Date   

Re: [PATCH v2] Platform/Intel/MinPlatformPkg: add Fsp measurement lib to dsc

Chiu, Chasel
 

Reviewed-by: Chasel Chiu <chasel.chiu@...>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Qi Zhang
Sent: Friday, August 28, 2020 4:38 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel <chasel.chiu@...>;
Desimone, Nathaniel L <nathaniel.l.desimone@...>; Liming Gao
<gaoliming@...>; Dong, Eric <eric.dong@...>
Subject: [edk2-devel] [PATCH v2] Platform/Intel/MinPlatformPkg: add Fsp
measurement lib to dsc

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2939

Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Liming Gao <gaoliming@...>
Cc: Eric Dong <eric.dong@...>
Signed-off-by: Qi Zhang <qi1.zhang@...>
---
Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
index 8e1869078c..2bcaed05a1 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
@@ -63,6 +63,10 @@

HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR
outerPei.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiT
cg2PhysicalPresenceLib.inf +
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/
BaseFspMeasurementLib.inf+
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
gRecordLib.inf+
TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmM
easurementLib.inf+ !if
gMinPlatformPkgTokenSpaceGuid.PcdPerformanceEnable == TRUE
PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformance
Lib.inf !endif--
2.26.2.windows.1


-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64748): https://edk2.groups.io/g/devel/message/64748
Mute This Topic: https://groups.io/mt/76469825/1777047
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [chasel.chiu@...]
-=-=-=-=-=-=


Re: [edk2-platforms][PATCH v2 3/3] Platform/U5SeriesPkg: Revise Readme.md

Daniel Schaefer
 

On 8/28/20 11:25 AM, Daniel Schaefer wrote:
Looks good now, however like in the other patch you also made the lines longer
again. Please wrap them, as Leif suggested. I'm sure your editor can do that
for you.
Since that won't change the content meaningfully,
Reviewed-By: Daniel Schaefer <daniel.schaefer@...>

On 8/27/20 5:43 PM, Abner Chang wrote:
Update RISC-V U5SeriesPkg Readme.md to align with the latest implementation.

Signed-off-by: Abner Chang <abner.chang@...>
Co-authored-by: Daniel Schaefer <daniel.schaefer@...>

Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Daniel Schaefer <daniel.schaefer@...>
---
  Platform/SiFive/U5SeriesPkg/Readme.md | 114 ++++++++++++++------------
  1 file changed, 60 insertions(+), 54 deletions(-)

diff --git a/Platform/SiFive/U5SeriesPkg/Readme.md b/Platform/SiFive/U5SeriesPkg/Readme.md
index 4d293e54f6..2ced71fa56 100644
--- a/Platform/SiFive/U5SeriesPkg/Readme.md
+++ b/Platform/SiFive/U5SeriesPkg/Readme.md
@@ -1,61 +1,61 @@
-# Introduction
-U5SeriesPkg provides the common EFI library and driver modules for SiFive
-U5 series core platforms. Currently the supported platforms are Freedom
-U500 VC707 platform and Freedom U540 HiFive Unleashed platform.
-
-Both platforms are built with below common packages,
-- **U5SeriesPkg**, edk2 platform branch
-  (Currently is in edk2-platforms/devel-riscvplatforms branch)
-- **RiscVPlatformPkg**, edk2 master branch
-  (Currently is in edk2-staging/RISC-V-V2 branch)
-- **RiscVPkg**, edk2 master branch
-  (Currently is in edk2-staging/RISC-V-V2 branch)
+# Introduction of SiFive U5 Series Platforms
+U5SeriesPkg provides the common EDK2 libraries and drivers for SiFive U5 series platforms. Currently the supported
+platforms are Freedom U500 VC707 platform and Freedom U540 HiFive Unleashed platform.
+
+Both platforms are built with below common edk2 packages under edk2-platforms repository,
+- [**U5SeriesPkg**](https://github.com/tianocore/edk2-platforms/tree/master/Platform/SiFive/U5SeriesPkg)
+- [**RiscVPlatformPkg**](https://github.com/tianocore/edk2-platforms/tree/master/Platform/RISC-V/PlatformPkg)
+- [**RiscVProcessorPkg**](https://github.com/tianocore/edk2-platforms/tree/master/Silicon/RISC-V/ProcessorPkg)
  ## U500 Platform
-This is a sample RISC-V EDK2 platform package used agaist SiFive Freedom U500
+This is a sample platform package used against to SiFive Freedom U500
  VC707 FPGA Dev Kit, please refer to "SiFive Freedom U500 VC707 FPGA Getting
  Started Guide" on https://www.sifive.com/documentation.
+The binary built from Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board can run on U500 VC707 FPGA board.
+```
+build -a RISCV64 -t GCC5 -p Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
+```
  ## U540 Platform
-This is a sample RISC-V EDK2 platform package used against SiFive Freedom U540
-HiFive Unleashed development board, please refer to "SiFive Freedom U540-C000
-Manual" on https://www.sifive.com.
-The binary built from Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/
-can run on main stream [QEMU](https://git.qemu.org/?p=qemu.git;a=summary)
-using qemu-system-riscv64 under riscv64-softmmu. Launch the binary with
+This is a sample platform package used for the SiFive Freedom U540 HiFive Unleashed development board, please refer to "SiFive Freedom U540-C000 Manual" on https://www.sifive.com.
+The binary built from Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/ can run on both hardware and
+[QEMU](https://git.qemu.org/?p=qemu.git;a=summary). It is confirmed that version 5.0 of QEMU can boot with this  firmware to EFI shell and Linux userspace.
+```
+build -a RISCV64 -t GCC5 -p Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
+```
+For running U540 edk2 binary on QEMU, use qemu-system-riscv64 under riscv64-softmmu to launch the binary with
+below parameters,
  ```
--cpu sifive-u54 -machine sifive_u
+qemu-system-riscv64 -cpu sifive-u54 -machine sifive_u -bios U540.fd -m 2048 -nographic -smp cpus=5,maxcpus=5
  ```
-## Download the sources
+## Download the Source Code
  ```
-git clone https://github.com/tianocore/edk2-staging.git
-# Checkout RISC-V-V2 branch
+git clone https://github.com/tianocore/edk2.git
  git clone https://github.com/tianocore/edk2-platforms.git
-# Checkout devel-riscvplatforms branch
-git clone https://github.com/tianocore/edk2-non-osi.git
+# Below to clone opensbi submodule.
+git submodule update --init
  ```
-
-## Platform Owners
-Chang, Abner <abner.chang@...>
-Chen, Gilbert <gilbert.chen@...>
+Refer to [Readme.md](https://github.com/tianocore/edk2-platforms/blob/master/Platform/RISC-V/PlatformPkg/Readme.md) for building RISC-V platforms.
  ## Platform Status
-Currently the binary built from U500Pkg can boot SiFive Freedom U500 VC707
+**FreedomU500VC707Board**
+Currently the binary built from U500 edk2 package can boot SiFive Freedom U500 VC707
  FPGA to EFI shell with console in/out enabled.
-## Linux Build Instructions
-You can build the RISC-V platform using below script,
-`build -a RISCV64  -t GCC5 -p Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc`
+**FreedomU540HiFiveUnleashedBoard**
+Currently the binary built from U540 edk2 package can boot SiFive Freedom U540 HiFive Unleashed
+to EFI shell with console in/out enabled and Linux kernel. Please refer to https://github.com/riscv/riscv-uefi-edk2-docs for booting to Linux kernel.
  ## Supported Operating Systems
-Only support to boot to EFI Shell so far.
+Please refer to https://github.com/riscv/riscv-uefi-edk2-docs.
  ## Known Issues and Limitations
  Only RISC-V RV64 is verified on this platform.
  ## Related Materials
+- [RISC-V UEFI Documents](https://github.com/riscv/riscv-uefi-edk2-docs)
  - [RISC-V OpenSbi](https://github.com/riscv/opensbi)
  - [SiFive U500 VC707 FPGA Getting Started Guide](https://sifive.cdn.prismic.io/sifive%2Fc248fabc-5e44-4412-b1c3-6bb6aac73a2c_sifive-u500-vc707-gettingstarted-v0.2.pdf)
  - [SiFive Freedom U540-C000 Manual](https://sifive.cdn.prismic.io/sifive%2F834354f0-08e6-423c-bf1f-0cb58ef14061_fu540-c000-v1.0.pdf)
@@ -63,48 +63,54 @@ Only RISC-V RV64 is verified on this platform.
  ## U5SeriesPkg Libraries and Drivers
  ### PeiCoreInfoHobLib
-This is the library to create RISC-V core characteristics for building up
-RISC-V related SMBIOS records to support the unified boot loader and OS image.
+This is the library to create RISC-V core characteristics for building up RISC-V related SMBIOS records to support
+a single boot loader  or OS image on all RISC-V platforms by discovering RISC-V hart configurations dynamically.
  This library leverage the silicon libraries provided in Silicon/SiFive.
  ### RiscVPlatformTimerLib
-This is common U5 series platform timer library which has the
-platform-specific timer implementation.
+This is common U5 series platform timer library which has the platform-specific timer implementation.
+
+### SerialLib
+This is common U5 series platform serial port library.
  ### TimerDxe
-This is U5 series platform timer DXE driver whcih has the platform-specific
-timer implementation.
+This is common U5 series platform timer DXE driver which has the platform-specific timer implementation.
  ## U500 Platform Libraries and Drivers
  ### RiscVOpensbiPlatformLib
-In order to reduce the dependencies with RISC-V OpenSBI project
-(https://github.com/riscv/opensbi) and fewer burdens to EDK2 build process, the
-implementation of RISC-V EDK2 platform is leveraging platform source code from
+In order to reduce the dependencies with RISC-V OpenSBI project (https://github.com/riscv/opensbi) and avoid duplicating
+code we use it, the implementation of RISC-V EDK2 platform is leveraging platform source code from
  OpenSBI code tree. The "platform.c" under OpenSbiPlatformLib is cloned from
-RISC-V OpenSBI code tree (in EDK2 RiscVPkg) and built based on EDK2 build
-environment.
+[RISC-V OpenSBI code tree](Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi) and built based on edk2
+build environment.
  ### PlatformPei
-This is the platform-implementation specific library which is executed in early
-PEI phase for U500 platform initialization.
+This is the platform-implementation specific library which is executed in early PEI phase for U500 platform
+initialization.
  ## U540 Platform Libraries and Drivers
  ### RiscVOpensbiPlatformLib
-In order to reduce the dependencies with RISC-V OpenSBI project
-(https://github.com/riscv/opensbi) and fewer burdens to EDK2 build process, the
-implementation of RISC-V EDK2 platform is leveraging platform source code from
+In order to reduce the dependencies with RISC-V OpenSBI project (https://github.com/riscv/opensbi) and fewer
+burdens to EDK2 build process, the implementation of RISC-V EDK2 platform is leveraging platform source code from
  OpenSBI code tree. The "platform.c" under OpenSbiPlatformLib is cloned from
-RISC-V OpenSBI code tree (in EDK2 RiscVPkg) and built based on EDK2 build
-environment.
+[RISC-V OpenSBI code tree](Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi) and built based on edk2
+build environment.
  ### PlatformPei
-This is the platform-implementation specific library which is executed in early
-PEI phase for U540 platform initialization.
+This is the platform-implementation specific library which is executed in early PEI phase for U540 platform
+initialization.
  ## U5SeriesPkg Platform PCD settings
  | **PCD name** |**Usage**|
  |----------------|----------|
+|PcdU5PlatformSystemClock| U5 series platform system clock|
  |PcdNumberofU5Cores| Number of U5 core enabled on U5 series platform|
  |PcdE5MCSupported| Indicates whether the Monitor Core (E5) is supported on U5 series platform|
  |PcdU5UartBase|Platform serial port base address|
+
+
+## Platform Owners
+Chang, Abner <abner.chang@...>
+Chen, Gilbert <gilbert.chen@...>
+Schaefer, Daniel <daniel.schaefer@...>


