SecurityPkg/OpalPasswordExtraInfoVariable.h: Remove the deprecated guid and variable.

After Opal solution enhance BlockSid solution to consume the TCG PP. This variable and guid definition is deprecated. Signed-off-by: Eric Dong <eric.dong@intel.com>
SecurityPkg/OpalPasswordSmm: Fix get BlockSid value error.
2019-05-08 11:30:02 +08:00 · 2019-05-08 11:30:01 +08:00 · 2019-05-08 11:30:01 +08:00 · 2018-11-26 10:07:36 +08:00 · 2018-11-21 09:28:21 +08:00 · 2018-11-21 09:27:39 +08:00
454 changed files with 23113 additions and 4056 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 Build/
 tags/
 .DS_Store
--- a/BaseTools/Bin/externals.txt
+++ b/BaseTools/Bin/externals.txt
@ -1 +1,2 @@
-Win32  https://svn.code.sf.net/p/edk2-toolbinaries/code/trunk/Win32
+Win32  -r 253 https://svn.code.sf.net/p/edk2-toolbinaries/code/trunk/Win32
 GIT: 0e088c19ab31fccd1d2f55d9e4fe0314b57c0097 https://github.com/tianocore/edk2-BaseTools-win32.git
--- a/BaseTools/BinWrappers/PosixLike/BrotliCompress
+++ b/BaseTools/BinWrappers/PosixLike/BrotliCompress
@ -11,32 +11,52 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-LVL="--quality 9"
+QLT="-q 9"
 INPUTFLAG=0
-while [ $# != 0 ];do
+for arg; do
-  case $1 in
+  if [ $1 = -d ]
-    -d)
+    then
-      ARGS+="--decompress "
+      INPUTFLAG=1
-    ;;
+  fi
-    -e)
+  if [ $1 = -e ]
-    ;;
+    then
-    -g)
+      INPUTFLAG=1
      ARGS+="--gap $2 "
      shift
-    ;;
+      continue;
-    -l)
+  fi
-      LVL="--quality $2 "
+  if [ $1 = -g ]
    then
      ARGS+="$1 $2 "
      shift
    ;;
    -o)
      ARGS+="--output $2 "
      shift
-    ;;
+      continue;
-    *)
+  fi
-      ARGS+="--input $1 "
+  if [ $1 = -o ]
-  esac
+    then
      ARGS+="$1 $2 "
      shift
      shift
      continue;
  fi
  if [ $1 = -q ]
    then
      QLT="$1 $2 "
      shift
      shift
      continue;
  fi
  if [ $INPUTFLAG -eq 1 ]
    then
      if [ -z $2 ]
        then
          ARGS+="$QLT -i $1 "
          break;
      fi
  fi
 ARGS+="$1 "
 shift
 done
-exec Brotli $ARGS $LVL
+exec Brotli $ARGS
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
 #  Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
 #  Portions copyright (c) 2011 - 2014, ARM Ltd. All rights reserved.<BR>
 #  Copyright (c) 2015, Hewlett-Packard Development Company, L.P.<BR>
@ -74,6 +74,12 @@ DEFINE VS2015x86_BIN    = ENV(VS2015_PREFIX)Vc\bin
 DEFINE VS2015x86_DLL    = ENV(VS2015_PREFIX)Common7\IDE;DEF(VS2015x86_BIN)
 DEFINE VS2015x86_BINX64 = DEF(VS2015x86_BIN)\x86_amd64
 DEFINE VS2017_BIN         = ENV(VS2017_PREFIX)bin
 DEFINE VS2017_HOST        = x86
 DEFINE VS2017_BIN_HOST    = DEF(VS2017_BIN)\HostDEF(VS2017_HOST)\DEF(VS2017_HOST)
 DEFINE VS2017_BIN_IA32    = DEF(VS2017_BIN)\HostDEF(VS2017_HOST)\x86
 DEFINE VS2017_BIN_X64     = DEF(VS2017_BIN)\HostDEF(VS2017_HOST)\x64
 DEFINE WINSDK_BIN       = ENV(WINSDK_PREFIX)
 DEFINE WINSDKx86_BIN    = ENV(WINSDKx86_PREFIX)
@ -93,6 +99,9 @@ DEFINE WINSDK8x86_BIN    = ENV(WINSDK8x86_PREFIX)x64
 DEFINE WINSDK81_BIN       = ENV(WINSDK81_PREFIX)x86\
 DEFINE WINSDK81x86_BIN    = ENV(WINSDK81x86_PREFIX)x64
 # Microsoft Visual Studio 2017 Professional Edition
 DEFINE WINSDK10_BIN       = ENV(WINSDK10_PREFIX)DEF(VS2017_HOST)
 # These defines are needed for certain Microsoft Visual Studio tools that
 # are used by other toolchains.  An example is that ICC on Windows normally
 # uses Microsoft's nmake.exe.
@ -316,6 +325,14 @@ DEFINE SOURCERY_CYGWIN_TOOLS = /cygdrive/c/Program Files/CodeSourcery/Sourcery G
 #                             Required to build platforms or ACPI tables:
 #                               Intel(r) ACPI Compiler (iasl.exe) from
 #                               https://acpica.org/downloads
 #   VS2017      -win32-  Requires:
 #                             Microsoft Visual Studio 2017 version 15.2 or later
 #                        Optional:
 #                             Required to build EBC drivers:
 #                               Intel(r) Compiler for Efi Byte Code (Intel(r) EBC Compiler)
 #                             Required to build platforms or ACPI tables:
 #                               Intel(r) ACPI Compiler (iasl.exe) from
 #                               https://acpica.org/downloads
 #   DDK3790     -win32-  Requires:
 #                             Microsoft Windows Server 2003 Driver Development Kit (Microsoft WINDDK) version 3790.1830
 #                        Optional:
@ -4054,6 +4071,115 @@ NOOPT_VS2015x86xASL_X64_DLINK_FLAGS    = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT
 *_VS2015x86xASL_EBC_DLINK_FLAGS         = "C:\Program Files (x86)\Intel\EBC\Lib\EbcLib.lib" /NOLOGO /NODEFAULTLIB /MACHINE:EBC /OPT:REF /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /MAP /ALIGN:32 /DRIVER
 ####################################################################################
 #   VS2017       - Microsoft Visual Studio 2017 with Intel ASL
 #   ASL          - Intel ACPI Source Language Compiler (iasl.exe)
 ####################################################################################
 #   VS2017           - Microsoft Visual Studio 2017 professional Edition with Intel ASL
 *_VS2017_*_*_FAMILY        = MSFT
