Date   

Re: [PATCH] BaseTools: Change non-ascii character of StructurePcd comment

Yuwei Chen
 

Thanks for reminder~ : )
Thus personally think if do not want the non-ascii character in StructurePcd dsc file, the remove or change operation should be covered by ConvertFceToStructurePcd.py

Thanks,
Christine

-----Original Message-----
From: gaoliming <gaoliming@...>
Sent: Thursday, April 29, 2021 9:18 AM
To: devel@edk2.groups.io; Chen, Christine <yuwei.chen@...>; Kinney,
Michael D <michael.d.kinney@...>
Cc: Feng, Bob C <bob.c.feng@...>
Subject: 回复: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of
StructurePcd comment

Christine:
FCE prints HII question information that is from HII driver UNI file. It may
have non-ascii character.

Thanks
Liming
-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Yuwei Chen
发送时间: 2021年4月29日 8:25
收件人: Kinney, Michael D <michael.d.kinney@...>;
devel@edk2.groups.io
抄送: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
主题: Re: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of
StructurePcd comment

Hi Mike,

The StructurePcd dsc file generated by our tool will have the
non-ASCII character.
The input file of ConvertFceToStructurePcd.py is generated by FCE
tool, which has the circle R non-ASCII character. This patch change
this character to ACSII character when using
ConvertFceToStructurePcd.py to generate the StructurePcd dsc file.

Best Regards,
Christine

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, April 29, 2021 12:10 AM
To: devel@edk2.groups.io; Chen, Christine <yuwei.chen@...>;
Kinney,
Michael D <michael.d.kinney@...>
Cc: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
Subject: RE: [edk2-devel] [PATCH] BaseTools: Change non-ascii
character of StructurePcd comment

What file type contains the non-ASCII character?

I would prefer to see the source file with non ASCII character be
updated instead of building this conversion into the tools.

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Yuwei Chen
Sent: Wednesday, April 28, 2021 1:45 AM
To: devel@edk2.groups.io
Cc: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
Subject: [edk2-devel] [PATCH] BaseTools: Change non-ascii
character of StructurePcd comment

Currently, the ConvertFceToStructurePcd.py tool generate
StructurePcd dsc file with comments including non-ascii character
circle R. This patch changes the non-ascii character circle R to
(R) when adding the comment.

Cc: Bob Feng <bob.c.feng@...>
Cc: Liming Gao <gaoliming@...>
Signed-off-by: Yuwei Chen <yuwei.chen@...>
---
BaseTools/Scripts/ConvertFceToStructurePcd.py | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/BaseTools/Scripts/ConvertFceToStructurePcd.py
b/BaseTools/Scripts/ConvertFceToStructurePcd.py
index 2052db8c4b..d029ed6a28 100644
--- a/BaseTools/Scripts/ConvertFceToStructurePcd.py
+++ b/BaseTools/Scripts/ConvertFceToStructurePcd.py
@@ -285,6 +285,10 @@ class Config(object):
comment_list = value_re.findall(line) # the string \\... in "Q...."
line
comment_list[0] = comment_list[0].replace('//', '')
comment = comment_list[0].strip()
+ comment_b = bytes(comment, encoding = "utf8")
+ if b"\xae" in comment_b:
+ comment_b = comment_b.replace(b"\xc2\xae", b"(R)") #
Change
the circle "R" character to ascii character
+ comment = str(comment_b, encoding = "utf-8")
line=value_re.sub('',line) #delete \\... in "Q...." line
list1=line.split(' ')
value=self.value_parser(list1)
--
2.26.1.windows.1








回复: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of StructurePcd comment

gaoliming
 

Christine:
FCE prints HII question information that is from HII driver UNI file. It may have non-ascii character.

Thanks
Liming

-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Yuwei Chen
发送时间: 2021年4月29日 8:25
收件人: Kinney, Michael D <michael.d.kinney@...>;
devel@edk2.groups.io
抄送: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
主题: Re: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of
StructurePcd comment

Hi Mike,

The StructurePcd dsc file generated by our tool will have the non-ASCII
character.
The input file of ConvertFceToStructurePcd.py is generated by FCE tool, which
has the circle R non-ASCII character. This patch change this character to ACSII
character when using ConvertFceToStructurePcd.py to generate the
StructurePcd dsc file.

Best Regards,
Christine

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, April 29, 2021 12:10 AM
To: devel@edk2.groups.io; Chen, Christine <yuwei.chen@...>;
Kinney,
Michael D <michael.d.kinney@...>
Cc: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
Subject: RE: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of
StructurePcd comment

What file type contains the non-ASCII character?

I would prefer to see the source file with non ASCII character be updated
instead of building this conversion into the tools.

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yuwei
Chen
Sent: Wednesday, April 28, 2021 1:45 AM
To: devel@edk2.groups.io
Cc: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
Subject: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of
StructurePcd comment

Currently, the ConvertFceToStructurePcd.py tool generate StructurePcd
dsc file with comments including non-ascii character circle R. This
patch changes the non-ascii character circle R to (R) when adding the
comment.

Cc: Bob Feng <bob.c.feng@...>
Cc: Liming Gao <gaoliming@...>
Signed-off-by: Yuwei Chen <yuwei.chen@...>
---
BaseTools/Scripts/ConvertFceToStructurePcd.py | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/BaseTools/Scripts/ConvertFceToStructurePcd.py
b/BaseTools/Scripts/ConvertFceToStructurePcd.py
index 2052db8c4b..d029ed6a28 100644
--- a/BaseTools/Scripts/ConvertFceToStructurePcd.py
+++ b/BaseTools/Scripts/ConvertFceToStructurePcd.py
@@ -285,6 +285,10 @@ class Config(object):
comment_list = value_re.findall(line) # the string \\... in "Q...."
line
comment_list[0] = comment_list[0].replace('//', '')
comment = comment_list[0].strip()
+ comment_b = bytes(comment, encoding = "utf8")
+ if b"\xae" in comment_b:
+ comment_b = comment_b.replace(b"\xc2\xae", b"(R)") #
Change
the circle "R" character to ascii character
+ comment = str(comment_b, encoding = "utf-8")
line=value_re.sub('',line) #delete \\... in "Q...." line
list1=line.split(' ')
value=self.value_parser(list1)
--
2.26.1.windows.1








回复: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64

gaoliming
 

Rebecca:

-----邮件原件-----
发件人: Rebecca Cran <rebecca@...>
发送时间: 2021年4月29日 4:44
收件人: devel@edk2.groups.io
抄送: Rebecca Cran <rebecca@...>; Jiewen Yao
<jiewen.yao@...>; Jian J Wang <jian.j.wang@...>; Michael D
Kinney <michael.d.kinney@...>; Liming Gao
<gaoliming@...>; Zhiguang Liu <zhiguang.liu@...>; Ard
Biesheuvel <ardb+tianocore@...>; Sami Mujawar
<Sami.Mujawar@...>
主题: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64

AARCH64 support has been added to BaseRngLib via the optional
ARMv8.5 FEAT_RNG.

Refactor RngDxe to support AARCH64, note support for it in the
VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.

Signed-off-by: Rebecca Cran <rebecca@...>
---
SecurityPkg/SecurityPkg.dsc |
11 +-
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf |
19 +++-
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h |
37 ++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h |
0
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h |
88 ++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c |
54 +++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c |
108 ++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c |
0
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c |
120 ++++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c |
117 ++++---------------
12 files changed, 450 insertions(+), 104 deletions(-)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 12ccd1634941..bd4b810bce61 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -259,6 +259,12 @@ [Components]
[Components.IA32, Components.X64, Components.ARM,
Components.AARCH64]
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf

+[Components.IA32, Components.X64, Components.AARCH64]
+ #
+ # Random Number Generator
+ #
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
[Components.IA32, Components.X64]

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
xe.inf

@@ -334,11 +340,6 @@ [Components.IA32, Components.X64]

SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresence
Lib.inf

SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic
alPresenceLib.inf

- #
- # Random Number Generator
- #
- SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
-
#
# Opal Password solution
#
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 99d6f6b35fc2..c188b6076c00 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -26,15 +26,24 @@ [Defines]
#
# The following information is for reference only and not required by the
build tools.
#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#

[Sources.common]
RngDxe.c
- RdRand.c
- RdRand.h
- AesCore.c
- AesCore.h
+ RngDxeInternals.h
+
+[Sources.IA32, Sources.X64]
+ Rand/RngDxe.c
+ Rand/RdRand.c
+ Rand/RdRand.h
+ Rand/AesCore.c
+ Rand/AesCore.h
+
+[Sources.AARCH64]
+ AArch64/RngDxe.c
+ AArch64/Rndr.c
+ AArch64/Rndr.h

[Packages]
MdePkg/MdePkg.dec
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
new file mode 100644
index 000000000000..458faa834a3d
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
@@ -0,0 +1,37 @@
+/** @file
+ Header for the RNDR APIs used by RNG DXE driver.
+
+ Support API definitions for RNDR instruction access.
+
+
+ Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNDR_H_
+#define RNDR_H_
+
+#include <Library/BaseLib.h>
+#include <Protocol/Rng.h>
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random
result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ );
+
+#endif // RNDR_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
new file mode 100644
index 000000000000..7e38fc2564f6
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
@@ -0,0 +1,88 @@
+/** @file
+ Function prototypes for UEFI Random Number Generator protocol
support.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNGDXE_INTERNALS_H_
+#define RNGDXE_INTERNALS_H_
+
+extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
+
+/**
+ Returns information about the random number generation
implementation.
+
+ @param[in] This A pointer to the
EFI_RNG_PROTOCOL instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
RNGAlgorithmList.
+ On output with a return code
of EFI_SUCCESS, the size
+ in bytes of the data returned
in RNGAlgorithmList. On output
+ with a return code of
EFI_BUFFER_TOO_SMALL,
+ the size of RNGAlgorithmList
required to obtain the list.
+ @param[out] RNGAlgorithmList A caller-allocated memory
buffer filled by the driver
+ with one
EFI_RNG_ALGORITHM element for each supported
+ RNG algorithm. The list must
not change across multiple
+ calls to the same driver. The
first algorithm in the list
+ is the default algorithm for
the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was
returned successfully.
+ @retval EFI_UNSUPPORTED The services is not supported
by this driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could
not be retrieved due to a
+ hardware or firmware error.
+ @retval EFI_INVALID_PARAMETER One or more of the
parameters are incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList
is too small to hold the result.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ );
+
+/**
+ Produces and returns an RNG value using either the default or specified
RNG algorithm.
+
+ @param[in] This A pointer to the
EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the
EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be
NULL in which case the function will
+ use its default RNG
algorithm.
+ @param[in] RNGValueLength The length in bytes of the
memory buffer pointed to by
+ RNGValue. The driver shall
return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory
buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned
successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by
RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be
retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random
data available to satisfy the length
+ requested by
RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or
RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ );
+
+/**
+ Returns the size of the RNG algorithms structure.
+
+ @return Size of the EFI_RNG_ALGORITHM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ );
+
+#endif // RNGDXE_INTERNALS_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
new file mode 100644
index 000000000000..36166a9cbc13
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
@@ -0,0 +1,54 @@
+/** @file
+ Support routines for RNDR instruction access.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
+
+#include "Rndr.h"
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random
result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ )
+{
+ BOOLEAN IsRandom;
+ UINT64 TempRand;
+
+ while (Length > 0) {
+ IsRandom = GetRandomNumber64 (&TempRand);
+ if (!IsRandom) {
+ return EFI_NOT_READY;
+ }
+ if (Length >= sizeof (TempRand)) {
+ WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
+ RandBuffer += sizeof (UINT64);
+ Length -= sizeof (TempRand);
+ } else {
+ CopyMem (RandBuffer, &TempRand, Length);
+ Length = 0;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
Can this function be shared between X86 and AARCH64?

Thanks
Liming
diff --git
a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
new file mode 100644
index 000000000000..18cca825e72d
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
@@ -0,0 +1,108 @@
+/** @file
+ RNG Driver to produce the UEFI Random Number Generator protocol.
+
+ The driver will use the new RNDR instruction to produce high-quality,
high-performance
+ entropy and random number.
+
+ RNG Algorithms defined in UEFI 2.4:
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_RAW - Supported
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
+
+#include "Rndr.h"
+
+//
+// Supported RNG Algorithms list by this driver.
+//
+EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
+ EFI_RNG_ALGORITHM_RAW
+};
+
+/**
+ Produces and returns an RNG value using either the default or specified
RNG algorithm.
+
+ @param[in] This A pointer to the
EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the
EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be
NULL in which case the function will
+ use its default RNG
algorithm.
+ @param[in] RNGValueLength The length in bytes of the
memory buffer pointed to by
+ RNGValue. The driver shall
return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory
buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned
successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by
RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be
retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random
data available to satisfy the length
+ requested by
RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or
RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ EFI_STATUS Status;
+
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (RNGAlgorithm == NULL) {
+ //
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.
+ //
+ RNGAlgorithm = &gEfiRngAlgorithmRaw;
+ }
+
+ //
+ // The "raw" algorithm is intended to provide entropy directly
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+ Status = RndrGetBytes (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // Other algorithms are unsupported by this driver.
+ //
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Returns the size of the RNG algorithms structure.
+
+ @return Size of the EFI_RNG_ALGORITHM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ )
+{
+ return sizeof (mSupportedRngAlgorithms);
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
new file mode 100644
index 000000000000..cf0bebd6a386
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -0,0 +1,120 @@
+/** @file
+ RNG Driver to produce the UEFI Random Number Generator protocol.
+
+ The driver will use the new RDRAND instruction to produce high-quality,
high-performance
+ entropy and random number.
+
+ RNG Algorithms defined in UEFI 2.4:
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
+ (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based
DRBG)
+ - EFI_RNG_ALGORITHM_RAW - Supported
+ (Structuring RDRAND invocation can be guaranteed as high-quality
entropy source)
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "RdRand.h"
+
+//
+// Supported RNG Algorithms list by this driver.
+//
+EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
+ EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
+ EFI_RNG_ALGORITHM_RAW
+};
+
+/**
+ Produces and returns an RNG value using either the default or specified
RNG algorithm.
+
+ @param[in] This A pointer to the
EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the
EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be
NULL in which case the function will
+ use its default RNG
algorithm.
+ @param[in] RNGValueLength The length in bytes of the
memory buffer pointed to by
+ RNGValue. The driver shall
return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory
buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned
successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by
RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be
retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random
data available to satisfy the length
+ requested by
RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or
RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ EFI_STATUS Status;
+
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = EFI_UNSUPPORTED;
+ if (RNGAlgorithm == NULL) {
+ //
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.
+ //
+ RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
+ }
+
+ //
+ // NIST SP800-90-AES-CTR-256 supported by RDRAND
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid))
{
+ Status = RdRandGetBytes (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // The "raw" algorithm is intended to provide entropy directly
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+ //
+ // When a DRBG is used on the output of a entropy source,
+ // its security level must be at least 256 bits according to UEFI
Spec.
+ //
+ if (RNGValueLength < 32) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // Other algorithms were unsupported by this driver.
+ //
+ return Status;
+}
+
+/**
+ Returns the size of the RNG algorithms list.
+
+ @return Size of the EFI_RNG_ALGORIGM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ )
+{
+ return sizeof (mSupportedRngAlgorithms);
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
index 13d3dbd0bfbe..0072e6b433e6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
@@ -1,34 +1,38 @@
/** @file
RNG Driver to produce the UEFI Random Number Generator protocol.

- The driver will use the new RDRAND instruction to produce high-quality,
high-performance
- entropy and random number.
+ The driver uses CPU RNG instructions to produce high-quality,
+ high-performance entropy and random number.

RNG Algorithms defined in UEFI 2.4:
- - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
- (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based
DRBG)
- - EFI_RNG_ALGORITHM_RAW - Supported
- (Structuring RDRAND invocation can be guaranteed as high-quality
entropy source)
- - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
- - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
- - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
- - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
+ - EFI_RNG_ALGORITHM_RAW
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID

-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent

**/

-#include "RdRand.h"
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
+
+#include "RngDxeInternals.h"
+

//
// Supported RNG Algorithms list by this driver.
//
-EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
- EFI_RNG_ALGORITHM_RAW
-};
+
+extern EFI_RNG_ALGORITHM mSupportedRngAlgorithms[];

/**
Returns information about the random number generation
implementation.
@@ -68,7 +72,7 @@ RngGetInfo (
return EFI_INVALID_PARAMETER;
}

- RequiredSize = sizeof (mSupportedRngAlgorithms);
+ RequiredSize = ArchGetSupportedRngAlgorithmsSize ();
if (*RNGAlgorithmListSize < RequiredSize) {
Status = EFI_BUFFER_TOO_SMALL;
} else {
@@ -87,81 +91,6 @@ RngGetInfo (
return Status;
}

-/**
- Produces and returns an RNG value using either the default or specified
RNG algorithm.
-
- @param[in] This A pointer to the
EFI_RNG_PROTOCOL instance.
- @param[in] RNGAlgorithm A pointer to the
EFI_RNG_ALGORITHM that identifies the RNG
- algorithm to use. May be
NULL in which case the function will
- use its default RNG
algorithm.
- @param[in] RNGValueLength The length in bytes of the
memory buffer pointed to by
- RNGValue. The driver shall
return exactly this numbers of bytes.
- @param[out] RNGValue A caller-allocated memory
buffer filled by the driver with the
- resulting RNG value.
-
- @retval EFI_SUCCESS The RNG value was returned
successfully.
- @retval EFI_UNSUPPORTED The algorithm specified by
RNGAlgorithm is not supported by
- this driver.
- @retval EFI_DEVICE_ERROR An RNG value could not be
retrieved due to a hardware or
- firmware error.
- @retval EFI_NOT_READY There is not enough random
data available to satisfy the length
- requested by
RNGValueLength.
- @retval EFI_INVALID_PARAMETER RNGValue is NULL or
RNGValueLength is zero.
-
-**/
-EFI_STATUS
-EFIAPI
-RngGetRNG (
- IN EFI_RNG_PROTOCOL *This,
- IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
- IN UINTN RNGValueLength,
- OUT UINT8 *RNGValue
- )
-{
- EFI_STATUS Status;
-
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = EFI_UNSUPPORTED;
- if (RNGAlgorithm == NULL) {
- //
- // Use the default RNG algorithm if RNGAlgorithm is NULL.
- //
- RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
- }
-
- //
- // NIST SP800-90-AES-CTR-256 supported by RDRAND
- //
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
- Status = RdRandGetBytes (RNGValueLength, RNGValue);
- return Status;
- }
-
- //
- // The "raw" algorithm is intended to provide entropy directly
- //
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
- //
- // When a DRBG is used on the output of a entropy source,
- // its security level must be at least 256 bits according to UEFI
Spec.
- //
- if (RNGValueLength < 32) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
- return Status;
- }
-
- //
- // Other algorithms were unsupported by this driver.
- //
- return Status;
-}
-
//
// The Random Number Generator (RNG) protocol
//
--
2.26.2


Re: [Patch V2 1/1] BaseTools/Source/Python: New Target/ToolChain/Arch in DSC [BuildOptions]

Bob Feng
 

Reviewed-by: Bob Feng <bob.c.feng@...>

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, April 29, 2021 7:35 AM
To: devel@edk2.groups.io
Cc: Feng, Bob C <bob.c.feng@...>; Liming Gao <gaoliming@...>; Chen, Christine <yuwei.chen@...>
Subject: [Patch V2 1/1] BaseTools/Source/Python: New Target/ToolChain/Arch in DSC [BuildOptions]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3359

Update BaseTools to support new build targets, new tool chains, and new architectures declared in DSC file [BuildOptions] sections.

