devel@edk2.groups.io

Description:

Microsoft Teams meeting

Join on your computer or mobile app

Join with a video conferencing device

Video Conference ID: 119 132 712 6

Or call in (audio only)

+1 916-245-6934,,494156131# United States, Sacramento

Phone Conference ID: 494 156 131#

Re: [PATCH V4 3/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib

Min Xu

#83361

Hi, Sami

Please see my comments inline.

+**/

+EFI_STATUS

+EFIAPI

+CcMeasureAndLogData (

+  IN UINT32             PcrIndex,

+  IN UINT32             EventType,

+  IN VOID               *EventLog,

+  IN UINT32             LogLen,

+  IN VOID               *HashData,

+  IN UINT64             HashDataLen

+  )

+{

+  EFI_STATUS                    Status;

+  EFI_CC_MEASUREMENT_PROTOCOL  *CcProtocol;

+  EFI_CC_EVENT                 *EfiCcEvent;

+  UINT32                        MrIndex;

[SAMI] Same comment as in patch 2/3. Is it possible to use the typedef for the measurment register index here, please?

[Min] Thanks for reminder. It will be fixed.

+  Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **) &CcProtocol);

+  if (EFI_ERROR (Status)) {

+    return Status;

+  }

+  Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);

+  if (EFI_ERROR (Status)) {

+    return EFI_INVALID_PARAMETER;

[SAMI] Is it possible to return the error code returned by CcProtocol->MapPcrToMrIndex(), please?

[Min] Sure. It will be updated in the next version.

Thanks

Min_._,_._,_

Event: TianoCore Community Meeting - APAC/NAMO - 11/04/2021 #cal-reminder

devel@edk2.groups.io Calendar <noreply@...>

#83360

Reminder: TianoCore Community Meeting - APAC/NAMO

When:
11/04/2021
7:30pm to 8:30pm
(UTC-07:00) America/Los Angeles

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZWNiZWM1MzgtNWEzMy00MTgwLTgwNjAtNWQ1ZWUwZmQzNjVh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d

Organizer: Soumya Guptha

Description:

Microsoft Teams meeting

Join on your computer or mobile app

Join with a video conferencing device

Video Conference ID: 119 132 712 6

Or call in (audio only)

+1 916-245-6934,,494156131# United States, Sacramento

Phone Conference ID: 494 156 131#

Re: [PATCH V4 2/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib

Min Xu

#83359

Hi, Sami

Please see my comments inline.

Show quoted text

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sami Mujawar
Sent: Tuesday, November 2, 2021 5:43 PM
To: Xu, Min M <min.m.xu@...>; devel@edk2.groups.io
Cc: Kinney, Michael D <michael.d.kinney@...>; Liming Gao <gaoliming@...>; Liu, Zhiguang <zhiguang.liu@...>; Yao, Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>; Gerd Hoffmann <kraxel@...>; nd <nd@...>
Subject: Re: [edk2-devel] [PATCH V4 2/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib

+/**

+  Create CcEvent from Tcg2Event.

+  CcEvent is similar to Tcg2Event except the MrIndex.

+  @param  CcProtocol  Pointer to the located Cc Measurement protocol instance.

+  @param  Tcg2Event   Pointer to the Tcg2Event.

+  @param  EventSize   Size of the Event.

+  @param  EfiCcEvent  The created CcEvent

+  @retval EFI_SUCCESS           Successfully create the CcEvent

+  @retval EFI_INVALID_PARAMETER The input parameter is invalid

+  @retval EFI_UNSUPPORTED       The input PCRIndex cannot be mapped to Cc MR

+  @retval EFI_OUT_OF_RESOURCES  Out of resource

+**/

+EFI_STATUS

[SAMI] Is EFIAPI needed here?

[Min] EFIAPI is not needed here. From the EDKII C Coding Standards Spec (https://edk2-docs.gitbook.io/edk-ii-c-coding-standards-specification/5_source_files/56_declarations_and_types)

“The EFIAPI modifier must be used for all UEFI defined API functions, as well as for any function that takes a variable number of arguments. All protocol functions as well as public functions exposed by drivers must also be declared EFIAPI. This establishes a common calling convention for functions that could be referenced by other code that has potentially been built using a different compiler, with a different native calling convention”

CreateCcEventFromTcg2Event is only called internally and it will not be exposed outside. So EFIAPI is not needed.

+CreateCcEventFromTcg2Event (

+  IN  EFI_CC_MEASUREMENT_PROTOCOL   *CcProtocol,

+  IN  EFI_TCG2_EVENT                *Tcg2Event,

+  IN  UINT32                        EventSize,

+  IN OUT EFI_CC_EVENT               **EfiCcEvent

+  )

+{

+  UINT32            MrIndex;

[SAMI] I think it may be good to use the typedef for the measurment register index here i.e. EFI_CC_MR_INDEX.

[Min] Thanks for reminder. It will be fixed in the next version.

Thanks

Min_._,_._,_

Re: [PATCH v1] Maintainers.txt: Change SimicsOpenBoardPkg Maintainer

Agyeman, Prince

#83358

Reviewed-by: Prince Agyeman <prince.agyeman@...>

Prince

Show quoted text

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Desimone, Nathaniel L
Sent: Tuesday, November 2, 2021 3:07 PM
To: devel@edk2.groups.io
Cc: Agyeman, Prince <prince.agyeman@...>; Leif Lindholm <leif@...>; Kinney, Michael D <michael.d.kinney@...>
Subject: [edk2-devel] [PATCH v1] Maintainers.txt: Change SimicsOpenBoardPkg Maintainer

To help keep edk2-platforms healthy, I would like to offer to maintain SimicsOpenBoardPkg, SimicsX58SktPkg, and SimicsIch10Pkg. The current maintainer for those packages has changed jobs and is no longer active in the community.

