To provide an example and test the code within edk2, this
adds stack cookie checking to OvmfIA32X64, doing no checking
for SEC and PEI_CORE modules, static cookies for PEIMs, and
dynamic cookies for all other module types.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
In order to use dynamic stack cookies, we need RDRAND support
from QEMU, so this updates the QEMU launching code for OvmfPkg
to include RDRAND support.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
This commit oves StackCheckLib from a NULL lib to an instance of
StackCheckLib. This requires every entry point to add a library
dependency on StackCheckLib. It also requires every SEC module
to have a dependency on StackCheckLib because there is no
standard SEC entry point.
It allows for greater flexibility for a platform to apply stack
cookies and simplifies DSC logic.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
GenericQemuLoadImageLib.c: In function 'QemuLoadKernelImage':
GenericQemuLoadImageLib.c:323:5: error: 'CommandLine' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
UnicodeSPrintAsciiFormat (
^~~~~~~~~~~~~~~~~~~~~~~~~~
KernelLoadedImage->LoadOptions,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KernelLoadedImage->LoadOptionsSize,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%a%a",
~~~~~~~
(CommandLineSize == 0) ? "" : CommandLine,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(InitrdSize == 0) ? "" : " initrd=initrd"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
);
~
cc1: all warnings being treated as errors
Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
The specification wasn't clear and even contradict itself regarding
the calculation of the disk size. This have been clarified by Xen
commit 221f2748e8da ("blkif: reconcile protocol specification with
in-use implementations").
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=commit;h=221f2748e8dabe8361b8cdfcffbeab9102c4c899
The value from the xenstore node "sectors" must be multiplied by 512
to have the size of the disk.
Calculation of LastBlock is now the same for both CD-ROM case and
generic case.
Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
Commit 459f5ffa24 ("OvmfPkg/QemuKernelLoaderFsDxe: rework direct
kernel boot filesystem") has a small change in behavior: In case
there is no data the file is not created and attempts to open file
return EFI_NOT_FOUND. Old behavior was to add a zero-length file
to the filesystem.
Fix GenericQemuLoadImageLib to handle EFI_NOT_FOUND correctly for
'initrd' and 'cmdline'.
Reported-by: Srikanth Aithal <sraithal@amd.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit d64d1e195c ("MdeModulePkg: PeiMain: Introduce implementation
of delayed dispatch") introduced a new usage of the TimerLib which
uses a dynamic PCD in OvmfXen platform. But PeiMain has only access to
a NULL version of PcdLib, so OvmfXen can't start.
Introduce PeiPcdLib for PEI_CORE so PeiMain can read dynamic PCDs.
Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
QEMU enables VIRTIO_VGA by default.
Libvirt falls back from virtio-gpu-pci to virtio-vga if made available by
QEMU.
We need to enable VGA support to get video output for EDK II in
virt-manager.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add the 'opt/org.tianocore/EnableLegacyLoader' FwCfg option to
enable/disable the insecure legacy linux kernel loader.
For now this is enabled by default. Probably the default will be
flipped to disabled at some point in the future.
Also print a warning to the screen in case the linux kernel secure
boot verification has failed.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Try load shim first. In case that succeeded update the command line to
list 'kernel' first so shim will fetch the kernel from the kernel loader
file system.
This allows to use direct kernel boot with distro kernels and secure
boot enabled. Usually distro kernels can only be verified by distro
shim using the distro keys compiled into the shim binary.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Try load shim first. In case that succeeded update the command line to
list 'kernel' first so shim will fetch the kernel from the kernel loader
file system.
This allows to use direct kernel boot with distro kernels and secure
boot enabled. Usually distro kernels can only be verified by distro
shim using the distro keys compiled into the shim binary.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Allows to use the qemu kernel loader pseudo file system for other
purposes than loading a linux kernel (or efi binary). Passing
startup.nsh for EFI shell is one example.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Triggers when trying to get root directory info.
Reproducer:
* Use qemu -kernel with something edk2 can not load.
* When dropped into the efi shell try inspect the file system.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
QEMU_FW_CFG_FNAME_SIZE is 56. 'etc/boot/' prefix is minus 9. Add one
for the terminating '\0'. Effective max size is 48.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Split KERNEL_BLOB struct into two:
* One (KERNEL_BLOB_ITEMS) static array describing how to load (unnamed)
blobs from fw_cfg.
* And one (KERNEL_BLOB) dynamically allocated linked list carrying the
data blobs for the pseudo filesystem.
Also add some debug logging. Prefix most functions with 'QemuKernel'
for consistency and easier log file grepping. Add some small helper
functions.
This refactoring prepares for loading blobs in other ways.