 *_VS2017_*_*_DLL           = DEF(VS2017_BIN_HOST)
 *_VS2017_*_MAKE_PATH       = DEF(VS2017_BIN_HOST)\nmake.exe
 *_VS2017_*_MAKE_FLAG       = /nologo
 *_VS2017_*_RC_PATH         = DEF(WINSDK10_BIN)\rc.exe
 *_VS2017_*_MAKE_FLAGS      = /nologo
 *_VS2017_*_SLINK_FLAGS     = /NOLOGO /LTCG
 *_VS2017_*_APP_FLAGS       = /nologo /E /TC
 *_VS2017_*_PP_FLAGS        = /nologo /E /TC /FIAutoGen.h
 *_VS2017_*_VFRPP_FLAGS     = /nologo /E /TC /DVFRCOMPILE /FI$(MODULE_NAME)StrDefs.h
 *_VS2017_*_DLINK2_FLAGS    = /WHOLEARCHIVE
 *_VS2017_*_ASM16_PATH      = DEF(VS2017_BIN_IA32)\ml.exe
 ##################
 # ASL definitions
 ##################
 *_VS2017_*_ASL_PATH        = DEF(WIN_IASL_BIN)
 *_VS2017_*_ASL_FLAGS       = DEF(DEFAULT_WIN_ASL_FLAGS)
 *_VS2017_*_ASL_OUTFLAGS    = DEF(DEFAULT_WIN_ASL_OUTFLAGS)
 *_VS2017_*_ASLCC_FLAGS     = DEF(MSFT_ASLCC_FLAGS)
 *_VS2017_*_ASLPP_FLAGS     = DEF(MSFT_ASLPP_FLAGS)
 *_VS2017_*_ASLDLINK_FLAGS  = DEF(MSFT_ASLDLINK_FLAGS)
 ##################
 # IA32 definitions
 ##################
 *_VS2017_IA32_CC_PATH      = DEF(VS2017_BIN_IA32)\cl.exe
 *_VS2017_IA32_VFRPP_PATH   = DEF(VS2017_BIN_IA32)\cl.exe
 *_VS2017_IA32_ASLCC_PATH   = DEF(VS2017_BIN_IA32)\cl.exe
 *_VS2017_IA32_ASLPP_PATH   = DEF(VS2017_BIN_IA32)\cl.exe
 *_VS2017_IA32_SLINK_PATH   = DEF(VS2017_BIN_IA32)\lib.exe
 *_VS2017_IA32_DLINK_PATH   = DEF(VS2017_BIN_IA32)\link.exe
 *_VS2017_IA32_ASLDLINK_PATH= DEF(VS2017_BIN_IA32)\link.exe
 *_VS2017_IA32_APP_PATH     = DEF(VS2017_BIN_IA32)\cl.exe
 *_VS2017_IA32_PP_PATH      = DEF(VS2017_BIN_IA32)\cl.exe
 *_VS2017_IA32_ASM_PATH     = DEF(VS2017_BIN_IA32)\ml.exe
      *_VS2017_IA32_MAKE_FLAGS  = /nologo
  DEBUG_VS2017_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm
 RELEASE_VS2017_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF
 NOOPT_VS2017_IA32_CC_FLAGS      = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gm /Od
  DEBUG_VS2017_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd /Zi
 RELEASE_VS2017_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd
 NOOPT_VS2017_IA32_ASM_FLAGS     = /nologo /c /WX /W3 /Cx /coff /Zd /Zi
  DEBUG_VS2017_IA32_NASM_FLAGS  = -Ox -f win32 -g
 RELEASE_VS2017_IA32_NASM_FLAGS  = -Ox -f win32
 NOOPT_VS2017_IA32_NASM_FLAGS    = -O0 -f win32 -g
  DEBUG_VS2017_IA32_DLINK_FLAGS = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:32 /SECTION:.xdata,D /SECTION:.pdata,D /MACHINE:X86 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 RELEASE_VS2017_IA32_DLINK_FLAGS = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:32 /SECTION:.xdata,D /SECTION:.pdata,D /MACHINE:X86 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
 NOOPT_VS2017_IA32_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:32 /SECTION:.xdata,D /SECTION:.pdata,D /MACHINE:X86 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 ##################
 # X64 definitions
 ##################
 *_VS2017_X64_CC_PATH       = DEF(VS2017_BIN_X64)\cl.exe
 *_VS2017_X64_PP_PATH       = DEF(VS2017_BIN_X64)\cl.exe
 *_VS2017_X64_APP_PATH      = DEF(VS2017_BIN_X64)\cl.exe
 *_VS2017_X64_VFRPP_PATH    = DEF(VS2017_BIN_X64)\cl.exe
 *_VS2017_X64_ASLCC_PATH    = DEF(VS2017_BIN_X64)\cl.exe
 *_VS2017_X64_ASLPP_PATH    = DEF(VS2017_BIN_X64)\cl.exe
 *_VS2017_X64_ASM_PATH      = DEF(VS2017_BIN_X64)\ml64.exe
 *_VS2017_X64_SLINK_PATH    = DEF(VS2017_BIN_X64)\lib.exe
 *_VS2017_X64_DLINK_PATH    = DEF(VS2017_BIN_X64)\link.exe
 *_VS2017_X64_ASLDLINK_PATH = DEF(VS2017_BIN_X64)\link.exe
  DEBUG_VS2017_X64_CC_FLAGS     = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm
 RELEASE_VS2017_X64_CC_FLAGS     = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF
 NOOPT_VS2017_X64_CC_FLAGS       = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Zi /Gm /Od
  DEBUG_VS2017_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd /Zi
 RELEASE_VS2017_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd
 NOOPT_VS2017_X64_ASM_FLAGS      = /nologo /c /WX /W3 /Cx /Zd /Zi
  DEBUG_VS2017_X64_NASM_FLAGS   = -Ox -f win64 -g
 RELEASE_VS2017_X64_NASM_FLAGS   = -Ox -f win64
 NOOPT_VS2017_X64_NASM_FLAGS     = -O0 -f win64 -g
  DEBUG_VS2017_X64_DLINK_FLAGS  = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:32 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 RELEASE_VS2017_X64_DLINK_FLAGS  = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:4254 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:32 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /MERGE:.rdata=.data
 NOOPT_VS2017_X64_DLINK_FLAGS    = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /OPT:ICF=10 /MAP /ALIGN:32 /SECTION:.xdata,D /SECTION:.pdata,D /Machine:X64 /LTCG /DLL /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /SAFESEH:NO /BASE:0 /DRIVER /DEBUG
 ##################
 # EBC definitions
 ##################
 *_VS2017_EBC_*_FAMILY            = INTEL
 *_VS2017_EBC_PP_PATH             = DEF(EBC_BINx86)\iec.exe
 *_VS2017_EBC_VFRPP_PATH          = DEF(EBC_BINx86)\iec.exe
 *_VS2017_EBC_CC_PATH             = DEF(EBC_BINx86)\iec.exe
 *_VS2017_EBC_SLINK_PATH          = DEF(VS2017_BIN_IA32)\link.exe
 *_VS2017_EBC_DLINK_PATH          = DEF(VS2017_BIN_IA32)\link.exe
