Date   

Re: [Patch 3/6] MdePkg: Fix spelling mistake for occurred

Liming Gao
 

Reviewed-by: Liming Gao <liming.gao@...>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael D Kinney
Sent: 2020年8月1日 9:05
To: devel@edk2.groups.io
Cc: Gao, Liming <liming.gao@...>; Liu, Zhiguang <zhiguang.liu@...>
Subject: [edk2-devel] [Patch 3/6] MdePkg: Fix spelling mistake for occurred

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2361

Cc: Liming Gao <liming.gao@...>
Cc: Zhiguang Liu <zhiguang.liu@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
MdePkg/Include/Protocol/UgaDraw.h | 2 +- MdePkg/Library/BaseLib/FilePaths.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/Protocol/UgaDraw.h b/MdePkg/Include/Protocol/UgaDraw.h
index 3d423be052..47286bb684 100644
--- a/MdePkg/Include/Protocol/UgaDraw.h
+++ b/MdePkg/Include/Protocol/UgaDraw.h
@@ -127,7 +127,7 @@ typedef enum {

@retval EFI_SUCCESS - The Blt operation completed.
@retval EFI_INVALID_PARAMETER - BltOperation is not valid.
- @retval EFI_DEVICE_ERROR - A hardware error occured writting to the video buffer.
+ @retval EFI_DEVICE_ERROR - A hardware error occurred writting to the video buffer.

**/
typedef
diff --git a/MdePkg/Library/BaseLib/FilePaths.c b/MdePkg/Library/BaseLib/FilePaths.c
index 40e8d773ce..c2c561ac64 100644
--- a/MdePkg/Library/BaseLib/FilePaths.c
+++ b/MdePkg/Library/BaseLib/FilePaths.c
@@ -57,7 +57,7 @@ PathRemoveLastItem(

@param[in] Path The pointer to the string containing the path.

- @return Returns Path, otherwise returns NULL to indicate that an error has occured.
+ @return Returns Path, otherwise returns NULL to indicate that an error has occurred.
**/
CHAR16*
EFIAPI
--
2.21.0.windows.1


[Patch] BaseTools: Improve the method of checking queue empty

Bob Feng
 

From: "Feng, Bob C" <bob.c.feng@...>

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2807

The Queue.empty() method is not reliable in the multiple
process runtime environment. This patch uses a new method
to check if all modules are processed and workers need
to be stopped. That is to add a None item at the bottom
of the queue. Worker check if it gets that None item to
know if all the module is processed.

Signed-off-by: Bob Feng <bob.c.feng@...>
Cc: Liming Gao <liming.gao@...>
Cc: Yuwei Chen <yuwei.chen@...>
Cc: Lucy Yan <lucyyan@...>
---
.../Source/Python/AutoGen/AutoGenWorker.py | 26 ++++++++++++++-----
BaseTools/Source/Python/build/build.py | 3 ++-
2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/BaseTools/Source/Python/AutoGen/AutoGenWorker.py b/BaseTools/Source/Python/AutoGen/AutoGenWorker.py
index 563d91b421..017f676399 100755
--- a/BaseTools/Source/Python/AutoGen/AutoGenWorker.py
+++ b/BaseTools/Source/Python/AutoGen/AutoGenWorker.py
@@ -22,10 +22,11 @@ except:
from Queue import Empty
import traceback
import sys
from AutoGen.DataPipe import MemoryDataPipe
import logging
+import time

def clearQ(q):
try:
while True:
q.get_nowait()
@@ -109,11 +110,15 @@ class AutoGenManager(threading.Thread):
badnews = self.feedback_q.get()
if badnews is None:
break
if badnews == "Done":
fin_num += 1
+ elif badnews == "QueueEmpty":
+ EdkLogger.debug(EdkLogger.DEBUG_9, "Worker %s: %s" % (os.getpid(), badnews))
+ self.TerminateWorkers()
else:
+ EdkLogger.debug(EdkLogger.DEBUG_9, "Worker %s: %s" % (os.getpid(), badnews))
self.Status = False
self.TerminateWorkers()
if fin_num == len(self.autogen_workers):
self.clearQueue()
for w in self.autogen_workers:
@@ -225,16 +230,25 @@ class AutoGenWorkerInProcess(mp.Process):
FfsCmd = {}
GlobalData.FfsCmd = FfsCmd
PlatformMetaFile = self.GetPlatformMetaFile(self.data_pipe.Get("P_Info").get("ActivePlatform"),
self.data_pipe.Get("P_Info").get("WorkspaceDir"))
while True:
- if self.module_queue.empty():
- break
if self.error_event.is_set():
break
module_count += 1
- module_file,module_root,module_path,module_basename,module_originalpath,module_arch,IsLib = self.module_queue.get_nowait()
+ try:
+ module_file,module_root,module_path,module_basename,module_originalpath,module_arch,IsLib = self.module_queue.get_nowait()
+ except Empty:
+ EdkLogger.debug(EdkLogger.DEBUG_9, "Worker %s: %s" % (os.getpid(), "Fake Empty."))
+ time.sleep(0.01)
+ continue
+ if module_file is None:
+ EdkLogger.debug(EdkLogger.DEBUG_9, "Worker %s: %s" % (os.getpid(), "Worker get the last item in the queue."))
+ self.feedback_q.put("QueueEmpty")
+ time.sleep(0.01)
+ continue
+
modulefullpath = os.path.join(module_root,module_file)
taskname = " : ".join((modulefullpath,module_arch))
module_metafile = PathClass(module_file,module_root)
if module_path:
module_metafile.Path = module_path
@@ -278,15 +292,15 @@ class AutoGenWorkerInProcess(mp.Process):
self.cache_q.put((Ma.MetaFile.Path, Ma.Arch, "MakeCache", True))
continue
else:
self.cache_q.put((Ma.MetaFile.Path, Ma.Arch, "MakeCache", False))

- except Empty:
- pass
- except:
+ except Exception as e:
+ EdkLogger.debug(EdkLogger.DEBUG_9, "Worker %s: %s" % (os.getpid(), str(e)))
self.feedback_q.put(taskname)
finally:
+ EdkLogger.debug(EdkLogger.DEBUG_9, "Worker %s: %s" % (os.getpid(), "Done"))
self.feedback_q.put("Done")
self.cache_q.put("CacheDone")

def printStatus(self):
print("Processs ID: %d Run %d modules in AutoGen " % (os.getpid(),len(AutoGen.Cache())))
diff --git a/BaseTools/Source/Python/build/build.py b/BaseTools/Source/Python/build/build.py
index 1ab1e60a64..59ceacfed0 100755
--- a/BaseTools/Source/Python/build/build.py
+++ b/BaseTools/Source/Python/build/build.py
@@ -1215,11 +1215,11 @@ class Build():
if Target not in ['clean', 'cleanlib', 'cleanall', 'run', 'fds']:
# for target which must generate AutoGen code and makefile
mqueue = mp.Queue()
for m in AutoGenObject.GetAllModuleInfo:
mqueue.put(m)
-
+ mqueue.put((None,None,None,None,None,None,None))
AutoGenObject.DataPipe.DataContainer = {"CommandTarget": self.Target}
AutoGenObject.DataPipe.DataContainer = {"Workspace_timestamp": AutoGenObject.Workspace._SrcTimeStamp}
AutoGenObject.CreateLibModuelDirs()
AutoGenObject.DataPipe.DataContainer = {"LibraryBuildDirectoryList":AutoGenObject.LibraryBuildDirectoryList}
AutoGenObject.DataPipe.DataContainer = {"ModuleBuildDirectoryList":AutoGenObject.ModuleBuildDirectoryList}
@@ -2172,10 +2172,11 @@ class Build():
ToolChain, Arch, self.PlatformFile,Pa.DataPipe)
self.AllModules.add(Ma)
data_pipe_file = os.path.join(Pa.BuildDir, "GlobalVar_%s_%s.bin" % (str(Pa.Guid),Pa.Arch))
Pa.DataPipe.dump(data_pipe_file)

+ mqueue.put((None,None,None,None,None,None,None))
autogen_rt, errorcode = self.StartAutoGen(mqueue, Pa.DataPipe, self.SkipAutoGen, PcdMaList, cqueue)

if not autogen_rt:
self.AutoGenMgr.TerminateWorkers()
self.AutoGenMgr.join(1)
--
2.20.1.windows.1


Re: [Patch 0/6] Fix spelling mistake for occurred

Guomin Jiang
 

Reviewed-by: Guomin Jiang <guomin.jiang@...> for the patch series

Thanks for your contribution.

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
D Kinney
Sent: Saturday, August 1, 2020 9:05 AM
To: devel@edk2.groups.io
Cc: Ni, Ray <ray.ni@...>; Gao, Zhichao <zhichao.gao@...>;
Justen, Jordan L <jordan.l.justen@...>; Andrew Fish
<afish@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A
<hao.a.wu@...>; Gao, Liming <liming.gao@...>; Liu, Zhiguang
<zhiguang.liu@...>; Laszlo Ersek <lersek@...>; Ard
Biesheuvel <ard.biesheuvel@...>; Zhang, Qi1 <qi1.zhang@...>;
Kumar, Rahul1 <rahul1.kumar@...>
Subject: [edk2-devel] [Patch 0/6] Fix spelling mistake for occurred

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2361

Cc: Ray Ni <ray.ni@...>
Cc: Zhichao Gao <zhichao.gao@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Andrew Fish <afish@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>
Cc: Zhiguang Liu <zhiguang.liu@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Cc: Qi Zhang <qi1.zhang@...>
Cc: Rahul Kumar <rahul1.kumar@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>

Michael D Kinney (6):
EmulatorPkg: Fix spelling mistake for occurred
MdeModulePkg: Fix spelling mistake for occurred
MdePkg: Fix spelling mistake for occurred
OvmfPkg: Fix spelling mistake for occurred
SecurityPkg: Fix spelling mistake for occurred
ShellPkg: Fix spelling mistake for occurred

