Fix TlsMbedtlsLib #460

Wenxing-hou · 2024-01-03T09:07:55Z

No description provided.

Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for OvmfPkg{Ia32, X64, Ia32X64} platforms. Tested-by: Gerd Hoffmann <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]>

Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the Microvm platform. Signed-off-by: Pedro Falcato <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>

Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the Bhyve platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Acked-by: Peter Grehan <[email protected]> Acked-by: Corvin Köhne <[email protected]>

Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the CloudHv platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>

Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the IntelTdx platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Ard Biesheuvel <[email protected]>

Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the AmdSev platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>

Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the OvmfXen platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Anthony PERARD <[email protected]>

Now that OvmfPkg/SataControllerDxe and its MdeModulePkg counterpart have been unified, and no in-tree uses of the OVMF variant remain, let's delete it. Tested-by: Gerd Hoffmann <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]>

…view. As per the SMBIOS spec, in smbios type0 table, if the Bios size is greater than 16MB, extended bios size is used to update size information and bios size is set to 0xff. when this data is printed by smbiosview, both bios size and extended bios size is printed if the smbios version is beyond 3.1, which is incorrect as Bios size is set to 0xff when rom size is more than 16MB. To fix this bug, added a condition to print bios size only when it is not set to 0xff or if the smbios version is older than 3.1. Signed-off-by: Thejaswani Putta <[email protected]> Cc: Ray Ni <[email protected]> Cc: Zhichao Gao <[email protected]> Reviewed-by: Zhichao Gao <[email protected]>

In case ShellConvertStringToUint64() fails the Handles are left uninitialized. That can for example happen for Handle2 and Handle3 in case only one parameter was specified on the command line. Which can trigger the ASSERT() in line 185. Reproducer: boot ovmf to efi shell in qemu, using q35 machine type, then try disconnect the sata controller in efi shell. Fix that by explicitly setting them to NULL in that case. While being at it also simplify the logic and avoid pointlessly calling ShellConvertStringToUint64() in case ParamN is NULL. Signed-off-by: Gerd Hoffmann <[email protected]> Reviewed-by: Zhichao Gao <[email protected]>

Uncrustify checks are too rigid, making them counter-productive: - it leads to code that is arguably harder to parse visually (e.g., the changes to ArmPkg/Include/Chipset/AArch64Mmu.h in commit 429309e) - it forces indentation-only changes to code in the vicinity of actual changes, making the code history more bloated than necessary (see commit 7f19832 for an example) - finding out from the web UI what exactly Uncrustify objected to is not straight-forward. So let's enable AuditMode for ArmPkg, so that interested parties can see the uncrustify recommendations if desired, but without preventing the changes from being merged. This leaves it at the discretion of the ArmPkg maintainers to decide which level of conformance is required. Cc: Leif Lindholm <[email protected]> Cc: "Kinney, Michael D" <[email protected]> Cc: Michael Kubacki <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]> Reviewed-by: Leif Lindholm <[email protected]>

They are useful for those platforms where SMC SiP calls exist. Signed-off-by: Marcin Juszkiewicz <[email protected]> Reviewed-by: Leif Lindholm <[email protected]>

The RISC-V version of the DXE IPL does not implement setting the stack NX, so before switching to an implementation that will ASSERT() on the missing support, drop the PCD setting that enables it. Signed-off-by: Ard Biesheuvel <[email protected]> Reviewed-by: Sunil V L <[email protected]>

Edk2 was failing, rather than creating more PML4 entries, when they weren't present in the initial memory acceptance flow. Because of that VMs with more than 512G memory were crashing. This code fixes that. This change affects only SEV-SNP VMs. The code was tested by successfully booting a 512G SEV-SNP VM. Signed-off-by: Mikolaj Lisik <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Tom Lendacky <[email protected]>

Xen and bhyve are placing ACPI tables into system memory. So, they can share the same code. Therefore, create a new library which searches and installs ACPI tables from system memory. Signed-off-by: Corvin Köhne <[email protected]> Reviewed-by: Anthony PERARD <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>