 *_VS2017_EBC_MAKE_FLAGS          = /nologo
 *_VS2017_EBC_PP_FLAGS            = /nologo /E /TC /FIAutoGen.h
 *_VS2017_EBC_CC_FLAGS            = /nologo /c /WX /W3 /FIAutoGen.h /D$(MODULE_ENTRY_POINT)=$(ARCH_ENTRY_POINT)
 *_VS2017_EBC_VFRPP_FLAGS         = /nologo /E /TC /DVFRCOMPILE /FI$(MODULE_NAME)StrDefs.h
 *_VS2017_EBC_SLINK_FLAGS         = /lib /NOLOGO /MACHINE:EBC
 *_VS2017_EBC_DLINK_FLAGS         = "C:\Program Files (x86)\Intel\EBC\Lib\EbcLib.lib" /NOLOGO /NODEFAULTLIB /MACHINE:EBC /OPT:REF /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /MAP /ALIGN:32 /DRIVER
 ####################################################################################
 #
 # Microsoft Device Driver Kit 3790.1830 (IA-32, X64, Itanium, with Link Time Code Generation)
@ -5512,7 +5638,7 @@ DEFINE CLANG38_X64_PREFIX           = ENV(CLANG38_BIN)
 DEFINE CLANG38_IA32_TARGET          = -target i686-pc-linux-gnu
 DEFINE CLANG38_X64_TARGET           = -target x86_64-pc-linux-gnu
-DEFINE CLANG38_ALL_CC_FLAGS         = DEF(GCC44_ALL_CC_FLAGS) -Wno-empty-body -fno-stack-protector -mms-bitfields -Wno-address -Wno-shift-negative-value -Wno-parentheses-equality -Wno-unknown-pragmas -Wno-tautological-constant-out-of-range-compare -Wno-incompatible-library-redeclaration -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -msoft-float -mno-implicit-float  -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -funsigned-char -fno-ms-extensions -Wno-null-dereference -Wno-tautological-compare
+DEFINE CLANG38_ALL_CC_FLAGS         = DEF(GCC44_ALL_CC_FLAGS) -Wno-empty-body -fno-stack-protector -mms-bitfields -Wno-address -Wno-shift-negative-value -Wno-parentheses-equality -Wno-unknown-pragmas -Wno-tautological-constant-out-of-range-compare -Wno-incompatible-library-redeclaration -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -msoft-float -mno-implicit-float  -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -funsigned-char -fno-ms-extensions -Wno-null-dereference -Wno-tautological-compare -Wno-unknown-warning-option
 ###########################
 # CLANG38 IA32 definitions
@ -7251,202 +7377,17 @@ NOOPT_MYTOOLS_IPF_DLINK_FLAGS            = /NOLOGO /NODEFAULTLIB /LTCG /DLL /OPT
 *_MYTOOLS_EBC_DLINK_FLAGS                = "C:\Program Files\Intel\EBC\Lib\EbcLib.lib" /NOLOGO /NODEFAULTLIB /MACHINE:EBC /OPT:REF /ENTRY:$(IMAGE_ENTRY_POINT) /SUBSYSTEM:EFI_BOOT_SERVICE_DRIVER /MAP /ALIGN:32 /DRIVER
 ####################################################################################
 #
 # Xcode Support for building on Mac OS X (Snow Leopard)
 #
 ####################################################################################
 #   XCODE32         - Xcode 3.2 Tools (Snow Leopard)
 *_XCODE32_*_*_FAMILY            = GCC
 *_XCODE32_*_*_BUILDRULEFAMILY   = XCODE
 *_XCODE32_*_*_BUILDRULEORDER    = S s nasm
 *_XCODE32_*_ASL_PATH          = /usr/bin/iasl
 *_XCODE32_*_MAKE_PATH        = make
 *_XCODE32_*_DSYMUTIL_PATH    = /usr/bin/dsymutil
 # This tool needs to be installed seperatly from Xcode 3.2
 *_XCODE32_*_MTOC_PATH        = /usr/local/bin/mtoc
  DEBUG_XCODE32_*_MTOC_FLAGS = -align 0x20 -d $(DEBUG_DIR)/$(MODULE_NAME).dll
 RELEASE_XCODE32_*_MTOC_FLAGS = -align 0x20
 ##################
 # IA32 definitions
 ##################
 *_XCODE32_IA32_CC_PATH      = gcc
 *_XCODE32_IA32_SLINK_PATH   = libtool
 *_XCODE32_IA32_DLINK_PATH   = ld
 *_XCODE32_IA32_ASM_PATH     = as
 *_XCODE32_IA32_PP_PATH      = gcc
 *_XCODE32_IA32_VFRPP_PATH   = gcc
 *_XCODE32_IA32_ASL_PATH     = iasl
 *_XCODE32_IA32_ASLCC_PATH   = gcc
 *_XCODE32_IA32_ASLPP_PATH   = gcc
 *_XCODE32_IA32_ASLDLINK_PATH  = ld
  DEBUG_XCODE32_IA32_DLINK_FLAGS      = -arch i386 -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x240 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 RELEASE_XCODE32_IA32_DLINK_FLAGS      = -arch i386 -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x220 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCODE32_IA32_SLINK_FLAGS      = -static -o
  DEBUG_XCODE32_IA32_ASM_FLAGS  = -arch i386 -g
 RELEASE_XCODE32_IA32_ASM_FLAGS  = -arch i386
 *_XCODE32_IA32_NASM_FLAGS       = -f macho32
 *_XCODE32_IA32_PP_FLAGS         = -arch i386 -E -x assembler-with-cpp -include $(DEST_DIR_DEBUG)/AutoGen.h
 *_XCODE32_IA32_VFRPP_FLAGS      = -arch i386 -x c -E -P -DVFRCOMPILE --include $(DEST_DIR_DEBUG)/$(MODULE_NAME)StrDefs.h
  DEBUG_XCODE32_IA32_CC_FLAGS   = -arch i386 -save-temps -g -O0 -combine -mms-bitfields  -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces  -c -include AutoGen.h -mdynamic-no-pic -fno-stack-protector
 RELEASE_XCODE32_IA32_CC_FLAGS   = -arch i386 -Oz -combine -mms-bitfields  -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -fomit-frame-pointer -c -include AutoGen.h -mdynamic-no-pic -fno-stack-protector
 *_XCODE32_IA32_ASLCC_FLAGS      = -arch i386 -x c -save-temps -g -O0 -mms-bitfields -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -c -include AutoGen.h -mdynamic-no-pic
 *_XCODE32_IA32_ASLDLINK_FLAGS   = -arch i386 -e _main -preload -segalign 0x20  -pie -seg1addr 0x220 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCODE32_IA32_ASLPP_FLAGS      = -arch i386 -x c -E -include AutoGen.h
