Include PerformanceLib for StandaloneMmCore, add performance logging for
MM driver loading and starting.
Add FV_FILEPATH_DEVICE_PATH into Loaded Image protocol for MM driver,
then StandaloneMmCorePerformanceLib can get the FILE_GUID from the device
path.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
OVMF SmbiosVersionLib applies to QEMU SMBIOS only, it does not
work on Bare Metal platform. Drop SmbiosVersionLib dependency
for SmbiosDxe on AArch64 architecture.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
This commit updates the SecurityFixes.yaml file to include
information about the CVE-2024-38797 vulnerability.
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
Namely:
(1) The TWO_BYTE_ENCODE check is independent of Index. If it evalutes
to TRUE for Index==0, then it will evaluate to TRUE for all other
Index values as well. As a result, the (Index == HASHALG_MAX)
condition will fire after the loop, and we'll return
EFI_UNSUPPORTED.
While this is correct, functionally speaking, it is wasteful to
keep re-checking TWO_BYTE_ENCODE in the loop body. The check
should be made at the top of the function, and EFI_UNSUPPORTED
should be returned at once, if appropriate.
(2) If the hash algorithm selected by Index has such a large OID that
the OID comparison cannot even be performed (because AuthDataSize
is not large enough for containing the OID in question, starting
at offset 32), then the function returns EFI_UNSUPPORTED at once.
This is bogus; this case should simply be treated as an OID
mismatch, and the loop should advance to the next Index value /
hash algorithm candidate. A remaining hash algo may have a shorter
OID and yield an OID match.
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
Namely:
(1) The TWO_BYTE_ENCODE check is independent of Index. If it evalutes
to TRUE for Index==0, then it will evaluate to TRUE for all other
Index values as well. As a result, the (Index == HASHALG_MAX)
condition will fire after the loop, and we'll return
EFI_UNSUPPORTED.
While this is correct, functionally speaking, it is wasteful to
keep re-checking TWO_BYTE_ENCODE in the loop body. The check
should be made at the top of the function, and EFI_UNSUPPORTED
should be returned at once, if appropriate.
(2) If the hash algorithm selected by Index has such a large OID that
the OID comparison cannot even be performed (because AuthDataSize
is not large enough for containing the OID in question, starting
at offset 32), then the function returns EFI_UNSUPPORTED at once.
This is bogus; this case should simply be treated as an OID
mismatch, and the loop should advance to the next Index value /
hash algorithm candidate. A remaining hash algo may have a shorter
OID and yield an OID match.
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
In HashPeImageByType(), the hash of PE/COFF image is calculated.
This function may get untrusted input.
Inside this function, the following code verifies the loaded image has
the correct format, by reading the second byte of the buffer.
```c
if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
...
}
```
The input image is not trusted and that may not have the second byte to
read. So this poses an out of bound read error.
With below fix we are assuring that we don't do out of bound read. i.e,
we make sure that AuthDataSize is greater than 1.
```c
if (AuthDataSize > 1
&& (*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE){
...
}
```
AuthDataSize size is verified before reading the second byte.
So if AuthDataSize is less than 2, the second byte will not be read, and
the out of bound read situation won't occur.
Tested the patch on real platform with and without TPM connected and
verified image is booting fine.
Authored-by: Raj AlwinX Selvaraj <Alw...@intel.com>
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
Added switch case for ArmV9 processor family inside function
DisplayProcessorFamily2 in PrintInfo.c to avoid inappropriate data
shown while accessing Type 4 Smbios table. ArmV9 processor family
is added in Smbios Spec 3.8 which should be noted.
Signed-off-by: Praveen Sankar N <praveensankarn@ami.com>
When a module M depends on L1, which depends on L2,
which depends on L3, the build fails when the library instance
of L3 cannot be found according to the library class-instance
mapping configuration specified in the DSC file.
When such failure happens, the build tool only prints that the
instance of L3 required by module M cannot be found. But it
does not tell how L3 is required by M.
The change enhances build tool to print the entire dependency
chain when such failure happens.
