@ -1,202 +0,0 @@
From 5d02b0176fb8584e44c1b8f2bc1f934e23b017ed Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 28 Sep 2020 15:02:02 +0200
Subject: [PATCH v2 2/2] MdeModulePkg/Core/Dxe: limit FwVol encapsulation
section recursion
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The DXE Core sets up a protocol notify function in its entry point, for
instances of the Firmware Volume Block2 Protocol:
DxeMain() [DxeMain/DxeMain.c]
FwVolDriverInit() [FwVol/FwVol.c]
Assume that a 3rd party UEFI driver or application installs an FVB
instance, with crafted contents. The notification function runs:
NotifyFwVolBlock() [FwVol/FwVol.c]
installing an instance of the Firmware Volume 2 Protocol on the handle.
(Alternatively, assume that a 3rd party application calls
gDS->ProcessFirmwareVolume(), which may also produce a Firmware Volume 2
Protocol instance.)
The EFI_FIRMWARE_VOLUME2_PROTOCOL.ReadSection() member performs "a
depth-first, left-to-right search algorithm through all sections found in
the specified file" (quoting the PI spec), as follows:
FvReadFileSection() [FwVol/FwVolRead.c]
GetSection() [SectionExtraction/CoreSectionExtraction.c]
FindChildNode() [SectionExtraction/CoreSectionExtraction.c]
FindChildNode() // recursive call
FindChildNode() is called recursively for encapsulation sections.
Currently this recursion is not limited. Introduce a new PCD
(fixed-at-build, or patchable-in-module), and make FindChildNode() track
the section nesting depth against that PCD.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
v2:
- change the DEC default of the new PCD
(PcdFwVolDxeMaxEncapsulationDepth) from 8 to 16 (0x10) [Liming]
MdeModulePkg/MdeModulePkg.dec | 6 ++++
MdeModulePkg/MdeModulePkg.uni | 6 ++++
MdeModulePkg/Core/Dxe/DxeMain.inf | 1 +
MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 33 ++++++++++++++++++--
4 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index cb30a7975849..eac19a6edcc5 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1505,6 +1505,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
# @Prompt Enable Capsule On Disk support.
gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleOnDiskSupport|FALSE|BOOLEAN|0x0000002d
+ ## Maximum permitted encapsulation levels of sections in a firmware volume,
+ # in the DXE phase. Minimum value is 1. Sections nested more deeply are
+ # rejected.
+ # @Prompt Maximum permitted FwVol section nesting depth (exclusive).
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth|0x10|UINT32|0x00000030
+
[PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## This PCD defines the Console output row. The default value is 25 according to UEFI spec.
# This PCD could be set to 0 then console output would be at max column and max row.
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index b8c867379a86..9b1be3220fad 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1153,6 +1153,12 @@
"Note:<BR>"
"If Both Capsule In Ram and Capsule On Disk are provisioned at the same time, the Capsule On Disk will be bypassed."
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdFwVolDxeMaxEncapsulationDepth_PROMPT #language en-US "Maximum permitted FwVol section nesting depth (exclusive)."
+
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdFwVolDxeMaxEncapsulationDepth_HELP #language en-US "Maximum permitted encapsulation levels of sections in a firmware volume,<BR>"