Cc: Agyeman Prince <prince.agyeman@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@...>
---
 Maintainers.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Maintainers.txt b/Maintainers.txt index c839c71b22..8d9d454347 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -235,7 +235,7 @@ M: Chasel Chiu <chasel.chiu@...>
 
 Platform/Intel/SimicsOpenBoardPkg
 F: Platform/Intel/SimicsOpenBoardPkg/
-M: Agyeman Prince <prince.agyeman@...>
+M: Nate DeSimone <nathaniel.l.desimone@...>
 
 Platform/Intel/Tools
 F: Platform/Intel/Tools/
@@ -301,11 +301,11 @@ M: Chasel Chiu <chasel.chiu@...>
 
 Silicon/Intel/SimicsX58SktPkg
 F: Silicon/Intel/SimicsX58SktPkg/
-M: Agyeman Prince <prince.agyeman@...>
+M: Nate DeSimone <nathaniel.l.desimone@...>
 
 Silicon/Intel/SimicsIch10Pkg
 F: Silicon/Intel/SimicsIch10Pkg/
-M: Agyeman Prince <prince.agyeman@...>
+M: Nate DeSimone <nathaniel.l.desimone@...>
 
 Silicon/Intel/Tools
 F: Silicon/Intel/Tools/
--
2.27.0.windows.1

Re: [PATCH V3 14/29] UefiCpuPkg: Enable Tdx support in MpInitLib

Min Xu

#83357

On November 4, 2021 11:21 PM, Tom Lendacky wrote:
On 11/4/21 3:10 AM, Gerd Hoffmann wrote:
On Wed, Nov 03, 2021 at 12:57:37PM +0000, Xu, Min M wrote:
On November 3, 2021 2:09 PM, Gerd Hoffmann wrote:
+++ b/UefiCpuPkg/Library/MpInitLib/X64/IntelTdcall.nasm
@@ -0,0 +1,120 @@
+;-----------------------------------------------------------------
+---
+----------
+;*
+;* Copyright (c) 2020 - 2021, Intel Corporation. All rights
+reserved.<BR>
+;* SPDX-License-Identifier: BSD-2-Clause-Patent
+;*
+;*
+;-----------------------------------------------------------------
+---
+----------
+
+DEFAULT REL
+SECTION .text
+
+%macro tdcall 0
+    db 0x66,0x0f,0x01,0xcc
+%endmacroHmm, could you just use TdxLib instead of bringing your own copy of
the assembler code?My initial thought was to include TdxLib in the .dsc as little as
possible. For example, DxeMpInitLib is included in
OvmfPkg/Microvm/MicrovmX64.dsc. If TdxLib is used by DxeMpInitLib,
then it has to be included in MicrovmX64.dsc as well.Hmm, yes.  Adding a TdxLib dependency has its downsides indeed.

So I copy the assemble code in MpInitLib.The problem with copying code is that long-term maintenance becomes
harder.  When a bug is found you have to find and fix all the copies
of that code.  That's why I strongly prefer to avoid code copy&paste.
Sometimes there is no easy way around creating a copy though.Can't you create something in MdePkg/Library/Baselib and then use it
everywhere it's needed?
Do you mean put the basic Tdx functions in MdePkg/Library/BaseLib? If that is the case, then I would add below basic Tdx functions in BaseLib:
 - TdIsEnabled ()
 - TdCall ()
 - TdVmCall ()

Gerd, what's your thought?

Thanks
Min

Re: [PATCH] MdeModulePkg/DxeCapsuleLibFmp: Add runtime SetImage support

Bob Morgan

#83356

Hi Liming,

The Uefi spec Version 2.9 appears to have some inconsistencies regarding the possibility of runtime processing of FMP capsules.   The UpdateCapsule() runtime service in Section 8.5.3 states that "the firmware may process the capsule immediately", but in Section 23.3.1, where the FMP capsule is described, the last paragraph states "By definition Firmware Management protocol services are not available in EFI runtime".

I think the following spec changes would document the optional runtime FMP capsule processing as implemented in this patch:

1.  Reword Section 23.3.1 Description last paragraph, first sentence.
From:  "By definition Firmware Management protocol services are not available in EFI runtime and depending upon platform capabilities, EFI runtime delivery of this capsule may not be supported and may return an error when delivered in EFI runtime with CAPSULE_FLAGS_PERSIST_ACROSS_RESET bit defined."

To something like this: "Depending upon platform capabilities, EFI runtime delivery or processing of this capsule may not be supported and may return an error when delivered in EFI runtime.  

2. Reword Section 23.3.3 Step 3.
From: "If system is not in boot services and platform does not support persistence of capsule across reset when initiated within EFI Runtime, EFI_OUT_OF_RESOURCES error is returned."

To something like this: "If system is not in boot services and the CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag is set, but the platform does not support persistence of capsule across reset when initiated within EFI Runtime, EFI_OUT_OF_RESOURCES error is returned."   <<<By the way, UpdateCapsule() currently appears to return EFI_UNSUPPORTED in this case, see the IsPersistAcrossResetCapsuleSupported () check near the end>>>

3.  Add runtime FMP support info to Section 23.3.3 Step 3.
If system is not in boot services and the CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag is not set, but the platform does not support processing of capsules within EFI Runtime, EFI_OUT_OF_RESOURCES error is returned.  If the platform supports processing of capsules within EFI Runtime, steps 4-10 are not applicable and the capsules are processed according to steps 11-14.

Let me know what you think and we can get an ECR process started to update the spec.

Thanks,

-bob

Show quoted text

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming via groups.io
Sent: Monday, November 1, 2021 7:17 PM
To: devel@edk2.groups.io; Bob Morgan <bobm@...>
Cc: 'Jian J Wang' <jian.j.wang@...>; 'Guomin Jiang' <guomin.jiang@...>
Subject: 回复: [edk2-devel] [PATCH] MdeModulePkg/DxeCapsuleLibFmp: Add runtime SetImage support

External email: Use caution opening links or attachments


Bob:
  Thanks for your detail. PcdRuntimeFmpCapsuleImageTypeIdGuid is edk2 implementation solution. Have you the proposal on how to update UEFI spec to support runtime FMP protocol?

Thanks
Liming
-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Bob Morgan via 
groups.io
发送时间: 2021年10月30日 1:59
收件人: gaoliming <gaoliming@...>; devel@edk2.groups.io
抄送: 'Jian J Wang' <jian.j.wang@...>; 'Guomin Jiang'
<guomin.jiang@...>
主题: Re: [edk2-devel] [PATCH] MdeModulePkg/DxeCapsuleLibFmp: Add 
runtime SetImage support

Hi Liming,  See inline below.

