Date   

[PATCH] IntelFsp2Pkg GenCfgOpt.py: Initialize IncLines as empty list

gaoliming
 

IncLines as empty list for the case when InputHeaderFile is not specified.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Liming Gao <gaoliming@byosoft.com.cn>
---
IntelFsp2Pkg/Tools/GenCfgOpt.py | 1 +
1 file changed, 1 insertion(+)

diff --git a/IntelFsp2Pkg/Tools/GenCfgOpt.py b/IntelFsp2Pkg/Tools/GenCfgOpt.py
index e9de128e..bcced590 100644
--- a/IntelFsp2Pkg/Tools/GenCfgOpt.py
+++ b/IntelFsp2Pkg/Tools/GenCfgOpt.py
@@ -1177,6 +1177,7 @@ EndList
UpdSignatureCheck = ['FSPT_UPD_SIGNATURE', 'FSPM_UPD_SIGNATURE', 'FSPS_UPD_SIGNATURE']
ExcludedSpecificUpd = ['FSPT_ARCH_UPD', 'FSPM_ARCH_UPD', 'FSPS_ARCH_UPD']

+ IncLines = []
if InputHeaderFile != '':
if not os.path.exists(InputHeaderFile):
self.Error = "Input header file '%s' does not exist" % InputHeaderFile
--
2.27.0.windows.1


Re: [PATCH 0/2] remove TPM related ppi from Depex for Fsp wrapper PEIM driver

Yao, Jiewen
 

Patch is merged.

The pull request was
https://github.com/tianocore/edk2/pull/930
and the commit range is a62fb4229d14..7bcb021a6d54.

Thank you
Yao Jiewen

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@intel.com>
Sent: Tuesday, September 15, 2020 2:21 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>;
Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star
<star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
<jian.j.wang@intel.com>
Subject: [PATCH 0/2] remove TPM related ppi from Depex for Fsp wrapper PEIM
driver

Some open board are TPM disabled. So the boot may hang because
these PPIs can't arrive. And gEdkiiTcgPpiGuid will be notified where
it is used. So we need to remove these PPIs from Depex for Fsp wrapper
PEI and PeiTpmMeasurementLib.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>

Qi Zhang (2):
IntelFsp2WrapperPkg: remove gPeiTpmInitializationDonePpiGuid from
Depex
SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuid

IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf | 3 +--
IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf | 3 +--
.../Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf | 3 +--
3 files changed, 3 insertions(+), 6 deletions(-)

--
2.26.2.windows.1


Re: development process failure [was: remove TPM related ppi from Depex for Fsp wrapper PEIM driver]

Yao, Jiewen
 

Hi Laszlo
Thanks. I agree 1, 2, 3. I take the blame. It is my fault.

For 4, it is out of my scope. I cannot find this by my eyes. Everything works well on my side.
Can we improve patch checker to catch this in CI ?
I don’t think I can find any Unicode in code or commit message easily.
I prefer to let a tool to do that work.

Thank you
Yao Jiewen

-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com>
Sent: Wednesday, September 16, 2020 4:43 PM
To: Chiu, Chasel <chasel.chiu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Cc: devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>; Desimone,
Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star
<star.zeng@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
Subject: development process failure [was: remove TPM related ppi from Depex
for Fsp wrapper PEIM driver]

Jiewen, Chasel,

On 09/15/20 08:21, Qi Zhang wrote:
Some open board are TPM disabled. So the boot may hang because
these PPIs can't arrive. And gEdkiiTcgPpiGuid will be notified where
it is used. So we need to remove these PPIs from Depex for Fsp wrapper
PEI and PeiTpmMeasurementLib.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>

Qi Zhang (2):
IntelFsp2WrapperPkg: remove gPeiTpmInitializationDonePpiGuid from
Depex
SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuid

IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf | 3 +--
IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf | 3 +--
.../Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf | 3 +--
3 files changed, 3 insertions(+), 6 deletions(-)
Please adopt a *much more* disciplined approach when merging patch series.


(1) When you merge a patch set, please report back on the list. Identify
both the pull request URL, and the commit reange.

In this case, the pull request was

https://github.com/tianocore/edk2/pull/930

and the commit range is a62fb4229d14..7bcb021a6d54.


(2) The associated Bugzilla:

https://bugzilla.tianocore.org/show_bug.cgi?id=2963

has been completely neglected, by both submitter and maintainers.

- The original BZ report is *absolute trash*.

- No URL into the mailing list archive has been captured in the BZ,
about the posted series.

- The BZ status is still CONFIRMED.

- No mention of the pull request, or the resultant commit, range in the
BZ ticket.


(3) The github pull request at
<https://github.com/tianocore/edk2/pull/930> does contain *any*
indication of the bugzilla ticket, or the cover letter on the list.

Basically we have random artifacts in three different places (Bugzilla,
github.com, mailing list), and nobody of the involved parties
(reviewers, maintainers, constributors) on this patch set have made
*any* effort to cross-reference them. We now have to hunt down
everything separately.


(4) Worst of all, the subject line of commit 414d7d11e6ea contains a
Unicode code point called FULLWIDTH COLON (U+FF1A) rather than a normal
colon (U+003A).

Compare:

- bad (current): IntelFsp2WrapperPkg: remove [...]
- good (should have been): IntelFsp2WrapperPkg: remove [...]

It makes absolutely no sense to use non-ASCII code points in subject
lines, for something as trivial as a colon.


I've been here for 8-9 years now and it's incredibly frustrating that I
*still* have to whine about basic stuff like this on a regular basis.

I don't even know whom I should CC at Intel (management or otherwise) to
see an improvement in attitude here.

I guess this community cannot be saved.

Laszlo


Re: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction support for X64

Guomin Jiang
 

Hi Zurcher,

[Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think those
need unit test for them too.
Can you update the status about it?

[Jiewen] I think we need support build with GCC and LLVM, and with X64.
It is better to support the GCC and LLVM.

Thanks
Guomin

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
Jiewen
Sent: Tuesday, August 25, 2020 7:36 AM
To: Zurcher, Christopher J <christopher.j.zurcher@intel.com>;
devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
<xiaoyux.lu@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
instruction support for X64

Below:

-----Original Message-----
From: Zurcher, Christopher J <christopher.j.zurcher@intel.com>
Sent: Tuesday, August 25, 2020 5:26 AM
To: devel@edk2.groups.io; Zurcher, Christopher J
<christopher.j.zurcher@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
<xiaoyux.lu@intel.com>;
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: RE: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
instruction support for X64

1) I have confirmed that the ApiHooks.c file is still required even without
the AVX
instructions included. The x86_64 assembly files in OpenSSL set a flag called
$win64 and automatically include calls to the RtlVirtualUnwind function if
NASM
is selected as the assembler scheme.

https://docs.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-
rtlvirtualunwind

I have submitted an issue against OpenSSL since I don't think using the
NASM
assembler should force the inclusion of Windows-specific API hooks, but
that
change cannot be made in OpenSSL 1.1.1 and we will have to wait for
OpenSSL 3
or later to remove the stub function.

https://github.com/openssl/openssl/issues/12712
[Jiewen] Thanks.

2) So far I have only built with VS.
[Jiewen] I think we need support build with GCC and LLVM, and with X64.


3) The X64 SHA256 implementation was successfully exercised across a
large
number of devices in a production environment as a verification step in a
multi-
GB data transfer scenario.
[Jiewen] Since you also add other sha (sha1, sha512) and aesni, I think those
need unit test for them too.


Thanks,
Christopher Zurcher

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Zurcher,
Christopher J
Sent: Tuesday, August 18, 2020 15:50
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
<xiaoyux.lu@intel.com>;
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [edk2-devel] [PATCH v2 1/2] CryptoPkg/OpensslLib: Add
native
instruction support for X64

After further review, the ApiHooks.c file may no longer be needed since
we
are no longer including the AVX instructions. I will look over the
dependencies and send a new patch set if I can eliminate the API hooks
file.

Thanks,
Christopher Zurcher

-----Original Message-----
From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Thursday, August 13, 2020 08:04
To: Zurcher, Christopher J <christopher.j.zurcher@intel.com>;
devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX
<xiaoyux.lu@intel.com>;
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: RE: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native
instruction
support for X64

Hi Christopher
Thanks.

1) Would you please help me understand more on "ApiHooks.c contains
a
stub
function for a Windows API call" ?
Why we need this?
If it is compiler specific in openssl, should we submit patch to openssl to
exclude this with OPENSSL_SYS_UEFI? That should be a cleaner solution
for
UEFI.

2) Would you please describe what compiler you have tried? VS? GCC?
LLVM?

3) Would you please describe what unit test you have done?

Thank you
Yao Jiewen


-----Original Message-----
From: Zurcher, Christopher J <christopher.j.zurcher@intel.com>
Sent: Tuesday, August 4, 2020 8:24 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
<jian.j.wang@intel.com>;
Lu, XiaoyuX <xiaoyux.lu@intel.com>; Ard Biesheuvel
<ard.biesheuvel@linaro.org>
Subject: [PATCH v2 1/2] CryptoPkg/OpensslLib: Add native instruction
support
for X64

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2507

Adding OpensslLibX64.inf and modifying process_files.pl to process
this
file and generate the necessary assembly files.
ApiHooks.c contains a stub function for a Windows API call.
uefi-asm.conf contains the limited assembly configurations for
OpenSSL.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Christopher J Zurcher
<christopher.j.zurcher@intel.com>
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibX64.inf | 656
++++++++++++++++++++
CryptoPkg/Library/Include/openssl/opensslconf.h | 3 -
CryptoPkg/Library/OpensslLib/ApiHooks.c | 18 +
CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c | 34 +
CryptoPkg/Library/OpensslLib/process_files.pl | 223 +++++--
CryptoPkg/Library/OpensslLib/uefi-asm.conf | 15 +
8 files changed, 903 insertions(+), 50 deletions(-)

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dbbe5386a1..bd62d86936 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -16,7 +16,7 @@
VERSION_STRING = 1.0

LIBRARY_CLASS = OpensslLib

DEFINE OPENSSL_PATH = openssl

- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -
DOPENSSL_SMALL_FOOTPRINT
-D_CRT_SECURE_NO_DEPRECATE -
D_CRT_NONSTDC_NO_DEPRECATE

+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -
DOPENSSL_SMALL_FOOTPRINT
-D_CRT_SECURE_NO_DEPRECATE -
D_CRT_NONSTDC_NO_DEPRECATE -
DOPENSSL_NO_ASM



#

# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 616ccd9f62..2b7324a990 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -16,7 +16,7 @@
VERSION_STRING = 1.0

LIBRARY_CLASS = OpensslLib

DEFINE OPENSSL_PATH = openssl

- DEFINE OPENSSL_FLAGS = -DL_ENDIAN -
DOPENSSL_SMALL_FOOTPRINT
-D_CRT_SECURE_NO_DEPRECATE -
D_CRT_NONSTDC_NO_DEPRECATE

+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -
DOPENSSL_SMALL_FOOTPRINT
-D_CRT_SECURE_NO_DEPRECATE -
D_CRT_NONSTDC_NO_DEPRECATE -
DOPENSSL_NO_ASM



#

# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
new file mode 100644
index 0000000000..825eea0254
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
@@ -0,0 +1,656 @@
+## @file

+# This module provides OpenSSL Library implementation.

+#

+# Copyright (c) 2010 - 2020, Intel Corporation. All rights
reserved.<BR>

+# (C) Copyright 2020 Hewlett Packard Enterprise Development
LP<BR>

+# SPDX-License-Identifier: BSD-2-Clause-Patent

+#

+##

+

+[Defines]

+ INF_VERSION = 0x00010005

+ BASE_NAME = OpensslLibX64

+ MODULE_UNI_FILE = OpensslLib.uni

+ FILE_GUID = 18125E50-0117-4DD0-BE54-4784AD995FEF

+ MODULE_TYPE = BASE

+ VERSION_STRING = 1.0

+ LIBRARY_CLASS = OpensslLib

+ DEFINE OPENSSL_PATH = openssl

+ DEFINE OPENSSL_FLAGS = -DL_ENDIAN -
DOPENSSL_SMALL_FOOTPRINT
-D_CRT_SECURE_NO_DEPRECATE -
D_CRT_NONSTDC_NO_DEPRECATE

+ DEFINE OPENSSL_FLAGS_CONFIG = -DOPENSSL_CPUID_OBJ -
DSHA1_ASM -
DSHA256_ASM -DSHA512_ASM -DAESNI_ASM -DVPAES_ASM -
DGHASH_ASM

+ CONSTRUCTOR = OpensslLibConstructor

+

+#

+# VALID_ARCHITECTURES = X64

+#

+

+[Sources]

+ OpensslLibConstructor.c

+ $(OPENSSL_PATH)/e_os.h

+ $(OPENSSL_PATH)/ms/uplink.h

+# Autogenerated files list starts here

+ X64/crypto/aes/aesni-mb-x86_64.nasm

+ X64/crypto/aes/aesni-sha1-x86_64.nasm

+ X64/crypto/aes/aesni-sha256-x86_64.nasm

+ X64/crypto/aes/aesni-x86_64.nasm

+ X64/crypto/aes/vpaes-x86_64.nasm

+ X64/crypto/modes/ghash-x86_64.nasm

+ X64/crypto/sha/sha1-mb-x86_64.nasm

+ X64/crypto/sha/sha1-x86_64.nasm

+ X64/crypto/sha/sha256-mb-x86_64.nasm

+ X64/crypto/sha/sha256-x86_64.nasm

+ X64/crypto/sha/sha512-x86_64.nasm

+ X64/crypto/x86_64cpuid.nasm

+ $(OPENSSL_PATH)/crypto/aes/aes_cbc.c

+ $(OPENSSL_PATH)/crypto/aes/aes_cfb.c

+ $(OPENSSL_PATH)/crypto/aes/aes_core.c

+ $(OPENSSL_PATH)/crypto/aes/aes_ige.c

+ $(OPENSSL_PATH)/crypto/aes/aes_misc.c

+ $(OPENSSL_PATH)/crypto/aes/aes_ofb.c

+ $(OPENSSL_PATH)/crypto/aes/aes_wrap.c

+ $(OPENSSL_PATH)/crypto/aria/aria.c

+ $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c

+ $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c

+ $(OPENSSL_PATH)/crypto/asn1/a_digest.c

+ $(OPENSSL_PATH)/crypto/asn1/a_dup.c

+ $(OPENSSL_PATH)/crypto/asn1/a_gentm.c

+ $(OPENSSL_PATH)/crypto/asn1/a_i2d_fp.c

+ $(OPENSSL_PATH)/crypto/asn1/a_int.c

+ $(OPENSSL_PATH)/crypto/asn1/a_mbstr.c

+ $(OPENSSL_PATH)/crypto/asn1/a_object.c

+ $(OPENSSL_PATH)/crypto/asn1/a_octet.c

+ $(OPENSSL_PATH)/crypto/asn1/a_print.c

+ $(OPENSSL_PATH)/crypto/asn1/a_sign.c

+ $(OPENSSL_PATH)/crypto/asn1/a_strex.c

+ $(OPENSSL_PATH)/crypto/asn1/a_strnid.c

+ $(OPENSSL_PATH)/crypto/asn1/a_time.c

+ $(OPENSSL_PATH)/crypto/asn1/a_type.c

+ $(OPENSSL_PATH)/crypto/asn1/a_utctm.c

+ $(OPENSSL_PATH)/crypto/asn1/a_utf8.c

+ $(OPENSSL_PATH)/crypto/asn1/a_verify.c

+ $(OPENSSL_PATH)/crypto/asn1/ameth_lib.c

+ $(OPENSSL_PATH)/crypto/asn1/asn1_err.c

+ $(OPENSSL_PATH)/crypto/asn1/asn1_gen.c

+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.c

+ $(OPENSSL_PATH)/crypto/asn1/asn1_lib.c

+ $(OPENSSL_PATH)/crypto/asn1/asn1_par.c

+ $(OPENSSL_PATH)/crypto/asn1/asn_mime.c

+ $(OPENSSL_PATH)/crypto/asn1/asn_moid.c

+ $(OPENSSL_PATH)/crypto/asn1/asn_mstbl.c

+ $(OPENSSL_PATH)/crypto/asn1/asn_pack.c

+ $(OPENSSL_PATH)/crypto/asn1/bio_asn1.c

+ $(OPENSSL_PATH)/crypto/asn1/bio_ndef.c

+ $(OPENSSL_PATH)/crypto/asn1/d2i_pr.c

+ $(OPENSSL_PATH)/crypto/asn1/d2i_pu.c

+ $(OPENSSL_PATH)/crypto/asn1/evp_asn1.c

+ $(OPENSSL_PATH)/crypto/asn1/f_int.c

+ $(OPENSSL_PATH)/crypto/asn1/f_string.c

+ $(OPENSSL_PATH)/crypto/asn1/i2d_pr.c

+ $(OPENSSL_PATH)/crypto/asn1/i2d_pu.c

+ $(OPENSSL_PATH)/crypto/asn1/n_pkey.c

+ $(OPENSSL_PATH)/crypto/asn1/nsseq.c

+ $(OPENSSL_PATH)/crypto/asn1/p5_pbe.c

+ $(OPENSSL_PATH)/crypto/asn1/p5_pbev2.c

+ $(OPENSSL_PATH)/crypto/asn1/p5_scrypt.c

+ $(OPENSSL_PATH)/crypto/asn1/p8_pkey.c

+ $(OPENSSL_PATH)/crypto/asn1/t_bitst.c

+ $(OPENSSL_PATH)/crypto/asn1/t_pkey.c

+ $(OPENSSL_PATH)/crypto/asn1/t_spki.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_dec.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_enc.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_fre.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_new.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_prn.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_scn.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_typ.c

