Date   

Re: GSoC Proposal

Marvin Häuser <mhaeuser@...>
 

On 13. Apr 2022, at 16:38, Ada Christine <adachristine18@...> wrote:
i was replying via the groups.io web interface, I'm guessing that messed up
the thread? i haven't used mailing lists before and don't know how they
work. I'll use my mail client from here on.

I'm on board with not treating EFI as an operating system. the more i think
about it the more it looks like scope creep.
Agreed.

I'm not quite as enthusiastic
about it as i was at first glance.

I'm still keen on doing my gsoc proposal for edk, though, and even if this
task and the acpica application are decided to be out of scope unit
testing,
How about fuzz-testing? This is also something edk2 needs quite badly. At Acidanthera, we compile edk2 code in userspace outside the edk2 build system and fuzz with dummy applications.

clang integration
Pedro and Vitaly are looking for someone to finish ASan: https://edk2.groups.io/g/devel/topic/90010978#87991
There are working UBSan concepts, but they also need to be mainlined.

and source-level debugging are all relevant to
my interests.

how about your ideas for security stuff?
I want the entirety of MM to leverage SmmMemLib and to support SMAP. SmmMemLib would then handle UEFI->MMRAM and BaseMemoryLib would only work on MMRAM. Also evaluation of how to best avoid pointers in MM communication buffers would be nice.

There also is a bunch of other stuff, like working out moving a part of CpuDxe into DxeCore to have memory protection live immediately, memory protection in PEI, a replacement for the TE format (it’s buggy and most platforms mostly abandoned it over various issues), and alternatives to guarding critical code with SMM (like allowing NVRAM commits only as part of a reboot).

I personally find all of those projects very important, but I cannot promise many people agree. Especially those that impose global changes (most notably the TE replacement) may be very tedious to submit. Gladly, I believe you can submit multiple proposals (?)

Best regards,
Marvin

I'm not very knowledgeable about
trusted platform or secure boot but I'm willing to learn whatever is
necessary to get something spun up for my proposal.

On Wed, Apr 13, 2022, 12:05 Marvin Häuser <mhaeuser@...> wrote:

Do you use the “reply all” option in your mail client? Looks like my CCs
have been dropped again. Comments inline.

On 13. Apr 2022, at 12:54, Ada Christine <adachristine18@...>
wrote:
Hi, Marvin
Its similarity to my own latest experiment is the key to what grabbed my
attention. I have no particular use case in mind for it, but I see its
potential for anybody developing larger applications in that when a library
is changed there's no need to distribute a new version of the whole binary,
just the relevant library module.

I really do not like the trend of treating UEFI as a full-fledged OS - it
is not. The most used UEFI applications, OS loaders, are really not that
huge and are distributed as part of the OS image anyway. Even for less used
applications, you will always get a full snapshot anyhow. Gladly we don’t
have auto-update and package management yet. :)

I slept on it and it occurred to me that the whole thing could operate
similarly to the shell protocol in that the linker/loader is itself an
application that does a LoadImage() on the application needing dynamic
linking facilities.

That would mean the linker itself is shipped with every application that
requires it? Otherwise it doesn’t make much sense for it to be an app and
below’s problems apply.

If however the whole plan is making the linker as a DXE and including it
with the firmware, that I'm not quite as sure about. That would necessarily
tie any applications using dynamic linking to TianoCore or any firmware
distribution that derives from it.

I think that was the idea referred to as “edk2 core” by Steven, but I’d
like to hear his proposal to be sure. Virtually everyone uses edk2, so that
itself is not the problem, but versioning is. Vendors are slow to update
their snapshots or have just given up doing that entirely. Distributing it
for external applications like OS loaders would mean this can be leveraged
probably no earlier than 10 years from now. And for in-firmware things, I
have a hard time thinking about a use-case that outweighs the drawbacks.

To shift the topic slightly back to GSoC, however, I'm willing to work
on other items on the task list. Unit testing and an ACPICA application are
the alternative projects I had thought about. I need to choose fairly soon
as the proposal deadline is next Tuesday. I know a tiny bit about porting
ACPICA as I also have plans to incorporate it into my own project.

I have a few more ideas for security stuff, but Nate did not confirm them
as appropriate yet and I’m not here to drive you away from this specific
task (or the others). However, I’m still curious and concerned. :)

Best regards,
Marvin


Re: GSoC Proposal

Ada Christine <adachristine18@...>
 

i was replying via the groups.io web interface, I'm guessing that messed up
the thread? i haven't used mailing lists before and don't know how they
work. I'll use my mail client from here on.