Re: [edk2-platforms][PATCH v2 2/3] RISC-V/PlatformPkg: Revise Readme.md

Daniel Schaefer
 

Single small thing below, then
Reviewed-By: Daniel Schaefer <daniel.schaefer@...>

On 8/27/20 5:43 PM, Abner Chang wrote:
Update RISC-V PlatformPkg Readme.md to align with the latest implementation.
Signed-off-by: Abner Chang <abner.chang@...>
Co-authored-by: Daniel Schaefer <daniel.schaefer@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Daniel Schaefer <daniel.schaefer@...>
---
Platform/RISC-V/PlatformPkg/Readme.md | 74 ++++++++++++++-------------
1 file changed, 38 insertions(+), 36 deletions(-)
diff --git a/Platform/RISC-V/PlatformPkg/Readme.md b/Platform/RISC-V/PlatformPkg/Readme.md
index 2632ebeb28..1ff649eaf7 100644
--- a/Platform/RISC-V/PlatformPkg/Readme.md
+++ b/Platform/RISC-V/PlatformPkg/Readme.md
@@ -1,49 +1,48 @@
# Introduction
-## EDK2 RISC-V Platform Packages
-RISC-V platform package provides the generic and common modules for RISC-V
-platforms. RISC-V platform package could include RiscPlatformPkg.dec to
-use the common drivers, libraries, definitions, PCDs and etc. for the
-platform development.
+## EDK2 RISC-V Platform Project
+The edk2 build architecture which is supported and verified on edk2 code base for RISC-V platforms is `RISCV64`.
+The toolchain is on RISC-V GitHub (https://github.com/riscv/riscv-gnu-toolchain) for building edk2 RISC-V binary.
+The corresponding edk2 Toolchain tag for building RISC-V platform is "GCC5" declared in `tools_def.txt`.
-There are two packages to support RISC-V:
-- `edk2-platforms/Silicon/RISC-V/ProcessorPkg/RiscVProcessorPkg.dec`
-- `edk2-platforms/Platform/RISC-V/PlatformPkg/RiscVPlatformPkg.dec`
+There are two packages to support RISC-V edk2 platforms:
+- `Silicon/RISC-V/ProcessorPkg/RiscVProcessorPkg.dec`
+- `Platform/RISC-V/PlatformPkg/RiscVPlatformPkg.dec`
-`RiscVPlatformPkg` provides SEC phase and NULL libs.
-`RiscVProcessorPkg` provides many libraries, PEIMs and DXE drivers.
+`RiscVPlatformPkg` currently provides the generic SEC driver for all RISC-V platforms, and some platform level libraries.
+`RiscVProcessorPkg` currently provides RISC-V processor related libraries, PEI modules, DXE drivers and industrial
+standard header files.
-### Download the sources ###
+## EDK2 RISC-V Platform Package
+RISC-V platform package provides the common modules for RISC-V platforms. RISC-V platform vendors could include
+RiscPlatformPkg.dec to use the common drivers, libraries, definitions, PCDs and etc. for the
+RISC-V platforms development.
+
+### Download the Source Code ###
```
git clone https://github.com/tianocore/edk2.git
+git clone https://github.com/tianocore/edk2-platforms.git
-git clone https://github.com/changab/edk2-platforms.git
-# Check out branch: riscv-smode-lib
```
-To build it, you have to follow the regular steps for EDK2 and additionally set
-an environmen variable to point to your RISC-V toolchain installation,
-including the binary prefixes:
-
+You have to follow the build steps for EDK2 (https://github.com/tianocore/tianocore.github.io/wiki/Getting-Started-with-EDK-II)
+and additionally set an environment variable to point to your RISC-V toolchain binaries for building RISC-V
+platforms,
```
+# e.g. If the toolchain binaries are under /riscv-gnu-toolchain-binaries/bin
export GCC5_RISCV64_PREFIX=/riscv-gnu-toolchain-binaries/bin/riscv64-unknown-elf-
```
-Then you can build the image for the SiFive HifiveUnleashed platform:
+Then you can build the edk2 firmware image for RISC-V platforms.
```
+# e.g. For building SiFive Hifive Unleashed platform:
build -a RISCV64 -t GCC5 -p Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
```
-### EDK2 project
-All changes in edk2 are upstream, however, most of the RISC-V code is in
-edk2-platforms. Therefore you have to check out the branch `riscv-smode-lib` on
-`github.com/changab/edk2-platforms`.
-
-The build architecture which is supported and verified so far is `RISCV64`.
-The latest master of the RISC-V toolchain https://github.com/riscv/riscv-gnu-toolchain
-should work but the latest verified commit is `b468107e701433e1caca3dbc8aef8d40`.
-Toolchain tag is "GCC5" declared in `tools_def.txt`
+## RISC-V OpenSBI Library
+RISC-V [OpenSBI](https://github.com/riscv/opensbi) is the implementation of [RISC-V SBI (Supervisor Binary Interface) specification](https://github.com/riscv/riscv-sbi-doc). For EDK2 UEFI firmware solution, RISC-V OpenSBI is integrated as a library [(submoudule)](Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi) in EDK2 RISC-V Processor Package. The RISC-V OpenSBI library is built in SEC driver
wrap this please. Preferably not cutting the links [foo](bar) in half.

+without any modifications and provides the interfaces for supervisor mode execution environment to execute privileged operations.
## RISC-V Platform PCD settings
### EDK2 Firmware Volume Settings
@@ -54,9 +53,9 @@ EDK2 Firmware volume related PCDs which declared in platform FDF file.
|PcdRiscVSecFvBase| The base address of SEC Firmware Volume|
|PcdRiscVSecFvSize| The size of SEC Firmware Volume|
|PcdRiscVPeiFvBase| The base address of PEI Firmware Volume|
-|PcdRiscVPeiFvSize| The size of SEC Firmware Volume|
+|PcdRiscVPeiFvSize| The size of PEI Firmware Volume|
|PcdRiscVDxeFvBase| The base address of DXE Firmware Volume|
-|PcdRiscVDxeFvSize| The size of SEC Firmware Volume|
+|PcdRiscVDxeFvSize| The size of DXE Firmware Volume|
### EDK2 EFI Variable Region Settings
The PCD settings regard to EFI Variable
@@ -84,21 +83,24 @@ Below PCDs could be set in platform FDF file.
|--------------|---------|
|PcdHartCount| Number of RISC-V HARTs, the value is processor-implementation specific|
|PcdBootHartId| The ID of RISC-V HART to execute main fimrware code and boot system to OS|
+|PcdBootableHartNumber|The bootable HART number, which is incorporate with RISC-V OpenSBI platform hart_index2id value|
### RISC-V OpenSBI Settings
| **PCD name** |**Usage**|
|--------------|---------|
-|PcdScratchRamBase| The base address of OpenSBI scratch buffer for all RISC-V HARTs|
-|PcdScratchRamSize| The total size of OpenSBI scratch buffer for all RISC-V HARTs|
-|PcdOpenSbiStackSize| The size of initial stack of each RISC-V HART for booting system use OpenSBI|
+|PcdScratchRamBase| The base address of RISC-V OpenSBI scratch buffer for all RISC-V HARTs|
+|PcdScratchRamSize| The total size of RISC-V OpenSBI scratch buffer for all RISC-V HARTs|
+|PcdOpenSbiStackSize| The size of initial stack of each RISC-V HART for booting system use RISC-V OpenSBI|
|PcdTemporaryRamBase| The base address of temporary memory for PEI phase|
|PcdTemporaryRamSize| The temporary memory size for PEI phase|
+|PcdPeiCorePrivilegeMode|The target RISC-V privilege mode for edk2 PEI phase|
## Supported Operating Systems
-Only support to boot to EFI Shell so far.
-
-Porting GRUB2 and Linux EFISTUB is in progress.
+Currently support boot to EFI Shell and Linux kernel.
+Refer to below link for more information,
+https://github.com/riscv/riscv-uefi-edk2-docs
## Known Issues and Limitations
-Only RISC-V RV64 is verified.
+Only RISC-V RV64 is verified on edk2.
+


Re: [edk2-platforms][PATCH v2 3/3] Platform/U5SeriesPkg: Revise Readme.md

Daniel Schaefer
 

Looks good now, however like in the other patch you also made the lines longer

again. Please wrap them, as Leif suggested. I'm sure your editor can do that

for you.

