Date   

Re: [PATCH v6 00/14] Add the VariablePolicy feature

Yao, Jiewen
 

Hi Bret/Liming

I checked my email and found that I have 9/14, 10/14, then 12/14, 13/14.

I don’t have 11/14 in my mailbox. That’s weird and embarrassing.

 

Could any of you forward 11/14 to me, so that I can review?

I apologize for the inconvenience.

 

Thank you

Yao Jiewen

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Wednesday, September 16, 2020 8:55 AM
To: devel@edk2.groups.io; bret.barkelew@...; Wang, Jian J <jian.j.wang@...>; bret@...; Bi, Dandan <dandan.bi@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; 'Laszlo Ersek' <lersek@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>; 'Andrew Fish' <afish@...>; Ni, Ray <ray.ni@...>
Subject: 回复: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Bret:

 Patch 06 is for EmulatorPkg. Ray, Andrew are also the reviewers for this package.

 

Patch 11 is for SecurityPkg. Jian and Jiewen are the reviewer for this package.

 

Thanks

Liming

发件人: bounce+27952+65284+4905953+8761045@groups.io <bounce+27952+65284+4905953+8761045@groups.io> 代表 Bret Barkelew via groups.io
发送时间: 2020916 4:51
收件人: Wang, Jian J <jian.j.wang@...>; devel@edk2.groups.io; bret@...; Bi, Dandan <dandan.bi@...>
抄送: Yao, Jiewen <jiewen.yao@...>; Wu, Hao A <hao.a.wu@...>; liming.gao <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
主题: Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Thanks for the update, Jian. Dandan has submitted RBs on another thread.

 

That leaves patches 06 and 11.

 

Next up, Jordan Justen. How’s it going, Jordan. We’ve never spoken directly (to my knowledge) and that’s a shame.

If you had to eat a single food for the rest of your life, what would it be and can I have a Reviewed-by?

Keep in mind that you probably don’t want it to be particularly strong flavors; it’s going to get disgusting eventually.

I’d probably go with some simple red beans and rice or something.

 

- Bret

 

From: Wang, Jian J
Sent: Sunday, September 13, 2020 11:42 PM
To: Bret Barkelew; devel@edk2.groups.io; bret@...; Bi, Dandan
Cc: Yao, Jiewen; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Hi Bret,

 

Sorry to hear the Seattle’s situation. I’ve been there for several times and love the city very much. Hope everything goes back normal soon.

 

And sorry for slow response. This patch series have been delegated to Dandan to review by Liming. She has completed security review from Intel perspective, and given back comments to you. It seems that you forgot to include her in the CC-list. Sorry I didn’t notice it and told her to do review in time. She’ll give comments ASAP.

 

Since MdeModulePkg is a huge package, I cannot do detail review for each patch for this package. And we have already modules reviewers designated . I think, usually, they should do the detailed review first. The package maintainer will do gate-keeper works as the last step. Correct me if any misunderstanding here.

 

Removed Chao from cc-list (his email is not valid) and added Dandan in loop.

 

Regards,

Jian

 

From: Bret Barkelew <Bret.Barkelew@...>
Sent: Friday, September 11, 2020 11:18 PM
To: devel@edk2.groups.io; bret@...; Wang, Jian J <jian.j.wang@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Zhang, Chao B <chao.b.zhang@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

11 Days to go. I will single out an email every day…

 

Jian, today is your day.

How’s it going? Life good? Yeah, I know. Things are crazy here, too. Seattle is covered in smoke.

You know what would brighten things up, though? A nice “reviewed by”.

 

- Bret

 

From: Bret Barkelew via groups.io
Sent: Tuesday, September 8, 2020 3:20 PM
To: devel@edk2.groups.io; bret@...
Cc: Yao, Jiewen; Zhang, Chao B; Wang, Jian J; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray; liming.gao
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Now that 2008 is labelled and everyone can take a breather… I still need reviews on the following patches (v7)…

Patch(es) 01, 02, 03,06,09,10,11,12,13,14

 

As such, the following email addresses may or may not be subscribed to CatFacts™ within the next 14 days if I get no responses:

Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Andrew Fish <afish@...>
Cc: Ray Ni <ray.ni@...>

Cc: Jiewen Yao <jiewen.yao@...>

Cc: Chao Zhang <chao.b.zhang@...>

 

May God have mercy on your inboxes.

 

- Bret

 

 

 


[PATCH 1/1] BaseTools: Move C tool flags before the common flags

gaoliming
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2938

C tool may add the additional INC include path. They should have
high priority than the common INC include path.
This fix is to resolve the structure PCD issue to refer to the same
header file defined in BaseTools and MdePkg. The one in MdePkg should
be used.

Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Bob Feng <bob.c.feng@intel.com>
Signed-off-by: Liming Gao <gaoliming@byosoft.com.cn>
---
BaseTools/Source/C/Makefiles/ms.common | 2 +-
BaseTools/Source/Python/Workspace/DscBuildData.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/BaseTools/Source/C/Makefiles/ms.common b/BaseTools/Source/C/Makefiles/ms.common
index f5f77fdc0bc5..b2dbcf376c04 100644
--- a/BaseTools/Source/C/Makefiles/ms.common
+++ b/BaseTools/Source/C/Makefiles/ms.common
@@ -55,7 +55,7 @@ AR = lib.exe
LD = link.exe
LINKER = $(LD)

-INC = -I . -I $(SOURCE_PATH)\Include -I $(ARCH_INCLUDE) -I $(SOURCE_PATH)\Common $(INC)
+INC = $(INC) -I . -I $(SOURCE_PATH)\Include -I $(ARCH_INCLUDE) -I $(SOURCE_PATH)\Common

CFLAGS = $(CFLAGS) /nologo /Zi /c /O2 /MT /W4 /WX /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE
CPPFLAGS = $(CPPFLAGS) /EHsc /nologo /Zi /c /O2 /MT /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE
diff --git a/BaseTools/Source/Python/Workspace/DscBuildData.py b/BaseTools/Source/Python/Workspace/DscBuildData.py
index 1afbd3eefc6c..eba65625337a 100644
--- a/BaseTools/Source/Python/Workspace/DscBuildData.py
+++ b/BaseTools/Source/Python/Workspace/DscBuildData.py
@@ -2639,7 +2639,7 @@ class DscBuildData(PlatformBuildClassObject):
else:
MakeApp = MakeApp + PcdGccMakefile
MakeApp = MakeApp + 'APPFILE = %s/%s\n' % (self.OutputPath, PcdValueInitName) + 'APPNAME = %s\n' % (PcdValueInitName) + 'OBJECTS = %s/%s.o %s.o\n' % (self.OutputPath, PcdValueInitName, os.path.join(self.OutputPath, PcdValueCommonName)) + \
- 'include $(MAKEROOT)/Makefiles/app.makefile\n' + 'INCLUDE +='
+ 'include $(MAKEROOT)/Makefiles/app.makefile\n' + 'TOOL_INCLUDE +='

IncSearchList = []
PlatformInc = OrderedDict()
--
2.27.0.windows.1


[PATCH 1/1] BaseTools: Copy PACKED definition from MdePkg Base.h

gaoliming
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2938

MdePkg Acpi10.h definition depends on PACKED.
When structure PCD refers to Acpi10.h, build will fail,
because PACKED definition is missing in BaseTools BaseTypes.h.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Liming Gao <gaoliming@byosoft.com.cn>
---
BaseTools/Source/C/Include/Common/BaseTypes.h | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/BaseTools/Source/C/Include/Common/BaseTypes.h b/BaseTools/Source/C/Include/Common/BaseTypes.h
index 31d0662085a8..150980b4c0bf 100644
--- a/BaseTools/Source/C/Include/Common/BaseTypes.h
+++ b/BaseTools/Source/C/Include/Common/BaseTypes.h
@@ -57,6 +57,16 @@
#define NULL ((VOID *) 0)
#endif

+#ifdef __CC_ARM
+ //
+ // Older RVCT ARM compilers don't fully support #pragma pack and require __packed
+ // as a prefix for the structure.
+ //
+ #define PACKED __packed
+#else
+ #define PACKED
+#endif
+
//
// Support for variable length argument lists using the ANSI standard.
//
--
2.27.0.windows.1


Re: [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

Matthew Carlson
 

Thanks Liming!

 

Is there an easy way to check if all the patches have reviewed-by from maintainers?

 

I can confirm that each patch (now that you’ve given a reviewed by for Patch 1 & 2) has a reviewed by and some have a few reviewed by or acked by.

 

From: gaoliming
Sent: Tuesday, September 15, 2020 5:57 PM
To: devel@edk2.groups.io; macarl@...; Matthew Carlson
Subject: 回复: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

 

Matthew:

 I just check this patch set. All 5 patches have got reviewed-by from the package maintainer or reviewer. Can you double confirm? If yes, I will help merge them.

 

Thanks

Liming

发件人: bounce+27952+65285+4905953+8761045@groups.io <bounce+27952+65285+4905953+8761045@groups.io> 代表 Matthew Carlson via groups.io
发送时间: 2020916 6:48
收件人: Matthew Carlson <matthewfcarlson@...>; devel@edk2.groups.io
主题: Re: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

 

Just pinging this thread to see what needs to get done next. Thank you Liming for the reviewed by on the MdeModulePkg changes.

--
- Matthew Carlson

 


TianoCore Bug Triage - APAC / NAMO - Tue, 09/15/2020 6:30pm-7:30pm #cal-reminder

devel@edk2.groups.io Calendar <devel@...>
 

Reminder: TianoCore Bug Triage - APAC / NAMO

When: Tuesday, 15 September 2020, 6:30pm to 7:30pm, (GMT-07:00) America/Los Angeles

Where:https://bluejeans.com/889357567?src=join_info

View Event

Organizer: Brian Richardson brian.richardson@...

Description:

https://www.tianocore.org/bug-triage

 

Meeting URL

https://bluejeans.com/889357567?src=join_info

 

Meeting ID

889 357 567

 

Want to dial in from a phone?

Dial one of the following numbers:

+1.408.740.7256 (US (San Jose))

+1.408.317.9253 (US (Primary, San Jose))

 

(see all numbers - https://www.bluejeans.com/numbers)

Enter the meeting ID and passcode followed by #


[PATCH v3 1/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

Zurcher, Christopher J
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

The EVP interface should be used in place of discrete digest function
calls.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Christopher J Zurcher <christopher.j.zurcher@intel.com>
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 129 ++++++++++
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257 ++++++++++++++++++++
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 ++++++++++
CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 ++++++++++
9 files changed, 647 insertions(+)

diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 4aae2aba95..3968f29412 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -50,6 +50,7 @@
Pk/CryptAuthenticode.c
Pk/CryptTs.c
Pem/CryptPem.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
index dc28e3a11d..d0b91716d0 100644
--- a/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
@@ -57,6 +57,7 @@
Pk/CryptTsNull.c
Pem/CryptPemNull.c
Rand/CryptRandNull.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
index 5005beed02..9f3accd35b 100644
--- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -56,6 +56,7 @@
Pk/CryptAuthenticodeNull.c
Pk/CryptTsNull.c
Pem/CryptPem.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
index 91ec3e03bf..420623cdc6 100644
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@@ -54,6 +54,7 @@
Pk/CryptAuthenticodeNull.c
Pk/CryptTsNull.c
Pem/CryptPem.c
+ Evp/CryptEvpMd.c

SysCall/CrtWrapper.c
SysCall/ConstantTimeClock.c
diff --git a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
index 689af4fedd..542ac2e2e1 100644
--- a/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+++ b/CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
@@ -50,6 +50,7 @@
Pk/CryptTsNull.c
Pem/CryptPemNull.c
Rand/CryptRandNull.c
+ Evp/CryptEvpMdNull.c

[Packages]
MdePkg/MdePkg.dec
diff --git a/CryptoPkg/Include/Library/BaseCryptLib.h b/CryptoPkg/Include/Library/BaseCryptLib.h
index ae9bde9e37..5e1b408b54 100644
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@@ -1012,6 +1012,135 @@ HmacSha256Final (
OUT UINT8 *HmacValue
);

+//=====================================================================================
+// EVP (Envelope) Primitive
+//=====================================================================================
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+ If DigestName is NULL, then return FALSE.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return Pointer to the EVP_MD_CTX context that has been allocated and initialized.
+ If DigestName is invalid, returns NULL.
+ If the allocations fails, returns NULL.
+ If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ );
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If NewEvpMdContext is NULL, then return FALSE.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval TRUE EVP_MD context copy succeeded.
+ @retval FALSE EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ );
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ This function performs EVP digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ EVP_MD context should be already correctly initialized by EvpMdInit(), and should not
+ be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE EVP data digest succeeded.
+ @retval FALSE EVP data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ This function completes EVP hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the EVP context cannot
+ be used again.
+ EVP context should be already correctly initialized by EvpMdInit(), and should
+ not be finalized by EvpMdFinal(). Behavior with invalid EVP context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If DigestValue is NULL, free the Context then return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest value.
+
+ @retval TRUE EVP digest computation succeeded.
+ @retval FALSE EVP digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ );
+
+/**
+ Computes the message digest of an input data buffer.
+
+ This function performs the message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If DigestName is NULL, return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+ If HashValue is NULL, return FALSE.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest value.
+
+ @retval TRUE Digest computation succeeded.
+ @retval FALSE Digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ );
+
//=====================================================================================
// Symmetric Cryptography Primitive
//=====================================================================================
diff --git a/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
new file mode 100644
index 0000000000..b2770a9186
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
@@ -0,0 +1,257 @@
+/** @file
+ EVP MD Wrapper Implementation for OpenSSL.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+#include <openssl/evp.h>
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+ If DigestName is NULL, then return FALSE.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return Pointer to the EVP_MD_CTX context that has been allocated and initialized.
+ If DigestName is invalid, returns NULL.
+ If the allocations fails, returns NULL.
+ If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ EVP_MD *Digest;
+ VOID *EvpMdContext;
+
+ //
+ // Check input parameters.
+ //
+ if (DigestName == NULL) {
+ return NULL;
+ }
+
+ //
+ // Allocate EVP_MD_CTX Context
+ //
+ EvpMdContext = EVP_MD_CTX_new ();
+ if (EvpMdContext == NULL) {
+ return NULL;
+ }
+
+ Digest = EVP_get_digestbyname (DigestName);
+ if (Digest == NULL) {
+ return NULL;
+ }
+
+ //
+ // Initialize Context
+ //
+ if (EVP_DigestInit_ex (EvpMdContext, Digest, NULL) != 1) {
+ EVP_MD_CTX_free (EvpMdContext);
+ return NULL;
+ }
+
+ return EvpMdContext;
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If NewEvpMdContext is NULL, then return FALSE.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval TRUE EVP_MD context copy succeeded.
+ @retval FALSE EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (EvpMdContext == NULL || NewEvpMdContext == NULL) {
+ return FALSE;
+ }
+
+ if (EVP_MD_CTX_copy (NewEvpMdContext, EvpMdContext) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ This function performs EVP digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ EVP_MD context should be already correctly initialized by EvpMdInit(), and should not
+ be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE EVP data digest succeeded.
+ @retval FALSE EVP data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ //
+ // Check input parameters.
+ //
+ if (EvpMdContext == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Check invalid parameters, in case only DataLength was checked in OpenSSL
+ //
+ if (Data == NULL && DataSize != 0) {
+ return FALSE;
+ }
+
+ //
+ // OpenSSL EVP digest update
+ //
+ if (EVP_DigestUpdate (EvpMdContext, Data, DataSize) != 1) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ This function completes EVP hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the EVP context cannot
+ be used again.
+ EVP context should be already correctly initialized by EvpMdInit(), and should
+ not be finalized by EvpMdFinal(). Behavior with invalid EVP context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If DigestValue is NULL, free the Context then return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest value.
+
+ @retval TRUE EVP digest computation succeeded.
+ @retval FALSE EVP digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ UINT32 Length;
+ BOOLEAN ReturnValue;
+
+ ReturnValue = TRUE;
+
+ //
+ // Check input parameters.
+ //
+ if (EvpMdContext == NULL) {
+ return FALSE;
+ }
+ if (DigestValue == NULL) {
+ EVP_MD_CTX_free (EvpMdContext);
+ return FALSE;
+ }
+
+ //
+ // OpenSSL EVP digest finalization
+ //
+ if (EVP_DigestFinal_ex (EvpMdContext, DigestValue, &Length) != 1) {
+ ReturnValue = FALSE;
+ }
+
+ //
+ // Free OpenSSL EVP_MD_CTX Context
+ //
+ EVP_MD_CTX_free (EvpMdContext);
+
+ return ReturnValue;
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ This function performs the message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If DigestName is NULL, return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+ If HashValue is NULL, return FALSE.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest value.
+
+ @retval TRUE Digest computation succeeded.
+ @retval FALSE Digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ BOOLEAN Result;
+ VOID *EvpMdContext;
+
+ EvpMdContext = EvpMdInit (DigestName);
+ if (EvpMdContext == NULL) {
+ return FALSE;
+ }
+
+ Result = EvpMdUpdate (EvpMdContext, Data, DataSize);
+ if (Result == FALSE) {
+ EvpMdFinal (EvpMdContext, NULL);
+ return FALSE;
+ }
+
+ Result = EvpMdFinal (EvpMdContext, HashValue);
+
+ return Result;
+}
diff --git a/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
new file mode 100644
index 0000000000..038f63801f
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
@@ -0,0 +1,128 @@
+/** @file
+ EVP MD Wrapper Null Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return NULL This interface is not supported.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
diff --git a/CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c b/CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c
new file mode 100644
index 0000000000..038f63801f
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c
@@ -0,0 +1,128 @@
+/** @file
+ EVP MD Wrapper Null Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalCryptLib.h"
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return NULL This interface is not supported.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ ASSERT (FALSE);
+ return NULL;
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ Return FALSE to indicate this interface is not supported.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest value.
+
+ @retval FALSE This interface is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ ASSERT (FALSE);
+ return FALSE;
+}
--
2.28.0.windows.1


[PATCH v3 3/3] SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP interface

Zurcher, Christopher J
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Christopher J Zurcher <christopher.j.zurcher@intel.com>
---
SecurityPkg/Hash2DxeCrypto/Driver.h | 1 -
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++------------------
2 files changed, 31 insertions(+), 315 deletions(-)

diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.h b/SecurityPkg/Hash2DxeCrypto/Driver.h
index 7b8996912a..ac811b3977 100644
--- a/SecurityPkg/Hash2DxeCrypto/Driver.h
+++ b/SecurityPkg/Hash2DxeCrypto/Driver.h
@@ -50,7 +50,6 @@ typedef struct {
LIST_ENTRY InstEntry;
EFI_HASH2_PROTOCOL Hash2Protocol;
VOID *HashContext;
- VOID *HashInfoContext;
BOOLEAN Updated;
} HASH2_INSTANCE_DATA;

diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
index d96bc136e2..f31bc79f04 100644
--- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
+++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
@@ -2,7 +2,7 @@
This module implements Hash2 Protocol.

