The IoMmu keeps a pool of pre-allocated shared buffers in various sizes
to serve requests. Usage is tracked in a bitmap.
The bitmap masks for the 1M and 2M buffer pools are incorrect, causing
the same buffers getting handed out repeatedly, causing corrupted device
accesses.
The masks needs to be kept in sync with mReservedMemRanges below.
This sets the correct values for:
- RESERVED_MEM_BITMAP_1M_MASK = (1 << 14) = 0x4000
- RESERVED_MEM_BITMAP_2M_MASK = (1 << 15) | (1 << 16) = 0x18000
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Linux/GCC host-based unit test application builds use a
default stack size of 8MB. Windows/VS20xx and Windows/CLANGPDB
host-based unit test application builds use a default stack size
of 1MB. This can allow Linux unit tests to pass and Windows unit
tests to fail with stack overflow if large local variables are
used. ASAN increases stack usage, so this condition can occur
more frequently when ASAN enabled.
Update MSFT and CLANGPDB for host-based unit tests to use a
default stack size of 8MB so all tool chains use the same
default stack size for host-based unit tests.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Currently, there is no mechanism for platforms to enable or disable
support for EmbeddedDrivers in capsule updates. This patch introduces
a new PCD, PcdEmbeddedDriverSupport, allowing platforms to explicitly
control whether capsules containing EmbeddedDrivers are supported.
This ensures capsules with embedded drivers are rejected on platforms
that do not support them.
This is a breaking change.By default, PcdEmbeddedDriverSupport
is set to FALSE which disables embedded driver support in capsule updates
across all platforms unless explicitly enabled.
Platforms must opt-in by setting the PcdEmbeddedDriverSupport to TRUE
in order to enable support for capsules containing embedded drivers.
Signed-off-by: Pavithra Gurulingappa <gpavithr@qti.qualcomm.com>
Previously, the implementation restricted usage to TPM instances with the
DTPM ID, which worked only if the system supported TPM over FFA but still
set the instance ID to DTPM. However, Tpm2InstanceLibFfa requires the
`PcdTpmInstanceGuid` to be set to `gTpm2ServiceFfaGuid`.
This update expands support by allowing the `PcdTpmInstanceGuid` to
include the TPM-over-FFA instance GUID, enabling proper registration of
the PPI.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
The current implementation checks `PcdTpmInstanceGuid` and enforces the
use of the DTPM instance GUID. However, for FFA-specific modules, the
correct value should be `gTpm2ServiceFfaGuid`.
This update fixes the validation logic to support routing through
Tpm2DeviceLibRouter* with the appropriate instance library, which
requires the instance ID to be set to `gTpm2ServiceFfaGuid`.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Commit 84c0261 removed support for ARM32 and inadvertently removed the
EFI_GENERIC_ERROR_PROC_TYPE_ARM macro which remains valid for AARCH64.
The macro refers to the ARM CPU architecture, not specifically the ARM32
instruction set.
Restore the macro to maintain compatibility with downstream modules that
rely on Cper.h for AARCH64 platforms.
Signed-off-by: Vishal Oliyil Kunnil <vishalo@qti.qualcomm.com>
PR #11380 that removed the Unicode Collation Protocol
introduced a logic bug in the use of GetBestLanguage().
Iso639Language would always be computed to TRUE when it
should always be passed to GetBestLanguage() as FALSE
once Unicode Collation Protocol is removed.
Update InitializeUnicodeCollationSupportWorker() to
remove the local variable Iso639Language and always
call GetBestLanguage() with the Iso639Language parameter
set to FALSE.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
PR #11380 that removed the Unicode Collation Protocol
introduced a logic bug in the use of GetBestLanguage().
Iso639Language would always be computed to TRUE when it
should always be passed to GetBestLanguage() as FALSE
once Unicode Collation Protocol is removed.
Update InitializeUnicodeCollationSupportWorker() to
remove the local variable Iso639Language and always
call GetBestLanguage() with the Iso639Language parameter
set to FALSE.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Implement function to add a CmObj with a token provided by the caller. This
is intended to be used with abstract tokens, the value of which is generated
by the caller.
Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>
The current Arm GICC parser only supports one PMU IRQ shared between all
cores. Newer systems use a unique PMU IRQ per core.
Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>
TempBuffer variable is only dynamically allocated when the opcode is
EFI_IFR_STRING_OP and the string value is not 0, so it should be freed
under the same condition. Otherwise, the variable may be unexpected
freed.
Signed-off-by: Qihang Gao <gaoqihang@loongson.cn>
Fixes build failures caused by __USE_MINGW_ANSI_STDIO not being defined when
building with CLANG.
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Remove /FILEALIGN, /SUBSYSTEM, /EXPORT and /BASE options
that are not required for UEFI Shell applications.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
With SEV or SEV-ES being active uninitialized memory is random cipher
text instead of being zero-initialized. So checking against zero to
figure whenever igvm parameters are present or not is not sufficient.
Apply more strict sanity checks.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There is a possibility to retrieve user input keystroke data stored in the
queue buffer via the EFI_SIMPLE_TEXT_INPUT_PROTOCOL pointer. To prevent
exposure of the password string, clear the queue buffer by filling it
with zeros after reading.
Signed-off-by: Nick Wang <nick.wang@insyde.com>
There is a possibility to retrieve user input keystroke data stored in the
queue buffer via the EFI_SIMPLE_TEXT_INPUT_PROTOCOL pointer. To prevent
exposure of the password string, clear the queue buffer by filling it
with zeros after reading.