On 8/27/20 5:43 PM, Abner Chang wrote:
Update RISC-V U5SeriesPkg Readme.md to align with the latest implementation.
Signed-off-by: Abner Chang <abner.chang@...>
Co-authored-by: Daniel Schaefer <daniel.schaefer@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Daniel Schaefer <daniel.schaefer@...>
---
Platform/SiFive/U5SeriesPkg/Readme.md | 114 ++++++++++++++------------
1 file changed, 60 insertions(+), 54 deletions(-)
diff --git a/Platform/SiFive/U5SeriesPkg/Readme.md b/Platform/SiFive/U5SeriesPkg/Readme.md
index 4d293e54f6..2ced71fa56 100644
--- a/Platform/SiFive/U5SeriesPkg/Readme.md
+++ b/Platform/SiFive/U5SeriesPkg/Readme.md
@@ -1,61 +1,61 @@
-# Introduction
-U5SeriesPkg provides the common EFI library and driver modules for SiFive
-U5 series core platforms. Currently the supported platforms are Freedom
-U500 VC707 platform and Freedom U540 HiFive Unleashed platform.
-
-Both platforms are built with below common packages,
-- **U5SeriesPkg**, edk2 platform branch
- (Currently is in edk2-platforms/devel-riscvplatforms branch)
-- **RiscVPlatformPkg**, edk2 master branch
- (Currently is in edk2-staging/RISC-V-V2 branch)
-- **RiscVPkg**, edk2 master branch
- (Currently is in edk2-staging/RISC-V-V2 branch)
+# Introduction of SiFive U5 Series Platforms
+U5SeriesPkg provides the common EDK2 libraries and drivers for SiFive U5 series platforms. Currently the supported
+platforms are Freedom U500 VC707 platform and Freedom U540 HiFive Unleashed platform.
+
+Both platforms are built with below common edk2 packages under edk2-platforms repository,
+- [**U5SeriesPkg**](https://github.com/tianocore/edk2-platforms/tree/master/Platform/SiFive/U5SeriesPkg)
+- [**RiscVPlatformPkg**](https://github.com/tianocore/edk2-platforms/tree/master/Platform/RISC-V/PlatformPkg)
+- [**RiscVProcessorPkg**](https://github.com/tianocore/edk2-platforms/tree/master/Silicon/RISC-V/ProcessorPkg)
## U500 Platform
-This is a sample RISC-V EDK2 platform package used agaist SiFive Freedom U500
+This is a sample platform package used against to SiFive Freedom U500
VC707 FPGA Dev Kit, please refer to "SiFive Freedom U500 VC707 FPGA Getting
Started Guide" on https://www.sifive.com/documentation.
+The binary built from Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board can run on U500 VC707 FPGA board.
+```
+build -a RISCV64 -t GCC5 -p Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc
+```
## U540 Platform
-This is a sample RISC-V EDK2 platform package used against SiFive Freedom U540
-HiFive Unleashed development board, please refer to "SiFive Freedom U540-C000
-Manual" on https://www.sifive.com.
-The binary built from Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/
-can run on main stream [QEMU](https://git.qemu.org/?p=qemu.git;a=summary)
-using qemu-system-riscv64 under riscv64-softmmu. Launch the binary with
+This is a sample platform package used for the SiFive Freedom U540 HiFive Unleashed development board, please refer to "SiFive Freedom U540-C000 Manual" on https://www.sifive.com.
+The binary built from Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/ can run on both hardware and
+[QEMU](https://git.qemu.org/?p=qemu.git;a=summary). It is confirmed that version 5.0 of QEMU can boot with this firmware to EFI shell and Linux userspace.
+```
+build -a RISCV64 -t GCC5 -p Platform/SiFive/U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc
+```
+For running U540 edk2 binary on QEMU, use qemu-system-riscv64 under riscv64-softmmu to launch the binary with
+below parameters,
```
--cpu sifive-u54 -machine sifive_u
+qemu-system-riscv64 -cpu sifive-u54 -machine sifive_u -bios U540.fd -m 2048 -nographic -smp cpus=5,maxcpus=5
```
-## Download the sources
+## Download the Source Code
```
-git clone https://github.com/tianocore/edk2-staging.git
-# Checkout RISC-V-V2 branch
+git clone https://github.com/tianocore/edk2.git
git clone https://github.com/tianocore/edk2-platforms.git
-# Checkout devel-riscvplatforms branch
-git clone https://github.com/tianocore/edk2-non-osi.git
+# Below to clone opensbi submodule.
+git submodule update --init
```
-
-## Platform Owners
-Chang, Abner <abner.chang@...>
-Chen, Gilbert <gilbert.chen@...>
+Refer to [Readme.md](https://github.com/tianocore/edk2-platforms/blob/master/Platform/RISC-V/PlatformPkg/Readme.md) for building RISC-V platforms.
## Platform Status
-Currently the binary built from U500Pkg can boot SiFive Freedom U500 VC707
+**FreedomU500VC707Board**
+Currently the binary built from U500 edk2 package can boot SiFive Freedom U500 VC707
FPGA to EFI shell with console in/out enabled.
-## Linux Build Instructions
-You can build the RISC-V platform using below script,
-`build -a RISCV64 -t GCC5 -p Platform/SiFive/U5SeriesPkg/FreedomU500VC707Board/U500.dsc`
+**FreedomU540HiFiveUnleashedBoard**
+Currently the binary built from U540 edk2 package can boot SiFive Freedom U540 HiFive Unleashed
+to EFI shell with console in/out enabled and Linux kernel. Please refer to https://github.com/riscv/riscv-uefi-edk2-docs for booting to Linux kernel.
## Supported Operating Systems
-Only support to boot to EFI Shell so far.
+Please refer to https://github.com/riscv/riscv-uefi-edk2-docs.
## Known Issues and Limitations
Only RISC-V RV64 is verified on this platform.
## Related Materials
+- [RISC-V UEFI Documents](https://github.com/riscv/riscv-uefi-edk2-docs)
- [RISC-V OpenSbi](https://github.com/riscv/opensbi)
- [SiFive U500 VC707 FPGA Getting Started Guide](https://sifive.cdn.prismic.io/sifive%2Fc248fabc-5e44-4412-b1c3-6bb6aac73a2c_sifive-u500-vc707-gettingstarted-v0.2.pdf)
- [SiFive Freedom U540-C000 Manual](https://sifive.cdn.prismic.io/sifive%2F834354f0-08e6-423c-bf1f-0cb58ef14061_fu540-c000-v1.0.pdf)
@@ -63,48 +63,54 @@ Only RISC-V RV64 is verified on this platform.
## U5SeriesPkg Libraries and Drivers
### PeiCoreInfoHobLib
-This is the library to create RISC-V core characteristics for building up
-RISC-V related SMBIOS records to support the unified boot loader and OS image.
+This is the library to create RISC-V core characteristics for building up RISC-V related SMBIOS records to support
+a single boot loader or OS image on all RISC-V platforms by discovering RISC-V hart configurations dynamically.
This library leverage the silicon libraries provided in Silicon/SiFive.
### RiscVPlatformTimerLib
-This is common U5 series platform timer library which has the
-platform-specific timer implementation.
+This is common U5 series platform timer library which has the platform-specific timer implementation.
+
+### SerialLib
+This is common U5 series platform serial port library.
### TimerDxe
-This is U5 series platform timer DXE driver whcih has the platform-specific
-timer implementation.
+This is common U5 series platform timer DXE driver which has the platform-specific timer implementation.
## U500 Platform Libraries and Drivers
### RiscVOpensbiPlatformLib
-In order to reduce the dependencies with RISC-V OpenSBI project
-(https://github.com/riscv/opensbi) and fewer burdens to EDK2 build process, the
-implementation of RISC-V EDK2 platform is leveraging platform source code from
+In order to reduce the dependencies with RISC-V OpenSBI project (https://github.com/riscv/opensbi) and avoid duplicating
+code we use it, the implementation of RISC-V EDK2 platform is leveraging platform source code from
OpenSBI code tree. The "platform.c" under OpenSbiPlatformLib is cloned from
-RISC-V OpenSBI code tree (in EDK2 RiscVPkg) and built based on EDK2 build
-environment.
+[RISC-V OpenSBI code tree](Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi) and built based on edk2
+build environment.
### PlatformPei
-This is the platform-implementation specific library which is executed in early
-PEI phase for U500 platform initialization.
+This is the platform-implementation specific library which is executed in early PEI phase for U500 platform
+initialization.
## U540 Platform Libraries and Drivers
### RiscVOpensbiPlatformLib
-In order to reduce the dependencies with RISC-V OpenSBI project
-(https://github.com/riscv/opensbi) and fewer burdens to EDK2 build process, the
-implementation of RISC-V EDK2 platform is leveraging platform source code from
+In order to reduce the dependencies with RISC-V OpenSBI project (https://github.com/riscv/opensbi) and fewer
+burdens to EDK2 build process, the implementation of RISC-V EDK2 platform is leveraging platform source code from
OpenSBI code tree. The "platform.c" under OpenSbiPlatformLib is cloned from
-RISC-V OpenSBI code tree (in EDK2 RiscVPkg) and built based on EDK2 build
-environment.
+[RISC-V OpenSBI code tree](Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi) and built based on edk2
+build environment.
### PlatformPei
-This is the platform-implementation specific library which is executed in early
-PEI phase for U540 platform initialization.
+This is the platform-implementation specific library which is executed in early PEI phase for U540 platform
+initialization.
## U5SeriesPkg Platform PCD settings
| **PCD name** |**Usage**|
|----------------|----------|
+|PcdU5PlatformSystemClock| U5 series platform system clock|
|PcdNumberofU5Cores| Number of U5 core enabled on U5 series platform|
|PcdE5MCSupported| Indicates whether the Monitor Core (E5) is supported on U5 series platform|
|PcdU5UartBase|Platform serial port base address|
+
+
+## Platform Owners
+Chang, Abner <abner.chang@...>
+Chen, Gilbert <gilbert.chen@...>
+Schaefer, Daniel <daniel.schaefer@...>


[PATCH v2] Platform/Intel/MinPlatformPkg: add Fsp measurement lib to dsc

Qi Zhang
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2939

Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Liming Gao <gaoliming@...>
Cc: Eric Dong <eric.dong@...>
Signed-off-by: Qi Zhang <qi1.zhang@...>
---
Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc b/Pla=
tform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
index 8e1869078c..2bcaed05a1 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CorePeiLib.dsc
@@ -63,6 +63,10 @@
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRou=
terPei.inf=0D
Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/P=
eiTcg2PhysicalPresenceLib.inf=0D
=0D
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base=
FspMeasurementLib.inf=0D
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo=
gRecordLib.inf=0D
+ TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasure=
mentLib.inf=0D
+=0D
!if gMinPlatformPkgTokenSpaceGuid.PcdPerformanceEnable =3D=3D TRUE=0D
PerformanceLib|MdeModulePkg/Library/PeiPerformanceLib/PeiPerformanceLib.=
inf=0D
!endif=0D
--=20
2.26.2.windows.1


Hard Feature Freeze starts now for edk2-stable202008

gaoliming
 

Hi, all

  Today, we enter into Hard Feature Freeze phase until edk2-stable202008 tag is created at 2020-09-04. In this phase, there is no feature to be pushed. The critical bug fix is still allowed. So far, I know two patches need to catch this stable tag. Their impact is low. And, they both passed code review before HFF. If no objection, I will merge them for this stable tag.

 

https://edk2.groups.io/g/devel/message/64705 [PATCH v1 1/1] MdePkg: Correcting EFI_ACPI_DMA_TRANSFER_TYPE_16_BIT definition.

https://edk2.groups.io/g/devel/message/64728 [PATCH] MdeModulePkg/Library: change TpmMeasurementLibNull to BASE library

 

  If the patch is sent after Hard Feature Freeze, and plans to catch this stable tag, please add edk2-stable202008 key words in the patch title and BZ, and also cc to Tianocore Stewards, then Stewards can give the comments.

 

Below is edk2-stable202008 tag planning.

Date (00:00:00 UTC-8) Description

2020-06-03   Beginning of development

2020-08-07   Feature Planning Freeze

2020-08-24   Soft Feature Freeze

2020-08-28   Hard Feature Freeze

2020-09-04   Release 

 

Thanks

Liming


Re: [PATCH 0/3] add ibrary for Fsp measurement to OpenBoardPkg.

Qi Zhang
 

Thanks Liming. I will update patch.

-----Original Message-----
From: gaoliming <gaoliming@...>
Sent: Friday, August 28, 2020 3:54 PM
To: devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@...>
Cc: Chiu, Chasel <chasel.chiu@...>; Yao, Jiewen <jiewen.yao@...>;
Desimone, Nathaniel L <nathaniel.l.desimone@...>; Chaganty, Rangasai
V <rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>; 'Jeremy Soller' <jeremy@...>
Subject: 回复: [edk2-devel] [PATCH 0/3] add ibrary for Fsp measurement to
OpenBoardPkg.

This change is for edk2-platform. Now, there is no stable tag for edk2-platforms.

For this patch, can new library instances be added into MinPlatformPkg
common dsc? If so, you don't need to modify each platform DSC files.

These two library instances are added into edk2-
platforms\Platform\Intel\MinPlatformPkg\Include\Dsc\CoreCommonLib.dsc

FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/B
ase
FspMeasurementLib|FspM
easurementLib.inf

TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
TcgEventLogRecordLib|gRec
ordLib.inf

TpmMeasurementLib library instance is added into edk2-
platforms\Platform\Intel\MinPlatformPkg\Include\Dsc\CorePeiLib.dsc

TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMe
asure
TpmMeasurementLib|ment
Lib.inf

Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+64739+4905953+8761045@groups.io
<bounce+27952+64739+4905953+8761045@groups.io> 代表 Qi Zhang
发送时间: 2020年8月28日 14:38
收件人: devel@edk2.groups.io; gaoliming <gaoliming@...>
抄送: Chiu, Chasel <chasel.chiu@...>; Yao, Jiewen
<jiewen.yao@...>; Desimone, Nathaniel L
<nathaniel.l.desimone@...>; Chaganty, Rangasai V
<rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>; Jeremy Soller
<jeremy@...>
主题: Re: [edk2-devel] [PATCH 0/3] add ibrary for Fsp measurement to
OpenBoardPkg.

Hi, Liming

I also request these serial patches to catch stable tag 202008. Thanks!

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:33 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel
<chasel.chiu@...>;
Yao, Jiewen <jiewen.yao@...>; Desimone, Nathaniel L
<nathaniel.l.desimone@...>; Chaganty, Rangasai V
<rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>; Jeremy Soller
<jeremy@...>
Subject: [PATCH 0/3] add ibrary for Fsp measurement to OpenBoardPkg.

These patches also depends on one fix of edk2:
https://bugzilla.tianocore.org/show_bug.cgi?id=2939.

Cc: Chasel Chiu <chasel.chiu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@...>
Cc: Deepika Kethi Reddy <deepika.kethi.reddy@...>
Cc: Kathappan Esakkithevar <kathappan.esakkithevar@...>
Cc: Jeremy Soller <jeremy@...>

Qi Zhang (3):
Platform/Intel/CometlakeOpenBoardPkg: add ibrary for Fsp
measurement.
Platform/Intel/KabylakeOpenBoardPkg: add ibrary for Fsp measurement.
Platform/Intel/WhiskeylakeOpenBoardPkg: add ibrary for Fsp
measurement.