-----Original Message-----
From: gaoliming <gaoliming@...>
Sent: Thursday, October 28, 2021 7:57 PM
To: devel@edk2.groups.io; Bob Morgan <bobm@...>
Cc: 'Jian J Wang' <jian.j.wang@...>; 'Guomin Jiang'
<guomin.jiang@...>
Subject: 回复: [edk2-devel] [PATCH] MdeModulePkg/DxeCapsuleLibFmp:
Add runtime SetImage support

External email: Use caution opening links or attachments


Bob:
  I think this patch needs to work together with the changes of
FmpDevicePkg: Add support for runtime FmpDxe driver.Yes, this patch adds support to process FMP capsules at runtime if the 
capsule’s UpdateImageTypeId is supported by a runtime-capable FmpDxe 
driver (e.g. using the FmpDevicePkg  patch you mentioned).  The 
PcdSupportProcessCapsuleAtRuntime PCD must be TRUE and the capsule’s 
CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag must be FALSE.

  Capsule is runtime service. If it consumes FMP to do update, FMP 
service can support runtime. But, how does Capsule know whether FMP 
protocol supports runtime or not?Right, this patch requires an implementation to list the FMP 
ImageTypeId GUIDs supported by any runtime-capable FmpDxe drivers in 
the new PcdRuntimeFmpCapsuleImageTypeIdGuid array PCD.  This PCD is 
used by the new  InitializeRuntimeFmpArrays() function during 
DxeRuntimeCapsuleLib initialization to find the FMP instances that 
support those ImageTypeIds and save their 
EFI_FIRMWARE_MANAGEMENT_PROTOCOL protocol structure pointers for 
runtime use during capsule processing.

When ProcessFmpCapsuleImage() executes its step ‘2. Route payload to 
right FMP instance’, it detects runtime execution and uses the saved 
runtime-capable FMP protocol structure pointer if its ImageTypeId 
matches that of the capsule being processed.

I hope that helps.  Please let me know if additional clarification is needed.

Thanks,
-bob

Thanks
Liming
-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 BobMorgan
via
groups.io
发送时间: 2021年10月20日 4:11
收件人: devel@edk2.groups.io
抄送: Bob Morgan <bobm@...>; Jian J Wang<jian.j.wang@...>;
Liming Gao <gaoliming@...>; Guomin Jiang 
<guomin.jiang@...>
主题: [edk2-devel] [PATCH] MdeModulePkg/DxeCapsuleLibFmp: Addruntime
SetImage support

Adds optional support for processing FMP capusle images after
ExitBootServices() if the ImageTypeIdGuid is mentioned in the new 
PcdRuntimeFmpCapsuleImageTypeIdGuid list.

Cc: Jian J Wang <jian.j.wang@...>
Cc: Liming Gao <gaoliming@...>
Cc: Guomin Jiang <guomin.jiang@...>
Signed-off-by: Bob Morgan <bobm@...>
---
 .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c  |  81 +++++++++---
 .../DxeCapsuleLibFmp/DxeCapsuleRuntime.c      | 119
++++++++++++++++++
 .../DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf |   4 +
 MdeModulePkg/MdeModulePkg.dec                 |   7 +-
 4 files changed, 192 insertions(+), 19 deletions(-)

diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
index 90942135d7..0000f91c6a 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
@@ -10,6 +10,7 @@
   ValidateFmpCapsule(), and DisplayCapsuleImage() receives 
untrusted input and
   performs basic validation.

+  Copyright (c) 2021, NVIDIA CORPORATION. All rights 
+ reserved.<BR>
   Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -41,6 +42,11 @@
 #include <Protocol/FirmwareManagementProgress.h>
 #include <Protocol/DevicePath.h>

+BOOLEAN (EFIAPI *mLibAtRuntimeFunction) (VOID)=
NULL;
+EFI_FIRMWARE_MANAGEMENT_PROTOCOL    *mRuntimeFmp
= NULL;
+VOID**mRuntimeFmpProtocolArray
= NULL;
+EFI_GUID                            *mRuntimeFmpGuidArray
= NULL;
+
 EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable                  =NULL;
 BOOLEAN                   mIsVirtualAddrConverted      =FALSE;

@@ -551,6 +557,11 @@ DumpAllFmpInfo (
   UINT32PackageVersion;
   CHAR16
*PackageVersionName;

+  // Dump not supported at runtime.
+  if ((mLibAtRuntimeFunction != NULL) && mLibAtRuntimeFunction ()) {
+    return;
+  }
+
   Status = gBS->LocateHandleBuffer (
                   ByProtocol,
                   &gEfiFirmwareManagementProtocolGuid,
@@ -906,25 +917,35 @@ SetFmpImageData (
   CHAR16*AbortReason;
   EFI_FIRMWARE_MANAGEMENT_UPDATE_IMAGE_PROGRESS
ProgressCallback;

-  Status = gBS->HandleProtocol(
-                  Handle,
-                  &gEfiFirmwareManagementProtocolGuid,
-                  (VOID **)&Fmp
-                  );
-  if (EFI_ERROR(Status)) {
-    return Status;
-  }
+  // If not using optional runtime support, get FMP protocol for 
+ given
Handle.
+  // Otherwise, use the one saved by ProcessFmpCapsuleImage().
+  if ((mLibAtRuntimeFunction == NULL) || !mLibAtRuntimeFunction ()) {
+    Status = gBS->HandleProtocol(
+                    Handle,
+                    &gEfiFirmwareManagementProtocolGuid,
+                    (VOID **)&Fmp
+                    );
+    if (EFI_ERROR(Status)) {
+      return Status;
+    }

-  //
-  // Lookup Firmware Management Progress Protocol before 
SetImage() is called
-  // This is an optional protocol that may not be present on Handle.
-  //
-  Status = gBS->HandleProtocol (
-                  Handle,
-&gEdkiiFirmwareManagementProgressProtocolGuid,
-                  (VOID **)&mFmpProgress
-                  );
-  if (EFI_ERROR (Status)) {
+    //
+    // Lookup Firmware Management Progress Protocol beforeSetImage()
is called
+    // This is an optional protocol that may not be present on Handle.
+    //
+    Status = gBS->HandleProtocol (
+                    Handle,
+
&gEdkiiFirmwareManagementProgressProtocolGuid,
+                    (VOID **)&mFmpProgress
+                    );
+    if (EFI_ERROR (Status)) {
+      mFmpProgress = NULL;
+    }
+  } else {
+    if (mRuntimeFmp == NULL) {
+      return EFI_UNSUPPORTED;
+    }
+    Fmp = mRuntimeFmp;
     mFmpProgress = NULL;
   }