* Do not expand * when tools_def.txt is parsed. Only expand when
both tools_def.txt and DSC [BuilsOptions] sections have been parsed.
This also requires more flexible matching of tool keys that contain *
in tool key fields.

* Pre-scan the platform DSC file for FAMILY and TOOLCHAIN declarations
DSC in [BuildOptions] sections before the FAMILY and TOOLCHAIN need
to be known.

Cc: Bob Feng <bob.c.feng@...>
Cc: Liming Gao <gaoliming@...>
Cc: Yuwei Chen <yuwei.chen@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
.../Python/AutoGen/ModuleAutoGenHelper.py | 50 +++++---
.../Source/Python/AutoGen/PlatformAutoGen.py | 115 ++++++++++++++----
.../Python/Common/ToolDefClassObject.py | 19 +--
.../Python/GenFds/GenFdsGlobalVariable.py | 31 +++--
BaseTools/Source/Python/build/build.py | 100 ++++++++++-----
5 files changed, 219 insertions(+), 96 deletions(-)

diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py
index 7477b1d77fb8..167bb59d2315 100644
--- a/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py
+++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py
@@ -173,17 +173,30 @@ class AutoGenInfo(object):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool in ToolDef and Family != "":
- FamilyIsNull = False
- if ToolDef[Tool].get(TAB_TOD_DEFINES_BUILDRULEFAMILY, "") != "":
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
- continue
- else:
- if ToolDef[Tool].get(TAB_TOD_DEFINES_FAMILY, "") == "":
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
- continue
- FamilyMatch = True
+ if Family != "":
+ Found = False
+ if Tool in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_STAR in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if not Found:
+ continue
# expand any wildcard
if Target == TAB_STAR or Target == self.BuildTarget:
if Tag == TAB_STAR or Tag == self.ToolChain:
@@ -213,12 +226,19 @@ class AutoGenInfo(object):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool not in ToolDef or Family == "":
+ if Family == "":
continue
# option has been added before
- if TAB_TOD_DEFINES_FAMILY not in ToolDef[Tool]:
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = False
+ if Tool in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if TAB_STAR in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if not Found:
continue

# expand any wildcard
diff --git a/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py b/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py
index e2ef3256773e..21e72438e59e 100644
--- a/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py
+++ b/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py
@@ -827,6 +827,33 @@ class PlatformAutoGen(AutoGen):
RetVal = RetVal + _SplitOption(Flags.strip())
return RetVal

+ ## Compute a tool defintion key priority value in range 0..15
+ #
+ # TARGET_TOOLCHAIN_ARCH_COMMANDTYPE_ATTRIBUTE 15
+ # ******_TOOLCHAIN_ARCH_COMMANDTYPE_ATTRIBUTE 14
+ # TARGET_*********_ARCH_COMMANDTYPE_ATTRIBUTE 13
+ # ******_*********_ARCH_COMMANDTYPE_ATTRIBUTE 12
+ # TARGET_TOOLCHAIN_****_COMMANDTYPE_ATTRIBUTE 11
+ # ******_TOOLCHAIN_****_COMMANDTYPE_ATTRIBUTE 10
+ # TARGET_*********_****_COMMANDTYPE_ATTRIBUTE 9
+ # ******_*********_****_COMMANDTYPE_ATTRIBUTE 8
+ # TARGET_TOOLCHAIN_ARCH_***********_ATTRIBUTE 7
+ # ******_TOOLCHAIN_ARCH_***********_ATTRIBUTE 6
+ # TARGET_*********_ARCH_***********_ATTRIBUTE 5
+ # ******_*********_ARCH_***********_ATTRIBUTE 4
+ # TARGET_TOOLCHAIN_****_***********_ATTRIBUTE 3
+ # ******_TOOLCHAIN_****_***********_ATTRIBUTE 2
+ # TARGET_*********_****_***********_ATTRIBUTE 1
+ # ******_*********_****_***********_ATTRIBUTE 0
+ #
+ def ToolDefinitionPriority (self,Key):
+ KeyList = Key.split('_')
+ Priority = 0
+ for Index in range (0, min(4, len(KeyList))):
+ if KeyList[Index] != '*':
+ Priority += (1 << Index)
+ return Priority
+
## Get tool chain definition
#
# Get each tool definition for given tool chain from tools_def.txt and platform @@ -839,8 +866,16 @@ class PlatformAutoGen(AutoGen):
ExtraData="[%s]" % self.MetaFile)
RetVal = OrderedDict()
DllPathList = set()
- for Def in ToolDefinition:
+
+ PrioritizedDefList = sorted(ToolDefinition.keys(), key=self.ToolDefinitionPriority, reverse=True)
+ for Def in PrioritizedDefList:
Target, Tag, Arch, Tool, Attr = Def.split("_")
+ if Target == TAB_STAR:
+ Target = self.BuildTarget
+ if Tag == TAB_STAR:
+ Tag = self.ToolChain
+ if Arch == TAB_STAR:
+ Arch = self.Arch
if Target != self.BuildTarget or Tag != self.ToolChain or Arch != self.Arch:
continue

@@ -850,9 +885,14 @@ class PlatformAutoGen(AutoGen):
DllPathList.add(Value)
continue

+ #
+ # ToolDefinition is sorted from highest priority to lowest priority.
+ # Only add the first(highest priority) match to RetVal
+ #
if Tool not in RetVal:
RetVal[Tool] = OrderedDict()
- RetVal[Tool][Attr] = Value
+ if Attr not in RetVal[Tool]:
+ RetVal[Tool][Attr] = Value

ToolsDef = ''
if GlobalData.gOptions.SilentMode and "MAKE" in RetVal:
@@ -860,9 +900,21 @@ class PlatformAutoGen(AutoGen):
RetVal["MAKE"]["FLAGS"] = ""
RetVal["MAKE"]["FLAGS"] += " -s"
MakeFlags = ''
- for Tool in RetVal:
- for Attr in RetVal[Tool]:
- Value = RetVal[Tool][Attr]
+
+ ToolList = list(RetVal.keys())
+ ToolList.sort()
+ for Tool in ToolList:
+ if Tool == TAB_STAR:
+ continue
+ AttrList = list(RetVal[Tool].keys())
+ if TAB_STAR in ToolList:
+ AttrList += list(RetVal[TAB_STAR])
+ AttrList.sort()
+ for Attr in AttrList:
+ if Attr in RetVal[Tool]:
+ Value = RetVal[Tool][Attr]
+ else:
+ Value = RetVal[TAB_STAR][Attr]
if Tool in self._BuildOptionWithToolDef(RetVal) and Attr in self._BuildOptionWithToolDef(RetVal)[Tool]:
# check if override is indicated
if self._BuildOptionWithToolDef(RetVal)[Tool][Attr].startswith('='):
@@ -877,7 +929,7 @@ class PlatformAutoGen(AutoGen):
if Attr == "PATH":
# Don't put MAKE definition in the file
if Tool != "MAKE":
- ToolsDef += "%s = %s\n" % (Tool, Value)
+ ToolsDef += "%s_%s = %s\n" % (Tool, Attr,
+ Value)
elif Attr != "DLL":
# Don't put MAKE definition in the file
if Tool == "MAKE":
@@ -1469,17 +1521,31 @@ class PlatformAutoGen(AutoGen):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool in ToolDef and Family != "":
- FamilyIsNull = False
- if ToolDef[Tool].get(TAB_TOD_DEFINES_BUILDRULEFAMILY, "") != "":
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
- continue
- else:
- if ToolDef[Tool].get(TAB_TOD_DEFINES_FAMILY, "") == "":
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
- continue
- FamilyMatch = True
+ if Family != "":
+ Found = False
+ if Tool in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_STAR in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if not Found:
+ continue
+
# expand any wildcard
if Target == TAB_STAR or Target == self.BuildTarget:
if Tag == TAB_STAR or Tag == self.ToolChain:
@@ -1509,12 +1575,19 @@ class PlatformAutoGen(AutoGen):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool not in ToolDef or Family == "":
+ if Family == "":
continue
# option has been added before
- if TAB_TOD_DEFINES_FAMILY not in ToolDef[Tool]:
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = False
+ if Tool in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if TAB_STAR in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if not Found:
continue

# expand any wildcard
diff --git a/BaseTools/Source/Python/Common/ToolDefClassObject.py b/BaseTools/Source/Python/Common/ToolDefClassObject.py
index 8e70407cb9e9..2b4b23849196 100644
--- a/BaseTools/Source/Python/Common/ToolDefClassObject.py
+++ b/BaseTools/Source/Python/Common/ToolDefClassObject.py
@@ -1,7 +1,7 @@
## @file
# This file is used to define each component of tools_def.txt file # -# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2021, Intel Corporation. All rights
+reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent #

@@ -86,23 +86,6 @@ class ToolDefClassObject(object):
self.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TARGET_ARCH].sort()
self.ToolsDefTxtDatabase[TAB_TOD_DEFINES_COMMAND_TYPE].sort()

- KeyList = [TAB_TOD_DEFINES_TARGET, TAB_TOD_DEFINES_TOOL_CHAIN_TAG, TAB_TOD_DEFINES_TARGET_ARCH, TAB_TOD_DEFINES_COMMAND_TYPE]
- for Index in range(3, -1, -1):
- # make a copy of the keys to enumerate over to prevent issues when
- # adding/removing items from the original dict.
- for Key in list(self.ToolsDefTxtDictionary.keys()):
- List = Key.split('_')
- if List[Index] == TAB_STAR:
- for String in self.ToolsDefTxtDatabase[KeyList[Index]]:
- List[Index] = String
- NewKey = '%s_%s_%s_%s_%s' % tuple(List)
- if NewKey not in self.ToolsDefTxtDictionary:
- self.ToolsDefTxtDictionary[NewKey] = self.ToolsDefTxtDictionary[Key]
- del self.ToolsDefTxtDictionary[Key]
- elif List[Index] not in self.ToolsDefTxtDatabase[KeyList[Index]]:
- del self.ToolsDefTxtDictionary[Key]
-
-
## IncludeToolDefFile
#
# Load target.txt file and parse it as if its contents were inside the main file diff --git a/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py b/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
index 3019ec63c3bb..c31fc24870d5 100644
--- a/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
+++ b/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
@@ -1,7 +1,7 @@
## @file
# Global variables for GenFds
#
-# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2021, Intel Corporation. All rights
+reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -875,14 +875,27 @@ def FindExtendTool(KeyStringList, CurrentArchList, NameGuid):
ToolOptionKey = None
KeyList = None
for tool_def in ToolDefinition.items():
- if NameGuid.lower() == tool_def[1].lower():
- KeyList = tool_def[0].split('_')
- Key = KeyList[0] + \
- '_' + \
- KeyList[1] + \
- '_' + \
- KeyList[2]
- if Key in KeyStringList and KeyList[4] == DataType.TAB_GUID:
+ KeyList = tool_def[0].split('_')
+ if len(KeyList) < 5:
+ continue
+ if KeyList[4] != DataType.TAB_GUID:
+ continue
+ if NameGuid.lower() != tool_def[1].lower():
+ continue
+ Key = KeyList[0] + \
+ '_' + \
+ KeyList[1] + \
+ '_' + \
+ KeyList[2]
+ for KeyString in KeyStringList:
+ KeyStringBuildTarget, KeyStringToolChain, KeyStringArch = KeyString.split('_')
+ if KeyList[0] == DataType.TAB_STAR:
+ KeyList[0] = KeyStringBuildTarget
+ if KeyList[1] == DataType.TAB_STAR:
+ KeyList[1] = KeyStringToolChain
+ if KeyList[2] == DataType.TAB_STAR:
+ KeyList[2] = KeyStringArch
+ if KeyList[0] == KeyStringBuildTarget and KeyList[1] == KeyStringToolChain and KeyList[2] == KeyStringArch:
ToolPathKey = Key + '_' + KeyList[3] + '_PATH'
ToolOptionKey = Key + '_' + KeyList[3] + '_FLAGS'
ToolPath = ToolDefinition.get(ToolPathKey) diff --git a/BaseTools/Source/Python/build/build.py b/BaseTools/Source/Python/build/build.py
index c4cfe38ad96a..cf988c00b8e0 100755
--- a/BaseTools/Source/Python/build/build.py
+++ b/BaseTools/Source/Python/build/build.py
@@ -2,7 +2,7 @@
# build a platform or a module
#
# Copyright (c) 2014, Hewlett-Packard Development Company, L.P.<BR> -# Copyright (c) 2007 - 2020, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2021, Intel Corporation. All rights
+reserved.<BR>
# Copyright (c) 2018, Hewlett Packard Enterprise Development, L.P.<BR> # Copyright (c) 2020, ARM Limited. All rights reserved.<BR> # @@ -889,6 +889,36 @@ class Build():
except:
return False, UNKNOWN_ERROR

+ ## Add TOOLCHAIN and FAMILY declared in DSC [BuildOptions] to ToolsDefTxtDatabase.
+ #
+ # Loop through the set of build targets, tool chains, and archs provided on either
+ # the command line or in target.txt to discover FAMILY and TOOLCHAIN delclarations
+ # in [BuildOptions] sections that may be within !if expressions that may use
+ # $(TARGET), $(TOOLCHAIN), $(TOOLCHAIN_TAG), or $(ARCH) operands.
+ #
+ def GetToolChainAndFamilyFromDsc (self, File):
+ for BuildTarget in self.BuildTargetList:
+ GlobalData.gGlobalDefines['TARGET'] = BuildTarget
+ for ToolChain in self.ToolChainList:
+ GlobalData.gGlobalDefines['TOOLCHAIN'] = ToolChain
+ GlobalData.gGlobalDefines['TOOL_CHAIN_TAG'] = ToolChain
+ for Arch in self.ArchList:
+ GlobalData.gGlobalDefines['ARCH'] = Arch
+ dscobj = self.BuildDatabase[File, Arch]
+ for Family, ToolChain, CodeBase in dscobj.BuildOptions:
+ if TAB_TOD_DEFINES_FAMILY not in self.ToolDef.ToolsDefTxtDatabase:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_FAMILY] = {}
+ if ToolChain not in self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_FAMILY]:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_FAMILY][ToolChain] = Family
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY not in self.ToolDef.ToolsDefTxtDatabase:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_BUILDRULEFAMILY] = {}
+ if ToolChain not in self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_BUILDRULEFAMILY][ToolChain] = Family
+ if TAB_TOD_DEFINES_TOOL_CHAIN_TAG not in self.ToolDef.ToolsDefTxtDatabase:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TOOL_CHAIN_TAG] = []
+ if ToolChain not in self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TOOL_CHAIN_TAG]:
+
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TOOL_CHAIN_TAG].appen
+ d(ToolChain)
+
## Load configuration
#
# This method will parse target.txt and get the build configurations.
@@ -910,6 +940,26 @@ class Build():
if self.ToolChainList is None or len(self.ToolChainList) == 0:
EdkLogger.error("build", RESOURCE_NOT_AVAILABLE, ExtraData="No toolchain given. Don't know how to build.\n")

+ if not self.PlatformFile:
+ PlatformFile = self.TargetTxt.TargetTxtDictionary[TAB_TAT_DEFINES_ACTIVE_PLATFORM]
+ if not PlatformFile:
+ # Try to find one in current directory
+ WorkingDirectory = os.getcwd()
+ FileList = glob.glob(os.path.normpath(os.path.join(WorkingDirectory, '*.dsc')))
+ FileNum = len(FileList)
+ if FileNum >= 2:
+ EdkLogger.error("build", OPTION_MISSING,
+ ExtraData="There are %d DSC files in %s. Use '-p' to specify one.\n" % (FileNum, WorkingDirectory))
+ elif FileNum == 1:
+ PlatformFile = FileList[0]
+ else:
+ EdkLogger.error("build", RESOURCE_NOT_AVAILABLE,
+ ExtraData="No active platform
+ specified in target.txt or command line! Nothing can be built.\n")
+
+ self.PlatformFile = PathClass(NormFile(PlatformFile,
+ self.WorkspaceDir), self.WorkspaceDir)
+
+ self.GetToolChainAndFamilyFromDsc (self.PlatformFile)
+
# check if the tool chains are defined or not
NewToolChainList = []
for ToolChain in self.ToolChainList:
@@ -935,23 +985,6 @@ class Build():
ToolChainFamily.append(ToolDefinition[TAB_TOD_DEFINES_FAMILY][Tool])
self.ToolChainFamily = ToolChainFamily

- if not self.PlatformFile:
- PlatformFile = self.TargetTxt.TargetTxtDictionary[TAB_TAT_DEFINES_ACTIVE_PLATFORM]
- if not PlatformFile:
- # Try to find one in current directory
- WorkingDirectory = os.getcwd()
- FileList = glob.glob(os.path.normpath(os.path.join(WorkingDirectory, '*.dsc')))
- FileNum = len(FileList)
- if FileNum >= 2:
- EdkLogger.error("build", OPTION_MISSING,
- ExtraData="There are %d DSC files in %s. Use '-p' to specify one.\n" % (FileNum, WorkingDirectory))
- elif FileNum == 1:
- PlatformFile = FileList[0]
- else:
- EdkLogger.error("build", RESOURCE_NOT_AVAILABLE,
- ExtraData="No active platform specified in target.txt or command line! Nothing can be built.\n")
-
- self.PlatformFile = PathClass(NormFile(PlatformFile, self.WorkspaceDir), self.WorkspaceDir)
self.ThreadNumber = ThreadNum()
## Initialize build configuration
#
@@ -2381,24 +2414,25 @@ class Build():
continue

for Arch in self.ArchList:
- # Build up the list of supported architectures for this build
- prefix = '%s_%s_%s_' % (BuildTarget, ToolChain, Arch)
-
# Look through the tool definitions for GUIDed tools
guidAttribs = []
for (attrib, value) in self.ToolDef.ToolsDefTxtDictionary.items():
- if attrib.upper().endswith('_GUID'):
- split = attrib.split('_')
- thisPrefix = '_'.join(split[0:3]) + '_'
- if thisPrefix == prefix:
- guid = self.ToolDef.ToolsDefTxtDictionary[attrib]
- guid = guid.lower()
- toolName = split[3]
- path = '_'.join(split[0:4]) + '_PATH'
- path = self.ToolDef.ToolsDefTxtDictionary[path]
- path = self.GetRealPathOfTool(path)
- guidAttribs.append((guid, toolName, path))
-
+ GuidBuildTarget, GuidToolChain, GuidArch, GuidTool, GuidAttr = attrib.split('_')
+ if GuidAttr.upper() == 'GUID':
+ if GuidBuildTarget == TAB_STAR:
+ GuidBuildTarget = BuildTarget
+ if GuidToolChain == TAB_STAR:
+ GuidToolChain = ToolChain
+ if GuidArch == TAB_STAR:
+ GuidArch = Arch
+ if GuidBuildTarget == BuildTarget and GuidToolChain == ToolChain and GuidArch == Arch:
+ path = '_'.join(attrib.split('_')[:-1]) + '_PATH'
+ if path in self.ToolDef.ToolsDefTxtDictionary:
+ path = self.ToolDef.ToolsDefTxtDictionary[path]
+ path = self.GetRealPathOfTool(path)
+ guidAttribs.append((value.lower(), GuidTool, path))
+ # Sort by GuidTool name
+ sorted (guidAttribs, key=lambda x: x[1])
# Write out GuidedSecTools.txt
toolsFile = os.path.join(FvDir, 'GuidedSectionTools.txt')
toolsFile = open(toolsFile, 'wt')
--
2.31.1.windows.1


回复: [PATCH 2/3] MdePkg: Refactor BaseRngLib to support AARCH64 in addition to X86

gaoliming
 

Rebecca:

-----邮件原件-----
发件人: Rebecca Cran <rebecca@...>
发送时间: 2021年4月29日 4:44
收件人: devel@edk2.groups.io
抄送: Rebecca Cran <rebecca@...>; Jiewen Yao
<jiewen.yao@...>; Jian J Wang <jian.j.wang@...>; Michael D
Kinney <michael.d.kinney@...>; Liming Gao
<gaoliming@...>; Zhiguang Liu <zhiguang.liu@...>; Ard
Biesheuvel <ardb+tianocore@...>; Sami Mujawar
<Sami.Mujawar@...>
主题: [PATCH 2/3] MdePkg: Refactor BaseRngLib to support AARCH64 in
addition to X86

Make BaseRngLib more generic by moving x86 specific functionality from
BaseRng.c into Rand/RdRand.c, and adding AArch64/Rndr.c, which supports
the optional ARMv8.5 RNG instructions RNDR and RNDRRS that are a part of
FEAT_RNG.