 *_XCODE32_IA32_ASL_FLAGS        =
 ##################
 # X64 definitions - still a work in progress. This tool chain does not produce
 # the correct ABI, it is just used to compile the code....
 ##################
 *_XCODE32_X64_CC_PATH       = gcc
 *_XCODE32_X64_SLINK_PATH    = libtool
 *_XCODE32_X64_DLINK_PATH    = ld
 *_XCODE32_X64_ASM_PATH      = as
 *_XCODE32_X64_PP_PATH       = gcc
 *_XCODE32_X64_VFRPP_PATH    = gcc
 *_XCODE32_X64_ASL_PATH     = iasl
 *_XCODE32_X64_ASLCC_PATH   = gcc
 *_XCODE32_X64_ASLPP_PATH   = gcc
 *_XCODE32_X64_ASLDLINK_PATH  = ld
 *_XCODE32_X64_DLINK_FLAGS      = -arch x86_64 -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -seg1addr 0x240 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCODE32_X64_SLINK_FLAGS      = -static -o
  DEBUG_XCODE32_X64_ASM_FLAGS  = -arch x86_64 -g
 RELEASE_XCODE32_X64_ASM_FLAGS  = -arch x86_64
 *_XCODE32_X64_NASM_FLAGS       = -f macho64
 *_XCODE32_X64_PP_FLAGS         = -arch x86_64 -E -x assembler-with-cpp -include $(DEST_DIR_DEBUG)/AutoGen.h
 *_XCODE32_X64_VFRPP_FLAGS      = -arch x86_64 -x c -E -P -DVFRCOMPILE --include $(DEST_DIR_DEBUG)/$(MODULE_NAME)StrDefs.h
  DEBUG_XCODE32_X64_CC_FLAGS   = -arch x86_64 -save-temps -g -O0 -mms-bitfields -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -Wno-address  -fomit-frame-pointer -static  -c -include AutoGen.h -fno-stack-protector
 RELEASE_XCODE32_X64_CC_FLAGS   = -arch x86_64 -Oz -mms-bitfields -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -Wno-address  -fomit-frame-pointer -static  -c -include AutoGen.h -fno-stack-protector
 ##################
 # ARM definitions - (Assumes iPhone SDK installed on Snow Leopard)
 ##################
 *_XCODE32_ARM_ARCHCC_FLAGS    = -arch armv7 -march=armv7 -mthumb
 *_XCODE32_ARM_ARCHASM_FLAGS   = -arch armv7
 *_XCODE32_ARM_ARCHDLINK_FLAGS = -arch armv7
 *_XCODE32_ARM_PLATFORM_FLAGS  =
 *_XCODE32_ARM_CC_PATH       = DEF(IPHONE_TOOLS)/usr/bin/gcc
 *_XCODE32_ARM_SLINK_PATH    = DEF(IPHONE_TOOLS)/usr/bin/libtool
 *_XCODE32_ARM_DLINK_PATH    = ld
 *_XCODE32_ARM_ASM_PATH      = DEF(IPHONE_TOOLS)/usr/bin/as
 *_XCODE32_ARM_PP_PATH       = DEF(IPHONE_TOOLS)/usr/bin/gcc
 *_XCODE32_ARM_VFRPP_PATH    = DEF(IPHONE_TOOLS)/usr/bin/gcc
  DEBUG_XCODE32_ARM_DLINK_FLAGS      = $(ARCHDLINK_FLAGS) -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x220 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 RELEASE_XCODE32_ARM_DLINK_FLAGS      = $(ARCHDLINK_FLAGS) -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x220 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCODE32_ARM_SLINK_FLAGS      = -static -o
  DEBUG_XCODE32_ARM_ASM_FLAGS  = $(ARCHASM_FLAGS) -g
 RELEASE_XCODE32_ARM_ASM_FLAGS  = $(ARCHASM_FLAGS)
 *_XCODE32_ARM_PP_FLAGS         = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -E -x assembler-with-cpp -include $(DEST_DIR_DEBUG)/AutoGen.h
 *_XCODE32_ARM_VFRPP_FLAGS      = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -x c -E -P -DVFRCOMPILE --include $(DEST_DIR_DEBUG)/$(MODULE_NAME)StrDefs.h
  DEBUG_XCODE32_ARM_CC_FLAGS   = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -mthumb-interwork -g -Oz -mabi=aapcs -mapcs -fno-short-enums  -save-temps -combine -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -fomit-frame-pointer -c -include AutoGen.h
 RELEASE_XCODE32_ARM_CC_FLAGS   = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -mthumb-interwork -Oz    -mabi=aapcs -mapcs -fno-short-enums  -save-temps -combine -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -fomit-frame-pointer -c -include AutoGen.h
 ####################################################################################
 #
 # Clang Support for building on Mac OS X
 #
 ####################################################################################
 #   CLANG         - clang that produce Mach-O with EFI x86_64 ABI
 *_XCLANG_*_*_FAMILY            = GCC
 *_XCLANG_*_*_BUILDRULEFAMILY   = XCODE
 *_XCLANG_*_*_BUILDRULEORDER    = S s nasm
 *_XCLANG_*_ASL_PATH          = /usr/bin/iasl
 *_XCLANG_*_MAKE_PATH        = make
 *_XCLANG_*_DSYMUTIL_PATH    = /usr/bin/dsymutil
      *_*_*_MTOC_PATH  = /usr/local/bin/mtoc
  DEBUG_XCLANG_*_MTOC_FLAGS = -align 0x20 -d $(DEBUG_DIR)/$(MODULE_NAME).dll
 RELEASE_XCLANG_*_MTOC_FLAGS = -align 0x20
 *_XCLANG_*_CC_PATH      = ENV(CLANG_BIN)clang
 *_XCLANG_*_SLINK_PATH   = libtool
 *_XCLANG_*_DLINK_PATH   = ld
 *_XCLANG_*_ASM_PATH     = as
 *_XCLANG_*_PP_PATH      = ENV(CLANG_BIN)clang
 *_XCLANG_*_VFRPP_PATH   = ENV(CLANG_BIN)clang
 *_XCLANG_*_ASL_PATH     = iasl
 *_XCLANG_*_ASLCC_PATH   = ENV(CLANG_BIN)clang
 *_XCLANG_*_ASLPP_PATH   = ENV(CLANG_BIN)clang
 *_XCLANG_*_ASLDLINK_PATH  = ld
 ####################
 # IA-32 definitions
 ####################
  DEBUG_XCLANG_IA32_DLINK_FLAGS      = -arch i386 -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x240 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 RELEASE_XCLANG_IA32_DLINK_FLAGS      = -arch i386 -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x220 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCLANG_IA32_SLINK_FLAGS      = -static -o
  DEBUG_XCLANG_IA32_ASM_FLAGS  = -arch i386 -g
 RELEASE_XCLANG_IA32_ASM_FLAGS  = -arch i386 