@@ -1259,6 +1280,30 @@ ProcessFmpCapsuleImage (
       UpdateHardwareInstance =
ImageHeader->UpdateHardwareInstance;
     }

+    // Optional runtime FMP SetImage processing sequence
+    if ((mLibAtRuntimeFunction != NULL) && mLibAtRuntimeFunction 
+ ()&&
+        (mRuntimeFmpProtocolArray != NULL)) {
+      mRuntimeFmp = NULL;
+      Index2 = 0;
+      while (mRuntimeFmpProtocolArray[Index2] != NULL) {
+        if (CompareGuid (&ImageHeader->UpdateImageTypeId,
+                         &mRuntimeFmpGuidArray[Index2])) {
+          mRuntimeFmp =(EFI_FIRMWARE_MANAGEMENT_PROTOCOL
*)
+            mRuntimeFmpProtocolArray[Index2];
+          break;
+        }
+        Index2++;
+      }
+
+      Status = SetFmpImageData (NULL,
+                                ImageHeader,
+                                Index -
FmpCapsuleHeader->EmbeddedDriverCount);
+      if (EFI_ERROR (Status)) {
+        return Status;
+      }
+      continue;
+    }
+
     Status = GetFmpHandleBufferByType (
                &ImageHeader->UpdateImageTypeId,
                UpdateHardwareInstance, diff --git 
a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
index f94044a409..6feb6dab79 100644
--- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
+++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleRuntime.c
@@ -1,6 +1,7 @@
 /** @file
   Capsule library runtime support.

+  Copyright (c) 2021, NVIDIA CORPORATION. All rights 
+ reserved.<BR>
   Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -19,7 +20,11 @@
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiRuntimeServicesTableLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include <Library/UefiRuntimeLib.h>

+extern BOOLEAN                   (EFIAPI*mLibAtRuntimeFunction)
(VOID);
+extern VOID                      **mRuntimeFmpProtocolArray;
+extern EFI_GUID                  *mRuntimeFmpGuidArray;
 extern EFI_SYSTEM_RESOURCE_TABLE *mEsrtTable;
 extern BOOLEAN                   mIsVirtualAddrConverted;
 EFI_EVENT
mDxeRuntimeCapsuleLibVirtualAddressChangeEvent  = NULL; @@ -40,9
+45,121 @@ DxeCapsuleLibVirtualAddressChangeEvent (
   )
 {
   gRT->ConvertPointer (EFI_OPTIONAL_PTR, (VOID **)&mEsrtTable);
+
+  if (mRuntimeFmpProtocolArray != NULL) {
+    VOID **FmpArrayEntry;
+
+    FmpArrayEntry = mRuntimeFmpProtocolArray;
+    while (*FmpArrayEntry != NULL) {
+      EfiConvertPointer (0x0, (VOID **) FmpArrayEntry);
+      FmpArrayEntry++;
+    }
+    EfiConvertPointer (0x0, (VOID **)&mRuntimeFmpProtocolArray);  }
+ if (mRuntimeFmpGuidArray != NULL) {
+    EfiConvertPointer (0x0, (VOID **) &mRuntimeFmpGuidArray);  }if
+ (mLibAtRuntimeFunction != NULL ) {
+    EfiConvertPointer (0x0, (VOID **) &mLibAtRuntimeFunction);  }
+
   mIsVirtualAddrConverted = TRUE;  }

+/**
+  Initialize optional runtime FMP arrays to support FMP SetImage
processing
+  after ExitBootServices() is called.
+
+  The ImageTypeIdGuids of runtime-capable FMP protocol drivers 
+ are
extracted
+  from the PcdRuntimeFmpCapsuleImageTypeIdGuid list and their 
+ protocol  structure pointers are saved in the 
+ mRuntimeFmpProtocolArray for use
during
+  UpdateCapsule() processing. UpdateHardwareInstance is notsupported.
+
+**/
+STATIC
+VOID
+EFIAPI
+InitializeRuntimeFmpArrays (
+  VOID
+  )
+{
+  EFI_GUID      *Guid;
+  UINTN         NumHandles;
+  EFI_HANDLE    *HandleBuffer;
+  EFI_STATUS    Status;
+  UINTN         Count;
+  UINTN         Index;
+  UINTN         FmpArrayIndex;
+
+  EFI_STATUS
+    GetFmpHandleBufferByType (
+      IN     EFI_GUID*UpdateImageTypeId,
+      IN     UINT64
UpdateHardwareInstance,
+      OUT    UINTN                        *NoHandles,
OPTIONAL
+      OUT    EFI_HANDLE                   **HandleBuf,
OPTIONAL
+      OUT    BOOLEAN**ResetRequiredBuf
OPTIONAL
+      );
+
+  Count = PcdGetSize (PcdRuntimeFmpCapsuleImageTypeIdGuid) /sizeof
(GUID);
+  if (Count == 0) {
+    return;
+  }
+
+  // mRuntimeFmpProtocolArray is a NULL-terminated list of FMP 
+ protocol
pointers
+  mRuntimeFmpProtocolArray = (VOID **)
+    AllocateRuntimeZeroPool ((Count + 1) * sizeof (VOID *));  if 
+ (mRuntimeFmpProtocolArray == NULL) {
+    DEBUG ((DEBUG_ERROR, "Error allocating
mRuntimeFmpProtocolArray\n"));
+    return;
+  }
+  mRuntimeFmpGuidArray = (EFI_GUID *)
+    AllocateRuntimeZeroPool (Count * sizeof (EFI_GUID));  if 
+ (mRuntimeFmpGuidArray == NULL) {
+    DEBUG ((DEBUG_ERROR, "Error allocatingmRuntimeFmpGuidArray"));
+    FreePool (mRuntimeFmpProtocolArray);
+    return;
+  }
+
+  // For each runtime ImageTypeIdGuid in the PCD, save its GUID 
+ and FMP
protocol
+  FmpArrayIndex = 0;
+  Guid  = PcdGetPtr (PcdRuntimeFmpCapsuleImageTypeIdGuid);
+  for (Index = 0; Index < Count; Index++, Guid++) {
+    mRuntimeFmpGuidArray[FmpArrayIndex] = *Guid;
+    HandleBuffer = NULL;
+    Status = GetFmpHandleBufferByType (Guid,
+                                       0,
+                                       &NumHandles,
+                                       &HandleBuffer,
+                                       NULL);
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR,
+              "Error finding FMP handle for runtime
ImageTypeIdGuid=%g: %r\n",
+              Guid, Status));
+      continue;
+    }
+
+    if (NumHandles > 1) {
+      DEBUG ((DEBUG_ERROR,
+              "FMP runtime ImageTypeIdGuid=%g returned %uhandles,
only 1 supported\n",
+              Guid, NumHandles));
+    }
+    Status = gBS->HandleProtocol (HandleBuffer[0],
+
&gEfiFirmwareManagementProtocolGuid,
+
&mRuntimeFmpProtocolArray[FmpArrayIndex]);
+    FreePool (HandleBuffer);
+    if (EFI_ERROR(Status)) {
+      DEBUG ((DEBUG_ERROR,
+              "Error getting FMP protocol for runtime
ImageTypeIdGuid=%g: %r\n",
+              Guid, Status));
+      continue;
+    }
+
+    FmpArrayIndex++;
+  }
+
+  mLibAtRuntimeFunction = EfiAtRuntime; }
+
 /**
   Notify function for event groupEFI_EVENT_GROUP_READY_TO_BOOT.