EmulatorPkg/EmuGopDxe/GopScreen.c | 2 +-
EmulatorPkg/TimerDxe/Timer.c | 2 +-
MdeModulePkg/Bus/Pci/UhciDxe/UhciSched.c | 4 +-
MdeModulePkg/Core/Dxe/FwVol/FwVol.c | 2 +-
.../Include/Protocol/GenericMemoryTest.h | 4 +-
.../Acpi/S3SaveStateDxe/S3SaveState.c | 2 +-
.../Acpi/SmmS3SaveState/SmmS3SaveState.c | 2 +-
.../Console/ConSplitterDxe/ConSplitter.h | 4 +-
.../ConSplitterDxe/ConSplitterGraphics.c | 4 +-
.../Universal/DebugPortDxe/DebugPort.c | 2 +-
.../Universal/DebugPortDxe/DebugPort.h | 2 +-
.../FvSimpleFileSystem.c | 2 +-
.../Universal/LoadFileOnFv2/LoadFileOnFv2.c | 2 +-
.../GenericMemoryTestDxe/LightMemoryTest.c | 4 +-
.../GenericMemoryTestDxe/LightMemoryTest.h | 4 +-
MdePkg/Include/Protocol/UgaDraw.h | 2 +-
MdePkg/Library/BaseLib/FilePaths.c | 2 +-
OvmfPkg/Bhyve/BhyveRfbDxe/GopScreen.c | 2 +-
OvmfPkg/Include/Protocol/Legacy8259.h | 2 +-
OvmfPkg/SioBusDxe/SioService.c | 2 +-
.../DxeImageVerificationLib.c | 2 +-
ShellPkg/Include/Library/ShellLib.h | 4 +-
.../UefiShellBcfgCommandLib.c | 4 +-
.../Edit/FileBuffer.c | 4 +-
.../Edit/MainTextEditor.c | 34 ++++++-------
.../Edit/MainTextEditor.h | 6 +--
.../HexEdit/BufferImage.c | 8 ++--
.../HexEdit/BufferImage.h | 6 +--
.../HexEdit/Clipboard.c | 4 +-
.../HexEdit/Clipboard.h | 4 +-
.../HexEdit/DiskImage.c | 6 +--
.../HexEdit/DiskImage.h | 6 +--
.../HexEdit/FileImage.c | 4 +-
.../HexEdit/FileImage.h | 4 +-
.../HexEdit/MainHexEditor.c | 48 +++++++++----------
.../HexEdit/MainHexEditor.h | 8 ++--
.../HexEdit/MemImage.c | 6 +--
.../HexEdit/MemImage.h | 6 +--
.../UefiShellDebug1CommandsLib/HexEdit/Misc.c | 8 ++--
.../UefiShellDebug1CommandsLib/HexEdit/Misc.h | 4 +-
.../UefiShellDriver1CommandsLib/Drivers.c | 2 +-
.../Library/UefiShellLevel2CommandsLib/Rm.c | 2 +-
.../UefiShellLevel2CommandsLib.h | 2 +-
ShellPkg/Library/UefiShellLib/UefiShellLib.c | 6 +--
44 files changed, 120 insertions(+), 120 deletions(-)

--
2.21.0.windows.1



Re: [Patch] MdeModulePkg/CapsuleApp: Fix spelling mistake

Guomin Jiang
 

Reviewed-by: Guomin Jiang <guomin.jiang@...>

Thanks for your contribution

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
D Kinney
Sent: Saturday, August 1, 2020 8:34 AM
To: devel@edk2.groups.io
Cc: Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>
Subject: [edk2-devel] [Patch] MdeModulePkg/CapsuleApp: Fix spelling
mistake

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2356

Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
index b161d1a981..dba50b3202 100644
--- a/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
+++ b/MdeModulePkg/Application/CapsuleApp/CapsuleOnDisk.c
@@ -795,7 +795,7 @@ ProcessCapsuleOnDisk (

Status = GetUpdateFileSystem (Map, &BootNext, &Fs, &UpdateBootNext);
if (EFI_ERROR (Status)) {
- Print (L"CapsuleApp: cannot find a valid file system on boot devies. Status
= %r\n", Status);
+ Print (L"CapsuleApp: cannot find a valid file system on boot devices.
Status = %r\n", Status);
return Status;
}

--
2.21.0.windows.1



Re: [PATCH v13 45/46] UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use

Lendacky, Thomas
 

On 8/1/20 12:31 PM, Laszlo Ersek wrote:
On 07/31/20 23:38, Laszlo Ersek wrote:
On 07/31/20 16:47, Tom Lendacky wrote:
On 7/31/20 9:44 AM, Tom Lendacky wrote:
On 7/31/20 8:36 AM, Tom Lendacky wrote:
On 7/31/20 7:43 AM, Laszlo Ersek wrote:
Hi Tom,
Hi Laszlo,
Hi Laszlo,

Can you try this incremental patch to see if it fixes the issue you're
seeing? If it does, I'll merge it into patch #45 and send out a v14.
Looking at the formatting, I'm not sure if Thunderbird messed up the
diff. I'll send you another copy directly to you using git send-email
just in case.
I got the separate copy; I'll report back sometime next week.
The update works fine; IA32 OVMF boots OK with it.
Thanks for testing so quickly, Laszlo!

I agree with squashing the update into patch #45, but before sending
v14, maybe we should get some feedback for the MdeModulePkg patches too,
at long last. :/
Yup, I'll hold off on sending v14.

Thanks,
Tom

Thanks!
Laszlo


diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
index 7165bcf3124a..2c00d72ddefe 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -365,9 +365,9 @@ RelocateApLoop (
      MwaitSupport,

      CpuMpData->ApTargetCState,

      CpuMpData->PmCodeSegment,

-    CpuMpData->Pm16CodeSegment,

      StackStart - ProcessorNumber * AP_SAFE_STACK_SIZE,

      (UINTN) &mNumberToFinish,

+    CpuMpData->Pm16CodeSegment,

      CpuMpData->SevEsAPBuffer,

      CpuMpData->WakeupBuffer

      );

diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm
b/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm
index 309d53bf3b37..7e81d24aa60f 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm
@@ -226,7 +226,10 @@ SwitchToRealProcStart:
  SwitchToRealProcEnd:

;-------------------------------------------------------------------------------------


-;  AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment,
TopOfApStack, CountTofinish);

+;  AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment,
TopOfApStack, CountTofinish, Pm16CodeSegment, SevEsAPJumpTable,
WakeupBuffer);

+;

+;  The last three parameters (Pm16CodeSegment, SevEsAPJumpTable and
WakeupBuffer) are

+;  specific to SEV-ES support and are not applicable on IA32.

;-------------------------------------------------------------------------------------


  global ASM_PFX(AsmRelocateApLoop)

  ASM_PFX(AsmRelocateApLoop):

diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h
b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index 267aa5201c50..02652eaae126 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -350,9 +350,9 @@ VOID
    IN BOOLEAN                 MwaitSupport,

    IN UINTN                   ApTargetCState,

    IN UINTN                   PmCodeSegment,

-  IN UINTN                   Pm16CodeSegment,

    IN UINTN                   TopOfApStack,

    IN UINTN                   NumberToFinish,

+  IN UINTN                   Pm16CodeSegment,

    IN UINTN                   SevEsAPJumpTable,

    IN UINTN                   WakeupBuffer

    );

diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
index 3b8ec477b8b3..5d30f35b201c 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
@@ -491,13 +491,13 @@ PM16Mode:
  SwitchToRealProcEnd:

;-------------------------------------------------------------------------------------


-;  AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment,
Pm16CodeSegment, TopOfApStack, CountTofinish, SevEsAPJumpTable,
WakeupBuffer);

+;  AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment,
TopOfApStack, CountTofinish, Pm16CodeSegment, SevEsAPJumpTable,
WakeupBuffer);

;-------------------------------------------------------------------------------------


  global ASM_PFX(AsmRelocateApLoop)

  ASM_PFX(AsmRelocateApLoop):

  AsmRelocateApLoopStart:

  BITS 64

-    cmp        qword [rsp + 56], 0

+    cmp        qword [rsp + 56], 0  ; SevEsAPJumpTable

      je         NoSevEs

      ;

@@ -539,16 +539,17 @@ BITS 64
  NoSevEs:

      cli                          ; Disable interrupt before
switching to 32-bit mode

-    mov        rax, [rsp + 48]   ; CountTofinish

+    mov        rax, [rsp + 40]   ; CountTofinish

      lock dec   dword [rax]       ; (*CountTofinish)--

+    mov        r10, [rsp + 48]   ; Pm16CodeSegment

      mov        rax, [rsp + 56]   ; SevEsAPJumpTable

      mov        rbx, [rsp + 64]   ; WakeupBuffer

-    mov        rsp, [rsp + 40]   ; TopOfApStack

+    mov        rsp, r9           ; TopOfApStack

      push       rax               ; Save SevEsAPJumpTable

      push       rbx               ; Save WakeupBuffer

-    push       r9                ; Save Pm16CodeSegment

+    push       r10               ; Save Pm16CodeSegment

      push       rcx               ; Save MwaitSupport

      push       rdx               ; Save ApTargetCState





On 07/30/20 20:43, Tom Lendacky wrote:
From: Tom Lendacky <thomas.lendacky@...>

BZ:
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2198&amp;data=02%7C01%7Cthomas.lendacky%40amd.com%7Cb7e0f534fe77439befe908d83640c55f%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637318999104802062&amp;sdata=32%2F36d1MHm4JorllRKyMz%2BmZaMfWceFsHK5PQA%2Fojqs%3D&amp;reserved=0



Before UEFI transfers control to the OS, it must park the AP. This is
done using the AsmRelocateApLoop function to transition into 32-bit
non-paging mode. For an SEV-ES guest, a few additional things must be
done:
    - AsmRelocateApLoop must be updated to support SEV-ES. This means
      performing a VMGEXIT AP Reset Hold instead of an MWAIT or HLT
loop.
    - Since the AP must transition to real mode, a small routine is
copied
      to the WakeupBuffer area. Since the WakeupBuffer will be used by
      the AP during OS booting, it must be placed in reserved memory.
      Additionally, the AP stack must be located where it can be
accessed
      in real mode.
    - Once the AP is in real mode it will transfer control to the
      destination specified by the OS in the SEV-ES AP Jump Table. The
      SEV-ES AP Jump Table address is saved by the hypervisor for
the OS
      using the GHCB VMGEXIT AP Jump Table exit code.

Cc: Eric Dong <eric.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Laszlo Ersek <lersek@...>
Reviewed-by: Eric Dong <eric.dong@...>
Signed-off-by: Tom Lendacky <thomas.lendacky@...>
---
   UefiCpuPkg/Library/MpInitLib/MpLib.h          |   8 +-
   UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |  54 +++++++-
   UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 131
++++++++++++++++--
   3 files changed, 175 insertions(+), 18 deletions(-)
Now that this series is almost ready to merge, I've done a bit of
regression-testing.

Unfortunately, this patch breaks booting with IA32 OVMF.

More precisely, it breaks the IA32 version of DxeMpInitLib.
Yeah, that's not good.  I will look into this based on your input below.
What's strange is that my system doesn't hang and successfully boots all
APs (up to 64 is what I've tested with).

But, yes, both call sites should be the same and I will make that
change.


The symptom is that just when the OS would be launched, the
multiprocessor guest hangs. This is how the log terminates:

FSOpen: Open
'\370ac550dcaa48b88f1ca75ad903b0e7\4.16.7-100.fc26.i686\linux'
Success
[Security] 3rd party image[0] can be loaded after EndOfDxe:
PciRoot(0x0)/Pci(0x2,0x1)/Pci(0x0,0x0)/Scsi(0x0,0x0)/HD(1,GPT,D9F1FBA5-E5D3-440A-B6A7-87B593E4FAB1,0x800,0x100000)/\370ac550dcaa48b88f1ca75ad903b0e7\4.16.7-100.fc26.i686\linux.


