|
Re: 回复: [Patch V7 3/3] MinPlatformPkg: Add SerialPortTerminalLib to suport Serial Terminal feature
Hi Chasel and Eric,
Could you help to review the patches?
Nate is on vacation now, I have fixed the bug in patch V6 Nate mentioned, I think he have no more comments.
Thanks,
Heng
toggle quoted messageShow quoted text
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
gaoliming
Sent: Tuesday, November 17, 2020 11:17 AM
To: Luo, Heng <heng.luo@intel.com>; devel@edk2.groups.io
Cc: Dong, Eric <eric.dong@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>;
Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>
Subject: [edk2-devel] 回复: [Patch V7 3/3] MinPlatformPkg: Add
SerialPortTerminalLib to suport Serial Terminal feature
Heng:
Thanks for your update. This version is good to me. Reviewed-by: Liming
Gao <gaoliming@byosoft.com.cn>
Besides, please let me know your test case for this case.
Thanks
Liming
-----邮件原件-----
发件人: Heng Luo <heng.luo@intel.com>
发送时间: 2020年11月16日 9:31
收件人: devel@edk2.groups.io
抄送: Eric Dong <eric.dong@intel.com>; Chasel Chiu
<chasel.chiu@intel.com>; Nate DeSimone
<nathaniel.l.desimone@intel.com>; Liming Gao
<gaoliming@byosoft.com.cn>
主题: [Patch V7 3/3] MinPlatformPkg: Add SerialPortTerminalLib to suport
Serial Terminal feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3014
1. Add SerialPortTerminalLib to MinPlatformPkg/Library.
2. Add SerialPortTerminalLib to BdsDxe driver, to add the serial device to
ConIn and ConOut variables
3. Include SerialDxe and TerminalDxe to CoreDxeInclude.dsc and
CoreUefiBootInclude.fdf.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Heng Luo <heng.luo@intel.com>
---
Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeInclude.dsc
| 15 +++++++++++++--
Platform/Intel/MinPlatformPkg/Include/Fdf/CoreUefiBootInclude.fdf
| 8 +++++++-
Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTerm
i
nalLib.c | 102
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++
Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTerm
i
nalLib.h | 34 ++++++++++++++++++++++++++++++++++
Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTerm
i
nalLib.inf | 40 ++++++++++++++++++++++++++++++++++++++++
5 files changed, 196 insertions(+), 3 deletions(-)
diff --git
a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeInclude.dsc
b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeInclude.dsc
index f0e578f8cc..1038a29c5c 100644
--- a/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeInclude.dsc
+++ b/Platform/Intel/MinPlatformPkg/Include/Dsc/CoreDxeInclude.dsc
@@ -1,7 +1,7 @@
## @file
# Platform description.
#
-# Copyright (c) 2017 - 2019, Intel Corporation. All rights
reserved.<BR>
+# Copyright (c) 2017 - 2020, Intel Corporation. All rights
+reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -46,7 +46,18 @@
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCount
e
rRuntimeDxe.inf
- MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+ MdeModulePkg/Universal/BdsDxe/BdsDxe.inf {
+ <LibraryClasses>
+!if gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalEnable == TRUE
+
NULL|MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTerminalLi
NULL|b.in
f
+!endif
+ }
+
+!if gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalEnable == TRUE
+ MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
+ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+!endif
+
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerD
xe.inf
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
diff --git
a/Platform/Intel/MinPlatformPkg/Include/Fdf/CoreUefiBootInclude.fdf
b/Platform/Intel/MinPlatformPkg/Include/Fdf/CoreUefiBootInclude.fdf
index 7859c0b1a5..ef4576eedf 100644
---
a/Platform/Intel/MinPlatformPkg/Include/Fdf/CoreUefiBootInclude.fdf
+++ b/Platform/Intel/MinPlatformPkg/Include/Fdf/CoreUefiBootInclude.fd
+++ f
@@ -1,7 +1,7 @@
## @file
# FDF file of Platform.
#
-# Copyright (c) 2017 - 2019, Intel Corporation. All rights
reserved.<BR>
+# Copyright (c) 2017 - 2020, Intel Corporation. All rights
+reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -26,6 +26,12 @@ INF
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
INF
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCount
e
rRuntimeDxe.inf
INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+
+!if gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalEnable == TRUE
+INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
+INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+!endif
+
INF
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerD
xe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
INF
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
diff --git
a/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.c
b/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.c
new file mode 100644
index 0000000000..66e8ee018b
--- /dev/null
+++
b/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.c
@@ -0,0 +1,102 @@
+/** @file
+ Main file for NULL named library for Serial Port Terminal
+ Redirection
library.
+
+ Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "SerialPortTerminalLib.h"
+
+GLOBAL_REMOVE_IF_UNREFERENCED SERIAL_DEVICE_PATH
mSerialDevicePath = {
+ {
+ {
+ HARDWARE_DEVICE_PATH,
+ HW_VENDOR_DP,
+ {
+ (UINT8) sizeof (VENDOR_DEVICE_PATH),
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
+ }
+ },
+ EDKII_SERIAL_PORT_LIB_VENDOR_GUID
+ },
+ {
+ {
+ MESSAGING_DEVICE_PATH,
+ MSG_UART_DP,
+ {
+ (UINT8) sizeof (UART_DEVICE_PATH),
+ (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8)
+ }
+ },
+ 0, // Reserved
+ 0, // BaudRate
+ 0, // DataBits
+ 0, // Parity
+ 0 // StopBits
+ },
+ {
+ {
+ MESSAGING_DEVICE_PATH,
+ MSG_VENDOR_DP,
+ {
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8),
+ }
+ },
+ DEVICE_PATH_MESSAGING_PC_ANSI
+ },
+ gEndEntire
+};
+
+/**
+ Updates the ConOut, ConIn, ErrOut variables with the serial
+ terminal
device path
+ @param none
+ @retval none
+**/
+VOID
+AddSerialTerminal (
+ VOID
+ )
+{
+ DEBUG ((DEBUG_INFO, "[AddSerialPortTerminal]\n"));
+
+ //
+ // Append Serial Terminal into "ConIn"
+ //
+ EfiBootManagerUpdateConsoleVariable (ConOut,
(EFI_DEVICE_PATH_PROTOCOL *) &mSerialDevicePath, NULL);
+ EfiBootManagerUpdateConsoleVariable (ConIn,
(EFI_DEVICE_PATH_PROTOCOL *) &mSerialDevicePath, NULL);
+ EfiBootManagerUpdateConsoleVariable (ErrOut,
(EFI_DEVICE_PATH_PROTOCOL *) &mSerialDevicePath, NULL);
+}
+
+
+/**
+ Constructor for the Serial Port Device controller library.