@@ -93,6 +210,8 @@ DxeCapsuleLibReadyToBootEventNotify (
     //
     mEsrtTable->FwResourceCountMax =mEsrtTable->FwResourceCount;
   }
+
+  InitializeRuntimeFmpArrays ();
 }

 /**
diff --git
a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
index bf56f4623f..7b3f5e04f8 100644
---a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
+++b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeRuntimeCapsuleLib.inf
@@ -49,6 +49,7 @@
   PrintLib
   HobLib
   BmpSupportLib
+  PcdLib


 [Protocols]
@@ -70,5 +71,8 @@
   gEfiEventVirtualAddressChangeGuid       ## CONSUMES ## Event
   gEdkiiCapsuleOnDiskNameGuid             ##
SOMETIMES_CONSUMES ## GUID

+[Pcd]
+
gEfiMdeModulePkgTokenSpaceGuid.PcdRuntimeFmpCapsuleImageTypeIdG
ui
d
+
 [Depex]
   gEfiVariableWriteArchProtocolGuid diff --git 
a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec 
index 133e04ee86..869aa892f7100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -3,7 +3,7 @@
 # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs 
and library classes)  # and libraries instances, which are used 
for those modules.
 #
-# Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved.
+# Copyright (c) 2019-2021, NVIDIA CORPORATION. All rights 
+reserved.<BR>
 # Copyright (c) 2007 - 2021, Intel Corporation. All rights 
reserved.<BR>  # Copyright (c) 2016, Linaro Ltd. All rights 
reserved.<BR>  # (C) Copyright 2016 - 2019 Hewlett Packard 
Enterprise Development LP<BR> @@ -2020,6 +2020,11 @@
   # @Prompt Capsule On Disk Temp Relocation file name in PEI 
phase

gEfiMdeModulePkgTokenSpaceGuid.PcdCoDRelocationFileName|L"Cod.tmp
"|
VOID*|0x30001048

+  ## This PCD holds a list of GUIDs for the ImageTypeId to 
+ indicate the  #  FMP is runtime capable.
+  # @Prompt A list of runtime-capable FMP ImageTypeId GUIDs
+
gEfiMdeModulePkgTokenSpaceGuid.PcdRuntimeFmpCapsuleImageTypeIdG
ui
d|{0x0}|VOID*|0x30001049
+
   ## This PCD hold a list GUIDs for the ImageTypeId to indicate the
   #  FMP capsule is a system FMP.
   # @Prompt A list of system FMP ImageTypeId GUIDs
--
2.17.1

[PATCH] Reallocate TPM Active PCRs based on platform support.

Rodrigo Gonzalez del Cueto

#83355

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3515

In V3: Cleaned up comments, debug prints and updated patch to use the
new debug ENUM definitions.

- Replaced EFI_D_INFO with DEBUG_INFO.
- Replaced EFI_D_VERBOSE with DEBUG_VERBOSE.

In V2: Add case to RegisterHashInterfaceLib logic

RegisterHashInterfaceLib needs to correctly handle registering the HashLib
instance supported algorithm bitmap when PcdTpm2HashMask is set to zero.

The current implementation of SyncPcrAllocationsAndPcrMask() triggers
PCR bank reallocation only based on the intersection between
TpmActivePcrBanks and PcdTpm2HashMask.

When the software HashLibBaseCryptoRouter solution is used, no PCR bank
reallocation is occurring based on the supported hashing algorithms
registered by the HashLib instances.

Need to have an additional check for the intersection between the
TpmActivePcrBanks and the PcdTcg2HashAlgorithmBitmap populated by the
HashLib instances present on the platform's BIOS.

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@...>

Cc: Jian J Wang <jian.j.wang@...>
Cc: Jiewen Yao <jiewen.yao@...>
---
 SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c |  6 +++++-
 SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c |  6 +++++-
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c                                        | 67 ++++++++++++++++++++++++++++++++++++++++++-------------------------
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf                                      |  1 +
 4 files changed, 53 insertions(+), 27 deletions(-)

diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
index 7a0f61efbb..0821159120 100644
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
@@ -230,13 +230,17 @@ RegisterHashInterfaceLib (
 {
   UINTN              Index;
   UINT32             HashMask;
+  UINT32             Tpm2HashMask;
   EFI_STATUS         Status;
 
   //
   // Check allow
   //
   HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);
-  if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
+  Tpm2HashMask = PcdGet32 (PcdTpm2HashMask);
+
+  if ((Tpm2HashMask != 0) &&
+      ((HashMask & Tpm2HashMask) == 0)) {
     return EFI_UNSUPPORTED;
   }
 
diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
index 42cb562f67..6ae51dbce4 100644
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
@@ -327,13 +327,17 @@ RegisterHashInterfaceLib (
   UINTN              Index;
   HASH_INTERFACE_HOB *HashInterfaceHob;
   UINT32             HashMask;
+  UINT32             Tpm2HashMask;
   EFI_STATUS         Status;
 
   //
   // Check allow
   //
   HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);
-  if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
+  Tpm2HashMask = PcdGet32 (PcdTpm2HashMask);
+
+  if ((Tpm2HashMask != 0) &&
+      ((HashMask & Tpm2HashMask) == 0)) {
     return EFI_UNSUPPORTED;
   }
 
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 93a8803ff6..582b9377e5 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
 /** @file
   Initialize TPM2 device and measure FVs before handing off control to DXE.
 
-Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
 Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -253,7 +253,7 @@ EndofPeiSignalNotifyCallBack (
 
 /**
   Make sure that the current PCR allocations, the TPM supported PCRs,
-  and the PcdTpm2HashMask are all in agreement.
+  PcdTcg2HashAlgorithmBitmap and the PcdTpm2HashMask are all in agreement.
 **/
 VOID
 SyncPcrAllocationsAndPcrMask (
@@ -262,52 +262,68 @@ SyncPcrAllocationsAndPcrMask (
 {
   EFI_STATUS                        Status;
   EFI_TCG2_EVENT_ALGORITHM_BITMAP   TpmHashAlgorithmBitmap;
+  EFI_TCG2_EVENT_ALGORITHM_BITMAP   BiosHashAlgorithmBitmap;
   UINT32                            TpmActivePcrBanks;
   UINT32                            NewTpmActivePcrBanks;
   UINT32                            Tpm2PcrMask;
   UINT32                            NewTpm2PcrMask;
 
-  DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
+  DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
 
   //
   // Determine the current TPM support and the Platform PCR mask.
   //
   Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks);
+
   ASSERT_EFI_ERROR (Status);
 
+  DEBUG ((DEBUG_INFO, "Tpm2GetCapabilitySupportedAndActivePcrs - TpmHashAlgorithmBitmap: 0x%08x\n", TpmHashAlgorithmBitmap));
+  DEBUG ((DEBUG_INFO, "Tpm2GetCapabilitySupportedAndActivePcrs - TpmActivePcrBanks 0x%08x\n", TpmActivePcrBanks));
+
   Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
   if (Tpm2PcrMask == 0) {
     //
-    // if PcdTPm2HashMask is zero, use ActivePcr setting
+    // If PcdTpm2HashMask is zero, use ActivePcr setting.
+    // Only when PcdTpm2HashMask is initialized to 0, will it be updated to current Active Pcrs.
     //
     PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
     Tpm2PcrMask = TpmActivePcrBanks;
   }
+  DEBUG ((DEBUG_INFO, "Tpm2PcrMask 0x%08x\n", Tpm2PcrMask));
 
   //
-  // Find the intersection of Pcd support and TPM support.
-  // If banks are missing from the TPM support that are in the PCD, update the PCD.
-  // If banks are missing from the PCD that are active in the TPM, reallocate the banks and reboot.
-  //
-
-  //
-  // If there are active PCR banks that are not supported by the Platform mask,
-  // update the TPM allocations and reboot the machine.
+  // The Active PCRs in the TPM need to be a strict subset of the hashing algorithms supported by BIOS.
   //
-  if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
-    NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
-
-    DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
+  // * Find the intersection of Pcd support and TPM active PCRs. If banks are missing from the TPM support
+  // that are in the PCD, update the PCD.
+  // * Find intersection of TPM Active PCRs and BIOS supported algorithms. If there are active PCR banks
+  // that are not supported by the platform, update the TPM allocations and reboot.
+  // Note: When the HashLibBaseCryptoRouter solution is used, the hash algorithm support from BIOS is reported
+  //       by Tcg2HashAlgorithmBitmap, which is populated by HashLib instances at runtime.
+  BiosHashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+  DEBUG ((DEBUG_INFO, "Tcg2HashAlgorithmBitmap: 0x%08x\n", BiosHashAlgorithmBitmap));
+
+  if (((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) ||
+      ((TpmActivePcrBanks & BiosHashAlgorithmBitmap) != TpmActivePcrBanks)) {
+    DEBUG ((DEBUG_INFO, "TpmActivePcrBanks & Tpm2PcrMask = 0x%08x\n", (TpmActivePcrBanks & Tpm2PcrMask)));
+    DEBUG ((DEBUG_INFO, "TpmActivePcrBanks & BiosHashAlgorithmBitmap = 0x%08x\n", (TpmActivePcrBanks & BiosHashAlgorithmBitmap)));
+    NewTpmActivePcrBanks = TpmActivePcrBanks;
+    NewTpmActivePcrBanks &= Tpm2PcrMask;
+    NewTpmActivePcrBanks &= BiosHashAlgorithmBitmap;
+    DEBUG ((DEBUG_INFO, "NewTpmActivePcrBanks 0x%08x\n", NewTpmActivePcrBanks));
+
+    DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
     if (NewTpmActivePcrBanks == 0) {
-      DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+      DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
       ASSERT (FALSE);
     } else {
+      DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocateBanks (TpmHashAlgorithmBitmap: 0x%08x, NewTpmActivePcrBanks: 0x%08x)\n", TpmHashAlgorithmBitmap, NewTpmActivePcrBanks));
       Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, NewTpmActivePcrBanks);
       if (EFI_ERROR (Status)) {
         //
         // We can't do much here, but we hope that this doesn't happen.
         //
-        DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
+        DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
         ASSERT_EFI_ERROR (Status);
       }
       //
@@ -324,13 +340,14 @@ SyncPcrAllocationsAndPcrMask (
   if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
     NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
 
-    DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
+    DEBUG ((DEBUG_ERROR, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
     if (NewTpm2PcrMask == 0) {
-      DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+      DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
       ASSERT (FALSE);
     }
 
     Status = PcdSet32S (PcdTpm2HashMask, NewTpm2PcrMask);
+    DEBUG ((DEBUG_ERROR, "Set PcdTpm2Hash Mask to 0x%08x\n", NewTpm2PcrMask));
     ASSERT_EFI_ERROR (Status);
   }
 }
@@ -365,7 +382,7 @@ LogHashEvent (
   RetStatus = EFI_SUCCESS;
   for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {
     if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
-      DEBUG ((EFI_D_INFO, "  LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
+      DEBUG ((DEBUG_INFO, "  LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
       switch (mTcg2EventInfo[Index].LogFormat) {
       case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
         Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
@@ -476,7 +493,7 @@ HashLogExtendEvent (
   }
 
   if (Status == EFI_DEVICE_ERROR) {
-    DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
+    DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
     BuildGuidHob (&gTpmErrorHobGuid,0);
     REPORT_STATUS_CODE (
       EFI_ERROR_CODE | EFI_ERROR_MINOR,
@@ -1011,7 +1028,7 @@ PeimEntryMA (
   }
 
   if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
-    DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
+    DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
     return EFI_DEVICE_ERROR;
   }
 