.../Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc
| 2 ++
Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc | 2
++
.../Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc |
2 ++
.../Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
| 2 ++
.../WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardPkg.dsc
| 2 ++
5 files changed, 10 insertions(+)

--
2.26.2.windows.1


回复: [edk2-devel] [PATCH 0/3] add ibrary for Fsp measurement to OpenBoardPkg.

gaoliming
 

This change is for edk2-platform. Now, there is no stable tag for
edk2-platforms.

For this patch, can new library instances be added into MinPlatformPkg
common dsc? If so, you don't need to modify each platform DSC files.

These two library instances are added into
edk2-platforms\Platform\Intel\MinPlatformPkg\Include\Dsc\CoreCommonLib.dsc

FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspM
easurementLib.inf

TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRec
ordLib.inf

TpmMeasurementLib library instance is added into
edk2-platforms\Platform\Intel\MinPlatformPkg\Include\Dsc\CorePeiLib.dsc

TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurement
Lib.inf

Thanks
Liming

-----邮件原件-----
发件人: bounce+27952+64739+4905953+8761045@groups.io
<bounce+27952+64739+4905953+8761045@groups.io> 代表 Qi Zhang
发送时间: 2020年8月28日 14:38
收件人: devel@edk2.groups.io; gaoliming <gaoliming@...>
抄送: Chiu, Chasel <chasel.chiu@...>; Yao, Jiewen
<jiewen.yao@...>; Desimone, Nathaniel L
<nathaniel.l.desimone@...>; Chaganty, Rangasai V
<rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>; Jeremy Soller
<jeremy@...>
主题: Re: [edk2-devel] [PATCH 0/3] add ibrary for Fsp measurement to
OpenBoardPkg.

Hi, Liming

I also request these serial patches to catch stable tag 202008. Thanks!

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:33 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel
<chasel.chiu@...>;
Yao, Jiewen <jiewen.yao@...>; Desimone, Nathaniel L
<nathaniel.l.desimone@...>; Chaganty, Rangasai V
<rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>; Jeremy Soller
<jeremy@...>
Subject: [PATCH 0/3] add ibrary for Fsp measurement to OpenBoardPkg.

These patches also depends on one fix of edk2:
https://bugzilla.tianocore.org/show_bug.cgi?id=2939.

Cc: Chasel Chiu <chasel.chiu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@...>
Cc: Deepika Kethi Reddy <deepika.kethi.reddy@...>
Cc: Kathappan Esakkithevar <kathappan.esakkithevar@...>
Cc: Jeremy Soller <jeremy@...>

Qi Zhang (3):
Platform/Intel/CometlakeOpenBoardPkg: add ibrary for Fsp
measurement.
Platform/Intel/KabylakeOpenBoardPkg: add ibrary for Fsp measurement.
Platform/Intel/WhiskeylakeOpenBoardPkg: add ibrary for Fsp
measurement.

.../Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc
| 2 ++
Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc | 2
++
.../Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc |
2 ++
.../Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
| 2 ++
.../WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardPkg.dsc
| 2 ++
5 files changed, 10 insertions(+)

--
2.26.2.windows.1


Re: [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

Wu, Hao A
 

Hello,

 

After looking into the proposed patch, I think it is reasonable to add enhanced error handling for such USB device that will fail the 2nd Device Descriptor request.

 

The flow of the current proposal is:

1. First Port Reset

2. First Device Descriptor Request for bMaxPacketSize0

3. Second Port Reset. add extra reset

4. Set USB address

5. Second Device Descriptor Request

 

For the above flow, I have a concern that a mandatory 2nd port reset may impact the performance during USB device enumeration.

So how about:

1. First Port Reset

2. First Device Descriptor Request for bMaxPacketSize0

3. Set USB address

4. Second Device Descriptor Request

5a. If the second descriptor request succeeds, the process just go on.

5b. If the second request fails:

  5b-1). Port Reset

  5b-2). Set USB address

  5b-3). Request the descriptor again

  5b-4a). If the request succeeds, the process just go on.

  5b-4b). If the request still fails, the enumeration of the device fails.

 

Also, could you help to file a Bugzilla tracker at https://bugzilla.tianocore.org/?

Please help to described the issue met in the tracker, thanks in advance.

 

Best Regards,

Hao Wu

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Feng Libo
Sent: Thursday, August 27, 2020 9:07 AM
To:
丰立波 <lbfeng@...>
Cc: Jiang, Guomin <guomin.jiang@...>; devel@edk2.groups.io; jeremy.linton@...; Wu, Hao A <hao.a.wu@...>; Ni, Ray <ray.ni@...>;
张超 <czhang@...>
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

 

Hello, 

 

How about the progress of the Patch Review?

 

Thanks

 

--

Best Regards

 

Feng Libo

ZD Technology (Beijing) Co., Ltd


发件人:"丰立波" <lbfeng@...>
发送日期:2020-08-13 10:49:33
收件人:"Jiang, Guomin" <guomin.jiang@...>
抄送人:"devel@edk2.groups.io" <devel@edk2.groups.io>,"jeremy.linton@..." <jeremy.linton@...>,"Wu, Hao A" <hao.a.wu@...>,"Ni, Ray" <ray.ni@...>,"张超" <czhang@...>
主题:Re:RE: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

Hello, Mr. Jiang,

 

Most USB PenDisk work fine with the original enumeration sequence. A few can't.

 

In Microsoft Post, they explained the cause :

In the early days of USB some USB devices would become confused by a second request for the Device Descriptor if they did not return the complete Device Descriptor for the first request.  To allow these devices to enumerate successfully it was necessary to reset the port between the first and second requests for the Device Descriptor.

 

In our experience, only three Pendisk with Innostor USB controller chip (VID=0x1F75, PID=0x917, USB3.1) fail the enumeration. We can only observed the Pendisk not responding the second Device Descriptor Request for a full Descriptor. The first Device Descriptor Request could impact some Pendisk or as Microsoft said "confuse".  

 

So, We add a second port reset after the MaxPacketSize0 request. and this second reset can clear the address that is already assigned. Then, we move the MaxPacketSize request before the address assignation.

 

That is all patch.

 

Furthermore, the USB Spec states the MaxPacketSize Request could be read through the default Pipe, the address 0. So I think it implies the MaxPacketSize Request should be prior to the address assignation, just as the enumeration sequence in the Microsoft Post.

 

Thanks

 

--

Best Regards

 

Feng Libo

ZD Technology (Beijing) Co., Ltd


发件人:"Jiang, Guomin" <guomin.jiang@...>
发送日期:2020-08-12 16:03:42
收件人:"devel@edk2.groups.io" <devel@edk2.groups.io>,"Jiang, Guomin" <guomin.jiang@...>,"lbfeng@..." <lbfeng@...>
抄送人:"jeremy.linton@..." <jeremy.linton@...>,"Wu, Hao A" <hao.a.wu@...>,"Ni, Ray" <ray.ni@...>
主题:RE: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

Hi Libo,

 

I review the USB Spec 2.0 and have some confusion when check the spec as below:

From the USB 2.0 spec:

 

Section 5.5.3 Control Transfer Packet Size Constraints

...

In order to determine the maximum packet size for the Default Control Pipe, the USB System Software

reads the device descriptor. The host will read the first eight bytes of the device descriptor. The device

always responds with at least these initial bytes in a single packet. After the host reads the initial part of the

device descriptor, it is guaranteed to have read this default pipe’s wMaxPacketSize field (byte 7 of the

device descriptor). It will then allow the correct size for all subsequent transactions. For all other control

endpoints, the maximum data payload size is known after configuration so that the USB System Software

can ensure that no data payload will be sent to the endpoint that is larger than the supported size.

...

 

Also,

Section 9.1.2 Bus Enumeration

...

3. Now that the host knows the port to which the new device has been attached, the host then waits for at

least 100 ms to allow completion of an insertion process and for power at the device to become stable.

The host then issues a port enable and reset command to that port. Refer to Section 7.1.7.5 for

sequence of events and timings of connection through device reset.

4. The hub performs the required reset processing for that port (see Section 11.5.1.5). When the reset

signal is released, the port has been enabled. The USB device is now in the Default state and can draw

no more than 100 mA from VBUS. All of its registers and state have been reset and it answers to the

default address.

5. The host assigns a unique address to the USB device, moving the device to the Address state.

6. Before the USB device receives a unique address, its Default Control Pipe is still accessible via the

default address. The host reads the device descriptor to determine what actual maximum data payload

size this USB device’s default pipe can use.

7. The host reads the configuration information from the device by reading each configuration zero to

n-1, where n is the number of configurations. This process may take several milliseconds to complete.

...

 

It seem that the original behavior follow the spec, but I don’t know why the device will not response and must reset it.

 

I notice that  you obtain the patch from https://techcommunity.microsoft.com/t5/microsoft-usb-blog/how-does-usb-stack-enumerate-a-device/ba-p/270685#:~:text=%20How%20does%20USB%20stack%20enumerate%20a%20device%3F,a%20request%20for%20the%20USB%20Device...%20More%20.

 

Do you know the device behavior from the device side when the issue happened?

 

Thanks.

Guomin

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guomin Jiang
Sent: Tuesday, August 11, 2020 7:17 PM
To: devel@edk2.groups.io; lbfeng@...
Cc: jeremy.linton@...; Wu, Hao A <hao.a.wu@...>; Ni, Ray <ray.ni@...>
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

 

+Hao, Ray,

 

Hi Libo, thanks for your explanation.

 

So I think the patch is improvement for current logic.

 

Hi Hao and Ray,

 

Can you give some comments for the change.

 

Hi Jeremy,

 

It may be helpful for the ASSERT issue https://edk2.groups.io/g/devel/message/62651,can you try it?

 

Best Regards

Guomin

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Feng Libo
Sent: Tuesday, August 11, 2020 5:50 PM
To: Jiang, Guomin <guomin.jiang@...>
Cc: devel@edk2.groups.io; jeremy.linton@...
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

 

Hello, Mr. Jiang,

 

Thank for the review.

 

The original enumeration steps in the function of UsbEnumerateNewDev of file UsbEnumer.c: 1 reset the port, 2 set the usb device address, 3 get the Max Packet Size, 4 get the full device descriptor. However, when plugging a USB PenDisk with Innostor USB

controller chip (VID=0x1F75, PID=0x917, USB3.1), the fourth step always fails, trace as below:

 

========

XhcCheckUrbResult: TRANSACTION_ERROR! Completecode = 4 XhcControlTransfer: error - Device Error, transfer - 40 UsbGetOneConfig: failed to get full descript Device Error UsbBuildDescTable: failed to get configure (index 0) UsbEnumerateNewDev: failed to build descriptor table - Device Error

=======

 

The host controller need to get the full device descriptor, but this moment, the Pendisk device doesn't response any more. Then timeout. and UsbEnumerateNewDev complains : failed to build descriptor.

 

We have three Pendisks from different manufacturers, all with Innostor USB controller chip. they all can't be enumerated all. And we observed the problem on both Huawei KunPeng(华为鲲鹏)and Loognson(龙芯)platforms.

 

The three Pendisks always fail the USB enumeration. Other USB 2.0 and USB 3.0 on hand can work well.

 

With the patch, the three pendisks and other pendisks can all work well.

 

THanks

 

--

Best Regards

 

Feng Libo

ZD Technology (Beijing) Co., Ltd


发件人:"Jiang, Guomin" <guomin.jiang@...>
发送日期:2020-08-11 08:21:10
收件人:"devel@edk2.groups.io" <devel@edk2.groups.io>,"Jiang, Guomin" <guomin.jiang@...>,"lbfeng@..." <lbfeng@...>
抄送人:"jeremy.linton@..." <jeremy.linton@...>
主题:RE: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

+Jeremy,

 

I review the patch and think it is reasonable, but I want to know some more detail information

  1. Can you provide the detail debug log about USB?
  2. The symptom always can be seen or have fail rate?

 

Best Regards

Guomin

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guomin Jiang
Sent: Thursday, August 6, 2020 12:29 PM
To: devel@edk2.groups.io; lbfeng@...
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

 

I will review it by next weekend(8/14).