+
+ @param ImageHandle the image handle of the process
+ @param SystemTable the EFI System Table pointer
+
+ @retval EFI_SUCCESS the shell command handlers were
installed sucessfully
+ @retval EFI_UNSUPPORTED the shell level required was not found.
+**/
+EFI_STATUS
+EFIAPI
+SerialPortTerminalLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ mSerialDevicePath.Uart.BaudRate = PcdGet64(PcdUartDefaultBaudRate);
+ mSerialDevicePath.Uart.DataBits = PcdGet8(PcdUartDefaultDataBits);
+ mSerialDevicePath.Uart.Parity = PcdGet8(PcdUartDefaultParity);
+ mSerialDevicePath.Uart.StopBits = PcdGet8(PcdUartDefaultStopBits);
+ DEBUG ((DEBUG_INFO, "[SerialPortTerminalLibConstructor]
[%d, %d, %d, %d]\n",
+ mSerialDevicePath.Uart.BaudRate,
+ mSerialDevicePath.Uart.DataBits,
+ mSerialDevicePath.Uart.Parity,
+ mSerialDevicePath.Uart.StopBits));
+
+ AddSerialTerminal();
+
+ return EFI_SUCCESS;
+}
diff --git
a/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.h
b/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.h
new file mode 100644
index 0000000000..bfa73cca7d
--- /dev/null
+++
b/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.h
@@ -0,0 +1,34 @@
+/** @file
+ Header file for NULL named library for for Serial Port Terminal Redirection
library.
+
+ Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _SERIAL_PORT_TERMINAL_LIB_H_
+#define _SERIAL_PORT_TERMINAL_LIB_H_
+
+#include <Uefi.h>
+#include <Guid/SerialPortLibVendor.h>
+#include <Library/UefiLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiBootManagerLib.h>
+
+//
+// Below is the platform console device path
+//
+typedef struct {
+ VENDOR_DEVICE_PATH Guid;
+ UART_DEVICE_PATH Uart;
+ VENDOR_DEVICE_PATH TerminalType;
+ EFI_DEVICE_PATH_PROTOCOL End;
+} SERIAL_DEVICE_PATH;
+
+#define gEndEntire \
+ { \
+ END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE,
{ END_DEVICE_PATH_LENGTH, 0 } \
+ }
+
+#endif
diff --git
a/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.inf
b/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.inf
new file mode 100644
index 0000000000..2d95fe79f2
--- /dev/null
+++
b/Platform/Intel/MinPlatformPkg/Library/SerialPortTerminalLib/SerialPortTer
minalLib.inf
@@ -0,0 +1,40 @@
+## @file
+# Component information file for Serial Port Terminal Redirection
+Library
+#
+# INTEL CONFIDENTIAL
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+[Defines]
+ INF_VERSION = 0x00010006
+ BASE_NAME = SerialPortTerminalLib
+ FILE_GUID =
E12BFA46-95F2-4ADC-9774-7E38DE78741E
+ MODULE_TYPE = UEFI_DRIVER
+ VERSION_STRING = 1.2
+ LIBRARY_CLASS = NULL|UEFI_DRIVER DXE_DRIVER
DXE_RUNTIME_DRIVER
+ CONSTRUCTOR =
SerialPortTerminalLibConstructor
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ BoardModulePkg/BoardModulePkg.dec
+ MinPlatformPkg/MinPlatformPkg.dec
+
+[Sources]
+ SerialPortTerminalLib.c
+ SerialPortTerminalLib.h
+
+[LibraryClasses]
+ DevicePathLib
+ DebugLib
+ UefiDriverEntryPoint
+ UefiBootManagerLib
+ UefiLib
+
+[Pcd]
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits
--
2.24.0.windows.2
|
|
|
Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku
Sure. It seems Liming already approves it.
I will wait one more day to see if there is any other objection from the people in different time zone.
At mean time, I need your help to double confirm that, this patch can be merged without any CI error. So, please try Pull-Request by yourself and make sure it pass all CI checks.
I have some bad experience that CI error occurs finally, which prevent me from committing. Then we have to go back ask original submitter to fix and generate patch again. It may cause delay and miss the timeline.
Thank you
Yao Jiewen
toggle quoted messageShow quoted text
From: Kun Qin <kun.q@...>
Sent: Monday, November 23, 2020 9:17 AM
To: Yao, Jiewen <jiewen.yao@...>; gaoliming <gaoliming@...>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>
Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku
Hi Jiewen,
It will be great if you could help me merging in this fix. Please let me know if you need anything else from me to have it merged.
Thanks,
Kun
I can help to merge if it is approved.
I will add reviewed-by tag when I merge it.
Thank you
Yao Jiewen
Hi Liming,
It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host
provider available to service this request". Please let me know if you have any suggestions.
Thanks,
Kun
Kun:
This is a bug fix. It passed code review. Do you request to merge it for
this stable tag 202011?
Thanks
Liming
> -----邮件原件-----
> 发件人:
bounce+27952+67567+4905953+8761045@groups.io
> <bounce+27952+67567+4905953+8761045@groups.io>
代表 Yao, Jiewen
> 发送时间: 2020年11月14日
8:32
> 收件人: Kun Qin <kun.q@...>;
devel@edk2.groups.io
> 抄送: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX
> <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; Yao,
> Jiewen <jiewen.yao@...>
> 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer
> double free in CryptPkcs7VerifyEku
>
> Sorry, I missed this email.
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@...>
>
>
> > -----Original Message-----
> > From: Kun Qin <kun.q@...>
> > Sent: Wednesday, October 21, 2020 10:32 AM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX
> > <xiaoyux.lu@...>; Yao, Jiewen <jiewen.yao@...>; Jiang,
> > Guomin <guomin.jiang@...>
> > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free
in
> > CryptPkcs7VerifyEku
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459
> >
> > SignerCert is part of Pkcs7 instance when both have valid content.
OpenSLL
> > PKCS7_free function will release the memory of SignerCert when
applicable.
> > Freeing SignerCert with X509_free again might cause page fault if use-
> > after-free guard is enabled.