This makes the function reuseable by bhyve. Signed-off-by: Corvin Köhne <[email protected]> Reviewed-by: Anthony PERARD <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>

It's much easier to create configuration dependent ACPI tables for bhyve than for OVMF. For this reason, don't use the statically created ACPI tables provided by OVMF. Instead, prefer the dynamically created ACPI tables of bhyve. If bhyve provides no ACPI tables or we are unable to detect those, fall back to OVMF tables. Ideally, we use the qemu fwcfg interface to pass the ACPI tables from bhyve to OVMF. bhyve will support this in the future. However, current bhyve executables don't support passing ACPI tables by the qemu fwcfg interface. They just copy the ACPI into main memory. For that reason, pick up the ACPI tables from main memory. Signed-off-by: Corvin Köhne <[email protected]> Reviewed-by: Rebecca Cran <[email protected]> Acked-by: Peter Grehan <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>

Currently, CharEncodingCheckPlugin prints a message for every file that passes the test, which for some platforms can cause most of the CI build log to be filled with this print. It does not add any value, so this patch removes the noisy print and only prints if the encoding check fails. Cc: Sean Brogan <[email protected]> Cc: Michael Kubacki <[email protected]> Cc: Michael D Kinney <[email protected]> Cc: Liming Gao <[email protected]> Reviewed-by: Michael D Kinney <[email protected]> Reviewed-by: Michael Kubacki <[email protected]> Signed-off-by: Oliver Smith-Denny <[email protected]>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4474 ACPI_Spec_6_5_Aug29 Table 5.19 page 128 that MADT Revision field is 6. Cc: Michael D Kinney <[email protected]> Cc: Liming Gao <[email protected]> Cc: Zhiguang Liu <[email protected]> Cc: Jiewen Yao <[email protected]> Signed-off-by: Aryeh Chen <[email protected]> Reviewed-by: Michael D Kinney <[email protected]> Reviewed-by: Liming Gao <[email protected]> Tested-by: Aryeh Chen <[email protected]>

Implement the SpeculationBarrier with implementations consisting of fence instruction which provides finer-grain memory orderings. Perform Data Barrier in RiscV: fence rw,rw Perform Instruction Barrier in RiscV: fence.i; fence r,r More detail is in Appendix A: RVWMO Explanatory Material in https://github.com/riscv/riscv-isa-manual This API is first introduced in the below commits for IA32 and x64 tianocore/edk2@d9f1cac tianocore/edk2@e83d841 and below the commit for ARM and AArch64 implementation tianocore/edk2@c0959b4 This commit is to add the RiscV64 implementation which will be used by variable service under Variable/RuntimeDxe Cc: Andrei Warkentin <[email protected]> Cc: Evan Chai <[email protected]> Cc: Sunil V L <[email protected]> Cc: Tuan Phan <[email protected]> Signed-off-by: Yong Li <[email protected]> Reviewed-by: Sunil V L <[email protected]>

If there is no port multiplier, PortMultiplierPort should be converted to 0 to follow AHCI spec. The same logic already applied in AtaAtapiPassThruDxe driver. Signed-off-by: Neo Hsueh <[email protected]> Acked-by: Abner Chang <[email protected]> Reviewed-by: Hao A Wu <[email protected]>

RedfishClientPkg is moved from edk2-staging repository to edk2-redfish-client repository. Update the link in Readme.md to new location. Signed-off-by: Nickle Wang <[email protected]> Cc: Abner Chang <[email protected]> Cc: Igor Kulchytskyy <[email protected]> Reviewed-by: Abner Chang <[email protected]>

Supreeth is no longer [email protected]. Therefore, remove the reviewer entry from StandaloneMmPkg. Signed-off-by: Sami Mujawar <[email protected]>

Add Ray, remove Jiewen. Signed-off-by: Ray Ni <[email protected]> Reviewed-by: Sami Mujawar <[email protected]> Reviewed-by: Jiewen Yao <[email protected]>