+ $(OPENSSL_PATH)/crypto/asn1/tasn_utl.c

+ $(OPENSSL_PATH)/crypto/asn1/x_algor.c

+ $(OPENSSL_PATH)/crypto/asn1/x_bignum.c

+ $(OPENSSL_PATH)/crypto/asn1/x_info.c

+ $(OPENSSL_PATH)/crypto/asn1/x_int64.c

+ $(OPENSSL_PATH)/crypto/asn1/x_long.c

+ $(OPENSSL_PATH)/crypto/asn1/x_pkey.c

+ $(OPENSSL_PATH)/crypto/asn1/x_sig.c

+ $(OPENSSL_PATH)/crypto/asn1/x_spki.c

+ $(OPENSSL_PATH)/crypto/asn1/x_val.c

+ $(OPENSSL_PATH)/crypto/async/arch/async_null.c

+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.c

+ $(OPENSSL_PATH)/crypto/async/arch/async_win.c

+ $(OPENSSL_PATH)/crypto/async/async.c

+ $(OPENSSL_PATH)/crypto/async/async_err.c

+ $(OPENSSL_PATH)/crypto/async/async_wait.c

+ $(OPENSSL_PATH)/crypto/bio/b_addr.c

+ $(OPENSSL_PATH)/crypto/bio/b_dump.c

+ $(OPENSSL_PATH)/crypto/bio/b_sock.c

+ $(OPENSSL_PATH)/crypto/bio/b_sock2.c

+ $(OPENSSL_PATH)/crypto/bio/bf_buff.c

+ $(OPENSSL_PATH)/crypto/bio/bf_lbuf.c

+ $(OPENSSL_PATH)/crypto/bio/bf_nbio.c

+ $(OPENSSL_PATH)/crypto/bio/bf_null.c

+ $(OPENSSL_PATH)/crypto/bio/bio_cb.c

+ $(OPENSSL_PATH)/crypto/bio/bio_err.c

+ $(OPENSSL_PATH)/crypto/bio/bio_lib.c

+ $(OPENSSL_PATH)/crypto/bio/bio_meth.c

+ $(OPENSSL_PATH)/crypto/bio/bss_acpt.c

+ $(OPENSSL_PATH)/crypto/bio/bss_bio.c

+ $(OPENSSL_PATH)/crypto/bio/bss_conn.c

+ $(OPENSSL_PATH)/crypto/bio/bss_dgram.c

+ $(OPENSSL_PATH)/crypto/bio/bss_fd.c

+ $(OPENSSL_PATH)/crypto/bio/bss_file.c

+ $(OPENSSL_PATH)/crypto/bio/bss_log.c

+ $(OPENSSL_PATH)/crypto/bio/bss_mem.c

+ $(OPENSSL_PATH)/crypto/bio/bss_null.c

+ $(OPENSSL_PATH)/crypto/bio/bss_sock.c

+ $(OPENSSL_PATH)/crypto/bn/bn_add.c

+ $(OPENSSL_PATH)/crypto/bn/bn_asm.c

+ $(OPENSSL_PATH)/crypto/bn/bn_blind.c

+ $(OPENSSL_PATH)/crypto/bn/bn_const.c

+ $(OPENSSL_PATH)/crypto/bn/bn_ctx.c

+ $(OPENSSL_PATH)/crypto/bn/bn_depr.c

+ $(OPENSSL_PATH)/crypto/bn/bn_dh.c

+ $(OPENSSL_PATH)/crypto/bn/bn_div.c

+ $(OPENSSL_PATH)/crypto/bn/bn_err.c

+ $(OPENSSL_PATH)/crypto/bn/bn_exp.c

+ $(OPENSSL_PATH)/crypto/bn/bn_exp2.c

+ $(OPENSSL_PATH)/crypto/bn/bn_gcd.c

+ $(OPENSSL_PATH)/crypto/bn/bn_gf2m.c

+ $(OPENSSL_PATH)/crypto/bn/bn_intern.c

+ $(OPENSSL_PATH)/crypto/bn/bn_kron.c

+ $(OPENSSL_PATH)/crypto/bn/bn_lib.c

+ $(OPENSSL_PATH)/crypto/bn/bn_mod.c

+ $(OPENSSL_PATH)/crypto/bn/bn_mont.c

+ $(OPENSSL_PATH)/crypto/bn/bn_mpi.c

+ $(OPENSSL_PATH)/crypto/bn/bn_mul.c

+ $(OPENSSL_PATH)/crypto/bn/bn_nist.c

+ $(OPENSSL_PATH)/crypto/bn/bn_prime.c

+ $(OPENSSL_PATH)/crypto/bn/bn_print.c

+ $(OPENSSL_PATH)/crypto/bn/bn_rand.c

+ $(OPENSSL_PATH)/crypto/bn/bn_recp.c

+ $(OPENSSL_PATH)/crypto/bn/bn_shift.c

+ $(OPENSSL_PATH)/crypto/bn/bn_sqr.c

+ $(OPENSSL_PATH)/crypto/bn/bn_sqrt.c

+ $(OPENSSL_PATH)/crypto/bn/bn_srp.c

+ $(OPENSSL_PATH)/crypto/bn/bn_word.c

+ $(OPENSSL_PATH)/crypto/bn/bn_x931p.c

+ $(OPENSSL_PATH)/crypto/buffer/buf_err.c

+ $(OPENSSL_PATH)/crypto/buffer/buffer.c

+ $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c

+ $(OPENSSL_PATH)/crypto/cmac/cm_pmeth.c

+ $(OPENSSL_PATH)/crypto/cmac/cmac.c

+ $(OPENSSL_PATH)/crypto/comp/c_zlib.c

+ $(OPENSSL_PATH)/crypto/comp/comp_err.c

+ $(OPENSSL_PATH)/crypto/comp/comp_lib.c

+ $(OPENSSL_PATH)/crypto/conf/conf_api.c

+ $(OPENSSL_PATH)/crypto/conf/conf_def.c

+ $(OPENSSL_PATH)/crypto/conf/conf_err.c

+ $(OPENSSL_PATH)/crypto/conf/conf_lib.c

+ $(OPENSSL_PATH)/crypto/conf/conf_mall.c

+ $(OPENSSL_PATH)/crypto/conf/conf_mod.c

+ $(OPENSSL_PATH)/crypto/conf/conf_sap.c

+ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c

+ $(OPENSSL_PATH)/crypto/cpt_err.c

+ $(OPENSSL_PATH)/crypto/cryptlib.c

+ $(OPENSSL_PATH)/crypto/ctype.c

+ $(OPENSSL_PATH)/crypto/cversion.c

+ $(OPENSSL_PATH)/crypto/dh/dh_ameth.c

+ $(OPENSSL_PATH)/crypto/dh/dh_asn1.c

+ $(OPENSSL_PATH)/crypto/dh/dh_check.c

+ $(OPENSSL_PATH)/crypto/dh/dh_depr.c

+ $(OPENSSL_PATH)/crypto/dh/dh_err.c

+ $(OPENSSL_PATH)/crypto/dh/dh_gen.c

+ $(OPENSSL_PATH)/crypto/dh/dh_kdf.c

+ $(OPENSSL_PATH)/crypto/dh/dh_key.c

+ $(OPENSSL_PATH)/crypto/dh/dh_lib.c

+ $(OPENSSL_PATH)/crypto/dh/dh_meth.c

+ $(OPENSSL_PATH)/crypto/dh/dh_pmeth.c

+ $(OPENSSL_PATH)/crypto/dh/dh_prn.c

+ $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c

+ $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c

+ $(OPENSSL_PATH)/crypto/dso/dso_dl.c

+ $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c

+ $(OPENSSL_PATH)/crypto/dso/dso_err.c

+ $(OPENSSL_PATH)/crypto/dso/dso_lib.c

+ $(OPENSSL_PATH)/crypto/dso/dso_openssl.c

+ $(OPENSSL_PATH)/crypto/dso/dso_vms.c

+ $(OPENSSL_PATH)/crypto/dso/dso_win32.c

+ $(OPENSSL_PATH)/crypto/ebcdic.c

+ $(OPENSSL_PATH)/crypto/err/err.c

+ $(OPENSSL_PATH)/crypto/err/err_prn.c

+ $(OPENSSL_PATH)/crypto/evp/bio_b64.c

+ $(OPENSSL_PATH)/crypto/evp/bio_enc.c

+ $(OPENSSL_PATH)/crypto/evp/bio_md.c

+ $(OPENSSL_PATH)/crypto/evp/bio_ok.c

+ $(OPENSSL_PATH)/crypto/evp/c_allc.c

+ $(OPENSSL_PATH)/crypto/evp/c_alld.c

+ $(OPENSSL_PATH)/crypto/evp/cmeth_lib.c

+ $(OPENSSL_PATH)/crypto/evp/digest.c

+ $(OPENSSL_PATH)/crypto/evp/e_aes.c

+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha1.c

+ $(OPENSSL_PATH)/crypto/evp/e_aes_cbc_hmac_sha256.c

+ $(OPENSSL_PATH)/crypto/evp/e_aria.c

+ $(OPENSSL_PATH)/crypto/evp/e_bf.c

+ $(OPENSSL_PATH)/crypto/evp/e_camellia.c

+ $(OPENSSL_PATH)/crypto/evp/e_cast.c

+ $(OPENSSL_PATH)/crypto/evp/e_chacha20_poly1305.c

+ $(OPENSSL_PATH)/crypto/evp/e_des.c

+ $(OPENSSL_PATH)/crypto/evp/e_des3.c

+ $(OPENSSL_PATH)/crypto/evp/e_idea.c

+ $(OPENSSL_PATH)/crypto/evp/e_null.c

+ $(OPENSSL_PATH)/crypto/evp/e_old.c

+ $(OPENSSL_PATH)/crypto/evp/e_rc2.c

+ $(OPENSSL_PATH)/crypto/evp/e_rc4.c

+ $(OPENSSL_PATH)/crypto/evp/e_rc4_hmac_md5.c

+ $(OPENSSL_PATH)/crypto/evp/e_rc5.c

+ $(OPENSSL_PATH)/crypto/evp/e_seed.c

+ $(OPENSSL_PATH)/crypto/evp/e_sm4.c

+ $(OPENSSL_PATH)/crypto/evp/e_xcbc_d.c

+ $(OPENSSL_PATH)/crypto/evp/encode.c

+ $(OPENSSL_PATH)/crypto/evp/evp_cnf.c

+ $(OPENSSL_PATH)/crypto/evp/evp_enc.c

+ $(OPENSSL_PATH)/crypto/evp/evp_err.c

+ $(OPENSSL_PATH)/crypto/evp/evp_key.c

+ $(OPENSSL_PATH)/crypto/evp/evp_lib.c

+ $(OPENSSL_PATH)/crypto/evp/evp_pbe.c

+ $(OPENSSL_PATH)/crypto/evp/evp_pkey.c

+ $(OPENSSL_PATH)/crypto/evp/m_md2.c

+ $(OPENSSL_PATH)/crypto/evp/m_md4.c

+ $(OPENSSL_PATH)/crypto/evp/m_md5.c

+ $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c

+ $(OPENSSL_PATH)/crypto/evp/m_mdc2.c

+ $(OPENSSL_PATH)/crypto/evp/m_null.c

+ $(OPENSSL_PATH)/crypto/evp/m_ripemd.c

+ $(OPENSSL_PATH)/crypto/evp/m_sha1.c

+ $(OPENSSL_PATH)/crypto/evp/m_sha3.c

+ $(OPENSSL_PATH)/crypto/evp/m_sigver.c

+ $(OPENSSL_PATH)/crypto/evp/m_wp.c

+ $(OPENSSL_PATH)/crypto/evp/names.c

+ $(OPENSSL_PATH)/crypto/evp/p5_crpt.c

+ $(OPENSSL_PATH)/crypto/evp/p5_crpt2.c

+ $(OPENSSL_PATH)/crypto/evp/p_dec.c

+ $(OPENSSL_PATH)/crypto/evp/p_enc.c

+ $(OPENSSL_PATH)/crypto/evp/p_lib.c

+ $(OPENSSL_PATH)/crypto/evp/p_open.c

+ $(OPENSSL_PATH)/crypto/evp/p_seal.c

+ $(OPENSSL_PATH)/crypto/evp/p_sign.c

+ $(OPENSSL_PATH)/crypto/evp/p_verify.c

+ $(OPENSSL_PATH)/crypto/evp/pbe_scrypt.c

+ $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c

+ $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c

+ $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c

+ $(OPENSSL_PATH)/crypto/ex_data.c

+ $(OPENSSL_PATH)/crypto/getenv.c

+ $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c

+ $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c

+ $(OPENSSL_PATH)/crypto/hmac/hmac.c

+ $(OPENSSL_PATH)/crypto/init.c

+ $(OPENSSL_PATH)/crypto/kdf/hkdf.c

+ $(OPENSSL_PATH)/crypto/kdf/kdf_err.c

+ $(OPENSSL_PATH)/crypto/kdf/scrypt.c

+ $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c

+ $(OPENSSL_PATH)/crypto/lhash/lh_stats.c

+ $(OPENSSL_PATH)/crypto/lhash/lhash.c

+ $(OPENSSL_PATH)/crypto/md5/md5_dgst.c

+ $(OPENSSL_PATH)/crypto/md5/md5_one.c

+ $(OPENSSL_PATH)/crypto/mem.c

+ $(OPENSSL_PATH)/crypto/mem_dbg.c

+ $(OPENSSL_PATH)/crypto/mem_sec.c

+ $(OPENSSL_PATH)/crypto/modes/cbc128.c

+ $(OPENSSL_PATH)/crypto/modes/ccm128.c

+ $(OPENSSL_PATH)/crypto/modes/cfb128.c

+ $(OPENSSL_PATH)/crypto/modes/ctr128.c

+ $(OPENSSL_PATH)/crypto/modes/cts128.c

+ $(OPENSSL_PATH)/crypto/modes/gcm128.c

+ $(OPENSSL_PATH)/crypto/modes/ocb128.c

+ $(OPENSSL_PATH)/crypto/modes/ofb128.c

+ $(OPENSSL_PATH)/crypto/modes/wrap128.c

+ $(OPENSSL_PATH)/crypto/modes/xts128.c

+ $(OPENSSL_PATH)/crypto/o_dir.c

+ $(OPENSSL_PATH)/crypto/o_fips.c

+ $(OPENSSL_PATH)/crypto/o_fopen.c

+ $(OPENSSL_PATH)/crypto/o_init.c

+ $(OPENSSL_PATH)/crypto/o_str.c

+ $(OPENSSL_PATH)/crypto/o_time.c

+ $(OPENSSL_PATH)/crypto/objects/o_names.c

+ $(OPENSSL_PATH)/crypto/objects/obj_dat.c

+ $(OPENSSL_PATH)/crypto/objects/obj_err.c

+ $(OPENSSL_PATH)/crypto/objects/obj_lib.c

+ $(OPENSSL_PATH)/crypto/objects/obj_xref.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ext.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_ht.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lib.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_prn.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c

+ $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c

+ $(OPENSSL_PATH)/crypto/pem/pem_all.c

+ $(OPENSSL_PATH)/crypto/pem/pem_err.c

+ $(OPENSSL_PATH)/crypto/pem/pem_info.c

+ $(OPENSSL_PATH)/crypto/pem/pem_lib.c

+ $(OPENSSL_PATH)/crypto/pem/pem_oth.c

+ $(OPENSSL_PATH)/crypto/pem/pem_pk8.c

+ $(OPENSSL_PATH)/crypto/pem/pem_pkey.c

+ $(OPENSSL_PATH)/crypto/pem/pem_sign.c

+ $(OPENSSL_PATH)/crypto/pem/pem_x509.c

+ $(OPENSSL_PATH)/crypto/pem/pem_xaux.c

+ $(OPENSSL_PATH)/crypto/pem/pvkfmt.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_add.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_asn.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_attr.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_crpt.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_crt.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_decr.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_init.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_key.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_kiss.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_mutl.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_npas.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_p8d.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_p8e.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c