+ "in the DXE phase. Minimum value is 1. Sections nested more deeply are<BR>"
+ "rejected."
+
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCapsuleInRamSupport_PROMPT #language en-US "Enable Capsule In Ram support"
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCapsuleInRamSupport_HELP #language en-US "Capsule In Ram is to use memory to deliver the capsules that will be processed after system reset.<BR><BR>"
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf
index 1d4b11dc7318..e4bca895773d 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -185,6 +185,7 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES
# [Hob]
# RESOURCE_DESCRIPTOR ## CONSUMES
diff --git a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
index d7f7ef427422..908617d1ca5c 100644
--- a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
+++ b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c
@@ -955,6 +955,9 @@ CreateChildNode (
This is an in/out parameter and it is 1-based,
to deal with recursions.
@param SectionDefinitionGuid Guid of section definition
+ @param Depth Nesting depth of encapsulation sections.
+ Callers different from FindChildNode() are
+ responsible for passing in a zero Depth.
@param FoundChild Output indicating the child node that is found.
@param FoundStream Output indicating which section stream the child
was found in. If this stream was generated as a
@@ -968,6 +971,9 @@ CreateChildNode (
@retval EFI_NOT_FOUND Requested child node does not exist.
@retval EFI_PROTOCOL_ERROR a required GUIDED section extraction protocol
does not exist
+ @retval EFI_ABORTED Recursion aborted because Depth has been
+ greater than or equal to
+ PcdFwVolDxeMaxEncapsulationDepth.
**/
EFI_STATUS
@@ -976,6 +982,7 @@ FindChildNode (
IN EFI_SECTION_TYPE SearchType,
IN OUT UINTN *SectionInstance,
IN EFI_GUID *SectionDefinitionGuid,
+ IN UINT32 Depth,
OUT CORE_SECTION_CHILD_NODE **FoundChild,
OUT CORE_SECTION_STREAM_NODE **FoundStream,
OUT UINT32 *AuthenticationStatus
@@ -990,6 +997,10 @@ FindChildNode (
ASSERT (*SectionInstance > 0);
+ if (Depth >= PcdGet32 (PcdFwVolDxeMaxEncapsulationDepth)) {
+ return EFI_ABORTED;
+ }
+
CurrentChildNode = NULL;
ErrorStatus = EFI_NOT_FOUND;
@@ -1053,6 +1064,7 @@ FindChildNode (
SearchType,
SectionInstance,
SectionDefinitionGuid,
+ Depth + 1,
&RecursedChildNode,
&RecursedFoundStream,
AuthenticationStatus
@@ -1067,9 +1079,17 @@ FindChildNode (
*FoundStream = RecursedFoundStream;
return EFI_SUCCESS;
} else {
+ if (Status == EFI_ABORTED) {
+ //
+ // If the recursive call was aborted due to nesting depth, stop
+ // looking for the requested child node. The skipped subtree could
+ // throw off the instance counting.
+ //
+ return Status;
+ }
//
- // If the status is not EFI_SUCCESS, just save the error code and
- // continue to find the request child node in the rest stream.
+ // Save the error code and continue to find the requested child node in
+ // the rest of the stream.
//
ErrorStatus = Status;
}
@@ -1272,11 +1292,20 @@ GetSection (
*SectionType,
&Instance,
SectionDefinitionGuid,
+ 0, // encapsulation depth
&ChildNode,
&ChildStreamNode,
&ExtractedAuthenticationStatus
);
if (EFI_ERROR (Status)) {
+ if (Status == EFI_ABORTED) {
+ DEBUG ((DEBUG_ERROR, "%a: recursion aborted due to nesting depth\n",
+ __FUNCTION__));
+ //
+ // Map "aborted" to "not found".
+ //
+ Status = EFI_NOT_FOUND;
+ }
goto GetSection_Done;
}
--
2.19.1.3.g30247aa5d201