Currently, have two command for pre-build binary support 1. --BuildEntryOnly: build UPL Entry file 2. --PreBuildUplBinary: build UPL binary based on UPL And these two commands should be exclusived, shouldn't have chance run it in the meantime. Case1: Build UPL entry with CLANGDWARF python UefiPayloadPkg/UniversalPayloadBuild.py --BuildEntryOnly Case2: Use pre-built UPL entry and build other fv by VS2019 python UefiPayloadPkg/UniversalPayloadBuild.py -t VS2019 \ --PreBuildUplBinary UniversalPayload.elf Case3: Build UPL Entry with CLANGDWARF and build other fv by VS2019 python UefiPayloadPkg/UniversalPayloadBuild.py -t VS2019 Cc: Guo Dong <[email protected]> Cc: Ray Ni <[email protected]> Cc: Sean Rhodes <[email protected]> Cc: James Lu <[email protected]> Cc: Gua Guo <[email protected]> Signed-off-by: Gua Guo <[email protected]> Reviewed-by: James Lu <[email protected]>

The initial version of Smbios Specification 3.6.0 type 45 and type 46 support. Signed-off-by: Simon Wang <[email protected]> Cc: Ray Ni <[email protected]> Cc: Zhichao Gao <[email protected]> Reviewed-by: Zhichao Gao <[email protected]>

This library supports a PeiServicesTablePointerLib implementation that allows code dependent upon PeiServicesTable to operate in an isolated execution environment such as within the context of a host-based unit test framework. The unit test should initialize the PeiServicesTable database with any required elements (e.g. PPIs, Hob etc.) prior to the services being invoked by code under test. It is strongly recommended to clean any global databases by using EFI_PEI_SERVICES.ResetSystem2 after every unit test so the tests execute in a predictable manner from a clean state. Cc: Michael D Kinney <[email protected]> Reviewed-by: Michael Kubacki <[email protected]> Cc: Sean Brogan <[email protected]> Reviewed-by: Ray Ni <[email protected]> Signed-off-by: Zhiguang Liu <[email protected]>

The Shell binaries are not generated anymore in each stable tag release. So, remove the section. Reviewed-by: Zhichao Gao <[email protected]> Cc: Leif Lindholm <[email protected]> Reviewed-by: Ard Biesheuvel <[email protected]> Signed-off-by: Ray Ni <[email protected]>

Signed-off-by: Ray Ni <[email protected]> Cc: Guo Dong <[email protected]> Cc: Sean Rhodes <[email protected]> Cc: James Lu <[email protected]> Reviewed-by: Gua Guo <[email protected]> Reviewed-by: Zhichao Gao <[email protected]> Reviewed-by: Gua Guo <[email protected]>

…ault REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4479 Add CAPSULE_SUPPORT to optionally select CapsuleLib instance, default value is FALSE. Cc: Ray Ni <[email protected]> Cc: Sean Rhodes <[email protected]> Reviewed-by: Gua Guo <[email protected]> Reviewed-by: James Lu <[email protected]> Cc: Guo Dong <[email protected]> Signed-off-by: MarsX Lin <[email protected]>

Signed-off-by: Wenxing Hou <[email protected]>

Signed-off-by: Yi Li <[email protected]>

Signed-off-by: Wenxing Hou <[email protected]>

In Pkcs7 spec RFC2315: The IMPLICIT [0] tag in the authenticatedAttributes field is not part of the Attributes value. The Attributes value’s tag is SET OF, and the DER encoding of the SET OF tag, rather than of the IMPLICIT [0] tag, is to be digested along with the length and contents octets of the Attributes value. And this operation is same with Openssl code ``` alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); ``` in PKCS7_signatureVerify API. Signed-off-by: Wenxing Hou <[email protected]>

Signed-off-by: Wenxing Hou <[email protected]>

The before TlsSetCaCertificate use local variable is wrong. Signed-off-by: Wenxing Hou <[email protected]>

Signed-off-by: Wenxing Hou <[email protected]>

liyi77 · 2024-01-04T03:39:51Z

CryptoPkg/Library/TlsLibMbedtls/InternalTlsLib.h


+
+  TLS_CIPHER_BUFFER TlsCipherBuffer;


Give a point here and malloc buffer when initializing Tls

liyi77 · 2024-01-04T03:40:20Z