@@ -1075,7 +1092,7 @@ PeimEntryMA (
       for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
         Status = MeasureSeparatorEventWithError (PcrIndex);
         if (EFI_ERROR (Status)) {
-          DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. Error!\n"));
+          DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. Error!\n"));
         }
       }
     }
@@ -1106,7 +1123,7 @@ PeimEntryMA (
 
 Done:
   if (EFI_ERROR (Status)) {
-    DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
+    DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
     BuildGuidHob (&gTpmErrorHobGuid,0);
     REPORT_STATUS_CODE (
       EFI_ERROR_CODE | EFI_ERROR_MINOR,
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index 06c26a2904..17ad116126 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -86,6 +86,7 @@
   ## SOMETIMES_CONSUMES
   ## SOMETIMES_PRODUCES
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask
+  gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap                  ## CONSUMES
 
 [Depex]
   gEfiPeiMasterBootModePpiGuid AND
-- 
2.33.1.windows.1

Re: [PATCH v1 05/16] ArmPkg and MdePkg: Move the Arm CompilerIntrinsicsLib to MdePkg

Bret Barkelew

#83354

Will address.

Show quoted text

On Wed, Nov 3, 2021 at 11:24 PM Andrew Fish <afish@...> wrote:

> On Nov 3, 2021, at 11:23 PM, gaoliming <gaoliming@...> wrote:
>
> Lefi:
>
>> -----邮件原件-----
>> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Leif Lindholm
>> 发送时间: 2021年11月2日 17:51
>> 收件人: brbarkel@... <bret@...>
>> 抄送: devel@edk2.groups.io; Ard Biesheuvel <ardb+tianocore@...>;
>> Michael D Kinney <michael.d.kinney@...>; Liming Gao
>> <gaoliming@...>; Zhiguang Liu <zhiguang.liu@...>; Sami
>> Mujawar <sami.mujawar@...>; Jiewen Yao <jiewen.yao@...>;
>> Supreeth Venkatesh <supreeth.venkatesh@...>; Maciej Rabeda
>> <maciej.rabeda@...>; Jiaxin Wu <jiaxin.wu@...>; Siyuan
>> Fu <siyuan.fu@...>; Ray Ni <ray.ni@...>; Zhichao Gao
>> <zhichao.gao@...>; Sean Brogan <sean.brogan@...>
>> 主题: Re: [edk2-devel] [PATCH v1 05/16] ArmPkg and MdePkg: Move the Arm
>> CompilerIntrinsicsLib to MdePkg
>>
>> On Mon, Nov 01, 2021 at 12:56:37 -0700, brbarkel@... wrote:
>>> From: Bret Barkelew <brbarkel@...>
>>>
>>> This aligns better with Mu's philosophy around dependency structuring
>>> and is one of the steps to enable Basecore to have zero CI dependencies
>>> on other Mu repos.
>>>
>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3649
>>>
>>
>> Only one comment on this patch really.
>>
>>> ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf =>
>> MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf | 3 +--
>>
>> Could we just keep the .inf name as is?
>>
> I agree your suggestion. CompilerIntrinsicsLib can support X86 in future.
> So,
> CompilerIntrinsicsLib.inf should be used.
>

+1

Thanks,

Andrew Fish

> Thanks
> Liming
>
>> I think we're getting closer to the x86 folk accepting that they
>> need this too, rather than keep inventing new dialects of C in the
>> desperate hope that the compiler won't generate stdlib calls it's
>> fully permitted to generate whenever it feels like.
>>
>> /
>> Leif
>>
>>
>>
>>
>
>
>
>
>
>
>
>

Re: [Patch V2 7/7] BaseTools/Conf: Fix Linux GCC ARM build issues with HII

Michael D Kinney

#83353

Hi Leif,

I will add NOOPT information to the commit message.

Unfortunately, this change caused a boot to shell failure for ArmVirtPkg QEMU.  TFTP dynamic shell command failed to find HII package.

	https://github.com/tianocore/edk2/pull/2166
	https://dev.azure.com/tianocore/edk2-ci/_build/results?buildId=32907&view=logs&j=cf2d8b26-a21c-5c68-abf4-b944c123e462&t=5ffbbe5c-1d3a-55f5-5ef3-8a0ef80d76a1&l=547

I am investigating and will send a V3 with updates.

Mike

Show quoted text

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Leif Lindholm
Sent: Thursday, November 4, 2021 3:50 AM
To: Kinney, Michael D <michael.d.kinney@...>
Cc: devel@edk2.groups.io; Feng, Bob C <bob.c.feng@...>; Liming Gao <gaoliming@...>; Chen, Christine
<yuwei.chen@...>; Ard Biesheuvel <ardb+tianocore@...>
Subject: Re: [edk2-devel] [Patch V2 7/7] BaseTools/Conf: Fix Linux GCC ARM build issues with HII

On Wed, Nov 03, 2021 at 15:59:54 -0700, Michael D Kinney wrote:
Update builds_rules.template to add $(SLINK) to the GCC
steps for processing HII resources to produce a static
library instead of an object file.  This improves linker
compatibility and specifically fixes a link failure seen
on Linux GCC ARM builds of the MdeModulePkg due to
mismatched ABI types between the HII resource section
and the rest of the libraries.

Cc: Bob Feng <bob.c.feng@...>
Cc: Liming Gao <gaoliming@...>
Cc: Yuwei Chen <yuwei.chen@...>
Cc: Leif Lindholm <leif@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Signed-off-by: Michael D Kinney <michael.d.kinney@...>This arguably looks like a plain fix in the first place.

However, I am only able to trigger the build failure for the NOOPT
target. That may be useful to mention in the commit message.