With the change, the new error message will be as follows:
<dsc-path>(...): error 4000: Instance of library class [L3] is not
found for module [M], [L3] is:
consumed by <instance of L2>
consumed by <instance of L1>
Signed-off-by: Ray Ni <ray.ni@intel.com>
Recent AMD platforms reserve parts of the lower DRAM where UefiPayload is
being loaded to and since UefiPayloadEntry doesn't care, it uses the reserved
memory for HOB and memory allocation.
The bootloader cannot prevent this, as it can only place the UEFI FV in
usable DRAM, but it has no control over EfiBootService memory allocations.
This issue prevents boot on those platforms without any specific error message.
It's not vendor specific and can happen on every platform.
Add the same logic as used on UniversalPayload and do the following:
- Walk bootloader provided memory information
- Skip everything that's not marked as usable DRAM
- Align entries to 1MiB boundary
- Don't use memory above 4GiB on x86_32
- Skip memory ranges too small
- Don't use memory currently occupied by the UEFI FV itself
Once a useable memory range is found pass it to HobConstructor().
TEST: Fixes boot on AMD/glinda, that reserved memory at 2000000h.
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3398
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3430
MM communicate protocols are expanded with EFI_MM_COMMUNICATE_HEADER_V3
structure that cooperates with updated field types and flexible array.
The PiSmmCore implementation is updated to detect and process incoming
data accordingly.
Two checks are also performed to prevent legacy communicate data or
unsupported data is fed into MM core under agreed header guid.
Signed-off-by: Kun Qin <kuqin12@gmail.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3398
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3430
MM communicate protocols are expanded with EFI_MM_COMMUNICATE_HEADER_V3
structure that cooperates with updated field types and flexible array.
The PiSmmCore implementation is updated to detect and process incoming
data accordingly.
Two checks are also performed to prevent legacy communicate data or
unsupported data is fed into MM core under agreed header guid.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3398
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3430
This change introduces a new definition for MM communicate PPI v3.
This PPI will be installed under a new GUID in contrast to exisiting
EFI_PEI_MM_COMMUNICATION_PPI.
Data communicated to MM through EFI_PEI_MM_COMMUNICATION3_PPI should
always start with EFI_MM_COMMUNICATE_HEADER_V3 with its HeaderGuid,
Signature and Version fields properly populated.
Signed-off-by: Kun Qin <kuqin12@gmail.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3398
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3430
This change introduces a new definition for MM communicate protocol v3.
This protocol will be installed under a new GUID in contrast to exisiting
EFI_MM_COMMUNICATION_PROTOCOL.
Data communicated to MM through EFI_MM_COMMUNICATION3_PROTOCOL should
always start with EFI_MM_COMMUNICATE_HEADER_V3 with its HeaderGuid,
Signature and Version fields properly populated.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3398
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3430
This change introduces a new definition for MM communicate header
structure, intending to provide better portability between different
architectures (IA32 & X64) and adapt to flexible array supported by
modern compilers.
The original MessageLength field of EFI_MM_COMMUNICATE_HEADER, as a
generic definition, was used for both PEI and DXE MM communication. On a
system that supports PEI MM launch, but operates PEI in 32bit mode and MM
foundation in 64bit, the current EFI_MM_COMMUNICATE_HEADER definition
will cause structure parse error due to UINTN used. This introduction
removes the architecture dependent field by defining this field as
UINT64.
The new signature could help identifying whether the data received is
compiliant with this new data structure, which will help for binary
release modules to identify usage of legacy data structure.
BufferSize field is also added to indicate the full range of communicate
region available to the SMI handler.