0
0034-SecurityPkg-Tcg-Make-Tcg2PlatformDxe-buildable-and-f.patch → 0015-SecurityPkg-Tcg-Make-Tcg2PlatformDxe-buildable-and-f.patch
View File

190
0016-ArmPkg-CompilerIntrinsicsLib-provide-atomics-intrins.patch
View File

@ -1,190 +0,0 @@
From ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@arm.com>
Date: Wed, 20 May 2020 13:44:48 +0200
Subject: [PATCH] ArmPkg/CompilerIntrinsicsLib: provide atomics intrinsics
Gary reports the GCC 10 will emit calls to atomics intrinsics routines
unless -mno-outline-atomics is specified. This means GCC-10 introduces
new intrinsics, and even though it would be possible to work around this
by specifying the command line option, this would require a new GCC10
toolchain profile to be created, which we prefer to avoid.
So instead, add the new intrinsics to our library so they are provided
when necessary.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Tested-by: Gary Lin <glin@suse.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
---
.../CompilerIntrinsicsLib/AArch64/Atomics.S | 142 ++++++++++++++++++
.../CompilerIntrinsicsLib.inf | 3 +
2 files changed, 145 insertions(+)
create mode 100644 ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S b/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S
new file mode 100644
index 0000000000..3792020ab8
--- /dev/null
+++ b/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S
@@ -0,0 +1,142 @@
+#------------------------------------------------------------------------------
+#
+# Copyright (c) 2020, Arm, Limited. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#------------------------------------------------------------------------------
+
+ /*
+ * Provide the GCC intrinsics that are required when using GCC 9 or
+ * later with the -moutline-atomics options (which became the default
+ * in GCC 10)
+ */
+ .arch armv8-a
+
+ .macro reg_alias, pfx, sz
+ r0_\sz .req \pfx\()0
+ r1_\sz .req \pfx\()1
+ tmp0_\sz .req \pfx\()16
+ tmp1_\sz .req \pfx\()17
+ .endm
+
+ /*
+ * Define register aliases of the right type for each size
+ * (xN for 8 bytes, wN for everything smaller)
+ */
+ reg_alias w, 1
+ reg_alias w, 2
+ reg_alias w, 4
+ reg_alias x, 8
+
+ .macro fn_start, name:req
+ .section .text.\name
+ .globl \name
+ .type \name, %function
+\name\():
+ .endm
+
+ .macro fn_end, name:req
+ .size \name, . - \name
+ .endm
+
+ /*
+ * Emit an atomic helper for \model with operands of size \sz, using
+ * the operation specified by \insn (which is the LSE name), and which
+ * can be implemented using the generic load-locked/store-conditional
+ * (LL/SC) sequence below, using the arithmetic operation given by
+ * \opc.
+ */
+ .macro emit_ld_sz, sz:req, insn:req, opc:req, model:req, s, a, l
+ fn_start __aarch64_\insn\()\sz\()\model
+ mov tmp0_\sz, r0_\sz
+0: ld\a\()xr\s r0_\sz, [x1]
+ .ifnc \insn, swp
+ \opc tmp1_\sz, r0_\sz, tmp0_\sz
+ st\l\()xr\s w15, tmp1_\sz, [x1]
+ .else
+ st\l\()xr\s w15, tmp0_\sz, [x1]
+ .endif
+ cbnz w15, 0b
+ ret
+ fn_end __aarch64_\insn\()\sz\()\model
+ .endm
+
+ /*
+ * Emit atomic helpers for \model for operand sizes in the
+ * set {1, 2, 4, 8}, for the instruction pattern given by
+ * \insn. (This is the LSE name, but this implementation uses
+ * the generic LL/SC sequence using \opc as the arithmetic
+ * operation on the target.)
+ */
+ .macro emit_ld, insn:req, opc:req, model:req, a, l
+ emit_ld_sz 1, \insn, \opc, \model, b, \a, \l
+ emit_ld_sz 2, \insn, \opc, \model, h, \a, \l
+ emit_ld_sz 4, \insn, \opc, \model, , \a, \l
+ emit_ld_sz 8, \insn, \opc, \model, , \a, \l
+ .endm
+
+ /*
+ * Emit the compare and swap helper for \model and size \sz
+ * using LL/SC instructions.
+ */
+ .macro emit_cas_sz, sz:req, model:req, uxt:req, s, a, l
+ fn_start __aarch64_cas\sz\()\model
+ \uxt tmp0_\sz, r0_\sz
+0: ld\a\()xr\s r0_\sz, [x2]
+ cmp r0_\sz, tmp0_\sz
+ bne 1f
+ st\l\()xr\s w15, r1_\sz, [x2]
+ cbnz w15, 0b
+1: ret
+ fn_end __aarch64_cas\sz\()\model
+ .endm
+
+ /*
+ * Emit compare-and-swap helpers for \model for operand sizes in the
+ * set {1, 2, 4, 8, 16}.
+ */
+ .macro emit_cas, model:req, a, l
+ emit_cas_sz 1, \model, uxtb, b, \a, \l
+ emit_cas_sz 2, \model, uxth, h, \a, \l
+ emit_cas_sz 4, \model, mov , , \a, \l
+ emit_cas_sz 8, \model, mov , , \a, \l
+
+ /*
+ * We cannot use the parameterized sequence for 16 byte CAS, so we
+ * need to define it explicitly.
+ */
+ fn_start __aarch64_cas16\model
+ mov x16, x0
+ mov x17, x1
+0: ld\a\()xp x0, x1, [x4]
+ cmp x0, x16
+ ccmp x1, x17, #0, eq
+ bne 1f
+ st\l\()xp w15, x16, x17, [x4]
+ cbnz w15, 0b
+1: ret
+ fn_end __aarch64_cas16\model
+ .endm
+
+ /*
+ * Emit the set of GCC outline atomic helper functions for
+ * the memory ordering model given by \model:
+ * - relax unordered loads and stores
+ * - acq load-acquire, unordered store
+ * - rel unordered load, store-release
+ * - acq_rel load-acquire, store-release
+ */
+ .macro emit_model, model:req, a, l
+ emit_ld ldadd, add, \model, \a, \l
+ emit_ld ldclr, bic, \model, \a, \l
+ emit_ld ldeor, eor, \model, \a, \l
+ emit_ld ldset, orr, \model, \a, \l
+ emit_ld swp, mov, \model, \a, \l
+ emit_cas \model, \a, \l
+ .endm
+
+ emit_model _relax
+ emit_model _acq, a
+ emit_model _rel,, l
+ emit_model _acq_rel, a, l
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf b/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
index d5bad94677..fcf48c6781 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+++ b/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
@@ -79,6 +79,9 @@
Arm/ldivmod.asm | MSFT
Arm/llsr.asm | MSFT
+[Sources.AARCH64]
+ AArch64/Atomics.S | GCC
+
[Packages]
MdePkg/MdePkg.dec
ArmPkg/ArmPkg.dec
--
2.27.0