Signed-off-by: Rebecca Cran <rebecca@...>
---
MdePkg/MdePkg.dec | 9 +-
MdePkg/MdePkg.dsc | 4 +-
MdePkg/Library/BaseRngLib/BaseRngLib.inf | 16 ++-
MdePkg/Library/BaseRngLib/BaseRngLibInternals.h | 31 +++++
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 121
++++++++++++++++++++
MdePkg/Library/BaseRngLib/BaseRng.c | 55 +++------
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 103
+++++++++++++++++
MdePkg/Library/BaseRngLib/BaseRngLib.uni | 6 +-
8 files changed, 291 insertions(+), 54 deletions(-)

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 8965e903e093..b49f88d8e18f 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -267,6 +267,11 @@ [LibraryClasses]
#
RegisterFilterLib|Include/Library/RegisterFilterLib.h

+[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
+ ## @libraryclass Provides services to generate random number.
+ #
+ RngLib|Include/Library/RngLib.h
+
[LibraryClasses.IA32, LibraryClasses.X64]
## @libraryclass Abstracts both S/W SMI generation and detection.
##
@@ -288,10 +293,6 @@ [LibraryClasses.IA32, LibraryClasses.X64]
#
SmmPeriodicSmiLib|Include/Library/SmmPeriodicSmiLib.h

- ## @libraryclass Provides services to generate random number.
- #
- RngLib|Include/Library/RngLib.h
-
## @libraryclass Provides services to log the SMI handler
registration.
SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h

diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index d363419006ea..a94959169b2f 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -145,6 +145,9 @@ [Components.IA32, Components.X64,
Components.ARM, Components.AARCH64]

MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibSmm.inf

MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibUefiShell.in
f

+[Components.IA32, Components.X64, Components.AARCH64]
+ MdePkg/Library/BaseRngLib/BaseRngLib.inf
+
[Components.IA32, Components.X64]
MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
@@ -168,7 +171,6 @@ [Components.IA32, Components.X64]
MdePkg/Library/BaseS3StallLib/BaseS3StallLib.inf
MdePkg/Library/SmmMemLib/SmmMemLib.inf
MdePkg/Library/SmmIoLib/SmmIoLib.inf
- MdePkg/Library/BaseRngLib/BaseRngLib.inf
MdePkg/Library/SmmPciExpressLib/SmmPciExpressLib.inf
MdePkg/Library/SmiHandlerProfileLibNull/SmiHandlerProfileLibNull.inf
MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
index 31740751c69c..1dc3249a8c20 100644
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
@@ -1,9 +1,10 @@
## @file
# Instance of RNG (Random Number Generator) Library.
#
-# BaseRng Library that uses CPU RdRand instruction access to provide
-# high-quality random numbers.
+# BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
+# provide high-quality random numbers.
#
+# Copyright (c) 2020, NUVIA Inc. All rights reserved.<BR>
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -22,11 +23,18 @@ [Defines]
CONSTRUCTOR = BaseRngLibConstructor

#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#

-[Sources.Ia32, Sources.X64]
+[Sources]
BaseRng.c
+ BaseRngLibInternals.h
+
+[Sources.Ia32, Sources.X64]
+ Rand/RdRand.c
+
+[Sources.AARCH64]
+ AArch64/Rndr.c

[Packages]
MdePkg/MdePkg.dec
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
new file mode 100644
index 000000000000..44fda69c9eec
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
@@ -0,0 +1,31 @@
+/** @file
+
+ Architecture specific interface to RNG functionality.
+
+Copyright (c) 2020, NUVIA Inc. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef BASE_RNGLIB_INTERNALS_H_
+
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+ OUT UINT16 *Rand
+ );
+
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+ OUT UINT32 *Rand
+ );
+
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+ OUT UINT64 *Rand
+ );
+
+#endif // BASE_RNGLIB_INTERNALS_H_
diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
new file mode 100644
index 000000000000..19643237923a
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
@@ -0,0 +1,121 @@
+/** @file
+ Random number generator service that uses the RNDR instruction
+ to provide high-quality random numbers.
+
+ Copyright (c) 2020, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#include <Library/RngLib.h>
+
+#include "BaseRngLibInternals.h"
+
+//
+// Bit mask used to determine if RNDR instruction is supported.
+//
+#define RNDR_MASK ((UINT64)MAX_UINT16 << 60U)
+
+/**
+ The constructor function checks whether or not RNDR instruction is
supported
+ by the host hardware.
+
+ The constructor function checks whether or not RNDR instruction is
supported.
+ It will ASSERT() if RNDR instruction is not supported.
+ It will always return RETURN_SUCCESS.
+
+ @retval RETURN_SUCCESS The constructor always returns
EFI_SUCCESS.
+
+**/
+RETURN_STATUS
+EFIAPI
+BaseRngLibConstructor (
+ VOID
+ )
+{
+ UINT64 Isar0;
+ //
+ // Determine RNDR support by examining bits 63:60 of the ISAR0 register
returned by
+ // MSR. A non-zero value indicates that the processor supports the RNDR
instruction.
+ //
+ Isar0 = ArmReadIdIsar0 ();
+ ASSERT ((Isar0 & RNDR_MASK) != 0);
+ (void)Isar0;
+
What behavior for this statement "(void)Isar0;"?

Thanks
Liming
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ Generates a 16-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 16-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+ OUT UINT16 *Rand
+ )
+{
+ UINT64 Rand64;
+
+ if (ArchGetRandomNumber64 (&Rand64)) {
+ *Rand = Rand64 & MAX_UINT16;
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a 32-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 32-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+ OUT UINT32 *Rand
+ )
+{
+ UINT64 Rand64;
+
+ if (ArchGetRandomNumber64 (&Rand64)) {
+ *Rand = Rand64 & MAX_UINT32;
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a 64-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 64-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+ OUT UINT64 *Rand
+ )
+{
+ return ArmRndr (Rand);
+}
+
diff --git a/MdePkg/Library/BaseRngLib/BaseRng.c
b/MdePkg/Library/BaseRngLib/BaseRng.c
index 7ad7aec9d38f..072fa37d3394 100644
--- a/MdePkg/Library/BaseRngLib/BaseRng.c
+++ b/MdePkg/Library/BaseRngLib/BaseRng.c
@@ -1,8 +1,10 @@
/** @file
- Random number generator services that uses RdRand instruction access
- to provide high-quality random numbers.
+ Random number generator services that uses CPU RNG instructions to
+ provide high-quality random numbers.

+Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -10,46 +12,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>

-//
-// Bit mask used to determine if RdRand instruction is supported.
-//
-#define RDRAND_MASK BIT30
+#include "BaseRngLibInternals.h"

//
// Limited retry number when valid random data is returned.
// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and
IA-32
-// Architectures Software Developer's Mannual".
+// Architectures Software Developer's Manual".
//
-#define RDRAND_RETRY_LIMIT 10
+#define GETRANDOM_RETRY_LIMIT 10

-/**
- The constructor function checks whether or not RDRAND instruction is
supported
- by the host hardware.
-
- The constructor function checks whether or not RDRAND instruction is
supported.
- It will ASSERT() if RDRAND instruction is not supported.
- It will always return RETURN_SUCCESS.
-
- @retval RETURN_SUCCESS The constructor always returns
EFI_SUCCESS.
-
-**/
-RETURN_STATUS
-EFIAPI
-BaseRngLibConstructor (
- VOID
- )
-{
- UINT32 RegEcx;
-
- //
- // Determine RDRAND support by examining bit 30 of the ECX register
returned by
- // CPUID. A value of 1 indicates that processor support RDRAND
instruction.
- //
- AsmCpuid (1, 0, 0, &RegEcx, 0);
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
-
- return RETURN_SUCCESS;
-}

/**
Generates a 16-bit random number.
@@ -75,8 +46,8 @@ GetRandomNumber16 (
//
// A loop to fetch a 16 bit random value with a retry count limit.
//
- for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
- if (AsmRdRand16 (Rand)) {
+ for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+ if (ArchGetRandomNumber16 (Rand)) {
return TRUE;
}
}
@@ -108,8 +79,8 @@ GetRandomNumber32 (
//
// A loop to fetch a 32 bit random value with a retry count limit.
//
- for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
- if (AsmRdRand32 (Rand)) {
+ for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+ if (ArchGetRandomNumber32 (Rand)) {
return TRUE;
}
}
@@ -141,8 +112,8 @@ GetRandomNumber64 (
//
// A loop to fetch a 64 bit random value with a retry count limit.
//
- for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
- if (AsmRdRand64 (Rand)) {
+ for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+ if (ArchGetRandomNumber64 (Rand)) {
return TRUE;
}
}
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
new file mode 100644
index 000000000000..3f1378064b4c
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -0,0 +1,103 @@
+/** @file
+ Random number generator services that uses RdRand instruction access
+ to provide high-quality random numbers.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#include "BaseRngLibInternals.h"
+
+//
+// Bit mask used to determine if RdRand instruction is supported.
+//
+#define RDRAND_MASK BIT30
+
+/**
+ The constructor function checks whether or not RDRAND instruction is
supported
+ by the host hardware.
+
+ The constructor function checks whether or not RDRAND instruction is
supported.
+ It will ASSERT() if RDRAND instruction is not supported.
+ It will always return RETURN_SUCCESS.
+
+ @retval RETURN_SUCCESS The constructor always returns
EFI_SUCCESS.
+
+**/
+RETURN_STATUS
+EFIAPI
+BaseRngLibConstructor (
+ VOID
+ )
+{
+ UINT32 RegEcx;
+
+ //
+ // Determine RDRAND support by examining bit 30 of the ECX register
returned by
+ // CPUID. A value of 1 indicates that processor support RDRAND
instruction.
+ //
+ AsmCpuid (1, 0, 0, &RegEcx, 0);
+ ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Generates a 16-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 16-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+ OUT UINT16 *Rand
+ )
+{
+ return AsmRdRand16 (Rand);
+}
+
+/**
+ Generates a 32-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 32-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+ OUT UINT32 *Rand
+ )
+{
+ return AsmRdRand32 (Rand);
+}
+
+/**
+ Generates a 64-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 64-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+ OUT UINT64 *Rand
+ )
+{
+ return AsmRdRand64 (Rand);
+}
+
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.uni
b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
index f3ed954c5209..8c7fe1219450 100644
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.uni
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
@@ -1,8 +1,8 @@
// /** @file
// Instance of RNG (Random Number Generator) Library.
//
-// BaseRng Library that uses CPU RdRand instruction access to provide
-// high-quality random numbers.
+// BaseRng Library that uses CPU RNG instructions to provide high-quality
+// random numbers.
//
// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
//
@@ -13,5 +13,5 @@

#string STR_MODULE_ABSTRACT #language en-US
"Instance of RNG Library"

-#string STR_MODULE_DESCRIPTION #language en-US "BaseRng
Library that uses CPU RdRand instruction access to provide high-quality
random numbers"
+#string STR_MODULE_DESCRIPTION #language en-US "BaseRng
Library that uses CPU RNG instructions to provide high-quality random
numbers"

--
2.26.2


回复: [PATCH 1/3] MdePkg/BaseLib: Add support for ARMv8.5 RNG instructions

gaoliming
 

Rebecca:
Can you submit one BZ for this new feature?

Thanks
Liming
-----邮件原件-----
发件人: Rebecca Cran <rebecca@...>
发送时间: 2021年4月29日 4:44
收件人: devel@edk2.groups.io
抄送: Rebecca Cran <rebecca@...>; Jiewen Yao
<jiewen.yao@...>; Jian J Wang <jian.j.wang@...>; Michael D
Kinney <michael.d.kinney@...>; Liming Gao
<gaoliming@...>; Zhiguang Liu <zhiguang.liu@...>; Ard
Biesheuvel <ardb+tianocore@...>; Sami Mujawar
<Sami.Mujawar@...>
主题: [PATCH 1/3] MdePkg/BaseLib: Add support for ARMv8.5 RNG
instructions

Add support for the optional ARMv8.5 RNDR and RNDRRS instructions that
are a part of FEAT_RNG to BaseLib, and add a function to read the ISAR0
register which indicates whether the CPU supports FEAT_RNG.

Signed-off-by: Rebecca Cran <rebecca@...>
---
MdePkg/Library/BaseLib/BaseLib.inf | 4 ++
MdePkg/Include/Library/BaseLib.h | 47
+++++++++++++++++
MdePkg/Library/BaseLib/BaseLibInternals.h | 6 +++
MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S | 29 +++++++++++
MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm | 28 ++++++++++
MdePkg/Library/BaseLib/AArch64/ArmRng.S | 51
++++++++++++++++++
MdePkg/Library/BaseLib/AArch64/ArmRng.asm | 55
++++++++++++++++++++
7 files changed, 220 insertions(+)

diff --git a/MdePkg/Library/BaseLib/BaseLib.inf
b/MdePkg/Library/BaseLib/BaseLib.inf
index b76f3af380ea..7f582079d786 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -380,6 +380,8 @@ [Sources.AARCH64]
AArch64/SetJumpLongJump.S | GCC
AArch64/CpuBreakpoint.S | GCC
AArch64/SpeculationBarrier.S | GCC
+ AArch64/ArmRng.S | GCC
+ AArch64/ArmReadIdIsar0.S | GCC

AArch64/MemoryFence.asm | MSFT
AArch64/SwitchStack.asm | MSFT
@@ -389,6 +391,8 @@ [Sources.AARCH64]
AArch64/SetJumpLongJump.asm | MSFT
AArch64/CpuBreakpoint.asm | MSFT
AArch64/SpeculationBarrier.asm | MSFT
+ AArch64/ArmRng.asm | MSFT
+ AArch64/ArmReadIdIsar0.asm | MSFT

[Sources.RISCV64]
Math64.c
diff --git a/MdePkg/Include/Library/BaseLib.h
b/MdePkg/Include/Library/BaseLib.h
index 7253997a6f8c..60cf559b0849 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -7519,4 +7519,51 @@ PatchInstructionX86 (
);

#endif // defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
+
+#if defined (MDE_CPU_AARCH64)
+
+/**
+ Reads the ID_AA64ISAR0 Register.
+
+ @return The contents of the ID_AA64ISAR0 Register
+
+**/
+UINT64
+EFIAPI
+ArmReadIdIsar0 (
+ VOID
+ );
+
+/**
+ Generates a random number using the RNDR instruction.
+
+ @param[out] The generated random number
+
+ @retval TRUE Success: a random number was successfully generated
+ @retval FALSE Failure: a random number was unable to be generated
+
+**/
+BOOLEAN
+EFIAPI
+ArmRndr (
+ OUT UINT64 *Rand
+ );
+
+/**
+ Generates a random number using the RNDRRS instruction.
+
+ @param[out] The generated random number
+
+ @retval TRUE Success: a random number was successfully generated
+ @retval FALSE Failure: a random number was unable to be generated
+
+**/
+BOOLEAN
+EFIAPI
+ArmRndrrs (
+ OUT UINT64 *Rand
+ );
+
What usage is for this API ArmRndrrs()? I don't see it is used in RngLib.