+ $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c

+ $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c

+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c

+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c

+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_doit.c

+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_lib.c

+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c

+ $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c

+ $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c

+ $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c

+ $(OPENSSL_PATH)/crypto/rand/drbg_lib.c

+ $(OPENSSL_PATH)/crypto/rand/rand_egd.c

+ $(OPENSSL_PATH)/crypto/rand/rand_err.c

+ $(OPENSSL_PATH)/crypto/rand/rand_lib.c

+ $(OPENSSL_PATH)/crypto/rand/rand_unix.c

+ $(OPENSSL_PATH)/crypto/rand/rand_vms.c

+ $(OPENSSL_PATH)/crypto/rand/rand_win.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_crpt.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_depr.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_err.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_gen.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_lib.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_meth.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_mp.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_none.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_oaep.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_ossl.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_pk1.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_pmeth.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_prn.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_pss.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_saos.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_sign.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c

+ $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c

+ $(OPENSSL_PATH)/crypto/sha/keccak1600.c

+ $(OPENSSL_PATH)/crypto/sha/sha1_one.c

+ $(OPENSSL_PATH)/crypto/sha/sha1dgst.c

+ $(OPENSSL_PATH)/crypto/sha/sha256.c

+ $(OPENSSL_PATH)/crypto/sha/sha512.c

+ $(OPENSSL_PATH)/crypto/siphash/siphash.c

+ $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c

+ $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c

+ $(OPENSSL_PATH)/crypto/sm3/m_sm3.c

+ $(OPENSSL_PATH)/crypto/sm3/sm3.c

+ $(OPENSSL_PATH)/crypto/sm4/sm4.c

+ $(OPENSSL_PATH)/crypto/stack/stack.c

+ $(OPENSSL_PATH)/crypto/threads_none.c

+ $(OPENSSL_PATH)/crypto/threads_pthread.c

+ $(OPENSSL_PATH)/crypto/threads_win.c

+ $(OPENSSL_PATH)/crypto/txt_db/txt_db.c

+ $(OPENSSL_PATH)/crypto/ui/ui_err.c

+ $(OPENSSL_PATH)/crypto/ui/ui_lib.c

+ $(OPENSSL_PATH)/crypto/ui/ui_null.c

+ $(OPENSSL_PATH)/crypto/ui/ui_openssl.c

+ $(OPENSSL_PATH)/crypto/ui/ui_util.c

+ $(OPENSSL_PATH)/crypto/uid.c

+ $(OPENSSL_PATH)/crypto/x509/by_dir.c

+ $(OPENSSL_PATH)/crypto/x509/by_file.c

+ $(OPENSSL_PATH)/crypto/x509/t_crl.c

+ $(OPENSSL_PATH)/crypto/x509/t_req.c

+ $(OPENSSL_PATH)/crypto/x509/t_x509.c

+ $(OPENSSL_PATH)/crypto/x509/x509_att.c

+ $(OPENSSL_PATH)/crypto/x509/x509_cmp.c

+ $(OPENSSL_PATH)/crypto/x509/x509_d2.c

+ $(OPENSSL_PATH)/crypto/x509/x509_def.c

+ $(OPENSSL_PATH)/crypto/x509/x509_err.c

+ $(OPENSSL_PATH)/crypto/x509/x509_ext.c

+ $(OPENSSL_PATH)/crypto/x509/x509_lu.c

+ $(OPENSSL_PATH)/crypto/x509/x509_meth.c

+ $(OPENSSL_PATH)/crypto/x509/x509_obj.c

+ $(OPENSSL_PATH)/crypto/x509/x509_r2x.c

+ $(OPENSSL_PATH)/crypto/x509/x509_req.c

+ $(OPENSSL_PATH)/crypto/x509/x509_set.c

+ $(OPENSSL_PATH)/crypto/x509/x509_trs.c

+ $(OPENSSL_PATH)/crypto/x509/x509_txt.c

+ $(OPENSSL_PATH)/crypto/x509/x509_v3.c

+ $(OPENSSL_PATH)/crypto/x509/x509_vfy.c

+ $(OPENSSL_PATH)/crypto/x509/x509_vpm.c

+ $(OPENSSL_PATH)/crypto/x509/x509cset.c

+ $(OPENSSL_PATH)/crypto/x509/x509name.c

+ $(OPENSSL_PATH)/crypto/x509/x509rset.c

+ $(OPENSSL_PATH)/crypto/x509/x509spki.c

+ $(OPENSSL_PATH)/crypto/x509/x509type.c

+ $(OPENSSL_PATH)/crypto/x509/x_all.c

+ $(OPENSSL_PATH)/crypto/x509/x_attrib.c

+ $(OPENSSL_PATH)/crypto/x509/x_crl.c

+ $(OPENSSL_PATH)/crypto/x509/x_exten.c

+ $(OPENSSL_PATH)/crypto/x509/x_name.c

+ $(OPENSSL_PATH)/crypto/x509/x_pubkey.c

+ $(OPENSSL_PATH)/crypto/x509/x_req.c

+ $(OPENSSL_PATH)/crypto/x509/x_x509.c

+ $(OPENSSL_PATH)/crypto/x509/x_x509a.c

+ $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c

+ $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c

+ $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c

+ $(OPENSSL_PATH)/crypto/x509v3/pcy_map.c

+ $(OPENSSL_PATH)/crypto/x509v3/pcy_node.c

+ $(OPENSSL_PATH)/crypto/x509v3/pcy_tree.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_addr.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_akey.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_akeya.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_alt.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_asid.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_bcons.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_bitst.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_conf.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_cpols.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_crld.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_enum.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_extku.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_genn.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_ia5.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_info.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_int.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_lib.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_ncons.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_pci.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_pcia.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_pcons.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_pku.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_pmaps.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_prn.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_purp.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_skey.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_sxnet.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c

+ $(OPENSSL_PATH)/crypto/x509v3/v3err.c

+ $(OPENSSL_PATH)/crypto/arm_arch.h

+ $(OPENSSL_PATH)/crypto/mips_arch.h

+ $(OPENSSL_PATH)/crypto/ppc_arch.h

+ $(OPENSSL_PATH)/crypto/s390x_arch.h

+ $(OPENSSL_PATH)/crypto/sparc_arch.h

+ $(OPENSSL_PATH)/crypto/vms_rms.h

+ $(OPENSSL_PATH)/crypto/aes/aes_local.h

+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h

+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h

+ $(OPENSSL_PATH)/crypto/asn1/charmap.h

+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h

+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h

+ $(OPENSSL_PATH)/crypto/async/async_local.h

+ $(OPENSSL_PATH)/crypto/async/arch/async_null.h

+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h

+ $(OPENSSL_PATH)/crypto/async/arch/async_win.h

+ $(OPENSSL_PATH)/crypto/bio/bio_local.h

+ $(OPENSSL_PATH)/crypto/bn/bn_local.h

+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h

+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h

+ $(OPENSSL_PATH)/crypto/comp/comp_local.h

+ $(OPENSSL_PATH)/crypto/conf/conf_def.h

+ $(OPENSSL_PATH)/crypto/conf/conf_local.h

+ $(OPENSSL_PATH)/crypto/dh/dh_local.h

+ $(OPENSSL_PATH)/crypto/dso/dso_local.h

+ $(OPENSSL_PATH)/crypto/evp/evp_local.h

+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h

+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h

+ $(OPENSSL_PATH)/crypto/md5/md5_local.h

+ $(OPENSSL_PATH)/crypto/modes/modes_local.h

+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h

+ $(OPENSSL_PATH)/crypto/objects/obj_local.h

+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h

+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h

+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h

+ $(OPENSSL_PATH)/crypto/rand/rand_local.h

+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h

+ $(OPENSSL_PATH)/crypto/sha/sha_local.h

+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h

+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h

+ $(OPENSSL_PATH)/crypto/store/store_local.h

+ $(OPENSSL_PATH)/crypto/ui/ui_local.h

+ $(OPENSSL_PATH)/crypto/x509/x509_local.h

+ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h

+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h

+ $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h

+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h

+ $(OPENSSL_PATH)/ssl/bio_ssl.c

+ $(OPENSSL_PATH)/ssl/d1_lib.c

+ $(OPENSSL_PATH)/ssl/d1_msg.c

+ $(OPENSSL_PATH)/ssl/d1_srtp.c

+ $(OPENSSL_PATH)/ssl/methods.c

+ $(OPENSSL_PATH)/ssl/packet.c

+ $(OPENSSL_PATH)/ssl/pqueue.c

+ $(OPENSSL_PATH)/ssl/record/dtls1_bitmap.c

+ $(OPENSSL_PATH)/ssl/record/rec_layer_d1.c

+ $(OPENSSL_PATH)/ssl/record/rec_layer_s3.c

+ $(OPENSSL_PATH)/ssl/record/ssl3_buffer.c

+ $(OPENSSL_PATH)/ssl/record/ssl3_record.c

+ $(OPENSSL_PATH)/ssl/record/ssl3_record_tls13.c

+ $(OPENSSL_PATH)/ssl/s3_cbc.c

+ $(OPENSSL_PATH)/ssl/s3_enc.c

+ $(OPENSSL_PATH)/ssl/s3_lib.c

+ $(OPENSSL_PATH)/ssl/s3_msg.c

+ $(OPENSSL_PATH)/ssl/ssl_asn1.c

+ $(OPENSSL_PATH)/ssl/ssl_cert.c

+ $(OPENSSL_PATH)/ssl/ssl_ciph.c

+ $(OPENSSL_PATH)/ssl/ssl_conf.c

+ $(OPENSSL_PATH)/ssl/ssl_err.c

+ $(OPENSSL_PATH)/ssl/ssl_init.c

+ $(OPENSSL_PATH)/ssl/ssl_lib.c

+ $(OPENSSL_PATH)/ssl/ssl_mcnf.c

+ $(OPENSSL_PATH)/ssl/ssl_rsa.c

+ $(OPENSSL_PATH)/ssl/ssl_sess.c

+ $(OPENSSL_PATH)/ssl/ssl_stat.c

+ $(OPENSSL_PATH)/ssl/ssl_txt.c

+ $(OPENSSL_PATH)/ssl/ssl_utst.c

+ $(OPENSSL_PATH)/ssl/statem/extensions.c

+ $(OPENSSL_PATH)/ssl/statem/extensions_clnt.c

+ $(OPENSSL_PATH)/ssl/statem/extensions_cust.c

+ $(OPENSSL_PATH)/ssl/statem/extensions_srvr.c

+ $(OPENSSL_PATH)/ssl/statem/statem.c

+ $(OPENSSL_PATH)/ssl/statem/statem_clnt.c

+ $(OPENSSL_PATH)/ssl/statem/statem_dtls.c

+ $(OPENSSL_PATH)/ssl/statem/statem_lib.c

+ $(OPENSSL_PATH)/ssl/statem/statem_srvr.c

+ $(OPENSSL_PATH)/ssl/t1_enc.c

+ $(OPENSSL_PATH)/ssl/t1_lib.c

+ $(OPENSSL_PATH)/ssl/t1_trce.c

+ $(OPENSSL_PATH)/ssl/tls13_enc.c

+ $(OPENSSL_PATH)/ssl/tls_srp.c

+ $(OPENSSL_PATH)/ssl/packet_local.h

+ $(OPENSSL_PATH)/ssl/ssl_cert_table.h

+ $(OPENSSL_PATH)/ssl/ssl_local.h

+ $(OPENSSL_PATH)/ssl/record/record.h

+ $(OPENSSL_PATH)/ssl/record/record_local.h

+ $(OPENSSL_PATH)/ssl/statem/statem.h

+ $(OPENSSL_PATH)/ssl/statem/statem_local.h

+# Autogenerated files list ends here

+ buildinf.h

+ rand_pool_noise.h

+ ossl_store.c

+ rand_pool.c

+

+[Sources.X64]

+ rand_pool_noise_tsc.c

+ ApiHooks.c

+

+[Packages]

+ MdePkg/MdePkg.dec

+ CryptoPkg/CryptoPkg.dec

+

+[LibraryClasses]

+ BaseLib

+ DebugLib

+ TimerLib

+ PrintLib

+

+[BuildOptions]

+ #

+ # Disables the following Visual Studio compiler warnings brought by
openssl
source,

+ # so we do not break the build with /WX option:

+ # C4090: 'function' : different 'const' qualifiers

+ # C4132: 'object' : const object should be initialized (tls13_enc.c)

+ # C4210: nonstandard extension used: function given file scope

+ # C4244: conversion from type1 to type2, possible loss of data

+ # C4245: conversion from type1 to type2, signed/unsigned
mismatch

+ # C4267: conversion from size_t to type, possible loss of data

+ # C4306: 'identifier' : conversion from 'type1' to 'type2' of
greater
size

+ # C4310: cast truncates constant value

+ # C4389: 'operator' : signed/unsigned mismatch (xxxx)

+ # C4700: uninitialized local variable 'name' used. (conf_sap.c(71))

+ # C4702: unreachable code

+ # C4706: assignment within conditional expression

+ # C4819: The file contains a character that cannot be represented
in
the
current code page

+ #

+ MSFT:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER
$(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /wd4090 /wd4132
/wd4210
/wd4244 /wd4245 /wd4267 /wd4306 /wd4310 /wd4700 /wd4389
/wd4702
/wd4706 /wd4819

+

+ INTEL:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64 -U_MSC_VER -
U__ICC
$(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) /w

+

+ #

+ # Suppress the following build warnings in openssl so we don't
break
the
build
with -Werror

+ # -Werror=maybe-uninitialized: there exist some other paths for
which
the
variable is not initialized.

+ # -Werror=format: Check calls to printf and scanf, etc., to make
sure
that the
arguments supplied have

+ # types appropriate to the format string specified.

+ # -Werror=unused-but-set-variable: Warn whenever a local
variable is
assigned to, but otherwise unused (aside from its declaration).

+ #

+ GCC:*_*_X64_CC_FLAGS = -U_WIN32 -U_WIN64
$(OPENSSL_FLAGS)
$(OPENSSL_FLAGS_CONFIG) -Wno-error=maybe-uninitialized -Wno-
error=format -Wno-format -Wno-error=unused-but-set-variable -
DNO_MSABI_VA_FUNCS

+

+ # suppress the following warnings in openssl so we don't break the
build
with
warnings-as-errors:

+ # 1295: Deprecated declaration <entity> - give arg types

+ # 550: <entity> was set but never used

+ # 1293: assignment in condition

+ # 111: statement is unreachable (invariably "break;" after "return
X;"
in case
statement)

+ # 68: integer conversion resulted in a change of sign ("if (Status
==
-1)")

+ # 177: <entity> was declared but never referenced

+ # 223: function <entity> declared implicitly

+ # 144: a value of type <type> cannot be used to initialize an entity
of
type
<type>

+ # 513: a value of type <type> cannot be assigned to an entity of
type
<type>

+ # 188: enumerated type mixed with another type (i.e. passing an
integer
as an
enum without a cast)

+ # 1296: Extended constant initialiser used

+ # 128: loop is not reachable - may be emitted inappropriately if
code
follows
a conditional return

+ # from the function that evaluates to true at compile time

+ # 546: transfer of control bypasses initialization - may be emitted
inappropriately if the uninitialized

+ # variable is never referenced after the jump

+ # 1: ignore "#1-D: last line of file ends without a newline"

+ # 3017: <entity> may be used before being set (NOTE: This was
fixed in
OpenSSL 1.1 HEAD with

+ # commit d9b8b89bec4480de3a10bdaf9425db371c19145b, and
can
be
dropped then.)

+ XCODE:*_*_X64_CC_FLAGS = -mmmx -msse -U_WIN32 -
U_WIN64
$(OPENSSL_FLAGS) $(OPENSSL_FLAGS_CONFIG) -w -std=c99 -Wno-
error=uninitialized

diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h
b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 3a2544ea5c..e8f73c4d10 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -112,9 +112,6 @@ extern "C" {
#ifndef OPENSSL_NO_ASAN

# define OPENSSL_NO_ASAN

#endif

-#ifndef OPENSSL_NO_ASM

-# define OPENSSL_NO_ASM

-#endif

#ifndef OPENSSL_NO_ASYNC

# define OPENSSL_NO_ASYNC

#endif

diff --git a/CryptoPkg/Library/OpensslLib/ApiHooks.c
b/CryptoPkg/Library/OpensslLib/ApiHooks.c
new file mode 100644
index 0000000000..58cff16838
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/ApiHooks.c
@@ -0,0 +1,18 @@
+/** @file

+ OpenSSL Library API hooks.