 

Thanks.

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Feng Libo
Sent: Thursday, August 6, 2020 9:25 AM
To: Feng Libo <lbfeng@...>; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/UsbBusDxe: some USB PenDisk fails enumeration.

 

Hello, 

could anyone review this PATCH?

We encountered the USB enumeration problem and the patch is based on the Microsoft post as below.

https://techcommunity.microsoft.com/t5/microsoft-usb-blog/how-does-usb-stack-enumerate-a-device/ba-p/270685#:~:text=%20How%20does%20USB%20stack%20enumerate%20a%20device%3F,a%20request%20for%20the%20USB%20Device...%20More%20

Thanks

Best Regards

Feng Libo


Re: [PATCH 1/3] Platform/Intel/CometlakeOpenBoardPkg: add ibrary for Fsp measurement.

Kathappan Esakkithevar
 

Reviewed-by: Kathappan Esakkithevar <Kathappan.Esakkithevar@...>

-----Original Message-----
From: Chiu, Chasel <chasel.chiu@...>
Sent: Friday, August 28, 2020 12:07 PM
To: Zhang, Qi1 <qi1.zhang@...>; devel@edk2.groups.io
Cc: Desimone, Nathaniel L <nathaniel.l.desimone@...>; Chaganty,
Rangasai V <rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>
Subject: RE: [PATCH 1/3] Platform/Intel/CometlakeOpenBoardPkg: add
ibrary for Fsp measurement.

Reviewed-by: Chasel Chiu <chasel.chiu@...>


-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:33 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel
<chasel.chiu@...>; Desimone, Nathaniel L
<nathaniel.l.desimone@...>; Chaganty, Rangasai V
<rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>
Subject: [PATCH 1/3] Platform/Intel/CometlakeOpenBoardPkg: add ibrary
for Fsp measurement.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2939

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@...>
Cc: Deepika Kethi Reddy <deepika.kethi.reddy@...>
Cc: Kathappan Esakkithevar <kathappan.esakkithevar@...>
---
.../Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc |
2
++
1 file changed, 2 insertions(+)

diff --git
a/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg
.d
sc
b/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg
.d
sc
index 2d9dcb139f..4ea797c550 100644
---
a/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg
.d
sc
+++
b/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg
.d
sc
@@ -173,6 +173,8 @@
!endif


SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCac
he
MtrrLibNull.inf


ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpu
H
obLib/ReportCpuHobLib.inf

+
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLi
b/
BaseFspMeasurementLib.inf

+
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEvent
TcgEventLogRecordLib|Lo
gRecordLib.inf



#######################################

# Board Package

--
2.26.2.windows.1


Re: [PATCH EDK2 v2 1/1] SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset

Yao, Jiewen
 

Apology that I did not say clearly.
I mean you should not modify any code to perform an attack.

I am not asking you to exploit the system. Attack here just means: to cause system hang or buffer overflow. That is enough.
But you cannot modify code to remove any existing checker.

Thank you
Yao Jiewen

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of wenyi,xie
via groups.io
Sent: Friday, August 28, 2020 2:18 PM
To: Yao, Jiewen <jiewen.yao@...>; devel@edk2.groups.io; Laszlo Ersek
<lersek@...>; Wang, Jian J <jian.j.wang@...>
Cc: songdongkuang@...; Mathews, John <john.mathews@...>
Subject: Re: [edk2-devel] [PATCH EDK2 v2 1/1]
SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset

Hi,Jiewen,

I don't really get the meaning "create a case that bypass all checks in PeCoffLib",
do you mean I need to create a PE file that can bypass all check in PeCoffLib
without modify any
code and then cause the problem in DxeImageVerificationLib, or just modify
some code in PeCoffLib to bypass check instead of removing the calling of
PeCoffLoaderGetImageInfo. Would
you mind explaining a little more specifically? As far as I tried, it's really hard to
reproduce the issue without touching any code.

Thanks
Wenyi

On 2020/8/28 11:50, Yao, Jiewen wrote:
HI Wenyi
Thank you very much to take time to reproduce.

I am particular interested in below:
"As PE file is modified, function PeCoffLoaderGetImageInfo will return
error, so I have to remove it so that for loop can be tested in
DxeImageVerificationHandler."

By design, the PeCoffLib should catch illegal PE/COFF image and return error.
(even it cannot catch all, it should catch most ones).
Other PE/COFF parser may rely on the checker in PeCoffLib and *no need* to
duplicate all checkers.
As such, DxeImageVerificationLib (and other PeCoff consumer) just need
checks what has passed the check in PeCoffLib.

I don’t think you should remove the checker. If people can remove the checker,
I am sure the rest code will be vulnerable, according to the current design.
Could you please to create a case that bypass all checks in PeCoffLib, then run
into DxeImageVerificationLib and cause the problem? That would be more
valuable for us.

Thank you
Yao Jiewen

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
wenyi,xie
via groups.io
Sent: Friday, August 28, 2020 11:18 AM
To: Laszlo Ersek <lersek@...>; Wang, Jian J
<jian.j.wang@...>;
devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>
Cc: songdongkuang@...; Mathews, John
<john.mathews@...>
Subject: Re: [edk2-devel] [PATCH EDK2 v2 1/1]
SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset

Hi,Laszlo and everyone,

These days I tried to reproduce the issue,and made some progress. I think
there are two way to cause overflow from a mathematical point of view,
1.As Laszlo analysed before, if WinCertificate->dwLength is large enough,
close
to MAX_UINT32, then (WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate-
dwLength)) will cause overflow.
2.(WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength)) is
good,
OffSet is good, but OffSet += (WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate->dwLength)) cause overflow.

Here I choose the second way to reproduce the issue, I choose a PE file and
sign
it with my own db certificate. Then I use binary edit tool to modify the PE file
like
below,

1.change SecDataDir->Size from 0x5F8 to 0xFFFF1FFF
2.change WinCertificate->dwLength from 0x5F1 to 0xFFFF1FFE
SecDataDir->VirtualAddress in my PE is 0xe000 and no need to change.

As PE file is modified, function PeCoffLoaderGetImageInfo will return error,
so I
have to remove it so that for loop can be tested in
DxeImageVerificationHandler.
The log is as below,

SecDataDir->VirtualAddress=0xE000, SecDataDir->Size=0xFFFF1FFF.
(First Loop)
OffSet=0xE000.
WinCertificate->dwLength=0xFFFF1FFE, ALIGN_SIZE (WinCertificate-
dwLength)=0x2.
(Second Loop)
OffSet=0x0.
WinCertificate->dwLength=0x5A4D, ALIGN_SIZE (WinCertificate-
dwLength)=0x3.
(Third Loop)
OffSet=0x5A50.
WinCertificate->dwLength=0x9024, ALIGN_SIZE (WinCertificate-
dwLength)=0x4.
(Forth Loop)
OffSet=0xEA78.
WinCertificate->dwLength=0xAFAFAFAF, ALIGN_SIZE (WinCertificate-
dwLength)=0x1.
(Fifth Loop)
OffSet=0xAFB09A28.

As I modify SecDataDir->Size and WinCertificate->dwLength, so in first loop
the
condition check whether the Security Data Directory has enough room left
for
"WinCertificate->dwLength" is ok.

if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <= sizeof
(WIN_CERTIFICATE) ||
(SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) < WinCertificate-
dwLength) {
break;
}

In the beginning of second loop, WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate->dwLength) is 0xFFFF2000, offset is 0xE000

OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate-
dwLength))

Offset now is 0 and overflow happens. So even if my PE only have one
signature,
the for loop is still going untill exception happens.


I can't reproduce the issue using the first way, because if WinCertificate-
dwLength is close to MAX_UINT32, it means SecDataDir->Size should also
close
to MAX_UINT32, or the condition check
"(SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) < WinCertificate-
dwLength" will break. But if SecDataDir->Size is very large, SecDataDir-
VirtualAddress have to be smaller than 8 bytes,
because SecDataDir->VirtualAddress + SecDataDir->Size < MAX_UINT32.
SecDataDir->VirtualAddress is the beginning address of the signature, and
before
SecDataDir->VirtualAddress is the content of origin PE file, I think it's
impossible
that the size of PE file is only 8 bytes.

As I changed the one line code in DxeImageVerificationHandler to reproduce
the
issue, I'm not sure whether it's ok.

Thanks
Wenyi

On 2020/8/19 17:26, Laszlo Ersek wrote:
On 08/18/20 17:18, Mathews, John wrote:
I dug up the original report details. This was noted as a concern during a
source code inspection. There was no demonstration of how it might be
triggered.

" There is an integer overflow vulnerability in the
DxeImageVerificationHandler function when
parsing the PE files attribute certificate table. In cases where
WinCertificate-
dwLength is
sufficiently large, it's possible to overflow Offset back to 0 causing an
endless
loop."

The recommendation was to add stricter checking of "Offset" and the
embedded length fields of certificate data
before using them.
Thanks for checking!

Laszlo




-----Original Message-----
From: Laszlo Ersek <lersek@...>
Sent: Tuesday, August 18, 2020 1:59 AM
To: Wang, Jian J <jian.j.wang@...>; devel@edk2.groups.io; Yao,
Jiewen <jiewen.yao@...>; xiewenyi2@...
Cc: huangming23@...; songdongkuang@...; Mathews,
John <john.mathews@...>
Subject: Re: [edk2-devel] [PATCH EDK2 v2 1/1]
SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset

On 08/18/20 04:10, Wang, Jian J wrote:
Laszlo,

My apologies for the slow response. I'm not the original reporter but
just the BZ submitter. And I didn't do deep analysis to this issue.
The issues was reported from one internal team. Add John in loop to see
if
he knows more about it or not.

My superficial understanding on such issue is that, if there's
"potential" issue in theory and hard to reproduce, it's still worthy
of using an alternative way to replace the original implementation
with no "potential" issue at all. Maybe we don't have to prove old way is
something wrong but must prove that the new way is really safe.

I agree, thanks.

It would be nice to hear more from the internal team about the originally
reported (even if hard-to-trigger) issue.

Thanks!
Laszlo


Regards,
Jian

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Laszlo
Ersek
Sent: Tuesday, August 18, 2020 12:53 AM
To: Yao, Jiewen <jiewen.yao@...>; devel@edk2.groups.io;
xiewenyi2@...; Wang, Jian J <jian.j.wang@...>
Cc: huangming23@...; songdongkuang@...
Subject: Re: [edk2-devel] [PATCH EDK2 v2 1/1]
SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset

Hi Jiewen,

On 08/14/20 10:53, Yao, Jiewen wrote:
To Jiewen,
Sorry, I don't have environment to reproduce the issue.
Please help me understand, if you don’t have environment to
reproduce the
issue, how do you guarantee that your patch does fix the problem and
we don’t have any other vulnerabilities?

The original bug report in
<https://bugzilla.tianocore.org/show_bug.cgi?id=2215#c0> is seriously
lacking. It does not go into detail about the alleged integer overflow.
It does not quote the code, does not explain the control flow, does
not identify the exact edk2 commit at which the vulnerability exists.

The bug report also does not offer a reproducer.

Additionally, the exact statement that the bug report does make,
namely

it's possible to overflow Offset back to 0 causing an endless loop

is wrong (as far as I can tell anyway). It is not "OffSet" that can
be overflowed to zero, but the *addend* that is added to OffSet can
be overflowed to zero. Therefore the infinite loop will arise because
OffSet remains stuck at its present value, and not because OffSet
will be re-set to zero.

For the reasons, we can only speculate as to what the actual problem
is, unless Jian decides to join the discussion and clarifies what he
had in mind originally.

My understanding (or even "reconstruction") of the vulnerability is
described above, and in the patches that I proposed.