InstallProtocolInterface: [EfiLoadedImageProtocol] 853A03A8
Loading driver at 0x00083E72000 EntryPoint=0x00083E76680
InstallProtocolInterface: [EfiLoadedImageDevicePathProtocol] 853A0510
ProtectUefiImageCommon - 0x853A03A8
    - 0x0000000083E72000 - 0x0000000000E75000
FSOpen: Open
'370ac550dcaa48b88f1ca75ad903b0e7\4.16.7-100.fc26.i686\initrd'
Success
PixelBlueGreenRedReserved8BitPerColor
ConvertPages: range 400000 - 1274FFF covers multiple entries
SmmInstallProtocolInterface: [EdkiiSmmExitBootServicesProtocol] 0
CpuDxe: 5-Level Paging = 0
[HANG]
Meanwhile some guest CPUs are pegged.

Normally, when this series is not applied, the next log entry is (in
place of [HANG]):

MpInitChangeApLoopCallback() done!
I've identified this patch by bisection, after applying the series on
current master (137c2c6eff67, "Revert "BaseTools/PatchCheck.py: Add
LicenseCheck"", 2020-07-31).

Here's the bisection log:

git bisect start
# good: [137c2c6eff67f4750d77e8e40af6683c412d3ed0] Revert
"BaseTools/PatchCheck.py: Add LicenseCheck"
git bisect good 137c2c6eff67f4750d77e8e40af6683c412d3ed0
# bad: [d3f7971f4f70c9f39170b42af837e58e59435ad3] Maintainers.txt: Add
reviewers for the OvmfPkg SEV-related files
git bisect bad d3f7971f4f70c9f39170b42af837e58e59435ad3
# good: [9551e3fc61ba0c0ddf8e79b425a22aa7dd61cb8b] OvmfPkg/VmgExitLib:
Add support for RDTSCP NAE events
git bisect good 9551e3fc61ba0c0ddf8e79b425a22aa7dd61cb8b
# good: [10acf16b38522d8a1b538b3aa432daaa72c0e97b] OvmfPkg: Reserve a
page in memory for the SEV-ES usage
git bisect good 10acf16b38522d8a1b538b3aa432daaa72c0e97b
# good: [ccb4267e76b6474657c41bef7e76a980930c22ea] UefiCpuPkg: Add a
16-bit protected mode code segment descriptor
git bisect good ccb4267e76b6474657c41bef7e76a980930c22ea
# good: [94e238ae37505cfb081f3b9b4632067e4a113cf9] OvmfPkg: Use the
SEV-ES work area for the SEV-ES AP reset vector
git bisect good 94e238ae37505cfb081f3b9b4632067e4a113cf9
# bad: [16c21b9d10b032d66d4105dd4693fd9dc6e6ec18]
UefiCpuPkg/MpInitLib:
Prepare SEV-ES guest APs for OS use
git bisect bad 16c21b9d10b032d66d4105dd4693fd9dc6e6ec18
# good: [49855596e383ab2aa6410fa060e22d4817d8e64e] OvmfPkg: Move the
GHCB allocations into reserved memory
git bisect good 49855596e383ab2aa6410fa060e22d4817d8e64e
# first bad commit: [16c21b9d10b032d66d4105dd4693fd9dc6e6ec18]
UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use
So clearly we should be looking for an IA32-specific change, or
IA32-specific *omission*, in this patch, that could cause the problem.

The bug is the following:

On 07/30/20 20:43, Tom Lendacky wrote:

diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h
b/UefiCpuPkg/Library/MpInitLib/MpLib.h
index b1a9d99cb3eb..267aa5201c50 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -349,8 +350,11 @@ VOID
     IN BOOLEAN                 MwaitSupport,
     IN UINTN                   ApTargetCState,
     IN UINTN                   PmCodeSegment,
+  IN UINTN                   Pm16CodeSegment,
     IN UINTN                   TopOfApStack,
-  IN UINTN                   NumberToFinish
+  IN UINTN                   NumberToFinish,
+  IN UINTN                   SevEsAPJumpTable,
+  IN UINTN                   WakeupBuffer
     );

   /**
(1) This hunk modifies the parameter list of functions pointed-to by
ASM_RELOCATE_AP_LOOP.

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
index 9115ff9e3e30..7165bcf3124a 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c
@@ -330,17 +350,26 @@ RelocateApLoop (
     BOOLEAN                MwaitSupport;
     ASM_RELOCATE_AP_LOOP   AsmRelocateApLoopFunc;
     UINTN                  ProcessorNumber;
+  UINTN                  StackStart;

     MpInitLibWhoAmI (&ProcessorNumber);
     CpuMpData    = GetCpuMpData ();
     MwaitSupport = IsMwaitSupport ();
+  if (CpuMpData->SevEsIsEnabled) {
+    StackStart = CpuMpData->SevEsAPResetStackStart;
+  } else {
+    StackStart = mReservedTopOfApStack;
+  }
     AsmRelocateApLoopFunc = (ASM_RELOCATE_AP_LOOP) (UINTN)
mReservedApLoopFunc;
     AsmRelocateApLoopFunc (
       MwaitSupport,
       CpuMpData->ApTargetCState,
       CpuMpData->PmCodeSegment,
-    mReservedTopOfApStack - ProcessorNumber * AP_SAFE_STACK_SIZE,
-    (UINTN) &mNumberToFinish
+    CpuMpData->Pm16CodeSegment,
+    StackStart - ProcessorNumber * AP_SAFE_STACK_SIZE,
+    (UINTN) &mNumberToFinish,
+    CpuMpData->SevEsAPBuffer,
+    CpuMpData->WakeupBuffer
       );
     //
     // It should never reach here
(2) This hunk modifies the call site, in accordance with the prototype
change at (1).

diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
index 6956b408d004..3b8ec477b8b3 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
+++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm
@@ -465,6 +465,10 @@ BITS 16
       ;     - IP for Real Mode (two bytes)
       ;     - CS for Real Mode (two bytes)
       ;
+    ; This label is also used with AsmRelocateApLoop. During MP
finalization,
+    ; the code from PM16Mode to SwitchToRealProcEnd is copied to the
start of
+    ; the WakeupBuffer, allowing a parked AP to be booted by an OS.
+    ;
   PM16Mode:
       mov        eax, cr0                    ; Read CR0
       btr        eax, 0                      ; Set PE=0
@@ -487,32 +491,95 @@ PM16Mode:
   SwitchToRealProcEnd:

;-------------------------------------------------------------------------------------


-;  AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment,
TopOfApStack, CountTofinish);
+;  AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment,
Pm16CodeSegment, TopOfApStack, CountTofinish, SevEsAPJumpTable,
WakeupBuffer);
;-------------------------------------------------------------------------------------


   global ASM_PFX(AsmRelocateApLoop)
   ASM_PFX(AsmRelocateApLoop):
   AsmRelocateApLoopStart:
   BITS 64
(3) Unfortunately, the patch only adapts the X64 implementation of the
AsmRelocateApLoopStart() function to the new prototype; the IA32
implementation no longer matches the call site.

(I'm not sure if the intent was for the IA32 version to simply ignore
the new parameters, but even in that case, the "Pm16CodeSegment"
parameter is inserted in the middle of the parameter list, likely
offsetting the rest.)

The problem is foreshadowed even by hunk (2). Namely, in hunk (2), the

    s/mReservedTopOfApStack/StackStart/

replacement is *more difficult* to verify than necessary -- exactly
because "CpuMpData->Pm16CodeSegment" is inserted *before* it.
I can do one of two things here and just put the 3 new parameters at the
end of the function call rather than keeping the code segment parameters
together or update the IA32 call site. Let me see which looks best. But
I'll likely update the IA32 call site no matter what with at least
comments about the parameters that aren't used, either way.

Thanks,
Tom


Thanks
Laszlo


Re: [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal

Yao, Jiewen
 

If you want to add one API for a library class, we need add implementation for all library instances.

Here the DXE version should also be updated to add such capability.

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, July 31, 2020 4:55 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Yao, Jiewen <jiewen.yao@...>;
Wang, Jian J <jian.j.wang@...>
Subject: [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Qi Zhang <qi1.zhang@...>
Signed-off-by: Qi Zhang <qi1.zhang@...>
---
SecurityPkg/Include/Library/HashLib.h | 15 ++++++
.../HashLibBaseCryptoRouterPei.c | 48 +++++++++++++++++++
2 files changed, 63 insertions(+)

diff --git a/SecurityPkg/Include/Library/HashLib.h
b/SecurityPkg/Include/Library/HashLib.h
index 6ad960ad70..e2d9a62a1d 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -47,6 +47,21 @@ HashUpdate (
IN UINTN DataToHashLen

);



+/**

+ Hash sequence complete and extend to PCR.

+

+ @param HashHandle Hash handle.

+ @param DigestList Digest list.

+

+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.

+**/

+EFI_STATUS

+EFIAPI

+HashFinal (

+ IN HASH_HANDLE HashHandle,

+ OUT TPML_DIGEST_VALUES *DigestList

+ );

+

/**

Hash sequence complete and extend to PCR.



diff --git
a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
index 42cb562f67..5b9719630d 100644
---
a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
+++
b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
@@ -208,6 +208,54 @@ HashUpdate (
return EFI_SUCCESS;

}



+/**

+ Hash sequence complete and extend to PCR.

+

+ @param HashHandle Hash handle.

+ @param DigestList Digest list.

+

+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.

+**/

+EFI_STATUS

+EFIAPI

+HashFinal (

+ IN HASH_HANDLE HashHandle,

+ OUT TPML_DIGEST_VALUES *DigestList

+ )

+{

+ TPML_DIGEST_VALUES Digest;

+ HASH_INTERFACE_HOB *HashInterfaceHob;

+ HASH_HANDLE *HashCtx;

+ UINTN Index;

+ UINT32 HashMask;

+

+ HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid);

+ if (HashInterfaceHob == NULL) {

+ return EFI_UNSUPPORTED;

+ }

+

+ if (HashInterfaceHob->HashInterfaceCount == 0) {

+ return EFI_UNSUPPORTED;

+ }

+

+ CheckSupportedHashMaskMismatch (HashInterfaceHob);

+

+ HashCtx = (HASH_HANDLE *)HashHandle;

+ ZeroMem (DigestList, sizeof(*DigestList));

+

+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {

+ HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob-
HashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {

+ HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index],
&Digest);

+ Tpm2SetHashToDigestList (DigestList, &Digest);

+ }

+ }

+

+ FreePool (HashCtx);

+

+ return EFI_SUCCESS;

+}

+

/**

Hash sequence complete and extend to PCR.



--
2.26.2.windows.1


Re: [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.

Yao, Jiewen
 

Please remove FSP_MEASURE_FSPUPD check here.
It should be checked in FspMeasurementLib.

Thank you
Yao Jiewen

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, July 31, 2020 4:55 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Chiu, Chasel <chasel.chiu@...>;
Desimone, Nathaniel L <@natedesimone>; Zeng, Star
<star.zeng@...>; Zhang, Qi1 <qi1.zhang@...>
Subject: [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin
measurement.