+

+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include <Uefi.h>

+

+VOID *

+__imp_RtlVirtualUnwind (

+ VOID * Args

+ )

+{

+ return NULL;

+}

+

diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
new file mode 100644
index 0000000000..ef20d2b84e
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
@@ -0,0 +1,34 @@
+/** @file

+ Constructor to initialize CPUID data for OpenSSL assembly
operations.

+

+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include <Uefi.h>

+

+extern void OPENSSL_cpuid_setup (void);

+

+/**

+ Constructor routine for OpensslLib.

+

+ The constructor calls an internal OpenSSL function which fetches a
local
copy

+ of the hardware capability flags, used to enable native crypto
instructions.

+

+ @param None

+

+ @retval EFI_SUCCESS The construction succeeded.

+

+**/

+EFI_STATUS

+EFIAPI

+OpensslLibConstructor (

+ VOID

+ )

+{

+ OPENSSL_cpuid_setup ();

+

+ return EFI_SUCCESS;

+}

+

diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
b/CryptoPkg/Library/OpensslLib/process_files.pl
index 57ce195394..472f59bc8e 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -9,9 +9,63 @@
# do not need to do this, since the results are stored in the EDK2

# git repository for them.

#

+# Due to the script wrapping required to process the OpenSSL

+# configuration data, each native architecture must be processed

+# individually by the maintainer (in addition to the standard version):

+# ./process_files.pl

+# ./process_files.pl X64

+# ./process_files.pl [Arch]

+

use strict;

use Cwd;

use File::Copy;

+use File::Basename;

+use File::Path qw(make_path remove_tree);

+use Text::Tabs;

+

+#

+# OpenSSL perlasm generator script does not transfer the copyright
header

+#

+sub copy_license_header

+{

+ my @args = split / /, shift; #Separate args by spaces

+ my $source = $args[1]; #Source file is second (after
"perl")

+ my $target = pop @args; #Target file is always last

+ chop ($target); #Remove newline char

+

+ my $temp_file_name = "license.tmp";

+ open (my $source_file, "<" . $source) || die $source;

+ open (my $target_file, "<" . $target) || die $target;

+ open (my $temp_file, ">" . $temp_file_name) || die
$temp_file_name;

+

+ #Add "generated file" warning

+ $source =~ s/^..//; #Remove leading "./"

+ print ($temp_file "; WARNING: do not edit!\r\n");

+ print ($temp_file "; Generated from $source\r\n");

+ print ($temp_file ";\r\n");

+

+ #Copy source file header to temp file

+ while (my $line = <$source_file>) {

+ next if ($line =~ /#!/); #Ignore shebang line

+ $line =~ s/#/;/; #Fix comment character for assembly

+ $line =~ s/\s+$/\r\n/; #Trim trailing whitepsace, fixup
line
endings

+ print ($temp_file $line);

+ last if ($line =~ /http/); #Last line of copyright header
contains a web link

+ }

+ print ($temp_file "\r\n");

+ #Retrieve generated assembly contents

+ while (my $line = <$target_file>) {

+ $line =~ s/\s+$/\r\n/; #Trim trailing whitepsace, fixup
line
endings

+ print ($temp_file expand ($line)); #expand() replaces tabs with
spaces

+ }

+

+ close ($source_file);

+ close ($target_file);

+ close ($temp_file);

+

+ move ($temp_file_name, $target) ||

+ die "Cannot replace \"" . $target . "\"!";

+}



#

# Find the openssl directory name for use lib. We have to do this

@@ -21,10 +75,41 @@ use File::Copy;
#

my $inf_file;

my $OPENSSL_PATH;

+my $uefi_config;

+my $extension;

+my $arch;

my @inf;



BEGIN {

$inf_file = "OpensslLib.inf";

+ $uefi_config = "UEFI";

+ $arch = shift;

+

+ if (defined $arch) {

+ if (uc ($arch) eq "X64") {

+ $arch = "X64";

+ $inf_file = "OpensslLibX64.inf";

+ $uefi_config = "UEFI-x86_64";

+ $extension = "nasm";

+ } else {

+ die "Unsupported architecture \"" . $arch . "\"!";

+ }

+ if ($extension eq "nasm") {

+ if (`nasm -v 2>&1`) {

+ #Presence of nasm executable will trigger inclusion of
AVX
instructions

+ die "\nCannot run assembly generators with NASM in
path!\n\n";

+ }

+ }

+

+ # Prepare assembly folder

+ if (-d $arch) {

+ remove_tree ($arch, {safe => 1}) ||

+ die "Cannot clean assembly folder \"" . $arch . "\"!";

+ } else {

+ mkdir $arch ||

+ die "Cannot create assembly folder \"" . $arch . "\"!";

+ }

+ }



# Read the contents of the inf file

open( FD, "<" . $inf_file ) ||

@@ -47,9 +132,9 @@ BEGIN {
# Configure UEFI

system(

"./Configure",

- "UEFI",

+ "--config=../uefi-asm.conf",

+ "$uefi_config",

"no-afalgeng",

- "no-asm",

"no-async",

"no-autoerrinit",

"no-autoload-config",

@@ -129,23 +214,53 @@ BEGIN {
# Retrieve file lists from OpenSSL configdata

#

use configdata qw/%unified_info/;

+use configdata qw/%config/;

+use configdata qw/%target/;

+

+#

+# Collect build flags from configdata

+#

+my $flags = "";

+foreach my $f (@{$config{lib_defines}}) {

+ $flags .= " -D$f";

+}



my @cryptofilelist = ();

my @sslfilelist = ();

+my @asmfilelist = ();

+my @asmbuild = ();

foreach my $product ((@{$unified_info{libraries}},

@{$unified_info{engines}})) {

foreach my $o (@{$unified_info{sources}->{$product}}) {

foreach my $s (@{$unified_info{sources}->{$o}}) {

- next if ($unified_info{generate}->{$s});

- next if $s =~ "crypto/bio/b_print.c";

-

# No need to add unused files in UEFI.

# So it can reduce porting time, compile time, library size.

+ next if $s =~ "crypto/bio/b_print.c";

next if $s =~ "crypto/rand/randfile.c";

next if $s =~ "crypto/store/";

next if $s =~ "crypto/err/err_all.c";

next if $s =~ "crypto/aes/aes_ecb.c";



+ if ($unified_info{generate}->{$s}) {

+ if (defined $arch) {

+ my $buildstring = "perl";

+ foreach my $arg (@{$unified_info{generate}->{$s}}) {

+ if ($arg =~ ".pl") {

+ $buildstring .= " ./openssl/$arg";

+ } elsif ($arg =~ "PERLASM_SCHEME") {

+ $buildstring .= " $target{perlasm_scheme}";

+ } elsif ($arg =~ "LIB_CFLAGS") {

+ $buildstring .= "$flags";

+ }

+ }

+ ($s, my $path, undef) = fileparse($s, qr/\.[^.]*/);

+ $buildstring .= " ./$arch/$path$s.$extension";

+ make_path ("./$arch/$path");

+ push @asmbuild, "$buildstring\n";

+ push @asmfilelist, " $arch/$path$s.$extension\r\n";

+ }

+ next;

+ }

if ($product =~ "libssl") {

push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";

next;

@@ -183,15 +298,31 @@ foreach (@headers){
}





+#

+# Generate assembly files

+#

+if (@asmbuild) {

+ print "\n--> Generating assembly files ... ";

+ foreach my $buildstring (@asmbuild) {

+ system ("$buildstring");

+ copy_license_header ($buildstring);

+ }

+ print "Done!";

+}

+

#

# Update OpensslLib.inf with autogenerated file list

#

my @new_inf = ();

my $subbing = 0;

-print "\n--> Updating OpensslLib.inf ... ";

+print "\n--> Updating $inf_file ... ";

foreach (@inf) {

+ if ($_ =~ "DEFINE OPENSSL_FLAGS_CONFIG") {

+ push @new_inf, " DEFINE OPENSSL_FLAGS_CONFIG =" . $flags
.
"\r\n";

+ next;

+ }

if ( $_ =~ "# Autogenerated files list starts here" ) {

- push @new_inf, $_, @cryptofilelist, @sslfilelist;

+ push @new_inf, $_, @asmfilelist, @cryptofilelist, @sslfilelist;

$subbing = 1;

next;

}

@@ -216,49 +347,51 @@ rename( $new_inf_file, $inf_file ) ||
die "rename $inf_file";

print "Done!";



-#

-# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)

-#

-$inf_file = "OpensslLibCrypto.inf";

-

-# Read the contents of the inf file

-@inf = ();

-@new_inf = ();

-open( FD, "<" . $inf_file ) ||

- die "Cannot open \"" . $inf_file . "\"!";

-@inf = (<FD>);

-close(FD) ||

- die "Cannot close \"" . $inf_file . "\"!";

+if (!defined $arch) {

+ #

+ # Update OpensslLibCrypto.inf with auto-generated file list (no
libssl)

+ #

+ $inf_file = "OpensslLibCrypto.inf";



-$subbing = 0;

-print "\n--> Updating OpensslLibCrypto.inf ... ";

-foreach (@inf) {

- if ( $_ =~ "# Autogenerated files list starts here" ) {

- push @new_inf, $_, @cryptofilelist;

- $subbing = 1;

- next;

- }

- if ( $_ =~ "# Autogenerated files list ends here" ) {

- push @new_inf, $_;

- $subbing = 0;

- next;

+ # Read the contents of the inf file

+ @inf = ();

+ @new_inf = ();

+ open( FD, "<" . $inf_file ) ||

+ die "Cannot open \"" . $inf_file . "\"!";

+ @inf = (<FD>);

+ close(FD) ||

+ die "Cannot close \"" . $inf_file . "\"!";

+

+ $subbing = 0;

+ print "\n--> Updating OpensslLibCrypto.inf ... ";

+ foreach (@inf) {

+ if ( $_ =~ "# Autogenerated files list starts here" ) {

+ push @new_inf, $_, @cryptofilelist;

+ $subbing = 1;

+ next;

+ }

+ if ( $_ =~ "# Autogenerated files list ends here" ) {

+ push @new_inf, $_;

+ $subbing = 0;

+ next;

+ }

+

+ push @new_inf, $_

+ unless ($subbing);

}



- push @new_inf, $_

- unless ($subbing);

+ $new_inf_file = $inf_file . ".new";

+ open( FD, ">" . $new_inf_file ) ||

+ die $new_inf_file;

+ print( FD @new_inf ) ||

+ die $new_inf_file;

+ close(FD) ||

+ die $new_inf_file;

+ rename( $new_inf_file, $inf_file ) ||

+ die "rename $inf_file";

+ print "Done!";

}



-$new_inf_file = $inf_file . ".new";

-open( FD, ">" . $new_inf_file ) ||

- die $new_inf_file;

-print( FD @new_inf ) ||

- die $new_inf_file;

-close(FD) ||

- die $new_inf_file;

-rename( $new_inf_file, $inf_file ) ||

- die "rename $inf_file";

-print "Done!";

-

#

# Copy opensslconf.h and dso_conf.h generated from OpenSSL
Configuration

#

diff --git a/CryptoPkg/Library/OpensslLib/uefi-asm.conf
b/CryptoPkg/Library/OpensslLib/uefi-asm.conf
new file mode 100644
index 0000000000..55eedbf3ba
--- /dev/null
+++ b/CryptoPkg/Library/OpensslLib/uefi-asm.conf
@@ -0,0 +1,15 @@
+## -*- mode: perl; -*-

+## UEFI assembly openssl configuration targets.

+

+my %targets = (

+#### UEFI

+ "UEFI-x86_64" => {

+ perlasm_scheme => "nasm",

+ # inherit_from => [ "UEFI", asm("x86_64_asm") ],

+ inherit_from => [ "UEFI" ],

+ cpuid_asm_src => "x86_64cpuid.s",

+ aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-
x86_64.s
aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",

+ sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-
x86_64.s
sha1-mb-x86_64.s sha256-mb-x86_64.s",

+ modes_asm_src => "ghash-x86_64.s",

+ },

+);

--
2.28.0.windows.1



more development process failure [was: UefiPayloadPkg: Runtime MMCONF]

Laszlo Ersek
 

Guo,

On 08/18/20 10:24, Marcello Sylvester Bauer wrote:
Support arbitrary platforms with different or even no MMCONF space.
Fixes crash on platforms not exposing 256 buses.

Tested on:
* AMD Stoney Ridge

Branch: https://github.com/9elements/edk2-1/tree/UefiPayloadPkg-MMCONF
PR: https://github.com/tianocore/edk2/pull/885

v5:
* MdePkg
- support variable size MMCONF in all PciExpressLibs
- use (UINTX)-1 as return values for invalid Pci addresses
Okay, so we got more of the same development process violations here, as
I've just reported at <https://edk2.groups.io/g/devel/message/65313>.

See this new pull request:

https://github.com/tianocore/edk2/pull/932/

"No description provided."

You should be embarrassed.

Laszlo


Re: [PATCH] EmulatorPkg: Enable support for Secure Boot

Ni, Ray
 

1. I prefer to not duplicate the HobLib/PcdLib/.../TimerLib in DSC for runtime drivers just because they need to link a different CryptLib.
2. Why the DSC requires UEFI_DRIVER and UEFI_APPLICATION modules use RuntimeCryptLib? It should cause build failures because RuntimeCryptLib only can support DXE_RUNTIME_DRIVER.
3. SecurityStubDxe is already in DSC file. Why did you add another one?

Thanks,
Ray

-----Original Message-----
From: gaoliming <gaoliming@byosoft.com.cn>
Sent: Wednesday, September 16, 2020 9:49 AM
To: devel@edk2.groups.io; Wadhawan, Divneil R
<divneil.r.wadhawan@intel.com>
Cc: Ni, Ray <ray.ni@intel.com>; 'Andrew Fish' <afish@apple.com>; Justen,
Jordan L <jordan.l.justen@intel.com>; Kinney, Michael D
<michael.d.kinney@intel.com>
Subject: 回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure
Boot

I think SECURE_BOOT_ENABLE flag is fine. It controls more security related
features. And, this flag is also used in OVMF DSC.

So, this change is good to me. Reviewed-by: Liming Gao
<gaoliming@byosoft.com.cn>

Ray, Andrew: have you any other comment?

Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+65013+4905953+8761045@groups.io
<bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan,
Divneil R
发送时间: 2020年9月4日 2:17
收件人: devel@edk2.groups.io
抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com)
<afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney,
Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R
<divneil.r.wadhawan@intel.com>
主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
The following gets enabled with this patch:
o Secure Boot Menu in "Device Manager" for enrolling keys
o Storage space for Authenticated Variables
o Authenticated execution of 3rd party images

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
---
EmulatorPkg/EmulatorPkg.dsc | 40
+++++++++++++++++++++++++++++++++++--
EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
2 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 86a6271735..6591c3e824 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -32,6 +32,7 @@
DEFINE NETWORK_TLS_ENABLE = FALSE
DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
DEFINE NETWORK_ISCSI_ENABLE = FALSE
+ DEFINE SECURE_BOOT_ENABLE = FALSE

[SkuIds]
0|DEFAULT
@@ -106,12 +107,20 @@
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf

CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu
ll/CpuExceptionHandlerLibNull.inf

TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm
MeasurementLibNull.inf
-
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
bNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf

+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur
eLibNull.inf
+
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ !else
+
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
bNull.inf
+ !endif
+
[LibraryClasses.common.SEC]

PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -162,7 +171,20 @@
TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf

-[LibraryClasses.common.DXE_RUNTIME_DRIVER,
LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER,
LibraryClasses.common.UEFI_APPLICATION]
+[LibraryClasses.common.DXE_DRIVER]
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
yAllocationLib.inf
+
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
eportStatusCodeLib.inf
+ EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
+
PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
EmuPeCoffExtraActionLib.inf
+
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
eportStatusCodeLib.inf
+ TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ !endif
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER,
LibraryClasses.common.UEFI_DRIVER,
LibraryClasses.common.UEFI_APPLICATION]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf

MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
yAllocationLib.inf
@@ -171,6 +193,9 @@

PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
EmuPeCoffExtraActionLib.inf

ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
eportStatusCodeLib.inf
TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ !endif

[PcdsFeatureFlag]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
@@ -190,6 +215,10 @@
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000

gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE
RY.fd"
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+ !endif

gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"

@@ -315,6 +344,13 @@
EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
EmulatorPkg/TimerDxe/Timer.inf

+ !if $(SECURE_BOOT_ENABLE) == TRUE
+
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
xe.inf
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i
nf
+ }
+ !endif

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
{
<LibraryClasses>
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 295f6f1db8..4bf592e778 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -46,10 +46,16 @@ DATA = {
# Blockmap[1]: End
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
## This is the VARIABLE_STORE_HEADER
- #Signature: gEfiVariableGuid =
- # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f,
0xfe, 0x7d }}
- 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
- 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !if $(SECURE_BOOT_ENABLE) == FALSE
+ #Signature: gEfiVariableGuid =
+ # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70,
0x7f,
0xfe, 0x7d }}
+ 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
+ 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !else
+ # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b,
0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+ 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+ !endif
#Size: 0xc000
(gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48
(size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
# This can speed up the Variable Dispatch a bit.
0xB8, 0xBF, 0x00, 0x00,
@@ -186,6 +192,13 @@ INF RuleOverride = UI
MdeModulePkg/Application/UiApp/UiApp.inf
INF
MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i
nf
INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf

+#
+# Secure Boot Key Enroll
+#
+!if $(SECURE_BOOT_ENABLE) == TRUE
+INF
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
xe.inf
+!endif
+
#
# Network stack drivers
#
--
2.24.1.windows.2


development process failure [was: remove TPM related ppi from Depex for Fsp wrapper PEIM driver]

Laszlo Ersek
 

Jiewen, Chasel,

On 09/15/20 08:21, Qi Zhang wrote:
Some open board are TPM disabled. So the boot may hang because
these PPIs can't arrive. And gEdkiiTcgPpiGuid will be notified where
it is used. So we need to remove these PPIs from Depex for Fsp wrapper
PEI and PeiTpmMeasurementLib.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>

Qi Zhang (2):
IntelFsp2WrapperPkg: remove gPeiTpmInitializationDonePpiGuid from
Depex
SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuid

IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf | 3 +--
IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf | 3 +--
.../Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf | 3 +--
3 files changed, 3 insertions(+), 6 deletions(-)
Please adopt a *much more* disciplined approach when merging patch series.