We can write a patch based on code analysis. It's possible to
identify integer overflows based on code analysis, and it's possible
to verify the correctness of fixes by code review. Obviously testing
is always good, but many times, constructing reproducers for such
issues that were found by code review, is difficult and time
consuming. We can say that we don't fix vulnerabilities without
reproducers, or we can say that we make an effort to fix them even if
all we have is code analysis (and not a reproducer).

So the above paragraph concerns "correctness". Regarding
"completeness", I guarantee you that this patch does not fix *all*
problems related to PE parsing. (See the other BZ tickets.) It does
fix *one* issue with PE parsing. We can say that we try to fix such
issues gradually (give different CVE numbers to different issues, and
address them one at a time), or we can say that we rewrite PE parsing
from the ground up.
(BTW: I have seriously attempted that in the past, and I gave up,
because the PE format is FUBAR.)

In summary:

- the problem statement is unclear,

- it seems like there is indeed an integer overflow problem in the
SecDataDir parsing loop, but it's uncertain whether the bug reporter
had exactly that in mind

- PE parsing is guaranteed to have other vulnerabilities elsewhere in
edk2, but I'm currently unaware of other such issues in
DxeImageVerificationLib specifically

- even if there are other such problems (in DxeImageVerificationLib
or elswehere), fixing this bug that we know about is likely
worthwhile

- for many such bugs, constructing a reproducer is difficult and time
consuming; code analysis, and *regression-testing* are frequently the
only tools we have. That doesn't mean we should ignore this class of
bugs.

(Fixing integer overflows retro-actively is more difficult than
writing overflow-free code in the first place, but that ship has
sailed; so we can only fight these bugs incrementally now, unless we
can rewrite PE parsing with a new data structure from the ground up.
Again I tried that and gave up, because the spec is not public, and
what I did manage to learn about PE, showed that it was insanely
over-engineered. I'm not saying that other binary / executable
formats are better, of course.)

Please check out my patches (inlined elsewhere in this thread), and
comment whether you'd like me to post them to the list as a
standalone series.

Jian: it wouldn't hurt if you commented as well.

Thanks
Laszlo

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
wenyi,xie
via groups.io
Sent: Friday, August 14, 2020 3:54 PM
To: Laszlo Ersek <lersek@...>; devel@edk2.groups.io; Yao,
Jiewen <jiewen.yao@...>; Wang, Jian J
<jian.j.wang@...>
Cc: huangming23@...; songdongkuang@...
Subject: Re: [edk2-devel] [PATCH EDK2 v2 1/1]
SecurityPkg/DxeImageVerificationLib:Enhanced verification of Offset

To Laszlo,
Thank you for your detailed description, I agree with what you
analyzed and
I'm
OK with your patches, it's
correct and much simpler.

To Jiewen,
Sorry, I don't have environment to reproduce the issue.

Thanks
Wenyi

On 2020/8/14 2:50, Laszlo Ersek wrote:
On 08/13/20 13:55, Wenyi Xie wrote:
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2215

There is an integer overflow vulnerability in
DxeImageVerificationHandler function when parsing the PE files
attribute certificate table. In cases where
WinCertificate->dwLength is sufficiently large, it's possible to
overflow Offset back to 0 causing an endless loop.

Check offset inbetween VirtualAddress and VirtualAddress + Size.
Using SafeintLib to do offset addition with result check.

Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Laszlo Ersek <lersek@...>
Signed-off-by: Wenyi Xie <xiewenyi2@...>
---

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.inf
|
1 +

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.h
|
1 +

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
|
111 +++++++++++---------
3 files changed, 63 insertions(+), 50 deletions(-)

diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.inf
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.inf
index 1e1a639857e0..a7ac4830b3d4 100644
---
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.inf
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.inf
@@ -53,6 +53,7 @@ [LibraryClasses]
SecurityManagementLib
PeCoffLib
TpmMeasurementLib
+ SafeIntLib

[Protocols]
gEfiFirmwareVolume2ProtocolGuid ##
SOMETIMES_CONSUMES
diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.h
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.h
index 17955ff9774c..060273917d5d 100644
---
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.h
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.h
@@ -23,6 +23,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DevicePathLib.h> #include
<Library/SecurityManagementLib.h> #include <Library/PeCoffLib.h>
+#include <Library/SafeIntLib.h>
#include <Protocol/FirmwareVolume2.h> #include
<Protocol/DevicePath.h> #include <Protocol/BlockIo.h> diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
index 36b87e16d53d..dbc03e28c05b 100644
---
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib
.c
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
@@ -1658,6 +1658,10 @@ DxeImageVerificationHandler (
EFI_STATUS HashStatus;
EFI_STATUS DbStatus;
BOOLEAN IsFound;
+ UINT32 AlignedLength;
+ UINT32 Result;
+ EFI_STATUS AddStatus;
+ BOOLEAN IsAuthDataAssigned;

SignatureList = NULL;
SignatureListSize = 0;
@@ -1667,6 +1671,7 @@ DxeImageVerificationHandler (
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
IsVerified = FALSE;
IsFound = FALSE;
+ Result = 0;

//
// Check the image type and get policy setting.
@@ -1850,9 +1855,10 @@ DxeImageVerificationHandler (
// The first certificate starts at offset
(SecDataDir->VirtualAddress) from
the
start of the file.
//
for (OffSet = SecDataDir->VirtualAddress;
- OffSet < (SecDataDir->VirtualAddress + SecDataDir->Size);
- OffSet += (WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate-
dwLength))) {
+ (OffSet >= SecDataDir->VirtualAddress) && (OffSet <
+ (SecDataDir-
VirtualAddress + SecDataDir->Size));) {
+ IsAuthDataAssigned = FALSE;
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
+ AlignedLength = WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate-
dwLength);

I disagree with this patch.

The primary reason for my disagreement is that the bug report
<https://bugzilla.tianocore.org/show_bug.cgi?id=2215#c0> is
inexact, and so this patch tries to fix the wrong thing.

With edk2 master at commit 65904cdbb33c, it is *not* possible to
overflow the OffSet variable to zero with "WinCertificate-
dwLength"
*purely*, and cause an endless loop. Note that we have (at commit
65904cdbb33c):

for (OffSet = SecDataDir->VirtualAddress;
OffSet < (SecDataDir->VirtualAddress + SecDataDir->Size);
OffSet += (WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate-
dwLength))) {
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet)
<= sizeof
(WIN_CERTIFICATE) ||
(SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <
WinCertificate-
dwLength) {
break;
}

The last sub-condition checks whether the Security Data Directory
has enough room left for "WinCertificate->dwLength". If not, then
we break out of the loop.

If we *do* have enough room, that is:

(SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) >=
WinCertificate-
dwLength

then we have (by adding OffSet to both sides):

SecDataDir->VirtualAddress + SecDataDir->Size >= OffSet +
WinCertificate- dwLength

The left hand side is a known-good UINT32, and so incrementing
OffSet (a
UINT32) *solely* by "WinCertificate->dwLength" (also a UINT32)
does not cause an overflow.

Instead, the problem is with the alignment. The "if" statement
checks whether we have enough room for "dwLength", but then
"OffSet" is advanced by "dwLength" *aligned up* to the next
multiple of 8. And that may indeed cause various overflows.

Now, the main problem with the present patch is that it does not
fix one of those overflows. Namely, consider that "dwLength" is
very close to
MAX_UINT32 (or even think it's exactly MAX_UINT32). Then aligning
it up to the next multiple of 8 will yield 0. In other words,
"AlignedLength"
will be zero.

And when that happens, there's going to be an infinite loop just
the
same: "OffSet" will not be zero, but it will be *stuck*. The
SafeUint32Add() call at the bottom will succeed, but it will not
change the value of "OffSet".

More at the bottom.


if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet)
<= sizeof
(WIN_CERTIFICATE) ||
(SecDataDir->VirtualAddress + SecDataDir->Size - OffSet)
<
WinCertificate->dwLength) {
break;
@@ -1872,6 +1878,8 @@ DxeImageVerificationHandler (
}
AuthData = PkcsCertData->CertData;
AuthDataSize = PkcsCertData->Hdr.dwLength -
sizeof(PkcsCertData-
Hdr);
+ IsAuthDataAssigned = TRUE;
+ HashStatus = HashPeImageByType (AuthData, AuthDataSize);
} else if (WinCertificate->wCertificateType ==
WIN_CERT_TYPE_EFI_GUID)
{
//
// The certificate is formatted as
WIN_CERTIFICATE_UEFI_GUID which
is
described in UEFI Spec.
@@ -1880,72 +1888,75 @@ DxeImageVerificationHandler (
if (WinCertUefiGuid->Hdr.dwLength <=
OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
break;
}
- if (!CompareGuid (&WinCertUefiGuid->CertType,
&gEfiCertPkcs7Guid))
{
- continue;
+ if (CompareGuid (&WinCertUefiGuid->CertType,
+ &gEfiCertPkcs7Guid))
{
+ AuthData = WinCertUefiGuid->CertData;
+ AuthDataSize = WinCertUefiGuid->Hdr.dwLength -
OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
+ IsAuthDataAssigned = TRUE;
+ HashStatus = HashPeImageByType (AuthData, AuthDataSize);
}
- AuthData = WinCertUefiGuid->CertData;
- AuthDataSize = WinCertUefiGuid->Hdr.dwLength -
OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
} else {
if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
break;
}
- continue;
}

- HashStatus = HashPeImageByType (AuthData, AuthDataSize);
- if (EFI_ERROR (HashStatus)) {
- continue;
- }
-
- //
- // Check the digital signature against the revoked certificate in
forbidden
database (dbx).
- //
- if (IsForbiddenByDbx (AuthData, AuthDataSize)) {
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
- IsVerified = FALSE;
- break;
- }
-
- //
- // Check the digital signature against the valid certificate in
allowed
database (db).
- //
- if (!IsVerified) {
- if (IsAllowedByDb (AuthData, AuthDataSize)) {
- IsVerified = TRUE;
+ if (IsAuthDataAssigned && !EFI_ERROR (HashStatus)) {
+ //
+ // Check the digital signature against the revoked
+ certificate in
forbidden
database (dbx).
+ //
+ if (IsForbiddenByDbx (AuthData, AuthDataSize)) {
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
+ IsVerified = FALSE;
+ break;
}
- }

- //
- // Check the image's hash value.
- //
- DbStatus = IsSignatureFoundInDatabase (
- EFI_IMAGE_SECURITY_DATABASE1,
- mImageDigest,
- &mCertType,
- mImageDigestSize,
- &IsFound
- );
- if (EFI_ERROR (DbStatus) || IsFound) {
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
- DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is
signed
but %s
hash of image is found in DBX.\n", mHashTypeStr));
- IsVerified = FALSE;
- break;
- }
+ //
+ // Check the digital signature against the valid
+ certificate in allowed
database (db).
+ //
+ if (!IsVerified) {
+ if (IsAllowedByDb (AuthData, AuthDataSize)) {
+ IsVerified = TRUE;
+ }
+ }

- if (!IsVerified) {
+ //
+ // Check the image's hash value.
+ //
DbStatus = IsSignatureFoundInDatabase (
- EFI_IMAGE_SECURITY_DATABASE,
+ EFI_IMAGE_SECURITY_DATABASE1,
mImageDigest,
&mCertType,
mImageDigestSize,
&IsFound
);
- if (!EFI_ERROR (DbStatus) && IsFound) {
- IsVerified = TRUE;
- } else {
- DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is
signed
but
signature is not allowed by DB and %s hash of image is not found in
DB/DBX.\n",
mHashTypeStr));
+ if (EFI_ERROR (DbStatus) || IsFound) {
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
+ DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is
+ signed
but %s hash of image is found in DBX.\n", mHashTypeStr));
+ IsVerified = FALSE;
+ break;
}
+
+ if (!IsVerified) {
+ DbStatus = IsSignatureFoundInDatabase (
+ EFI_IMAGE_SECURITY_DATABASE,
+ mImageDigest,
+ &mCertType,
+ mImageDigestSize,
+ &IsFound
+ );
+ if (!EFI_ERROR (DbStatus) && IsFound) {
+ IsVerified = TRUE;
+ } else {
+ DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is
+ signed
but
signature is not allowed by DB and %s hash of image is not found in
DB/DBX.\n",
mHashTypeStr));
+ }
+ }
+ }
+
+ AddStatus = SafeUint32Add (OffSet, AlignedLength, &Result);
+ if (EFI_ERROR (AddStatus)) {
+ break;
}
+ OffSet = Result;
}

if (OffSet != (SecDataDir->VirtualAddress + SecDataDir->Size))
{
There are other (smaller) reasons why I dislike this patch:

- The "IsAuthDataAssigned" variable is superfluous; we could use
the existent "AuthData" variable (with a NULL-check and a
NULL-assignment) similarly.