The data field of MM communicate message is replaced with flexible array
to allow users not having to consume extra data during communicate and
author code more intrinsically.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Kun Qin <kuqin12@gmail.com>
ShellPkg/SmbiosView tool changes for InterfaceTypeSpecificData decode and print
Previously, the InterfaceTypeSpecificData of SMBIOS type42 table was dumped
as hex in the SmbiosView tool output
This commit adds decode, interpretation and print as per SMBIOS spec version 3.8.0
Signed-off-by: G Edhaya Chandran <edhaya.chandran@arm.com>
Enums for MCTPHostInterface are defined from Management Component Transport Protocol (MCTP) IDs and Codes specification (DSP0239)
These are referenced for the decode of InterfaceTypeSpecificData of SMBIOS table 42 by ShellPkg/SmbiosView
Signed-off-by: G Edhaya Chandran <edhaya.chandran@arm.com>
This corrects the value of the type `Named Component` and `Root Complex`
in the structure comments, according to the DEN0049E_IO_Remapping_Table
specification [1], table 2.
[1] https://developer.arm.com/documentation/den0049/latest
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
If the column width of screen cannot be divisible by three, one or two
rows will be superfluous in the 3rd column. so, Optimize calculation method
of 3rd cloumn to fill entire row.
Signed-off-by: Gao Qihang <gaoqihang@loongson.cn>
This change added the support for using 18 registers when FF-A
DIRECT_REQ2 is used to communicate with MM core.
This change was tested on QEMU SBSA and booted to Windows.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change expands the support of FF-A direct message 2 call to use the
full 18 registers.
It also adds a check in the contructors to ensure the SMCCC meets the
minimal requirement of v1.2 to support FF-A v1.2 usage.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This extends ARM_SVC_ARGS to support all x0-x17 registers use case for
FF-A.
The ArmCallSvc function is also updated to support 18-register usage.
Co-authored-by: Olivier Deprez <Olivier.Deprez@arm.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This extends ARM_SMC_ARGS to support all x0-x17 registers use case for
FF-A.
The ArmCallSmc function is also updated to support 18-register usage.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Add a stub function to read host interface USB serial number,
append serial number to SMBIOS type 42 record if valid data
is returned.
Signed-off-by: Thejaswani Putta <tputta@nvidia.com>
- Updated Maintainers.txt to include Guillermo Antonio Palomino Sosa
as a maintainer for the BaseTools section.
- Added his contact information: email and GitHub username.
Signed-off-by: Guillermo Antonio Palomino Sosa <guillermo.a.palomino.sosa@intel.com>
Adds `gEfiEventExitBootServicesGuid` to the `[Guids]` section and
removes `gEdkiiSmmExitBootServicesProtocolGuid` from the
`[Protocols]` section for the current implementation.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
If an FV_SPARE_SPACE_THRESHOLD is enabled and an FV
is 100% full with 0 bytes free, then this is likely
a special FV that may have alignment requirements
for the FFS file for both the start address and the
length and the FFS file consumes all the available
FV space.
Reduce FV_SPARE_SPACE_THRESHOLD from an error to a
warning if this FV 0 bytes free condition is
detected.
PR #10828 introduced the generation of these error
conditions for an FV with large alignment requirements.
The pad region before the aligned FFS file used to
be counted as free space even though it could never
be used due to the alignment requirements. There was
actually no free space available. PR #10828 fixed the
free space calculation to properly show it as 0 bytes
free, and this change then caused build error when
FV_SPARE_SPACE_THRESHOLD feature was enabled. The
reduction to a warning for this condition allows the
build to complete with errors and also provides a
build log warning message for review.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
_SetSVCMode sits shortly after _ModuleEntryPoint, to switch into SVC mode
and mask FIQ and IRQ exceptions (making it badly named to boot).
But this should always be the state we start executing in, so most
likely this is another remnant of a time when the edk2 image also
contained Secure Monitor code, which has not been supported for some
time now.
Delete the whole stanza and see if anything breaks.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
Hot Pluggable resource attribute was introduced in UEFI 2.11 and PI 1.9
specifications.
This type should have an entry in the Attribute Conversion Table.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
Correct the GCC GenFw and ld flag to build PRM run time modules.
These changes are made for X64 GCC compiler, current present for AARCH64 only.
Adds addition _X64_OBJCOPY_STRIPFLAG for X64 to retain required symbol
during objcopy.