Signed-off-by: Nick Wang <nick.wang@insyde.com>
1. Safe wrapper function for DumpHex that validates PCI configuration
space boundaries. This function ensures that hex dumps do not exceed
the standard 4KB PCIe configuration space boundary. If the requested
dump would exceed this boundary, it prints an error message and
truncates the dump size to remain within valid bounds.
2. Enhance DVSEC capability structure size calculation method. Size is
now obtained from the DesignatedVendorSpecificHeader1.Bits.DvsecLength
register.
Issue: https://github.com/tianocore/edk2/issues/11554
Signed-off-by: Pranav V V <pranav.v.v@intel.com>
Since PRM modules are DXE_RUNTIME_DRIVER images, this change sets
the linker flags to the expected section alignment values for
runtime code images. This serves as an example for platforms but
also results in PRM sample modules in the package having correct
section alignment.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
By edk2 convention, a NULL library should be called *LibNull.
This library did not follow this convention, so rename i.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
By edk2 convention, a NULL library should be called *LibNull.
These libraries did not follow this convention, so rename them.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
By edk2 convention, a NULL library should be called *LibNull.
ArmMtlNullLib did not follow this convention, so rename it
ArmMtlLibNull.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
When measured boot is enabled, TF-A passes
the early measurement event log to the BL33 firmware (i.e., UEFI)
through a transfer list entry with
the tag ID TRANSFER_ENTRY_TAG_ID_TPM_EVENT_LOG.
Therefore, generate TPM event log HOBs from
the early measurement event log so they can be
unified with the Tcg2Dxe event logs.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Since the FileFcb’s list entry is not initialized at allocation,
SemihostFs reports the following crash when freeing FileFcb
after failing to obtain the file size in FileOpen():
ASSERT [SemihostFs] LinkedList.c(75): List->ForwardLink != ((void *) 0)
To fix this, properly initialize the list entry at FCB allocation
and move RemoveListEntry() to FileClose(),
since the FCB entry will only be on the list
when VolumeOpen() or FileOpen() succeeds.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
This workflow runs when GitHub PRs are modified (edited, opened,
reopened, and synchronized) to perform basic validation of the PR
title and description.
Right now, this includes:
- Checking that the PR title is not empty
- Checking that the PR body is not empty
- Checking that the PR body meets the minimum text length.
Where the minimum text length is defined to be the number of
characters in the PR template with empty sections
- Checking that PR template placeholder do not remain in the PR
description
If a check fails, a GitHub comment will be left on the PR and a PR
status check failure will be present on the PR until the issue is
resolved. Upon future runs of the workflow, existing PR validation
message contents are hashed and compared to a new message that may
potentially be posted. If the same comment is already posted in the
PR, it is not posted again.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Adds GitHub helper functions so other Python code can more cleanly
set output and environment variables.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
When PxeBcLoadBootFile() fails, it reports a status code to notify
listeners (such as telemetry/SEL logging drivers) about the error.
However, the current implementation reports the status code for all
error conditions, including benign cases, such as where the caller passes
Buffer == NULL with EFI_BUFFER_TOO_SMALL to query the required size.
This causes false positive error reports in telemetry systems, as
EFI_BUFFER_TOO_SMALL with Buffer == NULL is an expected and normal
operation for size queries, not an actual error condition.
The PXE-E05 error message is already correctly guarded with the
condition "(Status == EFI_BUFFER_TOO_SMALL) && (Buffer != NULL)",
but the status code reporting was unconditional.
Add a buffer null check before REPORT_STATUS_CODE_WITH_EXTENDED_DATA
to ensure status codes are only reported for actual errors:
- Report when Status != EFI_BUFFER_TOO_SMALL (all other errors)
- Report when Status == EFI_BUFFER_TOO_SMALL AND Buffer != NULL (PXE-E05)
- Skip when Status == EFI_BUFFER_TOO_SMALL AND Buffer == NULL (size query)
This prevents spurious error logs while maintaining proper error
reporting for genuine failures including PXE-E05, PXE-E07, PXE-E09,
PXE-E99, and all other error conditions.
Signed-off-by: Marc Chen <marc.chen@microsoft.com>
Do not use the insecure legacy linux loader (which does not
enforce secure boot checks) when running in a confidential VM.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
CodeQL incorrectly flags that LoadedDriverImage might be derferenced
while NULL, but the actual code paths make that impossible.
Strip several levels of success handling to improve readability for
humans and static analyzers both.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
Make use the newly introduced ShellPrintDefaultEx() alias and
replace wherever it is possible:
- "ShellPrintEx (-1, -1,"
with:
- "ShellPrintDefaultEx ("
No functional change is introduced.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Make use the newly introduced ShellPrintHiiDefaultEx() alias and
replace wherever it is possible:
- "ShellPrintHiiEx (-1, -1, NULL,"
with:
- "ShellPrintHiiDefaultEx ("
No functional change is introduced.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Make use the newly introduced ShellPrintHiiDefaultEx() alias and
replace wherever it is possible:
- "ShellPrintHiiEx (-1, -1, NULL,"
with:
- "ShellPrintHiiDefaultEx ("
No functional change is introduced.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Make use the newly introduced ShellPrintHiiDefaultEx() alias and
replace wherever it is possible:
- "ShellPrintHiiEx (-1, -1, NULL,"
with:
- "ShellPrintHiiDefaultEx ("
No functional change is introduced.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Make use the newly introduced ShellPrintHiiDefaultEx() alias and
replace wherever it is possible:
- "ShellPrintHiiEx (-1, -1, NULL,"
with:
- "ShellPrintHiiDefaultEx ("
No functional change is introduced.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