From: Jiewen Yao <jiewen.yao@...>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <@natedesimone>
Cc: Star Zeng <star.zeng@...>
Cc: Qi Zhang <qi1.zhang@...>
Signed-off-by: Jiewen Yao <jiewen.yao@...>
---
.../FspmWrapperPeim/FspmWrapperPeim.c | 115 +++++++++++++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 ++-
.../FspsWrapperPeim/FspsWrapperPeim.c | 96 ++++++++++++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 ++--
4 files changed, 239 insertions(+), 19 deletions(-)

diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
index 265b77ed60..1533971d7f 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register
MemoryDiscoveredPpi

notify to call FspSiliconInit API.



- Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>

+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>

SPDX-License-Identifier: BSD-2-Clause-Patent



**/

@@ -25,11 +25,14 @@
#include <Library/FspWrapperPlatformLib.h>

#include <Library/FspWrapperHobProcessLib.h>

#include <Library/FspWrapperApiLib.h>

+#include <Library/FspMeasurementLib.h>



#include <Ppi/FspSiliconInitDone.h>

#include <Ppi/EndOfPeiPhase.h>

#include <Ppi/MemoryDiscovered.h>

#include <Ppi/SecPlatformInformation.h>

+#include <Ppi/Tcg.h>

+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>

#include <Library/FspWrapperApiTestLib.h>

#include <FspEas.h>

#include <FspStatusCode.h>

@@ -147,7 +150,21 @@ FspmWrapperInit (
VOID

)

{

- EFI_STATUS Status;

+ EFI_STATUS Status;

+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
*MeasurementExcludedFvPpi;

+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;

+

+ MeasurementExcludedFvPpi = AllocatePool
(sizeof(*MeasurementExcludedFvPpi));

+ ASSERT(MeasurementExcludedFvPpi != NULL);

+ MeasurementExcludedFvPpi->Count = 1;

+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspmBaseAddress);

+ MeasurementExcludedFvPpi->Fv[0].FvLength =
((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
(PcdFspmBaseAddress))->FvLength;

+

+ MeasurementExcludedPpiList = AllocatePool
(sizeof(*MeasurementExcludedPpiList));

+ ASSERT(MeasurementExcludedPpiList != NULL);

+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;

+ MeasurementExcludedPpiList->Guid =
&gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;

+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;



Status = EFI_SUCCESS;



@@ -155,6 +172,9 @@ FspmWrapperInit (
Status = PeiFspMemoryInit ();

ASSERT_EFI_ERROR (Status);

} else {

+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);

+ ASSERT_EFI_ERROR (Status);

+

PeiServicesInstallFvInfoPpi (

NULL,

(VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress),

@@ -167,6 +187,92 @@ FspmWrapperInit (
return Status;

}



+/**

+ This function is called after TCG installed PPI.

+

+ @param[in] PeiServices Pointer to PEI Services Table.

+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event
that

+ caused this function to execute.

+ @param[in] Ppi Pointer to the PPI data associated with this function.

+

+ @retval EFI_STATUS Always return EFI_SUCCESS

+**/

+EFI_STATUS

+EFIAPI

+TcgPpiNotify (

+ IN EFI_PEI_SERVICES **PeiServices,

+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,

+ IN VOID *Ppi

+ );

+

+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {

+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),

+ &gEdkiiTcgPpiGuid,

+ TcgPpiNotify

+};

+

+/**

+ This function is called after TCG installed PPI.

+

+ @param[in] PeiServices Pointer to PEI Services Table.

+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event
that

+ caused this function to execute.

+ @param[in] Ppi Pointer to the PPI data associated with this function.

+

+ @retval EFI_STATUS Always return EFI_SUCCESS

+**/

+EFI_STATUS

+EFIAPI

+TcgPpiNotify (

+ IN EFI_PEI_SERVICES **PeiServices,

+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,

+ IN VOID *Ppi

+ )

+{

+ UINT32 FspMeasureMask;

+ FSP_INFO_HEADER *FspHeaderPtr;

+

+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n"));

+

+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);

+ if (FspMeasureMask & FSP_MEASURE_FSP) {

+ if (FspMeasureMask & FSP_MEASURE_FSPT) {

+ if(FspMeasureMask & FSP_MEASURE_FSPUPD) {

+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32
(PcdFsptBaseAddress));

+ if (FspHeaderPtr == NULL) {

+ return EFI_DEVICE_ERROR;

+ }

+ DEBUG ((DEBUG_INFO, "FSPT: CfgRegionOffset 0x%x, CfgRegionSize
0x%x\n", FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize));

+ DEBUG ((DEBUG_INFO, "FSPT: PcdFsptBaseAddress 0x%x, ImageBase
0x%x\n", PcdGet32(PcdFsptBaseAddress), FspHeaderPtr->ImageBase));

+ MeasureFspFirmwareBlobWithCfg ("FSPT", PcdGet32(PcdFsptBaseAddress),

+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
PcdGet32 (PcdFsptBaseAddress))->FvLength,

+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr-
CfgRegionSize);
+ } else {

+ DEBUG ((DEBUG_ERROR, "\n QIZ: Measure FSPT\n"));

+ MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress),

+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
PcdGet32 (PcdFsptBaseAddress))->FvLength);

+ }

+ }

+ if (FspMeasureMask & FSP_MEASURE_FSPM) {

+ if(FspMeasureMask & FSP_MEASURE_FSPUPD) {

+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32
(PcdFspmBaseAddress));

+ if (FspHeaderPtr == NULL) {

+ return EFI_DEVICE_ERROR;

+ }

+ MeasureFspFirmwareBlobWithCfg ("FSPM",
PcdGet32(PcdFspmBaseAddress),

+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
PcdGet32 (PcdFspmBaseAddress))->FvLength,

+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr-
CfgRegionSize);
+ }

+ else {

+ MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress),

+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
PcdGet32 (PcdFspmBaseAddress))->FvLength);

+ }

+ }

+ }

+

+ return EFI_SUCCESS;

+}

+

/**

This is the entrypoint of PEIM



@@ -182,8 +288,13 @@ FspmWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices

)

{

+ EFI_STATUS Status;

+

DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n"));



+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);

+ ASSERT_EFI_ERROR (Status);

+

FspmWrapperInit ();



return EFI_SUCCESS;

diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
index dce7ef3d0b..c3578397b6 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register
MemoryDiscoveredPpi

# notify to call FspSiliconInit API.

#

-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>

+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>

#

# SPDX-License-Identifier: BSD-2-Clause-Patent

#

@@ -44,17 +44,22 @@
TimerLib

FspWrapperApiLib

FspWrapperApiTestLib

+ FspMeasurementLib



[Packages]

MdePkg/MdePkg.dec

+ MdeModulePkg/MdeModulePkg.dec

UefiCpuPkg/UefiCpuPkg.dec

+ SecurityPkg/SecurityPkg.dec

IntelFsp2Pkg/IntelFsp2Pkg.dec

IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec



[Pcd]

- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES

- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES

- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ##
CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
CONSUMES



[Sources]

FspmWrapperPeim.c

@@ -63,5 +68,10 @@
gFspHobGuid ## PRODUCES ## HOB

gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID



+[Ppis]

+ gEdkiiTcgPpiGuid ## NOTIFY

+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES

+

[Depex]

- gEfiPeiMasterBootModePpiGuid

+ gEfiPeiMasterBootModePpiGuid AND

+ gPeiTpmInitializationDonePpiGuid

diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
index b20f0805a0..688c82a6c8 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register
MemoryDiscoveredPpi

notify to call FspSiliconInit API.



- Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>

+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>

SPDX-License-Identifier: BSD-2-Clause-Patent



**/

@@ -24,12 +24,15 @@
#include <Library/TimerLib.h>

#include <Library/PerformanceLib.h>

#include <Library/FspWrapperApiLib.h>

+#include <Library/FspMeasurementLib.h>



#include <Ppi/FspSiliconInitDone.h>

#include <Ppi/EndOfPeiPhase.h>

#include <Ppi/MemoryDiscovered.h>

#include <Ppi/TemporaryRamDone.h>

#include <Ppi/SecPlatformInformation.h>

+#include <Ppi/Tcg.h>

+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>

#include <Library/FspWrapperApiTestLib.h>

#include <FspEas.h>

#include <FspStatusCode.h>

@@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode (
VOID

)

{

- EFI_STATUS Status;

+ EFI_STATUS Status;

+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
*MeasurementExcludedFvPpi;

+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;

+

+ MeasurementExcludedFvPpi = AllocatePool
(sizeof(*MeasurementExcludedFvPpi));

+ ASSERT(MeasurementExcludedFvPpi != NULL);

+ MeasurementExcludedFvPpi->Count = 1;

+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspsBaseAddress);

+ MeasurementExcludedFvPpi->Fv[0].FvLength =
((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
(PcdFspsBaseAddress))->FvLength;

+

+ MeasurementExcludedPpiList = AllocatePool
(sizeof(*MeasurementExcludedPpiList));

+ ASSERT(MeasurementExcludedPpiList != NULL);

+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;

+ MeasurementExcludedPpiList->Guid =
&gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;

+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;

+

+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);

+ ASSERT_EFI_ERROR (Status);

+

//

// FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI
dispatcher.

//

@@ -398,6 +419,72 @@ FspsWrapperInitDispatchMode (
return Status;

}



+/**

+ This function is called after TCG installed PPI.

+

+ @param[in] PeiServices Pointer to PEI Services Table.

+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event
that

+ caused this function to execute.

+ @param[in] Ppi Pointer to the PPI data associated with this function.

+

+ @retval EFI_STATUS Always return EFI_SUCCESS

+**/

+EFI_STATUS

+EFIAPI

+TcgPpiNotify (

+ IN EFI_PEI_SERVICES **PeiServices,

+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,

+ IN VOID *Ppi

+ );

+

+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {

+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),

+ &gEdkiiTcgPpiGuid,

+ TcgPpiNotify

+};

+

+/**

+ This function is called after TCG installed PPI.

+

+ @param[in] PeiServices Pointer to PEI Services Table.

+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event
that

+ caused this function to execute.

+ @param[in] Ppi Pointer to the PPI data associated with this function.

+

+ @retval EFI_STATUS Always return EFI_SUCCESS

+**/

+EFI_STATUS

+EFIAPI

+TcgPpiNotify (

+ IN EFI_PEI_SERVICES **PeiServices,

+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,

+ IN VOID *Ppi

+ )

+{

+ UINT32 FspMeasureMask;

+ FSP_INFO_HEADER *FspHeaderPtr;

+

+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n"));

+

+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);

+ if ((FspMeasureMask & FSP_MEASURE_FSP) && (FspMeasureMask &
FSP_MEASURE_FSPS)) {

+ if(FspMeasureMask & FSP_MEASURE_FSPUPD) {

+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32
(PcdFspsBaseAddress));

+ if (FspHeaderPtr == NULL) {

+ return EFI_DEVICE_ERROR;

+ }

+ MeasureFspFirmwareBlobWithCfg ("FSPS", PcdGet32(PcdFspsBaseAddress),

+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
PcdGet32 (PcdFspsBaseAddress))->FvLength,

+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr-
CfgRegionSize);
+ } else {

+ MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress),

+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
PcdGet32 (PcdFspsBaseAddress))->FvLength);

+ }

+ }

+

+ return EFI_SUCCESS;

+}

+

/**

This is the entrypoint of PEIM.