0
0035-SecurityPkg-Introduce-new-PCD-PcdRandomizePlatformHi.patch → 0016-SecurityPkg-Introduce-new-PCD-PcdRandomizePlatformHi.patch
View File

93
0017-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch
View File

@ -1,93 +0,0 @@
From e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 19 Nov 2020 12:50:34 +0100
Subject: [PATCH] MdeModulePkg/LzmaCustomDecompressLib: catch 4GB+ uncompressed
buffer sizes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The LzmaUefiDecompressGetInfo() function
[MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c] currently
silently truncates the UINT64 "DecodedSize" property of the compressed
blob to the UINT32 "DestinationSize" output parameter.
If "DecodedSize" is 0x1_0000_0100, for example, then the subsequent memory
allocation (for decompression) will likely succeed (allocating 0x100 bytes
only), but then the LzmaUefiDecompress() function (which re-fetches the
uncompressed buffer size from the same LZMA header into a "SizeT"
variable) will overwrite the buffer.
Catch (DecodedSize > MAX_UINT32) in LzmaUefiDecompressGetInfo() at once.
This should not be a practical limitation. (The issue cannot be fixed for
32-bit systems without spec modifications anyway, given that the
"OutputSize" output parameter of
EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL.ExtractSection() has type UINTN,
not UINT64.)
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1816
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20201119115034.12897-2-lersek@redhat.com>
---
.../Library/LzmaCustomDecompressLib/LzmaDecompress.c | 7 +++++++
.../LzmaCustomDecompressLib/LzmaDecompressLibInternal.h | 5 +++++
2 files changed, 12 insertions(+)
diff --git a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c
index c58912eb6a..8f7c242dca 100644
--- a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c
+++ b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c
@@ -127,6 +127,10 @@ GetDecodedSizeOfBuf(
in DestinationSize and the size of the scratch
buffer was returned in ScratchSize.
+ @retval RETURN_UNSUPPORTED DestinationSize cannot be output because the
+ uncompressed buffer size (in bytes) does not fit
+ in a UINT32. Output parameters have not been
+ modified.
**/
RETURN_STATUS
EFIAPI
@@ -142,6 +146,9 @@ LzmaUefiDecompressGetInfo (
ASSERT(SourceSize >= LZMA_HEADER_SIZE);
DecodedSize = GetDecodedSizeOfBuf((UINT8*)Source);
+ if (DecodedSize > MAX_UINT32) {
+ return RETURN_UNSUPPORTED;
+ }
*DestinationSize = (UINT32)DecodedSize;
*ScratchSize = SCRATCH_BUFFER_REQUEST_SIZE;
diff --git a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h
index 26f110ba2a..fbafd5f100 100644
--- a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h
+++ b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h
@@ -9,6 +9,7 @@
#ifndef __LZMADECOMPRESSLIB_INTERNAL_H__
#define __LZMADECOMPRESSLIB_INTERNAL_H__
+#include <Base.h>
#include <PiPei.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
@@ -45,6 +46,10 @@
in DestinationSize and the size of the scratch
buffer was returned in ScratchSize.
+ @retval RETURN_UNSUPPORTED DestinationSize cannot be output because the
+ uncompressed buffer size (in bytes) does not fit
+ in a UINT32. Output parameters have not been
+ modified.
**/
RETURN_STATUS
EFIAPI
--
2.27.0