> >
> > Cc: Jian J Wang <jian.j.wang@...>
> > Cc: Xiaoyu Lu <xiaoyux.lu@...>
> > Cc: Jiewen Yao <jiewen.yao@...>
> > Cc: Guomin Jiang <guomin.jiang@...>
> >
> > Signed-off-by: Kun Qin <kun.q@...>
> > ---
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ----
> > 1 file changed, 4 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > index c9fdb65b99d1..40cc39afe7dd 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > @@ -508,10 +508,6 @@ Exit:
> > free (SignedData);
> >
> > }
> >
> >
> >
> > - if (SignerCert != NULL) {
> >
> > - X509_free (SignerCert);
> >
> > - }
> >
> > -
> >
> > if (Pkcs7 != NULL) {
> >
> > PKCS7_free (Pkcs7);
> >
> > }
> >
> > --
> > 2.28.0.windows.1
>
>
>
>
>
|
|
|
回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib
Thanks for your comments. If no other comments, I will sent the patch to revert this patch.
Thanks
Liming
toggle quoted messageShow quoted text
-----邮件原件-----
发件人: Laszlo Ersek <lersek@redhat.com>
发送时间: 2020年11月20日 19:02
收件人: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
gaoliming@byosoft.com.cn; Wang, Jian J <jian.j.wang@intel.com>; Mistry,
Nishant C <nishant.c.mistry@intel.com>
抄送: afish@apple.com; 'Leif Lindholm' <leif@nuviainc.com>; Kinney, Michael
D <michael.d.kinney@intel.com>
主题: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib
On 11/20/20 08:11, Yao, Jiewen wrote:
I agree with Liming.
I recommend we follow the code-freeze process.
"By the date of the soft feature freeze, developers must have sent their patches to the mailing list and received positive maintainer reviews
(Reviewed-by or Acked-by tags)."
The re-design could be compatible in some way. For example, we can keep
old API and define RequestMonotonicCounterEx(),
IncrementMonotonicCounterEx().
I am also thinking that we should check in together with a lib consumer to
show the design to see what is really needed for the counter index.
So I vote to revert the change.
I agree. Without knowing many of the details:
The patch references
<https://bugzilla.tianocore.org/show_bug.cgi?id=2594>;, and that ticket
is a TianoCore Feature Request. Additionally, comment#0 on the BZ says:
"Two more features are needed to be added to non-volatile variable
services [...] This BZ is for RPMC based solution only".
I think the patch should not have been committed.
Thanks
Laszlo
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
gaoliming
Sent: Friday, November 20, 2020 2:55 PM
To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Mistry,
Nishant C <nishant.c.mistry@intel.com>
Cc: afish@apple.com; lersek@redhat.com; 'Leif Lindholm'
<leif@nuviainc.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
RpmcLib
Jian:
The commit message mentions that the re-design requires multiple
RPMC
counter usages.
The library API is also updated to support multiple RPMC. So, I think this
is new feature.
But, this is just my idea. I would like to collect more feedback from the
mail list.
Thanks
Liming
-----邮件原件-----
发件人: Wang, Jian J <jian.j.wang@intel.com>
发送时间: 2020年11月20日 14:33
收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn; Mistry, Nishant C
<nishant.c.mistry@intel.com>
主题: RE: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the RpmcLib
Liming,
Sorry, I didn't notice it. But the patch was just updating the existing
code. It'd
be
more like bug fix than feature, I think.
Regards,
Jian
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Friday, November 20, 2020 2:27 PM
To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>;
Mistry,
Nishant C <nishant.c.mistry@intel.com>
Cc: gaoliming@byosoft.com.cn
Subject: 回复: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to
the
RpmcLib
Jian:
This change is like a feature instead of bug fix. Now, we are in soft
feature freeze phase.
According to SFF definition
https://github.com/tianocore/tianocore.github.io/wiki/SoftFeatureFreeze,
this feature should be deferred to next stable tag.
So, I suggest to revert this change, and merge it after the stable tag
202011.
Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+67669+4905953+8761045@groups.io
<bounce+27952+67669+4905953+8761045@groups.io> 代表 Wang, Jian J
发送时间: 2020年11月18日 11:35
收件人: devel@edk2.groups.io; Mistry, Nishant C
<nishant.c.mistry@intel.com>
主题: Re: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
RpmcLib
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Nishant
Mistry
Sent: Thursday, November 12, 2020 2:49 AM
To: devel@edk2.groups.io
Subject: [edk2-devel] [PATCH] SecurityPkg: Add RPMC Index to the
RpmcLib
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
The re-design requires multiple RPMC counter usages.
The consumer will be capable of selecting amongst multiple counters.
Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
---
SecurityPkg/Include/Library/RpmcLib.h | 6 +++++-
SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/SecurityPkg/Include/Library/RpmcLib.h
b/SecurityPkg/Include/Library/RpmcLib.h
index 5882bfae2f..3c15bce1ce 100644
--- a/SecurityPkg/Include/Library/RpmcLib.h
+++ b/SecurityPkg/Include/Library/RpmcLib.h
@@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/**
Requests the monotonic counter from the designated RPMC
counter.
+ @param[in] CounterIndex The RPMC index
@param[out] CounterValue A pointer to a
buffer
to
store the RPMC
value.
@retval EFI_SUCCESS The operation
completed
successfully.
@@ -23,12 +24,15 @@ SPDX-License-Identifier:
BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
RequestMonotonicCounter (
+ IN UINT8 CounterIndex,
OUT UINT32 *CounterValue
);
/**
Increments the monotonic counter in the SPI flash device by 1.
+ @param[in] CounterIndex The RPMC index
+
@retval EFI_SUCCESS The operation
completed
successfully.
@retval EFI_DEVICE_ERROR A device error
occurred
while attempting
to update the counter.
@retval EFI_UNSUPPORTED The operation is un-supported.
@@ -36,7 +40,7 @@ RequestMonotonicCounter (
EFI_STATUS
EFIAPI
IncrementMonotonicCounter (
- VOID
+ IN UINT8 CounterIndex
);
#endif
diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
index e1dd09eb10..697e493a7c 100644
--- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
+++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
@@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/**
Requests the monotonic counter from the designated RPMC
counter.
+ @param[in] CounterIndex The RPMC index
@param[out] CounterValue A pointer to a
buffer
to
store the RPMC
value.