 *_XCLANG_IA32_NASM_FLAGS       = -f macho32
  DEBUG_XCLANG_IA32_CC_FLAGS   = -arch i386 -c -g -O0  -Wall -Werror -include AutoGen.h -fno-stack-protector -fno-builtin -fshort-wchar -mdynamic-no-pic -mno-sse -mno-mmx -Wno-empty-body -Wno-pointer-sign -Wno-unused-function -Wno-unused-value -Wno-missing-braces -Wno-tautological-compare -Wreturn-type -Wno-unused-variable  -fasm-blocks  -mms-bitfields -msoft-float -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang
 RELEASE_XCLANG_IA32_CC_FLAGS   = -arch i386 -c    -Os  -Wall -Werror -include AutoGen.h -fno-stack-protector -fno-builtin -fshort-wchar -mdynamic-no-pic -mno-sse -mno-mmx -Wno-empty-body -Wno-pointer-sign -Wno-unused-function -Wno-unused-value -Wno-missing-braces -Wno-tautological-compare -Wreturn-type -Wno-unused-variable  -fasm-blocks  -mms-bitfields -msoft-float -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang
 ##################
 # X64 definitions
 ##################
  DEBUG_XCLANG_X64_DLINK_FLAGS      = -arch x86_64 -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x240 -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 RELEASE_XCLANG_X64_DLINK_FLAGS      = -arch x86_64 -u _$(IMAGE_ENTRY_POINT) -e _$(IMAGE_ENTRY_POINT) -preload -segalign 0x20  -pie -all_load -dead_strip -seg1addr 0x220 -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCLANG_X64_SLINK_FLAGS      = -static -o
  DEBUG_XCLANG_X64_ASM_FLAGS  = -arch x86_64 -g
 RELEASE_XCLANG_X64_ASM_FLAGS  = -arch x86_64 
 *_XCLANG_X64_NASM_FLAGS       = -f macho64
 *_XCLANG_*_PP_FLAGS         = -E -x assembler-with-cpp -include $(DEST_DIR_DEBUG)/AutoGen.h 
 *_XCLANG_*_VFRPP_FLAGS      = -x c -E -P -DVFRCOMPILE -include $(DEST_DIR_DEBUG)/$(MODULE_NAME)StrDefs.h 
  DEBUG_XCLANG_X64_CC_FLAGS   = -ccc-host-triple x86_64-pc-win32-macho -c -g -O0  -Wall -Werror -include AutoGen.h -fno-stack-protector -fno-builtin -fshort-wchar -mdynamic-no-pic -Wno-empty-body -Wno-pointer-sign -Wno-unused-function -Wno-unused-value -Wno-missing-braces -Wno-tautological-compare -Wreturn-type -Wno-unused-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang
 RELEASE_XCLANG_X64_CC_FLAGS   = -ccc-host-triple x86_64-pc-win32-macho -c    -Os  -Wall -Werror -include AutoGen.h -fno-stack-protector -fno-builtin -fshort-wchar -mdynamic-no-pic -Wno-empty-body -Wno-pointer-sign -Wno-unused-function -Wno-unused-value -Wno-missing-braces -Wno-tautological-compare -Wreturn-type -Wno-unused-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang
 *_XCLANG_*_ASLCC_FLAGS      = -x c -save-temps -g -O0 -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -c -include AutoGen.h -mdynamic-no-pic
 *_XCLANG_*_ASLDLINK_FLAGS   = -e _main -preload -segalign 0x20  -pie -seg1addr 0x240 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCLANG_*_ASLPP_FLAGS      = -x c -E -include AutoGen.h
 *_XCLANG_*_ASL_FLAGS        =
 #
 # XCODE5 support
 #
 *_XCODE5_*_*_FAMILY            = GCC
 *_XCODE5_*_*_BUILDRULEFAMILY   = XCODE
 *_XCODE5_*_*_BUILDRULEORDER    = S s nasm
 *_XCODE5_*_ASL_PATH          = /usr/bin/iasl
 *_XCODE5_*_MAKE_PATH        = make
 *_XCODE5_*_DSYMUTIL_PATH    = /usr/bin/dsymutil
  DEBUG_XCODE5_*_MTOC_FLAGS = -align 0x20 -d $(DEBUG_DIR)/$(MODULE_NAME).dll
  NOOPT_XCODE5_*_MTOC_FLAGS = -align 0x20 -d $(DEBUG_DIR)/$(MODULE_NAME).dll
 RELEASE_XCODE5_*_MTOC_FLAGS = -align 0x20 
 #
 # use xcode-select to change Xcode version of command line tools
 #
 *_XCODE5_*_MAKE_PATH     = make
 *_XCODE5_*_CC_PATH       = clang
 *_XCODE5_*_SLINK_PATH    = libtool
 *_XCODE5_*_DLINK_PATH    = ld
@ -7457,6 +7398,25 @@ RELEASE_XCODE5_*_MTOC_FLAGS = -align 0x20
 *_XCODE5_*_ASLCC_PATH    = clang
 *_XCODE5_*_ASLPP_PATH    = clang
 *_XCODE5_*_ASLDLINK_PATH = ld
 *_XCODE5_*_DSYMUTIL_PATH = /usr/bin/dsymutil
 *_XCODE5_*_MTOC_PATH     = /usr/local/bin/mtoc
 ##################
 # ASL definitions
 ##################
 *_XCODE5_*_ASLCC_FLAGS      = -x c -save-temps -g -O0 -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -c -include AutoGen.h
 *_XCODE5_*_ASLDLINK_FLAGS   = -e _ReferenceAcpiTable -preload -segalign 0x20  -pie -seg1addr 0x240 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCODE5_*_ASLPP_FLAGS      = -x c -E -include AutoGen.h
 *_XCODE5_*_ASL_FLAGS        =
 *_XCODE5_*_ASL_OUTFLAGS     = DEF(IASL_OUTFLAGS)
 ##################
 # MTOC definitions
 ##################
  DEBUG_XCODE5_*_MTOC_FLAGS = -align 0x20 -d $(DEBUG_DIR)/$(MODULE_NAME).dll
  NOOPT_XCODE5_*_MTOC_FLAGS = -align 0x20 -d $(DEBUG_DIR)/$(MODULE_NAME).dll
 RELEASE_XCODE5_*_MTOC_FLAGS = -align 0x20 
 ####################
 # IA-32 definitions
@ -7472,11 +7432,9 @@ RELEASE_XCODE5_IA32_ASM_FLAGS  = -arch i386
      *_XCODE5_IA32_NASM_FLAGS = -f macho32
-  DEBUG_XCODE5_IA32_CC_FLAGS   = -arch i386 -c -g -Os       -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+  DEBUG_XCODE5_IA32_CC_FLAGS   = -arch i386 -c -g -Os       -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
-RELEASE_XCODE5_IA32_CC_FLAGS   = -arch i386 -c    -Os       -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+RELEASE_XCODE5_IA32_CC_FLAGS   = -arch i386 -c    -Os       -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -Wno-unused-const-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