I'm on board with not treating EFI as an operating system. the more i think
about it the more it looks like scope creep. I'm not quite as enthusiastic
about it as i was at first glance.

I'm still keen on doing my gsoc proposal for edk, though, and even if this
task and the acpica application are decided to be out of scope unit
testing, clang integration and source-level debugging are all relevant to
my interests.

how about your ideas for security stuff? I'm not very knowledgeable about
trusted platform or secure boot but I'm willing to learn whatever is
necessary to get something spun up for my proposal.

On Wed, Apr 13, 2022, 12:05 Marvin Häuser <mhaeuser@...> wrote:

Do you use the “reply all” option in your mail client? Looks like my CCs
have been dropped again. Comments inline.

On 13. Apr 2022, at 12:54, Ada Christine <adachristine18@...>
wrote:
Hi, Marvin

Its similarity to my own latest experiment is the key to what grabbed my
attention. I have no particular use case in mind for it, but I see its
potential for anybody developing larger applications in that when a library
is changed there's no need to distribute a new version of the whole binary,
just the relevant library module.

I really do not like the trend of treating UEFI as a full-fledged OS - it
is not. The most used UEFI applications, OS loaders, are really not that
huge and are distributed as part of the OS image anyway. Even for less used
applications, you will always get a full snapshot anyhow. Gladly we don’t
have auto-update and package management yet. :)


I slept on it and it occurred to me that the whole thing could operate
similarly to the shell protocol in that the linker/loader is itself an
application that does a LoadImage() on the application needing dynamic
linking facilities.

That would mean the linker itself is shipped with every application that
requires it? Otherwise it doesn’t make much sense for it to be an app and
below’s problems apply.

If however the whole plan is making the linker as a DXE and including it
with the firmware, that I'm not quite as sure about. That would necessarily
tie any applications using dynamic linking to TianoCore or any firmware
distribution that derives from it.

I think that was the idea referred to as “edk2 core” by Steven, but I’d
like to hear his proposal to be sure. Virtually everyone uses edk2, so that
itself is not the problem, but versioning is. Vendors are slow to update
their snapshots or have just given up doing that entirely. Distributing it
for external applications like OS loaders would mean this can be leveraged
probably no earlier than 10 years from now. And for in-firmware things, I
have a hard time thinking about a use-case that outweighs the drawbacks.


To shift the topic slightly back to GSoC, however, I'm willing to work
on other items on the task list. Unit testing and an ACPICA application are
the alternative projects I had thought about. I need to choose fairly soon
as the proposal deadline is next Tuesday. I know a tiny bit about porting
ACPICA as I also have plans to incorporate it into my own project.

I have a few more ideas for security stuff, but Nate did not confirm them
as appropriate yet and I’m not here to drive you away from this specific
task (or the others). However, I’m still curious and concerned. :)

Best regards,
Marvin


Re: GSoC Proposal

Marvin Häuser <mhaeuser@...>
 

Do you use the “reply all” option in your mail client? Looks like my CCs have been dropped again. Comments inline.

On 13. Apr 2022, at 12:54, Ada Christine <adachristine18@...> wrote:
Hi, Marvin

Its similarity to my own latest experiment is the key to what grabbed my attention. I have no particular use case in mind for it, but I see its potential for anybody developing larger applications in that when a library is changed there's no need to distribute a new version of the whole binary, just the relevant library module.
I really do not like the trend of treating UEFI as a full-fledged OS - it is not. The most used UEFI applications, OS loaders, are really not that huge and are distributed as part of the OS image anyway. Even for less used applications, you will always get a full snapshot anyhow. Gladly we don’t have auto-update and package management yet. :)


I slept on it and it occurred to me that the whole thing could operate similarly to the shell protocol in that the linker/loader is itself an application that does a LoadImage() on the application needing dynamic linking facilities.
That would mean the linker itself is shipped with every application that requires it? Otherwise it doesn’t make much sense for it to be an app and below’s problems apply.

If however the whole plan is making the linker as a DXE and including it with the firmware, that I'm not quite as sure about. That would necessarily tie any applications using dynamic linking to TianoCore or any firmware distribution that derives from it.
I think that was the idea referred to as “edk2 core” by Steven, but I’d like to hear his proposal to be sure. Virtually everyone uses edk2, so that itself is not the problem, but versioning is. Vendors are slow to update their snapshots or have just given up doing that entirely. Distributing it for external applications like OS loaders would mean this can be leveraged probably no earlier than 10 years from now. And for in-firmware things, I have a hard time thinking about a use-case that outweighs the drawbacks.