@retval EFI_SUCCESS The operation
completed
successfully.
@@ -21,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
RequestMonotonicCounter (
+ IN UINT8 CounterIndex,
OUT UINT32 *CounterValue
)
{
@@ -31,6 +33,8 @@ RequestMonotonicCounter (
/**
Increments the monotonic counter in the SPI flash device by 1.
+ @param[in] CounterIndex The RPMC index
+
@retval EFI_SUCCESS The operation
completed
successfully.
@retval EFI_DEVICE_ERROR A device error
occurred
while attempting
to update the counter.
@retval EFI_UNSUPPORTED The operation is un-supported.
@@ -38,7 +42,7 @@ RequestMonotonicCounter (
EFI_STATUS
EFIAPI
IncrementMonotonicCounter (
- VOID
+ IN UINT8 CounterIndex
)
{
ASSERT (FALSE);
--
2.16.2.windows.1
|
|
|
回复: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku
Jiewen: I am OK to merge this bug fix into this stable tag. If no objection, you can merge it tomorrow. Thanks Liming 发件人: bounce+27952+67779+4905953+8761045@groups.io <bounce+27952+67779+4905953+8761045@groups.io> 代表 Yao, Jiewen
发送时间: 2020年11月22日 20:26
收件人: Kun Qin <kun.q@...>; gaoliming <gaoliming@...>; devel@edk2.groups.io
抄送: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>
主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku I can help to merge if it is approved. I will add reviewed-by tag when I merge it. Thank you Yao Jiewen
From: Kun Qin <kun.q@...>
Sent: Sunday, November 22, 2020 3:10 PM
To: gaoliming <gaoliming@...>; devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>
Cc: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>
Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku Hi Liming, It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host provider available to service this request". Please let me know if you have any suggestions. Thanks, Kun Kun:
This is a bug fix. It passed code review. Do you request to merge it for
this stable tag 202011?
Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+67567+4905953+8761045@groups.io
> <bounce+27952+67567+4905953+8761045@groups.io> 代表 Yao, Jiewen
> 发送时间: 2020年11月14日 8:32
> 收件人: Kun Qin <kun.q@...>; devel@edk2.groups.io
> 抄送: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX
> <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; Yao,
> Jiewen <jiewen.yao@...>
> 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer
> double free in CryptPkcs7VerifyEku
>
> Sorry, I missed this email.
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@...>
>
>
> > -----Original Message-----
> > From: Kun Qin <kun.q@...>
> > Sent: Wednesday, October 21, 2020 10:32 AM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX
> > <xiaoyux.lu@...>; Yao, Jiewen <jiewen.yao@...>; Jiang,
> > Guomin <guomin.jiang@...>
> > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free
in
> > CryptPkcs7VerifyEku
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459
> >
> > SignerCert is part of Pkcs7 instance when both have valid content.
OpenSLL
> > PKCS7_free function will release the memory of SignerCert when
applicable.
> > Freeing SignerCert with X509_free again might cause page fault if use-
> > after-free guard is enabled.
> >
> > Cc: Jian J Wang <jian.j.wang@...>
> > Cc: Xiaoyu Lu <xiaoyux.lu@...>
> > Cc: Jiewen Yao <jiewen.yao@...>
> > Cc: Guomin Jiang <guomin.jiang@...>
> >
> > Signed-off-by: Kun Qin <kun.q@...>
> > ---
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ----
> > 1 file changed, 4 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > index c9fdb65b99d1..40cc39afe7dd 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > @@ -508,10 +508,6 @@ Exit:
> > free (SignedData);
> >
> > }
> >
> >
> >
> > - if (SignerCert != NULL) {
> >
> > - X509_free (SignerCert);
> >
> > - }
> >
> > -
> >
> > if (Pkcs7 != NULL) {
> >
> > PKCS7_free (Pkcs7);
> >
> > }
> >
> > --
> > 2.28.0.windows.1
>
>
>
>
>
|
|
|
Re: [edk2-platforms][PATCH 1/1] Platforms/RaspberryPi: add CM4 and 400 as BCM2711 designs
toggle quoted messageShow quoted text
From: devel@edk2.groups.io <devel@edk2.groups.io>
On Behalf Of Andrei Warkentin via groups.io
Sent: Wednesday, November 18, 2020 6:21 PM
To: Andrei Warkentin <andrey.warkentin@...>; devel@edk2.groups.io; leif@...
Cc: Ard Biesheuvel <Ard.Biesheuvel@...>; pete@...; philmd@...
Subject: Re: [edk2-devel] [edk2-platforms][PATCH 1/1] Platforms/RaspberryPi: add CM4 and 400 as BCM2711 designs
Hi Andrei,
On Sun, Nov 15, 2020 at 04:25:27 -0600, Andrei Warkentin wrote:
> Like the Pi 4B, the 3GB/4GB choices apply to it as well.
>
> Signed-off-by: Andrei Warkentin <andrey.warkentin@...>
Patch looks straghtforward enough, but ideally I'd like someone to
chime in with tested-by. That hasn't happened so far - are these
documented anywhere I could easily sanity check myself?
/
Leif
> ---
> Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c
> index 5302ccd8..ade91c9f 100644
> --- a/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c
> +++ b/Platform/RaspberryPi/Drivers/RpiFirmwareDxe/RpiFirmwareDxe.c
> @@ -596,6 +596,10 @@ RpiFirmwareGetModelName (
> return "Raspberry Pi Compute Module 3+";
> case 0x11:
> return "Raspberry Pi 4 Model B";
> + case 0x13:
> + return "Raspberry Pi 400";
> + case 0x14:
> + return "Raspberry Pi Compute Module 4";
> default:
> return "Unknown Raspberry Pi Model";
> }
> @@ -670,6 +674,8 @@ RPiFirmwareGetModelFamily (
> *ModelFamily = 3;
> break;
> case 0x11: // Raspberry Pi 4 Model B
> + case 0x13: // Raspberry Pi 400
> + case 0x14: // Raspberry Pi Computer Module 4
> *ModelFamily = 4;
> break;
> default:
> --
> 2.20.1
>
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose,
or store or copy the information in any medium. Thank you.
|
|
|
Re: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku
I can help to merge if it is approved.
I will add reviewed-by tag when I merge it.