Thanks
Liming
+#endif // defined (MDE_CPU_AARCH64)
+
#endif // !defined (__BASE_LIB__)
diff --git a/MdePkg/Library/BaseLib/BaseLibInternals.h
b/MdePkg/Library/BaseLib/BaseLibInternals.h
index 6837d67d90cf..4ae79a4e7ab4 100644
--- a/MdePkg/Library/BaseLib/BaseLibInternals.h
+++ b/MdePkg/Library/BaseLib/BaseLibInternals.h
@@ -862,6 +862,12 @@ InternalX86RdRand64 (
OUT UINT64 *Rand
);

+#elif defined (MDE_CPU_AARCH64)
+
+// RNDR, Random Number
+#define RNDR S3_3_C2_C4_0
+#define RNDRRS S3_3_C2_C4_1
+
#else

#endif
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S
b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S
new file mode 100644
index 000000000000..b31e565c7955
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S
@@ -0,0 +1,29 @@
+#--------------------------------------------------------------------------
----
+#
+# ArmReadIdIsar0() for AArch64
+#
+# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#--------------------------------------------------------------------------
----
+
+.text
+.p2align 2
+GCC_ASM_EXPORT(ArmReadIdIsar0)
+
+#/**
+# Reads the ID_AA64ISAR0 Register.
+#
+#**/
+#UINT64
+#EFIAPI
+#ArmReadIdIsar0 (
+# VOID
+# );
+#
+ASM_PFX(ArmReadIdIsar0):
+ mrs x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
+ ret
+
+
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm
b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm
new file mode 100644
index 000000000000..1f1d15626cc2
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm
@@ -0,0 +1,28 @@
+;--------------------------------------------------------------------------
----
+;
+; ArmReadIdIsar0() for AArch64
+;
+; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;--------------------------------------------------------------------------
----
+
+ EXPORT ArmReadIdIsar0
+ AREA BaseLib_LowLevel, CODE, READONLY
+
+;/**
+; Reads the ID_AA64ISAR0 Register.
+;
+;**/
+;UINT64
+;EFIAPI
+;ArmReadIdIsar0 (
+; VOID
+; );
+;
+ArmReadIdIsar0
+ mrs x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
+ ret
+
+ END
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmRng.S
b/MdePkg/Library/BaseLib/AArch64/ArmRng.S
new file mode 100644
index 000000000000..fc2adb660d21
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmRng.S
@@ -0,0 +1,51 @@
+#--------------------------------------------------------------------------
----
+#
+# ArmRndr() and ArmRndrrs() for AArch64
+#
+# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#--------------------------------------------------------------------------
----
+
+#include "BaseLibInternals.h"
+
+.text
+.p2align 2
+GCC_ASM_EXPORT(ArmRndr)
+GCC_ASM_EXPORT(ArmRndrrs)
+
+#/**
+# Generates a random number using RNDR.
+# Returns TRUE on success; FALSE on failure.
+#
+#**/
+#BOOLEAN
+#EFIAPI
+#ArmRndr (
+# OUT UINT64 *Rand
+# );
+#
+ASM_PFX(ArmRndr):
+ mrs x1, RNDR
+ str x1, [x0]
+ cset x0, ne // RNDR sets NZCV to 0b0100 on failure
+ ret
+
+
+#/**
+# Generates a random number using RNDRRS
+# Returns TRUE on success; FALSE on failure.
+#
+#**/
+#BOOLEAN
+#EFIAPI
+#ArmRndrrs (
+# OUT UINT64 *Rand
+# );
+#
+ASM_PFX(ArmRndrrs):
+ mrs x1, RNDRRS
+ str x1, [x0]
+ cset x0, ne // RNDRRS sets NZCV to 0b0100 on failure
+ ret
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmRng.asm
b/MdePkg/Library/BaseLib/AArch64/ArmRng.asm
new file mode 100644
index 000000000000..ed8d1a81bdfe
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmRng.asm
@@ -0,0 +1,55 @@
+;--------------------------------------------------------------------------
----
+;
+; ArmRndr() and ArmRndrrs() for AArch64
+;
+; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;--------------------------------------------------------------------------
----
+
+#include "BaseLibInternals.h"
+
+ EXPORT ArmRndr
+ EXPORT ArmRndrrs
+ AREA BaseLib_LowLevel, CODE, READONLY
+
+
+;/**
+; Generates a random number using RNDR.
+; Returns TRUE on success; FALSE on failure.
+;
+;**/
+;BOOLEAN
+;EFIAPI
+;ArmRndr (
+; OUT UINT64 *Rand
+; );
+;
+ArmRndr
+ mrs x1, RNDR
+ str x1, [x0]
+ cset x0, ne // RNDR sets NZCV to 0b0100 on failure
+ ret
+
+ END
+
+;/**
+; Generates a random number using RNDRRS.
+; Returns TRUE on success; FALSE on failure.
+;
+;**/
+;BOOLEAN
+;EFIAPI
+;ArmRndrrs (
+; OUT UINT64 *Rand
+; );
+;
+ArmRndrrs
+ mrs x1, RNDRRS
+ str x1, [x0]
+ cset x0, ne // RNDRRS sets NZCV to 0b0100 on failure
+ ret
+
+ END
+
--
2.26.2


Re: [PATCH V5 1/1] EmbeddedPkg: DwMmcHcDxe: Add support for Designware SDMMC driver

Loh, Tien Hock
 

Andrew, Ard,

 

In that case then I will update the patch to address Mike’s concerns and send a new version up.

 

Thanks!

 

From: Andrew Fish <afish@...>
Sent: Wednesday, April 28, 2021 10:58 PM
To: Ard Biesheuvel <ardb@...>
Cc: Kinney, Michael D <michael.d.kinney@...>; edk2-devel-groups-io <devel@edk2.groups.io>; Loh, Tien Hock <tien.hock.loh@...>; thloh85@...; Leif Lindholm <leif@...>; Ard Biesheuvel <ardb+tianocore@...>
Subject: Re: [edk2-devel] [PATCH V5 1/1] EmbeddedPkg: DwMmcHcDxe: Add support for Designware SDMMC driver

 

 



On Apr 28, 2021, at 6:03 AM, Ard Biesheuvel <ardb@...> wrote:

 

On Tue, 27 Apr 2021 at 21:31, Kinney, Michael D
<
michael.d.kinney@...> wrote:


This is an example of another approach.  This module uses PCI I/O or IoLib based on the type of device.



https://github.com/tianocore/edk2/tree/master/MdeModulePkg/Bus/Pci/PciSioSerialDxe



No additional protocols or lib classes/instances.  Instead, the register access APIs are included in the module and based on the type of device detected, it uses PCI I/O or IoLib:



https://github.com/tianocore/edk2/blob/5b90b8abb4049e2d98040f548ad23b6ab22d5d19/MdeModulePkg/Bus/Pci/PciSioSerialDxe/SerialIo.c#L1327

https://github.com/tianocore/edk2/blob/5b90b8abb4049e2d98040f548ad23b6ab22d5d19/MdeModulePkg/Bus/Pci/PciSioSerialDxe/SerialIo.c#L1358



This technique could for PCI I/O vs MMIO register access.  You would need to add more APIs for the use of PCI I/O or DmaLib for DMA access.


Is it really worth the effort to rewrite this code?

This patch has been circulating for a while now, and I fail to see the
point of refactoring and splitting up this code, given how unlikely it
is that DesignWare will ever put a real PCI frontend on this IP. The
SD/MMC override protocol was intended for implementations that are
almost SDHCI compliant, but have some quirks that need to be worked
around.

 

Ard,

 

If we don’t see any potential value for making it more portable I’m OK with going with the current patch style. 

 

Thanks,

 

Andrew Fish


Re: [PATCH] BaseTools: Change non-ascii character of StructurePcd comment

Yuwei Chen
 

Hi Mike,

The StructurePcd dsc file generated by our tool will have the non-ASCII character.
The input file of ConvertFceToStructurePcd.py is generated by FCE tool, which has the circle R non-ASCII character. This patch change this character to ACSII character when using ConvertFceToStructurePcd.py to generate the StructurePcd dsc file.

Best Regards,
Christine

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@...>
Sent: Thursday, April 29, 2021 12:10 AM
To: devel@edk2.groups.io; Chen, Christine <yuwei.chen@...>; Kinney,
Michael D <michael.d.kinney@...>
Cc: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
Subject: RE: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of
StructurePcd comment

What file type contains the non-ASCII character?

I would prefer to see the source file with non ASCII character be updated
instead of building this conversion into the tools.

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yuwei
Chen
Sent: Wednesday, April 28, 2021 1:45 AM
To: devel@edk2.groups.io
Cc: Feng, Bob C <bob.c.feng@...>; Liming Gao
<gaoliming@...>
Subject: [edk2-devel] [PATCH] BaseTools: Change non-ascii character of
StructurePcd comment

Currently, the ConvertFceToStructurePcd.py tool generate StructurePcd
dsc file with comments including non-ascii character circle R. This
patch changes the non-ascii character circle R to (R) when adding the
comment.

Cc: Bob Feng <bob.c.feng@...>
Cc: Liming Gao <gaoliming@...>
Signed-off-by: Yuwei Chen <yuwei.chen@...>
---
BaseTools/Scripts/ConvertFceToStructurePcd.py | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/BaseTools/Scripts/ConvertFceToStructurePcd.py
b/BaseTools/Scripts/ConvertFceToStructurePcd.py
index 2052db8c4b..d029ed6a28 100644
--- a/BaseTools/Scripts/ConvertFceToStructurePcd.py
+++ b/BaseTools/Scripts/ConvertFceToStructurePcd.py
@@ -285,6 +285,10 @@ class Config(object):
comment_list = value_re.findall(line) # the string \\... in "Q...." line
comment_list[0] = comment_list[0].replace('//', '')
comment = comment_list[0].strip()
+ comment_b = bytes(comment, encoding = "utf8")
+ if b"\xae" in comment_b:
+ comment_b = comment_b.replace(b"\xc2\xae", b"(R)") # Change
the circle "R" character to ascii character
+ comment = str(comment_b, encoding = "utf-8")
line=value_re.sub('',line) #delete \\... in "Q...." line
list1=line.split(' ')
value=self.value_parser(list1)
--
2.26.1.windows.1





[Patch V2 1/1] BaseTools/Source/Python: New Target/ToolChain/Arch in DSC [BuildOptions]

Michael D Kinney
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3359

Update BaseTools to support new build targets, new tool chains,
and new architectures declared in DSC file [BuildOptions] sections.

* Do not expand * when tools_def.txt is parsed. Only expand when
both tools_def.txt and DSC [BuilsOptions] sections have been parsed.
This also requires more flexible matching of tool keys that contain *
in tool key fields.

* Pre-scan the platform DSC file for FAMILY and TOOLCHAIN declarations
DSC in [BuildOptions] sections before the FAMILY and TOOLCHAIN need
to be known.

Cc: Bob Feng <bob.c.feng@...>
Cc: Liming Gao <gaoliming@...>
Cc: Yuwei Chen <yuwei.chen@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>
---
.../Python/AutoGen/ModuleAutoGenHelper.py | 50 +++++---
.../Source/Python/AutoGen/PlatformAutoGen.py | 115 ++++++++++++++----
.../Python/Common/ToolDefClassObject.py | 19 +--
.../Python/GenFds/GenFdsGlobalVariable.py | 31 +++--
BaseTools/Source/Python/build/build.py | 100 ++++++++++-----
5 files changed, 219 insertions(+), 96 deletions(-)

diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py
index 7477b1d77fb8..167bb59d2315 100644
--- a/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py
+++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGenHelper.py
@@ -173,17 +173,30 @@ class AutoGenInfo(object):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool in ToolDef and Family != "":
- FamilyIsNull = False
- if ToolDef[Tool].get(TAB_TOD_DEFINES_BUILDRULEFAMILY, "") != "":
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
- continue
- else:
- if ToolDef[Tool].get(TAB_TOD_DEFINES_FAMILY, "") == "":
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
- continue
- FamilyMatch = True
+ if Family != "":
+ Found = False
+ if Tool in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_STAR in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if not Found:
+ continue
# expand any wildcard
if Target == TAB_STAR or Target == self.BuildTarget:
if Tag == TAB_STAR or Tag == self.ToolChain:
@@ -213,12 +226,19 @@ class AutoGenInfo(object):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool not in ToolDef or Family == "":
+ if Family == "":
continue
# option has been added before
- if TAB_TOD_DEFINES_FAMILY not in ToolDef[Tool]:
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = False
+ if Tool in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if TAB_STAR in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if not Found:
continue

# expand any wildcard
diff --git a/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py b/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py
index e2ef3256773e..21e72438e59e 100644
--- a/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py
+++ b/BaseTools/Source/Python/AutoGen/PlatformAutoGen.py
@@ -827,6 +827,33 @@ class PlatformAutoGen(AutoGen):
RetVal = RetVal + _SplitOption(Flags.strip())
return RetVal

+ ## Compute a tool defintion key priority value in range 0..15
+ #
+ # TARGET_TOOLCHAIN_ARCH_COMMANDTYPE_ATTRIBUTE 15
+ # ******_TOOLCHAIN_ARCH_COMMANDTYPE_ATTRIBUTE 14
+ # TARGET_*********_ARCH_COMMANDTYPE_ATTRIBUTE 13
+ # ******_*********_ARCH_COMMANDTYPE_ATTRIBUTE 12
+ # TARGET_TOOLCHAIN_****_COMMANDTYPE_ATTRIBUTE 11
+ # ******_TOOLCHAIN_****_COMMANDTYPE_ATTRIBUTE 10
+ # TARGET_*********_****_COMMANDTYPE_ATTRIBUTE 9
+ # ******_*********_****_COMMANDTYPE_ATTRIBUTE 8
+ # TARGET_TOOLCHAIN_ARCH_***********_ATTRIBUTE 7
+ # ******_TOOLCHAIN_ARCH_***********_ATTRIBUTE 6
+ # TARGET_*********_ARCH_***********_ATTRIBUTE 5
+ # ******_*********_ARCH_***********_ATTRIBUTE 4
+ # TARGET_TOOLCHAIN_****_***********_ATTRIBUTE 3
+ # ******_TOOLCHAIN_****_***********_ATTRIBUTE 2
+ # TARGET_*********_****_***********_ATTRIBUTE 1
+ # ******_*********_****_***********_ATTRIBUTE 0
+ #
+ def ToolDefinitionPriority (self,Key):
+ KeyList = Key.split('_')
+ Priority = 0
+ for Index in range (0, min(4, len(KeyList))):
+ if KeyList[Index] != '*':
+ Priority += (1 << Index)
+ return Priority
+
## Get tool chain definition
#
# Get each tool definition for given tool chain from tools_def.txt and platform
@@ -839,8 +866,16 @@ class PlatformAutoGen(AutoGen):
ExtraData="[%s]" % self.MetaFile)
RetVal = OrderedDict()
DllPathList = set()
- for Def in ToolDefinition:
+
+ PrioritizedDefList = sorted(ToolDefinition.keys(), key=self.ToolDefinitionPriority, reverse=True)
+ for Def in PrioritizedDefList:
Target, Tag, Arch, Tool, Attr = Def.split("_")
+ if Target == TAB_STAR:
+ Target = self.BuildTarget
+ if Tag == TAB_STAR:
+ Tag = self.ToolChain
+ if Arch == TAB_STAR:
+ Arch = self.Arch
if Target != self.BuildTarget or Tag != self.ToolChain or Arch != self.Arch:
continue

@@ -850,9 +885,14 @@ class PlatformAutoGen(AutoGen):
DllPathList.add(Value)
continue

+ #
+ # ToolDefinition is sorted from highest priority to lowest priority.
+ # Only add the first(highest priority) match to RetVal
+ #
if Tool not in RetVal:
RetVal[Tool] = OrderedDict()
- RetVal[Tool][Attr] = Value
+ if Attr not in RetVal[Tool]:
+ RetVal[Tool][Attr] = Value

ToolsDef = ''
if GlobalData.gOptions.SilentMode and "MAKE" in RetVal:
@@ -860,9 +900,21 @@ class PlatformAutoGen(AutoGen):
RetVal["MAKE"]["FLAGS"] = ""
RetVal["MAKE"]["FLAGS"] += " -s"
MakeFlags = ''
- for Tool in RetVal:
- for Attr in RetVal[Tool]:
- Value = RetVal[Tool][Attr]
+
+ ToolList = list(RetVal.keys())
+ ToolList.sort()
+ for Tool in ToolList:
+ if Tool == TAB_STAR:
+ continue
+ AttrList = list(RetVal[Tool].keys())
+ if TAB_STAR in ToolList:
+ AttrList += list(RetVal[TAB_STAR])
+ AttrList.sort()
+ for Attr in AttrList:
+ if Attr in RetVal[Tool]:
+ Value = RetVal[Tool][Attr]
+ else:
+ Value = RetVal[TAB_STAR][Attr]
if Tool in self._BuildOptionWithToolDef(RetVal) and Attr in self._BuildOptionWithToolDef(RetVal)[Tool]:
# check if override is indicated
if self._BuildOptionWithToolDef(RetVal)[Tool][Attr].startswith('='):
@@ -877,7 +929,7 @@ class PlatformAutoGen(AutoGen):
if Attr == "PATH":
# Don't put MAKE definition in the file
if Tool != "MAKE":
- ToolsDef += "%s = %s\n" % (Tool, Value)
+ ToolsDef += "%s_%s = %s\n" % (Tool, Attr, Value)
elif Attr != "DLL":
# Don't put MAKE definition in the file
if Tool == "MAKE":
@@ -1469,17 +1521,31 @@ class PlatformAutoGen(AutoGen):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool in ToolDef and Family != "":
- FamilyIsNull = False
- if ToolDef[Tool].get(TAB_TOD_DEFINES_BUILDRULEFAMILY, "") != "":
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
- continue
- else:
- if ToolDef[Tool].get(TAB_TOD_DEFINES_FAMILY, "") == "":
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
- continue
- FamilyMatch = True
+ if Family != "":
+ Found = False
+ if Tool in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_STAR in ToolDef:
+ FamilyIsNull = False
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ FamilyMatch = True
+ Found = True
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ FamilyMatch = True
+ Found = True
+ if not Found:
+ continue
+
# expand any wildcard
if Target == TAB_STAR or Target == self.BuildTarget:
if Tag == TAB_STAR or Tag == self.ToolChain:
@@ -1509,12 +1575,19 @@ class PlatformAutoGen(AutoGen):
Family = Key[0]
Target, Tag, Arch, Tool, Attr = Key[1].split("_")
# if tool chain family doesn't match, skip it
- if Tool not in ToolDef or Family == "":
+ if Family == "":
continue
# option has been added before
- if TAB_TOD_DEFINES_FAMILY not in ToolDef[Tool]:
- continue
- if Family != ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = False
+ if Tool in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[Tool]:
+ if Family == ToolDef[Tool][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if TAB_STAR in ToolDef:
+ if TAB_TOD_DEFINES_FAMILY in ToolDef[TAB_STAR]:
+ if Family == ToolDef[TAB_STAR][TAB_TOD_DEFINES_FAMILY]:
+ Found = True
+ if not Found:
continue

# expand any wildcard
diff --git a/BaseTools/Source/Python/Common/ToolDefClassObject.py b/BaseTools/Source/Python/Common/ToolDefClassObject.py
index 8e70407cb9e9..2b4b23849196 100644
--- a/BaseTools/Source/Python/Common/ToolDefClassObject.py
+++ b/BaseTools/Source/Python/Common/ToolDefClassObject.py
@@ -1,7 +1,7 @@
## @file
# This file is used to define each component of tools_def.txt file
#
-# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#

@@ -86,23 +86,6 @@ class ToolDefClassObject(object):
self.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TARGET_ARCH].sort()
self.ToolsDefTxtDatabase[TAB_TOD_DEFINES_COMMAND_TYPE].sort()