(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -18,241 +18,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

#include "Driver.h"

-/**
- Retrieves the size, in bytes, of the context buffer required for hash operations.
-
- If this interface is not supported, then return zero.
-
- @return The size, in bytes, of the context buffer required for hash operations.
- @retval 0 This interface is not supported.
-
-**/
-typedef
-UINTN
-(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) (
- VOID
- );
-
-/**
- Initializes user-supplied memory pointed by Sha1Context as hash context for
- subsequent use.
-
- If HashContext is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[out] HashContext Pointer to Hashcontext being initialized.
-
- @retval TRUE Hash context initialization succeeded.
- @retval FALSE Hash context initialization failed.
- @retval FALSE This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_INIT) (
- OUT VOID *HashContext
- );
-
-/**
- Digests the input data and updates Hash context.
-
- This function performs Hash digest on a data buffer of the specified size.
- It can be called multiple times to compute the digest of long or discontinuous data streams.
- Hash context should be already correctly initialized by HashInit(), and should not be finalized
- by HashFinal(). Behavior with invalid context is undefined.
-
- If HashContext is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HashContext Pointer to the Hash context.
- @param[in] Data Pointer to the buffer containing the data to be hashed.
- @param[in] DataSize Size of Data buffer in bytes.
-
- @retval TRUE SHA-1 data digest succeeded.
- @retval FALSE SHA-1 data digest failed.
- @retval FALSE This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_UPDATE) (
- IN OUT VOID *HashContext,
- IN CONST VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Completes computation of the Hash digest value.
-
- This function completes hash computation and retrieves the digest value into
- the specified memory. After this function has been called, the Hash context cannot
- be used again.
- Hash context should be already correctly initialized by HashInit(), and should not be
- finalized by HashFinal(). Behavior with invalid Hash context is undefined.
-
- If HashContext is NULL, then return FALSE.
- If HashValue is NULL, then return FALSE.
- If this interface is not supported, then return FALSE.
-
- @param[in, out] HashContext Pointer to the Hash context.
- @param[out] HashValue Pointer to a buffer that receives the Hash digest
- value.
-
- @retval TRUE Hash digest computation succeeded.
- @retval FALSE Hash digest computation failed.
- @retval FALSE This interface is not supported.
-
-**/
-typedef
-BOOLEAN
-(EFIAPI *EFI_HASH_FINAL) (
- IN OUT VOID *HashContext,
- OUT UINT8 *HashValue
- );
-
typedef struct {
- EFI_GUID *Guid;
- UINT32 HashSize;
- EFI_HASH_GET_CONTEXT_SIZE GetContextSize;
- EFI_HASH_INIT Init;
- EFI_HASH_UPDATE Update;
- EFI_HASH_FINAL Final;
+ EFI_GUID *Guid;
+ UINT32 HashSize;
+ CONST CHAR8 *DigestName;
} EFI_HASH_INFO;

EFI_HASH_INFO mHashInfo[] = {
- {&gEfiHashAlgorithmMD5Guid, sizeof(EFI_MD5_HASH2), Md5GetContextSize, Md5Init, Md5Update, Md5Final },
- {&gEfiHashAlgorithmSha1Guid, sizeof(EFI_SHA1_HASH2), Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
- {&gEfiHashAlgorithmSha256Guid, sizeof(EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
- {&gEfiHashAlgorithmSha384Guid, sizeof(EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
- {&gEfiHashAlgorithmSha512Guid, sizeof(EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final },
-};
-
-/**
- Returns the size of the hash which results from a specific algorithm.
-
- @param[in] This Points to this instance of EFI_HASH2_PROTOCOL.
- @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.
- @param[out] HashSize Holds the returned size of the algorithm's hash.
-
- @retval EFI_SUCCESS Hash size returned successfully.
- @retval EFI_INVALID_PARAMETER This or HashSize is NULL.
- @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver
- or HashAlgorithm is null.
-
-**/
-EFI_STATUS
-EFIAPI
-BaseCrypto2GetHashSize (
- IN CONST EFI_HASH2_PROTOCOL *This,
- IN CONST EFI_GUID *HashAlgorithm,
- OUT UINTN *HashSize
- );
-
-/**
- Creates a hash for the specified message text. The hash is not extendable.
- The output is final with any algorithm-required padding added by the function.
-
- @param[in] This Points to this instance of EFI_HASH2_PROTOCOL.
- @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.
- @param[in] Message Points to the start of the message.
- @param[in] MessageSize The size of Message, in bytes.
- @param[in,out] Hash On input, points to a caller-allocated buffer of the size
- returned by GetHashSize() for the specified HashAlgorithm.
- On output, the buffer holds the resulting hash computed from the message.
-
- @retval EFI_SUCCESS Hash returned successfully.
- @retval EFI_INVALID_PARAMETER This or Hash is NULL.
- @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver
- or HashAlgorithm is Null.
- @retval EFI_OUT_OF_RESOURCES Some resource required by the function is not available
- or MessageSize is greater than platform maximum.
-
-**/
-EFI_STATUS
-EFIAPI
-BaseCrypto2Hash (
- IN CONST EFI_HASH2_PROTOCOL *This,
- IN CONST EFI_GUID *HashAlgorithm,
- IN CONST UINT8 *Message,
- IN UINTN MessageSize,
- IN OUT EFI_HASH2_OUTPUT *Hash
- );
-
-/**
- This function must be called to initialize a digest calculation to be subsequently performed using the
- EFI_HASH2_PROTOCOL functions HashUpdate() and HashFinal().
-
- @param[in] This Points to this instance of EFI_HASH2_PROTOCOL.
- @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use.
-
- @retval EFI_SUCCESS Initialized successfully.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver
- or HashAlgorithm is Null.
- @retval EFI_OUT_OF_RESOURCES Process failed due to lack of required resource.
- @retval EFI_ALREADY_STARTED This function is called when the operation in progress is still in processing Hash(),
- or HashInit() is already called before and not terminated by HashFinal() yet on the same instance.
-
-**/
-EFI_STATUS
-EFIAPI
-BaseCrypto2HashInit (
- IN CONST EFI_HASH2_PROTOCOL *This,
- IN CONST EFI_GUID *HashAlgorithm
- );
-
-/**
- Updates the hash of a computation in progress by adding a message text.
-
- @param[in] This Points to this instance of EFI_HASH2_PROTOCOL.
- @param[in] Message Points to the start of the message.
- @param[in] MessageSize The size of Message, in bytes.
-
- @retval EFI_SUCCESS Digest in progress updated successfully.
- @retval EFI_INVALID_PARAMETER This or Hash is NULL.
- @retval EFI_OUT_OF_RESOURCES Some resource required by the function is not available
- or MessageSize is greater than platform maximum.
- @retval EFI_NOT_READY This call was not preceded by a valid call to HashInit(),
- or the operation in progress was terminated by a call to Hash() or HashFinal() on the same instance.
-
-**/
-EFI_STATUS
-EFIAPI
-BaseCrypto2HashUpdate (
- IN CONST EFI_HASH2_PROTOCOL *This,
- IN CONST UINT8 *Message,
- IN UINTN MessageSize
- );
-
-/**
- Finalizes a hash operation in progress and returns calculation result.
- The output is final with any necessary padding added by the function.
- The hash may not be further updated or extended after HashFinal().
-
- @param[in] This Points to this instance of EFI_HASH2_PROTOCOL.
- @param[in,out] Hash On input, points to a caller-allocated buffer of the size
- returned by GetHashSize() for the specified HashAlgorithm specified in preceding HashInit().
- On output, the buffer holds the resulting hash computed from the message.
-
- @retval EFI_SUCCESS Hash returned successfully.
- @retval EFI_INVALID_PARAMETER This or Hash is NULL.
- @retval EFI_NOT_READY This call was not preceded by a valid call to HashInit() and at least one call to HashUpdate(),
- or the operation in progress was canceled by a call to Hash() on the same instance.
-
-**/
-EFI_STATUS
-EFIAPI
-BaseCrypto2HashFinal (
- IN CONST EFI_HASH2_PROTOCOL *This,
- IN OUT EFI_HASH2_OUTPUT *Hash
- );
-
-EFI_HASH2_PROTOCOL mHash2Protocol = {
- BaseCrypto2GetHashSize,
- BaseCrypto2Hash,
- BaseCrypto2HashInit,
- BaseCrypto2HashUpdate,
- BaseCrypto2HashFinal,
+ {&gEfiHashAlgorithmMD5Guid, sizeof(EFI_MD5_HASH2), "MD5"},
+ {&gEfiHashAlgorithmSha1Guid, sizeof(EFI_SHA1_HASH2), "SHA1"},
+ {&gEfiHashAlgorithmSha256Guid, sizeof(EFI_SHA256_HASH2), "SHA256"},
+ {&gEfiHashAlgorithmSha384Guid, sizeof(EFI_SHA384_HASH2), "SHA384"},
+ {&gEfiHashAlgorithmSha512Guid, sizeof(EFI_SHA512_HASH2), "SHA512"},
};

/**
@@ -347,12 +124,7 @@ BaseCrypto2Hash (
IN OUT EFI_HASH2_OUTPUT *Hash
)
{
- EFI_HASH_INFO *HashInfo;
- VOID *HashCtx;
- UINTN CtxSize;
- BOOLEAN Ret;
EFI_STATUS Status;
- HASH2_INSTANCE_DATA *Instance;

Status = EFI_SUCCESS;

@@ -364,60 +136,18 @@ BaseCrypto2Hash (
return EFI_UNSUPPORTED;
}

- HashInfo = GetHashInfo (HashAlgorithm);
- if (HashInfo == NULL) {
- return EFI_UNSUPPORTED;
- }
-
- Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
- if (Instance->HashContext != NULL) {
- FreePool (Instance->HashContext);
- }
- Instance->HashInfoContext = NULL;
- Instance->HashContext = NULL;
-
- //
- // Start hash sequence
- //
- CtxSize = HashInfo->GetContextSize ();
- if (CtxSize == 0) {
- return EFI_UNSUPPORTED;
- }
- HashCtx = AllocatePool (CtxSize);
- if (HashCtx == NULL) {
- return EFI_OUT_OF_RESOURCES;
+ Status = This->HashInit (This, HashAlgorithm);
+ if (EFI_ERROR (Status)) {
+ return Status;
}

- Ret = HashInfo->Init (HashCtx);
- if (!Ret) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Done;
+ Status = This->HashUpdate (This, Message, MessageSize);
+ if (EFI_ERROR (Status)) {
+ return Status;
}

- //
- // Setup the context
- //
- Instance->HashContext = HashCtx;
- Instance->HashInfoContext = HashInfo;
-
- Ret = HashInfo->Update (HashCtx, Message, MessageSize);
- if (!Ret) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Done;
- }
+ Status = This->HashFinal (This, Hash);

- Ret = HashInfo->Final (HashCtx, (UINT8 *)Hash->Sha1Hash);
- if (!Ret) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Done;
- }
-Done:
- //
- // Cleanup the context
- //
- FreePool (HashCtx);
- Instance->HashInfoContext = NULL;
- Instance->HashContext = NULL;
return Status;
}

@@ -446,8 +176,6 @@ BaseCrypto2HashInit (
{
EFI_HASH_INFO *HashInfo;
VOID *HashCtx;
- UINTN CtxSize;
- BOOLEAN Ret;
HASH2_INSTANCE_DATA *Instance;

if (This == NULL) {
@@ -466,34 +194,23 @@ BaseCrypto2HashInit (
//
// Consistency Check
//
- Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
- if ((Instance->HashContext != NULL) || (Instance->HashInfoContext != NULL)) {
+ Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
+ if (Instance->HashContext != NULL) {
return EFI_ALREADY_STARTED;
}

//
// Start hash sequence
//
- CtxSize = HashInfo->GetContextSize ();
- if (CtxSize == 0) {
- return EFI_UNSUPPORTED;
- }
- HashCtx = AllocatePool (CtxSize);
+ HashCtx = EvpMdInit (HashInfo->DigestName);
if (HashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
}

- Ret = HashInfo->Init (HashCtx);
- if (!Ret) {
- FreePool (HashCtx);
- return EFI_OUT_OF_RESOURCES;
- }
-
//
// Setup the context
//
Instance->HashContext = HashCtx;
- Instance->HashInfoContext = HashInfo;
Instance->Updated = FALSE;

return EFI_SUCCESS;
@@ -522,7 +239,6 @@ BaseCrypto2HashUpdate (
IN UINTN MessageSize
)
{
- EFI_HASH_INFO *HashInfo;
VOID *HashCtx;
BOOLEAN Ret;
HASH2_INSTANCE_DATA *Instance;
@@ -535,13 +251,12 @@ BaseCrypto2HashUpdate (
// Consistency Check
//
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
- if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) {
+ if (Instance->HashContext == NULL) {
return EFI_NOT_READY;
}
- HashInfo = Instance->HashInfoContext;
HashCtx = Instance->HashContext;

- Ret = HashInfo->Update (HashCtx, Message, MessageSize);
+ Ret = EvpMdUpdate (HashCtx, Message, MessageSize);
if (!Ret) {
return EFI_OUT_OF_RESOURCES;
}
@@ -574,8 +289,6 @@ BaseCrypto2HashFinal (
IN OUT EFI_HASH2_OUTPUT *Hash
)
{
- EFI_HASH_INFO *HashInfo;
- VOID *HashCtx;
BOOLEAN Ret;
HASH2_INSTANCE_DATA *Instance;

@@ -587,20 +300,16 @@ BaseCrypto2HashFinal (
// Consistency Check
//
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
- if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) ||
+ if ((Instance->HashContext == NULL) ||
(!Instance->Updated)) {
return EFI_NOT_READY;
}
- HashInfo = Instance->HashInfoContext;
- HashCtx = Instance->HashContext;

- Ret = HashInfo->Final (HashCtx, (UINT8 *)Hash->Sha1Hash);
+ Ret = EvpMdFinal (Instance->HashContext, (UINT8 *)Hash->Sha1Hash);

//
// Cleanup the context
//
- FreePool (HashCtx);
- Instance->HashInfoContext = NULL;
Instance->HashContext = NULL;
Instance->Updated = FALSE;

@@ -610,3 +319,11 @@ BaseCrypto2HashFinal (

return EFI_SUCCESS;
}
+
+EFI_HASH2_PROTOCOL mHash2Protocol = {
+ BaseCrypto2GetHashSize,
+ BaseCrypto2Hash,
+ BaseCrypto2HashInit,
+ BaseCrypto2HashUpdate,
+ BaseCrypto2HashFinal,
+};
--
2.28.0.windows.1


[PATCH v3 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

Zurcher, Christopher J
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

V3 changes:
Added list of valid Digest Names to EvpMdInit() header
Added missing copy of CryptEvpMdNull.c in BaseCryptLibNull folder

V2 changes:
Added NullLib implementation
Added Crypto Service implementation
Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions
Removed unnecessary casts
Added "HashAll" utility function
Merged "New" and "Init" functions as well as "Final" and "Free" functions
Retained "Init/Update/Final" naming instead of "New/Update/Free" as this
conforms with common usage

Low-level interfaces to message digest (hash) functions have been deprecated
in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
be replaced by EVP inteface calls.

References:
https://www.openssl.org/docs/manmaster/man7/evp.html
https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>

Christopher J Zurcher (3):
CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
CryptoPkg: Add EVP to Crypto Service driver interface
SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP
interface

CryptoPkg/CryptoPkg.dsc | 3 +
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 129 ++++++++
CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 +
CryptoPkg/Private/Protocol/Crypto.h | 131 ++++++++
SecurityPkg/Hash2DxeCrypto/Driver.h | 1 -
CryptoPkg/Driver/Crypto.c | 152 ++++++++-
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257 +++++++++++++++
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 ++++++++
CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 ++++++++
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 144 ++++++++
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++------------------
16 files changed, 1117 insertions(+), 316 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
create mode 100644 CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c

--
2.28.0.windows.1


[PATCH v3 2/3] CryptoPkg: Add EVP to Crypto Service driver interface

Zurcher, Christopher J
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Christopher J Zurcher <christopher.j.zurcher@intel.com>
---
CryptoPkg/CryptoPkg.dsc | 3 +
CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 ++
CryptoPkg/Private/Protocol/Crypto.h | 131 +++++++++++++++++
CryptoPkg/Driver/Crypto.c | 152 +++++++++++++++++++-
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 144 +++++++++++++++++++
5 files changed, 439 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index 1af78468a1..af3fceb99f 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -159,6 +159,7 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Tls.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsSet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.TlsGet.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif

!if $(CRYPTO_SERVICES) == MIN_PEI
@@ -173,6 +174,7 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.Free | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Rsa.Services.SetKey | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Pkcs.Services.Pkcs5HashPassword | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif

!if $(CRYPTO_SERVICES) == MIN_DXE_MIN_SMM
@@ -203,6 +205,7 @@
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.Init | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcEncrypt | TRUE
gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.Aes.Services.CbcDecrypt | TRUE
+ gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable.EvpMd.Family | PCD_CRYPTO_SERVICE_ENABLE_FAMILY
!endif

###################################################################################################
diff --git a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
index 44fb0262f4..b79c98d679 100644
--- a/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
+++ b/CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h
@@ -288,6 +288,16 @@ typedef struct {
} Services;
UINT32 Family;
} TlsGet;
+ union {
+ struct {
+ UINT8 Init:1;
+ UINT8 Duplicate:1;
+ UINT8 Update:1;
+ UINT8 Final:1;
+ UINT8 HashAll:1;
+ } Services;
+ UINT32 Family;
+ } EvpMd;
} PCD_CRYPTO_SERVICE_FAMILY_ENABLE;

#endif
diff --git a/CryptoPkg/Private/Protocol/Crypto.h b/CryptoPkg/Private/Protocol/Crypto.h
index c399e0d67a..a3dffc0ce0 100644
--- a/CryptoPkg/Private/Protocol/Crypto.h
+++ b/CryptoPkg/Private/Protocol/Crypto.h
@@ -3434,6 +3434,131 @@ EFI_STATUS
IN OUT UINTN *DataSize
);

+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+ If DigestName is NULL, then return FALSE.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return Pointer to the EVP_MD_CTX context that has been allocated and initialized.
+ If DigestName is invalid, returns NULL.
+ If the allocations fails, returns NULL.
+ If initialization fails, returns NULL.
+
+**/
+typedef
+VOID *
+(EFIAPI* EDKII_CRYPTO_EVPMD_INIT)(
+ IN CONST CHAR8 *DigestName
+ );
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If NewEvpMdContext is NULL, then return FALSE.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval TRUE EVP_MD context copy succeeded.
+ @retval FALSE EVP_MD context copy failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI* EDKII_CRYPTO_EVPMD_DUPLICATE)(
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ );
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ This function performs EVP digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ EVP_MD context should be already correctly initialized by EvpMdInit(), and should not
+ be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE EVP data digest succeeded.
+ @retval FALSE EVP data digest failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI* EDKII_CRYPTO_EVPMD_UPDATE)(
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ This function completes EVP hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the EVP context cannot
+ be used again.
+ EVP context should be already correctly initialized by EvpMdInit(), and should
+ not be finalized by EvpMdFinal(). Behavior with invalid EVP context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If DigestValue is NULL, free the Context then return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest value.
+
+ @retval TRUE EVP digest computation succeeded.
+ @retval FALSE EVP digest computation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI* EDKII_CRYPTO_EVPMD_FINAL)(
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ );
+
+/**
+ Computes the message digest of an input data buffer.
+
+ This function performs the message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If DigestName is NULL, return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+ If HashValue is NULL, return FALSE.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest value.
+
+ @retval TRUE Digest computation succeeded.
+ @retval FALSE Digest computation failed.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI* EDKII_CRYPTO_EVPMD_HASH_ALL)(
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ );
+

///
/// EDK II Crypto Protocol
@@ -3619,6 +3744,12 @@ struct _EDKII_CRYPTO_PROTOCOL {
EDKII_CRYPTO_TLS_GET_HOST_PUBLIC_CERT TlsGetHostPublicCert;
EDKII_CRYPTO_TLS_GET_HOST_PRIVATE_KEY TlsGetHostPrivateKey;
EDKII_CRYPTO_TLS_GET_CERT_REVOCATION_LIST TlsGetCertRevocationList;
+ /// Digest Envelope (EVP MD)
+ EDKII_CRYPTO_EVPMD_INIT EvpMdInit;
+ EDKII_CRYPTO_EVPMD_DUPLICATE EvpMdDuplicate;
+ EDKII_CRYPTO_EVPMD_UPDATE EvpMdUpdate;
+ EDKII_CRYPTO_EVPMD_FINAL EvpMdFinal;
+ EDKII_CRYPTO_EVPMD_HASH_ALL EvpMdHashAll;
};

extern GUID gEdkiiCryptoProtocolGuid;
diff --git a/CryptoPkg/Driver/Crypto.c b/CryptoPkg/Driver/Crypto.c
index d9096ea603..c50ac4a6da 100644
--- a/CryptoPkg/Driver/Crypto.c
+++ b/CryptoPkg/Driver/Crypto.c
@@ -4463,6 +4463,150 @@ CryptoServiceTlsGetCertRevocationList (
return CALL_BASECRYPTLIB (TlsGet.Services.CertRevocationList, TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}