-  NOOPT_XCODE5_IA32_CC_FLAGS   = -arch i386 -c -g -O0       -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+  NOOPT_XCODE5_IA32_CC_FLAGS   = -arch i386 -c -g -O0       -Wall -Werror -include AutoGen.h -funsigned-char -fno-stack-protector -fno-builtin -fshort-wchar -fasm-blocks -mdynamic-no-pic -mno-implicit-float -mms-bitfields -msoft-float -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
 ##################
 # X64 definitions
@ -7493,16 +7451,9 @@ RELEASE_XCODE5_X64_ASM_FLAGS  = -arch x86_64
 *_XCODE5_*_PP_FLAGS         = -E -x assembler-with-cpp -include $(DEST_DIR_DEBUG)/AutoGen.h 
 *_XCODE5_*_VFRPP_FLAGS      = -x c -E -P -DVFRCOMPILE -include $(DEST_DIR_DEBUG)/$(MODULE_NAME)StrDefs.h 
-
+  DEBUG_XCODE5_X64_CC_FLAGS   = -target x86_64-pc-win32-macho -c -g -Os       -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
-  DEBUG_XCODE5_X64_CC_FLAGS   = -target x86_64-pc-win32-macho -c -g -Os       -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+  NOOPT_XCODE5_X64_CC_FLAGS   = -target x86_64-pc-win32-macho -c -g -O0       -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
-  NOOPT_XCODE5_X64_CC_FLAGS   = -target x86_64-pc-win32-macho -c -g -O0       -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
+RELEASE_XCODE5_X64_CC_FLAGS   = -target x86_64-pc-win32-macho -c    -Os       -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -Wno-varargs -Wno-unused-const-variable -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -D NO_MSABI_VA_FUNCS $(PLATFORM_FLAGS)
 RELEASE_XCODE5_X64_CC_FLAGS   = -target x86_64-pc-win32-macho -c    -Os       -Wall -Werror -Wextra -include AutoGen.h -funsigned-char -fno-ms-extensions -fno-stack-protector -fno-builtin -fshort-wchar -mno-implicit-float -mms-bitfields -Wno-unused-parameter -Wno-missing-braces -Wno-missing-field-initializers -Wno-tautological-compare -Wno-sign-compare -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang $(PLATFORM_FLAGS)
 *_XCODE5_*_ASLCC_FLAGS      = -x c -save-temps -g -O0 -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-missing-braces -c -include AutoGen.h 
 *_XCODE5_*_ASLDLINK_FLAGS   = -e _ReferenceAcpiTable -preload -segalign 0x20  -pie -seg1addr 0x240 -read_only_relocs suppress -map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
 *_XCODE5_*_ASLPP_FLAGS      = -x c -E -include AutoGen.h
 *_XCODE5_*_ASL_FLAGS        =
 *_XCODE5_*_ASL_OUTFLAGS     = DEF(IASL_OUTFLAGS)
 ####################################################################################
 #
--- a/BaseTools/GNUmakefile
+++ b/BaseTools/GNUmakefile
@ -1,7 +1,7 @@
 ## @file
 # GNU/Linux makefile for Base Tools project build.
 #
-# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -24,12 +24,10 @@ subdirs: $(SUBDIRS)
 $(SUBDIRS):
 	$(MAKE) -C $@
 Tests: $(SOURCE_SUBDIRS)
 .PHONY: $(CLEAN_SUBDIRS)
 $(CLEAN_SUBDIRS):
 	-$(MAKE) -C $(@:-clean=) clean
 clean:  $(CLEAN_SUBDIRS)
 test:
 	@$(MAKE) -C Tests
--- a/BaseTools/Source/C/BootSectImage/GNUmakefile
+++ b/BaseTools/Source/C/BootSectImage/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = BootSectImage
--- a/BaseTools/Source/C/BrotliCompress/BrotliCompress.bat
+++ b/BaseTools/Source/C/BrotliCompress/BrotliCompress.bat
@ -14,48 +14,54 @@
@echo off
@setlocal
-set LVL=--quality 9
+set QLT=-q 9
 set INPUTFLAG=0
 :Begin
 if "%1"=="" goto End
 if "%1"=="-d" (
-  set ARGS=%ARGS% --decompress
+  set INPUTFLAG=1
  shift
  goto Begin
 )
 if "%1"=="-e" (
  set INPUTFLAG=1
  shift
  goto Begin
 )
 if "%1"=="-g" (
-  set ARGS=%ARGS% --gap %2
+  set ARGS=%ARGS% %1 %2
  shift
  shift
  goto Begin
 )
 if "%1"=="-l" (
  set LVL=--quality %2
  shift
  shift
  goto Begin
 )
 if "%1"=="-o" (
-  set ARGS=%ARGS% --output %2
+  set ARGS=%ARGS% %1 %2
  set INTMP=%2
  shift
  shift
  goto Begin
 )
-set ARGS=%ARGS% --input %1
+if "%1"=="-q" (
  set QLT=%1 %2
  shift
  shift
  goto Begin
 )
 if %INPUTFLAG%==1 (
 if "%2"=="" (
    set ARGS=%ARGS% %QLT% -i %1
    goto End
  )
 )
 set ARGS=%ARGS% %1
 shift
 goto Begin
 :End
-Brotli %ARGS% %LVL%
+Brotli %ARGS%
@echo on
--- a/BaseTools/Source/C/BrotliCompress/GNUmakefile
+++ b/BaseTools/Source/C/BrotliCompress/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = Brotli
--- a/BaseTools/Source/C/BrotliCompress/tools/bro.c
+++ b/BaseTools/Source/C/BrotliCompress/tools/bro.c
@ -13,6 +13,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <time.h>
 #include <Common/BuildVersion.h>
 #include "../dec/decode.h"
 #include "../enc/encode.h"
@ -67,6 +68,11 @@ static int ParseQuality(const char* s, int* quality) {
  return 0;
 }
 #define UTILITY_NAME          "Brotli"
 #define UTILITY_MAJOR_VERSION 0
 #define UTILITY_MINOR_VERSION 5
 #define UTILITY_REVERSION     2
 static void ParseArgv(int argc, char **argv,
                      char **input_path,
                      char **output_path,
@ -110,6 +116,15 @@ static void ParseArgv(int argc, char **argv,
      }
      *verbose = 1;
      continue;
    } else if (!strcmp("--version", argv[k])) {
      fprintf(stderr,
              "%s Version %d.%d.%d %s\n",
              UTILITY_NAME,
              UTILITY_MAJOR_VERSION,