- The patch complicates / reorganizes the control flow needlessly.
This complication originates from placing the checked "OffSet"
increment at the bottom of the loop, which then requires the
removal of all the "continue" statements. But we don't need to
check-and-increment at the bottom. We can keep the increment
inside the "for" statement, only extend the *existent* room check
(which I've quoted) to take the alignment into account as well. If
there is enough room for the alignment in the security data
directory, then that guarantees there won't be a UINT32 overflow
either.

All in all, I'm proposing the following three patches instead. The
first two patches are preparation, the last patch is the fix.

Patch#1:

From 11af0a104d34d39bf1b1aab256428ae4edbddd77 Mon Sep 17
00:00:00
2001
From: Laszlo Ersek <lersek@...>
Date: Thu, 13 Aug 2020 19:11:39 +0200
Subject: [PATCH 1/3] SecurityPkg/DxeImageVerificationLib: extract
SecDataDirEnd, SecDataDirLeft

The following two quantities:

SecDataDir->VirtualAddress + SecDataDir->Size
SecDataDir->VirtualAddress + SecDataDir->Size - OffSet

are used multiple times in DxeImageVerificationHandler().
Introduce helper variables for them: "SecDataDirEnd" and
"SecDataDirLeft", respectively.
This saves us multiple calculations and significantly simplifies the
code.

Note that all three summands above have type UINT32, therefore
the new variables are also of type UINT32.

This patch does not change behavior.

(Note that the code already handles the case when the

SecDataDir->VirtualAddress + SecDataDir->Size

UINT32 addition overflows -- namely, in that case, the
certificate loop is never entered, and the corruption check right
after the loop fires.)

Signed-off-by: Laszlo Ersek <lersek@...>
---

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c |
12
++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
index 36b87e16d53d..8761980c88aa 100644
---
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib
.c
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
@@ -1652,6 +1652,8 @@ DxeImageVerificationHandler (
UINT8 *AuthData;
UINTN AuthDataSize;
EFI_IMAGE_DATA_DIRECTORY *SecDataDir;
+ UINT32 SecDataDirEnd;
+ UINT32 SecDataDirLeft;
UINT32 OffSet;
CHAR16 *NameStr;
RETURN_STATUS PeCoffStatus;
@@ -1849,12 +1851,14 @@ DxeImageVerificationHandler (
// "Attribute Certificate Table".
// The first certificate starts at offset
(SecDataDir->VirtualAddress) from
the
start of the file.
//
+ SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size;
for (OffSet = SecDataDir->VirtualAddress;
- OffSet < (SecDataDir->VirtualAddress + SecDataDir->Size);
+ OffSet < SecDataDirEnd;
OffSet += (WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate-
dwLength))) {
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
- if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <=
sizeof
(WIN_CERTIFICATE) ||
- (SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <
WinCertificate->dwLength) {
+ SecDataDirLeft = SecDataDirEnd - OffSet;
+ if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE) ||
+ SecDataDirLeft < WinCertificate->dwLength) {
break;
}

@@ -1948,7 +1952,7 @@ DxeImageVerificationHandler (
}
}

- if (OffSet != (SecDataDir->VirtualAddress + SecDataDir->Size))
{
+ if (OffSet != SecDataDirEnd) {
//
// The Size in Certificate Table or the attribute
certificate table is
corrupted.
//
--
2.19.1.3.g30247aa5d201
Patch#2:

From 72012c065a53582f7df695e7b9730c45f49226c6 Mon Sep 17
00:00:00
2001
From: Laszlo Ersek <lersek@...>
Date: Thu, 13 Aug 2020 19:19:06 +0200
Subject: [PATCH 2/3] SecurityPkg/DxeImageVerificationLib: assign
WinCertificate after size check

Currently the (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) check
only guards the de-referencing of the "WinCertificate" pointer.
It does not guard the calculation of hte pointer itself:

WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);

This is wrong; if we don't know for sure that we have enough room
for a WIN_CERTIFICATE, then even creating such a pointer, not
just de-referencing it, may invoke undefined behavior.

Move the pointer calculation after the size check.

Signed-off-by: Laszlo Ersek <lersek@...>
---

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c |
8
+++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
index 8761980c88aa..461ed7cfb5ac 100644
---
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib
.c
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
@@ -1855,10 +1855,12 @@ DxeImageVerificationHandler (
for (OffSet = SecDataDir->VirtualAddress;
OffSet < SecDataDirEnd;
OffSet += (WinCertificate->dwLength + ALIGN_SIZE
(WinCertificate-
dwLength))) {
- WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
SecDataDirLeft = SecDataDirEnd - OffSet;
- if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE) ||
- SecDataDirLeft < WinCertificate->dwLength) {
+ if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) {
+ break;
+ }
+ WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
+ if (SecDataDirLeft < WinCertificate->dwLength) {
break;
}

--
2.19.1.3.g30247aa5d201
Patch#3:

From 0bbba15b84f8f9f2cdc770a89f418aaec6cfb31e Mon Sep 17
00:00:00
2001
From: Laszlo Ersek <lersek@...>
Date: Thu, 13 Aug 2020 19:34:33 +0200
Subject: [PATCH 3/3] SecurityPkg/DxeImageVerificationLib: catch
alignment
overflow (CVE-2019-14562)

The DxeImageVerificationHandler() function currently checks
whether "SecDataDir" has enough room for
"WinCertificate->dwLength". However,
for
advancing "OffSet", "WinCertificate->dwLength" is aligned to the
next multiple of 8. If "WinCertificate->dwLength" is large
enough, the alignment will return 0, and "OffSet" will be stuck at
the
same value.

Check whether "SecDataDir" has room left for both
"WinCertificate->dwLength" and the alignment.

Signed-off-by: Laszlo Ersek <lersek@...>
---

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c |
4
+++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
index 461ed7cfb5ac..e38eb981b7a0 100644
---
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib
.c
+++
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationL
ib.c
@@ -1860,7 +1860,9 @@ DxeImageVerificationHandler (
break;
}
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
- if (SecDataDirLeft < WinCertificate->dwLength) {
+ if (SecDataDirLeft < WinCertificate->dwLength ||
+ (SecDataDirLeft - WinCertificate->dwLength <
+ ALIGN_SIZE (WinCertificate->dwLength))) {
break;
}

--
2.19.1.3.g30247aa5d201
If Wenyi and the reviewers are OK with these patches, I can submit
them as a standalone patch series.

Note that I do not have any reproducer for the issue; the best
testing that I could offer would be some light-weight Secure Boot
regression tests.

Thanks
Laszlo


.



.



Re: [PATCH] MdeModulePkg/Library: change TpmMeasurementLibNull to BASE library.

Qi Zhang
 

Hi, Jian & Hao

Could you please review this change as well? Thanks!

Qi Zhang

-----Original Message-----
From: Yao, Jiewen <jiewen.yao@...>
Sent: Friday, August 28, 2020 2:17 PM
To: Zhang, Qi1 <qi1.zhang@...>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>
Subject: RE: [PATCH] MdeModulePkg/Library: change TpmMeasurementLibNull
to BASE library.

Reviewed-by: Jiewen Yao <Jiewen.yao@...>

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:15 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Wang, Jian J
<jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Yao, Jiewen
<jiewen.yao@...>
Subject: [PATCH] MdeModulePkg/Library: change TpmMeasurementLibNull
to
BASE library.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2940

TpmMeasurementLib includes DxeTpmMeasurementLib and
PeiTpmMeasurementLib.
So need to change TpmMeasurementLibNull to BASE library to avoid build
error in some platform.

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Jiewen Yao <jiewen.yao@...>
---
.../Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c | 4 +++-
.../Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf | 6
+++---
2 files changed, 6 insertions(+), 4 deletions(-)

diff --git
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.
c
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.
c
index b9c5b68de8..ee3be62fc6 100644
---
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.
c
+++
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.
c
@@ -1,11 +1,13 @@
/** @file

This library is used by other modules to measure data to TPM.



-Copyright (c) 2015, Intel Corporation. All rights reserved. <BR>

+Copyright (c) 2015-2020, Intel Corporation. All rights reserved. <BR>

SPDX-License-Identifier: BSD-2-Clause-Patent



**/



+#include <Uefi/UefiBaseType.h>

+

/**

Tpm measure and log data, and extend the measurement result into a
specific PCR.



diff --git
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.i
n
f
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.i
n
f
index 61abcfa2ec..1db2c0d6a7 100644
---
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.i
n
f
+++
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.i
n
f
@@ -1,7 +1,7 @@
## @file

# Provides NULL TPM measurement function.

#

-# Copyright (c) 2015 - 2018, Intel Corporation. All rights
reserved.<BR>

+# Copyright (c) 2015 - 2020, Intel Corporation. All rights
+reserved.<BR>

# SPDX-License-Identifier: BSD-2-Clause-Patent

#

##

@@ -10,9 +10,9 @@
INF_VERSION = 0x00010005

BASE_NAME = TpmMeasurementLibNull

FILE_GUID = 6DFD6E9F-9278-48D8-8F45-B6CFF2C2B69C

- MODULE_TYPE = UEFI_DRIVER

+ MODULE_TYPE = BASE

VERSION_STRING = 1.0

- LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER
DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER

+ LIBRARY_CLASS = TpmMeasurementLib

MODULE_UNI_FILE = TpmMeasurementLibNull.uni



#

--
2.26.2.windows.1


Re: [PATCH 2/3] Platform/Intel/KabylakeOpenBoardPkg: add ibrary for Fsp measurement.

Chiu, Chasel
 

Reviewed-by: Chasel Chiu <chasel.chiu@...>

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:33 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel <chasel.chiu@...>;
Desimone, Nathaniel L <nathaniel.l.desimone@...>; Jeremy Soller
<jeremy@...>
Subject: [PATCH 2/3] Platform/Intel/KabylakeOpenBoardPkg: add ibrary for
Fsp measurement.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2939

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Jeremy Soller <jeremy@...>
---
Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc | 2
++
.../Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc | 2
++
2 files changed, 4 insertions(+)

diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc
b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc
index 862e6a6655..34d645be7e 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc
+++ b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc
@@ -172,6 +172,8 @@
!if $(TARGET) == DEBUG


TestPointCheckLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointCheckLib/P
eiTestPointCheckLib.inf

!endif

+
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/
BaseFspMeasurementLib.inf

+
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
gRecordLib.inf



#######################################

# Board Package

diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc
b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc
index 0b30da8f96..fdfaaa0cda 100644
---
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc
+++
b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc
@@ -213,6 +213,8 @@
!endif


SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCache
MtrrLibNull.inf


ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuH
obLib/ReportCpuHobLib.inf

+
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/
BaseFspMeasurementLib.inf

+
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
gRecordLib.inf



#######################################

# Board Package

--
2.26.2.windows.1


Re: [PATCH 0/3] add ibrary for Fsp measurement to OpenBoardPkg.

Qi Zhang
 

Hi, Liming

I also request these serial patches to catch stable tag 202008. Thanks!