To shift the topic slightly back to GSoC, however, I'm willing to work on other items on the task list. Unit testing and an ACPICA application are the alternative projects I had thought about. I need to choose fairly soon as the proposal deadline is next Tuesday. I know a tiny bit about porting ACPICA as I also have plans to incorporate it into my own project.
I have a few more ideas for security stuff, but Nate did not confirm them as appropriate yet and I’m not here to drive you away from this specific task (or the others). However, I’m still curious and concerned. :)

Best regards,
Marvin


Re: GSoC Proposal

Ada Christine <adachristine18@...>
 

Hi, Marvin

Its similarity to my own latest experiment is the key to what grabbed my attention. I have no particular use case in mind for it, but I see its potential for anybody developing larger applications in that when a library is changed there's no need to distribute a new version of the whole binary, just the relevant library module.

I slept on it and it occurred to me that the whole thing could operate similarly to the shell protocol in that the linker/loader is itself an application that does a LoadImage() on the application needing dynamic linking facilities. If however the whole plan is making the linker as a DXE and including it with the firmware, that I'm not quite as sure about. That would necessarily tie any applications using dynamic linking to TianoCore or any firmware distribution that derives from it.

To shift the topic slightly back to GSoC, however, I'm willing to work on other items on the task list. Unit testing and an ACPICA application are the alternative projects I had thought about. I need to choose fairly soon as the proposal deadline is next Tuesday. I know a tiny bit about porting ACPICA as I also have plans to incorporate it into my own project.


Re: GSoC Proposal

Marvin Häuser <mhaeuser@...>
 

CC Nate (GSoC admin)
CC Steven (task mentor)
CC edk2-devel (you picked the logically correct list, but it’s pretty dead and barely anyone reads it)

Hey Ada,

Out of mere curiosity, why did you pick this item? :)

Hey Steven,

I feel like there is more to your proposal than is given on the task page. Why is it “ELF first”, is it something useful for UefiPayloadPkg or Linux somehow?

As for supporting it in the EDK II core, I personally feel like this is much too late. The entire ecosystem is centred around protocols (and the services tables) already. “Loading only when necessary” doesn’t sound very important to me personally, as the firmware image is already supposed to be fairly minimal. I’d rather like to see the introduction of “lazy protocols” (which do not require any new fundamental concepts), e.g., for network and HID stuff like mice and touch, which go through the driver connection procedure only when a protocol function is called for the first time. A big issue with this of course are non-function pointers in the protocol structure.

This will not only require a dynamic linker in the firmware to maybe double the size of the already disgusting and vastly unmaintained PE loader, it will also require further format conversion from ELF and Mach-O, both of which already are buggy (the former much more so than the latter). This is a tremendous effort in my opinion and introducing partial support will cause more awkward toolchain limitations.

Can you please outline why this (in my opinion, big) tradeoff is worth it? Just curious. :)

Best regards,
Marvin

On 13. Apr 2022, at 03:05, Ada Christine <adachristine18@...> wrote:
Hello, edk2 developers!

I've registered as a contributor candidate for GSoC 2022 and am interested in working on one of the items from the Tasks list here https://github.com/tianocore/tianocore.github.io/wiki/Tasks. Specifically, adding dynamic linking support caught my attention as this is something i've been investigating and learning more about in one of my own personal projects. As a little background, my personal project is an experiment in OS development and I use a very small subset of the boot services to get started and loaded. It can be found here: https://github.com/adachristine/sophia. Recently I've started investigating (and begun to implement) using ELF's dynamic facilities to dynamically load kernel modules. I know PE is slightly different to ELF, but the principles seem similar enough.

I've had a few glances at the EDKII source code in the past and have a general idea of how it all fits together. What I have in mind to implement this would be the following:
- create a dynamic linker as a module package to be compiled into the main application
(alternatively, implement dynamic linking as a runtime service driver?)
- adjust the build system to enable building as DLLs and dynamic linking of module packages to the main application
(module packages could be per-application and optionally site packages in a subdirectory of the ESP?)

I know the details of how this would all fit together are a little more involved, but this is just the rough first idea that came to my mind. Happy to hear feedback, and if my idea seems feasible I can get to work on a more in-depth plan to put this together.

Thanks!

- Ada



GSoC Proposal

Ada Christine <adachristine18@...>
 

Hello, edk2 developers!