(1) When you merge a patch set, please report back on the list. Identify
both the pull request URL, and the commit reange.

In this case, the pull request was

https://github.com/tianocore/edk2/pull/930

and the commit range is a62fb4229d14..7bcb021a6d54.


(2) The associated Bugzilla:

https://bugzilla.tianocore.org/show_bug.cgi?id=2963

has been completely neglected, by both submitter and maintainers.

- The original BZ report is *absolute trash*.

- No URL into the mailing list archive has been captured in the BZ,
about the posted series.

- The BZ status is still CONFIRMED.

- No mention of the pull request, or the resultant commit, range in the
BZ ticket.


(3) The github pull request at
<https://github.com/tianocore/edk2/pull/930> does contain *any*
indication of the bugzilla ticket, or the cover letter on the list.

Basically we have random artifacts in three different places (Bugzilla,
github.com, mailing list), and nobody of the involved parties
(reviewers, maintainers, constributors) on this patch set have made
*any* effort to cross-reference them. We now have to hunt down
everything separately.


(4) Worst of all, the subject line of commit 414d7d11e6ea contains a
Unicode code point called FULLWIDTH COLON (U+FF1A) rather than a normal
colon (U+003A).

Compare:

- bad (current): IntelFsp2WrapperPkg: remove [...]
- good (should have been): IntelFsp2WrapperPkg: remove [...]

It makes absolutely no sense to use non-ASCII code points in subject
lines, for something as trivial as a colon.


I've been here for 8-9 years now and it's incredibly frustrating that I
*still* have to whine about basic stuff like this on a regular basis.

I don't even know whom I should CC at Intel (management or otherwise) to
see an improvement in attitude here.

I guess this community cannot be saved.

Laszlo


Re: [PATCH v2 0/2] Add support for scanning Option ROMs

Ni, Ray
 

Why running it will disable the ability of PciPlatform code to scan for ROMs?

I guess it is because the PciIoDevice->AllOpRomProcessed is set which causes GetPciRom() is skipped.

Can you explain more in the code comment?

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Marcello
Sylvester Bauer
Sent: Tuesday, September 15, 2020 8:26 PM
To: devel@edk2.groups.io
Subject: [edk2-devel] [PATCH v2 0/2] Add support for scanning Option ROMs

Fix Option ROM enumeration and support scanning.

v2:
* add correct Maintainer and Reviewer to Cc
* PciPlatformDxe:
- Update description
- add function description

Branch: https://github.com/9elements/edk2-1/tree/UefiPayloadPkg-
Option_ROMs
PR: https://github.com/tianocore/edk2/pull/926

Patrick Rudolph (2):
MdeModulePkg: Fix OptionROM scanning
UefiPayloadPkg: Scan for Option ROMs

UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 1 +
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc | 1 +
UefiPayloadPkg/UefiPayloadPkg.fdf | 1 +
UefiPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf | 46 +++
UefiPayloadPkg/PciPlatformDxe/PciPlatformDxe.h | 19 +
MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c | 10 +-
UefiPayloadPkg/PciPlatformDxe/PciPlatformDxe.c | 426
++++++++++++++++++++
7 files changed, 500 insertions(+), 4 deletions(-)
create mode 100644 UefiPayloadPkg/PciPlatformDxe/PciPlatformDxe.inf
create mode 100644 UefiPayloadPkg/PciPlatformDxe/PciPlatformDxe.h
create mode 100644 UefiPayloadPkg/PciPlatformDxe/PciPlatformDxe.c

--
2.28.0



Re: [PATCH] EmulatorPkg: Enable support for Authenticated Variables

Ni, Ray
 

I assume you did the test.

Reviewed-by: Ray Ni <ray.ni@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wadhawan,
Divneil R
Sent: Thursday, September 3, 2020 1:44 AM
To: devel@edk2.groups.io
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R
<divneil.r.wadhawan@intel.com>
Subject: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Authenticated
Variables

SECURE_BOOT_ENABLE feature flag is introduced to enable Authenticated
variable support by:
o Enabling storage space
o Enabling AuthLib support

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
---
EmulatorPkg/EmulatorPkg.dsc | 17 ++++++++++++++++-
EmulatorPkg/EmulatorPkg.fdf | 14 ++++++++++----
2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 86a6271735..06cd8a9b4c 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -32,6 +32,7 @@
DEFINE NETWORK_TLS_ENABLE = FALSE
DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
DEFINE NETWORK_ISCSI_ENABLE = FALSE
+ DEFINE SECURE_BOOT_ENABLE = TRUE

[SkuIds]
0|DEFAULT
@@ -89,6 +90,7 @@

TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTempl
ate.inf

SerialPortLib|MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
+
#
# Platform
#
@@ -106,12 +108,21 @@
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf

CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/
CpuExceptionHandlerLibNull.inf

TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm
MeasurementLibNull.inf
-
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib
Null.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf

+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecure
LibNull.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ !else
+
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib
Null.inf
+ !endif
+
[LibraryClasses.common.SEC]
PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -190,6 +201,10 @@
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000

gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVERY
.fd"
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+ !endif

gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"

diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 295f6f1db8..93552baf8b 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -46,10 +46,16 @@ DATA = {
# Blockmap[1]: End
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
## This is the VARIABLE_STORE_HEADER
- #Signature: gEfiVariableGuid =
- # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe,
0x7d }}
- 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
- 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !if $(SECURE_BOOT_ENABLE) == FALSE
+ #Signature: gEfiVariableGuid =
+ # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe,
0x7d }}
+ 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
+ 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !else
+ # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a,
{ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+ 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+ !endif
#Size: 0xc000
(gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48
(size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
# This can speed up the Variable Dispatch a bit.
0xB8, 0xBF, 0x00, 0x00,
--
2.24.1.windows.2



Re: [PATCH] OvmfPkg/README: HTTPS Boot: describe host-side TLS cipher suites forwarding

Laszlo Ersek
 

On 09/15/20 19:09, Philippe Mathieu-Daudé wrote:
Hi Laszlo,

On 9/10/20 8:02 AM, Laszlo Ersek wrote:
On 09/09/20 18:21, Philippe Mathieu-Daudé wrote:
On 9/7/20 6:18 PM, Laszlo Ersek wrote:
In QEMU commit range 4abf70a661a5..69699f3055a5, Phil implemented a QEMU
facility for exposing the host-side TLS cipher suite configuration to
OVMF. The purpose is to control the permitted ciphers in the guest's UEFI
HTTPS boot. This complements the forwarding of the host-side crypto policy
from the host to the guest -- the other facet was the set of CA
certificates (for which p11-kit patches had been upstreamed, on the host
side).

Mention the new command line options in "OvmfPkg/README".

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Gary Lin <glin@suse.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2852
Thanks for addressing this BZ for me...

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/README | 24 ++++++++++++--------
1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/OvmfPkg/README b/OvmfPkg/README
index 3dd28474ead4..2009d9d29796 100644
--- a/OvmfPkg/README
+++ b/OvmfPkg/README
@@ -294,67 +294,73 @@ and encrypted connection.

You can also append a certificate to the existing list with the following
command:

efisiglist -i <old certdb> -a <cert file> -o <new certdb>

NOTE: You may need the patch to make efisiglist generate the correct header.
(https://github.com/rhboot/pesign/pull/40)

* Besides the trusted certificates, it's also possible to configure the trusted
cipher suites for HTTPS through another fw_cfg entry: etc/edk2/https/ciphers.

- -fw_cfg name=etc/edk2/https/ciphers,file=<cipher suites>
-
OVMF expects a binary UINT16 array which comprises the cipher suites HEX
IDs(*4). If the cipher suite list is given, OVMF will choose the cipher
suite from the intersection of the given list and the built-in cipher
suites. Otherwise, OVMF just chooses whatever proper cipher suites from the
built-in ones.

- While the tool(*5) to create the cipher suite array is still under
- development, the array can be generated with the following script:
+ Using QEMU 5.1 or later, QEMU can expose the ordered list of permitted TLS
+ cipher suites from the host side to OVMF:
+
+ -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \
+ -fw_cfg name=etc/edk2/https/ciphers,gen_id=mysuite0
+
+ (Refer to the QEMU manual and to
+ <https://gnutls.org/manual/html_node/Priority-Strings.html> for more
+ information on the "priority" property.)
+
+ Using QEMU 5.0 or earlier, the array has to be passed from a file:
What about using a '-' to list each "Using QEMU ..." and make the
separation clearer?
I can do that, yes. There are three possibilities:

- prefix just one line (in each affected paragraph) with the hyphen,

- prefix the first line of each paragraph with the hyphen, plus indent
the rest of the *same paragraph* by 2 spaces.
I'd go with this possibility. Clear and easy.


- prefix the first line of each paragraph with the hyphen, plus indent
the rest of the *text* that applies to the QEMU versions being discussed.
(Note that would be my *visual* preference, but I don't think it's
worth it, I prefer we keep the diff short and easy to review).
Agreed on both counts :)

Thanks!
Laszlo


Re: 回复: edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

Matthew Carlson
 

Looks good to me

On Sep 15, 2020, 6:39 PM -0700, gaoliming <gaoliming@...>, wrote:
I normally check Maintainers.txt and make sure each patch get the review from package maintainer or package reviewer.
 
Thanks
Liming
发件人: Matthew Carlson <matthewfcarlson@...>
 发送时间: 2020年9月16日 9:00
收件人: gaoliming <gaoliming@...>; devel@edk2.groups.io; macarl@...
主题: RE: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib
 
Thanks Liming!
 
Is there an easy way to check if all the patches have reviewed-by from maintainers?
 
I can confirm that each patch (now that you’ve given a reviewed by for Patch 1 & 2) has a reviewed by and some have a few reviewed by or acked by.
 
From: gaoliming
Sent: Tuesday, September 15, 2020 5:57 PM
To: devel@edk2.groups.iomacarl@...Matthew Carlson
Subject: 回复: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib
 
Matthew:
 I just check this patch set. All 5 patches have got reviewed-by from the package maintainer or reviewer. Can you double confirm? If yes, I will help merge them.
 
Thanks
Liming
发件人: bounce+27952+65285+4905953+8761045@groups.io <bounce+27952+65285+4905953+8761045@groups.io> 代表 Matthew Carlson via groups.io
发送时间: 2020年9月16日 6:48
收件人: Matthew Carlson <matthewfcarlson@...>; devel@edk2.groups.io
主题: Re: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib
 
Just pinging this thread to see what needs to get done next. Thank you Liming for the reviewed by on the MdeModulePkg changes.

--
- Matthew Carlson
 


Re: [PATCH v3 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface

Yao, Jiewen
 

The series 1~3: reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

I would like to wait for at least one week to see if anyone has size concern - Hash2DxeCrypto grew from ~26k to ~253k.

Thank you
Yao Jiewen

-----Original Message-----
From: Christopher J Zurcher <christopher.j.zurcher@intel.com>
Sent: Wednesday, September 16, 2020 8:59 AM
To: devel@edk2.groups.io
Cc: Laszlo Ersek <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>;
Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
Subject: [PATCH v3 0/3] CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest
interface

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2545

V3 changes:
Added list of valid Digest Names to EvpMdInit() header
Added missing copy of CryptEvpMdNull.c in BaseCryptLibNull folder

V2 changes:
Added NullLib implementation
Added Crypto Service implementation
Rebased Hash2DxeCrypto to use EVP interface instead of low-level functions
Removed unnecessary casts
Added "HashAll" utility function
Merged "New" and "Init" functions as well as "Final" and "Free" functions
Retained "Init/Update/Final" naming instead of "New/Update/Free" as this
conforms with common usage

Low-level interfaces to message digest (hash) functions have been deprecated
in OpenSSL 3. In order to upgrade to OpenSSL 3, all direct calls to
low-level functions (such as SHA256_Init() in CryptSha256.c) will need to
be replaced by EVP inteface calls.

References:
https://www.openssl.org/docs/manmaster/man7/evp.html
https://www.openssl.org/docs/manmaster/man3/SHA256_Init.html

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>

Christopher J Zurcher (3):
CryptoPkg/BaseCryptLib: Add EVP (Envelope) Digest interface
CryptoPkg: Add EVP to Crypto Service driver interface
SecurityPkg/Hash2DxeCrypto: Rebase Hash2DxeCrypto onto the EVP
interface

CryptoPkg/CryptoPkg.dsc | 3 +
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf | 1 +
CryptoPkg/Include/Library/BaseCryptLib.h | 129 ++++++++
CryptoPkg/Include/Pcd/PcdCryptoServiceFamilyEnable.h | 10 +
CryptoPkg/Private/Protocol/Crypto.h | 131 ++++++++
SecurityPkg/Hash2DxeCrypto/Driver.h | 1 -
CryptoPkg/Driver/Crypto.c | 152 ++++++++-
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c | 257
+++++++++++++++
CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c | 128 ++++++++
CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c | 128 ++++++++
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c | 144 ++++++++
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 345 ++------------------
16 files changed, 1117 insertions(+), 316 deletions(-)
create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMd.c
create mode 100644 CryptoPkg/Library/BaseCryptLib/Evp/CryptEvpMdNull.c
create mode 100644
CryptoPkg/Library/BaseCryptLibNull/Evp/CryptEvpMdNull.c

--
2.28.0.windows.1


Re: [PATCH v7 11/14] SecurityPkg: Allow VariablePolicy state to delete authenticated variables

Yao, Jiewen
 

Hi Bret
I have minor comment below. Please let me know your thought.


-----邮件原件-----
发件人: bounce+27952+64723+4905953+8761045@groups.io
<bounce+27952+64723+4905953+8761045@groups.io> 代表 Bret Barkelew
发送时间: 2020年8月28日 13:51
收件人: devel@edk2.groups.io
抄送: Jiewen Yao <jiewen.yao@intel.com>; Jian J Wang
<jian.j.wang@intel.com>; Chao Zhang <chao.b.zhang@intel.com>
主题: [edk2-devel] [PATCH v7 11/14] SecurityPkg: Allow VariablePolicy state
to delete authenticated variables

https://bugzilla.tianocore.org/show_bug.cgi?id=2522

Causes AuthService to check
IsVariablePolicyEnabled() before enforcing
write protections to allow variable deletion
when policy engine is disabled.

Only allows deletion, not modification.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 22
++++++++++++++++----
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 ++
2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 2f60331f2c04..aca9a5620c28 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -19,12 +19,16 @@
to verify the signature.



Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>

+Copyright (c) Microsoft Corporation.

SPDX-License-Identifier: BSD-2-Clause-Patent



**/



#include "AuthServiceInternal.h"



+#include <Protocol/VariablePolicy.h>

+#include <Library/VariablePolicyLib.h>

+

//

// Public Exponent of RSA Key.