@@ -413,8 +500,13 @@ FspsWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices

)

{

+ EFI_STATUS Status;

+

DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n"));



+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);

+ ASSERT_EFI_ERROR (Status);

+

if (PcdGet8 (PcdFspModeSelection) == 1) {

FspsWrapperInitApiMode ();

} else {

diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
index 7da92991c8..884514747f 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register
MemoryDiscoveredPpi

# notify to call FspSiliconInit API.

#

-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>

+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>

#

# SPDX-License-Identifier: BSD-2-Clause-Patent

#

@@ -44,24 +44,30 @@
PerformanceLib

FspWrapperApiLib

FspWrapperApiTestLib

+ FspMeasurementLib



[Packages]

MdePkg/MdePkg.dec

+ MdeModulePkg/MdeModulePkg.dec

UefiCpuPkg/UefiCpuPkg.dec

+ SecurityPkg/SecurityPkg.dec

IntelFsp2Pkg/IntelFsp2Pkg.dec

IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec



[Ppis]

- gTopOfTemporaryRamPpiGuid ## PRODUCES

- gFspSiliconInitDonePpiGuid ## PRODUCES

- gEfiEndOfPeiSignalPpiGuid ## PRODUCES

- gEfiTemporaryRamDonePpiGuid ## PRODUCES

- gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY

+ gTopOfTemporaryRamPpiGuid ## PRODUCES

+ gFspSiliconInitDonePpiGuid ## PRODUCES

+ gEfiEndOfPeiSignalPpiGuid ## PRODUCES

+ gEfiTemporaryRamDonePpiGuid ## PRODUCES

+ gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY

+ gEdkiiTcgPpiGuid ## NOTIFY

+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES



[Pcd]

- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES

- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES

- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES

+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
CONSUMES



[Guids]

gFspHobGuid ## CONSUMES ## HOB

@@ -71,4 +77,5 @@
FspsWrapperPeim.c



[Depex]

- gEfiPeiMemoryDiscoveredPpiGuid

+ gEfiPeiMemoryDiscoveredPpiGuid AND

+ gPeiTpmInitializationDonePpiGuid

--
2.26.2.windows.1


Re: [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.

Yao, Jiewen
 

Please implement MeasureFspFirmwareBlobWithCfg() directly here.
MeasureFspFirmwareBlobWithCfg () should be an internal function.
MeasureFspFirmwareBlob() may call MeasureFspFirmwareBlobWithCfg() based upon PCD.

MeasureFirmwareBlobWithCfg() should not be used because it should not exist.

Thank you
Yao Jiewen

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, July 31, 2020 4:55 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Chiu, Chasel <chasel.chiu@...>;
Desimone, Nathaniel L <@natedesimone>; Zeng, Star
<star.zeng@...>; Zhang, Qi1 <qi1.zhang@...>
Subject: [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add
BaseFspMeasurementLib.

From: Jiewen Yao <jiewen.yao@...>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <@natedesimone>
Cc: Star Zeng <star.zeng@...>
Cc: Qi Zhang <qi1.zhang@...>
Signed-off-by: Jiewen Yao <jiewen.yao@...>
---
.../BaseFspMeasurementLib.inf | 37 ++++++++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 70 +++++++++++++++++++
2 files changed, 107 insertions(+)
create mode 100644
IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLi
b.inf
create mode 100644
IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c

diff --git
a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurement
Lib.inf
b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurement
Lib.inf
new file mode 100644
index 0000000000..2539164e40
--- /dev/null
+++
b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurement
Lib.inf
@@ -0,0 +1,37 @@
+## @file

+# Provides FSP measurement functions.

+#

+# This library provides MeasureFspFirmwareBlob() to measure FSP binary.

+#

+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>

+# SPDX-License-Identifier: BSD-2-Clause-Patent

+#

+##

+

+[Defines]

+ INF_VERSION = 0x00010005

+ BASE_NAME = FspMeasurementLib

+ FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B

+ MODULE_TYPE = BASE

+ VERSION_STRING = 1.0

+ LIBRARY_CLASS = FspMeasurementLib

+

+#

+# The following information is for reference only and not required by the build
tools.

+#

+# VALID_ARCHITECTURES = IA32 X64

+#

+

+[Sources]

+ FspMeasurementLib.c

+

+[Packages]

+ MdePkg/MdePkg.dec

+ MdeModulePkg/MdeModulePkg.dec

+ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec

+

+[LibraryClasses]

+ BaseLib

+ BaseMemoryLib

+ DebugLib

+ TpmMeasurementLib

diff --git
a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
new file mode 100644
index 0000000000..8a33fe97c0
--- /dev/null
+++
b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
@@ -0,0 +1,70 @@
+/** @file

+ This library is used by FSP modules to measure data to TPM.

+

+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include <Uefi.h>

+

+#include <Library/BaseMemoryLib.h>

+#include <Library/DebugLib.h>

+#include <Library/TpmMeasurementLib.h>

+#include <Library/FspMeasurementLib.h>

+

+#include <IndustryStandard/UefiTcgPlatform.h>

+

+/**

+ Mesure a FSP FirmwareBlob.

+

+ @param[in] PcrIndex PCR Index.

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFspFirmwareBlob (

+ IN UINT32 PcrIndex,

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength

+ )

+{

+ return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase,
FirmwareBlobLength);

+}

+

+/**

+ Mesure a FSP FirmwareBlob.

+

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+ @param[in] CfgRegionOffset Configuration region offset in bytes.

+ @param[in] CfgRegionSize Configuration region in bytes.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFspFirmwareBlobWithCfg (

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength,

+ IN UINT32 CfgRegionOffset,

+ IN UINT32 CfgRegionSize

+ )

+{

+ return MeasureFirmwareBlobWithCfg (Description, FirmwareBlobBase,
FirmwareBlobLength, CfgRegionOffset, CfgRegionSize);

+

+}

+

--
2.26.2.windows.1


Re: [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API.

Yao, Jiewen
 

Please remove MeasureFirmwareBlobWithCfg() API here.

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, July 31, 2020 4:55 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>;
Zhang, Qi1 <qi1.zhang@...>
Subject: [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API.

From: Jiewen Yao <jiewen.yao@...>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Qi Zhang <qi1.zhang@...>
Signed-off-by: Jiewen Yao <jiewen.yao@...>
---
.../PeiTpmMeasurementLib/EventLogRecord.c | 409 ++++++++++++++++++
.../PeiTpmMeasurementLib.inf | 5 +
2 files changed, 414 insertions(+)
create mode 100644
SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c

diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
new file mode 100644
index 0000000000..bd3d7000a1
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
@@ -0,0 +1,409 @@
+/** @file

+ This library is used by other modules to measure data to TPM.

+

+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include <PiPei.h>

+

+#include <Library/BaseMemoryLib.h>

+#include <Library/PeiServicesLib.h>

+#include <Library/PeiServicesTablePointerLib.h>

+#include <Library/DebugLib.h>

+#include <Library/ReportStatusCodeLib.h>

+#include <Library/HobLib.h>

+#include <Library/PcdLib.h>

+#include <Library/PrintLib.h>

+#include <Library/HashLib.h>

+#include <Library/TpmMeasurementLib.h>

+

+#include <Ppi/Tcg.h>

+#include <IndustryStandard/UefiTcgPlatform.h>

+

+#pragma pack (1)

+

+#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-
XXXXXXXXXXXX)"

+typedef struct {

+ UINT8 BlobDescriptionSize;

+ UINT8
BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)];

+ EFI_PHYSICAL_ADDRESS BlobBase;

+ UINT64 BlobLength;

+} PLATFORM_FIRMWARE_BLOB2_STRUCT;

+

+#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"

+typedef struct {

+ UINT8 TableDescriptionSize;

+ UINT8
TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)];

+ UINT64 NumberOfTables;

+ EFI_CONFIGURATION_TABLE TableEntry[1];

+} HANDOFF_TABLE_POINTERS2_STRUCT;

+

+#pragma pack ()

+

+/**

+ Tpm measure and log data, and extend the measurement result into a specific
PCR.

+

+ @param[in] PcrIndex PCR Index.

+ @param[in] EventType Event type.

+ @param[in] EventLog Measurement event log.

+ @param[in] LogLen Event log length in bytes.

+ @param[in] HashData The start of the data buffer to be hashed,
extended.

+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by
HashData

+ @param[in] Flags Bitmap providing additional information.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+TpmMeasureAndLogDataWithFlags (

+ IN UINT32 PcrIndex,

+ IN UINT32 EventType,

+ IN VOID *EventLog,

+ IN UINT32 LogLen,

+ IN VOID *HashData,

+ IN UINT64 HashDataLen,

+ IN UINT64 Flags

+ )

+{

+ EFI_STATUS Status;

+ EDKII_TCG_PPI *TcgPpi;

+ TCG_PCR_EVENT_HDR TcgEventHdr;

+

+ Status = PeiServicesLocatePpi(

+ &gEdkiiTcgPpiGuid,

+ 0,

+ NULL,

+ (VOID**)&TcgPpi

+ );

+ if (EFI_ERROR(Status)) {

+ return Status;

+ }

+

+ TcgEventHdr.PCRIndex = PcrIndex;

+ TcgEventHdr.EventType = EventType;

+ TcgEventHdr.EventSize = LogLen;

+

+ Status = TcgPpi->HashLogExtendEvent (

+ TcgPpi,

+ Flags,

+ HashData,

+ (UINTN)HashDataLen,

+ &TcgEventHdr,

+ EventLog

+ );

+ return Status;

+}

+

+/**

+ Get the FvName from the FV header.

+

+ Causion: The FV is untrusted input.

+

+ @param[in] FvBase Base address of FV image.

+ @param[in] FvLength Length of FV image.

+

+ @return FvName pointer

+ @retval NULL FvName is NOT found

+**/

+VOID *

+TpmMeasurementGetFvName (

+ IN EFI_PHYSICAL_ADDRESS FvBase,

+ IN UINT64 FvLength

+ )

+{

+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;

+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;

+

+ if (FvBase >= MAX_ADDRESS) {

+ return NULL;

+ }

+ if (FvLength >= MAX_ADDRESS - FvBase) {

+ return NULL;

+ }

+ if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {

+ return NULL;

+ }

+

+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;

+ if (FvHeader->Signature != EFI_FVH_SIGNATURE) {

+ return NULL;

+ }

+ if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {

+ return NULL;

+ }

+ if (FvHeader->ExtHeaderOffset +
sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {

+ return NULL;

+ }

+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase +
FvHeader->ExtHeaderOffset);

+

+ return &FvExtHeader->FvName;

+}

+

+/**

+ Mesure a FirmwareBlob.