I've registered as a contributor candidate for GSoC 2022 and am interested in working on one of the items from the Tasks list here https://github.com/tianocore/tianocore.github.io/wiki/Tasks. Specifically, adding dynamic linking support caught my attention as this is something i've been investigating and learning more about in one of my own personal projects. As a little background, my personal project is an experiment in OS development and I use a very small subset of the boot services to get started and loaded. It can be found here: https://github.com/adachristine/sophia. Recently I've started investigating (and begun to implement) using ELF's dynamic facilities to dynamically load kernel modules. I know PE is slightly different to ELF, but the principles seem similar enough.

I've had a few glances at the EDKII source code in the past and have a general idea of how it all fits together. What I have in mind to implement this would be the following:
- create a dynamic linker as a module package to be compiled into the main application
(alternatively, implement dynamic linking as a runtime service driver?)
- adjust the build system to enable building as DLLs and dynamic linking of module packages to the main application
(module packages could be per-application and optionally site packages in a subdirectory of the ESP?)

I know the details of how this would all fit together are a little more involved, but this is just the rough first idea that came to my mind. Happy to hear feedback, and if my idea seems feasible I can get to work on a more in-depth plan to put this together.

Thanks!

- Ada


GenFw: Bad definition for symbol

Oliver Steffen
 

Hi everyone,

I get this error when building StandaloneMmPkg for AARCH64 using gcc 11
on Ubuntu 22.04:

Bad definition for symbol '_GLOBAL_OFFSET_TABLE_'@0x5a20 or
unsupported symbol type.

All other Pkgs seem to build without problems. Am I missing something
obvious?
It also works on Fedora 35, gcc 11.


From the build log:

INFO - "GenFw" -e MM_CORE_STANDALONE -o /__w/1/s/Build/StandaloneMm/DEBUG_GCC5/AARCH64/StandaloneMmPkg/Core/StandaloneMmCore/OUTPUT/StandaloneMmCore.efi /__w/1/s/Build/StandaloneMm/DEBUG_GCC5/AARCH64/StandaloneMmPkg/Core/StandaloneMmCore/DEBUG/StandaloneMmCore.dll
INFO - GenFw: ERROR 3000: Invalid
INFO - /__w/1/s/Build/StandaloneMm/DEBUG_GCC5/AARCH64/StandaloneMmPkg/Core/StandaloneMmCore/DEBUG/StandaloneMmCore.dll: Bad definition for symbol '_GLOBAL_OFFSET_TABLE_'@0x5a20 or unsupported symbol type. For example, absolute and undefined symbols are not supported.


$ aarch64-linux-gnu-objdump -t StandaloneMmCore.dll | grep GLOBAL
0000000000005a20 l O *ABS* 0000000000000000 _GLOBAL_OFFSET_TABLE_


Compiler:

root@54a9075a6e3f:/w/local-ci-runs# aarch64-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=aarch64-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc-cross/aarch64-linux-gnu/11/lto-wrapper
Target: aarch64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 11.2.0-17ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-11/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-11 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-libquadmath --disable-libquadmath-support --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --without-target-system-zlib --enable-multiarch --enable-fix-cortex-a53-843419 --disable-werror --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=aarch64-linux-gnu --program-prefix=aarch64-linux-gnu- --includedir=/usr/aarch64-linux-gnu/include --with-build-config=bootstrap-lto-lean --enable-link-serialization=2
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.2.0 (Ubuntu 11.2.0-17ubuntu1)


Running GenFw with gdb:

Breakpoint 2, WriteSections64 (FilterType=<optimized out>) at Elf64Convert.c:1314
1314 const UINT8 *SymName = GetSymName(Sym);
(gdb) l
1309 // Check section header index found in symbol table and get the section
1310 // header location.
1311 //
1312 if (Sym->st_shndx == SHN_UNDEF
1313 || Sym->st_shndx >= mEhdr->e_shnum) {
1314 const UINT8 *SymName = GetSymName(Sym);
1315 if (SymName == NULL) {
1316 SymName = (const UINT8 *)"<unknown>";
1317 }
1318
1319 //
1320 // Skip error on EM_RISCV64 becasue no symble name is built
1321 // from RISC-V toolchain.
1322 //
1323 if (mEhdr->e_machine != EM_RISCV64) {
1324 Error (NULL, 0, 3000, "Invalid",
1325 "%s: Bad definition for symbol '%s'@%#llx or unsupported symbol type. "
1326 "For example, absolute and undefined symbols are not supported.",
1327 mInImageName, SymName, Sym->st_value);
1328
1329 exit(EXIT_FAILURE);
1330 }
1331 continue;
1332 }
(gdb) print *Sym
$3 = {st_name = 2778, st_info = 1 '\001', st_other = 0 '\000', st_shndx = 65521, st_value = 23072, st_size = 0}
(gdb) print *mEhdr
$4 = {e_ident = "\177ELF\002\001\001\000\000\000\000\000\000\000\000", e_type = 3, e_machine = 183, e_version = 1,
e_entry = 18332, e_phoff = 64, e_shoff = 558048, e_flags = 0, e_ehsize = 64, e_phentsize = 56, e_phnum = 2,
e_shentsize = 64, e_shnum = 25, e_shstrndx = 24}

One can see that st_shndx = 65521, while e_shnum = 25.