//

@@ -217,9 +221,12 @@ NeedPhysicallyPresent(
IN EFI_GUID *VendorGuid

)

{

- if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) &&
(StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))

- || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp
(VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {

- return TRUE;

+ // If the VariablePolicy engine is disabled, allow deletion of any
authenticated variables.

+ if (IsVariablePolicyEnabled()) {

+ if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) &&
(StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))

+ || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp
(VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {

+ return TRUE;

+ }

}
[Jiewen] Looks good.



return FALSE;

@@ -842,7 +849,8 @@ ProcessVariable (
&OrgVariableInfo

);



- if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable
(OrgVariableInfo.Attributes, Data, DataSize, Attributes) &&
UserPhysicalPresent()) {

+ // If the VariablePolicy engine is disabled, allow deletion of any
authenticated variables.

+ if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable
(OrgVariableInfo.Attributes, Data, DataSize, Attributes) &&
(UserPhysicalPresent() || !IsVariablePolicyEnabled())) {
[Jiewen] Looks good.

//

// Allow the delete operation of common authenticated variable(AT or
AW) at user physical presence.

//

@@ -1960,6 +1968,12 @@ VerifyTimeBasedPayload (


CopyMem (Buffer, PayloadPtr, PayloadSize);



+ // If the VariablePolicy engine is disabled, allow deletion of any
authenticated variables.

+ if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 &&
!IsVariablePolicyEnabled()) {

+ VerifyStatus = TRUE;

+ goto Exit;

+ }
[Jiewen] I checked the programming context.
If we are going to skip the check, I feel the GetScratchBuffer() and CopyMem () may be avoided.
Also, I do not find any those data are used at Exit.

How about we move the check just after getting PayloadSize?
//
// Find out the new data payload which follows Pkcs7 SignedData directly.
//
PayloadPtr = SigData + SigDataSize;
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;
I hope it can make logic clearer.


One more thing is about below action at Exit.
Pkcs7FreeSigners (TopLevelCert);
Pkcs7FreeSigners (SignerCerts);

With new short path, we can come here with NULL point for Pkcs7FreeSigners().
I don't know the result if we pass a NULL pointer according to Pkcs7FreeSigners() API definition.
/**
Wrap function to use free() to free allocated memory for certificates.
If this interface is not supported, then ASSERT().
@param[in] Certs Pointer to the certificates to be freed.
**/
VOID
EFIAPI
Pkcs7FreeSigners (
IN UINT8 *Certs
);

I notice the current openssl version BaseCryptoLib implementation will check NULL and return.
We are safe in the default one. But I am not sure about other implementation.

I recommend we either document NULL pointer behavior in Pkcs7FreeSigners(), or add NULL pointer check at Exit to avoid calling Pkcs7FreeSigners().

With above two update, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>


+

if (AuthVarType == AuthVarTypePk) {

//

// Verify that the signature has been made with the current Platform
Key (no chaining for PK).

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
index 8d4ce14df494..8eadeebcebd7 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
@@ -3,6 +3,7 @@
#

# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>

# Copyright (c) 2018, ARM Limited. All rights reserved.<BR>

+# Copyright (c) Microsoft Corporation.

#

# SPDX-License-Identifier: BSD-2-Clause-Patent

#

@@ -41,6 +42,7 @@ [LibraryClasses]
MemoryAllocationLib

BaseCryptLib

PlatformSecureLib

+ VariablePolicyLib



[Guids]

## CONSUMES ## Variable:L"SetupMode"

--
2.28.0.windows.1


-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#64723): https://edk2.groups.io/g/devel/message/64723
Mute This Topic: https://groups.io/mt/76468137/4905953
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[gaoliming@byosoft.com.cn]
-=-=-=-=-=-=


Re: [PATCH v1 1/1] ShellPkg/AcpiView: PCCT Parser

Gao, Zhichao
 

Hi Sami,

Sorry for the delay review. Please see below.

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sami
Mujawar
Sent: Monday, August 24, 2020 6:23 PM
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@arm.com>; Ni, Ray <ray.ni@intel.com>; Gao,
Zhichao <zhichao.gao@intel.com>; marc.moisson-franckhauser@arm.com;
Guillaume.Letellier@arm.com; Matteo.Carlini@arm.com;
Ben.Adderson@arm.com; nd@arm.com
Subject: [edk2-devel] [PATCH v1 1/1] ShellPkg/AcpiView: PCCT Parser

From: Marc Moisson-Franckhauser <marc.moisson-franckhauser@arm.com>

Create a new parser for the PCCT Table.

The PCCT Table is used to describe how the OSPM can communicate with entities
outside the platform. It describes which memory spaces correspond to which
entity as well as a few of the needed information to handle the communications.

This new PCCT parser dumps the values and names of the table fields. It also
performs some validation on the table's fields.

Signed-off-by: Marc Moisson-Franckhauser <marc.moisson-
franckhauser@arm.com>
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
---

The changes can be seen at:
https://github.com/samimujawar/edk2/tree/840_pcct_parser_v1

ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h | 24 +-
ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.h | 4
+-
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctParser.c |
494 ++++++++++++++++++++
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctParser.h |
33 ++

ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.c
| 4 +-

ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.i
nf | 4 +-
6 files changed, 558 insertions(+), 5 deletions(-)

diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h
b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h
index
f81ccac7e118378aa185db4b625e5bcd75f78347..051fdf807abb1067a264c136364
bb6d145b38dab 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h
@@ -1,7 +1,7 @@
/** @file
Header file for ACPI parser

- Copyright (c) 2016 - 2020, ARM Limited. All rights reserved.
+ Copyright (c) 2016 - 2020, Arm Limited. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/

@@ -671,6 +671,28 @@ ParseAcpiMcfg (
);

/**
+ This function parses the ACPI PCCT table including its sub-structures
+ of type 0 through 4.
+ When trace is enabled this function parses the PCCT table and traces
+ the ACPI table fields.
+
+ This function also performs validation of the ACPI table fields.
+
+ @param [in] Trace If TRUE, trace the ACPI fields.
+ @param [in] Ptr Pointer to the start of the buffer.
+ @param [in] AcpiTableLength Length of the ACPI table.
+ @param [in] AcpiTableRevision Revision of the ACPI table.
+**/
+VOID
+EFIAPI
+ParseAcpiPcct (
+ IN BOOLEAN Trace,
+ IN UINT8* Ptr,
+ IN UINT32 AcpiTableLength,
+ IN UINT8 AcpiTableRevision
+ );
+
+/**
This function parses the ACPI PPTT table.
When trace is enabled this function parses the PPTT table and
traces the ACPI table fields.
diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.h
b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.h
index
4f92596b90a6ee422d8d0959881015ffd3de4da0..19265d0b763f8a810759a2cef0
9ce2cc2d7bec03 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.h
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.h
@@ -1,7 +1,7 @@
/** @file
Header file for ACPI table parser

- Copyright (c) 2016 - 2018, ARM Limited. All rights reserved.
+ Copyright (c) 2016 - 2020, Arm Limited. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/

@@ -11,7 +11,7 @@
/**
The maximum number of ACPI table parsers.
*/
-#define MAX_ACPI_TABLE_PARSERS 16
+#define MAX_ACPI_TABLE_PARSERS 17

/** An invalid/NULL signature value.
*/
diff --git
a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctParser.c
b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctParser.c
new file mode 100644
index
0000000000000000000000000000000000000000..526cb7b79aa7aa6eee098246
00b6c7eac0ab67e2
--- /dev/null
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctPars
+++ er.c
@@ -0,0 +1,494 @@
+/** @file
+ PCCT table parser
+
+ Copyright (c) 2020, Arm Limited.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Reference(s):
+ - ACPI 6.3 Specification - January 2019 **/
+
+#include <Library/PrintLib.h>
+#include <Library/UefiLib.h>
+#include "AcpiParser.h"
+#include "AcpiView.h"
+#include "AcpiViewConfig.h"
+#include "PcctParser.h"
+
+// Local variables
+STATIC ACPI_DESCRIPTION_HEADER_INFO AcpiHdrInfo;
+
+STATIC UINT8* PccSubspaceLength;
+STATIC UINT8* PccSubspaceType;
+
+/**
+ This function validates the length coded on 4 bytes of a shared
+memory range
+
+ @param [in] Ptr Pointer to the start of the field data.
+ @param [in] Context Pointer to context specific information e.g. this
+ could be a pointer to the ACPI table header.
+**/
+STATIC
+VOID
+EFIAPI
+ValidateRangeLength4 (
+ IN UINT8* Ptr,
+ IN VOID* Context
+ )
+{
+ if (*(UINT32*)Ptr < MIN_EXT_PCC_SUBSPACE_MEM_RANGE_LEN) {
+ IncrementErrorCount ();
+ Print (
+ L"\nError: Shared memory range length is too short.\n"
+ L"Length is %u when it should be greater than or equal to %u",
+ *(UINT32*)Ptr,
+ MIN_EXT_PCC_SUBSPACE_MEM_RANGE_LEN
+ );
+ }
+}
+
+/**
+ This function validates the length coded on 8 bytes of a shared
+memory range
+
+ @param [in] Ptr Pointer to the start of the field data.
+ @param [in] Context Pointer to context specific information e.g. this
+ could be a pointer to the ACPI table header.
+**/
+STATIC
+VOID
+EFIAPI
+ValidateRangeLength8 (
+ IN UINT8* Ptr,
+ IN VOID* Context
+ )
+{
+ if (*(UINT64*)Ptr <= MIN_MEMORY_RANGE_LENGTH) {
+ IncrementErrorCount ();
+ Print (
+ L"\nError: Shared memory range length is too short.\n"
+ L"Length is %u when it should be greater than %u",
+ *(UINT64*)Ptr,
+ MIN_MEMORY_RANGE_LENGTH
+ );
+ }
+}
+
+/**
+ This function validates address space for type 0 structure.
+
+ @param [in] Ptr Pointer to the start of the field data.
+ @param [in] Context Pointer to context specific information e.g. this
+ could be a pointer to the ACPI table header.
+**/
+STATIC
+VOID
+EFIAPI
+ValidatePccType0Gas (
+ IN UINT8* Ptr,
+ IN VOID* Context
+ )
+{
+ switch (*(UINT8*)Ptr) {
+#if !(defined (MDE_CPU_ARM) || defined (MDE_CPU_AARCH64))
+ case EFI_ACPI_6_3_SYSTEM_IO:
+#endif //if not (defined (MDE_CPU_ARM) || defined (MDE_CPU_AARCH64))
Why doesn't ARM arch need this check? Is there any doc that descripts this? Just curious.

+ case EFI_ACPI_6_3_SYSTEM_MEMORY:
+ return;
+ default:
+ IncrementErrorCount ();
+ Print (L"\nError: Invalid address space");
+ }
+}
+
+/**
+ This function validates address space for structures of types other than 0.
+
+ @param [in] Ptr Pointer to the start of the field data.
+ @param [in] Context Pointer to context specific information e.g. this
+ could be a pointer to the ACPI table header.
+**/
+STATIC
+VOID
+EFIAPI
+ValidatePccGas (
+ IN UINT8* Ptr,
+ IN VOID* Context
+ )
+{
+ switch (*(UINT8*)Ptr) {
+#if !(defined (MDE_CPU_ARM) || defined (MDE_CPU_AARCH64))
+ case EFI_ACPI_6_3_SYSTEM_IO:
+#endif //if not (defined (MDE_CPU_ARM) || defined (MDE_CPU_AARCH64))
+ case EFI_ACPI_6_3_FUNCTIONAL_FIXED_HARDWARE:
+ case EFI_ACPI_6_3_SYSTEM_MEMORY:
+ return;
+ default:
+ IncrementErrorCount ();
+ Print (L"\nError: Invalid address space");
+ }
+}
This function is used for subspace type1, 2, 3 and 4. But refer the ACPI 6.3, the field for type4 is optional. If it is not supported, the field would be filled with 0x0 value. So I think we should put the type into consideration.

+
+/**
+ An ACPI_PARSER array describing the ACPI PCCT Table.
+*/
+STATIC CONST ACPI_PARSER PcctParser[] = {
+ PARSE_ACPI_HEADER (&AcpiHdrInfo),
+ {L"Flags", 4, 36, NULL, NULL, NULL, NULL, NULL},
+ {L"Reserved", 8, 40, NULL, NULL, NULL, NULL, NULL} };
+
+/**
+ An ACPI_PARSER array describing the platform communications channel
+subspace
+ structure header.
+*/
+STATIC CONST ACPI_PARSER PccSubspaceHeaderParser[] = {
+ PCC_SUBSPACE_HEADER ()
+ // ... Type Specific Fields ...
+};
+
+/**
+ An ACPI_PARSER array describing the Generic Communications Subspace -
+Type 0 */ STATIC CONST ACPI_PARSER PccSubspaceType0Parser[] = {
+ PCC_SUBSPACE_HEADER (),
+ {L"Reserved", 6, 2, L"%x %x %x %x %x %x", Dump6Chars, NULL, NULL,
+NULL},
+ {L"Base Address", 8, 8, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Memory Range Length", 8, 16, L"0x%lx", NULL, NULL,
ValidateRangeLength8,
+ NULL},
+ {L"Doorbell Register", 12, 24, NULL, DumpGas, NULL, ValidatePccType0Gas,
+ NULL},
+ {L"Doorbell Preserve", 8, 36, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Doorbell Write", 8, 44, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Nominal Latency", 4, 52, L"%u", NULL, NULL, NULL, NULL},
+ {L"Maximum Periodic Access Rate", 4, 56, L"%u", NULL, NULL, NULL,
+NULL},
+ {L"Minimum Request Turnaround Time", 2, 60, L"%u", NULL, NULL, NULL,
+NULL} };
+
+/**
+ An ACPI_PARSER array describing the HW-Reduced Communications
+Subspace
+ - Type 1
+*/
+STATIC CONST ACPI_PARSER PccSubspaceType1Parser[] = {
+ PCC_SUBSPACE_HEADER (),
+ {L"Platform Interrupt", 4, 2, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Platform Interrupt Flags", 1, 6, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Reserved", 1, 7, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Base Address", 8, 8, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Memory Range Length", 8, 16, L"0x%lx", NULL, NULL,
ValidateRangeLength8,
+ NULL},
+ {L"Doorbell Register", 12, 24, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Doorbell Preserve", 8, 36, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Doorbell Write", 8, 44, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Nominal Latency", 4, 52, L"%u", NULL, NULL, NULL, NULL},
+ {L"Maximum Periodic Access Rate", 4, 56, L"%u", NULL, NULL, NULL,
+NULL},
+ {L"Minimum Request Turnaround Time", 2, 60, L"%u", NULL, NULL, NULL,
+NULL} };
+
+/**
+ An ACPI_PARSER array describing the HW-Reduced Communications
+Subspace
+ - Type 2
+*/
+STATIC CONST ACPI_PARSER PccSubspaceType2Parser[] = {
+ PCC_SUBSPACE_HEADER (),
+ {L"Platform Interrupt", 4, 2, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Platform Interrupt Flags", 1, 6, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Reserved", 1, 7, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Base Address", 8, 8, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Memory Range Length", 8, 16, L"0x%lx", NULL, NULL,
ValidateRangeLength8,
+ NULL},
+ {L"Doorbell Register", 12, 24, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Doorbell Preserve", 8, 36, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Doorbell Write", 8, 44, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Nominal Latency", 4, 52, L"%u", NULL, NULL, NULL, NULL},
+ {L"Maximum Periodic Access Rate", 4, 56, L"%u", NULL, NULL, NULL,
+NULL},
+ {L"Minimum Request Turnaround Time", 2, 60, L"%u", NULL, NULL, NULL,
+NULL},
+ {L"Platform Interrupt Ack Register", 12, 62, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Platform Interrupt Ack Preserve", 8, 74, L"0x%lx", NULL, NULL,
+NULL, NULL},
+ {L"Platform Interrupt Ack Write", 8, 82, L"0x%lx", NULL, NULL,
+ NULL, NULL},
+};
+
+/**
+ An ACPI_PARSER array describing the Extended PCC Subspaces - Type 3/4
+*/ STATIC CONST ACPI_PARSER PccSubspaceType3Parser[] = {
+ PCC_SUBSPACE_HEADER (),
+ {L"Platform Interrupt", 4, 2, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Platform Interrupt Flags", 1, 6, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Reserved", 1, 7, L"0x%x", NULL, NULL, NULL, NULL},
+ {L"Base Address", 8, 8, L"0x%lx", NULL, NULL, NULL, NULL},
The offset definition in APCI 6.3 Table 14-368 is different. Seems it is a spec mistake.