              UTILITY_MINOR_VERSION,
              UTILITY_REVERSION,
              __BUILD_VERSION);
      exit(1);
    }
    if (k < argc - 1) {
      if (!strcmp("--input", argv[k]) ||
@ -177,7 +192,8 @@ error:
  fprintf(stderr,
          "Usage: %s [--force] [--quality n] [--gap n] [--decompress]"
          " [--input filename] [--output filename] [--repeat iters]"
-          " [--verbose] [--window n] [--custom-dictionary filename]\n",
+          " [--verbose] [--window n] [--custom-dictionary filename]"
          " [--version]\n",
          argv[0]);
  exit(1);
 }
--- a/BaseTools/Source/C/Common/Decompress.c
+++ b/BaseTools/Source/C/Common/Decompress.c
@ -89,11 +89,11 @@ Returns: (VOID)
 --*/
 {
-  Sd->mBitBuf = (UINT32) (Sd->mBitBuf << NumOfBits);
+  Sd->mBitBuf = (UINT32) (((UINT64)Sd->mBitBuf) << NumOfBits);
  while (NumOfBits > Sd->mBitCount) {
-    Sd->mBitBuf |= (UINT32) (Sd->mSubBitBuf << (NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount)));
+    Sd->mBitBuf |= (UINT32) (((UINT64)Sd->mSubBitBuf) << (NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount)));
    if (Sd->mCompSize > 0) {
      //
@ -194,12 +194,16 @@ Returns:
  UINT16  Avail;
  UINT16  NextCode;
  UINT16  Mask;
  UINT16  MaxTableLength;
  for (Index = 1; Index <= 16; Index++) {
    Count[Index] = 0;
  }
  for (Index = 0; Index < NumOfChar; Index++) {
    if (BitLen[Index] > 16) {
      return (UINT16) BAD_TABLE;
    }
    Count[BitLen[Index]]++;
  }
@ -237,6 +241,7 @@ Returns:
  Avail = NumOfChar;
  Mask  = (UINT16) (1U << (15 - TableBits));
  MaxTableLength = (UINT16) (1U << TableBits);
  for (Char = 0; Char < NumOfChar; Char++) {
@ -250,6 +255,9 @@ Returns:
    if (Len <= TableBits) {
      for (Index = Start[Len]; Index < NextCode; Index++) {
        if (Index >= MaxTableLength) {
          return (UINT16) BAD_TABLE;
        }
        Table[Index] = Char;
      }
@ -643,13 +651,23 @@ Returns: (VOID)
      BytesRemain--;
      while ((INT16) (BytesRemain) >= 0) {
        Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];
        if (Sd->mOutBuf >= Sd->mOrigSize) {
          return ;
        }
        if (DataIdx >= Sd->mOrigSize) {
          Sd->mBadTableFlag = (UINT16) BAD_TABLE;
          return ;
        }
        Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];
        BytesRemain--;
      }
      //
      // Once mOutBuf is fully filled, directly return
      //
      if (Sd->mOutBuf >= Sd->mOrigSize) {
        return ;
      }
    }
  }
@ -684,6 +702,7 @@ Returns:
 --*/
 {
  UINT8 *Src;
  UINT32 CompSize;
  *ScratchSize  = sizeof (SCRATCH_DATA);
@ -692,7 +711,13 @@ Returns:
    return EFI_INVALID_PARAMETER;
  }
  CompSize = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24);
  *DstSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24);
  if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) {
    return EFI_INVALID_PARAMETER;
  }
  return EFI_SUCCESS;
 }
@ -752,7 +777,7 @@ Returns:
  CompSize  = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24);
  OrigSize  = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24);
-  if (SrcSize < CompSize + 8) {
+  if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) {
    return EFI_INVALID_PARAMETER;
  }
--- a/BaseTools/Source/C/Common/GNUmakefile
+++ b/BaseTools/Source/C/Common/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 # VPATH = ..
--- a/BaseTools/Source/C/EfiLdrImage/GNUmakefile
+++ b/BaseTools/Source/C/EfiLdrImage/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = EfiLdrImage
--- a/BaseTools/Source/C/EfiRom/GNUmakefile
+++ b/BaseTools/Source/C/EfiRom/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = EfiRom
--- a/BaseTools/Source/C/GNUmakefile
+++ b/BaseTools/Source/C/GNUmakefile
@ -1,7 +1,7 @@
 ## @file
 #  GNU/Linux makefile for C tools build.
 #
-#  Copyright (c) 2007 - 2012, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -12,47 +12,49 @@
 #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ifndef ARCH
+ifndef HOST_ARCH
  #
-  # If ARCH is not defined, then we use 'uname -m' to attempt
+  # If HOST_ARCH is not defined, then we use 'uname -m' to attempt
-  # try to figure out the appropriate ARCH.
+  # try to figure out the appropriate HOST_ARCH.
  #
  uname_m = $(shell uname -m)
-  $(info Attempting to detect ARCH from 'uname -m': $(uname_m))
+  $(info Attempting to detect HOST_ARCH from 'uname -m': $(uname_m))
  ifneq (,$(strip $(filter $(uname_m), x86_64 amd64)))
-    ARCH=X64
+    HOST_ARCH=X64
  endif
  ifeq ($(patsubst i%86,IA32,$(uname_m)),IA32)
-    ARCH=IA32
+    HOST_ARCH=IA32
  endif
  ifneq (,$(findstring aarch64,$(uname_m)))
-    ARCH=AARCH64
+    HOST_ARCH=AARCH64
  endif
  ifneq (,$(findstring arm,$(uname_m)))
-    ARCH=ARM
+    HOST_ARCH=ARM
  endif
-  ifndef ARCH
+  ifndef HOST_ARCH
-    $(info Could not detected ARCH from uname results)
+    $(info Could not detected HOST_ARCH from uname results)
-    $(error ARCH is not defined!)
+    $(error HOST_ARCH is not defined!)
  endif
-  $(info Detected ARCH of $(ARCH) using uname.)
+  $(info Detected HOST_ARCH of $(HOST_ARCH) using uname.)
 endif
-export ARCH
+export HOST_ARCH
 MAKEROOT = .