0
0036-SecurityPkg-Tcg-Import-Tcg2PlatformPei-from-edk2-pla.patch → 0017-SecurityPkg-Tcg-Import-Tcg2PlatformPei-from-edk2-pla.patch
View File

0
0037-SecurityPkg-Tcg-Make-Tcg2PlatformPei-buildable-and-f.patch → 0018-SecurityPkg-Tcg-Make-Tcg2PlatformPei-buildable-and-f.patch
View File

0
0038-SecurityPkg-Add-references-to-header-and-inf-files-t.patch → 0019-SecurityPkg-Add-references-to-header-and-inf-files-t.patch
View File

50
0020-OvmfPkg-VirtioNetDxe-Extend-the-RxBufferSize-to-avoi.patch Normal file
View File

@ -0,0 +1,50 @@
From 85a19a714c4b4702edc59db0a3419f48fffe2b0a Mon Sep 17 00:00:00 2001
From: Jinhua Cao <caojinhua1@huawei.com>
Date: Thu, 17 Feb 2022 17:38:41 +0800
Subject: [PATCH] OvmfPkg: VirtioNetDxe: Extend the RxBufferSize to avoid data
truncation
1822 net card needs at least 1536 bytes for DMA, even we never negotiate
VIRTIO_NET_F_MRG_RXBUF. The original max size of packet is 15144 which would
cause data trucation. Now we extend the RxBufSize to 9014(Jumbo Frame type)
so that we can avoid it.
Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
---
OvmfPkg/Include/IndustryStandard/Virtio095Net.h | 7 +++++++
OvmfPkg/VirtioNetDxe/SnpInitialize.c | 3 ++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Include/IndustryStandard/Virtio095Net.h b/OvmfPkg/Include/IndustryStandard/Virtio095Net.h
index 9c0ed5ed24..28f5cc0899 100644
--- a/OvmfPkg/Include/IndustryStandard/Virtio095Net.h
+++ b/OvmfPkg/Include/IndustryStandard/Virtio095Net.h
@@ -88,4 +88,11 @@ typedef struct {
#define VIRTIO_NET_S_LINK_UP BIT0
#define VIRTIO_NET_S_ANNOUNCE BIT1
+//
+// 1822 net card needs at least 1536 bytes for DMA, even we never negotiate
+// VIRTIO_NET_F_MRG_RXBUF. The original max size of packet is 15144 which would
+// cause data trucation. Now we extend the RxBufSize to 9014(Jumbo Frame type)
+// so that we can avoid it.
+#define VIRTIO_RXBUF_JUMBO_PADDING 7500
+
#endif // _VIRTIO_0_9_5_NET_H_
diff --git a/OvmfPkg/VirtioNetDxe/SnpInitialize.c b/OvmfPkg/VirtioNetDxe/SnpInitialize.c
index bb3b552d68..6febfea3bb 100644
--- a/OvmfPkg/VirtioNetDxe/SnpInitialize.c
+++ b/OvmfPkg/VirtioNetDxe/SnpInitialize.c
@@ -337,7 +337,8 @@ VirtioNetInitRx (
// and Ethernet payload).
//
RxBufSize = VirtioNetReqSize +
- (Dev->Snm.MediaHeaderSize + Dev->Snm.MaxPacketSize);
+ (Dev->Snm.MediaHeaderSize + Dev->Snm.MaxPacketSize) +
+ VIRTIO_RXBUF_JUMBO_PADDING;
//
// Limit the number of pending RX packets if the queue is big. The division
--
2.27.0