With that:
Reviewed-by: Leif Lindholm <leif@...>

---
 BaseTools/Conf/build_rule.template | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/BaseTools/Conf/build_rule.template b/BaseTools/Conf/build_rule.template
index 3add1029f276..5f59044da36d 100755
--- a/BaseTools/Conf/build_rule.template
+++ b/BaseTools/Conf/build_rule.template
@@ -668,6 +668,8 @@

     <Command.GCC>
         "$(GENFW)" -o $(OUTPUT_DIR)(+)$(MODULE_NAME)hii.rc -g $(MODULE_GUID) --hiibinpackage $(HII_BINARY_PACKAGES)$(GENFW_FLAGS)
-        "$(RC)" $(RC_FLAGS) $(OUTPUT_DIR)(+)$(MODULE_NAME)hii.rc ${dst}
+        "$(RC)" $(RC_FLAGS) $(OUTPUT_DIR)(+)$(MODULE_NAME)hii.rc $(OUTPUT_DIR)(+)$(MODULE_NAME)hii.rc.obj
+        "$(SLINK)" cr  ${dst} $(OUTPUT_DIR)(+)$(MODULE_NAME)hii.rc.obj
+
     <Command.XCODE, Command.RVCT, Command.CLANGGCC>
         "$(GENFW)" -o $(OUTPUT_DIR)(+)$(MODULE_NAME)hii.rc -g $(MODULE_GUID) --hiibinpackage $(HII_BINARY_PACKAGES)$(GENFW_FLAGS)
--
2.32.0.windows.1

Re: [PATCH 1/1] OvmfPkg/AmdSev: remove unused SMM bits from .dsc and .fdf files

Dov Murik

#83352

Thanks Gerd,


On 04/11/2021 11:21, Gerd Hoffmann wrote:
Signed-off-by: Gerd Hoffmann <kraxel@...>
Reviewed-by: Dov Murik <dovmurik@...>
Tested-by: Dov Murik <dovmurik@...>


-Dov


---
 OvmfPkg/AmdSev/AmdSevX64.dsc | 47 ------------------------------------
 OvmfPkg/AmdSev/AmdSevX64.fdf | 15 ------------
 2 files changed, 62 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 5ee54451169b..d54ef2916536 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -93,14 +93,6 @@ [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   XCODE:*_*_*_MTOC_FLAGS = -align 0x1000
   CLANGPDB:*_*_*_DLINK_FLAGS = /ALIGN:4096
 
-# Force PE/COFF sections to be aligned at 4KB boundaries to support page level
-# protection of DXE_SMM_DRIVER/SMM_CORE modules
-[BuildOptions.common.EDKII.DXE_SMM_DRIVER, BuildOptions.common.EDKII.SMM_CORE]
-  GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
-  XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
-  XCODE:*_*_*_MTOC_FLAGS = -align 0x1000
-  CLANGPDB:*_*_*_DLINK_FLAGS = /ALIGN:4096
-
 ################################################################################
 #
 # SKU Identification section - list of all SKU IDs supported by this Platform.
@@ -390,45 +382,6 @@ [LibraryClasses.common.UEFI_APPLICATION]
 !endif
   PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
 
-[LibraryClasses.common.DXE_SMM_DRIVER]
-  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
-  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
-  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
-  MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
-  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
-  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
-  SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
-  MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
-  SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
-!ifdef $(DEBUG_ON_SERIAL_PORT)
-  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
-!else
-  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
-!endif
-  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
-!if $(SOURCE_DEBUG_ENABLE) == TRUE
-  DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf
-!endif
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
-  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
-
-[LibraryClasses.common.SMM_CORE]
-  PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
-  TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf
-  ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf
-  SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/SmmCorePlatformHookLibNull.inf
-  MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
-  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
-  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
-  SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
-  SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf
-!ifdef $(DEBUG_ON_SERIAL_PORT)
-  DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
-!else
-  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
-!endif
-  PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform.
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 56626098862c..804ad4e2bb6b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -445,18 +445,3 @@ [Rule.Common.SEC.RESET_VECTOR]
   FILE RAW = $(NAMED_GUID) {
     RAW BIN   Align = 16   |.bin
   }
-
-[Rule.Common.SMM_CORE]
-  FILE SMM_CORE = $(NAMED_GUID) {
-    PE32     PE32           $(INF_OUTPUT)/$(MODULE_NAME).efi
-    UI       STRING="$(MODULE_NAME)" Optional
-    VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
-  }
-
-[Rule.Common.DXE_SMM_DRIVER]
-  FILE SMM = $(NAMED_GUID) {
-    SMM_DEPEX    SMM_DEPEX Optional      $(INF_OUTPUT)/$(MODULE_NAME).depex
-    PE32     PE32                    $(INF_OUTPUT)/$(MODULE_NAME).efi
-    UI       STRING="$(MODULE_NAME)" Optional
-    VERSION  STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
-  }

Event: TianoCore Community Meeting - EMEA / NAMO - 11/04/2021 #cal-reminder

devel@edk2.groups.io Calendar <noreply@...>

#83351

Reminder: TianoCore Community Meeting - EMEA / NAMO

When:
11/04/2021
9:00am to 10:00am
(UTC-07:00) America/Los Angeles

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_N2UyMTVhZjUtOTk3Ni00MmI0LTg0NmItNzIwYTkyMGJhYzNh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d

Organizer: Soumya Guptha

Description:

Microsoft Teams meeting

Join on your computer or mobile app

Join with a video conferencing device

Video Conference ID: 111 422 379 4

Or call in (audio only)

+1 916-245-6934,,482062805# United States, Sacramento

Phone Conference ID: 482 062 805#

Event: TianoCore Community Meeting - EMEA / NAMO - 11/04/2021 #cal-reminder

devel@edk2.groups.io Calendar <noreply@...>

#83350

Reminder: TianoCore Community Meeting - EMEA / NAMO

When:
11/04/2021
9:00am to 10:00am
(UTC-07:00) America/Los Angeles

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_N2UyMTVhZjUtOTk3Ni00MmI0LTg0NmItNzIwYTkyMGJhYzNh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d

Organizer: Soumya Guptha

Description:

Microsoft Teams meeting

Join on your computer or mobile app

Join with a video conferencing device

Video Conference ID: 111 422 379 4

Or call in (audio only)

+1 916-245-6934,,482062805# United States, Sacramento

Phone Conference ID: 482 062 805#