- KeyList = [TAB_TOD_DEFINES_TARGET, TAB_TOD_DEFINES_TOOL_CHAIN_TAG, TAB_TOD_DEFINES_TARGET_ARCH, TAB_TOD_DEFINES_COMMAND_TYPE]
- for Index in range(3, -1, -1):
- # make a copy of the keys to enumerate over to prevent issues when
- # adding/removing items from the original dict.
- for Key in list(self.ToolsDefTxtDictionary.keys()):
- List = Key.split('_')
- if List[Index] == TAB_STAR:
- for String in self.ToolsDefTxtDatabase[KeyList[Index]]:
- List[Index] = String
- NewKey = '%s_%s_%s_%s_%s' % tuple(List)
- if NewKey not in self.ToolsDefTxtDictionary:
- self.ToolsDefTxtDictionary[NewKey] = self.ToolsDefTxtDictionary[Key]
- del self.ToolsDefTxtDictionary[Key]
- elif List[Index] not in self.ToolsDefTxtDatabase[KeyList[Index]]:
- del self.ToolsDefTxtDictionary[Key]
-
-
## IncludeToolDefFile
#
# Load target.txt file and parse it as if its contents were inside the main file
diff --git a/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py b/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
index 3019ec63c3bb..c31fc24870d5 100644
--- a/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
+++ b/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
@@ -1,7 +1,7 @@
## @file
# Global variables for GenFds
#
-# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -875,14 +875,27 @@ def FindExtendTool(KeyStringList, CurrentArchList, NameGuid):
ToolOptionKey = None
KeyList = None
for tool_def in ToolDefinition.items():
- if NameGuid.lower() == tool_def[1].lower():
- KeyList = tool_def[0].split('_')
- Key = KeyList[0] + \
- '_' + \
- KeyList[1] + \
- '_' + \
- KeyList[2]
- if Key in KeyStringList and KeyList[4] == DataType.TAB_GUID:
+ KeyList = tool_def[0].split('_')
+ if len(KeyList) < 5:
+ continue
+ if KeyList[4] != DataType.TAB_GUID:
+ continue
+ if NameGuid.lower() != tool_def[1].lower():
+ continue
+ Key = KeyList[0] + \
+ '_' + \
+ KeyList[1] + \
+ '_' + \
+ KeyList[2]
+ for KeyString in KeyStringList:
+ KeyStringBuildTarget, KeyStringToolChain, KeyStringArch = KeyString.split('_')
+ if KeyList[0] == DataType.TAB_STAR:
+ KeyList[0] = KeyStringBuildTarget
+ if KeyList[1] == DataType.TAB_STAR:
+ KeyList[1] = KeyStringToolChain
+ if KeyList[2] == DataType.TAB_STAR:
+ KeyList[2] = KeyStringArch
+ if KeyList[0] == KeyStringBuildTarget and KeyList[1] == KeyStringToolChain and KeyList[2] == KeyStringArch:
ToolPathKey = Key + '_' + KeyList[3] + '_PATH'
ToolOptionKey = Key + '_' + KeyList[3] + '_FLAGS'
ToolPath = ToolDefinition.get(ToolPathKey)
diff --git a/BaseTools/Source/Python/build/build.py b/BaseTools/Source/Python/build/build.py
index c4cfe38ad96a..cf988c00b8e0 100755
--- a/BaseTools/Source/Python/build/build.py
+++ b/BaseTools/Source/Python/build/build.py
@@ -2,7 +2,7 @@
# build a platform or a module
#
# Copyright (c) 2014, Hewlett-Packard Development Company, L.P.<BR>
-# Copyright (c) 2007 - 2020, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2018, Hewlett Packard Enterprise Development, L.P.<BR>
# Copyright (c) 2020, ARM Limited. All rights reserved.<BR>
#
@@ -889,6 +889,36 @@ class Build():
except:
return False, UNKNOWN_ERROR

+ ## Add TOOLCHAIN and FAMILY declared in DSC [BuildOptions] to ToolsDefTxtDatabase.
+ #
+ # Loop through the set of build targets, tool chains, and archs provided on either
+ # the command line or in target.txt to discover FAMILY and TOOLCHAIN delclarations
+ # in [BuildOptions] sections that may be within !if expressions that may use
+ # $(TARGET), $(TOOLCHAIN), $(TOOLCHAIN_TAG), or $(ARCH) operands.
+ #
+ def GetToolChainAndFamilyFromDsc (self, File):
+ for BuildTarget in self.BuildTargetList:
+ GlobalData.gGlobalDefines['TARGET'] = BuildTarget
+ for ToolChain in self.ToolChainList:
+ GlobalData.gGlobalDefines['TOOLCHAIN'] = ToolChain
+ GlobalData.gGlobalDefines['TOOL_CHAIN_TAG'] = ToolChain
+ for Arch in self.ArchList:
+ GlobalData.gGlobalDefines['ARCH'] = Arch
+ dscobj = self.BuildDatabase[File, Arch]
+ for Family, ToolChain, CodeBase in dscobj.BuildOptions:
+ if TAB_TOD_DEFINES_FAMILY not in self.ToolDef.ToolsDefTxtDatabase:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_FAMILY] = {}
+ if ToolChain not in self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_FAMILY]:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_FAMILY][ToolChain] = Family
+ if TAB_TOD_DEFINES_BUILDRULEFAMILY not in self.ToolDef.ToolsDefTxtDatabase:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_BUILDRULEFAMILY] = {}
+ if ToolChain not in self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_BUILDRULEFAMILY]:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_BUILDRULEFAMILY][ToolChain] = Family
+ if TAB_TOD_DEFINES_TOOL_CHAIN_TAG not in self.ToolDef.ToolsDefTxtDatabase:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TOOL_CHAIN_TAG] = []
+ if ToolChain not in self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TOOL_CHAIN_TAG]:
+ self.ToolDef.ToolsDefTxtDatabase[TAB_TOD_DEFINES_TOOL_CHAIN_TAG].append(ToolChain)
+
## Load configuration
#
# This method will parse target.txt and get the build configurations.
@@ -910,6 +940,26 @@ class Build():
if self.ToolChainList is None or len(self.ToolChainList) == 0:
EdkLogger.error("build", RESOURCE_NOT_AVAILABLE, ExtraData="No toolchain given. Don't know how to build.\n")

+ if not self.PlatformFile:
+ PlatformFile = self.TargetTxt.TargetTxtDictionary[TAB_TAT_DEFINES_ACTIVE_PLATFORM]
+ if not PlatformFile:
+ # Try to find one in current directory
+ WorkingDirectory = os.getcwd()
+ FileList = glob.glob(os.path.normpath(os.path.join(WorkingDirectory, '*.dsc')))
+ FileNum = len(FileList)
+ if FileNum >= 2:
+ EdkLogger.error("build", OPTION_MISSING,
+ ExtraData="There are %d DSC files in %s. Use '-p' to specify one.\n" % (FileNum, WorkingDirectory))
+ elif FileNum == 1:
+ PlatformFile = FileList[0]
+ else:
+ EdkLogger.error("build", RESOURCE_NOT_AVAILABLE,
+ ExtraData="No active platform specified in target.txt or command line! Nothing can be built.\n")
+
+ self.PlatformFile = PathClass(NormFile(PlatformFile, self.WorkspaceDir), self.WorkspaceDir)
+
+ self.GetToolChainAndFamilyFromDsc (self.PlatformFile)
+
# check if the tool chains are defined or not
NewToolChainList = []
for ToolChain in self.ToolChainList:
@@ -935,23 +985,6 @@ class Build():
ToolChainFamily.append(ToolDefinition[TAB_TOD_DEFINES_FAMILY][Tool])
self.ToolChainFamily = ToolChainFamily

- if not self.PlatformFile:
- PlatformFile = self.TargetTxt.TargetTxtDictionary[TAB_TAT_DEFINES_ACTIVE_PLATFORM]
- if not PlatformFile:
- # Try to find one in current directory
- WorkingDirectory = os.getcwd()
- FileList = glob.glob(os.path.normpath(os.path.join(WorkingDirectory, '*.dsc')))
- FileNum = len(FileList)
- if FileNum >= 2:
- EdkLogger.error("build", OPTION_MISSING,
- ExtraData="There are %d DSC files in %s. Use '-p' to specify one.\n" % (FileNum, WorkingDirectory))
- elif FileNum == 1:
- PlatformFile = FileList[0]
- else:
- EdkLogger.error("build", RESOURCE_NOT_AVAILABLE,
- ExtraData="No active platform specified in target.txt or command line! Nothing can be built.\n")
-
- self.PlatformFile = PathClass(NormFile(PlatformFile, self.WorkspaceDir), self.WorkspaceDir)
self.ThreadNumber = ThreadNum()
## Initialize build configuration
#
@@ -2381,24 +2414,25 @@ class Build():
continue

for Arch in self.ArchList:
- # Build up the list of supported architectures for this build
- prefix = '%s_%s_%s_' % (BuildTarget, ToolChain, Arch)
-
# Look through the tool definitions for GUIDed tools
guidAttribs = []
for (attrib, value) in self.ToolDef.ToolsDefTxtDictionary.items():
- if attrib.upper().endswith('_GUID'):
- split = attrib.split('_')
- thisPrefix = '_'.join(split[0:3]) + '_'
- if thisPrefix == prefix:
- guid = self.ToolDef.ToolsDefTxtDictionary[attrib]
- guid = guid.lower()
- toolName = split[3]
- path = '_'.join(split[0:4]) + '_PATH'
- path = self.ToolDef.ToolsDefTxtDictionary[path]
- path = self.GetRealPathOfTool(path)
- guidAttribs.append((guid, toolName, path))
-
+ GuidBuildTarget, GuidToolChain, GuidArch, GuidTool, GuidAttr = attrib.split('_')
+ if GuidAttr.upper() == 'GUID':
+ if GuidBuildTarget == TAB_STAR:
+ GuidBuildTarget = BuildTarget
+ if GuidToolChain == TAB_STAR:
+ GuidToolChain = ToolChain
+ if GuidArch == TAB_STAR:
+ GuidArch = Arch
+ if GuidBuildTarget == BuildTarget and GuidToolChain == ToolChain and GuidArch == Arch:
+ path = '_'.join(attrib.split('_')[:-1]) + '_PATH'
+ if path in self.ToolDef.ToolsDefTxtDictionary:
+ path = self.ToolDef.ToolsDefTxtDictionary[path]
+ path = self.GetRealPathOfTool(path)
+ guidAttribs.append((value.lower(), GuidTool, path))
+ # Sort by GuidTool name
+ sorted (guidAttribs, key=lambda x: x[1])
# Write out GuidedSecTools.txt
toolsFile = os.path.join(FvDir, 'GuidedSectionTools.txt')
toolsFile = open(toolsFile, 'wt')
--
2.31.1.windows.1


Re: Problem: TPM 2.0 event log by OVMF is shown empty in Linux kernel versions after 5.8

James Bottomley
 

On Wed, 2021-04-28 at 10:19 -0700, James Bottomley wrote:
On Wed, 2021-04-28 at 16:56 +0200, Thore Sommer wrote:
TPM2 @ 0x0000000000000000
0000: 54 50 4D 32 4C 00 00 00 04 7F 42 4F 43 48 53
20 TPM2L.....BOCHS
0010: 42 58 50 43 54 50 4D 32 01 00 00 00 42 58 50
43 BXPCTPM2....BXPC
0020: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 ................
0030: 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 ................
0040: 00 00 01 00 00 C0 BB 7E 00 00 00
00 .......~....
This is actually pretty much exactly what I see in the working OVMF

TPM2 @ 0x0000000000000000
0000: 54 50 4D 32 4C 00 00 00 04 DB 42 4F 43 48 53
20 TPM2L.....BOCHS
0010: 42 58 50 43 54 50 4D 32 01 00 00 00 42 58 50
43 BXPCTPM2....BXPC
0020: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 ................
0030: 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 ................
0040: 00 00 01 00 00 60 BE 7F 00 00 00
00 .....`......

So it looks like the empty acpi table theory doesn't fly.
Actually, there's another possibility, which is that you're not booting
via the efi stub. This is somewhat tricky to get right in grub, so you
can rule this out by booting ovmf to a shell and then executing vmlinuz
directly from the shell.

James


[PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64

Rebecca Cran <rebecca@...>
 

AARCH64 support has been added to BaseRngLib via the optional
ARMv8.5 FEAT_RNG.

Refactor RngDxe to support AARCH64, note support for it in the
VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.

Signed-off-by: Rebecca Cran <rebecca@...>
---
SecurityPkg/SecurityPkg.dsc | 11 +-
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 19 +++-
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h | 37 ++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h | 0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h | 0
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | 88 ++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c | 54 +++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 108 ++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c | 0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c | 0
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 120 ++++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 117 ++++---------------
12 files changed, 450 insertions(+), 104 deletions(-)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 12ccd1634941..bd4b810bce61 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -259,6 +259,12 @@ [Components]
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf

+[Components.IA32, Components.X64, Components.AARCH64]
+ #
+ # Random Number Generator
+ #
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
[Components.IA32, Components.X64]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

@@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf

- #
- # Random Number Generator
- #
- SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
-
#
# Opal Password solution
#
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 99d6f6b35fc2..c188b6076c00 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -26,15 +26,24 @@ [Defines]
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#

[Sources.common]
RngDxe.c
- RdRand.c
- RdRand.h
- AesCore.c
- AesCore.h
+ RngDxeInternals.h
+
+[Sources.IA32, Sources.X64]
+ Rand/RngDxe.c
+ Rand/RdRand.c
+ Rand/RdRand.h
+ Rand/AesCore.c
+ Rand/AesCore.h
+
+[Sources.AARCH64]
+ AArch64/RngDxe.c
+ AArch64/Rndr.c
+ AArch64/Rndr.h

[Packages]
MdePkg/MdePkg.dec
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
new file mode 100644
index 000000000000..458faa834a3d
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
@@ -0,0 +1,37 @@
+/** @file
+ Header for the RNDR APIs used by RNG DXE driver.
+
+ Support API definitions for RNDR instruction access.
+
+
+ Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNDR_H_
+#define RNDR_H_
+
+#include <Library/BaseLib.h>
+#include <Protocol/Rng.h>
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ );
+
+#endif // RNDR_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
new file mode 100644
index 000000000000..7e38fc2564f6
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
@@ -0,0 +1,88 @@
+/** @file
+ Function prototypes for UEFI Random Number Generator protocol support.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNGDXE_INTERNALS_H_
+#define RNGDXE_INTERNALS_H_
+
+extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
+
+/**
+ Returns information about the random number generation implementation.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
+ On output with a return code of EFI_SUCCESS, the size
+ in bytes of the data returned in RNGAlgorithmList. On output
+ with a return code of EFI_BUFFER_TOO_SMALL,
+ the size of RNGAlgorithmList required to obtain the list.
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
+ with one EFI_RNG_ALGORITHM element for each supported
+ RNG algorithm. The list must not change across multiple
+ calls to the same driver. The first algorithm in the list
+ is the default algorithm for the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was returned successfully.
+ @retval EFI_UNSUPPORTED The services is not supported by this driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
+ hardware or firmware error.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ );
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
+ RNGValue. The driver shall return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length
+ requested by RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ );
+
+/**
+ Returns the size of the RNG algorithms structure.
+
+ @return Size of the EFI_RNG_ALGORITHM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ );
+
+#endif // RNGDXE_INTERNALS_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
new file mode 100644
index 000000000000..36166a9cbc13
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
@@ -0,0 +1,54 @@
+/** @file
+ Support routines for RNDR instruction access.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
+
+#include "Rndr.h"
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ )
+{
+ BOOLEAN IsRandom;
+ UINT64 TempRand;
+
+ while (Length > 0) {
+ IsRandom = GetRandomNumber64 (&TempRand);
+ if (!IsRandom) {
+ return EFI_NOT_READY;
+ }
+ if (Length >= sizeof (TempRand)) {
+ WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
+ RandBuffer += sizeof (UINT64);
+ Length -= sizeof (TempRand);
+ } else {
+ CopyMem (RandBuffer, &TempRand, Length);
+ Length = 0;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
new file mode 100644
index 000000000000..18cca825e72d
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
@@ -0,0 +1,108 @@
+/** @file
+ RNG Driver to produce the UEFI Random Number Generator protocol.
+
+ The driver will use the new RNDR instruction to produce high-quality, high-performance
+ entropy and random number.
+
+ RNG Algorithms defined in UEFI 2.4:
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_RAW - Supported
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
+
+#include "Rndr.h"
+
+//
+// Supported RNG Algorithms list by this driver.
+//
+EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
+ EFI_RNG_ALGORITHM_RAW
+};
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
+ RNGValue. The driver shall return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length
+ requested by RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ EFI_STATUS Status;
+
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (RNGAlgorithm == NULL) {
+ //
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.
+ //
+ RNGAlgorithm = &gEfiRngAlgorithmRaw;
+ }
+
+ //
+ // The "raw" algorithm is intended to provide entropy directly
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+ Status = RndrGetBytes (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // Other algorithms are unsupported by this driver.
+ //
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Returns the size of the RNG algorithms structure.
+
+ @return Size of the EFI_RNG_ALGORITHM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ )
+{
+ return sizeof (mSupportedRngAlgorithms);
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
new file mode 100644
index 000000000000..cf0bebd6a386
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -0,0 +1,120 @@
+/** @file
+ RNG Driver to produce the UEFI Random Number Generator protocol.
+
+ The driver will use the new RDRAND instruction to produce high-quality, high-performance
+ entropy and random number.
+
+ RNG Algorithms defined in UEFI 2.4:
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
+ (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
+ - EFI_RNG_ALGORITHM_RAW - Supported
+ (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "RdRand.h"
+
+//
+// Supported RNG Algorithms list by this driver.
+//
+EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
+ EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
+ EFI_RNG_ALGORITHM_RAW
+};
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
+ RNGValue. The driver shall return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length
+ requested by RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ EFI_STATUS Status;
+
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = EFI_UNSUPPORTED;
+ if (RNGAlgorithm == NULL) {
+ //
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.
+ //
+ RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
+ }
+
+ //
+ // NIST SP800-90-AES-CTR-256 supported by RDRAND
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
+ Status = RdRandGetBytes (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // The "raw" algorithm is intended to provide entropy directly
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+ //
+ // When a DRBG is used on the output of a entropy source,
+ // its security level must be at least 256 bits according to UEFI Spec.
+ //
+ if (RNGValueLength < 32) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // Other algorithms were unsupported by this driver.
+ //
+ return Status;
+}
+
+/**
+ Returns the size of the RNG algorithms list.
+
+ @return Size of the EFI_RNG_ALGORIGM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ )
+{
+ return sizeof (mSupportedRngAlgorithms);
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
index 13d3dbd0bfbe..0072e6b433e6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
@@ -1,34 +1,38 @@
/** @file
RNG Driver to produce the UEFI Random Number Generator protocol.

- The driver will use the new RDRAND instruction to produce high-quality, high-performance
- entropy and random number.
+ The driver uses CPU RNG instructions to produce high-quality,
+ high-performance entropy and random number.

RNG Algorithms defined in UEFI 2.4:
- - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
- (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
- - EFI_RNG_ALGORITHM_RAW - Supported
- (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
- - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
- - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
- - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
- - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
+ - EFI_RNG_ALGORITHM_RAW
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID

-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent

**/

-#include "RdRand.h"
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
+
+#include "RngDxeInternals.h"
+

//
// Supported RNG Algorithms list by this driver.
//
-EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
- EFI_RNG_ALGORITHM_RAW
-};
+
+extern EFI_RNG_ALGORITHM mSupportedRngAlgorithms[];

/**
Returns information about the random number generation implementation.
@@ -68,7 +72,7 @@ RngGetInfo (
return EFI_INVALID_PARAMETER;
}

- RequiredSize = sizeof (mSupportedRngAlgorithms);
+ RequiredSize = ArchGetSupportedRngAlgorithmsSize ();
if (*RNGAlgorithmListSize < RequiredSize) {
Status = EFI_BUFFER_TOO_SMALL;
} else {
@@ -87,81 +91,6 @@ RngGetInfo (
return Status;
}

-/**
- Produces and returns an RNG value using either the default or specified RNG algorithm.
-
- @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
- @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
- algorithm to use. May be NULL in which case the function will
- use its default RNG algorithm.
- @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
- RNGValue. The driver shall return exactly this numbers of bytes.
- @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
- resulting RNG value.
-
- @retval EFI_SUCCESS The RNG value was returned successfully.
- @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
- this driver.
- @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
- firmware error.
- @retval EFI_NOT_READY There is not enough random data available to satisfy the length
- requested by RNGValueLength.
- @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
-
-**/
-EFI_STATUS
-EFIAPI
-RngGetRNG (
- IN EFI_RNG_PROTOCOL *This,
- IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
- IN UINTN RNGValueLength,
- OUT UINT8 *RNGValue
- )
-{
- EFI_STATUS Status;
-
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = EFI_UNSUPPORTED;
- if (RNGAlgorithm == NULL) {
- //
- // Use the default RNG algorithm if RNGAlgorithm is NULL.
- //
- RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
- }
-
- //
- // NIST SP800-90-AES-CTR-256 supported by RDRAND
- //
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
- Status = RdRandGetBytes (RNGValueLength, RNGValue);
- return Status;
- }
-
- //
- // The "raw" algorithm is intended to provide entropy directly
- //
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
- //
- // When a DRBG is used on the output of a entropy source,
- // its security level must be at least 256 bits according to UEFI Spec.
- //
- if (RNGValueLength < 32) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
- return Status;
- }
-
- //
- // Other algorithms were unsupported by this driver.
- //
- return Status;
-}
-
//
// The Random Number Generator (RNG) protocol
//
--
2.26.2


[PATCH 2/3] MdePkg: Refactor BaseRngLib to support AARCH64 in addition to X86

Rebecca Cran <rebecca@...>
 

Make BaseRngLib more generic by moving x86 specific functionality from
BaseRng.c into Rand/RdRand.c, and adding AArch64/Rndr.c, which supports
the optional ARMv8.5 RNG instructions RNDR and RNDRRS that are a part of
FEAT_RNG.