+//=====================================================================================
+// EVP (Envelope) Primitive
+//=====================================================================================
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+ If DigestName is NULL, then return FALSE.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return Pointer to the EVP_MD_CTX context that has been allocated and initialized.
+ If DigestName is invalid, returns NULL.
+ If the allocations fails, returns NULL.
+ If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+CryptoServiceEvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ return CALL_BASECRYPTLIB (EvpMd.Services.Init, EvpMdInit, (DigestName), NULL);
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If NewEvpMdContext is NULL, then return FALSE.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval TRUE EVP_MD context copy succeeded.
+ @retval FALSE EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceEvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ return CALL_BASECRYPTLIB (EvpMd.Services.Duplicate, EvpMdDuplicate, (EvpMdContext, NewEvpMdContext), FALSE);
+}
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ This function performs EVP digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ EVP_MD context should be already correctly initialized by EvpMdInit(), and should not
+ be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE EVP data digest succeeded.
+ @retval FALSE EVP data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceEvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return CALL_BASECRYPTLIB (EvpMd.Services.Update, EvpMdUpdate, (EvpMdContext, Data, DataSize), FALSE);
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ This function completes EVP hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the EVP context cannot
+ be used again.
+ EVP context should be already correctly initialized by EvpMdInit(), and should
+ not be finalized by EvpMdFinal(). Behavior with invalid EVP context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If DigestValue is NULL, free the Context then return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest value.
+
+ @retval TRUE EVP digest computation succeeded.
+ @retval FALSE EVP digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceEvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ return CALL_BASECRYPTLIB (EvpMd.Services.Final, EvpMdFinal, (EvpMdContext, DigestValue), FALSE);
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ This function performs the message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If DigestName is NULL, return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+ If HashValue is NULL, return FALSE.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest value.
+
+ @retval TRUE Digest computation succeeded.
+ @retval FALSE Digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+CryptoServiceEvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ return CALL_BASECRYPTLIB (EvpMd.Services.HashAll, EvpMdHashAll, (DigestName, Data, DataSize, HashValue), FALSE);
+}
+
const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
/// Version
CryptoServiceGetCryptoVersion,
@@ -4663,5 +4807,11 @@ const EDKII_CRYPTO_PROTOCOL mEdkiiCrypto = {
CryptoServiceTlsGetCaCertificate,
CryptoServiceTlsGetHostPublicCert,
CryptoServiceTlsGetHostPrivateKey,
- CryptoServiceTlsGetCertRevocationList
+ CryptoServiceTlsGetCertRevocationList,
+ /// Digest Envelope (EVP MD)
+ CryptoServiceEvpMdInit,
+ CryptoServiceEvpMdDuplicate,
+ CryptoServiceEvpMdUpdate,
+ CryptoServiceEvpMdFinal,
+ CryptoServiceEvpMdHashAll
};
diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
index 3f14c6d262..0a68d0682e 100644
--- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
+++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
@@ -3499,3 +3499,147 @@ TlsGetCertRevocationList (
{
CALL_CRYPTO_SERVICE (TlsGetCertRevocationList, (Data, DataSize), EFI_UNSUPPORTED);
}
+
+//=====================================================================================
+// EVP (Envelope) Primitive
+//=====================================================================================
+
+/**
+ Allocates and initializes one EVP_MD_CTX context for subsequent EVP_MD use.
+
+ If DigestName is NULL, then return FALSE.
+
+ @param[in] DigestName Pointer to the digest name as a NULL-terminated ASCII string.
+ Valid digest names are:
+ MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ SHA3-224, SHA3-256, SHA3-384, SHA3-512
+ SM3
+
+ @return Pointer to the EVP_MD_CTX context that has been allocated and initialized.
+ If DigestName is invalid, returns NULL.
+ If the allocations fails, returns NULL.
+ If initialization fails, returns NULL.
+
+**/
+VOID *
+EFIAPI
+EvpMdInit (
+ IN CONST CHAR8 *DigestName
+ )
+{
+ CALL_CRYPTO_SERVICE (EvpMdInit, (DigestName), NULL);
+}
+
+/**
+ Makes a copy of an existing EVP_MD context.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If NewEvpMdContext is NULL, then return FALSE.
+
+ @param[in] EvpMdContext Pointer to EVP_MD context being copied.
+ @param[out] NewEvpMdContext Pointer to new EVP_MD context.
+
+ @retval TRUE EVP_MD context copy succeeded.
+ @retval FALSE EVP_MD context copy failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdDuplicate (
+ IN CONST VOID *EvpMdContext,
+ OUT VOID *NewEvpMdContext
+ )
+{
+ CALL_CRYPTO_SERVICE (EvpMdDuplicate, (EvpMdContext, NewEvpMdContext), FALSE);
+}
+
+/**
+ Digests the input data and updates EVP_MD context.
+
+ This function performs EVP digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or discontinuous data streams.
+ EVP_MD context should be already correctly initialized by EvpMdInit(), and should not
+ be finalized by EvpMdFinal(). Behavior with invalid context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP_MD context.
+ @param[in] Data Pointer to the buffer containing the data to be digested.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE EVP data digest succeeded.
+ @retval FALSE EVP data digest failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdUpdate (
+ IN OUT VOID *EvpMdContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ CALL_CRYPTO_SERVICE (EvpMdUpdate, (EvpMdContext, Data, DataSize), FALSE);
+}
+
+/**
+ Completes computation of the EVP digest value.
+ Releases the specified EVP_MD_CTX context.
+
+ This function completes EVP hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the EVP context cannot
+ be used again.
+ EVP context should be already correctly initialized by EvpMdInit(), and should
+ not be finalized by EvpMdFinal(). Behavior with invalid EVP context is undefined.
+
+ If EvpMdContext is NULL, then return FALSE.
+ If DigestValue is NULL, free the Context then return FALSE.
+
+ @param[in, out] EvpMdContext Pointer to the EVP context.
+ @param[out] Digest Pointer to a buffer that receives the EVP digest value.
+
+ @retval TRUE EVP digest computation succeeded.
+ @retval FALSE EVP digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdFinal (
+ IN OUT VOID *EvpMdContext,
+ OUT UINT8 *DigestValue
+ )
+{
+ CALL_CRYPTO_SERVICE (EvpMdFinal, (EvpMdContext, DigestValue), FALSE);
+}
+
+/**
+ Computes the message digest of an input data buffer.
+
+ This function performs the message digest of a given data buffer, and places
+ the digest value into the specified memory.
+
+ If DigestName is NULL, return FALSE.
+ If Data is NULL and DataSize is not zero, return FALSE.
+ If HashValue is NULL, return FALSE.
+
+ @param[in] DigestName Pointer to the digest name.
+ @param[in] Data Pointer to the buffer containing the data to be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+ @param[out] HashValue Pointer to a buffer that receives the digest value.
+
+ @retval TRUE Digest computation succeeded.
+ @retval FALSE Digest computation failed.
+
+**/
+BOOLEAN
+EFIAPI
+EvpMdHashAll (
+ IN CONST CHAR8 *DigestName,
+ IN CONST VOID *Data,
+ IN UINTN DataSize,
+ OUT UINT8 *HashValue
+ )
+{
+ CALL_CRYPTO_SERVICE (EvpMdHashAll, (DigestName, Data, DataSize, HashValue), FALSE);
+}
--
2.28.0.windows.1


回复: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

gaoliming
 

Matthew:

 I just check this patch set. All 5 patches have got reviewed-by from the package maintainer or reviewer. Can you double confirm? If yes, I will help merge them.

 

Thanks

Liming

发件人: bounce+27952+65285+4905953+8761045@groups.io <bounce+27952+65285+4905953+8761045@groups.io> 代表 Matthew Carlson via groups.io
发送时间: 2020916 6:48
收件人: Matthew Carlson <matthewfcarlson@...>; devel@edk2.groups.io
主题: Re: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

 

Just pinging this thread to see what needs to get done next. Thank you Liming for the reviewed by on the MdeModulePkg changes.

--
- Matthew Carlson


回复: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

gaoliming
 

Bret:

 Patch 06 is for EmulatorPkg. Ray, Andrew are also the reviewers for this package.

 

Patch 11 is for SecurityPkg. Jian and Jiewen are the reviewer for this package.

 

Thanks

Liming

发件人: bounce+27952+65284+4905953+8761045@groups.io <bounce+27952+65284+4905953+8761045@groups.io> 代表 Bret Barkelew via groups.io
发送时间: 2020916 4:51
收件人: Wang, Jian J <jian.j.wang@...>; devel@edk2.groups.io; bret@...; Bi, Dandan <dandan.bi@...>
抄送: Yao, Jiewen <jiewen.yao@...>; Wu, Hao A <hao.a.wu@...>; liming.gao <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
主题: Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Thanks for the update, Jian. Dandan has submitted RBs on another thread.

 

That leaves patches 06 and 11.

 

Next up, Jordan Justen. How’s it going, Jordan. We’ve never spoken directly (to my knowledge) and that’s a shame.

If you had to eat a single food for the rest of your life, what would it be and can I have a Reviewed-by?

Keep in mind that you probably don’t want it to be particularly strong flavors; it’s going to get disgusting eventually.

I’d probably go with some simple red beans and rice or something.

 

- Bret

 

From: Wang, Jian J
Sent: Sunday, September 13, 2020 11:42 PM
To: Bret Barkelew; devel@edk2.groups.io; bret@...; Bi, Dandan
Cc: Yao, Jiewen; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Hi Bret,

 

Sorry to hear the Seattle’s situation. I’ve been there for several times and love the city very much. Hope everything goes back normal soon.

 

And sorry for slow response. This patch series have been delegated to Dandan to review by Liming. She has completed security review from Intel perspective, and given back comments to you. It seems that you forgot to include her in the CC-list. Sorry I didn’t notice it and told her to do review in time. She’ll give comments ASAP.

 

Since MdeModulePkg is a huge package, I cannot do detail review for each patch for this package. And we have already modules reviewers designated . I think, usually, they should do the detailed review first. The package maintainer will do gate-keeper works as the last step. Correct me if any misunderstanding here.

 

Removed Chao from cc-list (his email is not valid) and added Dandan in loop.

 

Regards,

Jian

 

From: Bret Barkelew <Bret.Barkelew@...>
Sent: Friday, September 11, 2020 11:18 PM
To: devel@edk2.groups.io; bret@...; Wang, Jian J <jian.j.wang@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Zhang, Chao B <chao.b.zhang@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

11 Days to go. I will single out an email every day…

 

Jian, today is your day.

How’s it going? Life good? Yeah, I know. Things are crazy here, too. Seattle is covered in smoke.

You know what would brighten things up, though? A nice “reviewed by”.

 

- Bret

 

From: Bret Barkelew via groups.io
Sent: Tuesday, September 8, 2020 3:20 PM
To: devel@edk2.groups.io; bret@...
Cc: Yao, Jiewen; Zhang, Chao B; Wang, Jian J; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray; liming.gao
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Now that 2008 is labelled and everyone can take a breather… I still need reviews on the following patches (v7)…

Patch(es) 01, 02, 03,06,09,10,11,12,13,14

 

As such, the following email addresses may or may not be subscribed to CatFacts™ within the next 14 days if I get no responses:

Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Andrew Fish <afish@...>
Cc: Ray Ni <ray.ni@...>

Cc: Jiewen Yao <jiewen.yao@...>

Cc: Chao Zhang <chao.b.zhang@...>

 

May God have mercy on your inboxes.

 

- Bret

 

 

 


[PATCH v2 1/1] BaseTools: update IASL extdep to more modern version

Matthew Carlson
 

From: Matthew Carlson <macarl@microsoft.com>

The IASL extdep is used for CI only and a recent fork of the ACPICA
repo was made to make nuget builds more regular and easier to audit.
https://dev.azure.com/projectmu/_git/acpica

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

Signed-off-by: Matthew Carlson <matthewfcarlson@gmail.com>
---
BaseTools/Bin/iasl_ext_dep.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/BaseTools/Bin/iasl_ext_dep.yaml b/BaseTools/Bin/iasl_ext_dep.y=
aml
index 1d81e89cf3a6..ea2bc315d184 100644
--- a/BaseTools/Bin/iasl_ext_dep.yaml
+++ b/BaseTools/Bin/iasl_ext_dep.yaml
@@ -14,8 +14,8 @@
"id": "iasl-ci-1",=0D
"scope": "cibuild",=0D
"type": "nuget",=0D
- "name": "iasl",=0D
- "source": "https://api.nuget.org/v3/index.json",=0D
- "version": "20190215.0.0",=0D
+ "name": "edk2-acpica-iasl",=0D
+ "source": "https://pkgs.dev.azure.com/projectmu/acpica/_packaging/mu_ias=
l/nuget/v3/index.json",=0D
+ "version": "20200717.0.0",=0D
"flags": ["set_path", "host_specific"]=0D
}=0D
--=20
2.27.0.vfs.1.0


[PATCH v2 0/1] Update IASL extdep for CI

Matthew Carlson
 

From: Matthew Carlson <matthewfcarlson@gmail.com>

Currently EDK2 has an external dependency to download the IASL compiler.
This updates that nuget stream with a much more current version produced
by a pipeline that runs regularly. Feel free to check out the repo here:

https://dev.azure.com/projectmu/_git/acpica

To reiterate, this only affects CI and should not affect platforms unless
they are explictly using the 'cibuild' scope.

v2 changes: Added reviewed by from Liming.

Ref: https://github.com/tianocore/edk2/pull/927

Matthew Carlson (1):
BaseTools: update IASL extdep to more modern version

BaseTools/Bin/iasl_ext_dep.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

--
2.27.0.vfs.1.0


Re: [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

Matthew Carlson
 

Just pinging this thread to see what needs to get done next. Thank you Liming for the reviewed by on the MdeModulePkg changes.

--
- Matthew Carlson


Re: [PATCH v6 00/14] Add the VariablePolicy feature

Bret Barkelew
 

Thanks for the update, Jian. Dandan has submitted RBs on another thread.

 

That leaves patches 06 and 11.

 

Next up, Jordan Justen. How’s it going, Jordan. We’ve never spoken directly (to my knowledge) and that’s a shame.

If you had to eat a single food for the rest of your life, what would it be and can I have a Reviewed-by?

Keep in mind that you probably don’t want it to be particularly strong flavors; it’s going to get disgusting eventually.

I’d probably go with some simple red beans and rice or something.

 

- Bret

 

From: Wang, Jian J
Sent: Sunday, September 13, 2020 11:42 PM
To: Bret Barkelew; devel@edk2.groups.io; bret@...; Bi, Dandan
Cc: Yao, Jiewen; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Hi Bret,

 

Sorry to hear the Seattle’s situation. I’ve been there for several times and love the city very much. Hope everything goes back normal soon.

 

And sorry for slow response. This patch series have been delegated to Dandan to review by Liming. She has completed security review from Intel perspective, and given back comments to you. It seems that you forgot to include her in the CC-list. Sorry I didn’t notice it and told her to do review in time. She’ll give comments ASAP.

 

Since MdeModulePkg is a huge package, I cannot do detail review for each patch for this package. And we have already modules reviewers designated . I think, usually, they should do the detailed review first. The package maintainer will do gate-keeper works as the last step. Correct me if any misunderstanding here.

 

Removed Chao from cc-list (his email is not valid) and added Dandan in loop.

 

Regards,

Jian

 

From: Bret Barkelew <Bret.Barkelew@...>
Sent: Friday, September 11, 2020 11:18 PM
To: devel@edk2.groups.io; bret@...; Wang, Jian J <jian.j.wang@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Zhang, Chao B <chao.b.zhang@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

11 Days to go. I will single out an email every day…

 

Jian, today is your day.

How’s it going? Life good? Yeah, I know. Things are crazy here, too. Seattle is covered in smoke.

You know what would brighten things up, though? A nice “reviewed by”.

 

- Bret

 

From: Bret Barkelew via groups.io
Sent: Tuesday, September 8, 2020 3:20 PM
To: devel@edk2.groups.io; bret@...
Cc: Yao, Jiewen; Zhang, Chao B; Wang, Jian J; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray; liming.gao
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Now that 2008 is labelled and everyone can take a breather… I still need reviews on the following patches (v7)…

Patch(es) 01, 02, 03,06,09,10,11,12,13,14

 

As such, the following email addresses may or may not be subscribed to CatFacts™ within the next 14 days if I get no responses:

Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Andrew Fish <afish@...>
Cc: Ray Ni <ray.ni@...>

Cc: Jiewen Yao <jiewen.yao@...>

Cc: Chao Zhang <chao.b.zhang@...>

 

May God have mercy on your inboxes.

 

- Bret

 

 

 


Re: [PATCH v7 00/14] Add the VariablePolicy feature

Bret Barkelew
 

Sounds good! Thanks! Will hold for at least this week. Still need some more RBs.

- Bret


From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Dandan Bi via groups.io <dandan.bi@...>
Sent: Tuesday, September 15, 2020 8:44:01 AM
To: devel@edk2.groups.io <devel@edk2.groups.io>; bret@... <bret@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Chao Zhang <chao.b.zhang@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; liming.gao <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature
 
Hi Bret,

The V7 version is OK from my side.  Reviewed-by: Dandan Bi <dandan.bi@...>
Please hold to see if any comments from other reviewers.


Hi Jiewen and Jian,

Do you have any comments?
 