+

+ @param[in] PcrIndex PcrIndex of the measurment.

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFirmwareBlob (

+ IN UINT32 PcrIndex,

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength

+ )

+{

+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob;

+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;

+ VOID *FvName;

+ UINT32 EventType;

+ VOID *EventLog;

+ UINT32 EventLogSize;

+ EFI_STATUS Status;

+

+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase,
FirmwareBlobLength);

+

+ if (((Description != NULL) || (FvName != NULL)) &&

+ (PcdGet32(PcdTcgPfpMeasurementRevision) >=
TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {

+ ZeroMem (&FvBlob2, sizeof(FvBlob2));

+ if (Description != NULL) {

+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
sizeof(FvBlob2.BlobDescription), "%a", Description);

+ } else {

+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);

+ }

+

+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);

+ FvBlob2.BlobBase = FirmwareBlobBase;

+ FvBlob2.BlobLength = FirmwareBlobLength;

+

+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;

+ EventLog = &FvBlob2;

+ EventLogSize = sizeof(FvBlob2);

+ } else {

+ FvBlob.BlobBase = FirmwareBlobBase;

+ FvBlob.BlobLength = FirmwareBlobLength;

+

+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;

+ EventLog = &FvBlob;

+ EventLogSize = sizeof(FvBlob);

+ }

+

+ Status = TpmMeasureAndLogData (

+ PcrIndex,

+ EventType,

+ EventLog,

+ EventLogSize,

+ (VOID*)(UINTN)FirmwareBlobBase,

+ FirmwareBlobLength

+ );

+

+ return Status;

+}

+

+/**

+ Mesure a FirmwareBlob in separation mode of FV binary and configuration.

+

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+ @param[in] CfgRegionOffset Configuration region offset in bytes.

+ @param[in] CfgRegionSize Configuration region in bytes.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFirmwareBlobWithCfg (

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength,

+ IN UINT32 CfgRegionOffset,

+ IN UINT32 CfgRegionSize

+ )

+{

+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UPDBlob;

+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UPDBlob2;

+ VOID *FvName;

+ UINT32 FvEventType;

+ VOID *FvEventLog, *UPDEventLog;

+ UINT32 FvEventLogSize, UPDEventLogSize;

+ EFI_STATUS Status;

+ HASH_HANDLE HashHandle;

+ UINT8 *HashBase;

+ UINTN HashSize;

+ TPML_DIGEST_VALUES DigestList;

+

+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase,
FirmwareBlobLength);

+

+ if (((Description != NULL) || (FvName != NULL)) &&

+ (PcdGet32(PcdTcgPfpMeasurementRevision) >=
TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {

+ ZeroMem (&FvBlob2, sizeof(FvBlob2));

+ ZeroMem (&UPDBlob2, sizeof(UPDBlob2));

+ if (Description != NULL) {

+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
sizeof(FvBlob2.BlobDescription), "%a", Description);

+ AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription,
sizeof(UPDBlob2.BlobDescription), "%aUDP", Description);

+ } else {

+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);

+ AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription,
sizeof(UPDBlob2.BlobDescription), "(%g)UDP", FvName);

+ }

+

+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);

+ FvBlob2.BlobBase = FirmwareBlobBase;

+ FvBlob2.BlobLength = FirmwareBlobLength;

+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;

+ FvEventLog = &FvBlob2;

+ FvEventLogSize = sizeof(FvBlob2);

+

+ UPDBlob2.BlobDescriptionSize = sizeof(UPDBlob2.BlobDescription);

+ UPDBlob2.BlobBase = CfgRegionOffset;

+ UPDBlob2.BlobLength = CfgRegionSize;

+ UPDEventLog = &UPDBlob2;

+ UPDEventLogSize = sizeof(UPDBlob2);

+ } else {

+ FvBlob.BlobBase = FirmwareBlobBase;

+ FvBlob.BlobLength = FirmwareBlobLength;

+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;

+ FvEventLog = &FvBlob;

+ FvEventLogSize = sizeof(FvBlob);

+

+ UPDBlob.BlobBase = CfgRegionOffset;

+ UPDBlob.BlobLength = CfgRegionSize;

+ UPDEventLog = &UPDBlob;

+ UPDEventLogSize = sizeof(UPDBlob);

+ }

+

+ // Initialize a SHA hash context.

+ Status = HashStart (&HashHandle);

+ if (EFI_ERROR (Status)) {

+ DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));

+ return Status;

+ }

+

+ // Hash FSP binary before UDP

+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;

+ HashSize = (UINTN) CfgRegionOffset;

+ Status = HashUpdate (HashHandle, HashBase, HashSize);

+ if (EFI_ERROR (Status)) {

+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));

+ return Status;

+ }

+

+ // Hash FSP binary after UDP

+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset +
CfgRegionSize;

+ HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);

+ Status = HashUpdate (HashHandle, HashBase, HashSize);

+ if (EFI_ERROR (Status)) {

+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));

+ return Status;

+ }

+

+ // Finalize the SHA hash.

+ Status = HashFinal(HashHandle, &DigestList);

+ if (EFI_ERROR (Status)) {

+ DEBUG ((DEBUG_ERROR, "HashFinal failed - %r\n", Status));

+ return Status;

+ }

+

+ Status = TpmMeasureAndLogDataWithFlags (

+ 0,

+ FvEventType,

+ FvEventLog,

+ FvEventLogSize,

+ (UINT8 *) &DigestList,

+ (UINTN) sizeof(DigestList),

+ EDKII_TCG_PRE_HASH

+ );

+ DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogDataWithFlags - %r\n",
Status));

+

+ Status = TpmMeasureAndLogData (

+ 1,

+ EV_PLATFORM_CONFIG_FLAGS,

+ UPDEventLog,

+ UPDEventLogSize,

+ (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,

+ CfgRegionSize

+ );

+ DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogData - %r\n", Status));

+

+ return Status;

+}

+/**

+ Mesure a HandoffTable.

+

+ @param[in] PcrIndex PcrIndex of the measurment.

+ @param[in] Descrption Description for this HandoffTable.

+ @param[in] TableGuid GUID of this HandoffTable.

+ @param[in] TableAddress Base address of this HandoffTable.

+ @param[in] TableLength Size in bytes of this HandoffTable.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureHandoffTable (

+ IN UINT32 PcrIndex,

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_GUID *TableGuid,

+ IN VOID *TableAddress,

+ IN UINTN TableLength

+ )

+{

+ EFI_HANDOFF_TABLE_POINTERS HandoffTables;

+ HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;

+ UINT32 EventType;

+ VOID *EventLog;

+ UINT32 EventLogSize;

+ EFI_STATUS Status;

+

+ if ((Description != NULL) &&

+ (PcdGet32(PcdTcgPfpMeasurementRevision) >=
TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {

+ ZeroMem (&HandoffTables2, sizeof(HandoffTables2));

+ AsciiSPrint((CHAR8*)HandoffTables2.TableDescription,
sizeof(HandoffTables2.TableDescription), "%a", Description);

+

+ HandoffTables2.TableDescriptionSize =
sizeof(HandoffTables2.TableDescription);

+ HandoffTables2.NumberOfTables = 1;

+ CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);

+ HandoffTables2.TableEntry[0].VendorTable = TableAddress;

+

+ EventType = EV_EFI_HANDOFF_TABLES2;

+ EventLog = &HandoffTables2;

+ EventLogSize = sizeof(HandoffTables2);

+ } else {

+ HandoffTables.NumberOfTables = 1;

+ CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);

+ HandoffTables.TableEntry[0].VendorTable = TableAddress;

+

+ EventType = EV_EFI_HANDOFF_TABLES;

+ EventLog = &HandoffTables;

+ EventLogSize = sizeof(HandoffTables);

+ }

+

+ Status = TpmMeasureAndLogData (

+ PcrIndex,

+ EventType,

+ EventLog,

+ EventLogSize,

+ TableAddress,

+ TableLength

+ );

+ return Status;

+}

diff --git
a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
index 6625d0fd01..6ff32a2bdc 100644
--- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
@@ -26,6 +26,7 @@


[Sources]

PeiTpmMeasurementLib.c

+ EventLogRecord.c



[Packages]

MdePkg/MdePkg.dec

@@ -41,10 +42,14 @@
PrintLib

PeiServicesLib

PeiServicesTablePointerLib

+ HashLib



[Ppis]

gEdkiiTcgPpiGuid ## CONSUMES



+[Pcd]

+ gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ##
CONSUMES

+

[Depex]

gEfiPeiMasterBootModePpiGuid AND

gEfiTpmDeviceSelectedGuid

--
2.26.2.windows.1


Re: [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.

Yao, Jiewen
 

Hi Qi
We should hide MeasureFspFirmwareBlobWithCfg() as an internal function.
The MeasureFspFirmwareBlob() should decide hash FV with or without CFG based upon PCD.

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, July 31, 2020 4:55 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Chiu, Chasel <chasel.chiu@...>;
Desimone, Nathaniel L <@natedesimone>; Zeng, Star
<star.zeng@...>; Zhang, Qi1 <qi1.zhang@...>
Subject: [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.

From: Jiewen Yao <jiewen.yao@...>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <@natedesimone>
Cc: Star Zeng <star.zeng@...>
Cc: Qi Zhang <qi1.zhang@...>
Signed-off-by: Jiewen Yao <jiewen.yao@...>
---
.../Include/Library/FspMeasurementLib.h | 65 +++++++++++++++++++
1 file changed, 65 insertions(+)
create mode 100644
IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h

diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
new file mode 100644
index 0000000000..ca02ecdf1f
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
@@ -0,0 +1,65 @@
+/** @file

+ This library is used by FSP modules to measure data to TPM.

+

+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#ifndef _FSP_MEASUREMENT_LIB_H_

+#define _FSP_MEASUREMENT_LIB_H_

+

+#define FSP_MEASURE_FSP BIT0

+#define FSP_MEASURE_FSPT BIT1

+#define FSP_MEASURE_FSPM BIT2

+#define FSP_MEASURE_FSPS BIT3

+#define FSP_MEASURE_FSPUPD BIT31

+

+/**

+ Mesure a FSP FirmwareBlob.

+

+ @param[in] PcrIndex PCR Index.

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFspFirmwareBlob (

+ IN UINT32 PcrIndex,

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength

+ );

+

+/**

+ Mesure a FSP FirmwareBlob.

+

+ @param[in] PcrIndex PCR Index.

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+ @param[in] CfgRegionOffset Configuration region offset in bytes.

+ @param[in] CfgRegionSize Configuration region in bytes.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFspFirmwareBlobWithCfg (

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength,

+ IN UINT32 CfgRegionOffset,

+ IN UINT32 CfgRegionSize

+ );

+

+#endif

--
2.26.2.windows.1


Re: [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib.