Signed-off-by: Rebecca Cran <rebecca@...>
---
MdePkg/MdePkg.dec | 9 +-
MdePkg/MdePkg.dsc | 4 +-
MdePkg/Library/BaseRngLib/BaseRngLib.inf | 16 ++-
MdePkg/Library/BaseRngLib/BaseRngLibInternals.h | 31 +++++
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 121 ++++++++++++++++++++
MdePkg/Library/BaseRngLib/BaseRng.c | 55 +++------
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 103 +++++++++++++++++
MdePkg/Library/BaseRngLib/BaseRngLib.uni | 6 +-
8 files changed, 291 insertions(+), 54 deletions(-)

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 8965e903e093..b49f88d8e18f 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -267,6 +267,11 @@ [LibraryClasses]
#
RegisterFilterLib|Include/Library/RegisterFilterLib.h

+[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
+ ## @libraryclass Provides services to generate random number.
+ #
+ RngLib|Include/Library/RngLib.h
+
[LibraryClasses.IA32, LibraryClasses.X64]
## @libraryclass Abstracts both S/W SMI generation and detection.
##
@@ -288,10 +293,6 @@ [LibraryClasses.IA32, LibraryClasses.X64]
#
SmmPeriodicSmiLib|Include/Library/SmmPeriodicSmiLib.h

- ## @libraryclass Provides services to generate random number.
- #
- RngLib|Include/Library/RngLib.h
-
## @libraryclass Provides services to log the SMI handler registration.
SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h

diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index d363419006ea..a94959169b2f 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -145,6 +145,9 @@ [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibSmm.inf
MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibUefiShell.inf

+[Components.IA32, Components.X64, Components.AARCH64]
+ MdePkg/Library/BaseRngLib/BaseRngLib.inf
+
[Components.IA32, Components.X64]
MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
@@ -168,7 +171,6 @@ [Components.IA32, Components.X64]
MdePkg/Library/BaseS3StallLib/BaseS3StallLib.inf
MdePkg/Library/SmmMemLib/SmmMemLib.inf
MdePkg/Library/SmmIoLib/SmmIoLib.inf
- MdePkg/Library/BaseRngLib/BaseRngLib.inf
MdePkg/Library/SmmPciExpressLib/SmmPciExpressLib.inf
MdePkg/Library/SmiHandlerProfileLibNull/SmiHandlerProfileLibNull.inf
MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
index 31740751c69c..1dc3249a8c20 100644
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
@@ -1,9 +1,10 @@
## @file
# Instance of RNG (Random Number Generator) Library.
#
-# BaseRng Library that uses CPU RdRand instruction access to provide
-# high-quality random numbers.
+# BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
+# provide high-quality random numbers.
#
+# Copyright (c) 2020, NUVIA Inc. All rights reserved.<BR>
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -22,11 +23,18 @@ [Defines]
CONSTRUCTOR = BaseRngLibConstructor

#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#

-[Sources.Ia32, Sources.X64]
+[Sources]
BaseRng.c
+ BaseRngLibInternals.h
+
+[Sources.Ia32, Sources.X64]
+ Rand/RdRand.c
+
+[Sources.AARCH64]
+ AArch64/Rndr.c

[Packages]
MdePkg/MdePkg.dec
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
new file mode 100644
index 000000000000..44fda69c9eec
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
@@ -0,0 +1,31 @@
+/** @file
+
+ Architecture specific interface to RNG functionality.
+
+Copyright (c) 2020, NUVIA Inc. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef BASE_RNGLIB_INTERNALS_H_
+
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+ OUT UINT16 *Rand
+ );
+
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+ OUT UINT32 *Rand
+ );
+
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+ OUT UINT64 *Rand
+ );
+
+#endif // BASE_RNGLIB_INTERNALS_H_
diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
new file mode 100644
index 000000000000..19643237923a
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
@@ -0,0 +1,121 @@
+/** @file
+ Random number generator service that uses the RNDR instruction
+ to provide high-quality random numbers.
+
+ Copyright (c) 2020, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#include <Library/RngLib.h>
+
+#include "BaseRngLibInternals.h"
+
+//
+// Bit mask used to determine if RNDR instruction is supported.
+//
+#define RNDR_MASK ((UINT64)MAX_UINT16 << 60U)
+
+/**
+ The constructor function checks whether or not RNDR instruction is supported
+ by the host hardware.
+
+ The constructor function checks whether or not RNDR instruction is supported.
+ It will ASSERT() if RNDR instruction is not supported.
+ It will always return RETURN_SUCCESS.
+
+ @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS.
+
+**/
+RETURN_STATUS
+EFIAPI
+BaseRngLibConstructor (
+ VOID
+ )
+{
+ UINT64 Isar0;
+ //
+ // Determine RNDR support by examining bits 63:60 of the ISAR0 register returned by
+ // MSR. A non-zero value indicates that the processor supports the RNDR instruction.
+ //
+ Isar0 = ArmReadIdIsar0 ();
+ ASSERT ((Isar0 & RNDR_MASK) != 0);
+ (void)Isar0;
+
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ Generates a 16-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 16-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+ OUT UINT16 *Rand
+ )
+{
+ UINT64 Rand64;
+
+ if (ArchGetRandomNumber64 (&Rand64)) {
+ *Rand = Rand64 & MAX_UINT16;
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a 32-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 32-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+ OUT UINT32 *Rand
+ )
+{
+ UINT64 Rand64;
+
+ if (ArchGetRandomNumber64 (&Rand64)) {
+ *Rand = Rand64 & MAX_UINT32;
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a 64-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 64-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+ OUT UINT64 *Rand
+ )
+{
+ return ArmRndr (Rand);
+}
+
diff --git a/MdePkg/Library/BaseRngLib/BaseRng.c b/MdePkg/Library/BaseRngLib/BaseRng.c
index 7ad7aec9d38f..072fa37d3394 100644
--- a/MdePkg/Library/BaseRngLib/BaseRng.c
+++ b/MdePkg/Library/BaseRngLib/BaseRng.c
@@ -1,8 +1,10 @@
/** @file
- Random number generator services that uses RdRand instruction access
- to provide high-quality random numbers.
+ Random number generator services that uses CPU RNG instructions to
+ provide high-quality random numbers.

+Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -10,46 +12,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>

-//
-// Bit mask used to determine if RdRand instruction is supported.
-//
-#define RDRAND_MASK BIT30
+#include "BaseRngLibInternals.h"

//
// Limited retry number when valid random data is returned.
// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and IA-32
-// Architectures Software Developer's Mannual".
+// Architectures Software Developer's Manual".
//
-#define RDRAND_RETRY_LIMIT 10
+#define GETRANDOM_RETRY_LIMIT 10

-/**
- The constructor function checks whether or not RDRAND instruction is supported
- by the host hardware.
-
- The constructor function checks whether or not RDRAND instruction is supported.
- It will ASSERT() if RDRAND instruction is not supported.
- It will always return RETURN_SUCCESS.
-
- @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS.
-
-**/
-RETURN_STATUS
-EFIAPI
-BaseRngLibConstructor (
- VOID
- )
-{
- UINT32 RegEcx;
-
- //
- // Determine RDRAND support by examining bit 30 of the ECX register returned by
- // CPUID. A value of 1 indicates that processor support RDRAND instruction.
- //
- AsmCpuid (1, 0, 0, &RegEcx, 0);
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
-
- return RETURN_SUCCESS;
-}

/**
Generates a 16-bit random number.
@@ -75,8 +46,8 @@ GetRandomNumber16 (
//
// A loop to fetch a 16 bit random value with a retry count limit.
//
- for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
- if (AsmRdRand16 (Rand)) {
+ for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+ if (ArchGetRandomNumber16 (Rand)) {
return TRUE;
}
}
@@ -108,8 +79,8 @@ GetRandomNumber32 (
//
// A loop to fetch a 32 bit random value with a retry count limit.
//
- for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
- if (AsmRdRand32 (Rand)) {
+ for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+ if (ArchGetRandomNumber32 (Rand)) {
return TRUE;
}
}
@@ -141,8 +112,8 @@ GetRandomNumber64 (
//
// A loop to fetch a 64 bit random value with a retry count limit.
//
- for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
- if (AsmRdRand64 (Rand)) {
+ for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+ if (ArchGetRandomNumber64 (Rand)) {
return TRUE;
}
}
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
new file mode 100644
index 000000000000..3f1378064b4c
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -0,0 +1,103 @@
+/** @file
+ Random number generator services that uses RdRand instruction access
+ to provide high-quality random numbers.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#include "BaseRngLibInternals.h"
+
+//
+// Bit mask used to determine if RdRand instruction is supported.
+//
+#define RDRAND_MASK BIT30
+
+/**
+ The constructor function checks whether or not RDRAND instruction is supported
+ by the host hardware.
+
+ The constructor function checks whether or not RDRAND instruction is supported.
+ It will ASSERT() if RDRAND instruction is not supported.
+ It will always return RETURN_SUCCESS.
+
+ @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS.
+
+**/
+RETURN_STATUS
+EFIAPI
+BaseRngLibConstructor (
+ VOID
+ )
+{
+ UINT32 RegEcx;
+
+ //
+ // Determine RDRAND support by examining bit 30 of the ECX register returned by
+ // CPUID. A value of 1 indicates that processor support RDRAND instruction.
+ //
+ AsmCpuid (1, 0, 0, &RegEcx, 0);
+ ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Generates a 16-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 16-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+ OUT UINT16 *Rand
+ )
+{
+ return AsmRdRand16 (Rand);
+}
+
+/**
+ Generates a 32-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 32-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+ OUT UINT32 *Rand
+ )
+{
+ return AsmRdRand32 (Rand);
+}
+
+/**
+ Generates a 64-bit random number.
+
+ @param[out] Rand Buffer pointer to store the 64-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+ OUT UINT64 *Rand
+ )
+{
+ return AsmRdRand64 (Rand);
+}
+
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.uni b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
index f3ed954c5209..8c7fe1219450 100644
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.uni
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
@@ -1,8 +1,8 @@
// /** @file
// Instance of RNG (Random Number Generator) Library.
//
-// BaseRng Library that uses CPU RdRand instruction access to provide
-// high-quality random numbers.
+// BaseRng Library that uses CPU RNG instructions to provide high-quality
+// random numbers.
//
// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
//
@@ -13,5 +13,5 @@

#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG Library"

-#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library that uses CPU RdRand instruction access to provide high-quality random numbers"
+#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library that uses CPU RNG instructions to provide high-quality random numbers"

--
2.26.2


[PATCH 1/3] MdePkg/BaseLib: Add support for ARMv8.5 RNG instructions

Rebecca Cran <rebecca@...>
 

Add support for the optional ARMv8.5 RNDR and RNDRRS instructions that
are a part of FEAT_RNG to BaseLib, and add a function to read the ISAR0
register which indicates whether the CPU supports FEAT_RNG.

Signed-off-by: Rebecca Cran <rebecca@...>
---
MdePkg/Library/BaseLib/BaseLib.inf | 4 ++
MdePkg/Include/Library/BaseLib.h | 47 +++++++++++++++++
MdePkg/Library/BaseLib/BaseLibInternals.h | 6 +++
MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S | 29 +++++++++++
MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm | 28 ++++++++++
MdePkg/Library/BaseLib/AArch64/ArmRng.S | 51 ++++++++++++++++++
MdePkg/Library/BaseLib/AArch64/ArmRng.asm | 55 ++++++++++++++++++++
7 files changed, 220 insertions(+)

diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
index b76f3af380ea..7f582079d786 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -380,6 +380,8 @@ [Sources.AARCH64]
AArch64/SetJumpLongJump.S | GCC
AArch64/CpuBreakpoint.S | GCC
AArch64/SpeculationBarrier.S | GCC
+ AArch64/ArmRng.S | GCC
+ AArch64/ArmReadIdIsar0.S | GCC

AArch64/MemoryFence.asm | MSFT
AArch64/SwitchStack.asm | MSFT
@@ -389,6 +391,8 @@ [Sources.AARCH64]
AArch64/SetJumpLongJump.asm | MSFT
AArch64/CpuBreakpoint.asm | MSFT
AArch64/SpeculationBarrier.asm | MSFT
+ AArch64/ArmRng.asm | MSFT
+ AArch64/ArmReadIdIsar0.asm | MSFT

[Sources.RISCV64]
Math64.c
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 7253997a6f8c..60cf559b0849 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -7519,4 +7519,51 @@ PatchInstructionX86 (
);

#endif // defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
+
+#if defined (MDE_CPU_AARCH64)
+
+/**
+ Reads the ID_AA64ISAR0 Register.
+
+ @return The contents of the ID_AA64ISAR0 Register
+
+**/
+UINT64
+EFIAPI
+ArmReadIdIsar0 (
+ VOID
+ );
+
+/**
+ Generates a random number using the RNDR instruction.
+
+ @param[out] The generated random number
+
+ @retval TRUE Success: a random number was successfully generated
+ @retval FALSE Failure: a random number was unable to be generated
+
+**/
+BOOLEAN
+EFIAPI
+ArmRndr (
+ OUT UINT64 *Rand
+ );
+
+/**
+ Generates a random number using the RNDRRS instruction.
+
+ @param[out] The generated random number
+
+ @retval TRUE Success: a random number was successfully generated
+ @retval FALSE Failure: a random number was unable to be generated
+
+**/
+BOOLEAN
+EFIAPI
+ArmRndrrs (
+ OUT UINT64 *Rand
+ );
+
+#endif // defined (MDE_CPU_AARCH64)
+
#endif // !defined (__BASE_LIB__)
diff --git a/MdePkg/Library/BaseLib/BaseLibInternals.h b/MdePkg/Library/BaseLib/BaseLibInternals.h
index 6837d67d90cf..4ae79a4e7ab4 100644
--- a/MdePkg/Library/BaseLib/BaseLibInternals.h
+++ b/MdePkg/Library/BaseLib/BaseLibInternals.h
@@ -862,6 +862,12 @@ InternalX86RdRand64 (
OUT UINT64 *Rand
);

+#elif defined (MDE_CPU_AARCH64)
+
+// RNDR, Random Number
+#define RNDR S3_3_C2_C4_0
+#define RNDRRS S3_3_C2_C4_1
+
#else

#endif
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S
new file mode 100644
index 000000000000..b31e565c7955
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S
@@ -0,0 +1,29 @@
+#------------------------------------------------------------------------------
+#
+# ArmReadIdIsar0() for AArch64
+#
+# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#------------------------------------------------------------------------------
+
+.text
+.p2align 2
+GCC_ASM_EXPORT(ArmReadIdIsar0)
+
+#/**
+# Reads the ID_AA64ISAR0 Register.
+#
+#**/
+#UINT64
+#EFIAPI
+#ArmReadIdIsar0 (
+# VOID
+# );
+#
+ASM_PFX(ArmReadIdIsar0):
+ mrs x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
+ ret
+
+
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm
new file mode 100644
index 000000000000..1f1d15626cc2
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm
@@ -0,0 +1,28 @@
+;------------------------------------------------------------------------------
+;
+; ArmReadIdIsar0() for AArch64
+;
+; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;------------------------------------------------------------------------------
+
+ EXPORT ArmReadIdIsar0
+ AREA BaseLib_LowLevel, CODE, READONLY
+
+;/**
+; Reads the ID_AA64ISAR0 Register.
+;
+;**/
+;UINT64
+;EFIAPI
+;ArmReadIdIsar0 (
+; VOID
+; );
+;
+ArmReadIdIsar0
+ mrs x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
+ ret
+
+ END
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmRng.S b/MdePkg/Library/BaseLib/AArch64/ArmRng.S
new file mode 100644
index 000000000000..fc2adb660d21
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmRng.S
@@ -0,0 +1,51 @@
+#------------------------------------------------------------------------------
+#
+# ArmRndr() and ArmRndrrs() for AArch64
+#
+# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#------------------------------------------------------------------------------
+
+#include "BaseLibInternals.h"
+
+.text
+.p2align 2
+GCC_ASM_EXPORT(ArmRndr)
+GCC_ASM_EXPORT(ArmRndrrs)
+
+#/**
+# Generates a random number using RNDR.
+# Returns TRUE on success; FALSE on failure.
+#
+#**/
+#BOOLEAN
+#EFIAPI
+#ArmRndr (
+# OUT UINT64 *Rand
+# );
+#
+ASM_PFX(ArmRndr):
+ mrs x1, RNDR
+ str x1, [x0]
+ cset x0, ne // RNDR sets NZCV to 0b0100 on failure
+ ret
+
+
+#/**
+# Generates a random number using RNDRRS
+# Returns TRUE on success; FALSE on failure.
+#
+#**/
+#BOOLEAN
+#EFIAPI
+#ArmRndrrs (
+# OUT UINT64 *Rand
+# );
+#
+ASM_PFX(ArmRndrrs):
+ mrs x1, RNDRRS
+ str x1, [x0]
+ cset x0, ne // RNDRRS sets NZCV to 0b0100 on failure
+ ret
diff --git a/MdePkg/Library/BaseLib/AArch64/ArmRng.asm b/MdePkg/Library/BaseLib/AArch64/ArmRng.asm
new file mode 100644
index 000000000000..ed8d1a81bdfe
--- /dev/null
+++ b/MdePkg/Library/BaseLib/AArch64/ArmRng.asm
@@ -0,0 +1,55 @@
+;------------------------------------------------------------------------------
+;
+; ArmRndr() and ArmRndrrs() for AArch64
+;
+; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;------------------------------------------------------------------------------
+
+#include "BaseLibInternals.h"
+
+ EXPORT ArmRndr
+ EXPORT ArmRndrrs
+ AREA BaseLib_LowLevel, CODE, READONLY
+
+
+;/**
+; Generates a random number using RNDR.
+; Returns TRUE on success; FALSE on failure.
+;
+;**/
+;BOOLEAN
+;EFIAPI
+;ArmRndr (
+; OUT UINT64 *Rand
+; );
+;
+ArmRndr
+ mrs x1, RNDR
+ str x1, [x0]
+ cset x0, ne // RNDR sets NZCV to 0b0100 on failure
+ ret
+
+ END
+
+;/**
+; Generates a random number using RNDRRS.
+; Returns TRUE on success; FALSE on failure.
+;
+;**/
+;BOOLEAN
+;EFIAPI
+;ArmRndrrs (
+; OUT UINT64 *Rand
+; );
+;
+ArmRndrrs
+ mrs x1, RNDRRS
+ str x1, [x0]
+ cset x0, ne // RNDRRS sets NZCV to 0b0100 on failure
+ ret
+
+ END
+
--
2.26.2


[PATCH 0/3] MdePkg,SecurityPkg: Update BaseRngLib and RngDxe to support ARMv8.5 FEAT_RNG

Rebecca Cran <rebecca@...>
 

This is the RngLib|RNDR implementation from page 11 of the "Proposed
update to RNG implementation" presentation from Ard and Sami.

