This patch provides a set of include segment files for platform owner to
easily enable/disable network stack support on their platform.
For DSC, there are:
- a "NetworkDefines.dsc.inc" for the [Defines] section(s),
- a "NetworkLibs.dsc.inc" for the [LibraryClasses*] section(s),
- a "NetworkPcds.dsc.inc" for the [Pcds*] section(s),
- a "NetworkComponents.dsc.inc" for the [Components*] section(s).
For FDF, there is:
- a "Network.fdf.inc" for the [Fv*] section(s).
These files can be added to the platform DSC/FDF file by using
!include NetworkPkg/xxx
where "xxx" is the *.inc file name.
A platform DSC file can diverge from the defaults in
"NetworkDefines.dsc.inc" by setting the individual DEFINEs before
including "NetworkDefines.dsc.inc".
And, build command line ("-D FLAG=VALUE") can be used to enable or
disable related feature set, please check "NetworkDefines.dsc.inc"
for a detail description of each flag.
The default value of these flags are:
DEFINE NETWORK_ENABLE = TRUE
DEFINE NETWORK_SNP_ENABLE = TRUE
DEFINE NETWORK_IP4_ENABLE = TRUE
DEFINE NETWORK_IP6_ENABLE = TRUE
DEFINE NETWORK_TLS_ENABLE = TRUE
DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
DEFINE NETWORK_ISCSI_ENABLE = TRUE
DEFINE NETWORK_VLAN_ENABLE = TRUE
Related BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1293
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
This is a shell application to dump dynamic PCD settings.
Type DumpDynPcd -?/h/H to get help information.
Type DumpDynPcd -v/V to get version information.
Type DumpDynPcd [PcdName] to get Pcd information.
https://bugzilla.tianocore.org/show_bug.cgi?id=1541
v2:1.Add static for global variables.
2.Change the parameter amount of InternalStrnCatGrow in DumpDynPcd.c.
3.Add open brace according to EDK II C Coding Standards Specification.
4.Remove the dependency on ShellPkg.dec in DumpDynPcd.inf.
v3:Add static for all global variables and internal functions.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Some systems such as FreeBSD identify the platform as 'arm64'
and not 'aarch64' as Linux does.
Signed-off-by: Rebecca Cran <rebecca@bluestop.org>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: fix up DKIM damage in the "From:" address]
When building OvmfPkg/EnrollDefaultKeys for IA32 with gcc-4.8 for the
DEBUG target (and possibly under other build configurations too), the
compiler incorrectly reports,
> OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c: In function
> 'ShellAppMain':
> OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c:631:10: error:
> 'SizeOfPkKek1' may be used uninitialized in this function
> [-Werror=maybe-uninitialized]
> Status = EnrollListOfCerts (
> ^
> OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c:703:12: error: 'PkKek1'
> may be used uninitialized in this function [-Werror=maybe-uninitialized]
> FreePool (PkKek1);
> ^
> cc1: all warnings being treated as errors
Suppress this warning, in the style suggested under
<https://bugzilla.tianocore.org/show_bug.cgi?id=607>.
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: be9470b3c9
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=1764
Some compiler flags restrict the compiler from making
arbitrary decisions while handling undefined C/C++ behaviors.
Therefore they can be used to fix some issues caused by undefined behavior.
For example, for GCC, the following flags are available:
-fno-delete-null-pointer-checks tells
the compiler NOT to assume that null pointer deference does not exist.
-fwrapv tells the compiler that signed overflow always wraps.
This patch is going to add these 2 build options to
BaseTool GCC build option.
Signed-off-by: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The following commit removed the unconditional UC setting
just prior to closing the SMRAM region. This is a correct
change for most platforms.
bfc87aa78e
The Quark platforms still require this UC setting, so move
the UC setting into the Quark specific SMM Access Protocol
when the Close() service is called.
Cc: Kelly Steele <kelly.steele@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>
The CpuMpPei module uses a services from the CpuLib class,
but the CpuLib class is missing from the INF file. This
update is required to use the new MpInitLibUp instance that
does not use the CpuLib class.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Add a new instance of the MpInitLib that is designed for
uniprocessor platforms that require the use of modules
that depend on the MP_SERVICES_PROTOCOL for dispatch
or to retrieve information about the boot processor.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Set PcdSpeculationBarrierType to use CPUID instead of the
default LFENCE in the BaseLib function SpeculationBarrier().