Any ideas?

Thanks!!

Cheers,
Oliver


UEFI nested virtualization through qemu?

ben.morrice@...
 

Hello,

We have a use case for nested virtualization with UEFI guests.

I am encountering an issue where the L1 VM 'resets' when attempting to spawn the L2 guest. The 'reset' is the qemu process terminating with a 15 signal with no other obvious logs.

Our infrastructure is as follows:

L0 hypervisor: CentOS 7 with qemu-kvm-ev-2.12.0-44.1.el7_8.1.x86_64 and using host-model cpu mode. We define the L1 guest with the the OVMF package from CentOS (OVMF-20180508-6.gitee3198e672e2.el7) (OVMF_CODE.secboot.fd firmware).

L1 guest: CentOS Stream 8 with qemu-kvm-6.2.0-5.module_el8.6.0+1087+b42c8331.x86_64. We define the L2 guest with the edk2-ovmf package from CentOS Steam 8 (edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch) (OVMF_CODE.secboot.fd firmware)

I have been playing with different combinations of ovmf releases and firmware filenames across both L0 and L1 hosts. The only combination that works (L2 VM can boot) is utilising the OVMF_CODE-pure-efi.fd loader (from the https://www.kraxel.org/repos/jenkins) repo (edk2.git-ovmf-x64 package).

I've tried researching the differences between the OVMF_CODE-pure-efi.fd loader versus OVMF_CODE.secboot.fd but i'm still confused.
Can anyone shed any light on the differences? Or, is there something fundamental that i'm maybe missing when looking at nested UEFI virtualization?
Is there any reason NOT to use the OVMF_CODE-pure-efi.fd loader?


Thanks for reading,

Ben Morrice


UEFI nested virtualization

ben.morrice@...
 

Hello,

We have a use case for nested virtualization with UEFI guests.

I am encountering an issue where the L1 VM 'resets' when attempting to spawn the L2 guest. The 'reset' is the qemu process terminating with a 15 signal with no other obvious logs.

Our infrastructure is as follows:

L0 hypervisor: CentOS 7 with qemu-kvm-ev-2.12.0-44.1.el7_8.1.x86_64 and using host-model cpu mode. We define the L1 guest with the the OVMF package from CentOS (OVMF-20180508-6.gitee3198e672e2.el7) (OVMF_CODE.secboot.fd firmware).

L1 guest: CentOS Stream 8 with qemu-kvm-6.2.0-5.module_el8.6.0+1087+b42c8331.x86_64. We define the L2 guest with the edk2-ovmf package from CentOS Steam 8 (edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch) (OVMF_CODE.secboot.fd firmware)

I have been playing with different combinations of ovmf releases and firmware filenames across both L0 and L1 hosts. The only combination that works (L2 VM can boot) is utilising the OVMF_CODE-pure-efi.fd loader (from the https://www.kraxel.org/repos/jenkins) repo (edk2.git-ovmf-x64 package).

I've tried researching the differences between the OVMF_CODE-pure-efi.fd loader versus OVMF_CODE.secboot.fd but i'm still confused.
Can anyone shed any light on the differences? Or, is there something fundamental that i'm maybe missing when looking at nested UEFI virtualization?
Is there any reason NOT to use the OVMF_CODE-pure-efi.fd loader?


Thanks for reading,

Ben Morrice
CERN IT Department


edk2-libc Building Python environment for UEFI

M.T.
 