Thanks,
Dandan
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret
> Barkelew
> Sent: Friday, August 28, 2020 1:51 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@...>; Chao Zhang
> <chao.b.zhang@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao
> A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen,
> Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>;
> Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish
> <afish@...>; Ni, Ray <ray.ni@...>
> Subject: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature
>
> The 14 patches in this series add the VariablePolicy feature to the core,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into Variable
> Services.
>
> Since the integration requires multiple changes, including adding libraries, a
> protocol, an SMI communication handler, and VariableServices integration,
> the patches are broken up by individual library additions and then a final
> integration. Security-sensitive changes like bypassing Authenticated Variable
> enforcement are also broken out into individual patches so that attention can
> be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-&amp;data=02%7C01%7CBret.Barkelew%40microsoft.com%7C28ce33648af54aa8e07f08d8598e59e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637357816016734689&amp;sdata=SwzfGHP86ZeenEaOIvbpU5mwrz9l25LTEuF0wPseGcY%3D&amp;reserved=0
> Protocol---Enhanced-Method-for-Managing-Variables#platform-porting
>
> Discussion of the feature can be found in multiple places throughout the last
> year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;data=02%7C01%7CBret.Barkelew%40microsoft.com%7C28ce33648af54aa8e07f08d8598e59e2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637357816016734689&amp;sdata=F6Ywepo61wFPI5Cr14mHzJB6yCRyFA2JHevNGY8TwaQ%3D&amp;reserved=0
> (the code branches shared in that discussion are now out of date, but the
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@...>
> Cc: Chao Zhang <chao.b.zhang@...>
> Cc: Jian J Wang <jian.j.wang@...>
> Cc: Hao A Wu <hao.a.wu@...>
> Cc: Liming Gao <liming.gao@...>
> Cc: Jordan Justen <jordan.l.justen@...>
> Cc: Laszlo Ersek <lersek@...>
> Cc: Ard Biesheuvel <ard.biesheuvel@...>
> Cc: Andrew Fish <afish@...>
> Cc: Ray Ni <ray.ni@...>
> Cc: Bret Barkelew <brbarkel@...>
> Signed-off-by: Bret Barkelew <brbarkel@...>
>
> v7 changes:
> * Address comments from Dandan about security of the MM handler
> * Add readme
> * Fix bug around hex characters in BOOT####, etc
> * Add additional testing for hex characters
> * Add additional testing for authenticated variables
>
> v6 changes:
> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and
> DeinitVariablePolicyLib()
> * Fix GCC building in shell-based functional test
> * Rebase on latest origin/master
>
> v5 changes:
> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
> * Fix EFIAPI mismatches in the functional unittest
> * Rebase on latest origin/master
>
> v4 changes:
> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
> platforms
> * Rebase on master
> * Migrate to new MmCommunicate2 protocol
> * Fix an oversight in the default return value for
> InitMmCommonCommBuffer
> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>
> V3 changes:
> * Address all non-unittest issues with ECC
> * Make additional style changes
> * Include section name in hunk headers in "ini-style" files
> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable
> driver
>   (now allocates its own buffer)
> * Change names from VARIABLE_POLICY_PROTOCOL and
> gVariablePolicyProtocolGuid
>   to EDKII_VARIABLE_POLICY_PROTOCOL and
> gEdkiiVariablePolicyProtocolGuid
> * Fix GCC warning about initializing externs
> * Add UNI strings for new PCD
> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
> * Reorder patches according to Liming's feedback about adding to platforms
>   before changing variable driver
>
> V2 changes:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
>
> Bret Barkelew (14):
>   MdeModulePkg: Define the VariablePolicy protocol interface
>   MdeModulePkg: Define the VariablePolicyLib
>   MdeModulePkg: Define the VariablePolicyHelperLib
>   MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>   OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>   EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>   ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>   UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>   MdeModulePkg: Connect VariablePolicy business logic to
>     VariableServices
>   MdeModulePkg: Allow VariablePolicy state to delete protected variables
>   SecurityPkg: Allow VariablePolicy state to delete authenticated
>     variables
>   MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>   MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>   MdeModulePkg: Add a shell-based functional test for VariablePolicy
>
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
> |  345 +++
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
> |  396 ++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
> |   46 +
>
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx
> e.c               |   85 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
> |  830 +++++++
>
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
> licyUnitTest.c   | 2452 ++++++++++++++++++++
>
> MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
> ncTestApp.c        | 2226 ++++++++++++++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
> |   52 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
> |   60 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
> |   49 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
> |   53 +
>
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock
> .c                    |   71 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
> |  642 +++++
>
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.
> c                       |   14 +
>  SecurityPkg/Library/AuthVariableLib/AuthService.c                                        |   22
> +-
>  ArmVirtPkg/ArmVirt.dsc.inc                                                               |    4 +
>  EmulatorPkg/EmulatorPkg.dsc                                                              |    3 +
>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h                                            |
> 54 +
>  MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
> |  164 ++
>  MdeModulePkg/Include/Library/VariablePolicyLib.h                                         |
> 207 ++
>  MdeModulePkg/Include/Protocol/VariablePolicy.h                                           |
> 157 ++
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
> |   42 +
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
> |   12 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> |   35 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
> |   12 +
>  MdeModulePkg/Library/VariablePolicyLib/ReadMe.md                                         |
> 410 ++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> |   49 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
> |   12 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
> |   51 +
>
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
> licyUnitTest.inf |   45 +
>  MdeModulePkg/MdeModulePkg.ci.yaml                                                        |    8 +-
>  MdeModulePkg/MdeModulePkg.dec                                                            |   26 +-
>  MdeModulePkg/MdeModulePkg.dsc                                                            |    9 +
>  MdeModulePkg/MdeModulePkg.uni                                                            |    7 +
>  MdeModulePkg/Test/MdeModulePkgHostTest.dsc                                               |
> 11 +
>  MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md
> |   55 +
>
> MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
> ncTestApp.inf      |   47 +
>
> MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTe
> stAuthVar.h        |  128 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> |    5 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
> |    4 +
>
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.i
> nf                     |   11 +
>
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> |    4 +
>  OvmfPkg/OvmfPkgIa32.dsc                                                                  |    5 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                                                               |    5 +
>  OvmfPkg/OvmfPkgX64.dsc                                                                   |    5 +
>  OvmfPkg/OvmfXen.dsc                                                                      |    4 +
>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf                                  |
> 2 +
>  UefiPayloadPkg/UefiPayloadPkgIa32.dsc                                                    |    4 +
>  UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc                                                 |    4 +
>  49 files changed, 8865 insertions(+), 79 deletions(-)  create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx
> e.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
> licyUnitTest.c
>  create mode 100644
> MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
> ncTestApp.c
>  create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock
> .c
>  create mode 100644
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>  create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>  create mode 100644
> MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>  create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>  create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>  create mode 100644
> MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>  create mode 100644
> MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
> licyUnitTest.inf
>  create mode 100644
> MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md
>  create mode 100644
> MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
> ncTestApp.inf
>  create mode 100644
> MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTe
> stAuthVar.h
>
> --
> 2.28.0.windows.1
>
>
>





[PATCH v12 1/1] ShellPkg/DynamicCommand: add HttpDynamicCommand

Vladimir Olovyannikov
 

Introduce an http client utilizing EDK2 HTTP protocol, to
allow fast image downloading from http/https servers.
HTTP download speed is usually faster than tftp.
The client is based on the same approach as tftp dynamic command, and
uses the same UEFI Shell command line parameters. This makes it easy
integrating http into existing UEFI Shell scripts.
Note that to enable HTTP download, feature Pcd
gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections must
be set to TRUE.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2860

Signed-off-by: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Cc: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Nd <nd@arm.com>
---
ShellPkg/ShellPkg.dec | 1 +
ShellPkg/ShellPkg.dsc | 5 +
.../HttpDynamicCommand/HttpApp.inf | 58 +
.../HttpDynamicCommand/HttpDynamicCommand.inf | 63 +
.../DynamicCommand/HttpDynamicCommand/Http.h | 90 +
ShellPkg/Include/Guid/ShellLibHiiGuid.h | 5 +
.../DynamicCommand/HttpDynamicCommand/Http.c | 1843 +++++++++++++++++
.../HttpDynamicCommand/HttpApp.c | 61 +
.../HttpDynamicCommand/HttpDynamicCommand.c | 137 ++
.../HttpDynamicCommand/Http.uni | 117 ++
10 files changed, 2380 insertions(+)
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.inf
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/Http.h
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.c
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.c
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/Http.uni

diff --git a/ShellPkg/ShellPkg.dec b/ShellPkg/ShellPkg.dec
index d0843d338126..7b2d1230bd2c 100644
--- a/ShellPkg/ShellPkg.dec
+++ b/ShellPkg/ShellPkg.dec
@@ -53,6 +53,7 @@ [Guids]
gShellNetwork1HiiGuid = {0xf3d301bb, 0xf4a5, 0x45a8, {0xb0, 0xb7, 0xfa, 0x99, 0x9c, 0x62, 0x37, 0xae}}
gShellNetwork2HiiGuid = {0x174b2b5, 0xf505, 0x4b12, {0xaa, 0x60, 0x59, 0xdf, 0xf8, 0xd6, 0xea, 0x37}}
gShellTftpHiiGuid = {0x738a9314, 0x82c1, 0x4592, {0x8f, 0xf7, 0xc1, 0xbd, 0xf1, 0xb2, 0x0e, 0xd4}}
+ gShellHttpHiiGuid = {0x390f84b3, 0x221c, 0x4d9e, {0xb5, 0x06, 0x6d, 0xb9, 0x42, 0x3e, 0x0a, 0x7e}}
gShellBcfgHiiGuid = {0x5f5f605d, 0x1583, 0x4a2d, {0xa6, 0xb2, 0xeb, 0x12, 0xda, 0xb4, 0xa2, 0xb6}}
gShellAcpiViewHiiGuid = {0xda8ccdf4, 0xed8f, 0x4ffc, {0xb5, 0xef, 0x2e, 0xf5, 0x5e, 0x24, 0x93, 0x2a}}
# FILE_GUID as defined in ShellPkg/Application/Shell/Shell.inf
diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc
index 86e9f1e0040d..c42bc9464a0f 100644
--- a/ShellPkg/ShellPkg.dsc
+++ b/ShellPkg/ShellPkg.dsc
@@ -139,6 +139,11 @@ [Components]
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpApp.inf
+ ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+ <PcdsFixedAtBuild>
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+ }
+ ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.inf
ShellPkg/DynamicCommand/DpDynamicCommand/DpDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.inf b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.inf
new file mode 100644
index 000000000000..d08d47fb37d5
--- /dev/null
+++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.inf
@@ -0,0 +1,58 @@
+## @file
+# Provides Shell 'http' standalone application.
+#
+# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. <BR>
+# Copyright (c) 2015, ARM Ltd. All rights reserved.<BR>
+# Copyright (c) 2020, Broadcom. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010006
+ BASE_NAME = http
+ FILE_GUID = 56B00FB7-91D2-869B-CE5C-26CD1A89C73C
+ MODULE_TYPE = UEFI_APPLICATION
+ VERSION_STRING = 1.0
+ ENTRY_POINT = HttpAppInitialize
+#
+# This flag specifies whether HII resource section is generated into PE image.
+#
+ UEFI_HII_RESOURCE_SECTION = TRUE
+
+[Sources.common]
+ Http.c
+ HttpApp.c
+ Http.h
+ Http.uni
+
+[Packages]
+ EmbeddedPkg/EmbeddedPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ NetworkPkg/NetworkPkg.dec
+ ShellPkg/ShellPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ FileHandleLib
+ HiiLib
+ HttpLib
+ MemoryAllocationLib
+ NetLib
+ ShellLib
+ UefiApplicationEntryPoint
+ UefiBootServicesTableLib
+ UefiHiiServicesLib
+ UefiLib
+ UefiRuntimeServicesTableLib
+
+[Protocols]
+ gEfiHiiPackageListProtocolGuid ## CONSUMES
+ gEfiHttpProtocolGuid ## CONSUMES
+ gEfiHttpServiceBindingProtocolGuid ## CONSUMES
+ gEfiManagedNetworkServiceBindingProtocolGuid ## CONSUMES
diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
new file mode 100644
index 000000000000..5d46ee2384d5
--- /dev/null
+++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
@@ -0,0 +1,63 @@
+## @file
+# Provides Shell 'http' dynamic command.
+#
+# Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved. <BR>
+# Copyright (c) 2015, ARM Ltd. All rights reserved.<BR>
+# Copyright (c) 2020, Broadcom. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010006
+ BASE_NAME = httpDynamicCommand
+ FILE_GUID = 19618BCE-55AE-09C6-37E9-4CE04084C7A1
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = HttpCommandInitialize
+ UNLOAD_IMAGE = HttpUnload
+#
+# This flag specifies whether HII resource section is generated into PE image.
+#
+ UEFI_HII_RESOURCE_SECTION = TRUE
+
+[Sources.common]
+ Http.c
+ HttpDynamicCommand.c
+ Http.h
+ Http.uni
+
+[Packages]
+ EmbeddedPkg/EmbeddedPkg.dec
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ NetworkPkg/NetworkPkg.dec
+ ShellPkg/ShellPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ FileHandleLib
+ HiiLib
+ HttpLib
+ MemoryAllocationLib
+ NetLib
+ ShellLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ UefiHiiServicesLib
+ UefiLib
+ UefiRuntimeServicesTableLib
+
+[Protocols]
+ gEfiHiiPackageListProtocolGuid ## CONSUMES
+ gEfiHttpProtocolGuid ## CONSUMES
+ gEfiHttpServiceBindingProtocolGuid ## CONSUMES
+ gEfiManagedNetworkServiceBindingProtocolGuid ## CONSUMES
+ gEfiShellDynamicCommandProtocolGuid ## PRODUCES
+
+[DEPEX]
+ TRUE
diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.h b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.h
new file mode 100644
index 000000000000..c53479b823e7
--- /dev/null
+++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.h
@@ -0,0 +1,90 @@
+/** @file
+ Header file for 'http' command functions.
+
+ Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. <BR>
+ Copyright (c) 2015, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2020, Broadcom. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _HTTP_H_
+#define _HTTP_H_
+
+#include <Uefi.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HiiLib.h>
+#include <Library/HttpLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/NetLib.h>
+#include <Library/PrintLib.h>
+#include <Library/ShellLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiHiiServicesLib.h>
+#include <Library/UefiLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+
+#include <Protocol/HiiPackageList.h>
+#include <Protocol/HttpUtilities.h>
+#include <Protocol/ServiceBinding.h>
+
+#define HTTP_APP_NAME L"http"
+
+#define REQ_OK 0
+#define REQ_NEED_REPEAT 1
+
+// Download Flags
+#define DL_FLAG_TIME BIT0 // Show elapsed time.
+#define DL_FLAG_KEEP_BAD BIT1 // Keep files even if download failed.
+
+extern EFI_HII_HANDLE mHttpHiiHandle;
+
+typedef struct {
+ UINTN ContentDownloaded;
+ UINTN ContentLength;
+ UINTN LastReportedNbOfBytes;
+ UINTN BufferSize;
+ UINTN Status;
+ UINTN Flags;
+ UINT8 *Buffer;
+ CHAR16 *ServerAddrAndProto;
+ CHAR16 *URI;
+ EFI_HTTP_TOKEN ResponseToken;
+ EFI_HTTP_TOKEN RequestToken;
+ EFI_HTTP_PROTOCOL *Http;
+ EFI_HTTP_CONFIG_DATA HttpConfigData;
+} HTTP_DOWNLOAD_CONTEXT;
+
+/**
+ Function for 'http' command.
+
+ @param[in] ImageHandle The image handle.
+ @param[in] SystemTable The system table.
+
+ @retval SHELL_SUCCESS Command completed successfully.
+ @retval SHELL_INVALID_PARAMETER Command usage error.
+ @retval SHELL_ABORTED The user aborts the operation.
+ @retval value Unknown error.
+**/
+SHELL_STATUS
+RunHttp (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ );
+
+/**
+ Retrive HII package list from ImageHandle and publish to HII database.
+
+ @param ImageHandle The image handle of the process.
+
+ @return HII handle.
+**/
+EFI_HII_HANDLE
+InitializeHiiPackage (
+ EFI_HANDLE ImageHandle
+ );
+#endif // _HTTP_H_
diff --git a/ShellPkg/Include/Guid/ShellLibHiiGuid.h b/ShellPkg/Include/Guid/ShellLibHiiGuid.h
index 5da9128333a4..6e328b460d8c 100644
--- a/ShellPkg/Include/Guid/ShellLibHiiGuid.h
+++ b/ShellPkg/Include/Guid/ShellLibHiiGuid.h
@@ -59,6 +59,10 @@
0x738a9314, 0x82c1, 0x4592, { 0x8f, 0xf7, 0xc1, 0xbd, 0xf1, 0xb2, 0x0e, 0xd4 } \
}

+#define SHELL_HTTP_HII_GUID \
+ { \
+ 0x390f84b3, 0x221c, 0x4d9e, { 0xb5, 0x06, 0x6d, 0xb9, 0x42, 0x3e, 0x0a, 0x7e } \
+ }

#define SHELL_BCFG_HII_GUID \
{ \
@@ -75,6 +79,7 @@ extern EFI_GUID gShellLevel3HiiGuid;
extern EFI_GUID gShellNetwork1HiiGuid;
extern EFI_GUID gShellNetwork2HiiGuid;
extern EFI_GUID gShellTftpHiiGuid;
+extern EFI_GUID gShellHttpHiiGuid;
extern EFI_GUID gShellBcfgHiiGuid;