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
Produce gMmStatusCodeUseSerialHobGuid as MM Foundation HOB to
describe the status code use serial port or not.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
PcdStatusCodeUseSerial can be the dynamic PCD, which can't be used
in MM drivers. So, defines gMmStatusCodeUseSerialHobGuid HOB to
indicate StatusCode is reported via serial port or not. The value
shall match with the PcdStatusCodeUseSerial.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
- FMMT tool would use the "PATH" environment variable for locating
the required GUID tool.
- On Windows-like system, batch file not found in the "PATH" environment
variable when "shell=False".
- This issue required commands to include program extensions or
absolute paths.
- This patch sets "shell=True" to extend the support for batch files,
including scripts in BinWrappers under BaseTools.
- Converted input commands from lists to strings to ensure proper
argument interpretation in POSIX-like shell scripts.
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
The values of BootRecordDataPayloadSize and CommSize are incorrect.
BootRecordDataPayloadSize should equal to
SmmBootRecordDataSize - SmmBootRecordDataRetrieved
CommSize should equal to
OFFSET_OF (EFI_MM_COMMUNICATE_HEADER,Data) \
+ (UINTN)MmCommBufferHeader->MessageLength
SmmCommData->BootRecordSize should be set to BootRecordDataPayloadSize,
instead of the total size of entire Smm boot record data.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
In case of the FV with VTF, the left size should be enough to add the
minimum pad file size (EFI_FFS_FILE_HEADER, 0x18). It prevents the build
error, "GenFv: ERROR 0006: invalid FFS file header checksum" caused by the
pad file overwriting some header data in VTF. This includes these updates
for CalculateFvSize() function.
1. If NumBlocks is not defined, ensure the minimum pad file size for the
left size (if the pad file is required as VTF is not bottom aligned at end
of block, insert EFI_FFS_FILE_HEADER to ensure the pad file size)
2. If NumBlocks is defined, report more clear error message (the required
fv image size = 0x%x. the set fv image size = 0x%x. Free space left is not
enough to add a pad file (0x18))
3. Remove MaxPadFileSize, which is reported when the taken size is same as
the total size. It can not be the actual left size to add an FFS file. It
causes confusion when referring to the build log (FV Space Information)
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Adds a new library instance to support logging performance data in
Standalone MM.
- Add StandaloneMmPerformanceLib instance
- Move common MM logic to a new file `SmmPerformanceLibInternal.c`
- Since the library largely defers most logic to the performance
measurement protocol a large degree of code can be shared between
Standalone MM and Traditional MM.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Adds a new library instance to support MM core functionality for
performance in Standalone MM.
- Add StandaloneMmCorePerformanceLib instance
- Move common MM logic to a new file `MmCorePerformanceLib.c`
- Define interfaces with implementation specific to MM environment
type in `SmmCorePerformanceLibInternal.h` and implement those
functions in the Standalone MM and Traditional MM specific C files
Note: StandaloneMmCorePerformanceLib supports both
`MM_CORE_STANDALONE` and `MM_STANDALONE` as some Standalone MM
environments have privilege separation and need to link this
functionality in a ring 3 Standalone MM driver that is outside
the ring 0 Standalone MM core driver.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Refactor the file to use the new type name EFI_MM_COMMUNICATE_HEADER.
This is the same type but follows the new name and is more clear
with upcoming Standalone MM support being added.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
There will be build failure because of EFI_AP_PROCEDURE definition
not found if MpInformation2.h is included by base type library.
MpInformation2.h depends on MpService.h because of
EFI_PROCESSOR_INFORMATION definition, and then MpService.h
depends on PiMultiPhase.h because of EFI_AP_PROCEDURE definition.
This patch updates MpInformation2.h to include PiMultiPhase.h instead
of PiPei.h and also removes SecPlatformInformation.h including.
It also does minor refinement to file header description.
Signed-off-by: Star Zeng <star.zeng@intel.com>
The structure for the SPCR revision 4 table was originally named
EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE. This prefix suggests it
is an ACPI 4.0 structure, which it is not. This could cause confusion with
genuine ACPI 4.0 structures and defines (eg
EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_SIGNATURE, which is
unrelated to SPCR revision 4).
Rename the structure to EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_4.
Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>
Wei6 Xu