Thank you
Yao Jiewen
toggle quoted messageShow quoted text
From: Kun Qin <kun.q@...>
Sent: Sunday, November 22, 2020 3:10 PM
To: gaoliming <gaoliming@...>; devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@...>
Cc: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>
Subject: RE: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free in CryptPkcs7VerifyEku
Hi Liming,
It will be great if we can get this in. But I have been having trouble sending a v2 patch that incorporates Jiewen’s “Reviewed-by” tag through git command line for the past week (no other changes). It kept giving me an error of "No host
provider available to service this request". Please let me know if you have any suggestions.
Thanks,
Kun
Kun:
This is a bug fix. It passed code review. Do you request to merge it for
this stable tag 202011?
Thanks
Liming
> -----邮件原件-----
> 发件人:
bounce+27952+67567+4905953+8761045@groups.io
> <bounce+27952+67567+4905953+8761045@groups.io>
代表 Yao, Jiewen
> 发送时间: 2020年11月14日
8:32
> 收件人: Kun Qin <kun.q@...>;
devel@edk2.groups.io
> 抄送: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX
> <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; Yao,
> Jiewen <jiewen.yao@...>
> 主题: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer
> double free in CryptPkcs7VerifyEku
>
> Sorry, I missed this email.
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@...>
>
>
> > -----Original Message-----
> > From: Kun Qin <kun.q@...>
> > Sent: Wednesday, October 21, 2020 10:32 AM
> > To: devel@edk2.groups.io
> > Cc: Wang, Jian J <jian.j.wang@...>; Lu, XiaoyuX
> > <xiaoyux.lu@...>; Yao, Jiewen <jiewen.yao@...>; Jiang,
> > Guomin <guomin.jiang@...>
> > Subject: [PATCH v1 1/1] CryptoPkg: BaseCryptLib: Fix buffer double free
in
> > CryptPkcs7VerifyEku
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2459
> >
> > SignerCert is part of Pkcs7 instance when both have valid content.
OpenSLL
> > PKCS7_free function will release the memory of SignerCert when
applicable.
> > Freeing SignerCert with X509_free again might cause page fault if use-
> > after-free guard is enabled.
> >
> > Cc: Jian J Wang <jian.j.wang@...>
> > Cc: Xiaoyu Lu <xiaoyux.lu@...>
> > Cc: Jiewen Yao <jiewen.yao@...>
> > Cc: Guomin Jiang <guomin.jiang@...>
> >
> > Signed-off-by: Kun Qin <kun.q@...>
> > ---
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 ----
> > 1 file changed, 4 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > index c9fdb65b99d1..40cc39afe7dd 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
> > @@ -508,10 +508,6 @@ Exit:
> > free (SignedData);
> >
> > }
> >
> >
> >
> > - if (SignerCert != NULL) {
> >
> > - X509_free (SignerCert);
> >
> > - }
> >
> > -
> >
> > if (Pkcs7 != NULL) {
> >
> > PKCS7_free (Pkcs7);
> >
> > }
> >
> > --
> > 2.28.0.windows.1
>
>
>
>
>
|
|
|
TianoCore Design Meeting - APAC/NAMO - Fri, 11/27/2020 9:30am-10:30am
#cal-reminder
devel@edk2.groups.io Calendar <devel@...>
|
|
|
[PATCH edk2-test 1/1] uefi-sct/SctPkg: OpenEx incorrect assertion
Heinrich Schuchardt
The functional tests for OpenEx() use RecordAssertion() statements that
lack a print code for the Tpl argument. This leads to a segmentation
violation.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
=2D--
.../SimpleFileSystemExBBTestFunction_OpenEx.c | 8 ++++----
.../SimpleFileSystemExBBTestFunction_OpenEx.c | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/SimpleFileSystem/B=
lackBoxTest/SimpleFileSystemExBBTestFunction_OpenEx.c b/uefi-sct/SctPkg/Te=
stCase/UEFI/EFI/Protocol/SimpleFileSystem/BlackBoxTest/SimpleFileSystemExB=
BTestFunction_OpenEx.c
index c2bf9b4fdc92..193383993cbe 100644
=2D-- a/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/SimpleFileSystem/BlackB=
oxTest/SimpleFileSystemExBBTestFunction_OpenEx.c
+++ b/uefi-sct/SctPkg/TestCase/UEFI/EFI/Protocol/SimpleFileSystem/BlackBox=
Test/SimpleFileSystemExBBTestFunction_OpenEx.c
@@ -1155,7 +1155,7 @@ BBTestOpenExBasicTestCheckpoint1_Test1_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid027,
L"OpenEx() Basic Test - checkpoint1 ----Test1----Asy=
nc",
- L"%a:%d: FileIoEntity->Tpl, Status - %r, File Name -=
%",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
@@ -2152,7 +2152,7 @@ BBTestOpenExBasicTestCheckpoint1_Test3_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid039,
L"OpenEx() Basic Test - checkpoint1 ---Async",
- L"%a:%d: FileIoEntity->Tpl,Status - %r,FileName - %s=
",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
@@ -2656,7 +2656,7 @@ BBTestOpenExBasicTestCheckpoint1_Test4_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid043,
L"OpenEx() Basic Test - checkpoint1 ---Async -- Test=
4----Open File",
- L"%a:%d: FileIoEntity->Tpl,Status - %r,FileName - %s=
",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
@@ -3302,7 +3302,7 @@ BBTestOpenExBasicTestCheckpoint1_Test5_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid047,
L"OpenEx() Basic Test - checkpoint1 ---Async -- Test=
5---Open File",
- L"%a:%d: FileIoEntity->Tpl,Status - %r,FileName - %s=
",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
diff --git a/uefi-sct/SctPkg/TestCase/UEFI/IHV/Protocol/SimpleFileSystem/B=
lackBoxTest/SimpleFileSystemExBBTestFunction_OpenEx.c b/uefi-sct/SctPkg/Te=
stCase/UEFI/IHV/Protocol/SimpleFileSystem/BlackBoxTest/SimpleFileSystemExB=
BTestFunction_OpenEx.c
index 70ec88f1c065..894d42fc370d 100644
=2D-- a/uefi-sct/SctPkg/TestCase/UEFI/IHV/Protocol/SimpleFileSystem/BlackB=
oxTest/SimpleFileSystemExBBTestFunction_OpenEx.c
+++ b/uefi-sct/SctPkg/TestCase/UEFI/IHV/Protocol/SimpleFileSystem/BlackBox=
Test/SimpleFileSystemExBBTestFunction_OpenEx.c
@@ -1155,7 +1155,7 @@ BBTestOpenExBasicTestCheckpoint1_Test1_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid027,
L"OpenEx() Basic Test - checkpoint1 ----Test1----Asy=
nc",
- L"%a:%d: FileIoEntity->Tpl, Status - %r, File Name -=
%",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
@@ -2152,7 +2152,7 @@ BBTestOpenExBasicTestCheckpoint1_Test3_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid039,
L"OpenEx() Basic Test - checkpoint1 ---Async",
- L"%a:%d: FileIoEntity->Tpl,Status - %r,FileName - %s=
",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
@@ -2656,7 +2656,7 @@ BBTestOpenExBasicTestCheckpoint1_Test4_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid043,
L"OpenEx() Basic Test - checkpoint1 ---Async -- Test=
4----Open File",
- L"%a:%d: FileIoEntity->Tpl,Status - %r,FileName - %s=
",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
@@ -3302,7 +3302,7 @@ BBTestOpenExBasicTestCheckpoint1_Test5_Async (
EFI_TEST_ASSERTION_FAILED,
gSimpleFileSystemExBBTestFunctionAssertionGuid047,
L"OpenEx() Basic Test - checkpoint1 ---Async -- Test=
5---Open File",
- L"%a:%d: FileIoEntity->Tpl,Status - %r,FileName - %s=
",
+ L"%a:%d: Tpl - %d, Status - %r, FileName - %s",
__FILE__,
(UINTN)__LINE__,
FileIoEntity->Tpl,
=2D-
2.29.2
|
|
|
Re: 回复: [edk2-devel] A proposal to reduce incompatible case
Hi all,
Thanks all for the comments.