No (intentional) change in filesystem protocol behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Setting PcdSetupConOut* to zero turns on autodetection mode
for rows and cols, so the firmware setup application will use
the use complete available screen space.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This way we have the display configuration in a single place and
need to change one file only to update all build variants.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
While fixing https://github.com/tianocore/edk2/pull/6092 (the
fact that some OvmfPkg and ArmVirtPkg platforms included residual
NetworkPkg components even when compiled with -D NETWORK_ENABLE=0),
it was noted that OvmfPkg/Include/*/Shell*.inc files which apply
the required fix logic are available and already used in some
OvmfPkg platforms.
This commit applies these files consistently within OvmfPkg.
This has the side effect that some platforms now include one or
more of HttpDynamicCommand, VariablePolicyDynamicCommand and
LinuxInitrdDynamicShellCommand when they previously did not.
This fixes unintentional drift between platforms, and provides
additional shell commands which may be useful in some cases.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
This issue showed up when addressing
https://bugzilla.tianocore.org/show_bug.cgi?id=4829
in https://github.com/tianocore/edk2/pull/6087 .
Various OvmfPkg and ArmVirtPkg platforms include some residual NetworkPkg
components when compiled with -D NETWORK_ENABLE=0, even though they use
NetworkPkg includes intended to allow all NetworkPkg components to be
disabled on this flag.
For the OvmfPkg Intel platforms only, commit
d933ec115b started
the change of not including these residual NetworkPkg
components, and commit
7f17a15564 completed it.
This commit rolls these changes out to the remaining OvmfPkg platforms
where they make sense in the same way.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Since commit d64d1e195c ("MdeModulePkg: PeiMain: Introduce
implementation of delayed dispatch") the pei core wants read PCDs, so
the NULL lib doesn't cut it any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently, multiple dsc files within the OvmfPkg directory use the NULL
version of the CcProbeLib library. However, these packages have support
for confidential guests (usage of CcExitLib, MemEncrypt{Sev,Tdx}Lib, etc.)
and should be using the OvmfPkg version of the CcProbeLib.
The use of the NULL library causes the PCI option ROM to be enabled, which
can't be trusted as it originates from the hypervisor. The use of the NULL
library also causes a KVM hypervisor error when attempting to map/back the
option ROM region when running an SEV-SNP guest.
Update the various dsc files to reference the OvmfPkg version of the
CcProbeLib library and prevent usage of PCI option ROMs.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Since the tdx measurement APIs are implemented by
TdxMeasurementLib, the duplicate code are removed.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
This patch is to implement default IsCpuSyncAlwaysNeeded definition
for SmmCpuPlatformHookLibQemu. This interface will determine whether the first
CPU Synchronization should be executed unconditionally when a SMI occurs.
If the function returns true, it indicates that there is no need to check the system
configuration and status, and the first CPU Synchronization should be executed
unconditionally.
If the function returns false, it indicates that the first CPU Synchronization is
not executed unconditionally, and the decision to synchronize should be based on
the system configuration and status.
Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>
The VirtIO spec states that "Upon receipt of a
VIRTIO_CONSOLE_CONSOLE_PORT message, the driver SHOULD treat the port in
a manner suitable for text console access and MUST respond with a
VIRTIO_CONSOLE_PORT_OPEN message, which MUST have value set to 1". See
https://docs.oasis-open.org/virtio/virtio/v1.3/virtio-v1.3.html#x1-3330002.
The current driver implementation, however, does not comply with that
and only sends PORT_OPEN messages upon receipt of PORT_OPEN messages.
This causes a problem in platforms like Apple's Virtualization
Framework, where PORT_OPEN messages are not sent back to the driver
after CONSOLE_PORT messages are received by the device, a behaviour that
is compliant with the VirtIO specification.
This patch addresses this issue by always responding CONSOLE_PORT
messages with PORT_OPEN messages.
Signed-off-by: Pedro Tôrres <t0rr3sp3dr0@gmail.com>
This is virtio based keyboard driver designed to be used on ARM platform.
The driver implements basic and extended text input interface.
UEFI shell requires only basic text input interface, but Grub needs
extended text input to work on.
Signed-off-by: Paweł Poławski <ppolawsk@redhat.com>
This commit adds:
- missing virtio subsystem ID for input device
- PrepareVirtioKeyboardDevicePath() handler to boot manager library
Signed-off-by: Paweł Poławski <ppolawsk@redhat.com>
Add a FileIsInFv check to PlatformRegisterFvBootOption, this is to
to avoid adding and then removing a boot option shortly after,
because the file is no longer in the firmware volume.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Move out file presence check from RemoveStaleFvFileOptions
to a new helper function for reusability. No functional changes
intended.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
BaseCryptLib, RngLib, IntrinsicLib and OpensslLib are enabled by default
on LoongArch VM, since some APPs or OS require them.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Oliver Smith-Denny