51
0028-BaseTools-fix-ucs-2-lookup-on-python-3.9.patch
View File

@ -1,51 +0,0 @@
From 5df044496a30e4fa62b71513f3ae87400ceff4c4 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Wed, 12 Aug 2020 01:28:17 +0800
Subject: [PATCH] BaseTools: fix ucs-2 lookup on python 3.9
python3.9 changed/fixed codec.register behavior to always replace
hyphen with underscore for passed in codec names:
https://bugs.python.org/issue37751
So the custom Ucs2Search needs to be adapted to handle 'ucs_2' in
addition to existing 'ucs-2' for back compat.
This fixes test failures on python3.9, example:
======================================================================
FAIL: testUtf16InUniFile (CheckUnicodeSourceFiles.Tests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 375, in PreProcess
FileIn = UniFileClassObject.OpenUniFile(LongFilePath(File.Path))
File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 303, in OpenUniFile
UniFileClassObject.VerifyUcs2Data(FileIn, FileName, Encoding)
File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 312, in VerifyUcs2Data
Ucs2Info = codecs.lookup('ucs-2')
LookupError: unknown encoding: ucs-2
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
---
BaseTools/Source/Python/AutoGen/UniClassObject.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Source/Python/AutoGen/UniClassObject.py b/BaseTools/Source/Python/AutoGen/UniClassObject.py
index b2895f7e5c..883c2356e0 100644
--- a/BaseTools/Source/Python/AutoGen/UniClassObject.py
+++ b/BaseTools/Source/Python/AutoGen/UniClassObject.py
@@ -152,7 +152,7 @@ class Ucs2Codec(codecs.Codec):
TheUcs2Codec = Ucs2Codec()
def Ucs2Search(name):
- if name == 'ucs-2':
+ if name in ['ucs-2', 'ucs_2']:
return codecs.CodecInfo(
name=name,
encode=TheUcs2Codec.encode,
--
2.27.0

51
0029-BaseTools-Work-around-array.array.tostring-removal-i.patch
View File

@ -1,51 +0,0 @@
From d935684f89d972f3b9ff8fabe18fffefe75b2ed6 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Wed, 12 Aug 2020 01:28:18 +0800
Subject: [PATCH] BaseTools: Work around array.array.tostring() removal in
python 3.9
In python3, array.array.tostring() was a compat alias for tobytes().
tostring() was removed in python 3.9.
Convert this to use tolist() which should be valid for all python
versions.
This fixes this build error on python3.9:
(Python 3.9.0b5 on linux) Traceback (most recent call last):
File "/root/edk2/edk2-edk2-stable202002/BaseTools/BinWrappers/PosixLike/../../Source/Python/Trim/Trim.py", line 593, in Main
GenerateVfrBinSec(CommandOptions.ModuleName, CommandOptions.DebugDir, CommandOptions.OutputFile)
File "/root/edk2/edk2-edk2-stable202002/BaseTools/BinWrappers/PosixLike/../../Source/Python/Trim/Trim.py", line 449, in GenerateVfrBinSec
VfrUniOffsetList = GetVariableOffset(MapFileName, EfiFileName, VfrNameList)
File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 88, in GetVariableOffset
return _parseForGCC(lines, efifilepath, varnames)
File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 151, in _parseForGCC
efisecs = PeImageClass(efifilepath).SectionHeaderList
File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 1638, in __init__
if ByteArray.tostring() != b'PE\0\0':
AttributeError: 'array.array' object has no attribute 'tostring'
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>
---
BaseTools/Source/Python/Common/Misc.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Source/Python/Common/Misc.py b/BaseTools/Source/Python/Common/Misc.py
index da5fb380f0..751b2c24f0 100755
--- a/BaseTools/Source/Python/Common/Misc.py
+++ b/BaseTools/Source/Python/Common/Misc.py
@@ -1635,7 +1635,7 @@ class PeImageClass():
ByteArray = array.array('B')
ByteArray.fromfile(PeObject, 4)
# PE signature should be 'PE\0\0'
- if ByteArray.tostring() != b'PE\0\0':
+ if ByteArray.tolist() != [ord('P'), ord('E'), 0, 0]:
self.ErrorInfo = self.FileName + ' has no valid PE signature PE00'
return
--
2.27.0

BIN
brotli.tar.gz Normal file
View File

Binary file not shown.

BIN
edk2-stable202002.tar.gz → edk2-stable202011.tar.gz
View File

Binary file not shown.