The presentation can be found at:
https://edk2.groups.io/g/devel/files/Designs/2021/0116/EDKII%20-%20Proposed%20update%20to%20RNG%20implementation.pdf

Rebecca Cran (3):
MdePkg/BaseLib: Add support for ARMv8.5 RNG instructions
MdePkg: Refactor BaseRngLib to support AARCH64 in addition to X86
SecurityPkg: Add support for RngDxe on AARCH64

MdePkg/MdePkg.dec | 9 +-
MdePkg/MdePkg.dsc | 4 +-
SecurityPkg/SecurityPkg.dsc | 11 +-
MdePkg/Library/BaseLib/BaseLib.inf | 4 +
MdePkg/Library/BaseRngLib/BaseRngLib.inf | 16 ++-
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 19 ++-
MdePkg/Include/Library/BaseLib.h | 47 ++++++++
MdePkg/Library/BaseLib/BaseLibInternals.h | 6 +
MdePkg/Library/BaseRngLib/BaseRngLibInternals.h | 31 +++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h | 37 ++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h | 0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h | 0
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | 88 ++++++++++++++
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 121 ++++++++++++++++++++
MdePkg/Library/BaseRngLib/BaseRng.c | 55 +++------
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 103 +++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c | 54 +++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 108 +++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c | 0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c | 0
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 120 +++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 117 ++++---------------
MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S | 29 +++++
MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm | 28 +++++
MdePkg/Library/BaseLib/AArch64/ArmRng.S | 51 +++++++++
MdePkg/Library/BaseLib/AArch64/ArmRng.asm | 55 +++++++++
MdePkg/Library/BaseRngLib/BaseRngLib.uni | 6 +-
27 files changed, 961 insertions(+), 158 deletions(-)
create mode 100644 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h (100%)
rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h (100%)
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
create mode 100644 MdePkg/Library/BaseRngLib/AArch64/Rndr.c
create mode 100644 MdePkg/Library/BaseRngLib/Rand/RdRand.c
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c (100%)
rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c (100%)
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.S
create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmReadIdIsar0.asm
create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmRng.S
create mode 100644 MdePkg/Library/BaseLib/AArch64/ArmRng.asm

--
2.26.2


Re: IA32 CI builds failing at "Add additional i386 packages"

Michael D Kinney
 

Hi Rebecca,

I saw this on a personal PR for me this morning too.

I am investigating a solution.

Mike

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Rebecca Cran
Sent: Wednesday, April 28, 2021 11:42 AM
To: devel@edk2.groups.io; Bret Barkelew <Bret.Barkelew@...>; Sean Brogan <sean.brogan@...>
Subject: [edk2-devel] IA32 CI builds failing at "Add additional i386 packages"

I submitted a private build PR
(https://github.com/tianocore/edk2/pull/1608) and it has failed checks
because the "Add additional i386 packages" step is failing in IA32 builds.


https://dev.azure.com/tianocore/edk2-ci/_build/results?buildId=22532&view=logs&jobId=af1b9c29-0151-521b-1cd5-
62de40828ed7&j=94ff8f78-fa10-5da4-511e-45f4b0f2c979&t=52ca6e1b-3afe-5fc0-a333-1408d0ca13a1


2021-04-28T18:35:43.5274562Z Building dependency tree...
2021-04-28T18:35:43.5296479Z Reading state information...
2021-04-28T18:35:43.7201698Z Some packages could not be installed. This
may mean that you have
2021-04-28T18:35:43.7202690Z requested an impossible situation or if you
are using the unstable
2021-04-28T18:35:43.7203955Z distribution that some required packages
have not yet been created
2021-04-28T18:35:43.7204631Z or been moved out of Incoming.
2021-04-28T18:35:43.7205329Z The following information may help to
resolve the situation:
2021-04-28T18:35:43.7205746Z
2021-04-28T18:35:43.7206318Z The following packages have unmet dependencies:
2021-04-28T18:35:43.7911080Z libc6-dev:i386 : Depends: libc6:i386 (=
2.27-3ubuntu1.4) but it is not going to be installed
2021-04-28T18:35:43.7926666Z libx11-dev:i386 : Depends: libx11-6:i386
(= 2:1.6.4-3ubuntu0.3) but it is not going to be installed
2021-04-28T18:35:43.7928178Z Depends: libxau-dev:i386
(>= 1:1.0.0-1) but it is not going to be installed
2021-04-28T18:35:43.7929680Z Depends:
libxdmcp-dev:i386 (>= 1:1.0.0-1) but it is not going to be installed
2021-04-28T18:35:43.7931052Z Depends:
libxcb1-dev:i386 but it is not going to be installed
2021-04-28T18:35:43.7932420Z libxext-dev:i386 : Depends: libxext6:i386
(= 2:1.3.3-1) but it is not going to be installed
2021-04-28T18:35:43.8330612Z E: Unable to correct problems, you have
held broken packages.
2021-04-28T18:35:43.8358606Z ##[debug]Exit code 100 received from tool
'/bin/bash'
2021-04-28T18:35:43.8362549Z ##[debug]STDIO streams have closed for tool
'/bin/bash'
2021-04-28T18:35:43.8408313Z ##[error]Bash exited with code '100'.
2021-04-28T18:35:43.8416968Z ##[debug]Processed: ##vso[task.issue
type=error;]Bash exited with code '100'.
2021-04-28T18:35:43.8417767Z ##[debug]task result: Failed
2021-04-28T18:35:43.8419529Z ##[debug]Processed: ##vso[task.complete
result=Failed;done=true;]
2021-04-28T18:35:43.8441820Z ##[section]Finishing: Add additional i386
packages


--
Rebecca Cran




Re: [PATCH v2 4/4] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES

Lendacky, Thomas
 

On 4/28/21 12:51 PM, Laszlo Ersek via groups.io wrote:
I'm going to ask for v3 after all:

On 04/27/21 18:21, Lendacky, Thomas wrote:
From: Tom Lendacky <thomas.lendacky@...>

BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3345&;data=04%7C01%7Cthomas.lendacky%40amd.com%7C3c65ebfe044e4f3eb5b808d90a6e5455%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637552291252644310%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=G1GwQc6sZqRuNHWC5vbdb78gCOl4YkAq%2BHi0F0ceucg%3D&amp;reserved=0

During PEI, the MMIO range for the TPM is marked as encrypted when running
as an SEV guest. While this isn't an issue for an SEV guest because of
the way the nested page fault is handled, it does result in an SEV-ES
guest terminating because of a mitigation check in the #VC handler to
prevent MMIO to an encrypted address. For an SEV-ES guest, this range
must be marked as unencrypted.

Create a new x86 PEIM for TPM support that will map the TPM MMIO range as
unencrypted when SEV-ES is active. The gOvmfTpmMmioAccessiblePpiGuid PPI
will be unconditionally installed before exiting. The PEIM will exit with
the EFI_ABORTED status so that the PEIM does not stay resident.
(1) Please spell out that the new PEIM will depend on the installation
of the permanent PEI RAM, by PlatformPei -- the reason being that, in
case page table splitting proves necessary for clearing the C-bit, the
new page table(s) should be allocated from permanent PEI RAM.
Will do.




The OVMF Tcg2Config PEIM will add the gOvmfTpmMmioAccessiblePpiGuid as a
Depex for IA32 and X64 builds so that the MMIO range is properly mapped
for SEV-ES before the Tcg2Config PEIM is loaded.
(2) The Tcg2Config depex change should be a separate patch -- the last
patch in the series. That covers both the Tcg2Config hunk in the patch
body, and this commit message paragraph right here.
Ok, I'll split that out.



(3) While at it: those parts of this patch that are *not* related to the
Tcg2Config PEIM can be squashed into the previous patch -- if you prefer
that.

I'm certainly happy with three separate patches though: for the DEC
file, for TpmMmioSevDecryptPei + the DSC/FDF files, and finally the
Tcg2Config PEIM. So in total the series should include 4 or 5 patches
(up to you).
I'll do it as 5 patches.




Update all OVMF Ia32 and X64 build packages to include this new PEIM.

Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Min Xu <min.m.xu@...>
Cc: Marc-Andr?? Lureau <marcandre.lureau@...>
(4) Marc-André's name is garbled here too.

The following git config options are related:

- For encoding non-ASCII characters in git commits, the
"i18n.commitencoding" knob is relevant. Almost universally, this should
be "UTF-8" (assuming your text editor used for composing commit messages
produces UTF-8-encoded files).

- For formatting commits to patch emails, "i18n.logOutputEncoding"
matters. This should *always* be "UTF-8", when git-format-patch is invoked.
We were having problems with sending patches via git-format-patch and
git-send-email and our email system. Likely some left over .gitconfig
entries that are causing the problem. I'll double check everything.



Cc: Stefan Berger <stefanb@...>
Signed-off-by: Tom Lendacky <thomas.lendacky@...>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 2 +-
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf | 40 +++++++++++
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c | 76 ++++++++++++++++++++
11 files changed, 125 insertions(+), 1 deletion(-)
Right, skipping Bhyve is justified, per your previous report /
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3354&;data=04%7C01%7Cthomas.lendacky%40amd.com%7C3c65ebfe044e4f3eb5b808d90a6e5455%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637552291252644310%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=HPF7LTIV17CwZ%2BCFehXpnPb%2BtQCgpFPvLsVqfNj9HBI%3D&amp;reserved=0>.


diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cdb29d53142d..5a5246c64bf7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -627,6 +627,7 @@ [Components]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
(5) Functionally correct, but it reads more nicely (from a logical
dependency POV) if we place the new PEIM first.

(Please apply to the rest of the DSC files, and the FDF files too.)
Ok, I was going with the alphabetical placement. I'll switch it up.



diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 1730b6558b5c..a33c14c673a0 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -707,6 +707,7 @@ [Components]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 78a559da0d0b..a4ff7ed44705 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -720,6 +720,7 @@ [Components.IA32]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index a7d747f6b4ab..3fb56b3f9ff9 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -719,6 +719,7 @@ [Components]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c0098502aa90..ab58a9c0b4da 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -148,6 +148,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index f400c845b9c9..fc0ae1f280df 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index d055552fd09f..306fc5a9b60d 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index d519f8532822..22c8664427d6 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -175,6 +175,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index 6776ec931ce0..39d1deeed16b 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -57,7 +57,7 @@ [Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES

[Depex.IA32, Depex.X64]
- TRUE
+ gOvmfTpmMmioAccessiblePpiGuid

[Depex.ARM, Depex.AARCH64]
gOvmfTpmDiscoveredPpiGuid
diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
new file mode 100644
index 000000000000..926113b8ffb0
--- /dev/null
+++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
@@ -0,0 +1,40 @@
+## @file
+# Map TPM MMIO range unencrypted when SEV is active
(6) Please add another sentence here: "Install
gOvmfTpmMmioAccessiblePpiGuid unconditionally".
Will do.



+#
+# Copyright (C) 2021, Advanced Micro Devices, Inc.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
(7) The latest INF spec version is 1.29:

https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FEDK-II-Draft-Specification&;data=04%7C01%7Cthomas.lendacky%40amd.com%7C3c65ebfe044e4f3eb5b808d90a6e5455%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637552291252644310%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=AXuQkvUSwLjEyZiwivQQaUwTaY7Mo0wLSHUf8QKNLC8%3D&amp;reserved=0
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftianocore-docs.github.io%2Fedk2-InfSpecification%2Fdraft%2F&;data=04%7C01%7Cthomas.lendacky%40amd.com%7C3c65ebfe044e4f3eb5b808d90a6e5455%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637552291252644310%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=YUHs6g5aMPWBjCNjcZPKnTSEs2gBazDX094nqj9qpnE%3D&amp;reserved=0

plus INF_VERSION no longer requires a binary-only (hex-only) format. So
please just write "1.29".
Will do.



+ BASE_NAME = TpmMmioSevDecryptPei
+ FILE_GUID = F12F698A-E506-4A1B-B32E-6920E55DA1C4
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ ENTRY_POINT = TpmMmioSevDecryptPeimEntryPoint
+
+[Sources]
+ TpmMmioSevDecryptPeim.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ SecurityPkg/SecurityPkg.dec
(8) Is MdeModulePkg necessary?
I don't think so. Let me double check it.



+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ MemEncryptSevLib
+ PeimEntryPoint
+ PeiServicesLib
+
+[Ppis]
+ gOvmfTpmMmioAccessiblePpiGuid ## PRODUCES
+
+[FixedPcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
+
+[Depex]
+ gEfiPeiMemoryDiscoveredPpiGuid
diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c
new file mode 100644
index 000000000000..dd1f1a80b5b0
--- /dev/null
+++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c
@@ -0,0 +1,76 @@
+/** @file
+ Map TPM MMIO range unencrypted when SEV is active
(9) Same request as (6) -- please add another sentence: "Install
gOvmfTpmMmioAccessiblePpiGuid unconditionally".
Will do.


+
+ Copyright (C) 2021, Advanced Micro Devices, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+
+#include <PiPei.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemEncryptSevLib.h>
+#include <Library/PeiServicesLib.h>
(10) This Library #include list does not match the [LibraryClasses]
section of the INF file (the PeimEntryPoint class apart, which should
indeed only be in the INF file). In other words, BaseLib appears
superfluous in the INF file.
Ok, let me check on that and fix as appropriate.



+
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmMmioRangeAccessible = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gOvmfTpmMmioAccessiblePpiGuid,
+ NULL
+};
+
+/**
+ The entry point for TPM MMIO range mapping driver.
+
+ @param[in] FileHandle Handle of the file being invoked.
+ @param[in] PeiServices Describes the list of possible PEI Services.
+
+ @retval EFI_ABORTED No need to keep this PEIM resident
+**/
+EFI_STATUS
+EFIAPI
+TpmMmioSevDecryptPeimEntryPoint (
+ IN EFI_PEI_FILE_HANDLE FileHandle,
+ IN CONST EFI_PEI_SERVICES **PeiServices
+ )
+{
+ RETURN_STATUS DecryptStatus;
+ EFI_STATUS Status;
+
+ DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
+
+ //
+ // If SEV or SEV-ES is active, MMIO succeeds against an encrypted physical
+ // address because the nested page fault (NPF) that occurs on access does not
+ // include the encryption bit in the guest physical address provided to the
+ // hypervisor.
+ //
+ // However, if SEV-ES is active, before performing the actual MMIO, an
+ // additional MMIO mitigation check is performed in the #VC handler to ensure
+ // that MMIO is being done to an unencrypted address. To prevent guest
+ // termination in this scenario, mark the range unencrypted ahead of access.
+ //
Lovely comment, thanks!

+ if (MemEncryptSevEsIsEnabled ()) {
+ DEBUG ((DEBUG_INFO, "%a: mapping TPM MMIO address range unencrypted\n", __FUNCTION__));
+
+ DecryptStatus = MemEncryptSevClearPageEncMask (
+ 0,
+ PcdGet64 (PcdTpmBaseAddress),
(11) The INF file says [FixedPcd], so it would be cleanest to say
FixedPcdGet64() here.
Will do.



(12) PcdLib is missing from both the [LibraryClasses] section and the
#include directives.
Right, I'll update that.



+ EFI_SIZE_TO_PAGES ((UINTN) 0x5000),
+ FALSE
+ );
+
+ if (RETURN_ERROR (DecryptStatus)) {
+ DEBUG ((DEBUG_INFO, "%a: failed to map TPM MMIO address range unencrypted\n", __FUNCTION__));
(13) Overlong line.
Ok, I'll change that. I though that was ok now since PatchCheck.py didn't
complain.



(14) Please report errors with DEBUG_ERROR.
Yup, will change.

Thanks,
Tom



+ ASSERT_RETURN_ERROR (DecryptStatus);
+ }
+ }
+
+ //
+ // MMIO range available
+ //
+ Status = PeiServicesInstallPpi (&mTpmMmioRangeAccessible);
+ ASSERT_EFI_ERROR (Status);
+
+ return EFI_ABORTED;
+}
Thanks!
Laszlo






Re: [PATCH v2 3/4] OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability

Lendacky, Thomas
 

On 4/28/21 12:15 PM, Laszlo Ersek wrote:
On 04/28/21 19:12, Laszlo Ersek wrote:
On 04/27/21 18:21, Lendacky, Thomas wrote:
From: Tom Lendacky <thomas.lendacky@...>

Define a new PPI GUID that is to be used as a signal of when it is safe
to access the TPM MMIO range. This is needed so that, when SEV is active,
the MMIO range can be mapped unencrypted before it is accessed.

Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Min Xu <min.m.xu@...>
Cc: Marc-Andr?? Lureau <marcandre.lureau@...>
(1) Marc-André's name is garbled here, but I can fix it up.
Sorry about that, looks like my email system didn't like the accent
symbol. I'll look into that and see if I can't fix it (it could also be my
.gitconfig).

Thanks,
Tom


Thanks
Laszlo

Cc: Stefan Berger <stefanb@...>
Signed-off-by: Tom Lendacky <thomas.lendacky@...>
---
OvmfPkg/OvmfPkg.dec | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 9629707020ba..6ae733f6e39f 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -128,6 +128,10 @@ [Ppis]
# has been discovered and recorded
gOvmfTpmDiscoveredPpiGuid = {0xb9a61ad0, 0x2802, 0x41f3, {0xb5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}}

+ # This PPI signals that accessing the MMIO range of the TPM is possible in
+ # the PEI phase, regardless of memory encryption
+ gOvmfTpmMmioAccessiblePpiGuid = {0x35c84ff2, 0x7bfe, 0x453d, {0x84, 0x5f, 0x68, 0x3a, 0x49, 0x2c, 0xf7, 0xb7}}
+
[Protocols]
gVirtioDeviceProtocolGuid = {0xfa920010, 0x6785, 0x4941, {0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}}
gXenBusProtocolGuid = {0x3d3ca290, 0xb9a5, 0x11e3, {0xb7, 0x5d, 0xb8, 0xac, 0x6f, 0x7d, 0x65, 0xe6}}
Reviewed-by: Laszlo Ersek <lersek@...>


Re: [PATCH 3/3] OvmfPkg/PlatformPei: Mark TPM MMIO range as unencrypted for SEV

Lendacky, Thomas
 

On 4/28/21 11:12 AM, Laszlo Ersek wrote:
On 04/27/21 16:58, Tom Lendacky wrote:
On 4/26/21 9:21 AM, Tom Lendacky wrote:
On 4/26/21 7:07 AM, Laszlo Ersek wrote:
On 04/23/21 22:02, Tom Lendacky wrote:
1. SEV works with the current encrypted mapping, it is only the SEV-ES
support that fails because of the ValidateMmioMemory() check. I can do
the mapping change just for SEV-ES since it is X64 only. This works,
because MemEncryptSevClearPageEncMask() will not return UNSUPPORTED
when running in 64-bit.
Can we really say "SEV works" though? Because, even using an X64 PEI
phase, and enabling only SEV (not SEV-ES), TPM access will be broken in
the PEI phase. Is my understanding correct?
Because the memory range is marked as MMIO, we'll take a nested page fault
(NPF). The GPA passed as part of the NPF does not include the c-bit. So we
do in fact work properly with a TPM in SEV.
Thanks for the explanation.