Hi Jiewen:
I think we are thinking from the different aspects.
I want the XXPkgLib.dsc.inc to specify the default library instance that the package will consumes.
You may want it to specify the default library instance that the package will produce.
I now think your way makes more sense, and also align with the implement in NetworkPkg.
I will follow your way when working on the demo code.
Hi Bret:
I see you point about that platform should be like platform and should only change in the stable tag.
I partly agree with you, but in fact there are some projects need to keep the Edk2 updated frequently.
And my proposal should also be an optional way to add the library instance.
Platform dsc can also choose the original way. I think it is at least harmless if some platforms choose not to use this way.
Hi Lazlo:
I agree with you that this proposal should only extract "Single-instance".
After all, this proposal is meant to reduce incompatible case like this VaribalePolicyLib.
I want to the platform to be "Seamless update" in such case.
However, if this lib has two instances, it is a platform's choice and platform owner should be aware the change.
Therefore, "Single-instance" and "Multiple-instance" should be totally different case, and we should only enable this proposal to "Single-instance".
Hi Liming and Ard,
Thanks for liking this idea.
I plan to work on the demo code next week and send it here for more comments.
BTW, about the file name, I want to it to follow the existing rule of NetworkPkg and ArmVirtPkg.
I think for MdeModulePkg, "MdeModuleLibs.dsc.inc" will be better.
Thanks
Zhiguang
toggle quoted messageShow quoted text
-----Original Message-----
From: Laszlo Ersek <lersek@redhat.com>
Sent: Friday, November 20, 2020 7:18 PM
To: Ard Biesheuvel <ard.biesheuvel@arm.com>; gaoliming
<gaoliming@byosoft.com.cn>; devel@edk2.groups.io; Yao, Jiewen
<jiewen.yao@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>;
michael.kubacki@outlook.com; awarkentin@vmware.com;
debtech@gmail.com; Feng, Bob C <bob.c.feng@intel.com>; Tian, Hot
<hot.tian@intel.com>
Cc: 'Bret Barkelew' <bret@corthon.com>; Bi, Dandan <dandan.bi@intel.com>;
'Chao Zhang' <chao.b.zhang@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
Wu, Hao A <hao.a.wu@intel.com>; 'Liming Gao' <liming.gao@intel.com>;
Justen, Jordan L <jordan.l.justen@intel.com>; 'Andrew Fish' <afish@apple.com>;
Ni, Ray <ray.ni@intel.com>; 'Bret Barkelew' <brbarkel@microsoft.com>;
Kinney, Michael D <michael.d.kinney@intel.com>
Subject: Re: 回复: [edk2-devel] A proposal to reduce incompatible case
On 11/20/20 10:02, Ard Biesheuvel wrote:
On 11/20/20 8:27 AM, gaoliming wrote:
Zhiguang:
This proposal can reduce the potential library class dependency.
Each package has its xxxPkgLib.dsc.inc file that includes the library
instances from this package.
Platform DSC can include the required package lib.dsc.inc file for
the library instances. Can you work out the code changes to
demonstrate this idea?
+1 for this idea. This would allow us to remove a *lot* of boilerplate
in the .DSC files, and focus on the libraries that actually matter for
the platform at hand. I feel like I'm in *cautious* agreement with this idea.
In particular, I'd *only* like those lib class -> lib instance resolutions to be
extracted, to DSC include files, that *cannot* involve platform choice. To put it
differently, single-instance lib classes.
("Single-instance" can be interpreted per module type / per architecture of
course -- so if a lib class has exactly 1 instance for PEIMs and exactly 1
(different) instance for DXE_DRIVERs, then those resolutions qualify for
extraction.)
If a library class genuinely has multiple instances in core edk2, then extracting
a "default" resolution would be *wrong*, in my opinion. Every platform needs
to make the choice explicitly, in such cases. This applies even if a lib class only
has two instances, a functional one, and a Null one. The functional one should
not be assumed default.
Example: extracting the UefiLib resolution is valid. Extracting a SerialPortLib
class resolution is invalid.
Basically, I'd like to avoid *overrides*. Overrides are terribly hard to reason
about.
... If someone wants to work on this, they'll have to implement this with *super
small* patches, where every patch extracts resolutions for just one lib class. I
would reject any patch that required me to review the extraction of two or
more lib classes, from an OVMF or ArmVirt DSC file, at the same time.
There is big potential in this proposal for making platform DSC files
*permanently* more difficult to understand & analyze. I don't immediately see
this proposal as a good solution for avoiding the current kind of platform DSC
breakage. Platform CI would be much better, in my opinion. The proposal does
seem workable, but the implementation needs to be surgical, IMO.