Hello
First time poster so please accept apologies if this is the wrong group.
I am trying to build the Python environment for UEFI as described in
Py368ReadMe.txt in edk2-libc. I'm doing this on Ubuntu 20.04.4 LTS. I am
able to build everything else just fine, so my setup seems fine, but as
soon as I enable Python368.inf in AppPkg.dsc, and also add socket module, I
am getting missing header errors. This is what I get after I run: build
-a X64 -p AppPkg/AppPkg.dsc

...
Building ...
/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Sockets/WebServer/WebServer.inf
[X64]
"gcc" -MMD -MF
/home/user/Desktop/dev/uefi/Build/AppPkg/DEBUG_GCC5/X64/AppPkg/Applications/Python/Python-3.6.8/Python368/OUTPUT/Modules/_bisectmodule.obj.deps
-g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror
-Wno-array-bounds -include AutoGen.h -fno-common -ffunction-sections
-fdata-sections -DSTRING_ARRAY_NAME=Python368Strings -m64
-fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))"
-maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie
-fno-asynchronous-unwind-tables -Wno-address -flto -DUSING_LTO -Os
-nostdinc -nostdlib -DUEFI_C_SOURCE -c -o
/home/user/Desktop/dev/uefi/Build/AppPkg/DEBUG_GCC5/X64/AppPkg/Applications/Python/Python-3.6.8/Python368/OUTPUT/Modules/_bisectmodule.obj
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Modules/_ctypes/libffi_msvc
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/_ctypes/libffi_msvc
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/_ctypes
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Modules/_ctypes
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/zlib
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/expat
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/cjkcodecs
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/_io
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/_sha3
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/_blake2
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Programs
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Modules
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Objects
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Objects
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Python
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/PyMod-3.6.8/Python
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Parser
-I/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8
-I/home/user/Desktop/dev/uefi/Build/AppPkg/DEBUG_GCC5/X64/AppPkg/Applications/Python/Python-3.6.8/Python368/DEBUG
-I/home/user/Desktop/dev/uefi/edk2-libc/StdLib
-I/home/user/Desktop/dev/uefi/edk2-libc/StdLib/Include
-I/home/user/Desktop/dev/uefi/edk2-libc/StdLib/Include/X64
-I/home/user/Desktop/dev/uefi/edk2/MdePkg
-I/home/user/Desktop/dev/uefi/edk2/MdePkg/Include
-I/home/user/Desktop/dev/uefi/edk2/MdePkg/Test/UnitTest/Include
-I/home/user/Desktop/dev/uefi/edk2/MdePkg/Include/X64
-I/home/user/Desktop/dev/uefi/edk2/MdeModulePkg
-I/home/user/Desktop/dev/uefi/edk2/MdeModulePkg/Include
/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/_bisectmodule.c
Building ...
/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Sockets/SetHostName/SetHostName.inf
[X64]
make: Nothing to be done for 'tbuild'.
/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Modules/_bisectmodule.c:7:10:
fatal error: Python.h: No such file or directory
7 | #include "Python.h"
| ^~~~~~~~~~
compilation terminated.
Building ...
/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Sockets/GetNetByName/GetNetByName.inf
[X64]
make: Nothing to be done for 'tbuild'.
make: *** [GNUmakefile:771:
/home/user/Desktop/dev/uefi/Build/AppPkg/DEBUG_GCC5/X64/AppPkg/Applications/Python/Python-3.6.8/Python368/OUTPUT/Modules/_bisectmodule.obj]
Error 1


build.py...
: error 7000: Failed to execute command
make tbuild
[/home/user/Desktop/dev/uefi/Build/AppPkg/DEBUG_GCC5/X64/AppPkg/Applications/Python/Python-3.6.8/Python368]


build.py...
: error F002: Failed to build module

/home/user/Desktop/dev/uefi/edk2-libc/AppPkg/Applications/Python/Python-3.6.8/Python368.inf
[X64, GCC5, DEBUG]

The error is obvious enough, the build system is unable to find Python.h.It
also seems like Python.h should be coming from the included Python
distribution under AppPkg/Applications/Python/Python-3.6.8/However, I do
not see the Include in the build command for it. I am not all that
familiar with the build system yet, but how would I add the Include into
the build system? Unless I am totally wrong about the issue here.

Appreciate any feedback.
Thank you
xp


GSoC2022-Add Rust Support to EDK II.

huangwenyuu@...
 

I'm Wenyu Huang, pursueing the MPhil degree in the Chinese University of Hong Kong, Shenzhen. My research is focusing on the operating system and virtualization and I am familiar with using Rust. So I am so interested in Add Rust Support to EDK II. Could you guide me how to go through researching about the project? Thank you.


Touch Support in EDK2

Thomas Finny
 

I'm working with software (VeraCrypt) that uses EDK2 to support touch interaction at boot. It doesn't seem to work with the ASUS Vivobook 14 Flip, however, so I rebuilt the app with some debugging code.

There is a TouchDevice detected and a handle is obtained, but when DevicePathFromHandle() is called, it returns 3 (ERROR_UNSUPPORTED). Is DevicePathFromHandle() not returning success directly related to why touch isn't working, or can touch work without this function returning a valid path?