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:33 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel <chasel.chiu@...>;
Yao, Jiewen <jiewen.yao@...>; Desimone, Nathaniel L
<nathaniel.l.desimone@...>; Chaganty, Rangasai V
<rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>; Jeremy Soller <jeremy@...>
Subject: [PATCH 0/3] add ibrary for Fsp measurement to OpenBoardPkg.

These patches also depends on one fix of edk2:
https://bugzilla.tianocore.org/show_bug.cgi?id=2939.

Cc: Chasel Chiu <chasel.chiu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@...>
Cc: Deepika Kethi Reddy <deepika.kethi.reddy@...>
Cc: Kathappan Esakkithevar <kathappan.esakkithevar@...>
Cc: Jeremy Soller <jeremy@...>

Qi Zhang (3):
Platform/Intel/CometlakeOpenBoardPkg: add ibrary for Fsp measurement.
Platform/Intel/KabylakeOpenBoardPkg: add ibrary for Fsp measurement.
Platform/Intel/WhiskeylakeOpenBoardPkg: add ibrary for Fsp
measurement.

.../Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc | 2 ++
Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc | 2 ++
.../Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc | 2 ++
.../Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc | 2 ++
.../WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardPkg.dsc | 2 ++
5 files changed, 10 insertions(+)

--
2.26.2.windows.1


Re: [PATCH 3/3] Platform/Intel/WhiskeylakeOpenBoardPkg: add ibrary for Fsp measurement.

Chiu, Chasel
 

Reviewed-by: Chasel Chiu <chasel.chiu@...>

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:33 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel <chasel.chiu@...>;
Desimone, Nathaniel L <nathaniel.l.desimone@...>
Subject: [PATCH 3/3] Platform/Intel/WhiskeylakeOpenBoardPkg: add ibrary
for Fsp measurement.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2939

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
---
.../Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc | 2
++
.../WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardPkg.dsc | 2
++
2 files changed, 4 insertions(+)

diff --git
a/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
b/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
index fb493973e2..ab02a2ef59 100644
---
a/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
+++
b/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
@@ -173,6 +173,8 @@
!endif


SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCache
MtrrLibNull.inf


ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuH
obLib/ReportCpuHobLib.inf

+
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/
BaseFspMeasurementLib.inf

+
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
gRecordLib.inf



#######################################

# Board Package

diff --git
a/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardP
kg.dsc
b/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardP
kg.dsc
index 9a1f107faf..0a87a3d4b2 100644
---
a/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardP
kg.dsc
+++
b/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardP
kg.dsc
@@ -173,6 +173,8 @@
!endif


SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCache
MtrrLibNull.inf


ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuH
obLib/ReportCpuHobLib.inf

+
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/
BaseFspMeasurementLib.inf

+
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
gRecordLib.inf



#######################################

# Board Package

--
2.26.2.windows.1


Re: [PATCH 1/3] Platform/Intel/CometlakeOpenBoardPkg: add ibrary for Fsp measurement.

Chiu, Chasel
 

Reviewed-by: Chasel Chiu <chasel.chiu@...>

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:33 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Chiu, Chasel <chasel.chiu@...>;
Desimone, Nathaniel L <nathaniel.l.desimone@...>; Chaganty,
Rangasai V <rangasai.v.chaganty@...>; Kethi Reddy, Deepika
<deepika.kethi.reddy@...>; Esakkithevar, Kathappan
<kathappan.esakkithevar@...>
Subject: [PATCH 1/3] Platform/Intel/CometlakeOpenBoardPkg: add ibrary for
Fsp measurement.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2939

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@...>
Cc: Deepika Kethi Reddy <deepika.kethi.reddy@...>
Cc: Kathappan Esakkithevar <kathappan.esakkithevar@...>
---
.../Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc | 2
++
1 file changed, 2 insertions(+)

diff --git
a/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.d
sc
b/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.d
sc
index 2d9dcb139f..4ea797c550 100644
---
a/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.d
sc
+++
b/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.d
sc
@@ -173,6 +173,8 @@
!endif


SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCache
MtrrLibNull.inf


ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuH
obLib/ReportCpuHobLib.inf

+
FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/
BaseFspMeasurementLib.inf

+
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
gRecordLib.inf



#######################################

# Board Package

--
2.26.2.windows.1


Re: [PATCH] MdeModulePkg/Library: change TpmMeasurementLibNull to BASE library.

Qi Zhang
 

Yes. This fix is for build error of intel OpenBoardPkg in edk2-platform .

-----Original Message-----
From: gaoliming <gaoliming@...>
Sent: Friday, August 28, 2020 2:31 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>; Zhang, Qi1
<qi1.zhang@...>
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>
Subject: 回复: [edk2-devel] [PATCH] MdeModulePkg/Library: change
TpmMeasurementLibNull to BASE library.

Qi:
This is a bug fix. Do you request to catch it into this stable tag 202008?

Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+64729+4905953+8761045@groups.io
<bounce+27952+64729+4905953+8761045@groups.io> 代表 Yao, Jiewen
发送时间: 2020年8月28日 14:17
收件人: Zhang, Qi1 <qi1.zhang@...>; devel@edk2.groups.io
抄送: Wang, Jian J <jian.j.wang@...>; Wu, Hao A
<hao.a.wu@...>
主题: Re: [edk2-devel] [PATCH] MdeModulePkg/Library: change
TpmMeasurementLibNull to BASE library.

Reviewed-by: Jiewen Yao <Jiewen.yao@...>

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@...>
Sent: Friday, August 28, 2020 2:15 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@...>; Wang, Jian J
<jian.j.wang@...>;
Wu, Hao A <hao.a.wu@...>; Yao, Jiewen <jiewen.yao@...>
Subject: [PATCH] MdeModulePkg/Library: change TpmMeasurementLibNull
to
BASE library.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2940

TpmMeasurementLib includes DxeTpmMeasurementLib and
PeiTpmMeasurementLib.
So need to change TpmMeasurementLibNull to BASE library to avoid
build error in some platform.

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Jiewen Yao <jiewen.yao@...>
---
.../Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c | 4
+++-
.../Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf | 6
+++---
2 files changed, 6 insertions(+), 4 deletions(-)

diff --git
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.c
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.c
index b9c5b68de8..ee3be62fc6 100644
---
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.c
+++
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.c
@@ -1,11 +1,13 @@
/** @file

This library is used by other modules to measure data to TPM.



-Copyright (c) 2015, Intel Corporation. All rights reserved. <BR>

+Copyright (c) 2015-2020, Intel Corporation. All rights reserved.
+<BR>

SPDX-License-Identifier: BSD-2-Clause-Patent



**/



+#include <Uefi/UefiBaseType.h>

+

/**

Tpm measure and log data, and extend the measurement result into
a
specific
PCR.



diff --git
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.in
f
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.in
f
index 61abcfa2ec..1db2c0d6a7 100644
---
a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.in
f
+++
b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu
ll.in
f
@@ -1,7 +1,7 @@
## @file

# Provides NULL TPM measurement function.

#

-# Copyright (c) 2015 - 2018, Intel Corporation. All rights
reserved.<BR>

+# Copyright (c) 2015 - 2020, Intel Corporation. All rights
reserved.<BR>

# SPDX-License-Identifier: BSD-2-Clause-Patent

#

##

@@ -10,9 +10,9 @@
INF_VERSION = 0x00010005

BASE_NAME = TpmMeasurementLibNull

FILE_GUID =
6DFD6E9F-9278-48D8-8F45-B6CFF2C2B69C

- MODULE_TYPE = UEFI_DRIVER

+ MODULE_TYPE = BASE

VERSION_STRING = 1.0

- LIBRARY_CLASS =
TpmMeasurementLib|DXE_DRIVER
DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION
UEFI_DRIVER

+ LIBRARY_CLASS = TpmMeasurementLib

MODULE_UNI_FILE = TpmMeasurementLibNull.uni



#

--
2.26.2.windows.1


[PATCH 3/3] Platform/Intel/WhiskeylakeOpenBoardPkg: add ibrary for Fsp measurement.

Qi Zhang
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2939

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
---
.../Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc | 2 ++
.../WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardPkg.dsc | 2 ++
2 files changed, 4 insertions(+)

diff --git a/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.d=
sc b/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
index fb493973e2..ab02a2ef59 100644
--- a/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
+++ b/Platform/Intel/WhiskeylakeOpenBoardPkg/UpXtreme/OpenBoardPkg.dsc
@@ -173,6 +173,8 @@
!endif=0D
SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCacheMtrr=
LibNull.inf=0D
ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuHobLib=
/ReportCpuHobLib.inf=0D
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base=
FspMeasurementLib.inf=0D
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo=
gRecordLib.inf=0D
=0D
#######################################=0D
# Board Package=0D
diff --git a/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoa=
rdPkg.dsc b/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoar=
dPkg.dsc
index 9a1f107faf..0a87a3d4b2 100644
--- a/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardPkg.d=
sc
+++ b/Platform/Intel/WhiskeylakeOpenBoardPkg/WhiskeylakeURvp/OpenBoardPkg.d=
sc
@@ -173,6 +173,8 @@
!endif=0D
SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCacheMtrr=
LibNull.inf=0D
ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuHobLib=
/ReportCpuHobLib.inf=0D
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base=
FspMeasurementLib.inf=0D
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo=
gRecordLib.inf=0D
=0D
#######################################=0D
# Board Package=0D
--=20
2.26.2.windows.1


[PATCH 2/3] Platform/Intel/KabylakeOpenBoardPkg: add ibrary for Fsp measurement.

Qi Zhang
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2939

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Jeremy Soller <jeremy@...>
---
Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc | 2 ++
.../Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc | 2 ++
2 files changed, 4 insertions(+)

diff --git a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.ds=
c b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc
index 862e6a6655..34d645be7e 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc
+++ b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/OpenBoardPkg.dsc
@@ -172,6 +172,8 @@
!if $(TARGET) =3D=3D DEBUG=0D
TestPointCheckLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointCheckLib/Pei=
TestPointCheckLib.inf=0D
!endif=0D
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base=
FspMeasurementLib.inf=0D
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo=
gRecordLib.inf=0D
=0D
#######################################=0D
# Board Package=0D
diff --git a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.=
dsc b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc
index 0b30da8f96..fdfaaa0cda 100644
--- a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc
+++ b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/OpenBoardPkg.dsc
@@ -213,6 +213,8 @@
!endif=0D
SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCacheMtrr=
LibNull.inf=0D
ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuHobLib=
/ReportCpuHobLib.inf=0D
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base=
FspMeasurementLib.inf=0D
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo=
gRecordLib.inf=0D
=0D
#######################################=0D
# Board Package=0D
--=20
2.26.2.windows.1


[PATCH 1/3] Platform/Intel/CometlakeOpenBoardPkg: add ibrary for Fsp measurement.

Qi Zhang
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2939

Signed-off-by: Qi Zhang <qi1.zhang@...>
Cc: Chasel Chiu <chasel.chiu@...>
Cc: Nate DeSimone <nathaniel.l.desimone@...>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@...>
Cc: Deepika Kethi Reddy <deepika.kethi.reddy@...>
Cc: Kathappan Esakkithevar <kathappan.esakkithevar@...>
---
.../Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc | 2 ++
1 file changed, 2 insertions(+)

diff --git a/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPk=
g.dsc b/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc
index 2d9dcb139f..4ea797c550 100644
--- a/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc
+++ b/Platform/Intel/CometlakeOpenBoardPkg/CometlakeURvp/OpenBoardPkg.dsc
@@ -173,6 +173,8 @@
!endif=0D
SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCacheMtrr=
LibNull.inf=0D
ReportCpuHobLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/ReportCpuHobLib=
/ReportCpuHobLib.inf=0D
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base=
FspMeasurementLib.inf=0D
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo=
gRecordLib.inf=0D
=0D
#######################################=0D
# Board Package=0D
--=20
2.26.2.windows.1