OK, I'll get off my soap box now.
Thanks
Laszlo
|
|
|
Re: [PATCH RESEND 0/1] security fix: possible heap corruption with LzmaUefiDecompressGetInfo
|
|
|
Re: 回复: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)
On 11/20/20 06:30, gaoliming wrote: Laszlo:
I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. Merged as commit range 6c8dd15c4ae4..47343af30435, via < https://github.com/tianocore/edk2/pull/1137>;. Thanks, Laszlo
In BZ, there is no CVE number. So, I want to confirm whether CVE number is required.
Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+67707+4905953+8761045@groups.io
<bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek
发送时间: 2020年11月19日 18:54
收件人: edk2-devel-groups-io <devel@edk2.groups.io>
抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>;
Jian J Wang <jian.j.wang@intel.com>; Liming Gao
<gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com>
主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV
recursion, round 2 (DXE Core)
Repo: https://pagure.io/lersek/edk2.git
Branch: tianocore_1743_v2_resend
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
"RESEND" because I'm publicly posting the patches from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>;.
The Reviewed-by tags on the patches originate from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20>; and
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>;.
Retested with Liming's reproducer; see
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16>; and
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>;.
This series targets edk2-stable202011. I plan to merge it later this
week, based on Liming's R-b.
Liming, highlighting TianoCore#1743 in the "proposed features" list
could be useful.
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Thanks!
Laszlo
Laszlo Ersek (2):
MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
FindChildNode()
MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
MdeModulePkg/MdeModulePkg.dec
| 6 +++
MdeModulePkg/MdeModulePkg.uni
| 6 +++
MdeModulePkg/Core/Dxe/DxeMain.inf
| 1 +
MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52
+++++++++++++++++---
4 files changed, 59 insertions(+), 6 deletions(-)
--
2.19.1.3.g30247aa5d201
|
|
|
Re: [PATCH v2 1/1] [tianocore-docs edk2-TemplateSpecification] Fix the initial version to be "0.10" instead of "0.l0"
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
toggle quoted messageShow quoted text
-----Original Message-----
From: Rebecca Cran <rebecca@nuviainc.com>
Sent: Friday, November 20, 2020 12:10 PM
To: devel@edk2.groups.io
Cc: Rebecca Cran <rebecca@nuviainc.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Subject: [PATCH v2 1/1] [tianocore-docs edk2-TemplateSpecification] Fix the initial version to be "0.10" instead of "0.l0"
The initial revision used the letter 'l' instead of the number '1'
in "0.10".
Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
Contributed-under: TianoCore Contribution Agreement 1.1
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 30edb2a17030..c09b680433bd 100644
--- a/README.md
+++ b/README.md
@@ -78,5 +78,5 @@ Copyright (c) 2017, Intel Corporation. All rights reserved.
| Revision | Revision History | Date |
| ---------- | ------------------ | ----------- |
-| 0.l0 | Initial release. | March 2017 |
+| 0.10 | Initial release. | March 2017 |
| 0.20 | Second release. | March 2017 |
--
2.26.2
|
|
|
[PATCH v2 1/1] [tianocore-docs edk2-TemplateSpecification] Fix the initial version to be "0.10" instead of "0.l0"
The initial revision used the letter 'l' instead of the number '1'
in "0.10".
Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
Contributed-under: TianoCore Contribution Agreement 1.1
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 30edb2a17030..c09b680433bd 100644
--- a/README.md
+++ b/README.md
@@ -78,5 +78,5 @@ Copyright (c) 2017, Intel Corporation. All rights reserved.
| Revision | Revision History | Date |
| ---------- | ------------------ | ----------- |
-| 0.l0 | Initial release. | March 2017 |
+| 0.10 | Initial release. | March 2017 |
| 0.20 | Second release. | March 2017 |
--
2.26.2
|
|
|
Re: [PATCH 0/1] [tianocore-docs edk2-TemplateSpecification] Fix the "initial version" to use the number 1 instead of the letter 'l'
Hi Rebecca,
Document source/binary files use a different license than source code files.
The following line is required for patches against documents in repositories
the tianocore-docs organization.
Contributed-under: TianoCore Contribution Agreement 1.1
Thanks,
Mike
toggle quoted messageShow quoted text
-----Original Message-----
From: Rebecca Cran <rebecca@nuviainc.com>
Sent: Friday, November 20, 2020 6:56 AM
To: devel@edk2.groups.io
Cc: Rebecca Cran <rebecca@nuviainc.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Subject: [PATCH 0/1] [tianocore-docs edk2-TemplateSpecification] Fix the "initial version" to use the number 1 instead of
the letter 'l'
I presume the CONTRIBUTIONS.txt document in the various tianocore-docs repos
is outdated and we no longer need the "Contributed-under: TianoCore Contribution Agreement 1.0"?
This patch simply changes "0.l0" to "0.10" for the first version in the template.
Rebecca Cran (1):
Fix the initial version to be "0.10" instead of "0.l0"
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.26.2
|
|
|
Re: [edk2-platform][PATCH 1/3] Silicon/Qemu: Fix PCD numbering in SbsaQemu
On Thu, 19 Nov 2020 at 20:28, Tomas Pilar < tomas@...> wrote: Fix the PCD numbering for PcdPciExpressBarLimit to be sequential.
Cc: Leif Lindholm <leif@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Cc: Tanmay Jagdale <tanmay.jagdale@...>
Signed-off-by: Tomas Pilar <tomas@...>
Tested this patch series and didn't face any issues.
---
Silicon/Qemu/SbsaQemu/SbsaQemu.dec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Silicon/Qemu/SbsaQemu/SbsaQemu.dec b/Silicon/Qemu/SbsaQemu/SbsaQemu.dec
index 1bc3e35b9b..2831781c4e 100644
--- a/Silicon/Qemu/SbsaQemu/SbsaQemu.dec
+++ b/Silicon/Qemu/SbsaQemu/SbsaQemu.dec
@@ -45,7 +45,7 @@
# PCDs complementing gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
# BarLimit = BaseAddress + Size - 1
gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdPciExpressBarSize|0x10000000|UINT64|0x00000009
- gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdPciExpressBarLimit|0xFFFFFFFF|UINT64|0x00000010
+ gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdPciExpressBarLimit|0xFFFFFFFF|UINT64|0x000000a
[PcdsDynamic.common]
gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdCoreCount|0x1|UINT32|0x00000100
--
2.25.1
|
|
|
Re: [edk2-platforms][PATCH 1/1] RaspberryPi: get RPi4 and RPi3 building again.