84
edk2.spec
View File

@ -1,55 +1,44 @@
%global stable_date 202002 %global stable_date 202011
%global release_tag edk2-stable%{stable_date} %global release_tag edk2-stable%{stable_date}
%global openssl_version 1.1.1f %global openssl_version 1.1.1f
%global _python_bytecompile_extra 0 %global _python_bytecompile_extra 0
Name: edk2 Name: edk2
Version: %{stable_date} Version: %{stable_date}
Release: 12 Release: 3
Summary: EFI Development Kit II Summary: EFI Development Kit II
License: BSD-2-Clause-Patent License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/edk2 URL: https://github.com/tianocore/edk2
Source0: https://github.com/tianocore/edk2/archive/%{release_tag}.tar.gz Source0: https://github.com/tianocore/edk2/archive/%{release_tag}.tar.gz
Source1: openssl-%{openssl_version}.tar.gz Source1: openssl-%{openssl_version}.tar.gz
Source2: brotli.tar.gz
Patch0001: 0001-CryptoPkg-OpensslLib-Modify-process_files.pl-for-Ope.patch # for CVE-2021-38575
Patch0002: 0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1f.patch Patch0001: 0001-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch
Patch0003: 0003-OvmfPkg-Tcg2ConfigPei-introduce-a-signalling-PPI-to-.patch Patch0002: 0002-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch
Patch0004: 0004-ArmVirtPkg-PlatformPeiLib-make-PcdLib-dependency-exp.patch Patch0003: 0003-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch
Patch0005: 0005-ArmVirtPkg-PlatformPeiLib-discover-the-TPM-base-addr.patch Patch0004: 0004-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch
Patch0006: 0006-ArmVirtPkg-implement-ArmVirtPsciResetSystemPeiLib.patch Patch0005: 0005-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch
Patch0007: 0007-ArmVirtPkg-ArmVirtQemu-add-ResetSystem-PEIM-for-upco.patch Patch0006: 0006-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch
Patch0008: 0008-ArmVirtPkg-ArmVirtQemu-enable-TPM2-support-in-the-PE.patch Patch0007: 0007-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch
Patch0009: 0009-ArmVirtPkg-avoid-DxeTpmMeasurementLib-in-shared-.DSC.patch Patch0008: 0008-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch
Patch0010: 0010-ArmVirtPkg-unshare-TpmMeasurementLib-resolution-betw.patch Patch0009: 0009-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch
Patch0011: 0011-ArmVirtPkg-ArmVirtQemu-enable-the-DXE-phase-TPM2-sup.patch Patch0010: 0010-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch
Patch0012: 0012-ArmVirtPkg-ArmVirtQemu-enable-the-TPM2-configuration.patch
Patch0013: 0013-ArmVirtPkg-ArmVirtQemu-enable-TPM2-based-measured-bo.patch # for CVE-2021-28216
Patch0014: 0014-MdeModulePkg-Core-Dxe-assert-SectionInstance-invariant-in-FindChildNode.patch Patch0011: 0011-MdeModulePkg-FPDT-Lock-boot-performance-table-addres.patch
Patch0015: 0015-MdeModulePkg-Core-Dxe-limit-FwVol-encapsulation-section-recursion.patch
Patch0016: 0016-ArmPkg-CompilerIntrinsicsLib-provide-atomics-intrins.patch # for CVE-2021-38576
Patch0017: 0017-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch Patch0012: 0012-SecurityPkg-TPM-Import-PeiDxeTpmPlatformHierarchyLib.patch
Patch0018: 0018-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch Patch0013: 0013-SecurityPkg-TPM-Fix-bugs-in-imported-PeiDxeTpmPlatfo.patch
Patch0019: 0019-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch Patch0014: 0014-SecrutiyPkg-Tcg-Import-Tcg2PlatformDxe-from-edk2-pla.patch
Patch0020: 0020-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch Patch0015: 0015-SecurityPkg-Tcg-Make-Tcg2PlatformDxe-buildable-and-f.patch
Patch0021: 0021-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch Patch0016: 0016-SecurityPkg-Introduce-new-PCD-PcdRandomizePlatformHi.patch