Yao, Jiewen
 

Hi Qi
The PEI FV does not have CfgRegion concept.
We should remove MeasureFirmwareBlobWithCfg().

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, July 31, 2020 4:54 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>;
Wu, Hao A <hao.a.wu@...>; Zhang, Qi1 <qi1.zhang@...>
Subject: [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to
TpmMeasurmentLib.

From: Jiewen Yao <jiewen.yao@...>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Qi Zhang <qi1.zhang@...>
Signed-off-by: Jiewen Yao <jiewen.yao@...>
---
.../Include/Library/TpmMeasurementLib.h | 71 ++++++++++++++++++-
1 file changed, 70 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Include/Library/TpmMeasurementLib.h
b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
index ddf6723f03..cd4d175918 100644
--- a/MdeModulePkg/Include/Library/TpmMeasurementLib.h
+++ b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
@@ -1,7 +1,7 @@
/** @file

This library is used by other modules to measure data to TPM.



-Copyright (c) 2012, Intel Corporation. All rights reserved. <BR>

+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved. <BR>

SPDX-License-Identifier: BSD-2-Clause-Patent



**/

@@ -35,4 +35,73 @@ TpmMeasureAndLogData (
IN UINT64 HashDataLen

);



+/**

+ Mesure a FirmwareBlob.

+

+ @param[in] PcrIndex PCR Index.

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFirmwareBlob (

+ IN UINT32 PcrIndex,

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength

+ );

+

+/**

+ Mesure a FirmwareBlob in separation mode of FV binary and configuration.

+

+ @param[in] Descrption Description for this FirmwareBlob.

+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.

+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.

+ @param[in] CfgRegionOffset Configuration region offset in bytes.

+ @param[in] CfgRegionSize Configuration region in bytes.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureFirmwareBlobWithCfg (

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,

+ IN UINT64 FirmwareBlobLength,

+ IN UINT32 CfgRegionOffset,

+ IN UINT32 CfgRegionSize

+ );

+/**

+ Mesure a HandoffTable.

+

+ @param[in] PcrIndex PcrIndex of the measurment.

+ @param[in] Descrption Description for this HandoffTable.

+ @param[in] TableGuid GUID of this HandoffTable.

+ @param[in] TableAddress Base address of this HandoffTable.

+ @param[in] TableLength Size in bytes of this HandoffTable.

+

+ @retval EFI_SUCCESS Operation completed successfully.

+ @retval EFI_UNSUPPORTED TPM device not available.

+ @retval EFI_OUT_OF_RESOURCES Out of memory.

+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.

+*/

+EFI_STATUS

+EFIAPI

+MeasureHandoffTable (

+ IN UINT32 PcrIndex,

+ IN CHAR8 *Description OPTIONAL,

+ IN EFI_GUID *TableGuid,

+ IN VOID *TableAddress,

+ IN UINTN TableLength

+ );

+

#endif

--
2.26.2.windows.1


[PATCH 1/1] Maintainers.txt: Add bhyve reviewers

Rebecca Cran
 

Bhyve files are under OvmfPkg, in OvmfPkg/Bhyve and
various files in OvmfPkg/Library and OvmfPkg/Include.

Update Maintainers.txt to indicate reviewers for all
bhyve-specific files.

Signed-off-by: Rebecca Cran <@bcran>
Cc: Andrew Fish <afish@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
---
Maintainers.txt | 13 +++++++++++++
1 file changed, 13 insertions(+)

diff --git a/Maintainers.txt b/Maintainers.txt
index 5504bb3d17cc..569bd2511a69 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -398,6 +398,19 @@ M: Laszlo Ersek <lersek@...>
M: Ard Biesheuvel <ard.biesheuvel@...>
S: Maintained

+OvmfPkg: bhyve-related modules
+F: OvmfPkg/Bhyve/
+F: OvmfPkg/Include/IndustryStandard/Bhyve.h
+F: OvmfPkg/Include/Library/BhyveFwCtlLib.h
+F: OvmfPkg/Library/AcpiTimerLib/BaseAcpiTimerLibBhyve.c
+F: OvmfPkg/Library/AcpiTimerLib/BaseAcpiTimerLibBhyve.inf
+F: OvmfPkg/Library/BhyveFwCtlLib/
+F: OvmfPkg/Library/PlatformBootManagerLibBhyve/
+F: OvmfPkg/Library/ResetSystemLib/BaseResetShutdownBhyve.c
+F: OvmfPkg/Library/ResetSystemLib/BaseResetSystemLibBhyve.inf
+R: Rebecca Cran <@bcran>
+R: Peter Grehan <grehan@...>
+
OvmfPkg: CSM modules
F: OvmfPkg/Csm/
R: David Woodhouse <dwmw2@...>
--
2.25.1


TianoCore Design Meeting - APAC/NAMO - Fri, 08/07/2020 9:30am-10:30am #cal-reminder

devel@edk2.groups.io Calendar <devel@...>
 

Reminder: TianoCore Design Meeting - APAC/NAMO

When: Friday, 7 August 2020, 9:30am to 10:30am, (GMT+08:00) Asia/Chongqing

Where:https://zoom.us/j/299494771

View Event

Organizer: Ray Ni ray.ni@...

Description:

For more info, see here: https://www.tianocore.org/design-meeting/

Join Zoom Meeting

https://zoom.us/j/299494771

Meeting ID: 299 494 771

One tap mobile

+16699009128,,299494771# US (San Jose)

+13462487799,,299494771# US (Houston)

Dial by your location

​ +1 669 900 9128 US (San Jose)

​ +1 346 248 7799 US (Houston)

​ +1 301 715 8592 US

​ +1 312 626 6799 US (Chicago)

​ +1 646 558 8656 US (New York)

​ +1 253 215 8782 US

Meeting ID: 299 494 771

Find your local number: https://zoom.us/u/ajd9Bs4kZ


[PATCH] [EmbeddedPkg]:Update PrePiLib to return DxeCoreEntrypoint

Guo Dong
 

Added LoadDxeCore() API to return DxeCore entry point after loading DxeCore
from FV, and del LoadDxeCoreFromFfsFile() as it is replaced by LoadDxeCore().
Update LoadDxeCoreFromFv() to use LoadDxeCore() to reduce code, and its
behavior is same.
Updated FfsProcessSection() to support both IA32 and X64 build.
With this patch, PrePiLib could be used by UefiPayloadPkg to load DxeCore
and get its entry point.

Signed-off-by: Guo Dong <guo.dong@...>
---
EmbeddedPkg/Include/Library/PrePiLib.h | 17 ++++++++++++++---
EmbeddedPkg/Library/PrePiLib/FwVol.c | 2 +-
EmbeddedPkg/Library/PrePiLib/PrePiLib.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------
3 files changed, 68 insertions(+), 46 deletions(-)

diff --git a/EmbeddedPkg/Include/Library/PrePiLib.h b/EmbeddedPkg/Include/Library/PrePiLib.h
index 54f8e1e582..269907108e 100644
--- a/EmbeddedPkg/Include/Library/PrePiLib.h
+++ b/EmbeddedPkg/Include/Library/PrePiLib.h
@@ -735,11 +735,22 @@ LoadPeCoffImage (
OUT EFI_PHYSICAL_ADDRESS *EntryPoint
);

+
+/**
+ Load DXE core from FV and return DXE core entrypoint.
+
+ @param[in] FvInstance The FV instance to search DXE core. Will search all the FVs if it is NULL.
+ @param[out] EntryPoint DXE core entrypoint.
+
+ @return EFI_SUCCESS The DxeCore is loaded successfully.
+ @return Others Failed to load the DxeCore.
+
+**/
EFI_STATUS
EFIAPI
-LoadDxeCoreFromFfsFile (
- IN EFI_PEI_FILE_HANDLE FileHandle,
- IN UINTN StackSize
+LoadDxeCore (
+ IN UINTN *FvInstance, OPTIONAL
+ OUT EFI_PHYSICAL_ADDRESS *EntryPoint
);

EFI_STATUS
diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c b/EmbeddedPkg/Library/PrePiLib/FwVol.c
index 881506eddd..46ea5f733f 100644
--- a/EmbeddedPkg/Library/PrePiLib/FwVol.c
+++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c
@@ -298,7 +298,7 @@ FfsProcessSection (
UINT16 SectionAttribute;
UINT32 AuthenticationStatus;
CHAR8 *CompressedData;
- UINTN CompressedDataLength;
+ UINT32 CompressedDataLength;


*OutputBuffer = NULL;
diff --git a/EmbeddedPkg/Library/PrePiLib/PrePiLib.c b/EmbeddedPkg/Library/PrePiLib/PrePiLib.c
index afbe146632..c18b30e22e 100644
--- a/EmbeddedPkg/Library/PrePiLib/PrePiLib.c
+++ b/EmbeddedPkg/Library/PrePiLib/PrePiLib.c
@@ -119,30 +119,52 @@ VOID
IN VOID *HobStart
);

+/**
+ Load DXE core from FV and return DXE core entrypoint.
+
+ @param[in] FvInstance The FV instance to search DXE core. Will search all the FVs if it is NULL.
+ @param[out] EntryPoint DXE core entrypoint.
+
+ @return EFI_SUCCESS The DxeCore is loaded successfully.
+ @return Others Failed to load the DxeCore.
+
+**/
EFI_STATUS
EFIAPI
-LoadDxeCoreFromFfsFile (
- IN EFI_PEI_FILE_HANDLE FileHandle,
- IN UINTN StackSize
+LoadDxeCore (
+ IN UINTN *FvInstance, OPTIONAL
+ OUT EFI_PHYSICAL_ADDRESS *EntryPoint
)
{
EFI_STATUS Status;
+ EFI_PEI_FV_HANDLE VolumeHandle;
+ EFI_PEI_FILE_HANDLE FileHandle;
VOID *PeCoffImage;
EFI_PHYSICAL_ADDRESS ImageAddress;
UINT64 ImageSize;
- EFI_PHYSICAL_ADDRESS EntryPoint;
- VOID *BaseOfStack;
- VOID *TopOfStack;
- VOID *Hob;
EFI_FV_FILE_INFO FvFileInfo;

+ FileHandle = NULL;
+ if (FvInstance != NULL) {
+ //
+ // Caller passed in a specific FV to try, so only try that one
+ //
+ Status = FfsFindNextVolume (*FvInstance, &VolumeHandle);
+ if (!EFI_ERROR (Status)) {
+ Status = FfsFindNextFile (EFI_FV_FILETYPE_DXE_CORE, VolumeHandle, &FileHandle);
+ }
+ } else {
+ Status = FfsAnyFvFindFirstFile (EFI_FV_FILETYPE_DXE_CORE, &VolumeHandle, &FileHandle);
+ DEBUG ((EFI_D_ERROR, "FfsAnyFvFindFirstFile Status = %r\n", Status));
+ }
+
Status = FfsFindSectionData (EFI_SECTION_PE32, FileHandle, &PeCoffImage);
if (EFI_ERROR (Status)) {
return Status;
}