On 11/19/20 1:01 AM, Andrei Warkentin wrote: Add VariablePolicyLib and its dependency.
Testing: Pi 4 boot.
Signed-off-by: Andrei Warkentin <andrey.warkentin@gmail.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Pushed as 879f483ce455..663c3108f730 Thanks all, ---
Platform/RaspberryPi/RPi3/RPi3.dsc | 3 +++
Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +++
2 files changed, 6 insertions(+)
diff --git a/Platform/RaspberryPi/RPi3/RPi3.dsc b/Platform/RaspberryPi/RPi3/RPi3.dsc
index 325d7bdb..9408138d 100644
--- a/Platform/RaspberryPi/RPi3/RPi3.dsc
+++ b/Platform/RaspberryPi/RPi3/RPi3.dsc
@@ -169,6 +169,8 @@
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
GpioLib|Silicon/Broadcom/Bcm283x/Library/GpioLib/GpioLib.inf
[LibraryClasses.common.SEC]
@@ -218,6 +220,7 @@
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
EfiResetSystemLib|Platform/RaspberryPi/Library/ResetLib/ResetLib.inf
ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
diff --git a/Platform/RaspberryPi/RPi4/RPi4.dsc b/Platform/RaspberryPi/RPi4/RPi4.dsc
index c994f56d..4e5a36ed 100644
--- a/Platform/RaspberryPi/RPi4/RPi4.dsc
+++ b/Platform/RaspberryPi/RPi4/RPi4.dsc
@@ -169,6 +169,8 @@
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
GpioLib|Silicon/Broadcom/Bcm283x/Library/GpioLib/GpioLib.inf
#
@@ -226,6 +228,7 @@
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
EfiResetSystemLib|Platform/RaspberryPi/Library/ResetLib/ResetLib.inf
ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
|
|
|
Re: [PATCH edk2-platforms v1 1/1] Platform/ARM: Add VariablePolicy and SafeInt
On 11/20/20 3:53 PM, Joey Gouly wrote: Fixes the build breakage introduced by b6490426e320:
MdeModulePkg: Connect VariablePolicy business logic to VariableServices
Signed-off-by: Joey Gouly <joey.gouly@arm.com>
---
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Pushed as adcb0c92ca57..879f483ce455 Thanks! And welcome :-) The changes can be seen at:
https://github.com/jgouly/edk2-platforms/tree/1561_fix_variable_policy_v1
Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
index 6f4621393a9713705e360a1c9ad019a6ad93a0a4..b0a48d6c041c35f2c7de6b02e54ddf104774c7c9 100644
--- a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
+++ b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
@@ -36,6 +36,7 @@ [LibraryClasses.common]
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
@@ -140,6 +141,8 @@ [LibraryClasses.common]
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
@@ -227,6 +230,7 @@ [LibraryClasses.common.DXE_RUNTIME_DRIVER]
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
!endif
|
|
|
[PATCH 1/1] [tianocore-docs edk2-TemplateSpecification] Fix the initial version to be "0.10" instead of "0.l0"
The initial revision used the letter 'l' instead of the number '1'
in "0.10".
Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 30edb2a17030..c09b680433bd 100644
--- a/README.md
+++ b/README.md
@@ -78,5 +78,5 @@ Copyright (c) 2017, Intel Corporation. All rights reserved.
| Revision | Revision History | Date |
| ---------- | ------------------ | ----------- |
-| 0.l0 | Initial release. | March 2017 |
+| 0.10 | Initial release. | March 2017 |
| 0.20 | Second release. | March 2017 |
--
2.26.2
|
|
|
[PATCH 0/1] [tianocore-docs edk2-TemplateSpecification] Fix the "initial version" to use the number 1 instead of the letter 'l'
I presume the CONTRIBUTIONS.txt document in the various tianocore-docs repos
is outdated and we no longer need the "Contributed-under: TianoCore Contribution Agreement 1.0"?
This patch simply changes "0.l0" to "0.10" for the first version in the template.
Rebecca Cran (1):
Fix the initial version to be "0.10" instead of "0.l0"
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.26.2
|
|
|
Re: 回复: [edk2-devel] A proposal to reduce incompatible case
On 11/20/20 10:02, Ard Biesheuvel wrote: On 11/20/20 8:27 AM, gaoliming wrote:
Zhiguang:
This proposal can reduce the potential library class dependency.
Each package has its xxxPkgLib.dsc.inc file that includes the library
instances from this package.
Platform DSC can include the required package lib.dsc.inc file for
the library instances. Can you work out the code changes to
demonstrate this idea?
+1 for this idea. This would allow us to remove a *lot* of boilerplate
in the .DSC files, and focus on the libraries that actually matter for
the platform at hand. I feel like I'm in *cautious* agreement with this idea. In particular, I'd *only* like those lib class -> lib instance resolutions to be extracted, to DSC include files, that *cannot* involve platform choice. To put it differently, single-instance lib classes. ("Single-instance" can be interpreted per module type / per architecture of course -- so if a lib class has exactly 1 instance for PEIMs and exactly 1 (different) instance for DXE_DRIVERs, then those resolutions qualify for extraction.) If a library class genuinely has multiple instances in core edk2, then extracting a "default" resolution would be *wrong*, in my opinion. Every platform needs to make the choice explicitly, in such cases. This applies even if a lib class only has two instances, a functional one, and a Null one. The functional one should not be assumed default. Example: extracting the UefiLib resolution is valid. Extracting a SerialPortLib class resolution is invalid. Basically, I'd like to avoid *overrides*. Overrides are terribly hard to reason about. ... If someone wants to work on this, they'll have to implement this with *super small* patches, where every patch extracts resolutions for just one lib class. I would reject any patch that required me to review the extraction of two or more lib classes, from an OVMF or ArmVirt DSC file, at the same time. There is big potential in this proposal for making platform DSC files *permanently* more difficult to understand & analyze. I don't immediately see this proposal as a good solution for avoiding the current kind of platform DSC breakage. Platform CI would be much better, in my opinion. The proposal does seem workable, but the implementation needs to be surgical, IMO. OK, I'll get off my soap box now. Thanks Laszlo
|
|
|
