The 3rd party image should be loaded after EndOfDxe event signal and
DxeSmmReadyToLock protocol installation. But non-SMM platform doesn't
published DxeSmmReadyToLock protocol.
So the SecurityStubDxe can only depend on EndOfDxe event.
This patch enhances the SecurityStubDxe to listen on
DxeSmmReadyToLock protocol installation and if any 3rd party image
is loaded before DxeSmmReadyToLock, it reports failure.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
The API dispatches the deferred images that are returned from all
DeferredImageLoad instances.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
The images not from FV are treated as 3rd party images. They will
be deferred to dispatch when they are dispatched before EndOfDxe
event.
It's a new feature in the BS.LoadImage() path which can disallow
executing 3rd party images before EndOfDxe and re-execute them
after EndOfDxe (through EfiBootManagerDispatchDeferredImages
introduced in next commit).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
Upon booting to a legacy OS, LegacyBios driver is responsible to
initialize the BDA region with the correct COM port base address.
But the current logic to get the COM port base address from IsaIo
instance is not correct.
The patch fixes this bug.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
When PciSioSerial is firstly started with a non-NULL remaining
device path, the UART instance is created using the parameters
specified in the remaining device path. Later when the driver
is started again on the same UART controller with NULL remaining
device path, the correct logic is to directly return SUCCESS
instead of current buggy implementation which wrongly produces
another UART using the default parameters.
The bug causes two UARTs are created when the UART is configured
in 57600 baud rate.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
The previous change to disable deprecated APIs in CorebootPayloadPkg
used "/D" instead of "-D". It caused Linux GCC build error. Correct
it to use "-D" instead.
Cc: Prince Agyeman <prince.agyeman@intel.com>
Cc: Rusty Coleman <rcoleman@sigovs.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Maurice Ma <maurice.ma@intel.com>
Reviewed-by: Prince Agyeman <prince.agyeman@intel.com>
Reviewed-by: Rusty Coleman <rcoleman@sigovs.com>
Current code not validate the input buffer before touch.
it may touch the buffer outside the validate scope. This
patch validate the input size big enough to touch the
first node.
Cc: Ruiyu NI <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Former patch still has some bugs, so rollback it and
enhance the original code.
Cc: Ruiyu NI <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Current code not validate the input buffer before touch.
it may touch the buffer outside the validate scope. This
patch validate the input size big enough to touch the
first node.
Cc: Ruiyu NI <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Former patch still has some bugs, so rollback it and
enhance the original code.
Cc: Ruiyu NI <ruiyu.ni@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
PeiServicesAllocatePages () will output sizeof (EFI_PHYSICAL_ADDRESS) value.
IdtTableForX64 is sizeof (UINTN) local variable. It will overwrite other local
variable.
This issue is found when we dump BaseOfStack value.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
According to UFS Host Controller Spec(JESD223), the bits 1:0 of this
DataByteCount field shall be 11b to indicate Dword granularity.
But the size of UFS Request Sense Data Response defined in UFS Spec
(JESD220C) is 18 which is not Dword aligned, we would have to round
down to the multiple of 4 to fill the DBC field to avoid bring issue
on some UFS HCs.
Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
1) Add capsule and recovery boot path handling in platform BDS.
2) Add check if the platform is using default test key for capsule.
Produce PcdTestKeyUsed to indicate if there is any
test key used in current BIOS, such as recovery key,
or capsule update key.
Then the generic UI may consume this PCD to show warning information.
Cc: David Wei <david.wei@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: David Wei <david.wei@intel.com>
RecoveryModuleLoadPei supports recovery system firmware via FMP capsule.
RecoveryModuleLoadPei produces EFI_PEI_RECOVERY_MODULE_PPI. It is invoked
by DxeIpl in recovery boot mode.
LoadRecoveryCapsule() will scan all possible
gEfiPeiDeviceRecoveryModulePpiGuid and get EDKII system FMP capsule there.
LoadRecoveryCapsule() will perform the FMP authentication and version
check. If and only if the FMP authentication passes, and EDKII system FMP
capsule version is equal to the current system firmware Version, the
recovery will be performed. Or this capsule image is discard.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Tested-by: Michael Kinney <michael.d.kinney@intel.com>
SystemFirmwareUpdate supports update system firmware via UEFI FMP capsule.
SystemFirmwareReportDxe.inf can be included in system BIOS. It is a
lightweight FMP protocol implementation and it only reports FMP
information, so that ESRT table can report the system firmware
information. SetImage() will dispatch the driver FV in the EDKII system
FMP image (SystemFirmwareUpdateDxe),
then pass thru the SetImage() request to latter.
SystemFirmwareUpdateDxe.inf can be included in EDKII system capsule image.
It is a full feature FMP protocol implementation and supports SetImage().
It can be used to update the system firmware.
SystemFirmwareUpdateDxe.inf can also be included in system firmware.
If so SystemFirmwareReportDxe.inf is not needed.
SystemFirmwareUpdateDxe SetImage() will perform the FMP authentication and
version check. If and only if the FMP authentication passes, and new
EDKII system capsule version is no less than current system firmware
LowestSupportedVersion, the system firmware will be updated.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Tested-by: Michael Kinney <michael.d.kinney@intel.com>
1) Add capsule related GUID.
EdkiiSystemFmpCapsule
2) Add capsule related library.
EdkiiSystemCapsuleLib
IniParsingLib
PlatformFlashAccessLib
3) Add EDKII system capsule related DynamicEx PCD
PcdEdkiiSystemFirmwareImageDescriptor
PcdEdkiiSystemFirmwareFileGuid
NOTE: We use DynamicEx here because the update driver may be in
the capsule FMP, instead of system firmware.
The update driver MUST use the PCD info produced system firmware.
4) Add Test key file PCD
These PCDs indicate the GUID of FFS which contains test key file.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Tested-by: Michael Kinney <michael.d.kinney@intel.com>