LFENCE requires SSE2, and Quark platforms do not support
SSE2.
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Michael Kubacki <michael.a.kubacki@intel.com>
Use PcdSpeculationBarrierType in the x86 implementation
of SpeculationBarrier() to select between AsmLfence(),
AsmCpuid(), and no operation.
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Brian J. Johnson <brian.johnson@hpe.com>
Add gEfiMdePkgTokenSpaceGuid.PcdSpeculationBarrierType that
uses the PCD type FixedAtBuild. This performs a build time
selection for the type of speculation barrier to use in the
BaseLib function SpeculationBarrier(). The recommended
speculation barrier for x86 is LFENCE and this is the default
value for this PCD. x86 CPUs that do not support LFENCE must
select one of the other supported values which includes CPUID
and nothing.
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Brian J. Johnson <brian.johnson@hpe.com>
On Xen, hvmloader firmware leaves address decoding enabled for
enumerated PCI device before jumping into OVMF. OVMF seems to
expect it to be disabled and tries to size PCI BARs in several places
without disabling it which causes BAR64, for example, being
incorrectly placed by QEMU.
Fix it by disabling PCI address decoding explicitly before the
first attempt to size BARs on Xen.
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
In case BAR64 is placed below 4G choose the correct aperture.
This fixes a failed assertion down the code path.
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
This aperture doesn't exist in QEMU-XEN and hvmloader places BARs
in arbitrary order disregarding prefetchable bit. This makes
prefetchable and non-prefetchable BARs to follow each other that's
quite likely with PCI passthrough devices. In that case, the existing
code, that tries to work out aperture boundaries by reading hvmloader
BAR placement, will report a bogus prefetchable aperture which overlaps
with the regular one. It will eventually trigger an assertion in
DXE PCI initialization code.
Do the same thing as OVMF on QEMU-KVM and pass a non-existing aperture
there. It's not necessary to pass additional allocation flags as we set
ResourceAssigned flag on the root bridge which means they will be ignored.
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Disconnect the certificate that is enrolled as both Platform Key and first
Key Exchange Key from Red Hat: expect the hypervisor to specify it, as
part of SMBIOS.
Example usage with QEMU:
* Generate self-signed X509 certificate:
openssl req \
-x509 \
-newkey rsa:2048 \
-outform PEM \
-keyout PkKek1.private.key \
-out PkKek1.pem
(where "PEM" simply means "DER + base64 + header + footer").
* Strip the header, footer, and newline characters; prepend the
application prefix:
sed \
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
-e '/^-----END CERTIFICATE-----$/d' \
PkKek1.pem \
| tr -d '\n' \
> PkKek1.oemstr
* Pass the certificate to EnrollDefaultKeys with the following QEMU
option:
-smbios type=11,value="$(< PkKek1.oemstr)"
(Note: for the above option to work correctly, a QEMU version is needed
that includes commit 950c4e6c94b1 ("opts: don't silently truncate long
option values", 2018-05-09). The first upstream release with that commit
was v3.0.0.
Once <https://bugs.launchpad.net/qemu/+bug/1826200> is fixed, QEMU will
learn to read the file directly; passing the blob on the command will be
necessary no more.)
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
According to the edk2 coding standards, "[w]hen all letters in an acronym
are capitalized, it makes the prior and subsequent words visually
difficult to distinguish".
Fix the spellings of three acronyms, accordingly:
- "KEK" (Key Exchange Key) should be written as "Kek", in "mMicrosoftKEK",
- "CA" (Certificate Authority) should be written as "Ca", in
"mMicrosoftUefiCA",
- "PCA" (Production Certificate Authority) should be written as "Pca", in
"mMicrosoftPCA".
Generate the changes with:
sed --regexp-extended --in-place \
--expression='s,\<mMicrosoftKEK\>,mMicrosoftKek,g' \
--expression='s,\<mMicrosoftUefiCA\>,mMicrosoftUefiCa,g' \
--expression='s,\<mMicrosoftPCA\>,mMicrosoftPca,g' \
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
Having removed VALID_ARCHITECTURES from
"OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf", it now makes sense to
reflect the related platform DSC bits from OvmfPkg to ArmVirtPkg.
Build "EnrollDefaultKeys.efi" as part of ArmVirtQemu and ArmVirtQemuKernel
(which are the ArmVirtPkg platforms that include SecureBootConfigDxe too).
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