#endif
diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c
new file mode 100644
index 000000000000..3f11c1cd84c3
--- /dev/null
+++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c
@@ -0,0 +1,1843 @@
+/** @file
+ The implementation for the 'http' Shell command.
+
+ Copyright (c) 2015, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. <BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+ Copyright (c) 2020, Broadcom. All rights reserved. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include "Http.h"
+
+#define IP4_CONFIG2_INTERFACE_INFO_NAME_LENGTH 32
+
+/*
+ Constant strings and definitions related to the message
+ indicating the amount of progress in the dowloading of a HTTP file.
+*/
+
+// Number of steps in the progression slider
+#define HTTP_PROGRESS_SLIDER_STEPS \
+ ((sizeof (HTTP_PROGR_FRAME) / sizeof (CHAR16)) - 3)
+
+// Size in number of characters plus one (final zero) of the message to
+// indicate the progress of an HTTP download. The format is "[(progress slider:
+// 40 characters)] (nb of KBytes downloaded so far: 7 characters) Kb". There
+// are thus the number of characters in HTTP_PROGR_FRAME[] plus 11 characters
+// (2 // spaces, "Kb" and seven characters for the number of KBytes).
+#define HTTP_PROGRESS_MESSAGE_SIZE \
+ ((sizeof (HTTP_PROGR_FRAME) / sizeof (CHAR16)) + 12)
+
+//
+// Buffer size. Note that larger buffer does not mean better speed!
+//
+#define DEFAULT_BUF_SIZE SIZE_32KB
+#define MAX_BUF_SIZE SIZE_4MB
+
+#define MIN_PARAM_COUNT 2
+#define MAX_PARAM_COUNT 4
+#define NEED_REDIRECTION(Code) \
+ (((Code >= HTTP_STATUS_300_MULTIPLE_CHOICES) \
+ && (Code <= HTTP_STATUS_307_TEMPORARY_REDIRECT)) \
+ || (Code == HTTP_STATUS_308_PERMANENT_REDIRECT))
+
+#define CLOSE_HTTP_HANDLE(ControllerHandle,HttpChildHandle) \
+ do { \
+ if (HttpChildHandle) { \
+ CloseProtocolAndDestroyServiceChild ( \
+ ControllerHandle, \
+ &gEfiHttpServiceBindingProtocolGuid, \
+ &gEfiHttpProtocolGuid, \
+ HttpChildHandle \
+ ); \
+ HttpChildHandle = NULL; \
+ } \
+ } while (0)
+
+typedef enum {
+ HDR_HOST,
+ HDR_CONN,
+ HDR_AGENT,
+ HDR_MAX
+} HDR_TYPE;
+
+#define USER_AGENT_HDR "Mozilla/5.0 (EDK2; Linux) Gecko/20100101 Firefox/79.0"
+
+#define TIMER_MAX_TIMEOUT_S 10
+
+// File name to use when URI ends with "/"
+#define DEFAULT_HTML_FILE L"index.html"
+#define DEFAULT_HTTP_PROTO L"http"
+
+// String to delete the HTTP progress message to be able to update it :
+// (HTTP_PROGRESS_MESSAGE_SIZE-1) '\b'
+#define HTTP_PROGRESS_DEL \
+ L"\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\
+\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
+
+#define HTTP_KB L"\b\b\b\b\b\b\b\b\b\b"
+// Frame for the progression slider
+#define HTTP_PROGR_FRAME L"[ ]"
+
+// Improve readability by using these macros
+#define PRINT_HII(token,...) \
+ ShellPrintHiiEx (\
+ -1, -1, NULL, token, mHttpHiiHandle, __VA_ARGS__)
+
+#define PRINT_HII_APP(token,value) \
+ PRINT_HII (token, HTTP_APP_NAME, value)
+
+//
+// TimeBaseLib.h constants.
+// TODO: remove once the library gets fixed.
+//
+
+// Define EPOCH (1970-JANUARY-01) in the Julian Date representation
+#define EPOCH_JULIAN_DATE 2440588
+
+// Seconds per unit
+#define SEC_PER_MIN ((UINTN) 60)
+#define SEC_PER_HOUR ((UINTN) 3600)
+#define SEC_PER_DAY ((UINTN) 86400)
+
+
+// String descriptions for server errors
+STATIC CONST CHAR16 *ErrStatusDesc[] =
+{
+ L"400 Bad Request",
+ L"401 Unauthorized",
+ L"402 Payment required",
+ L"403 Forbidden",
+ L"404 Not Found",
+ L"405 Method not allowed",
+ L"406 Not acceptable",
+ L"407 Proxy authentication required",
+ L"408 Request time out",
+ L"409 Conflict",
+ L"410 Gone",
+ L"411 Length required",
+ L"412 Precondition failed",
+ L"413 Request entity too large",
+ L"414 Request URI to large",
+ L"415 Unsupported media type",
+ L"416 Requested range not satisfied",
+ L"417 Expectation failed",
+ L"500 Internal server error",
+ L"501 Not implemented",
+ L"502 Bad gateway",
+ L"503 Service unavailable",
+ L"504 Gateway timeout",
+ L"505 HTTP version not supported"
+};
+
+STATIC CONST SHELL_PARAM_ITEM ParamList[] = {
+ {L"-i", TypeValue},
+ {L"-k", TypeFlag},
+ {L"-l", TypeValue},
+ {L"-m", TypeFlag},
+ {L"-s", TypeValue},
+ {L"-t", TypeValue},
+ {NULL , TypeMax}
+};
+
+// Local File Handle
+STATIC SHELL_FILE_HANDLE mFileHandle = NULL;
+
+// Path of the local file, Unicode encoded
+STATIC CONST CHAR16 *mLocalFilePath;
+
+STATIC BOOLEAN gRequestCallbackComplete = FALSE;
+STATIC BOOLEAN gResponseCallbackComplete = FALSE;
+
+STATIC BOOLEAN gHttpError;
+
+EFI_HII_HANDLE mHttpHiiHandle;
+
+// Functions declarations
+/**
+ Check and convert the UINT16 option values of the 'http' command
+
+ @param[in] ValueStr Value as an Unicode encoded string
+ @param[out] Value UINT16 value
+
+ @return TRUE The value was returned.
+ @return FALSE A parsing error occured.
+**/
+STATIC
+BOOLEAN
+StringToUint16 (
+ IN CONST CHAR16 *ValueStr,
+ OUT UINT16 *Value
+ );
+
+/**
+ Get the name of the NIC.
+
+ @param[in] ControllerHandle The network physical device handle.
+ @param[in] NicNumber The network physical device number.
+ @param[out] NicName Address where to store the NIC name.
+ The memory area has to be at least
+ IP4_CONFIG2_INTERFACE_INFO_NAME_LENGTH
+ double byte wide.
+
+ @return EFI_SUCCESS The name of the NIC was returned.
+ @return Others The creation of the child for the Managed
+ Network Service failed or the opening of
+ the Managed Network Protocol failed or
+ the operational parameters for the
+ Managed Network Protocol could not be
+ read.
+**/
+STATIC
+EFI_STATUS
+GetNicName (
+ IN EFI_HANDLE ControllerHandle,
+ IN UINTN NicNumber,
+ OUT CHAR16 *NicName
+ );
+
+/**
+ Create a child for the service identified by its service binding protocol GUID
+ and get from the child the interface of the protocol identified by its GUID.
+
+ @param[in] ControllerHandle Controller handle.
+ @param[in] ServiceBindingProtocolGuid Service binding protocol GUID of the
+ service to be created.
+ @param[in] ProtocolGuid GUID of the protocol to be open.
+ @param[out] ChildHandle Address where the handler of the
+ created child is returned. NULL is
+ returned in case of error.
+ @param[out] Interface Address where a pointer to the
+ protocol interface is returned in
+ case of success.
+
+ @return EFI_SUCCESS The child was created and the protocol opened.
+ @return Others Either the creation of the child or the opening
+ of the protocol failed.
+**/
+STATIC
+EFI_STATUS
+CreateServiceChildAndOpenProtocol (
+ IN EFI_HANDLE ControllerHandle,
+ IN EFI_GUID *ServiceBindingProtocolGuid,
+ IN EFI_GUID *ProtocolGuid,
+ OUT EFI_HANDLE *ChildHandle,
+ OUT VOID **Interface
+ );
+
+/**
+ Close the protocol identified by its GUID on the child handle of the service
+ identified by its service binding protocol GUID, then destroy the child
+ handle.
+
+ @param[in] ControllerHandle Controller handle.
+ @param[in] ServiceBindingProtocolGuid Service binding protocol GUID of the
+ service to be destroyed.
+ @param[in] ProtocolGuid GUID of the protocol to be closed.
+ @param[in] ChildHandle Handle of the child to be destroyed.
+
+**/
+STATIC
+VOID
+CloseProtocolAndDestroyServiceChild (
+ IN EFI_HANDLE ControllerHandle,
+ IN EFI_GUID *ServiceBindingProtocolGuid,
+ IN EFI_GUID *ProtocolGuid,
+ IN EFI_HANDLE ChildHandle
+ );
+
+/**
+ Worker function that download the data of a file from an HTTP server given
+ the path of the file and its size.
+
+ @param[in] Context A pointer to the download context.
+
+ @retval EFI_SUCCESS The file was downloaded.
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
+ @retval Others The downloading of the file
+ from the server failed.
+
+**/
+STATIC
+EFI_STATUS
+DownloadFile (
+ IN HTTP_DOWNLOAD_CONTEXT *Context,
+ IN EFI_HANDLE ControllerHandle,
+ IN CHAR16 *NicName
+ );
+
+/**
+ Cleans off leading and trailing spaces and tabs.
+
+ @param[in] String pointer to the string to trim them off.
+**/
+STATIC
+EFI_STATUS
+TrimSpaces (
+ IN CHAR16 *String
+ )
+{
+ CHAR16 *Str;
+ UINTN Len;
+
+ ASSERT (String != NULL);
+
+ if (!String) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Str = String;
+
+ //
+ // Remove any whitespace at the beginning of the Str.
+ //
+ while (*Str == L' ' || *Str == L'\t') {
+ Str++;
+ }
+
+ //
+ // Remove any whitespace at the end of the Str.
+ //
+ do {
+ Len = StrLen (Str);
+ if (!Len || (Str[Len - 1] != L' ' && Str[Len - 1] != '\t')) {
+ break;
+ }
+
+ Str[Len - 1] = CHAR_NULL;
+ } while (Len);
+
+ CopyMem (String, Str, StrSize (Str));
+
+ return EFI_SUCCESS;
+}
+
+
+/*
+ * Callbacks for request and response.
+ * We just acknowledge that operation has completed here.
+ */
+STATIC
+VOID
+EFIAPI
+RequestCallback (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ gRequestCallbackComplete = TRUE;
+}
+
+STATIC
+VOID
+EFIAPI
+ResponseCallback (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ gResponseCallbackComplete = TRUE;
+}
+
+//
+// Set of functions from TimeBaseLib.
+// TODO: remove once TimeBaseLib gets fixed, and enabled for ShellPkg.
+//
+
+/**
+ Calculate Epoch days
+ **/
+STATIC
+UINTN
+EfiGetEpochDays (
+ IN EFI_TIME *Time
+ )
+{
+ UINTN a;
+ UINTN y;
+ UINTN m;
+ UINTN JulianDate; // Absolute Julian Date representation of the supplied Time
+ UINTN EpochDays; // Number of days elapsed since EPOCH_JULIAN_DAY
+
+ a = (14 - Time->Month) / 12 ;
+ y = Time->Year + 4800 - a;
+ m = Time->Month + (12 * a) - 3;
+
+ JulianDate = Time->Day + ((153 * m + 2) / 5) + (365 * y) + (y / 4) -
+ (y / 100) + (y / 400) - 32045;
+
+ ASSERT (JulianDate >= EPOCH_JULIAN_DATE);
+ EpochDays = JulianDate - EPOCH_JULIAN_DATE;
+
+ return EpochDays;
+}
+
+/**
+ Converts EFI_TIME to Epoch seconds
+ (elapsed since 1970 JANUARY 01, 00:00:00 UTC)
+ **/
+STATIC
+UINTN
+EFIAPI
+EfiTimeToEpoch (
+ IN EFI_TIME *Time
+ )
+{
+ UINTN EpochDays; // Number of days elapsed since EPOCH_JULIAN_DAY
+ UINTN EpochSeconds;
+
+ EpochDays = EfiGetEpochDays (Time);
+
+ EpochSeconds = (EpochDays * SEC_PER_DAY) +
+ ((UINTN)Time->Hour * SEC_PER_HOUR) +
+ (Time->Minute * SEC_PER_MIN) + Time->Second;
+
+ return EpochSeconds;
+}
+
+/**
+ Function for 'http' command.
+
+ @param[in] ImageHandle Handle to the Image (NULL if Internal).
+ @param[in] SystemTable Pointer to the System Table (NULL if Internal).
+
+ @return SHELL_SUCCESS The 'http' command completed successfully.
+ @return SHELL_ABORTED The Shell Library initialization failed.
+ @return SHELL_INVALID_PARAMETER At least one of the command's arguments is
+ not valid.
+ @return SHELL_OUT_OF_RESOURCES A memory allocation failed.
+ @return SHELL_NOT_FOUND Network Interface Card not found.
+ @return SHELL_UNSUPPORTED Command was valid, but the server returned
+ a status code indicating some error.
+ Examine the file requested for error body.
+
+**/
+SHELL_STATUS
+RunHttp (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ LIST_ENTRY *CheckPackage;
+ UINTN ParamCount;
+ UINTN HandleCount;
+ UINTN NicNumber;
+ UINTN InitialSize;
+ UINTN ParamOffset;
+ UINTN StartSize;
+ CHAR16 *ProblemParam;
+ CHAR16 NicName[IP4_CONFIG2_INTERFACE_INFO_NAME_LENGTH];
+ CHAR16 *Walker1;
+ CHAR16 *VStr;
+ CONST CHAR16 *UserNicName;
+ CONST CHAR16 *ValueStr;
+ CONST CHAR16 *RemoteFilePath;
+ CONST CHAR16 *Walker;
+ EFI_HTTPv4_ACCESS_POINT IPv4Node;
+ EFI_HANDLE *Handles;
+ EFI_HANDLE ControllerHandle;
+ HTTP_DOWNLOAD_CONTEXT Context;
+ BOOLEAN NicFound;
+
+ ProblemParam = NULL;
+ RemoteFilePath = NULL;
+ NicFound = FALSE;
+ Handles = NULL;
+
+ //
+ // Initialize the Shell library (we must be in non-auto-init...)
+ //
+ ParamOffset = 0;
+ gHttpError = FALSE;
+
+ Status = ShellInitialize ();
+ if (EFI_ERROR (Status)) {
+ ASSERT_EFI_ERROR (Status);
+ return SHELL_ABORTED;
+ }
+
+ ZeroMem (&Context, sizeof (Context));
+
+ //
+ // Parse the command line.
+ //
+ Status = ShellCommandLineParse (
+ ParamList,
+ &CheckPackage,
+ &ProblemParam,
+ TRUE
+ );
+ if (EFI_ERROR (Status)) {
+ if ((Status == EFI_VOLUME_CORRUPTED)
+ && (ProblemParam != NULL))
+ {
+ PRINT_HII_APP (STRING_TOKEN (STR_GEN_PROBLEM), ProblemParam);
+ SHELL_FREE_NON_NULL (ProblemParam);
+ } else {
+ ASSERT (FALSE);
+ }
+
+ goto Error;
+ }
+
+ //
+ // Check the number of parameters
+ //
+ Status = EFI_INVALID_PARAMETER;
+
+ ParamCount = ShellCommandLineGetCount (CheckPackage);
+ if (ParamCount > MAX_PARAM_COUNT) {
+ PRINT_HII_APP (STRING_TOKEN (STR_GEN_TOO_MANY), NULL);
+ goto Error;
+ }
+
+ if (ParamCount < MIN_PARAM_COUNT) {
+ PRINT_HII_APP (STRING_TOKEN (STR_GEN_TOO_FEW), NULL);
+ goto Error;
+ }
+
+ ZeroMem (&Context.HttpConfigData, sizeof (Context.HttpConfigData));
+ ZeroMem (&IPv4Node, sizeof (IPv4Node));
+ IPv4Node.UseDefaultAddress = TRUE;
+
+ Context.HttpConfigData.HttpVersion = HttpVersion11;
+ Context.HttpConfigData.AccessPoint.IPv4Node = &IPv4Node;
+
+ //
+ // Get the host address (not necessarily IPv4 format)
+ //
+ ValueStr = ShellCommandLineGetRawValue (CheckPackage, 1);
+ if (!ValueStr) {
+ PRINT_HII_APP (STRING_TOKEN (STR_GEN_PARAM_INV), ValueStr);
+ goto Error;
+ } else {
+ StartSize = 0;
+ TrimSpaces ((CHAR16 *)ValueStr);
+ if (!StrStr (ValueStr, L"://")) {
+ Context.ServerAddrAndProto = StrnCatGrow (
+ &Context.ServerAddrAndProto,
+ &StartSize,
+ DEFAULT_HTTP_PROTO,
+ StrLen (DEFAULT_HTTP_PROTO)
+ );
+ Context.ServerAddrAndProto = StrnCatGrow (
+ &Context.ServerAddrAndProto,
+ &StartSize,
+ L"://",
+ StrLen (L"://")
+ );
+ VStr = (CHAR16 *)ValueStr;
+ } else {
+ VStr = StrStr (ValueStr, L"://") + StrLen (L"://");
+ }
+
+ for (Walker1 = VStr; *Walker1; Walker1++) {
+ if (*Walker1 == L'/') {
+ break;
+ }
+ }
+
+ if (*Walker1 == L'/') {
+ ParamOffset = 1;
+ RemoteFilePath = Walker1;
+ }
+
+ Context.ServerAddrAndProto = StrnCatGrow (
+ &Context.ServerAddrAndProto,
+ &StartSize,
+ ValueStr,
+ StrLen (ValueStr) - StrLen (Walker1)
+ );
+ if (!Context.ServerAddrAndProto) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+ }
+
+ if (!RemoteFilePath) {
+ RemoteFilePath = ShellCommandLineGetRawValue (CheckPackage, 2);
+ if (!RemoteFilePath) {
+ // If no path given, assume just "/"
+ RemoteFilePath = L"/";
+ }
+ }
+
+ TrimSpaces ((CHAR16 *)RemoteFilePath);
+
+ if (ParamCount == MAX_PARAM_COUNT - ParamOffset) {
+ mLocalFilePath = ShellCommandLineGetRawValue (
+ CheckPackage,
+ MAX_PARAM_COUNT - 1 - ParamOffset
+ );
+ } else {
+ Walker = RemoteFilePath + StrLen (RemoteFilePath);
+ while ((--Walker) >= RemoteFilePath) {
+ if ((*Walker == L'\\') ||
+ (*Walker == L'/' ) ) {
+ break;
+ }
+ }
+
+ mLocalFilePath = Walker + 1;
+ }
+
+ if (!StrLen (mLocalFilePath)) {
+ mLocalFilePath = DEFAULT_HTML_FILE;
+ }
+
+ InitialSize = 0;
+ Context.URI = StrnCatGrow (
+ &Context.URI,
+ &InitialSize,
+ RemoteFilePath,
+ StrLen (RemoteFilePath)
+ );
+ if (!Context.URI) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ //
+ // Get the name of the Network Interface Card to be used if any.
+ //
+ UserNicName = ShellCommandLineGetValue (CheckPackage, L"-i");
+
+ ValueStr = ShellCommandLineGetValue (CheckPackage, L"-l");
+ if ((ValueStr != NULL)
+ && (!StringToUint16 (
+ ValueStr,
+ &Context.HttpConfigData.AccessPoint.IPv4Node->LocalPort
+ )
+ ))
+ {
+ goto Error;
+ }
+
+ Context.BufferSize = DEFAULT_BUF_SIZE;
+
+ ValueStr = ShellCommandLineGetValue (CheckPackage, L"-s");
+ if (ValueStr != NULL) {
+ Context.BufferSize = ShellStrToUintn (ValueStr);
+ if (!Context.BufferSize || Context.BufferSize > MAX_BUF_SIZE) {
+ PRINT_HII_APP (STRING_TOKEN (STR_GEN_PARAM_INV), ValueStr);
+ goto Error;
+ }
+ }
+
+ ValueStr = ShellCommandLineGetValue (CheckPackage, L"-t");
+ if (ValueStr != NULL) {
+ Context.HttpConfigData.TimeOutMillisec = (UINT32)ShellStrToUintn (ValueStr);
+ }
+
+ //
+ // Locate all HTTP Service Binding protocols
+ //
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiManagedNetworkServiceBindingProtocolGuid,
+ NULL,
+ &HandleCount,
+ &Handles
+ );
+ if (EFI_ERROR (Status) || (HandleCount == 0)) {
+ PRINT_HII (STRING_TOKEN (STR_HTTP_ERR_NO_NIC), NULL);
+ if (!EFI_ERROR (Status)) {
+ Status = EFI_NOT_FOUND;
+ }
+
+ goto Error;
+ }
+
+ Status = EFI_NOT_FOUND;
+
+ Context.Flags = 0;
+ if (ShellCommandLineGetFlag (CheckPackage, L"-m")) {
+ Context.Flags |= DL_FLAG_TIME;
+ }
+
+ if (ShellCommandLineGetFlag (CheckPackage, L"-k")) {
+ Context.Flags |= DL_FLAG_KEEP_BAD;
+ }
+
+ for (NicNumber = 0;
+ (NicNumber < HandleCount) && (Status != EFI_SUCCESS);
+ NicNumber++)
+ {
+ ControllerHandle = Handles[NicNumber];
+
+ Status = GetNicName (ControllerHandle, NicNumber, NicName);
+ if (EFI_ERROR (Status)) {
+ PRINT_HII (STRING_TOKEN (STR_HTTP_ERR_NIC_NAME), NicNumber, Status);
+ continue;
+ }
+
+ if (UserNicName != NULL) {
+ if (StrCmp (NicName, UserNicName) != 0) {
+ Status = EFI_NOT_FOUND;
+ continue;
+ }
+
+ NicFound = TRUE;
+ }
+
+ Status = DownloadFile (&Context, ControllerHandle, NicName);
+ PRINT_HII (STRING_TOKEN (STR_GEN_CRLF), NULL);
+
+ if (EFI_ERROR (Status)) {
+ PRINT_HII (
+ STRING_TOKEN (STR_HTTP_ERR_DOWNLOAD),
+ RemoteFilePath,
+ NicName,
+ Status
+ );
+ // If a user aborted the operation, do not try another controller.
+ if (Status == EFI_ABORTED) {
+ goto Error;
+ }
+ }
+
+ if (gHttpError) {
+ //
+ // This is not related to connection, so no need to repeat with
+ // another interface.
+ //
+ break;
+ }
+ }
+
+ if ((UserNicName != NULL) && (!NicFound)) {
+ PRINT_HII (STRING_TOKEN (STR_HTTP_ERR_NIC_NOT_FOUND), UserNicName);
+ }
+
+Error:
+ ShellCommandLineFreeVarList (CheckPackage);
+ SHELL_FREE_NON_NULL (Handles);
+ SHELL_FREE_NON_NULL (Context.ServerAddrAndProto);
+ SHELL_FREE_NON_NULL (Context.URI);
+
+ return Status & ~MAX_BIT;
+}
+
+/**
+ Check and convert the UINT16 option values of the 'http' command
+
+ @param[in] ValueStr Value as an Unicode encoded string
+ @param[out] Value UINT16 value
+
+ @return TRUE The value was returned.
+ @return FALSE A parsing error occured.
+**/
+STATIC
+BOOLEAN
+StringToUint16 (
+ IN CONST CHAR16 *ValueStr,
+ OUT UINT16 *Value
+ )
+{
+ UINTN Val;
+
+ Val = ShellStrToUintn (ValueStr);
+ if (Val > MAX_UINT16) {
+ PRINT_HII_APP (STRING_TOKEN (STR_GEN_PARAM_INV), ValueStr);
+ return FALSE;
+ }
+
+ *Value = (UINT16)Val;
+ return TRUE;
+}
+
+/**
+ Get the name of the NIC.
+
+ @param[in] ControllerHandle The network physical device handle.
+ @param[in] NicNumber The network physical device number.
+ @param[out] NicName Address where to store the NIC name.
+ The memory area has to be at least