Others are OK to me.

Thanks,
Zhichao

+ {L"Memory Range Length", 4, 16, L"0x%x", NULL, NULL,
ValidateRangeLength4,
+ NULL},
+ {L"Doorbell Register", 12, 20, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Doorbell Preserve", 8, 32, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Doorbell Write", 8, 40, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Nominal Latency", 4, 48, L"%u", NULL, NULL, NULL, NULL},
+ {L"Maximum Periodic Access Rate", 4, 52, L"%u", NULL, NULL, NULL,
+NULL},
+ {L"Minimum Request Turnaround Time", 4, 56, L"%u", NULL, NULL, NULL,
+NULL},
+ {L"Platform Interrupt Ack Register", 12, 60, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Platform Interrupt Ack Preserve", 8, 72, L"0x%lx", NULL, NULL,
+NULL, NULL},
+ {L"Platform Interrupt Ack Set", 8, 80, L"0x%lx", NULL, NULL, NULL,
+NULL},
+ {L"Reserved", 8, 88, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Cmd Complete Check Reg Addr", 12, 96, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Cmd Complete Check Mask", 8, 108, L"0x%lx", NULL, NULL, NULL,
+NULL},
+ {L"Cmd Update Reg Addr", 12, 116, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Cmd Update Preserve mask", 8, 128, L"0x%lx", NULL, NULL, NULL,
+NULL},
+ {L"Cmd Update Set mask", 8, 136, L"0x%lx", NULL, NULL, NULL, NULL},
+ {L"Error Status Register", 12, 144, NULL, DumpGas, NULL,
+ ValidatePccGas, NULL},
+ {L"Error Status Mask", 8, 156, L"0x%lx", NULL, NULL, NULL, NULL}, };
+
+/**
+ This function parses the PCC Subspace type 0.
+
+ @param [in] Ptr Pointer to the start of Subspace Structure.
+ @param [in] Length Length of the Subspace Structure.
+**/
+STATIC
+VOID
+DumpPccSubspaceType0 (
+ IN UINT8* Ptr,
+ IN UINT8 Length
+ )
+{
+ ParseAcpi (
+ TRUE,
+ 2,
+ "Subspace Type 0",
+ Ptr,
+ Length,
+ PARSER_PARAMS (PccSubspaceType0Parser)
+ );
+}
+
+/**
+ This function parses the PCC Subspace type 1.
+
+ @param [in] Ptr Pointer to the start of the Subspace Structure.
+ @param [in] Length Length of the Subspace Structure.
+**/
+STATIC
+VOID
+DumpPccSubspaceType1 (
+ IN UINT8* Ptr,
+ IN UINT8 Length
+ )
+{
+ ParseAcpi (
+ TRUE,
+ 2,
+ "Subspace Type 1",
+ Ptr,
+ Length,
+ PARSER_PARAMS (PccSubspaceType1Parser)
+ );
+}
+
+/**
+ This function parses the PCC Subspace type 2.
+
+ @param [in] Ptr Pointer to the start of the Subspace Structure.
+ @param [in] Length Length of the Subspace Structure.
+**/
+STATIC
+VOID
+DumpPccSubspaceType2 (
+ IN UINT8* Ptr,
+ IN UINT8 Length
+ )
+{
+ ParseAcpi (
+ TRUE,
+ 2,
+ "Subspace Type 2",
+ Ptr,
+ Length,
+ PARSER_PARAMS (PccSubspaceType2Parser)
+ );
+}
+
+/**
+ This function parses the PCC Subspace type 3.
+
+ @param [in] Ptr Pointer to the start of the Subspace Structure.
+ @param [in] Length Length of the Subspace Structure.
+**/
+STATIC
+VOID
+DumpPccSubspaceType3 (
+ IN UINT8* Ptr,
+ IN UINT8 Length
+ )
+{
+ ParseAcpi (
+ TRUE,
+ 2,
+ "Subspace Type 3",
+ Ptr,
+ Length,
+ PARSER_PARAMS (PccSubspaceType3Parser)
+ );
+}
+
+/**
+ This function parses the PCC Subspace type 4.
+
+ @param [in] Ptr Pointer to the start of the Subspace Structure.
+ @param [in] Length Length of the Subspace Structure.
+**/
+STATIC
+VOID
+DumpPccSubspaceType4 (
+ IN UINT8* Ptr,
+ IN UINT8 Length
+ )
+{
+ ParseAcpi (
+ TRUE,
+ 2,
+ "Subspace Type 4",
+ Ptr,
+ Length,
+ PARSER_PARAMS (PccSubspaceType3Parser)
+ );
+}
+
+/**
+ This function parses the ACPI PCCT table including its sub-structures
+ of type 0 through 4.
+ When trace is enabled this function parses the PCCT table and
+ traces the ACPI table fields.
+
+ This function also performs validation of the ACPI table fields.
+
+ @param [in] Trace If TRUE, trace the ACPI fields.
+ @param [in] Ptr Pointer to the start of the buffer.
+ @param [in] AcpiTableLength Length of the ACPI table.
+ @param [in] AcpiTableRevision Revision of the ACPI table.
+**/
+VOID
+EFIAPI
+ParseAcpiPcct (
+ IN BOOLEAN Trace,
+ IN UINT8* Ptr,
+ IN UINT32 AcpiTableLength,
+ IN UINT8 AcpiTableRevision
+ )
+{
+ UINT32 Offset;
+ UINT8* PccSubspacePtr;
+ UINTN SubspaceCount;
+
+ if (!Trace) {
+ return;
+ }
+
+ Offset = ParseAcpi (
+ TRUE,
+ 0,
+ "PCCT",
+ Ptr,
+ AcpiTableLength,
+ PARSER_PARAMS (PcctParser)
+ );
+
+ PccSubspacePtr = Ptr + Offset;
+
+ SubspaceCount = 0;
+ while (Offset < AcpiTableLength) {
+ // Parse common structure header to obtain Type and Length.
+ ParseAcpi (
+ FALSE,
+ 0,
+ NULL,
+ PccSubspacePtr,
+ AcpiTableLength - Offset,
+ PARSER_PARAMS (PccSubspaceHeaderParser)
+ );
+
+ // Check if the values used to control the parsing logic have been
+ // successfully read.
+ if ((PccSubspaceType == NULL) ||
+ (PccSubspaceLength == NULL)) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Insufficient remaining table buffer length to read the " \
+ L"structure header. Length = %u.\n",
+ AcpiTableLength - Offset
+ );
+ return;
+ }
+
+ // Validate Structure length
+ if ((*PccSubspaceLength == 0) ||
+ ((Offset + (*PccSubspaceLength)) > AcpiTableLength)) {
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Invalid Structure length. " \
+ L"Length = %u. Offset = %u. AcpiTableLength = %u.\n",
+ *PccSubspaceLength,
+ Offset,
+ AcpiTableLength
+ );
+ return;
+ }
+
+ switch (*PccSubspaceType) {
+ case EFI_ACPI_6_3_PCCT_SUBSPACE_TYPE_GENERIC:
+ DumpPccSubspaceType0 (
+ PccSubspacePtr,
+ *PccSubspaceLength
+ );
+ break;
+ case
EFI_ACPI_6_3_PCCT_SUBSPACE_TYPE_1_HW_REDUCED_COMMUNICATIONS:
+ DumpPccSubspaceType1 (
+ PccSubspacePtr,
+ *PccSubspaceLength
+ );
+ break;
+ case
EFI_ACPI_6_3_PCCT_SUBSPACE_TYPE_2_HW_REDUCED_COMMUNICATIONS:
+ DumpPccSubspaceType2 (
+ PccSubspacePtr,
+ *PccSubspaceLength
+ );
+ break;
+ case EFI_ACPI_6_3_PCCT_SUBSPACE_TYPE_3_EXTENDED_PCC:
+ DumpPccSubspaceType3 (
+ PccSubspacePtr,
+ *PccSubspaceLength
+ );
+ break;
+ case EFI_ACPI_6_3_PCCT_SUBSPACE_TYPE_4_EXTENDED_PCC:
+ DumpPccSubspaceType4 (
+ PccSubspacePtr,
+ *PccSubspaceLength
+ );
+ break;
+ default:
+ IncrementErrorCount ();
+ Print (
+ L"ERROR: Unknown PCC subspace structure:"
+ L" Type = %u, Length = %u\n",
+ PccSubspaceType,
+ *PccSubspaceLength
+ );
+ }
+
+ PccSubspacePtr += *PccSubspaceLength;
+ Offset += *PccSubspaceLength;
+ SubspaceCount++;
+ } // while
+
+ if (SubspaceCount > MAX_PCC_SUBSPACES) {
+ IncrementErrorCount ();
+ Print (L"ERROR: Too many PCC subspaces.");
+ }
+}
diff --git
a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctParser.h
b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctParser.h
new file mode 100644
index
0000000000000000000000000000000000000000..278dc83c5de8860cbb2b1e2b2
e277aa7c6c58698
--- /dev/null
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pcct/PcctPars
+++ er.h
@@ -0,0 +1,33 @@
+/** @file
+ Header file for PCCT parser
+
+ Copyright (c) 2020, Arm Limited.
+ SPDX-License-Identifier: BSD-2-Clause-Patent **/
+
+#ifndef PCCT_PARSER_H_
+#define PCCT_PARSER_H_
+
+/**
+ Minimum value for the 'length' field in subspaces of types 0, 1 and 2.
+*/
+#define MIN_MEMORY_RANGE_LENGTH 8
+
+/**
+ Minimum value for the 'length' field in subspaces of types 3 and 4.
+*/
+#define MIN_EXT_PCC_SUBSPACE_MEM_RANGE_LEN 16
+
+/**
+ Maximum number of PCC subspaces.
+*/
+#define MAX_PCC_SUBSPACES 256
+
+/**
+ Parser for the header of any type of PCC subspace.
+*/
+#define PCC_SUBSPACE_HEADER() \
+ {L"Type", 1, 0, L"0x%x", NULL, (VOID**)&PccSubspaceType, NULL, NULL}, \
+ {L"Length", 1, 1, L"%u", NULL, (VOID**)&PccSubspaceLength, NULL,
+NULL}
+
+#endif // PCCT_PARSER_H_
diff --git
a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLi
b.c
b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLi
b.c
index
d2f26ff89f12e596702281c38ab0de3729aa68e4..feb80661cddc420670edb2d8c7a
570b0a89272d8 100644
---
a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLi
b.c
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewComm
+++ andLib.c
@@ -1,7 +1,7 @@
/** @file
Main file for 'acpiview' Shell command function.

- Copyright (c) 2016 - 2020, ARM Limited. All rights reserved.<BR>
+ Copyright (c) 2016 - 2020, Arm Limited. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent **/

@@ -57,6 +57,8 @@ ACPI_TABLE_PARSER ParserList[] = {
{EFI_ACPI_6_2_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE,
ParseAcpiMadt},

{EFI_ACPI_6_2_PCI_EXPRESS_MEMORY_MAPPED_CONFIGURATION_SPACE_BA
SE_ADDRESS_DESCRIPTION_TABLE_SIGNATURE,
ParseAcpiMcfg},
+
{EFI_ACPI_6_2_PLATFORM_COMMUNICATIONS_CHANNEL_TABLE_SIGNATURE,
+ ParseAcpiPcct},

{EFI_ACPI_6_2_PROCESSOR_PROPERTIES_TOPOLOGY_TABLE_STRUCTURE_SIGN
ATURE,
ParseAcpiPptt},
{RSDP_TABLE_INFO, ParseAcpiRsdp},
diff --git
a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLi
b.inf
b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLi
b.inf
index
91459f9ec632635ee453c5ef46f67445cd9eee0c..efa9c8784a6670e5a4f500e0ae5
59a4938852f95 100644
---
a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLi
b.inf
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewComm
+++ andLib.inf
@@ -1,7 +1,7 @@
## @file
# Provides Shell 'acpiview' command functions # -# Copyright (c) 2016 - 2020,
ARM Limited. All rights reserved.<BR>
+# Copyright (c) 2016 - 2020, Arm Limited. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -37,6 +37,8 @@
[Sources.common]
Parsers/Madt/MadtParser.c
Parsers/Madt/MadtParser.h
Parsers/Mcfg/McfgParser.c
+ Parsers/Pcct/PcctParser.c
+ Parsers/Pcct/PcctParser.h
Parsers/Pptt/PpttParser.c
Parsers/Pptt/PpttParser.h
Parsers/Rsdp/RsdpParser.c
--
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'



Re: [PATCH 2/2] SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuid

Yao, Jiewen
 

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Qi Zhang
Sent: Tuesday, September 15, 2020 2:21 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
Wang, Jian J <jian.j.wang@intel.com>
Subject: [edk2-devel] [PATCH 2/2] SecurityPkg/PeiTpmMeasurementLib: remove
gEfiTpmDeviceSelectedGuid

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2963

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
.../Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git
a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
index 6625d0fd01..be5e344d7f 100644
--- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
@@ -46,5 +46,4 @@
gEdkiiTcgPpiGuid ## CONSUMES



[Depex]

- gEfiPeiMasterBootModePpiGuid AND

- gEfiTpmDeviceSelectedGuid

+ gEfiPeiMasterBootModePpiGuid

--
2.26.2.windows.1


-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#65258): https://edk2.groups.io/g/devel/message/65258
Mute This Topic: https://groups.io/mt/76859555/1772286
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
-=-=-=-=-=-=


Re: [PATCH 1/2] IntelFsp2WrapperPkg: remove gPeiTpmInitializationDonePpiGuid from Depex

Chiu, Chasel
 

Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>

-----Original Message-----
From: Zhang, Qi1 <qi1.zhang@intel.com>
Sent: Tuesday, September 15, 2020 2:21 PM
To: devel@edk2.groups.io
Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>;
Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star
<star.zeng@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: [PATCH 1/2] IntelFsp2WrapperPkg: remove
gPeiTpmInitializationDonePpiGuid from Depex

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2963

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf | 3 +--
IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
index c3578397b6..00166e56a0 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
@@ -73,5 +73,4 @@
gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ##
PRODUCES [Depex]- gEfiPeiMasterBootModePpiGuid AND-
gPeiTpmInitializationDonePpiGuid+ gEfiPeiMasterBootModePpiGuiddiff
--git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
index 884514747f..aeeca58d6d 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
@@ -77,5 +77,4 @@
FspsWrapperPeim.c [Depex]- gEfiPeiMemoryDiscoveredPpiGuid AND-
gPeiTpmInitializationDonePpiGuid+ gEfiPeiMemoryDiscoveredPpiGuid--
2.26.2.windows.1


回复: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

gaoliming
 

I think SECURE_BOOT_ENABLE flag is fine. It controls more security related
features. And, this flag is also used in OVMF DSC.

So, this change is good to me. Reviewed-by: Liming Gao
<gaoliming@byosoft.com.cn>

Ray, Andrew: have you any other comment?

Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+65013+4905953+8761045@groups.io
<bounce+27952+65013+4905953+8761045@groups.io> 代表 Wadhawan,
Divneil R
发送时间: 2020年9月4日 2:17
收件人: devel@edk2.groups.io
抄送: Ni, Ray <ray.ni@intel.com>; Andrew Fish (afish@apple.com)
<afish@apple.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Kinney,
Michael D <michael.d.kinney@intel.com>; Wadhawan, Divneil R
<divneil.r.wadhawan@intel.com>
主题: [edk2-devel] [PATCH] EmulatorPkg: Enable support for Secure Boot

SECURE_BOOT_ENABLE feature flag is introduced to enable Secure Boot.
The following gets enabled with this patch:
o Secure Boot Menu in "Device Manager" for enrolling keys
o Storage space for Authenticated Variables
o Authenticated execution of 3rd party images

Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com>
---
EmulatorPkg/EmulatorPkg.dsc | 40
+++++++++++++++++++++++++++++++++++--
EmulatorPkg/EmulatorPkg.fdf | 21 +++++++++++++++----
2 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 86a6271735..6591c3e824 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -32,6 +32,7 @@
DEFINE NETWORK_TLS_ENABLE = FALSE
DEFINE NETWORK_HTTP_BOOT_ENABLE = FALSE
DEFINE NETWORK_ISCSI_ENABLE = FALSE
+ DEFINE SECURE_BOOT_ENABLE = FALSE

[SkuIds]
0|DEFAULT
@@ -106,12 +107,20 @@
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf

CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNu
ll/CpuExceptionHandlerLibNull.inf

TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/Tpm
MeasurementLibNull.inf
-
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
bNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf

+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecur
eLibNull.inf
+
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ !else
+
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLi
bNull.inf
+ !endif
+
[LibraryClasses.common.SEC]

PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -162,7 +171,20 @@
TimerLib|EmulatorPkg/Library/DxeCoreTimerLib/DxeCoreTimerLib.inf
EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf

-[LibraryClasses.common.DXE_RUNTIME_DRIVER,
LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_DRIVER,
LibraryClasses.common.UEFI_APPLICATION]
+[LibraryClasses.common.DXE_DRIVER]
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
yAllocationLib.inf
+
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
eportStatusCodeLib.inf
+ EmuThunkLib|EmulatorPkg/Library/DxeEmuLib/DxeEmuLib.inf
+
PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
EmuPeCoffExtraActionLib.inf
+
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
eportStatusCodeLib.inf
+ TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ !endif
+
+[LibraryClasses.common.DXE_RUNTIME_DRIVER,
LibraryClasses.common.UEFI_DRIVER,
LibraryClasses.common.UEFI_APPLICATION]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf

MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemor
yAllocationLib.inf
@@ -171,6 +193,9 @@

PeCoffExtraActionLib|EmulatorPkg/Library/DxeEmuPeCoffExtraActionLib/Dxe
EmuPeCoffExtraActionLib.inf

ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeR
eportStatusCodeLib.inf
TimerLib|EmulatorPkg/Library/DxeTimerLib/DxeTimerLib.inf
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+ !endif

[PcdsFeatureFlag]
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE
@@ -190,6 +215,10 @@
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareFdSize|0x002a0000
gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareBlockSize|0x10000

gEmulatorPkgTokenSpaceGuid.PcdEmuFirmwareVolume|L"../FV/FV_RECOVE
RY.fd"
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+ !endif

gEmulatorPkgTokenSpaceGuid.PcdEmuMemorySize|L"64!64"

@@ -315,6 +344,13 @@
EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
EmulatorPkg/TimerDxe/Timer.inf

+ !if $(SECURE_BOOT_ENABLE) == TRUE
+
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
xe.inf
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i
nf
+ }
+ !endif

MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
{
<LibraryClasses>
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 295f6f1db8..4bf592e778 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -46,10 +46,16 @@ DATA = {
# Blockmap[1]: End
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
## This is the VARIABLE_STORE_HEADER
- #Signature: gEfiVariableGuid =
- # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f,
0xfe, 0x7d }}
- 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
- 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !if $(SECURE_BOOT_ENABLE) == FALSE
+ #Signature: gEfiVariableGuid =
+ # { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70,
0x7f,
0xfe, 0x7d }}
+ 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
+ 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+ !else
+ # Signature: gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b,
0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+ 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+ !endif
#Size: 0xc000
(gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48
(size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
# This can speed up the Variable Dispatch a bit.
0xB8, 0xBF, 0x00, 0x00,
@@ -186,6 +192,13 @@ INF RuleOverride = UI
MdeModulePkg/Application/UiApp/UiApp.inf
INF
MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.i
nf
INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf

+#
+# Secure Boot Key Enroll
+#
+!if $(SECURE_BOOT_ENABLE) == TRUE
+INF
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
xe.inf
+!endif
+
#
# Network stack drivers
#
--
2.24.1.windows.2


Re: [PATCH v6 00/14] Add the VariablePolicy feature

Bret Barkelew
 

Ha! I was *just* about to click the button to send the patch again. Glad you found it.

Let me know if you have any questions!

 

- Bret

 

From: Yao, Jiewen
Sent: Tuesday, September 15, 2020 6:44 PM
To: gaoliming; devel@edk2.groups.io; Bret Barkelew; Wang, Jian J; bret@...; Bi, Dandan
Cc: Wu, Hao A; liming.gao; Justen, Jordan L; 'Laszlo Ersek'; 'Ard Biesheuvel'; 'Andrew Fish'; Ni, Ray
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Got it. Thanks!

 

From: gaoliming <gaoliming@...>
Sent: Wednesday, September 16, 2020 9:37 AM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>; bret.barkelew@...; Wang, Jian J <jian.j.wang@...>; bret@...; Bi, Dandan <dandan.bi@...>
Cc: Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; 'Laszlo Ersek' <lersek@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>; 'Andrew Fish' <afish@...>; Ni, Ray <ray.ni@...>
Subject: 回复: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Jiewen:

 I just forward the patch to your email address. Another way is to find the mail in web https://edk2.groups.io/g/devel/messages

 

Thanks

Liming

发件人: bounce+27952+65298+4905953+8761045@groups.io <bounce+27952+65298+4905953+8761045@groups.io> 代表 Yao, Jiewen
发送时间: 2020916 9:05
收件人: devel@edk2.groups.io; gaoliming@...; bret.barkelew@...; Wang, Jian J <jian.j.wang@...>; bret@...; Bi, Dandan <dandan.bi@...>
抄送: Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; 'Laszlo Ersek' <lersek@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>; 'Andrew Fish' <afish@...>; Ni, Ray <ray.ni@...>
主题: Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Hi Bret/Liming

I checked my email and found that I have 9/14, 10/14, then 12/14, 13/14.

I don’t have 11/14 in my mailbox. That’s weird and embarrassing.

 

Could any of you forward 11/14 to me, so that I can review?

I apologize for the inconvenience.

 

Thank you

Yao Jiewen

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Wednesday, September 16, 2020 8:55 AM
To: devel@edk2.groups.io; bret.barkelew@...; Wang, Jian J <jian.j.wang@...>; bret@...; Bi, Dandan <dandan.bi@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; 'Laszlo Ersek' <lersek@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>; 'Andrew Fish' <afish@...>; Ni, Ray <ray.ni@...>
Subject: 回复: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Bret:

 Patch 06 is for EmulatorPkg. Ray, Andrew are also the reviewers for this package.

 

Patch 11 is for SecurityPkg. Jian and Jiewen are the reviewer for this package.

 

Thanks

Liming

发件人: bounce+27952+65284+4905953+8761045@groups.io <bounce+27952+65284+4905953+8761045@groups.io> 代表 Bret Barkelew via groups.io
发送时间: 2020916 4:51
收件人: Wang, Jian J <jian.j.wang@...>; devel@edk2.groups.io; bret@...; Bi, Dandan <dandan.bi@...>
抄送: Yao, Jiewen <jiewen.yao@...>; Wu, Hao A <hao.a.wu@...>; liming.gao <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
主题: Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Thanks for the update, Jian. Dandan has submitted RBs on another thread.

 

That leaves patches 06 and 11.

 

Next up, Jordan Justen. How’s it going, Jordan. We’ve never spoken directly (to my knowledge) and that’s a shame.

If you had to eat a single food for the rest of your life, what would it be and can I have a Reviewed-by?

Keep in mind that you probably don’t want it to be particularly strong flavors; it’s going to get disgusting eventually.

I’d probably go with some simple red beans and rice or something.

 

- Bret

 

From: Wang, Jian J
Sent: Sunday, September 13, 2020 11:42 PM
To: Bret Barkelew; devel@edk2.groups.io; bret@...; Bi, Dandan
Cc: Yao, Jiewen; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Hi Bret,

 

Sorry to hear the Seattle’s situation. I’ve been there for several times and love the city very much. Hope everything goes back normal soon.

 

And sorry for slow response. This patch series have been delegated to Dandan to review by Liming. She has completed security review from Intel perspective, and given back comments to you. It seems that you forgot to include her in the CC-list. Sorry I didn’t notice it and told her to do review in time. She’ll give comments ASAP.

 

Since MdeModulePkg is a huge package, I cannot do detail review for each patch for this package. And we have already modules reviewers designated . I think, usually, they should do the detailed review first. The package maintainer will do gate-keeper works as the last step. Correct me if any misunderstanding here.

 

Removed Chao from cc-list (his email is not valid) and added Dandan in loop.

 

Regards,

Jian

 

From: Bret Barkelew <Bret.Barkelew@...>
Sent: Friday, September 11, 2020 11:18 PM
To: devel@edk2.groups.io; bret@...; Wang, Jian J <jian.j.wang@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Zhang, Chao B <chao.b.zhang@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

11 Days to go. I will single out an email every day…

 

Jian, today is your day.

How’s it going? Life good? Yeah, I know. Things are crazy here, too. Seattle is covered in smoke.

You know what would brighten things up, though? A nice “reviewed by”.

 

- Bret

 

From: Bret Barkelew via groups.io
Sent: Tuesday, September 8, 2020 3:20 PM
To: devel@edk2.groups.io; bret@...
Cc: Yao, Jiewen; Zhang, Chao B; Wang, Jian J; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray; liming.gao
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Now that 2008 is labelled and everyone can take a breather… I still need reviews on the following patches (v7)…

Patch(es) 01, 02, 03,06,09,10,11,12,13,14

 

As such, the following email addresses may or may not be subscribed to CatFacts™ within the next 14 days if I get no responses:

Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Andrew Fish <afish@...>
Cc: Ray Ni <ray.ni@...>

Cc: Jiewen Yao <jiewen.yao@...>

Cc: Chao Zhang <chao.b.zhang@...>

 

May God have mercy on your inboxes.

 

- Bret

 

 

 

 


Re: [PATCH v6 00/14] Add the VariablePolicy feature

Yao, Jiewen
 

Got it. Thanks!

 

From: gaoliming <gaoliming@...>
Sent: Wednesday, September 16, 2020 9:37 AM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>; bret.barkelew@...; Wang, Jian J <jian.j.wang@...>; bret@...; Bi, Dandan <dandan.bi@...>
Cc: Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; 'Laszlo Ersek' <lersek@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>; 'Andrew Fish' <afish@...>; Ni, Ray <ray.ni@...>
Subject: 回复: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Jiewen:

 I just forward the patch to your email address. Another way is to find the mail in web https://edk2.groups.io/g/devel/messages

 

Thanks

Liming

发件人: bounce+27952+65298+4905953+8761045@groups.io <bounce+27952+65298+4905953+8761045@groups.io> 代表 Yao, Jiewen
发送时间: 2020916 9:05
收件人: devel@edk2.groups.io; gaoliming@...; bret.barkelew@...; Wang, Jian J <jian.j.wang@...>; bret@...; Bi, Dandan <dandan.bi@...>
抄送: Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; 'Laszlo Ersek' <lersek@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>; 'Andrew Fish' <afish@...>; Ni, Ray <ray.ni@...>
主题: Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Hi Bret/Liming

I checked my email and found that I have 9/14, 10/14, then 12/14, 13/14.

I don’t have 11/14 in my mailbox. That’s weird and embarrassing.

 

Could any of you forward 11/14 to me, so that I can review?

I apologize for the inconvenience.

 

Thank you

Yao Jiewen

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Wednesday, September 16, 2020 8:55 AM
To: devel@edk2.groups.io; bret.barkelew@...; Wang, Jian J <jian.j.wang@...>; bret@...; Bi, Dandan <dandan.bi@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; 'Laszlo Ersek' <lersek@...>; 'Ard Biesheuvel' <ard.biesheuvel@...>; 'Andrew Fish' <afish@...>; Ni, Ray <ray.ni@...>
Subject: 回复: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Bret:

 Patch 06 is for EmulatorPkg. Ray, Andrew are also the reviewers for this package.

 

Patch 11 is for SecurityPkg. Jian and Jiewen are the reviewer for this package.

 

Thanks

Liming

发件人: bounce+27952+65284+4905953+8761045@groups.io <bounce+27952+65284+4905953+8761045@groups.io> 代表 Bret Barkelew via groups.io
发送时间: 2020916 4:51
收件人: Wang, Jian J <jian.j.wang@...>; devel@edk2.groups.io; bret@...; Bi, Dandan <dandan.bi@...>
抄送: Yao, Jiewen <jiewen.yao@...>; Wu, Hao A <hao.a.wu@...>; liming.gao <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
主题: Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Thanks for the update, Jian. Dandan has submitted RBs on another thread.

 

That leaves patches 06 and 11.

 

Next up, Jordan Justen. How’s it going, Jordan. We’ve never spoken directly (to my knowledge) and that’s a shame.

If you had to eat a single food for the rest of your life, what would it be and can I have a Reviewed-by?

Keep in mind that you probably don’t want it to be particularly strong flavors; it’s going to get disgusting eventually.

I’d probably go with some simple red beans and rice or something.

 

- Bret

 

From: Wang, Jian J
Sent: Sunday, September 13, 2020 11:42 PM
To: Bret Barkelew; devel@edk2.groups.io; bret@...; Bi, Dandan
Cc: Yao, Jiewen; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Hi Bret,

 

Sorry to hear the Seattle’s situation. I’ve been there for several times and love the city very much. Hope everything goes back normal soon.

 

And sorry for slow response. This patch series have been delegated to Dandan to review by Liming. She has completed security review from Intel perspective, and given back comments to you. It seems that you forgot to include her in the CC-list. Sorry I didn’t notice it and told her to do review in time. She’ll give comments ASAP.

 

Since MdeModulePkg is a huge package, I cannot do detail review for each patch for this package. And we have already modules reviewers designated . I think, usually, they should do the detailed review first. The package maintainer will do gate-keeper works as the last step. Correct me if any misunderstanding here.

 

Removed Chao from cc-list (his email is not valid) and added Dandan in loop.

 

Regards,

Jian

 

From: Bret Barkelew <Bret.Barkelew@...>
Sent: Friday, September 11, 2020 11:18 PM
To: devel@edk2.groups.io; bret@...; Wang, Jian J <jian.j.wang@...>
Cc: Yao, Jiewen <jiewen.yao@...>; Zhang, Chao B <chao.b.zhang@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Gao, Liming <liming.gao@...>; Justen, Jordan L <jordan.l.justen@...>; Laszlo Ersek <lersek@...>; Ard Biesheuvel <ard.biesheuvel@...>; Andrew Fish <afish@...>; Ni, Ray <ray.ni@...>
Subject: RE: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

11 Days to go. I will single out an email every day…

 

Jian, today is your day.

How’s it going? Life good? Yeah, I know. Things are crazy here, too. Seattle is covered in smoke.

You know what would brighten things up, though? A nice “reviewed by”.

 

- Bret

 

From: Bret Barkelew via groups.io
Sent: Tuesday, September 8, 2020 3:20 PM
To: devel@edk2.groups.io; bret@...
Cc: Yao, Jiewen; Zhang, Chao B; Wang, Jian J; Wu, Hao A; liming.gao; Justen, Jordan L; Laszlo Ersek; Ard Biesheuvel; Andrew Fish; Ni, Ray; liming.gao
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v6 00/14] Add the VariablePolicy feature

 

Now that 2008 is labelled and everyone can take a breather… I still need reviews on the following patches (v7)…

Patch(es) 01, 02, 03,06,09,10,11,12,13,14

 

As such, the following email addresses may or may not be subscribed to CatFacts™ within the next 14 days if I get no responses:

Cc: Jian J Wang <jian.j.wang@...>
Cc: Hao A Wu <hao.a.wu@...>
Cc: Liming Gao <liming.gao@...>

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Andrew Fish <afish@...>
Cc: Ray Ni <ray.ni@...>

Cc: Jiewen Yao <jiewen.yao@...>

Cc: Chao Zhang <chao.b.zhang@...>

 

May God have mercy on your inboxes.

 

- Bret

 

 

 


回复: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

gaoliming
 

I normally check Maintainers.txt and make sure each patch get the review from package maintainer or package reviewer.

 

Thanks

Liming

发件人: Matthew Carlson <matthewfcarlson@...>
发送时间: 2020916 9:00
收件人: gaoliming <gaoliming@...>; devel@edk2.groups.io; macarl@...
主题: RE: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

 

Thanks Liming!

 

Is there an easy way to check if all the patches have reviewed-by from maintainers?

 

I can confirm that each patch (now that you’ve given a reviewed by for Patch 1 & 2) has a reviewed by and some have a few reviewed by or acked by.

 

From: gaoliming
Sent: Tuesday, September 15, 2020 5:57 PM
To: devel@edk2.groups.io; macarl@...; Matthew Carlson
Subject:
回复: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

 

Matthew:

 I just check this patch set. All 5 patches have got reviewed-by from the package maintainer or reviewer. Can you double confirm? If yes, I will help merge them.

 

Thanks

Liming

发件人: bounce+27952+65285+4905953+8761045@groups.io <bounce+27952+65285+4905953+8761045@groups.io> 代表 Matthew Carlson via groups.io
发送时间: 2020916 6:48
收件人: Matthew Carlson <matthewfcarlson@...>; devel@edk2.groups.io
主题: Re: [edk2-devel] [PATCH v10 0/5] Use RngLib instead of TimerLib for OpensslLib

 

Just pinging this thread to see what needs to get done next. Thank you Liming for the reviewed by on the MdeModulePkg changes.

--
- Matthew Carlson

 

16901 - 16920 of 82167