I'm thinking that perhaps EDK2's touch support may be incompatible with the Vivobook 14.

Note that VeraCrypt is built off the UDK2015 branch. Does that branch not have reliable support for touch?


Touch Support in EDK2

Thomas Finny
 

I'm working with software (VeraCrypt) that uses EDK2 to support touch interaction at boot.  It doesn't seem to work with the ASUS Vivobook 14 Flip, however, so I rebuilt the app with some debugging code.

There is a TouchDevice detected and a handle is obtained, but when DevicePathFromHandle() is called, it returns 3 (ERROR_UNSUPPORTED).  Is DevicePathFromHandle() not returning success directly related to why touch isn't working, or can touch work without this function returning a valid path?

I'm thinking that perhaps EDK2's touch support may be incompatible with the Vivobook 14.

Note that VeraCrypt is built off the UDK2015 branch.  Does that branch not have reliable support for touch?
-- Sent with https://mailfence.com Secure and private email


Re: MM communication buffer access denied or leading to an unhandled exception

Thomas Abraham
 

Hi Fabrice,

On Wed, Apr 6, 2022 at 12:25 AM, Fabrice DECROP LONGET wrote:


Hi,

I'm currently working on implemting the secure partition manager in EDK2. My
platform is based on reference design DANIEL. But I'm facing several issues,
that makes me very confused, and don't know what to do now for implenting
this feature.
Couple of questions to understand this better -

1. Is the reference design DANIEL platform you work on downloaded from https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps? If yes, what is the version number of the FVP?

2. Is the software you are using same as described in https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/master/docs/infra/rdv1/readme.rst. If yes, what is the release tag being used?

Thanks,
Thomas.


MM communication buffer access denied or leading to an unhandled exception

Fabrice DECROP LONGET
 

Hi,

I'm currently working on implemting the secure partition manager in EDK2. My platform is based on reference design DANIEL. But I'm facing several issues, that makes me very confused, and don't know what to do now for implenting this feature.

First, I enable the SPM flag in ARM-TF firmware. I'm sure that this feature is enabled. MM communication buffer is (should be) correctly configured in mapping of this firmware. I say _correctly_ because, to my understanding, SPM_MM flag is correctly set in compilation and arm-tf firmware generation. To my understanding, it should be enough for EDK2 BIOS to have RW access to MM communication buffer.

Second, in EDK2, I enable the StandaloneMmPkg in EDK2 compilation. I also add the VariableInfo application, to test the communication between the Normal and Secure world.

Then, here are descriptions of the several issues I'm facing :

1-After the later configuration of arm-tf and EDK2 (SPM_MM enabled and StandaloneMmPkg addition), boot od EDK2 is leading to an hundandled exception.
I must also mention that MM communication buffer (@FF60000) access is not possible through armds in EL2 (typing EL2:FF600000 in the memory section debugger). Memory view is not not show any content, and is colored in pink.

2-I assume that I have to add MM communication memory zone (@FF600000) in the Mmu configuration. That'as what I saw in the StandaloneAARCH64 branch of EDK2 (in edk2-staging)
To achieve this addition, I added a call to BuidRessourceDescriptorHob() in MemoryPeim() of ArmPlatformPkg. Of course, this call has PcdMmBufferBase (=0xFF600000) in input parameter.
With this addition, former hundandled exception is corrected.
But : MM communication memory zone is still pink in the memory section of ArmDs. And MmCommunicationDxe driver failed to ubstall protocol interface (gEfiCommunication2ProtocolGuid)
So, my test application VariableInfo failed to communicate with secure world.


Could someone point me what I'm doing wrong ?
Is there some configuration to do in Mmu in EDK2 to enable communication ? If so, what should it be ?
Is it normal to have no access at the output of Arm-TF (and at the very beginning of BL33 = UEFI EDK2 normal world) trough ArmDS in its memory section.


Many thanks for your help.


Fabrice DECROP LONGET
SiPearl - Ingénieur BIOS/UEFI
Mobile: +33 6 44 12 09 85
https://www.sipearl.com


Re: Device path for the HII Form drivers

Tomas Pilar (tpilar)
 

I've tried to debug OVMF code and have found out that the RouteConfig
call fails because the DevicePath is not present in the ConfigResp
string:
https://github.com/tianocore/edk2/blob/7c0ad2c33810ead45b7919f8f8d0e282dae52e71/MdeModulePkg/Universal/HiiDatabaseDxe/ConfigRouting.c#L5486

I think this implementation guards against the possibility that you might have two similar devices that install the same third-party driver. Now the two drivers will install two HII forms with the same GUID so the RouteConfig has to distinguish between then somehow.