+ IP4_CONFIG2_INTERFACE_INFO_NAME_LENGTH
+ double byte wide.
+
+ @return EFI_SUCCESS The name of the NIC was returned.
+ @return Others The creation of the child for the Managed
+ Network Service failed or the opening of
+ the Managed Network Protocol failed or
+ the operational parameters for the
+ Managed Network Protocol could not be
+ read.
+**/
+STATIC
+EFI_STATUS
+GetNicName (
+ IN EFI_HANDLE ControllerHandle,
+ IN UINTN NicNumber,
+ OUT CHAR16 *NicName
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE MnpHandle;
+ EFI_MANAGED_NETWORK_PROTOCOL *Mnp;
+ EFI_SIMPLE_NETWORK_MODE SnpMode;
+
+ Status = CreateServiceChildAndOpenProtocol (
+ ControllerHandle,
+ &gEfiManagedNetworkServiceBindingProtocolGuid,
+ &gEfiManagedNetworkProtocolGuid,
+ &MnpHandle,
+ (VOID**)&Mnp
+ );
+ if (EFI_ERROR (Status)) {
+ goto Error;
+ }
+
+ Status = Mnp->GetModeData (Mnp, NULL, &SnpMode);
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_STARTED)) {
+ goto Error;
+ }
+
+ UnicodeSPrint (
+ NicName,
+ IP4_CONFIG2_INTERFACE_INFO_NAME_LENGTH,
+ SnpMode.IfType == NET_IFTYPE_ETHERNET ? L"eth%d" : L"unk%d",
+ NicNumber
+ );
+
+ Status = EFI_SUCCESS;
+
+Error:
+
+ if (MnpHandle != NULL) {
+ CloseProtocolAndDestroyServiceChild (
+ ControllerHandle,
+ &gEfiManagedNetworkServiceBindingProtocolGuid,
+ &gEfiManagedNetworkProtocolGuid,
+ MnpHandle
+ );
+ }
+
+ return Status;
+}
+
+/**
+ Create a child for the service identified by its service binding protocol GUID
+ and get from the child the interface of the protocol identified by its GUID.
+
+ @param[in] ControllerHandle Controller handle.
+ @param[in] ServiceBindingProtocolGuid Service binding protocol GUID of the
+ service to be created.
+ @param[in] ProtocolGuid GUID of the protocol to be open.
+ @param[out] ChildHandle Address where the handler of the
+ created child is returned. NULL is
+ returned in case of error.
+ @param[out] Interface Address where a pointer to the
+ protocol interface is returned in
+ case of success.
+
+ @return EFI_SUCCESS The child was created and the protocol opened.
+ @return Others Either the creation of the child or the opening
+ of the protocol failed.
+**/
+STATIC
+EFI_STATUS
+CreateServiceChildAndOpenProtocol (
+ IN EFI_HANDLE ControllerHandle,
+ IN EFI_GUID *ServiceBindingProtocolGuid,
+ IN EFI_GUID *ProtocolGuid,
+ OUT EFI_HANDLE *ChildHandle,
+ OUT VOID **Interface
+ )
+{
+ EFI_STATUS Status;
+
+ *ChildHandle = NULL;
+ Status = NetLibCreateServiceChild (
+ ControllerHandle,
+ gImageHandle,
+ ServiceBindingProtocolGuid,
+ ChildHandle
+ );
+ if (!EFI_ERROR (Status)) {
+ Status = gBS->OpenProtocol (
+ *ChildHandle,
+ ProtocolGuid,
+ Interface,
+ gImageHandle,
+ ControllerHandle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ if (EFI_ERROR (Status)) {
+ NetLibDestroyServiceChild (
+ ControllerHandle,
+ gImageHandle,
+ ServiceBindingProtocolGuid,
+ *ChildHandle
+ );
+ *ChildHandle = NULL;
+ }
+ }
+
+ return Status;
+}
+
+/**
+ Close the protocol identified by its GUID on the child handle of the service
+ identified by its service binding protocol GUID, then destroy the child
+ handle.
+
+ @param[in] ControllerHandle Controller handle.
+ @param[in] ServiceBindingProtocolGuid Service binding protocol GUID of the
+ service to be destroyed.
+ @param[in] ProtocolGuid GUID of the protocol to be closed.
+ @param[in] ChildHandle Handle of the child to be destroyed.
+
+**/
+STATIC
+VOID
+CloseProtocolAndDestroyServiceChild (
+ IN EFI_HANDLE ControllerHandle,
+ IN EFI_GUID *ServiceBindingProtocolGuid,
+ IN EFI_GUID *ProtocolGuid,
+ IN EFI_HANDLE ChildHandle
+ )
+{
+ gBS->CloseProtocol (
+ ChildHandle,
+ ProtocolGuid,
+ gImageHandle,
+ ControllerHandle
+ );
+
+ NetLibDestroyServiceChild (
+ ControllerHandle,
+ gImageHandle,
+ ServiceBindingProtocolGuid,
+ ChildHandle
+ );
+}
+
+/**
+ Wait until operation completes. Completion is indicated by
+ setting of an appropriate variable.
+
+ @param[in] Context A pointer to the HTTP download context.
+ @param[in] CallBackComplete A pointer to the callback completion
+ variable set by the callback.
+
+ @return EFI_SUCCESS Callback signalled completion.
+ @return EFI_TIMEOUT Timed out waiting for completion.
+ @return Others Error waiting for completion.
+**/
+STATIC
+EFI_STATUS
+WaitForCompletion (
+ IN HTTP_DOWNLOAD_CONTEXT *Context,
+ IN OUT BOOLEAN *CallBackComplete
+ )
+{
+ EFI_STATUS Status;
+ EFI_EVENT WaitEvt;
+
+ Status = EFI_SUCCESS;
+
+ // Use a timer to measure timeout. Cannot use Stall here!
+ Status = gBS->CreateEvent (
+ EVT_TIMER,
+ TPL_CALLBACK,
+ NULL,
+ NULL,
+ &WaitEvt
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ if (!EFI_ERROR (Status)) {
+ Status = gBS->SetTimer (
+ WaitEvt,
+ TimerRelative,
+ EFI_TIMER_PERIOD_SECONDS (TIMER_MAX_TIMEOUT_S)
+ );
+
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ while (! *CallBackComplete
+ && (!EFI_ERROR (Status))
+ && EFI_ERROR (gBS->CheckEvent (WaitEvt)))
+ {
+ Status = Context->Http->Poll (Context->Http);
+ if (!Context->ContentDownloaded
+ && CallBackComplete == &gResponseCallbackComplete)
+ {
+ //
+ // An HTTP server may just send a response redirection header.
+ // In this case, don't wait for the event as
+ // it might never happen and we waste 10s waiting.
+ // Note that at this point Response may not has been populated,
+ // so it needs to be checked first.
+ //
+ if (Context->ResponseToken.Message
+ && Context->ResponseToken.Message->Data.Response
+ && (NEED_REDIRECTION (
+ Context->ResponseToken.Message->Data.Response->StatusCode
+ )
+ ))
+ {
+ break;
+ }
+ }
+ }
+
+ gBS->SetTimer (WaitEvt, TimerCancel, 0);
+ gBS->CloseEvent (WaitEvt);
+
+ if (*CallBackComplete) {
+ return EFI_SUCCESS;
+ }
+
+ if (!EFI_ERROR (Status)) {
+ Status = EFI_TIMEOUT;
+ }
+
+ return Status;
+}
+
+/**
+ Generate and send a request to the http server.
+
+ @param[in] Context HTTP download context.
+ @param[in] DownloadUrl Fully qualified URL to be downloaded.
+
+ @return EFI_SUCCESS Request has been sent successfully.
+ @return EFI_INVALID_PARAMETER Invalid URL.
+ @return EFI_OUT_OF_RESOURCES Out of memory.
+ @return EFI_DEVICE_ERROR If HTTPS is used, this probably
+ means that TLS support either was not
+ installed or not configured.
+ @return Others Error sending the request.
+**/
+
+STATIC
+EFI_STATUS
+SendRequest (
+ IN HTTP_DOWNLOAD_CONTEXT *Context,
+ IN CHAR16 *DownloadUrl
+ )
+{
+ EFI_HTTP_REQUEST_DATA RequestData;
+ EFI_HTTP_HEADER RequestHeader[HDR_MAX];
+ EFI_HTTP_MESSAGE RequestMessage;
+ EFI_STATUS Status;
+ CHAR16 *Host;
+ UINTN StringSize;
+
+ ZeroMem (&RequestData, sizeof (RequestData));
+ ZeroMem (&RequestHeader, sizeof (RequestHeader));
+ ZeroMem (&RequestMessage, sizeof (RequestMessage));
+ ZeroMem (&Context->RequestToken, sizeof (Context->RequestToken));
+
+ RequestHeader[HDR_HOST].FieldName = "Host";
+ RequestHeader[HDR_CONN].FieldName = "Connection";
+ RequestHeader[HDR_AGENT].FieldName = "User-Agent";
+
+ Host = (CHAR16 *)Context->ServerAddrAndProto;
+ while (*Host != CHAR_NULL && *Host != L'/') {
+ Host++;
+ }
+
+ if (*Host == CHAR_NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Get the next slash
+ //
+ Host++;
+ //
+ // And now the host name
+ //
+ Host++;
+
+ StringSize = StrLen (Host) + 1;
+ RequestHeader[HDR_HOST].FieldValue = AllocatePool (StringSize);
+ if (!RequestHeader[HDR_HOST].FieldValue) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ UnicodeStrToAsciiStrS (
+ Host,
+ RequestHeader[HDR_HOST].FieldValue,
+ StringSize
+ );
+
+ RequestHeader[HDR_CONN].FieldValue = "close";
+ RequestHeader[HDR_AGENT].FieldValue = USER_AGENT_HDR;
+ RequestMessage.HeaderCount = HDR_MAX;
+
+ RequestData.Method = HttpMethodGet;
+ RequestData.Url = DownloadUrl;
+
+ RequestMessage.Data.Request = &RequestData;
+ RequestMessage.Headers = RequestHeader;
+ RequestMessage.BodyLength = 0;
+ RequestMessage.Body = NULL;
+ Context->RequestToken.Event = NULL;
+
+ //
+ // Completion callback event to be set when Request completes.
+ //
+ Status = gBS->CreateEvent (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ RequestCallback,
+ Context,
+ &Context->RequestToken.Event
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ Context->RequestToken.Status = EFI_SUCCESS;
+ Context->RequestToken.Message = &RequestMessage;
+ gRequestCallbackComplete = FALSE;
+ Status = Context->Http->Request (Context->Http, &Context->RequestToken);
+ if (EFI_ERROR (Status)) {
+ goto Error;
+ }
+
+ Status = WaitForCompletion (Context, &gRequestCallbackComplete);
+ if (EFI_ERROR (Status)) {
+ Context->Http->Cancel (Context->Http, &Context->RequestToken);
+ }
+
+Error:
+ SHELL_FREE_NON_NULL (RequestHeader[HDR_HOST].FieldValue);
+ if (Context->RequestToken.Event) {
+ gBS->CloseEvent (Context->RequestToken.Event);
+ ZeroMem (&Context->RequestToken, sizeof (Context->RequestToken));
+ }
+
+ return Status;
+}
+
+/**
+ Update the progress of a file download
+ This procedure is called each time a new HTTP body portion is received.
+
+ @param[in] Context HTTP download context.
+ @param[in] DownloadLen Portion size, in bytes.
+ @param[in] Buffer The pointer to the parsed buffer.
+
+ @retval EFI_SUCCESS Portion saved.
+ @retval Other Error saving the portion.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+SavePortion (
+ IN HTTP_DOWNLOAD_CONTEXT *Context,
+ IN UINTN DownloadLen,
+ IN CHAR8 *Buffer
+ )
+{
+ CHAR16 Progress[HTTP_PROGRESS_MESSAGE_SIZE];
+ UINTN NbOfKb;
+ UINTN Index;
+ UINTN LastStep;
+ UINTN Step;
+ EFI_STATUS Status;
+
+ LastStep = 0;
+ Step = 0;
+
+ ShellSetFilePosition (mFileHandle, Context->LastReportedNbOfBytes);
+ Status = ShellWriteFile (mFileHandle, &DownloadLen, Buffer);
+ if (EFI_ERROR (Status)) {
+ if (Context->ContentDownloaded > 0) {
+ PRINT_HII (STRING_TOKEN (STR_GEN_CRLF), NULL);
+ }
+
+ PRINT_HII (STRING_TOKEN (STR_HTTP_ERR_WRITE), mLocalFilePath, Status);
+ return Status;
+ }
+
+ if (Context->ContentDownloaded == 0) {
+ ShellPrintEx (-1, -1, L"%s 0 Kb", HTTP_PROGR_FRAME);
+ }
+
+ Context->ContentDownloaded += DownloadLen;
+ NbOfKb = Context->ContentDownloaded >> 10;
+
+ Progress[0] = L'\0';
+ if (Context->ContentLength) {
+ LastStep = (Context->LastReportedNbOfBytes * HTTP_PROGRESS_SLIDER_STEPS) /
+ Context->ContentLength;
+ Step = (Context->ContentDownloaded * HTTP_PROGRESS_SLIDER_STEPS) /
+ Context->ContentLength;
+ }
+
+ Context->LastReportedNbOfBytes = Context->ContentDownloaded;
+
+ if (Step <= LastStep) {
+ if (!Context->ContentLength) {
+ //
+ // Update downloaded size, there is no length info available.
+ //
+ ShellPrintEx (-1, -1, L"%s", HTTP_KB);
+ ShellPrintEx (-1, -1, L"%7d Kb", NbOfKb);
+ }
+
+ return EFI_SUCCESS;
+ }
+
+ ShellPrintEx (-1, -1, L"%s", HTTP_PROGRESS_DEL);
+
+ Status = StrCpyS (Progress, HTTP_PROGRESS_MESSAGE_SIZE, HTTP_PROGR_FRAME);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ for (Index = 1; Index < Step; Index++) {
+ Progress[Index] = L'=';
+ }
+
+ if (Step) {
+ Progress[Step] = L'>';
+ }
+
+ UnicodeSPrint (
+ Progress + (sizeof (HTTP_PROGR_FRAME) / sizeof (CHAR16)) - 1,
+ sizeof (Progress) - sizeof (HTTP_PROGR_FRAME),
+ L" %7d Kb",
+ NbOfKb
+ );
+
+
+ ShellPrintEx (-1, -1, L"%s", Progress);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Replace the original Host and URI with Host and URI returned by the
+ HTTP server in 'Location' header (redirection).
+
+ @param[in] Location A pointer to the 'Location' string
+ provided by HTTP server.
+ @param[in] Context A pointer to HTTP download context.
+ @param[in] DownloadUrl Fully qualified HTTP URL.
+
+ @return EFI_SUCCESS Host and URI were successfully set.
+ @return EFI_OUT_OF_RESOURCES Error setting Host or URI.
+**/
+
+STATIC
+EFI_STATUS
+SetHostURI (
+ IN CHAR8 *Location,
+ IN HTTP_DOWNLOAD_CONTEXT *Context,
+ IN CHAR16 *DownloadUrl
+ )
+{
+ EFI_STATUS Status;
+ UINTN StringSize;
+ UINTN FirstStep;
+ UINTN Idx;
+ UINTN Step;
+ CHAR8 *Walker;
+ CHAR16 *Temp;
+ CHAR8 *Tmp;
+ CHAR16 *Url;
+ BOOLEAN IsAbEmptyUrl;
+
+ Tmp = NULL;
+ Url = NULL;
+ IsAbEmptyUrl = FALSE;
+ FirstStep = 0;
+
+ StringSize = (AsciiStrSize (Location) * sizeof (CHAR16));
+ Url = AllocateZeroPool (StringSize);
+ if (!Url) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Status = AsciiStrToUnicodeStrS (
+ (CONST CHAR8 *)Location,
+ Url,
+ StringSize
+ );
+
+ if (EFI_ERROR (Status)) {
+ goto Error;
+ }
+
+ //
+ // If an HTTP server redirects to the same location more than once,
+ // then stop attempts and tell it is not reachable.
+ //
+ if (!StrCmp (Url, DownloadUrl)) {
+ Status = EFI_NO_MAPPING;
+ goto Error;
+ }
+
+ if (AsciiStrLen (Location) > 2) {
+ // Some servers return 'Location: //server/resource'
+ IsAbEmptyUrl = (Location[0] == '/') && (Location[1] == '/');
+ if (IsAbEmptyUrl) {
+ // Skip first "//"
+ Location += 2;
+ FirstStep = 1;
+ }
+ }
+
+ if (AsciiStrStr (Location, "://") || IsAbEmptyUrl) {
+ Idx = 0;
+ Walker = Location;
+
+ for (Step = FirstStep; Step < 2; Step++) {
+ for (; *Walker != '/' && *Walker != '\0'; Walker++) {
+ Idx++;
+ }
+
+ if (!Step) {
+ //
+ // Skip "//"
+ //
+ Idx += 2;
+ Walker += 2;
+ }
+ }
+
+ Tmp = AllocateZeroPool (Idx + 1);
+ if (!Tmp) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ CopyMem (Tmp, Location, Idx);
+
+ //
+ // Location now points to URI
+ //
+ Location += Idx;
+ StringSize = (Idx + 1) * sizeof (CHAR16);
+
+ SHELL_FREE_NON_NULL (Context->ServerAddrAndProto);
+
+ Temp = AllocateZeroPool (StringSize);
+ if (!Temp) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ Status = AsciiStrToUnicodeStrS (
+ (CONST CHAR8 *)Tmp,
+ Temp,
+ StringSize
+ );
+ if (EFI_ERROR (Status)) {
+ SHELL_FREE_NON_NULL (Temp);
+ goto Error;
+ }
+
+ Idx = 0;
+ if (IsAbEmptyUrl) {
+ Context->ServerAddrAndProto = StrnCatGrow (
+ &Context->ServerAddrAndProto,
+ &Idx,
+ L"http://",
+ StrLen (L"http://")
+ );
+ }
+
+ Context->ServerAddrAndProto = StrnCatGrow (
+ &Context->ServerAddrAndProto,
+ &Idx,
+ Temp,
+ StrLen (Temp)
+ );
+ SHELL_FREE_NON_NULL (Temp);
+ if (!Context->ServerAddrAndProto) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+ }
+
+ SHELL_FREE_NON_NULL (Context->URI);
+
+ StringSize = AsciiStrSize (Location) * sizeof (CHAR16);
+ Context->URI = AllocateZeroPool (StringSize);
+ if (!Context->URI) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ //
+ // Now make changes to the URI part.
+ //
+ Status = AsciiStrToUnicodeStrS (
+ (CONST CHAR8 *)Location,
+ Context->URI,
+ StringSize
+ );
+Error:
+ SHELL_FREE_NON_NULL (Tmp);
+ SHELL_FREE_NON_NULL (Url);
+
+ return Status;
+}
+
+/**
+ Message parser callback.
+ Save a portion of HTTP body.
+
+ @param[in] EventType Type of event. Can be either
+ OnComplete or OnData.
+ @param[in] Data A pointer to the buffer with data.
+ @param[in] Length Data length of this portion.
+ @param[in] Context A pointer to the HTTP download context.
+
+ @return EFI_SUCCESS The portion was processed successfully.
+ @return Other Error returned by SavePortion.
+**/
+
+STATIC
+EFI_STATUS
+EFIAPI
+ParseMsg (
+ IN HTTP_BODY_PARSE_EVENT EventType,
+ IN CHAR8 *Data,
+ IN UINTN Length,
+ IN VOID *Context
+ )
+{
+ if (!Data || (EventType == BodyParseEventOnComplete) || !Context) {
+ return EFI_SUCCESS;
+ }
+
+ return SavePortion (Context, Length, Data);
+}
+
+
+/**
+ Get HTTP server response and collect the whole body as a file.
+ Set appropriate status in Context (REQ_OK, REQ_REPEAT, REQ_ERROR).
+ Note that even if HTTP server returns an error code, it might send
+ the body as well. This body will be collected in the resultant file.
+
+ @param[in] Context A pointer to the HTTP download context.
+ @param[in] DownloadedUrl A pointer to the fully qualified URL to download.
+
+ @return EFI_SUCCESS Valid file. Body successfully collected.
+ @return EFI_HTTP_ERROR Response is a valid HTTP response, but the
+ HTTP server
+ indicated an error (HTTP code >= 400).
+ Response body MAY contain full
+ HTTP server response.
+ @return Others Error getting the reponse from the HTTP server.
+ Response body is not collected.
+**/
+STATIC
+EFI_STATUS
+GetResponse (
+ IN HTTP_DOWNLOAD_CONTEXT *Context,
+ IN CHAR16 *DownloadUrl
+ )
+{
+ EFI_HTTP_RESPONSE_DATA ResponseData;
+ EFI_HTTP_MESSAGE ResponseMessage;
+ EFI_HTTP_HEADER *Header;
+ EFI_STATUS Status;
+ VOID *MsgParser;
+ EFI_TIME StartTime;
+ EFI_TIME EndTime;
+ CONST CHAR16 *Desc;
+ UINTN ElapsedSeconds;
+ BOOLEAN IsTrunked;
+ BOOLEAN CanMeasureTime;
+
+ ZeroMem (&ResponseData, sizeof (ResponseData));
+ ZeroMem (&ResponseMessage, sizeof (ResponseMessage));
+ ZeroMem (&Context->ResponseToken, sizeof (Context->ResponseToken));
+ IsTrunked = FALSE;
+
+ ResponseMessage.Body = Context->Buffer;
+ Context->ResponseToken.Status = EFI_SUCCESS;
+ Context->ResponseToken.Message = &ResponseMessage;
+ Context->ContentLength = 0;
+ Context->Status = REQ_OK;
+ MsgParser = NULL;
+ ResponseData.StatusCode = HTTP_STATUS_UNSUPPORTED_STATUS;
+ ResponseMessage.Data.Response = &ResponseData;
+ Context->ResponseToken.Event = NULL;
+ CanMeasureTime = FALSE;
+ if (Context->Flags & DL_FLAG_TIME) {
+ ZeroMem (&StartTime, sizeof (StartTime));
+ CanMeasureTime = !EFI_ERROR (gRT->GetTime (&StartTime, NULL));
+ }
+
+ do {
+ SHELL_FREE_NON_NULL (ResponseMessage.Headers);
+ ResponseMessage.HeaderCount = 0;
+ gResponseCallbackComplete = FALSE;
+ ResponseMessage.BodyLength = Context->BufferSize;
+
+ if (ShellGetExecutionBreakFlag ()) {
+ Status = EFI_ABORTED;
+ break;
+ }
+
+ if (!Context->ContentDownloaded && !Context->ResponseToken.Event) {
+ Status = gBS->CreateEvent (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ ResponseCallback,
+ Context,
+ &Context->ResponseToken.Event
+ );
+ ASSERT_EFI_ERROR (Status);
+ } else {
+ ResponseMessage.Data.Response = NULL;
+ }
+
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
+ Status = Context->Http->Response (Context->Http, &Context->ResponseToken);
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
+ Status = WaitForCompletion (Context, &gResponseCallbackComplete);
+ if (EFI_ERROR (Status) && ResponseMessage.HeaderCount) {
+ Status = EFI_SUCCESS;
+ }
+
+ if (EFI_ERROR (Status)) {
+ Context->Http->Cancel (Context->Http, &Context->ResponseToken);
+ break;
+ }
+
+ if (!Context->ContentDownloaded) {
+ if (NEED_REDIRECTION (ResponseData.StatusCode)) {
+ //
+ // Need to repeat the request with new Location (server redirected).
+ //
+ Context->Status = REQ_NEED_REPEAT;
+
+ Header = HttpFindHeader (
+ ResponseMessage.HeaderCount,