- Status = LoadPeCoffImage (PeCoffImage, &ImageAddress, &ImageSize, &EntryPoint);
+ Status = LoadPeCoffImage (PeCoffImage, &ImageAddress, &ImageSize, EntryPoint);
// For NT32 Debug Status = SecWinNtPeiLoadFile (PeCoffImage, &ImageAddress, &ImageSize, &EntryPoint);
ASSERT_EFI_ERROR (Status);

@@ -152,13 +174,33 @@ LoadDxeCoreFromFfsFile (
Status = FfsGetFileInfo (FileHandle, &FvFileInfo);
ASSERT_EFI_ERROR (Status);

- BuildModuleHob (&FvFileInfo.FileName, (EFI_PHYSICAL_ADDRESS)(UINTN)ImageAddress, EFI_SIZE_TO_PAGES ((UINT32) ImageSize) * EFI_PAGE_SIZE, EntryPoint);
+ BuildModuleHob (&FvFileInfo.FileName, (EFI_PHYSICAL_ADDRESS)(UINTN)ImageAddress, EFI_SIZE_TO_PAGES ((UINT32) ImageSize) * EFI_PAGE_SIZE, *EntryPoint);

- DEBUG ((EFI_D_INFO | EFI_D_LOAD, "Loading DxeCore at 0x%10p EntryPoint=0x%10p\n", (VOID *)(UINTN)ImageAddress, (VOID *)(UINTN)EntryPoint));
+ DEBUG ((EFI_D_INFO | EFI_D_LOAD, "Loading DxeCore at 0x%10p EntryPoint=0x%10p\n", (VOID *)(UINTN)ImageAddress, (VOID *)(UINTN)*EntryPoint));
+
+ return EFI_SUCCESS;
+}
+
+
+EFI_STATUS
+EFIAPI
+LoadDxeCoreFromFv (
+ IN UINTN *FvInstance, OPTIONAL
+ IN UINTN StackSize
+ )
+{
+ EFI_STATUS Status;
+ EFI_PHYSICAL_ADDRESS EntryPoint;
+ VOID *BaseOfStack;
+ VOID *TopOfStack;
+ VOID *Hob;
+
+ Status = LoadDxeCore (FvInstance, &EntryPoint);
+ ASSERT_EFI_ERROR (Status);

Hob = GetHobList ();
if (StackSize == 0) {
- // User the current stack
+ // Use the current stack

((DXE_CORE_ENTRY_POINT)(UINTN)EntryPoint) (Hob);
} else {
@@ -199,37 +241,6 @@ LoadDxeCoreFromFfsFile (



-EFI_STATUS
-EFIAPI
-LoadDxeCoreFromFv (
- IN UINTN *FvInstance, OPTIONAL
- IN UINTN StackSize
- )
-{
- EFI_STATUS Status;
- EFI_PEI_FV_HANDLE VolumeHandle;
- EFI_PEI_FILE_HANDLE FileHandle = NULL;
-
- if (FvInstance != NULL) {
- //
- // Caller passed in a specific FV to try, so only try that one
- //
- Status = FfsFindNextVolume (*FvInstance, &VolumeHandle);
- if (!EFI_ERROR (Status)) {
- Status = FfsFindNextFile (EFI_FV_FILETYPE_DXE_CORE, VolumeHandle, &FileHandle);
- }
- } else {
- Status = FfsAnyFvFindFirstFile (EFI_FV_FILETYPE_DXE_CORE, &VolumeHandle, &FileHandle);
- }
-
- if (!EFI_ERROR (Status)) {
- return LoadDxeCoreFromFfsFile (FileHandle, StackSize);
- }
-
- return Status;
-}
-
-
EFI_STATUS
EFIAPI
DecompressFirstFv (
--
2.16.2.windows.1


Re: [PATCH 1/1] Add BhyvePkg, to support the bhyve hypervisor

Laszlo Ersek
 

On 07/31/20 19:32, Sean Brogan wrote:

You can see the ReadMe badge showing the broken state of edk2 master.
The build with logs can be seen here
https://dev.azure.com/tianocore/edk2-ci/_build/results?buildId=10494&view=logs&j=ec42d809-3c3b-54a9-276c-e54a8b9aaee9&t=596e0656-4def-5804-b10b-1585519aa2e8
and some of the relevant failures are added below.
Fixed in commit e557442e3f7e via
<https://github.com/tianocore/edk2/pull/847>; the badges are green again.

Laszlo


Re: [PATCH] OvmfPkg: fix DEC spec violation introduced by Bhyve addition

Laszlo Ersek
 

On 08/01/20 17:50, Laszlo Ersek wrote:
Sean reports that having two DEC files under OvmfPkg violates the DEC
spec:

An EDK II Package (directory) is a directory that contains an EDK II
package declaration (DEC) file. Only one DEC file is permitted per
directory. EDK II Packages cannot be nested within other EDK II
Packages.
Thanks to Sean for the problem report, and to Phil and Rebecca for the
fast reviews.

Merged as commit e557442e3f7e, via
<https://github.com/tianocore/edk2/pull/847>.

The badges at <https://github.com/tianocore/edk2/#core-ci-build-status>
are back to green.

Sorry about the regression.
Laszlo


Re: [Patch] UefiCpuPkg/CpuCommonFeaturesLib: Fix spelling mistake

Laszlo Ersek
 

On 08/01/20 02:28, Michael D Kinney wrote:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2357

Cc: Eric Dong <eric.dong@...>
Cc: Ray Ni <ray.ni@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Rahul Kumar <rahul1.kumar@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
UefiCpuPkg/Library/CpuCommonFeaturesLib/MachineCheck.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/MachineCheck.c b/UefiCpuPkg/Library/CpuCommonFeaturesLib/MachineCheck.c
index 844052b9a5..822126d355 100644
--- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/MachineCheck.c
+++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/MachineCheck.c
@@ -287,7 +287,7 @@ LmceSupport (

McgCap.Uint64 = AsmReadMsr64 (MSR_IA32_MCG_CAP);
if (ProcessorNumber == 0) {
- DEBUG ((EFI_D_INFO, "LMCE eanble = %x\n", (BOOLEAN) (McgCap.Bits.MCG_LMCE_P != 0)));
+ DEBUG ((EFI_D_INFO, "LMCE enable = %x\n", (BOOLEAN) (McgCap.Bits.MCG_LMCE_P != 0)));
}
return (BOOLEAN) (McgCap.Bits.MCG_LMCE_P != 0);
}
Reviewed-by: Laszlo Ersek <lersek@...>


Re: [Patch 4/6] OvmfPkg: Fix spelling mistake for occurred

Laszlo Ersek
 

On 08/01/20 03:04, Michael D Kinney wrote:
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2361

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
OvmfPkg/Bhyve/BhyveRfbDxe/GopScreen.c | 2 +-
OvmfPkg/Include/Protocol/Legacy8259.h | 2 +-
OvmfPkg/SioBusDxe/SioService.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/Bhyve/BhyveRfbDxe/GopScreen.c b/OvmfPkg/Bhyve/BhyveRfbDxe/GopScreen.c
index 0760ffb722..672a67fbe1 100644
--- a/OvmfPkg/Bhyve/BhyveRfbDxe/GopScreen.c
+++ b/OvmfPkg/Bhyve/BhyveRfbDxe/GopScreen.c
@@ -226,7 +226,7 @@ EmuGopSetMode (

@retval EFI_SUCCESS The Blt operation completed.
@retval EFI_INVALID_PARAMETER BltOperation is not valid.
- @retval EFI_DEVICE_ERROR A hardware error occured writting to the video buffer.
+ @retval EFI_DEVICE_ERROR A hardware error occurred writting to the video buffer.

**/
EFI_STATUS
diff --git a/OvmfPkg/Include/Protocol/Legacy8259.h b/OvmfPkg/Include/Protocol/Legacy8259.h
index 74bbb674ed..7fde1c8537 100644
--- a/OvmfPkg/Include/Protocol/Legacy8259.h
+++ b/OvmfPkg/Include/Protocol/Legacy8259.h
@@ -58,7 +58,7 @@ typedef enum {
@param SlaveBase The base vector for the Slave PIC in the 8259 controller.

@retval EFI_SUCCESS The new bases were programmed.
- @retval EFI_DEVICE_ERROR A device error occured programming the vector bases.
+ @retval EFI_DEVICE_ERROR A device error occurred programming the vector bases.

**/
typedef
diff --git a/OvmfPkg/SioBusDxe/SioService.c b/OvmfPkg/SioBusDxe/SioService.c
index 407132ddcd..ab8fa7676f 100644
--- a/OvmfPkg/SioBusDxe/SioService.c
+++ b/OvmfPkg/SioBusDxe/SioService.c
@@ -265,7 +265,7 @@ SioModify (
@param[in] DeviceIndex Index of the device supported by this driver.

@retval EFI_SUCCESS The child device has been created successfully.
- @retval Others Error occured during the child device creation.
+ @retval Others Error occurred during the child device creation.

**/
EFI_STATUS
Reviewed-by: Laszlo Ersek <lersek@...>

Thanks!
Laszlo


Re: [PATCH] OvmfPkg: fix DEC spec violation introduced by Bhyve addition

Rebecca Cran
 

On 8/1/20 9:50 AM, Laszlo Ersek wrote:

- Repo: https://github.com/lersek/edk2.git
Branch: bhyve_dec_fix
- Personal CI build: https://github.com/tianocore/edk2/pull/846
- Because the DEC spec violation is breaking CI, I'm going to push this
as soon as Rebecca (and hopefully Sean) confirm the change is OK.
- Rebecca, please account for the movements / renames in the present
patch in your upcoming patch for "Maintainers.txt". Thanks!

Reviewed-by: Rebecca Cran <@bcran>


Thanks! And sorry for the disruption.


--
Rebecca Cran


please review the pending MdeModulePkg patches

Laszlo Ersek
 

Hi Jian, Hao,

the following patches have been on the list for several *months* now (multiple versons):

- MdeModulePkg: Create PCDs to be used in support of SEV-ES
- MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables

The latest posted version of the containing series is v13. Direct links to the patches:

- [PATCH v13 01/46] MdeModulePkg: Create PCDs to be used in support of SEV-ES
https://edk2.groups.io/g/devel/message/63478
http://mid.mail-archive.com/5165cd142314eb080a7250733cf66b045eb9bf24.1596134638.git.thomas.lendacky@...

- [PATCH v13 05/46] MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables
https://edk2.groups.io/g/devel/message/63482
http://mid.mail-archive.com/d118943b5317fb26310ee22212ccdffd9630a681.1596134638.git.thomas.lendacky@...

Please review these patches urgently, or at least designate someone from Intel who should review these patches in your stead.

If you no longer have time for maintaining MdeModulePkg, then please propose new maintainers for the package.

Thanks,
Laszlo