Patch0022: 0022-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch Patch0017: 0017-SecurityPkg-Tcg-Import-Tcg2PlatformPei-from-edk2-pla.patch
Patch0023: 0023-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch Patch0018: 0018-SecurityPkg-Tcg-Make-Tcg2PlatformPei-buildable-and-f.patch
Patch0024: 0024-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch Patch0019: 0019-SecurityPkg-Add-references-to-header-and-inf-files-t.patch
Patch0025: 0025-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch
Patch0026: 0026-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch Patch0020: 0020-OvmfPkg-VirtioNetDxe-Extend-the-RxBufferSize-to-avoi.patch
Patch0027: 0027-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch
Patch0028: 0028-BaseTools-fix-ucs-2-lookup-on-python-3.9.patch
Patch0029: 0029-BaseTools-Work-around-array.array.tostring-removal-i.patch
Patch0030: 0030-MdeModulePkg-FPDT-Lock-boot-performance-table-addres.patch
Patch0031: 0031-SecurityPkg-TPM-Import-PeiDxeTpmPlatformHierarchyLib.patch
Patch0032: 0032-SecurityPkg-TPM-Fix-bugs-in-imported-PeiDxeTpmPlatfo.patch
Patch0033: 0033-SecrutiyPkg-Tcg-Import-Tcg2PlatformDxe-from-edk2-pla.patch
Patch0034: 0034-SecurityPkg-Tcg-Make-Tcg2PlatformDxe-buildable-and-f.patch
Patch0035: 0035-SecurityPkg-Introduce-new-PCD-PcdRandomizePlatformHi.patch
Patch0036: 0036-SecurityPkg-Tcg-Import-Tcg2PlatformPei-from-edk2-pla.patch
Patch0037: 0037-SecurityPkg-Tcg-Make-Tcg2PlatformPei-buildable-and-f.patch
Patch0038: 0038-SecurityPkg-Add-references-to-header-and-inf-files-t.patch
BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command
@ -101,6 +90,8 @@ EFI Development Kit II Open Virtual Machine Firmware (ia32)
%prep %prep
%setup -n edk2-%{release_tag} %setup -n edk2-%{release_tag}
tar -xf %{SOURCE1} -C CryptoPkg/Library/OpensslLib/openssl --strip-components=1 tar -xf %{SOURCE1} -C CryptoPkg/Library/OpensslLib/openssl --strip-components=1
tar -xf %{SOURCE2} -C MdeModulePkg/Library/BrotliCustomDecompressLib/brotli --strip-components=1
tar -xf %{SOURCE2} -C BaseTools/Source/C/BrotliCompress/brotli --strip-components=1
%autopatch -p1 %autopatch -p1
%build %build
@ -183,7 +174,7 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%files devel %files devel
%license License.txt %license License.txt
%license LICENSE.openssl %license LICENSE.openssl
%{_bindir}/Brotli %{_bindir}/BrotliCompress
%{_bindir}/DevicePath %{_bindir}/DevicePath
%{_bindir}/EfiRom %{_bindir}/EfiRom
%{_bindir}/GenCrc32 %{_bindir}/GenCrc32
@ -247,16 +238,19 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
%endif %endif
%changelog %changelog
* Thu Jan 27 2022 Jinhua Cao <caojinhua1@huawei.com> - 202002-12 * Tue Feb 15 2020 Jinhua Cao<caojinhua1@huawei.com> -202011-2
- fix CVE-2021-38576 - fix CVE-2021-38576
* Tue Jan 18 2022 Jinhua Cao <caojinhua1@huawei.com> - 202002-11 * Mon Feb 7 2022 Jinhua Cao<caojinhua1@huawei.com> - 202011-1
- fix CVE-2021-28216 - update edk2 to stable 202011
* Tue Jan 18 2022 Jinhua Cao <caojinhua1@huawei.com> - 202002-10 * Wed Jan 12 2022 Jinhua Cao<caojinhua1@huawei.com> - 202002-11
- BaseTools: fix ucs-2 lookup on python3.9 - BaseTools: fix ucs-2 lookup on python3.9
- BaseTools: Work around array.array.tostring() removal in python3.9 - BaseTools: Work around array.array.tostring() removal in python3.9
* Wed Dec 1 2021 Jinhua Cao<caojinhua1@huawei.com> -202002-10
- fix CVE-2021-28216
* Wed Sep 22 2021 imxcc <xingchaochao@huawei.com> - 202002-9 * Wed Sep 22 2021 imxcc <xingchaochao@huawei.com> - 202002-9
- fix cve-2021-38575 - fix cve-2021-38575