+ ResponseMessage.Headers,
+ "Location"
+ );
+ if (Header) {
+ Status = SetHostURI (Header->FieldValue, Context, DownloadUrl);
+ if (Status == EFI_NO_MAPPING) {
+ PRINT_HII (
+ STRING_TOKEN (STR_HTTP_ERR_STATUSCODE),
+ Context->ServerAddrAndProto,
+ L"Recursive HTTP server relocation",
+ Context->URI
+ );
+ }
+ } else {
+ //
+ // Bad reply from the server. Server must specify the location.
+ // Indicate that resource was not found, and no body collected.
+ //
+ Status = EFI_NOT_FOUND;
+ }
+
+ Context->Http->Cancel (Context->Http, &Context->ResponseToken);
+ break;
+ }
+
+ //
+ // Init message-body parser by header information.
+ //
+ if (!MsgParser) {
+ Status = HttpInitMsgParser (
+ ResponseMessage.Data.Request->Method,
+ ResponseData.StatusCode,
+ ResponseMessage.HeaderCount,
+ ResponseMessage.Headers,
+ ParseMsg,
+ Context,
+ &MsgParser
+ );
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+ }
+
+ //
+ // If it is a trunked message, rely on the parser.
+ //
+ Header = HttpFindHeader (
+ ResponseMessage.HeaderCount,
+ ResponseMessage.Headers,
+ "Transfer-Encoding"
+ );
+ IsTrunked = (Header && !AsciiStrCmp (Header->FieldValue, "chunked"));
+
+ HttpGetEntityLength (MsgParser, &Context->ContentLength);
+
+ if (ResponseData.StatusCode >= HTTP_STATUS_400_BAD_REQUEST
+ && (ResponseData.StatusCode != HTTP_STATUS_308_PERMANENT_REDIRECT))
+ {
+ //
+ // Server reported an error via Response code.
+ // Collect the body if any.
+ //
+ if (!gHttpError) {
+ gHttpError = TRUE;
+
+ Desc = ErrStatusDesc[ResponseData.StatusCode -
+ HTTP_STATUS_400_BAD_REQUEST];
+ PRINT_HII (
+ STRING_TOKEN (STR_HTTP_ERR_STATUSCODE),
+ Context->ServerAddrAndProto,
+ Desc,
+ Context->URI
+ );
+
+ //
+ // This gives an RFC HTTP error.
+ //
+ Context->Status = ShellStrToUintn (Desc);
+ Status = ENCODE_ERROR (Context->Status);
+ }
+ }
+ }
+
+ // Do NOT try to parse an empty body.
+ if (ResponseMessage.BodyLength || IsTrunked) {
+ Status = HttpParseMessageBody (
+ MsgParser,
+ ResponseMessage.BodyLength,
+ ResponseMessage.Body
+ );
+ }
+ } while (!HttpIsMessageComplete (MsgParser)
+ && !EFI_ERROR (Status)
+ && ResponseMessage.BodyLength);
+
+ if (Context->Status != REQ_NEED_REPEAT
+ && Status == EFI_SUCCESS
+ && CanMeasureTime)
+ {
+ if (!EFI_ERROR (gRT->GetTime (&EndTime, NULL))) {
+ ElapsedSeconds = EfiTimeToEpoch (&EndTime) - EfiTimeToEpoch (&StartTime);
+ Print (
+ L",%a%Lus\n",
+ ElapsedSeconds ? " " : " < ",
+ ElapsedSeconds > 1 ? (UINT64)ElapsedSeconds : 1
+ );
+ }
+ }
+
+ SHELL_FREE_NON_NULL (MsgParser);
+ if (Context->ResponseToken.Event) {
+ gBS->CloseEvent (Context->ResponseToken.Event);
+ ZeroMem (&Context->ResponseToken, sizeof (Context->ResponseToken));
+ }
+
+ return Status;
+}
+
+/**
+ Worker function that downloads the data of a file from an HTTP server given
+ the path of the file and its size.
+
+ @param[in] Context A pointer to the HTTP download context.
+ @param[in] Controllerhandle The handle of the network interface controller
+ @param[in] NicName NIC name
+
+ @retval EFI_SUCCESS The file was downloaded.
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
+ #retval EFI_HTTP_ERROR The server returned a valid HTTP error.
+ Examine the mLocalFilePath file
+ to get error body.
+ @retval Others The downloading of the file from the server
+ failed.
+
+**/
+STATIC
+EFI_STATUS
+DownloadFile (
+ IN HTTP_DOWNLOAD_CONTEXT *Context,
+ IN EFI_HANDLE ControllerHandle,
+ IN CHAR16 *NicName
+ )
+{
+ EFI_STATUS Status;
+ CHAR16 *DownloadUrl;
+ UINTN UrlSize;
+ EFI_HANDLE HttpChildHandle;
+
+ ASSERT (Context);
+ if (!Context) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ DownloadUrl = NULL;
+ HttpChildHandle = NULL;
+
+ Context->Buffer = AllocatePool (Context->BufferSize);
+ if (!Context->Buffer) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // OPEN FILE
+ //
+ if (!EFI_ERROR (ShellFileExists (mLocalFilePath))) {
+ ShellDeleteFileByName (mLocalFilePath);
+ }
+
+ Status = ShellOpenFileByName (
+ mLocalFilePath,
+ &mFileHandle,
+ EFI_FILE_MODE_CREATE |
+ EFI_FILE_MODE_WRITE |
+ EFI_FILE_MODE_READ,
+ 0
+ );
+ if (EFI_ERROR (Status)) {
+ PRINT_HII_APP (STRING_TOKEN (STR_GEN_FILE_OPEN_FAIL), mLocalFilePath);
+ goto ON_EXIT;
+ }
+
+ do {
+ SHELL_FREE_NON_NULL (DownloadUrl);
+
+ CLOSE_HTTP_HANDLE (ControllerHandle, HttpChildHandle);
+
+ Status = CreateServiceChildAndOpenProtocol (
+ ControllerHandle,
+ &gEfiHttpServiceBindingProtocolGuid,
+ &gEfiHttpProtocolGuid,
+ &HttpChildHandle,
+ (VOID**)&Context->Http
+ );
+
+ if (EFI_ERROR (Status)) {
+ PRINT_HII (STRING_TOKEN (STR_HTTP_ERR_OPEN_PROTOCOL), NicName, Status);
+ goto ON_EXIT;
+ }
+
+ Status = Context->Http->Configure (Context->Http, &Context->HttpConfigData);
+ if (EFI_ERROR (Status)) {
+ PRINT_HII (STRING_TOKEN (STR_HTTP_ERR_CONFIGURE), NicName, Status);
+ goto ON_EXIT;
+ }
+
+ UrlSize = 0;
+ DownloadUrl = StrnCatGrow (
+ &DownloadUrl,
+ &UrlSize,
+ Context->ServerAddrAndProto,
+ StrLen (Context->ServerAddrAndProto)
+ );
+ if (Context->URI[0] != L'/') {
+ DownloadUrl = StrnCatGrow (
+ &DownloadUrl,
+ &UrlSize,
+ L"/",
+ StrLen (Context->ServerAddrAndProto)
+ );
+ }
+
+ DownloadUrl = StrnCatGrow (
+ &DownloadUrl,
+ &UrlSize,
+ Context->URI,
+ StrLen (Context->URI));
+
+ PRINT_HII (STRING_TOKEN (STR_HTTP_DOWNLOADING), DownloadUrl);
+
+ Status = SendRequest (Context, DownloadUrl);
+ if (Status) {
+ goto ON_EXIT;
+ }
+
+ Status = GetResponse (Context, DownloadUrl);
+
+ if (Status) {
+ goto ON_EXIT;
+ }
+
+ } while (Context->Status == REQ_NEED_REPEAT);
+
+ if (Context->Status) {
+ Status = ENCODE_ERROR (Context->Status);
+ }
+
+ON_EXIT:
+ //
+ // CLOSE FILE
+ //
+ if (mFileHandle) {
+ if (EFI_ERROR (Status) && !(Context->Flags & DL_FLAG_KEEP_BAD)) {
+ ShellDeleteFile (&mFileHandle);
+ } else {
+ ShellCloseFile (&mFileHandle);
+ }
+ }
+
+ SHELL_FREE_NON_NULL (DownloadUrl);
+ SHELL_FREE_NON_NULL (Context->Buffer);
+
+ CLOSE_HTTP_HANDLE (ControllerHandle, HttpChildHandle);
+
+ return Status;
+}
+
+/**
+ Retrive HII package list from ImageHandle and publish to HII database.
+
+ @param ImageHandle The image handle of the process.
+
+ @return HII handle.
+**/
+EFI_HII_HANDLE
+InitializeHiiPackage (
+ EFI_HANDLE ImageHandle
+ )
+{
+ EFI_STATUS Status;
+ EFI_HII_PACKAGE_LIST_HEADER *PackageList;
+ EFI_HII_HANDLE HiiHandle;
+
+ //
+ // Retrieve HII package list from ImageHandle
+ //
+ Status = gBS->OpenProtocol (
+ ImageHandle,
+ &gEfiHiiPackageListProtocolGuid,
+ (VOID **)&PackageList,
+ ImageHandle,
+ NULL,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return NULL;
+ }
+
+ //
+ // Publish HII package list to HII Database.
+ //
+ Status = gHiiDatabase->NewPackageList (
+ gHiiDatabase,
+ PackageList,
+ NULL,
+ &HiiHandle
+ );
+ ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return NULL;
+ }
+
+ return HiiHandle;
+}
diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.c b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.c
new file mode 100644
index 000000000000..a7d2c27191a2
--- /dev/null
+++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.c
@@ -0,0 +1,61 @@
+/** @file
+ Entrypoint of "http" shell standalone application.
+
+ Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. <BR>
+ Copyright (c) 2015, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2020, Broadcom. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include "Http.h"
+
+/*
+ * String token ID of help message text.
+ * Shell supports to find help message in the resource section of an
+ * application image if * .MAN file is not found.
+ * This global variable is added to make build tool recognizes
+ * that the help string is consumed by user and then build tool will
+ * add the string into the resource section.
+ * Thus the application can use '-?' option to show help message in Shell.
+ */
+GLOBAL_REMOVE_IF_UNREFERENCED
+EFI_STRING_ID mStringHelpTokenId = STRING_TOKEN (STR_GET_HELP_HTTP);
+
+/**
+ Entry point of Http standalone application.
+
+ @param ImageHandle The image handle of the process.
+ @param SystemTable The EFI System Table pointer.
+
+ @retval EFI_SUCCESS Http command is executed sucessfully.
+ @retval EFI_ABORTED HII package was failed to initialize.
+ @retval others Other errors when executing http command.
+**/
+EFI_STATUS
+EFIAPI
+HttpAppInitialize (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ SHELL_STATUS ShellStatus;
+
+ mHttpHiiHandle = InitializeHiiPackage (ImageHandle);
+ if (mHttpHiiHandle == NULL) {
+ return EFI_ABORTED;
+ }
+
+ Status = EFI_SUCCESS;
+
+ ShellStatus = RunHttp (ImageHandle, SystemTable);
+
+ HiiRemovePackages (mHttpHiiHandle);
+
+ if (Status != SHELL_SUCCESS) {
+ Status = ENCODE_ERROR (ShellStatus);
+ }
+
+ return Status;
+}
diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.c b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.c
new file mode 100644
index 000000000000..7f59cc74d2a7
--- /dev/null
+++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.c
@@ -0,0 +1,137 @@
+/** @file
+ Produce "http" shell dynamic command.
+
+ Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. <BR>
+ Copyright (c) 2015, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2020, Broadcom. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include <Protocol/ShellDynamicCommand.h>
+#include "Http.h"
+
+/**
+ This is the shell command handler function pointer callback type. This
+ function handles the command when it is invoked in the shell.
+
+ @param[in] This The instance of the
+ EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL.
+ @param[in] SystemTable The pointer to the system table.
+ @param[in] ShellParameters The parameters associated with the command.
+ @param[in] Shell The instance of the shell protocol used in
+ the context of processing this command.
+
+ @return EFI_SUCCESS the operation was sucessful
+ @return other the operation failed.
+**/
+SHELL_STATUS
+EFIAPI
+HttpCommandHandler (
+ IN EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL *This,
+ IN EFI_SYSTEM_TABLE *SystemTable,
+ IN EFI_SHELL_PARAMETERS_PROTOCOL *ShellParameters,
+ IN EFI_SHELL_PROTOCOL *Shell
+ )
+{
+ gEfiShellParametersProtocol = ShellParameters;
+ gEfiShellProtocol = Shell;
+
+ return RunHttp (gImageHandle, SystemTable);
+}
+
+/**
+ This is the command help handler function pointer callback type. This
+ function is responsible for displaying help information for the associated
+ command.
+
+ @param[in] This The instance of the EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL.
+ @param[in] Language The pointer to the language string to use.
+
+ @return string Pool allocated help string, must be freed by caller
+**/
+CHAR16 *
+EFIAPI
+HttpCommandGetHelp (
+ IN EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL *This,
+ IN CONST CHAR8 *Language
+ )
+{
+ return HiiGetString (
+ mHttpHiiHandle,
+ STRING_TOKEN (STR_GET_HELP_HTTP),
+ Language
+ );
+}
+
+EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL mHttpDynamicCommand = {
+ HTTP_APP_NAME,
+ HttpCommandHandler,
+ HttpCommandGetHelp
+};
+
+/**
+ Entry point of Http Dynamic Command.
+
+ Produce the DynamicCommand protocol to handle "http" command.
+
+ @param ImageHandle The image handle of the process.
+ @param SystemTable The EFI System Table pointer.
+
+ @retval EFI_SUCCESS Http command is executed sucessfully.
+ @retval EFI_ABORTED HII package was failed to initialize.
+ @retval others Other errors when executing http command.
+**/
+EFI_STATUS
+EFIAPI
+HttpCommandInitialize (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ mHttpHiiHandle = InitializeHiiPackage (ImageHandle);
+ if (mHttpHiiHandle == NULL) {
+ return EFI_ABORTED;
+ }
+
+ Status = gBS->InstallProtocolInterface (
+ &ImageHandle,
+ &gEfiShellDynamicCommandProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &mHttpDynamicCommand
+ );
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+}
+
+/**
+ Http driver unload handler.
+
+ @param ImageHandle The image handle of the process.
+
+ @retval EFI_SUCCESS The image is unloaded.
+ @retval Others Failed to unload the image.
+**/
+EFI_STATUS
+EFIAPI
+HttpUnload (
+ IN EFI_HANDLE ImageHandle
+)
+{
+ EFI_STATUS Status;
+
+ Status = gBS->UninstallProtocolInterface (
+ ImageHandle,
+ &gEfiShellDynamicCommandProtocolGuid,
+ &mHttpDynamicCommand
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ HiiRemovePackages (mHttpHiiHandle);
+
+ return EFI_SUCCESS;
+}
diff --git a/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.uni b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.uni
new file mode 100644
index 000000000000..00cf05deeb5c
--- /dev/null
+++ b/ShellPkg/DynamicCommand/HttpDynamicCommand/Http.uni
@@ -0,0 +1,117 @@
+// /**
+//
+// (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR>
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. <BR>
+// Copyright (c) 2020, Broadcom. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// Module Name:
+//
+// Http.uni
+//
+// Abstract:
+//
+// String definitions for UEFI Shell HTTP command
+//
+//
+// **/
+
+/=#
+
+#langdef en-US "english"
+
+#string STR_GEN_TOO_MANY #language en-US "%H%s%N: Too many arguments. Try help http.\r\n"
+#string STR_GEN_TOO_FEW #language en-US "%H%s%N: Too few arguments. Try help http.\r\n"
+#string STR_GEN_PARAM_INV #language en-US "%H%s%N: Invalid argument - '%H%s%N'. Try help http.\r\n"
+#string STR_GEN_PROBLEM #language en-US "%H%s%N: Unknown flag - '%H%s%N'. Try help http.\r\n"
+#string STR_GEN_FILE_OPEN_FAIL #language en-US "%H%s%N: Cannot open file - '%H%s%N'\r\n"
+#string STR_GEN_CRLF #language en-US "\r\n"
+
+#string STR_HTTP_ERR_NO_NIC #language en-US "No network interface card found.\r\n"
+#string STR_HTTP_ERR_NIC_NAME #language en-US "Failed to get the name of the network interface card number %d - %r\r\n"
+#string STR_HTTP_ERR_OPEN_PROTOCOL #language en-US "Unable to open HTTP protocol on '%H%s%N' - %r\r\n"
+#string STR_HTTP_ERR_CONFIGURE #language en-US "Unable to configure HTTP protocol on '%H%s%N' - %r\r\n"
+#string STR_HTTP_ERR_DOWNLOAD #language en-US "Unable to download the file '%H%s%N' on '%H%s%N' - %r\r\n"
+#string STR_HTTP_ERR_WRITE #language en-US "Unable to write into file '%H%s%N' - %r\r\n"
+#string STR_HTTP_ERR_NIC_NOT_FOUND #language en-US "Network Interface Card '%H%s%N' not found.\r\n"
+#string STR_HTTP_ERR_STATUSCODE #language en-US "\r'%H%s%N' reports '%s' for '%H%s%N' \r\n"
+#string STR_HTTP_DOWNLOADING #language en-US "Downloading '%H%s%N'\r\n"
+
+#string STR_GET_HELP_HTTP #language en-US ""
+".TH http 0 "Download a file from HTTP server."\r\n"
+".SH NAME\r\n"
+"Download a file from HTTP server.\r\n"
+".SH SYNOPSIS\r\n"
+" \r\n"
+"HTTP [-i interface] [-l port] [-t timeout] [-s size] [-m] [-k]\r\n"
+" <URL> [localfilepath]\r\n"
+".SH OPTIONS\r\n"
+" \r\n"
+" -i interface - Specifies an adapter name, i.e., eth0.\r\n"
+" -k Keep the downloaded file even if there was an error.\r\n"
+" If this parameter is not used, the file will be deleted.\r\n"
+" -l port - Specifies the local port number. Default value is 0\r\n"
+" and the port number is automatically assigned.\r\n"
+" -m Measure and report download time (in seconds). \r\n"
+" -s size The size of the download buffer for a chunk, in bytes.\r\n"
+" Default is 32K. Note that larger buffer does not imply\r\n"
+" better speed.\r\n"
+" -t timeout - The number of seconds to wait for completion of\r\n"
+" requests and responses. Default is 0 which is 'automatic'.\r\n"
+" %HURL%N\r\n"
+" Two types of providing of URLs are supported:\r\n"
+" 1. tftp-like, where host and http_uri are separate parameters\r\n"
+" (example: host /host_uri), and\r\n\"
+" 2. wget-like, where host and host_uri is one parameter.\r\n"
+" (example: host/host_uri)\r\n"
+"\r\n"
+" host - Specifies HTTP Server address.\r\n
+ Can be either IPv4 address or 'http (or https)://addr'\r\n
+ Can use addresses resolvable by DNS as well. \r\n
+ Port can be specified after ':' if needed. \r\n
+ By default port 80 is used.\r\n"
+" http_uri - HTTP server URI to download the file.\r\n"
+"\r\n"
+" localfilepath - Local destination file path.\r\n"
+".SH DESCRIPTION\r\n"
+" \r\n"
+"NOTES:\r\n"
+" 1. The HTTP command allows geting of the file specified by its 'http_uri'\r\n"
+" path from the HTTP server specified by its 'host' IPv4 address. If the\r\n"
+" optional 'localfilepath' parameter is provided, the downloaded file is\r\n"
+" stored locally using the provided file path. If the local file path is\r\n"
+" not specified, the file is stored in the current directory using the file\r\n"
+" server's name.\r\n"
+" 2. Before using the HTTP command, the network interface intended to be\r\n"
+" used to retrieve the file must be configured. This configuration may be\r\n"
+" done by means of the 'ifconfig' command.\r\n"
+" 3. If a network interface is defined with the '-i' option then only this\r\n"
+" interface will be used to retrieve the remote file. Otherwise, all network\r\n"
+" interfaces are tried in the order they have been discovered during the\r\n"
+" DXE phase.\r\n"
+".SH EXAMPLES\r\n"
+" \r\n"
+"EXAMPLES:\r\n"
+" * To get the file "dir1/file1.dat" from the HTTP server 192.168.1.1, port 8080, and\r\n"
+" store it as file2.dat in the current directory (use tftp-like URL format) :\r\n"
+" fs0:\> http 192.168.1.1:8080 dir1/file1.dat file2.dat\r\n"
+" * To get the file /image.bin via HTTPS from server 192.168.1.1 at port 443 \r\n"
+" (default HTTPS port), and store it in the current directory: \r\n"
+" fs0:\> http https://192.168.1.1 image.bin\r\n"
+" To get an index file from http://google.com and place it into the \r\n"
+" current directory:\r\n"
+" fs0:\> http google.com index.html\r\n"
+".SH RETURNVALUES\r\n"
+" \r\n"
+"RETURN VALUES:\r\n"
+" SHELL_SUCCESS The action was completed as requested.\r\n"
+" SHELL_INVALID_PARAMETER One of the passed-in parameters was incorrectly\r\n"
+" formatted or its value was out of bounds.\r\n"
+" HTTP_ERROR No EFI errors, but the server reported a status code\r\n"
+" which should be treated as an error. If an error body sent\r\n"
+" by the server, and -k parameter is on command line,
+" the file wil be saved either as localfilepath filename,\r\n"
+" or as an URI name in the current directory.\r\n"
+" If '/' is at the end of the URL, and no locafilepath filename\r\n"
+" is given on the command line, the file will be retrieved as\r\n"
+" index.html.\r\n"
--
2.28.0.394.ge197136389