Cheers,
Tom


Re: `varstore` vs `efivarstore`

Tomas Pilar (tpilar)
 

I understand that the `varstore` gives you more flexibility as you can
control the behaviour of save/load (=route/extract) functions. But
what can you achieve with this?
For example, writing a third-party driver (optionROM for a PCIe card). Using a varstore allows you to control how the configuration is stored and where it is stored - likely you have a config flash partition on your device. Storing config on your device means the physical device carries its config to a new server when you move it.

Moreover, your device has to be compatible with many different builds of bioses in different servers. While we have UEFI standards and EDK2 libraries, there are nevertheless 'behavioural quirks' with many (especially older) implementations of UEFI in various servers. As a driver developer I was very cautious about letting the server handle the storage of my variables.

Cheers,
Tom


Re: Automatic number to bool conversion in VFR

Tomas Pilar (tpilar)
 

But when I've tried to create more complicated expressions I have
found out some strange things:
```
suppressif (1 AND 0); - present
suppressif (1 AND 1); - present (???)
suppressif (0 OR 0); - present
suppressif (1 OR 0); - present (???)
suppressif (TRUE OR 0); - present (???)
```
It looks like for correct behaviour explicit cast is needed:
```
suppressif ((BOOLEAN)1 AND (BOOLEAN)1); - not present
suppressif ((BOOLEAN)1 OR (BOOLEAN)0); - not present
suppressif (TRUE OR (BOOLEAN)0); - not present
```

Can someone explain to me the logic when the cast statement is not present?
Hi Konstantin,

I could be wrong, but this is my understading of the situation. The process of building and using HII includes transpiling a file written in VFR into IFR bytecode. This transpilation is custom for edk2 and therefore the transpiler is likely to be more 'quirky' than what you'd expect of your mainstream compiler. Especially for less-utilised syntax structures, where it had far less user testing. I've usually limited myself to well-worn paths when writing up a VFR file for a driver.

Cheers,
Tom


`varstore` vs `efivarstore`

Konstantin Aladyshev
 

Hello!

Can someone explain to me, what is a typical reason for using
`varstore` instead of `efivarstore` for HII storage?

I understand that the `varstore` gives you more flexibility as you can
control the behaviour of save/load (=route/extract) functions. But
what can you achieve with this?

EDKII has several drivers with `varstore`, can you give me some
examples, why do they need exactly this type of storage?

./MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanceManager.vfr
./MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.vfr
./MdeModulePkg/Universal/PlatformDriOverrideDxe/Vfr.vfr
./NetworkPkg/HttpBootDxe/HttpBootConfigVfr.vfr
./NetworkPkg/Ip4Dxe/Ip4Config2.vfr
./NetworkPkg/Ip6Dxe/Ip6Config.vfr
./NetworkPkg/IScsiDxe/IScsiConfigVfr.vfr
./NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
./NetworkPkg/VlanConfigDxe/VlanConfig.vfr
./NetworkPkg/WifiConnectionManagerDxe/WifiConnectionManagerDxe.vfr
./OvmfPkg/PlatformDxe/PlatformForms.vfr
./SecurityPkg/HddPassword/HddPassword.vfr
./SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordForm.vfr
./SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr
./SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
./OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiVfr.Vfr

Best regards,
Konstantin Aladyshev


Automatic number to bool conversion in VFR

Konstantin Aladyshev
 

Hello!

I was experimenting with conditions under the `suppressif` statement:
```
suppressif TRUE; - element is not present
suppressif FALSE; - element is present
```
From the C language I'm used to the fact that 0 is FALSE, and every
other number is TRUE. And at first glance it looks like VFR has the
same cast:
```
suppressif 2; - not present
suppressif 1; - not present
suppressif 0; - present
```
But when I've tried to create more complicated expressions I have
found out some strange things:
```
suppressif (1 AND 0); - present
suppressif (1 AND 1); - present (???)
suppressif (0 OR 0); - present
suppressif (1 OR 0); - present (???)
suppressif (TRUE OR 0); - present (???)
```
It looks like for correct behaviour explicit cast is needed:
```
suppressif ((BOOLEAN)1 AND (BOOLEAN)1); - not present
suppressif ((BOOLEAN)1 OR (BOOLEAN)0); - not present
suppressif (TRUE OR (BOOLEAN)0); - not present
```

Can someone explain to me the logic when the cast statement is not present?

Best regards,
Konstantin Aladyshev

221 - 240 of 1157