Here's what bothers me about it:

In AmdSevDxe, we clear the C-bit from MMIO and NonExistent areas in the
GCD memory space map. This occurs early in the DXE phase (see "APRIORI
DXE" in the FDF files). The justification is that we want the flash and
(for example) the PCI MMIO apertures decrypted.

Now, I realize there is a difference between flash and TPM. TPM is
purely MMIO (no KVM memslot), but flash (when it is not in programming
mode) is backed by a read-only KVM memslot. IOW, flash is "actual
memory", and so it is affected by SEV. TPM is never "actual memory", so
(according to your explanation, AIUI) it always traps to QEMU, per
access, and the C-bit doesn't interfere with that.

This is consistent with two facts about OVMF's PEI phase:

- We use IO Port-based fw_cfg (never DMA), if SEV is enabled (see
"QemuFwCfgPei.c").

- We access PCI config space via IO Ports (0xCF8, 0xCFC), never ECAM.
(This was not motivated by SEV, see commit 7523788faa51, but it does
play nice with SEV, in the PEI phase -- I think?)

What I'm confused about, now, in retrospect, is the reference to the PCI
MMIO aperture, in AmdSevDxe. If that area isn't backed by a KVM memslot
*either* -- similarly to the TPM area --, then decrypting *that* in
AmdSevDxe (via "nonexistent") is not strictly necessary. Is that correct?
It is necessary for (and was added for) SEV-ES. The explicit mapping of
the PCI MMCONFIG range as unencrypted was added for SEV-ES so that the
SEV-ES mitigation would not terminate the guest because MMIO was being
performed against an encrypted address.

There's a nice comment in OvmfPkg/PlatformPei/Platform.c that talks about
how the MMCONFIG range is not added as MMIO, but instead as reserved
memory. Because of that, the loop through the memory space map in
AmdSevDxe.c does not mark the MMCONFIG range as unencrypted.


I'm not asking for any code changes, just trying to form a consistent view.

Another question (still for "base SEV"): when OVMF is built with
SMM_REQUIRE, PlatformPei performs a (read-only) variable access. See the
ReadOnlyVariable2->GetVariable() call in the RefreshMemTypeInfo()
function. When SEV is active, does control reach RefreshMemTypeInfo() on
your end? And does ReadOnlyVariable2->GetVariable() succeed for you?

(There is a DEBUG_VERBOSE message in OnReadOnlyVariable2Available(), and
a DEBUG_ERROR in RefreshMemTypeInfo(), so the above questions can be
answered just from the log; no need to modify the code for that.)
Yes, control reaches that point. But, notably, with a legacy VM I see the
following messages:
RefreshMemTypeInfo: GetVariable(): Not Found

But with an SEV VM I see:
Firmware Volume for Variable Store is corrupted
RefreshMemTypeInfo: GetVariable(): Not Found

So I get the "Not Found" in both cases. But with SEV, I see the
"corrupted" message from InitRealNonVolatileVariableStore() in
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.c. I
imagine that since the range is marked encrypted, it reads the header
incorrectly and fails.

Thanks,
Tom


Basically, with SEV enabled, I expect ReadOnlyVariable2->GetVariable()
to fail -- or even to remain unreached, as FaultTolerantWritePei and
VariablePei could bail out earlier (before installing the Variable PPI),
due to failing flash accesses. In case I'm *not* wrong -- it's not the
end of the world, I'm only asking this question too for the sake of
clarifying "C-bit vs. MMIO".

More or less it seems to boil down to whether there is a KVM memslot or
not -- which is *not* equivalent to OVMF considering the area MMIO or not.


SEV-ES would also work
properly if the mitigation for accessing an encrypted address was removed
from the #VC handler. It is only this added mitigation to protect MMIO
that results in an issue with the TPM in PEI.
So I'm thinking that I can have TpmMmioSevDecryptPeim.c do this:

//
// If SEV or SEV-ES is active, MMIO succeeds against an encrypted physical
// address because the nested page fault (NPF) that occurs on access does not
// include the encryption bit in the guest physical address provided to the
// hypervisor.
//
// However, if SEV-ES is active, before performing the actual MMIO, an
// additional MMIO mitigation check is performed in the #VC handler to ensure
// that MMIO is being done to an unencrypted address. To prevent guest
// termination in this scenario, mark the range unencrypted ahead of access.
//
if (MemEncryptSevEsIsEnabled ()) {
// Do MemEncryptSevClearPageEncMask() ...
}

Let me submit the next version with this and see what you think.
Yep, I'll review that now.

Thanks
Laszlo


Thanks,
Tom



I think the behavior you currently see is actually what we want, we
should double down on it -- if MemEncryptSevClearPageEncMask() fails,
report an explicit DEBUG_ERROR, and call CpuDeadLoop(). If the firmware
is built with TPM_ENABLE, and SEV is active, then an IA32 PEI phase is
simply unusable. Silently pretending that the TPM is not there, even
though it may have been configured on the QEMU command line, we just
failed to communicate with it, is not a good idea, IMO.
However, because the c-bit is not part of the NPF, we do communicate
successfully with the TPM.

So we could actually do following:
- For IA32:
- Remove the Depex on gOvmfTpmMmioAccessiblePpiGuid
- Do not add OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf

- For X64:
- Add the Depex on gOvmfTpmMmioAccessiblePpiGuid
- Add OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf

That might be confusing, though. So we could just do option #3 below.

Thanks,
Tom


This is somewhat similar IMO to the S3Verification() function in
"OvmfPkg/PlatformPei/Platform.c".

TPM_ENABLE, SEV, IA32 PEI phase: pick any two.

Thanks,
Laszlo


2. Call MemEncryptSevClearPageEncMask() for SEV or SEV-ES, but don't check
the return status.

3. Create Ia32 and X64 versions of internal functions, where the Ia32
version simply returns SUCCESS because it can't do anything and the X64
version calls MemEncryptSevClearPageEncMask(), allowing the main code
to ASSERT on any errors.

I'm leaning towards #1, because this is an SEV-ES only issue. Thoughts?

Thanks,
Tom


One thing I found is that the Bhyve package makes reference to the
OvmfPkg/Bhyve/Tcg directory, but that directory does not exist. So I don't
think that TPM enablement has been tested. I didn't update the Bhyve
support for that reason.

Thanks,
Tom

Thanks!
Laszlo


IA32 CI builds failing at "Add additional i386 packages"

Rebecca Cran <rebecca@...>
 

I submitted a private build PR (https://github.com/tianocore/edk2/pull/1608) and it has failed checks because the "Add additional i386 packages" step is failing in IA32 builds.


https://dev.azure.com/tianocore/edk2-ci/_build/results?buildId=22532&view=logs&jobId=af1b9c29-0151-521b-1cd5-62de40828ed7&j=94ff8f78-fa10-5da4-511e-45f4b0f2c979&t=52ca6e1b-3afe-5fc0-a333-1408d0ca13a1


2021-04-28T18:35:43.5274562Z Building dependency tree...
2021-04-28T18:35:43.5296479Z Reading state information...
2021-04-28T18:35:43.7201698Z Some packages could not be installed. This may mean that you have
2021-04-28T18:35:43.7202690Z requested an impossible situation or if you are using the unstable
2021-04-28T18:35:43.7203955Z distribution that some required packages have not yet been created
2021-04-28T18:35:43.7204631Z or been moved out of Incoming.
2021-04-28T18:35:43.7205329Z The following information may help to resolve the situation:
2021-04-28T18:35:43.7205746Z
2021-04-28T18:35:43.7206318Z The following packages have unmet dependencies:
2021-04-28T18:35:43.7911080Z libc6-dev:i386 : Depends: libc6:i386 (= 2.27-3ubuntu1.4) but it is not going to be installed
2021-04-28T18:35:43.7926666Z libx11-dev:i386 : Depends: libx11-6:i386 (= 2:1.6.4-3ubuntu0.3) but it is not going to be installed
2021-04-28T18:35:43.7928178Z Depends: libxau-dev:i386 (>= 1:1.0.0-1) but it is not going to be installed
2021-04-28T18:35:43.7929680Z Depends: libxdmcp-dev:i386 (>= 1:1.0.0-1) but it is not going to be installed
2021-04-28T18:35:43.7931052Z Depends: libxcb1-dev:i386 but it is not going to be installed
2021-04-28T18:35:43.7932420Z libxext-dev:i386 : Depends: libxext6:i386 (= 2:1.3.3-1) but it is not going to be installed
2021-04-28T18:35:43.8330612Z E: Unable to correct problems, you have held broken packages.
2021-04-28T18:35:43.8358606Z ##[debug]Exit code 100 received from tool '/bin/bash'
2021-04-28T18:35:43.8362549Z ##[debug]STDIO streams have closed for tool '/bin/bash'
2021-04-28T18:35:43.8408313Z ##[error]Bash exited with code '100'.
2021-04-28T18:35:43.8416968Z ##[debug]Processed: ##vso[task.issue type=error;]Bash exited with code '100'.
2021-04-28T18:35:43.8417767Z ##[debug]task result: Failed
2021-04-28T18:35:43.8419529Z ##[debug]Processed: ##vso[task.complete result=Failed;done=true;]
2021-04-28T18:35:43.8441820Z ##[section]Finishing: Add additional i386 packages


--
Rebecca Cran


Re: [PATCH v2 4/4] OvmfPkg/Tcg2ConfigPei: Mark TPM MMIO range as unencrypted for SEV-ES

Laszlo Ersek
 

I'm going to ask for v3 after all:

On 04/27/21 18:21, Lendacky, Thomas wrote:
From: Tom Lendacky <thomas.lendacky@...>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345

During PEI, the MMIO range for the TPM is marked as encrypted when running
as an SEV guest. While this isn't an issue for an SEV guest because of
the way the nested page fault is handled, it does result in an SEV-ES
guest terminating because of a mitigation check in the #VC handler to
prevent MMIO to an encrypted address. For an SEV-ES guest, this range
must be marked as unencrypted.

Create a new x86 PEIM for TPM support that will map the TPM MMIO range as
unencrypted when SEV-ES is active. The gOvmfTpmMmioAccessiblePpiGuid PPI
will be unconditionally installed before exiting. The PEIM will exit with
the EFI_ABORTED status so that the PEIM does not stay resident.
(1) Please spell out that the new PEIM will depend on the installation
of the permanent PEI RAM, by PlatformPei -- the reason being that, in
case page table splitting proves necessary for clearing the C-bit, the
new page table(s) should be allocated from permanent PEI RAM.



The OVMF Tcg2Config PEIM will add the gOvmfTpmMmioAccessiblePpiGuid as a
Depex for IA32 and X64 builds so that the MMIO range is properly mapped
for SEV-ES before the Tcg2Config PEIM is loaded.
(2) The Tcg2Config depex change should be a separate patch -- the last
patch in the series. That covers both the Tcg2Config hunk in the patch
body, and this commit message paragraph right here.


(3) While at it: those parts of this patch that are *not* related to the
Tcg2Config PEIM can be squashed into the previous patch -- if you prefer
that.

I'm certainly happy with three separate patches though: for the DEC
file, for TpmMmioSevDecryptPei + the DSC/FDF files, and finally the
Tcg2Config PEIM. So in total the series should include 4 or 5 patches
(up to you).



Update all OVMF Ia32 and X64 build packages to include this new PEIM.

Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Min Xu <min.m.xu@...>
Cc: Marc-Andr?? Lureau <marcandre.lureau@...>
(4) Marc-André's name is garbled here too.

The following git config options are related:

- For encoding non-ASCII characters in git commits, the
"i18n.commitencoding" knob is relevant. Almost universally, this should
be "UTF-8" (assuming your text editor used for composing commit messages
produces UTF-8-encoded files).

- For formatting commits to patch emails, "i18n.logOutputEncoding"
matters. This should *always* be "UTF-8", when git-format-patch is invoked.


Cc: Stefan Berger <stefanb@...>
Signed-off-by: Tom Lendacky <thomas.lendacky@...>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 2 +-
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf | 40 +++++++++++
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c | 76 ++++++++++++++++++++
11 files changed, 125 insertions(+), 1 deletion(-)
Right, skipping Bhyve is justified, per your previous report /
<https://bugzilla.tianocore.org/show_bug.cgi?id=3354>.


diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cdb29d53142d..5a5246c64bf7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -627,6 +627,7 @@ [Components]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
(5) Functionally correct, but it reads more nicely (from a logical
dependency POV) if we place the new PEIM first.

(Please apply to the rest of the DSC files, and the FDF files too.)


diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 1730b6558b5c..a33c14c673a0 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -707,6 +707,7 @@ [Components]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 78a559da0d0b..a4ff7ed44705 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -720,6 +720,7 @@ [Components.IA32]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index a7d747f6b4ab..3fb56b3f9ff9 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -719,6 +719,7 @@ [Components]

!if $(TPM_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c0098502aa90..ab58a9c0b4da 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -148,6 +148,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index f400c845b9c9..fc0ae1f280df 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index d055552fd09f..306fc5a9b60d 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -163,6 +163,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index d519f8532822..22c8664427d6 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -175,6 +175,7 @@ [FV.PEIFV]

!if $(TPM_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index 6776ec931ce0..39d1deeed16b 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -57,7 +57,7 @@ [Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES

[Depex.IA32, Depex.X64]
- TRUE
+ gOvmfTpmMmioAccessiblePpiGuid

[Depex.ARM, Depex.AARCH64]
gOvmfTpmDiscoveredPpiGuid
diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
new file mode 100644
index 000000000000..926113b8ffb0
--- /dev/null
+++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
@@ -0,0 +1,40 @@
+## @file
+# Map TPM MMIO range unencrypted when SEV is active
(6) Please add another sentence here: "Install
gOvmfTpmMmioAccessiblePpiGuid unconditionally".


+#
+# Copyright (C) 2021, Advanced Micro Devices, Inc.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
(7) The latest INF spec version is 1.29:

https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Draft-Specification
https://tianocore-docs.github.io/edk2-InfSpecification/draft/

plus INF_VERSION no longer requires a binary-only (hex-only) format. So
please just write "1.29".


+ BASE_NAME = TpmMmioSevDecryptPei
+ FILE_GUID = F12F698A-E506-4A1B-B32E-6920E55DA1C4
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ ENTRY_POINT = TpmMmioSevDecryptPeimEntryPoint
+
+[Sources]
+ TpmMmioSevDecryptPeim.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ SecurityPkg/SecurityPkg.dec
(8) Is MdeModulePkg necessary?


+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ MemEncryptSevLib
+ PeimEntryPoint
+ PeiServicesLib
+
+[Ppis]
+ gOvmfTpmMmioAccessiblePpiGuid ## PRODUCES
+
+[FixedPcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
+
+[Depex]
+ gEfiPeiMemoryDiscoveredPpiGuid
diff --git a/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c
new file mode 100644
index 000000000000..dd1f1a80b5b0
--- /dev/null
+++ b/OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPeim.c
@@ -0,0 +1,76 @@
+/** @file
+ Map TPM MMIO range unencrypted when SEV is active
(9) Same request as (6) -- please add another sentence: "Install
gOvmfTpmMmioAccessiblePpiGuid unconditionally".


+
+ Copyright (C) 2021, Advanced Micro Devices, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+
+#include <PiPei.h>
+
+#include <Library/DebugLib.h>
+#include <Library/MemEncryptSevLib.h>
+#include <Library/PeiServicesLib.h>
(10) This Library #include list does not match the [LibraryClasses]
section of the INF file (the PeimEntryPoint class apart, which should
indeed only be in the INF file). In other words, BaseLib appears
superfluous in the INF file.


+
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmMmioRangeAccessible = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gOvmfTpmMmioAccessiblePpiGuid,
+ NULL
+};
+
+/**
+ The entry point for TPM MMIO range mapping driver.
+
+ @param[in] FileHandle Handle of the file being invoked.
+ @param[in] PeiServices Describes the list of possible PEI Services.
+
+ @retval EFI_ABORTED No need to keep this PEIM resident
+**/
+EFI_STATUS
+EFIAPI
+TpmMmioSevDecryptPeimEntryPoint (
+ IN EFI_PEI_FILE_HANDLE FileHandle,
+ IN CONST EFI_PEI_SERVICES **PeiServices
+ )
+{
+ RETURN_STATUS DecryptStatus;
+ EFI_STATUS Status;
+
+ DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));
+
+ //
+ // If SEV or SEV-ES is active, MMIO succeeds against an encrypted physical
+ // address because the nested page fault (NPF) that occurs on access does not
+ // include the encryption bit in the guest physical address provided to the
+ // hypervisor.
+ //
+ // However, if SEV-ES is active, before performing the actual MMIO, an
+ // additional MMIO mitigation check is performed in the #VC handler to ensure
+ // that MMIO is being done to an unencrypted address. To prevent guest
+ // termination in this scenario, mark the range unencrypted ahead of access.
+ //
Lovely comment, thanks!

+ if (MemEncryptSevEsIsEnabled ()) {
+ DEBUG ((DEBUG_INFO, "%a: mapping TPM MMIO address range unencrypted\n", __FUNCTION__));
+
+ DecryptStatus = MemEncryptSevClearPageEncMask (
+ 0,
+ PcdGet64 (PcdTpmBaseAddress),
(11) The INF file says [FixedPcd], so it would be cleanest to say
FixedPcdGet64() here.


(12) PcdLib is missing from both the [LibraryClasses] section and the
#include directives.


+ EFI_SIZE_TO_PAGES ((UINTN) 0x5000),
+ FALSE
+ );
+
+ if (RETURN_ERROR (DecryptStatus)) {
+ DEBUG ((DEBUG_INFO, "%a: failed to map TPM MMIO address range unencrypted\n", __FUNCTION__));
(13) Overlong line.


(14) Please report errors with DEBUG_ERROR.


+ ASSERT_RETURN_ERROR (DecryptStatus);
+ }
+ }
+
+ //
+ // MMIO range available
+ //
+ Status = PeiServicesInstallPpi (&mTpmMmioRangeAccessible);
+ ASSERT_EFI_ERROR (Status);
+
+ return EFI_ABORTED;
+}
Thanks!
Laszlo

17701 - 17720 of 92217