[PATCH v12 0/1] ShellPkg/DynamicCommand: add HttpDynamicCommand

Vladimir Olovyannikov
 

Signed-off-by: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Nd <nd@arm.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>

This patchset introduces an http client utilizing EDK2 HTTP protocol, to
allow fast image downloading from http/https servers.
HTTP download speed is usually faster than tftp.
The client is based on the same approach as tftp dynamic command, and
uses the same UEFI Shell command line parameters. This makes it easy
integrating http into existing UEFI Shell scripts.
Note that to enable HTTP download, feature Pcd
gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections must be set to TRUE.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2860

PATCH v12 changes:
Address comments from Laszlo, Zhichao:
- do not use TimeBaseLib library until it is passes MS VS x64 build
(BZ https://bugzilla.tianocore.org/show_bug.cgi?id=2962);
- change the return type of EfiTimeToEpoch() to UINTN;
- drop the final UINT32 case from EfiTimeToEpoch();
- change the type of ElapsedSeconds to UINTN;
- print the number of elapsed seconds with %Lu specifier.


Vladimir Olovyannikov (1):
ShellPkg/DynamicCommand: add HttpDynamicCommand

ShellPkg/ShellPkg.dec | 1 +
ShellPkg/ShellPkg.dsc | 5 +
.../HttpDynamicCommand/HttpApp.inf | 58 +
.../HttpDynamicCommand/HttpDynamicCommand.inf | 63 +
.../DynamicCommand/HttpDynamicCommand/Http.h | 90 +
ShellPkg/Include/Guid/ShellLibHiiGuid.h | 5 +
.../DynamicCommand/HttpDynamicCommand/Http.c | 1843 +++++++++++++++++
.../HttpDynamicCommand/HttpApp.c | 61 +
.../HttpDynamicCommand/HttpDynamicCommand.c | 137 ++
.../HttpDynamicCommand/Http.uni | 117 ++
10 files changed, 2380 insertions(+)
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.inf
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/Http.h
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/Http.c
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpApp.c
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.c
create mode 100644 ShellPkg/DynamicCommand/HttpDynamicCommand/Http.uni

--
2.28.0.394.ge197136389


Re: [PATCH] OvmfPkg/README: HTTPS Boot: describe host-side TLS cipher suites forwarding

Philippe Mathieu-Daudé
 

Hi Laszlo,

On 9/10/20 8:02 AM, Laszlo Ersek wrote:
On 09/09/20 18:21, Philippe Mathieu-Daudé wrote:
On 9/7/20 6:18 PM, Laszlo Ersek wrote:
In QEMU commit range 4abf70a661a5..69699f3055a5, Phil implemented a QEMU
facility for exposing the host-side TLS cipher suite configuration to
OVMF. The purpose is to control the permitted ciphers in the guest's UEFI
HTTPS boot. This complements the forwarding of the host-side crypto policy
from the host to the guest -- the other facet was the set of CA
certificates (for which p11-kit patches had been upstreamed, on the host
side).

Mention the new command line options in "OvmfPkg/README".

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Gary Lin <glin@suse.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2852
Thanks for addressing this BZ for me...

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/README | 24 ++++++++++++--------
1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/OvmfPkg/README b/OvmfPkg/README
index 3dd28474ead4..2009d9d29796 100644
--- a/OvmfPkg/README
+++ b/OvmfPkg/README
@@ -294,67 +294,73 @@ and encrypted connection.

You can also append a certificate to the existing list with the following
command:

efisiglist -i <old certdb> -a <cert file> -o <new certdb>

NOTE: You may need the patch to make efisiglist generate the correct header.
(https://github.com/rhboot/pesign/pull/40)

* Besides the trusted certificates, it's also possible to configure the trusted
cipher suites for HTTPS through another fw_cfg entry: etc/edk2/https/ciphers.

- -fw_cfg name=etc/edk2/https/ciphers,file=<cipher suites>
-
OVMF expects a binary UINT16 array which comprises the cipher suites HEX
IDs(*4). If the cipher suite list is given, OVMF will choose the cipher
suite from the intersection of the given list and the built-in cipher
suites. Otherwise, OVMF just chooses whatever proper cipher suites from the
built-in ones.

- While the tool(*5) to create the cipher suite array is still under
- development, the array can be generated with the following script:
+ Using QEMU 5.1 or later, QEMU can expose the ordered list of permitted TLS
+ cipher suites from the host side to OVMF:
+
+ -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \
+ -fw_cfg name=etc/edk2/https/ciphers,gen_id=mysuite0
+
+ (Refer to the QEMU manual and to
+ <https://gnutls.org/manual/html_node/Priority-Strings.html> for more
+ information on the "priority" property.)
+
+ Using QEMU 5.0 or earlier, the array has to be passed from a file:
What about using a '-' to list each "Using QEMU ..." and make the
separation clearer?
I can do that, yes. There are three possibilities:

- prefix just one line (in each affected paragraph) with the hyphen,

- prefix the first line of each paragraph with the hyphen, plus indent
the rest of the *same paragraph* by 2 spaces.
I'd go with this possibility. Clear and easy.


- prefix the first line of each paragraph with the hyphen, plus indent
the rest of the *text* that applies to the QEMU versions being discussed.
(Note that would be my *visual* preference, but I don't think it's
worth it, I prefer we keep the diff short and easy to review).


Which one do you prefer?

Thanks,
Laszlo


Regardless:
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daude <philmd@redhat.com>

+
+ -fw_cfg name=etc/edk2/https/ciphers,file=<cipher suites>
+
+ whose contents can be generated with the following script, for example:

export LC_ALL=C
openssl ciphers -V \
| sed -r -n \
-e 's/^ *0x([0-9A-F]{2}),0x([0-9A-F]{2}) - .*$/\\\\x\1 \\\\x\2/p' \
| xargs -r -- printf -- '%b' > ciphers.bin

This script creates ciphers.bin that contains all the cipher suite IDs
supported by openssl according to the local host configuration.

You may want to enable only a limited set of cipher suites. Then, you
should check the validity of your list first:

openssl ciphers -V <cipher list>

If all the cipher suites in your list map to the proper HEX IDs, go ahead
to modify the script and execute it:

export LC_ALL=C
openssl ciphers -V <cipher list> \
| sed -r -n \
-e 's/^ *0x([0-9A-F]{2}),0x([0-9A-F]{2}) - .*$/\\\\x\1 \\\\x\2/p' \
| xargs -r -- printf -- '%b' > ciphers.bin

-* In the future (after release 2.12), QEMU should populate both above fw_cfg
- files automatically from the local host configuration, and enable the user
- to override either with dedicated options or properties.
-
(*1) See "31.4.1 Signature Database" in UEFI specification 2.7 errata A.
(*2) p11-kit: https://github.com/p11-glue/p11-kit/
(*3) efisiglist: https://github.com/rhboot/pesign/blob/master/src/efisiglist.c
(*4) https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table
-(*5) update-crypto-policies: https://gitlab.com/redhat-crypto/fedora-crypto-policies

=== OVMF Flash Layout ===

Like all current IA32/X64 system designs, OVMF's firmware device (rom/flash)
appears in QEMU's physical address space just below 4GB (0x100000000).

OVMF supports building a 1MB, 2MB or 4MB flash image (see the DSC files for the
FD_SIZE_1MB, FD_SIZE_2MB, FD_SIZE_4MB build defines). The base address for the
1MB image in QEMU physical memory is 0xfff00000. The base address for the 2MB
image is 0xffe00000. The base address for the 4MB image is 0xffc00000.

Using the 1MB or 2MB image, the layout of the firmware device in memory looks


Re: [PATCH v7 00/14] Add the VariablePolicy feature

Dandan Bi
 

Hi Bret,

The V7 version is OK from my side. Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Please hold to see if any comments from other reviewers.


Hi Jiewen and Jian,

Do you have any comments?



Thanks,
Dandan

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret
Barkelew
Sent: Friday, August 28, 2020 1:51 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chao Zhang
<chao.b.zhang@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao
A <hao.a.wu@intel.com>; Gao, Liming <liming.gao@intel.com>; Justen,
Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>;
Ard Biesheuvel <ard.biesheuvel@arm.com>; Andrew Fish
<afish@apple.com>; Ni, Ray <ray.ni@intel.com>
Subject: [edk2-devel] [PATCH v7 00/14] Add the VariablePolicy feature

The 14 patches in this series add the VariablePolicy feature to the core,
deprecate Edk2VarLock (while adding a compatibility layer to reduce code
churn), and integrate the VariablePolicy libraries and protocols into Variable
Services.

Since the integration requires multiple changes, including adding libraries, a
protocol, an SMI communication handler, and VariableServices integration,
the patches are broken up by individual library additions and then a final
integration. Security-sensitive changes like bypassing Authenticated Variable
enforcement are also broken out into individual patches so that attention can
be called directly to them.

Platform porting instructions are described in this wiki entry:
https://github.com/tianocore/tianocore.github.io/wiki/VariablePolicy-
Protocol---Enhanced-Method-for-Managing-Variables#platform-porting

Discussion of the feature can be found in multiple places throughout the last
year on the RFC channel, staging branches, and in devel.

Most recently, this subject was discussed in this thread:
https://edk2.groups.io/g/devel/message/53712
(the code branches shared in that discussion are now out of date, but the
whitepapers and discussion are relevant).

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>

v7 changes:
* Address comments from Dandan about security of the MM handler
* Add readme
* Fix bug around hex characters in BOOT####, etc
* Add additional testing for hex characters
* Add additional testing for authenticated variables

v6 changes:
* Fix an issue with uninitialized Status in InitVariablePolicyLib() and
DeinitVariablePolicyLib()
* Fix GCC building in shell-based functional test
* Rebase on latest origin/master

v5 changes:
* Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
* Fix EFIAPI mismatches in the functional unittest
* Rebase on latest origin/master

v4 changes:
* Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from
platforms
* Rebase on master
* Migrate to new MmCommunicate2 protocol
* Fix an oversight in the default return value for
InitMmCommonCommBuffer
* Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables

V3 changes:
* Address all non-unittest issues with ECC
* Make additional style changes
* Include section name in hunk headers in "ini-style" files
* Remove requirement for the EdkiiPiSmmCommunicationsRegionTable
driver
(now allocates its own buffer)
* Change names from VARIABLE_POLICY_PROTOCOL and
gVariablePolicyProtocolGuid
to EDKII_VARIABLE_POLICY_PROTOCOL and
gEdkiiVariablePolicyProtocolGuid
* Fix GCC warning about initializing externs
* Add UNI strings for new PCD
* Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
* Reorder patches according to Liming's feedback about adding to platforms
before changing variable driver

V2 changes:
* Fixed implementation for RuntimeDxe
* Add PCD to block DisableVariablePolicy
* Fix the DumpVariablePolicy pagination in SMM


Bret Barkelew (14):
MdeModulePkg: Define the VariablePolicy protocol interface
MdeModulePkg: Define the VariablePolicyLib
MdeModulePkg: Define the VariablePolicyHelperLib
MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
MdeModulePkg: Connect VariablePolicy business logic to
VariableServices
MdeModulePkg: Allow VariablePolicy state to delete protected variables
SecurityPkg: Allow VariablePolicy state to delete authenticated
variables
MdeModulePkg: Change TCG MOR variables to use VariablePolicy
MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
MdeModulePkg: Add a shell-based functional test for VariablePolicy

MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
| 345 +++
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
| 396 ++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
| 46 +

MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx
e.c | 85 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
| 830 +++++++

MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
licyUnitTest.c | 2452 ++++++++++++++++++++

MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
ncTestApp.c | 2226 ++++++++++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c
| 52 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
| 60 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
| 49 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
| 53 +

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock
.c | 71 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
| 642 +++++

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.
c | 14 +
SecurityPkg/Library/AuthVariableLib/AuthService.c | 22
+-
ArmVirtPkg/ArmVirt.dsc.inc | 4 +
EmulatorPkg/EmulatorPkg.dsc | 3 +
MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h |
54 +
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
| 164 ++
MdeModulePkg/Include/Library/VariablePolicyLib.h |
207 ++
MdeModulePkg/Include/Protocol/VariablePolicy.h |
157 ++
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
| 42 +
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
| 12 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
| 35 +
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
| 12 +
MdeModulePkg/Library/VariablePolicyLib/ReadMe.md |
410 ++++
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
| 49 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
| 12 +
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
| 51 +

MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
licyUnitTest.inf | 45 +
MdeModulePkg/MdeModulePkg.ci.yaml | 8 +-
MdeModulePkg/MdeModulePkg.dec | 26 +-
MdeModulePkg/MdeModulePkg.dsc | 9 +
MdeModulePkg/MdeModulePkg.uni | 7 +
MdeModulePkg/Test/MdeModulePkgHostTest.dsc |
11 +
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md
| 55 +

MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
ncTestApp.inf | 47 +

MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTe
stAuthVar.h | 128 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
| 5 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
| 4 +

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.i
nf | 11 +

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
| 4 +
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
OvmfPkg/OvmfPkgX64.dsc | 5 +
OvmfPkg/OvmfXen.dsc | 4 +
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf |
2 +
UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 4 +
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 4 +
49 files changed, 8865 insertions(+), 79 deletions(-) create mode 100644
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
create mode 100644
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx
e.c
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
licyUnitTest.c
create mode 100644
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
ncTestApp.c
create mode 100644
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock
.c
create mode 100644
MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
create mode 100644
MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
create mode 100644
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
create mode 100644
MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
create mode 100644
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
create mode 100644
MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
create mode 100644
MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariablePo
licyUnitTest.inf
create mode 100644
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md
create mode 100644
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFu
ncTestApp.inf
create mode 100644
MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyTe
stAuthVar.h

--
2.28.0.windows.1


17021 - 17040 of 82266