 include Makefiles/header.makefile
-all: makerootdir subdirs $(MAKEROOT)/libs
+all: makerootdir subdirs
-	@echo Finished building BaseTools C Tools with ARCH=$(ARCH)
+	@echo Finished building BaseTools C Tools with HOST_ARCH=$(HOST_ARCH)
 LIBRARIES = Common
 VFRAUTOGEN = VfrCompile/VfrLexer.h
 # NON_BUILDABLE_APPLICATIONS = GenBootSector BootSectImage
 APPLICATIONS = \
  BrotliCompress \
  VfrCompile \
  GnuGenBootSector \
  BootSectImage \
  BrotliCompress \
  EfiLdrImage \
  EfiRom \
  GenFfs \
@ -65,11 +67,13 @@ APPLICATIONS = \
  LzmaCompress \
  Split \
  TianoCompress \
-  VolInfo \
+  VolInfo
  VfrCompile
 SUBDIRS := $(LIBRARIES) $(APPLICATIONS)
 $(LIBRARIES): $(MAKEROOT)/libs
 $(APPLICATIONS): $(LIBRARIES) $(MAKEROOT)/bin $(VFRAUTOGEN)
 .PHONY: outputdirs
 makerootdir:
 	-mkdir -p $(MAKEROOT)
@ -83,6 +87,9 @@ $(SUBDIRS):
 $(patsubst %,%-clean,$(sort $(SUBDIRS))):
 	-$(MAKE) -C $(@:-clean=) clean
 $(VFRAUTOGEN): VfrCompile/VfrSyntax.g 
 	$(MAKE) -C VfrCompile VfrLexer.h
 clean:  $(patsubst %,%-clean,$(sort $(SUBDIRS)))
 clean: localClean
--- a/BaseTools/Source/C/GenCrc32/GNUmakefile
+++ b/BaseTools/Source/C/GenCrc32/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GenCrc32
--- a/BaseTools/Source/C/GenFfs/GNUmakefile
+++ b/BaseTools/Source/C/GenFfs/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GenFfs
--- a/BaseTools/Source/C/GenFfs/GenFfs.c
+++ b/BaseTools/Source/C/GenFfs/GenFfs.c
@ -48,14 +48,17 @@ STATIC CHAR8 *mFfsFileType[] = {
 STATIC CHAR8 *mAlignName[] = {
  "1", "2", "4", "8", "16", "32", "64", "128", "256", "512",
-  "1K", "2K", "4K", "8K", "16K", "32K", "64K"
+  "1K", "2K", "4K", "8K", "16K", "32K", "64K", "128K", "256K",
  "512K", "1M", "2M", "4M", "8M", "16M"
 };
 STATIC CHAR8 *mFfsValidAlignName[] = {
-  "8", "16", "128", "512", "1K", "4K", "32K", "64K"
+  "8", "16", "128", "512", "1K", "4K", "32K", "64K", "128K","256K",
  "512K", "1M", "2M", "4M", "8M", "16M"
 };
-STATIC UINT32 mFfsValidAlign[] = {0, 8, 16, 128, 512, 1024, 4096, 32768, 65536};
+STATIC UINT32 mFfsValidAlign[] = {0, 8, 16, 128, 512, 1024, 4096, 32768, 65536, 131072, 262144,
                                  524288, 1048576, 2097152, 4194304, 8388608, 16777216};
 STATIC EFI_GUID mZeroGuid = {0};
@ -140,12 +143,13 @@ Returns:
  fprintf (stdout, "  -s, --checksum        Indicates to calculate file checksum.\n");
  fprintf (stdout, "  -a FileAlign, --align FileAlign\n\
                        FileAlign points to file alignment, which only support\n\
-                        the following align: 1,2,4,8,16,128,512,1K,4K,32K,64K\n");
+                        the following align: 1,2,4,8,16,128,512,1K,4K,32K,64K\n\
                        128K,256K,512K,1M,2M,4M,8M,16M\n");
  fprintf (stdout, "  -i SectionFile, --sectionfile SectionFile\n\
                        Section file will be contained in this FFS file.\n");
  fprintf (stdout, "  -n SectionAlign, --sectionalign SectionAlign\n\
                        SectionAlign points to section alignment, which support\n\
-                        the alignment scope 1~64K. It is specified together\n\
+                        the alignment scope 1~16M. It is specified together\n\
                        with sectionfile to point its alignment in FFS file.\n");
  fprintf (stdout, "  -v, --verbose         Turn on verbose output with informational messages.\n");
  fprintf (stdout, "  -q, --quiet           Disable all messages except key message and fatal error\n");
@ -164,7 +168,7 @@ StringtoAlignment (
 Routine Description:
-  Converts Align String to align value (1~64K). 
+  Converts Align String to align value (1~16M).
 Arguments:
@ -889,7 +893,12 @@ Returns:
  }
  VerboseMsg ("the size of the generated FFS file is %u bytes", (unsigned) FileSize);
  //FfsAlign larger than 7, set FFS_ATTRIB_DATA_ALIGNMENT2
  if (FfsAlign < 8) {
    FfsFileHeader.Attributes = (EFI_FFS_FILE_ATTRIBUTES) (FfsAttrib | (FfsAlign << 3));
  } else {
    FfsFileHeader.Attributes = (EFI_FFS_FILE_ATTRIBUTES) (FfsAttrib | ((FfsAlign & 0x7) << 3) | FFS_ATTRIB_DATA_ALIGNMENT2);
  }
  //
  // Fill in checksums and state, these must be zero for checksumming
--- a/BaseTools/Source/C/GenFv/GNUmakefile
+++ b/BaseTools/Source/C/GenFv/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GenFv
--- a/BaseTools/Source/C/GenFv/GenFvInternalLib.c
+++ b/BaseTools/Source/C/GenFv/GenFvInternalLib.c
@ -1,7 +1,7 @@
 /** @file
 This file contains the internal functions required to generate a Firmware Volume.
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>
 Portions Copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.<BR>
 Portions Copyright (c) 2016 HP Development Company, L.P.<BR>
 This program and the accompanying materials                          
@ -464,57 +464,97 @@ Returns:
  case 0:
    //
    // 1 byte alignment
    //if bit 1 have set, 128K byte alignmnet
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 17;
    } else {
      *Alignment = 0;
    }
    break;
  case 1:
    //
    // 16 byte alignment
    //if bit 1 have set, 256K byte alignment
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 18;
    } else {
      *Alignment = 4;
    }
    break;
  case 2:
    //
    // 128 byte alignment
    //if bit 1 have set, 512K byte alignment
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 19;
    } else {
      *Alignment = 7;
    }
    break;
  case 3:
    //
    // 512 byte alignment
    //if bit 1 have set, 1M byte alignment
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 20;
    } else {
      *Alignment = 9;
    }
    break;
  case 4:
    //
    // 1K byte alignment
    //if bit 1 have set, 2M byte alignment
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 21;
    } else {
      *Alignment = 10;
    }
    break;
  case 5:
    //
    // 4K byte alignment
    //if bit 1 have set, 4M byte alignment
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 22;
    } else {
      *Alignment = 12;
    }
    break;
  case 6:
    //
    // 32K byte alignment
    //if bit 1 have set , 8M byte alignment
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 23;
    } else {
      *Alignment = 15;
    }
    break;
  case 7:
    //
    // 64K byte alignment
    //if bit 1 have set, 16M alignment
    //
    if (FfsFile->Attributes & FFS_ATTRIB_DATA_ALIGNMENT2) {
      *Alignment = 24;
    } else {
      *Alignment = 16;
    }
    break;
  default:
@ -1060,7 +1100,7 @@ Returns:
  // Clear the alignment bits: these have become meaningless now that we have
  // adjusted the padding section.
  //
-  FfsFile->Attributes &= ~FFS_ATTRIB_DATA_ALIGNMENT;
+  FfsFile->Attributes &= ~(FFS_ATTRIB_DATA_ALIGNMENT | FFS_ATTRIB_DATA_ALIGNMENT2);
  //
  // Recalculate the FFS header checksum. Instead of setting Header and State
--- a/BaseTools/Source/C/GenFw/GNUmakefile
+++ b/BaseTools/Source/C/GenFw/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GenFw
--- a/BaseTools/Source/C/GenFw/GenFw.c
+++ b/BaseTools/Source/C/GenFw/GenFw.c
@ -2781,6 +2781,7 @@ Returns:
  EFI_IMAGE_OPTIONAL_HEADER64     *Optional64Hdr;
  EFI_IMAGE_SECTION_HEADER        *SectionHeader;
  EFI_IMAGE_DEBUG_DIRECTORY_ENTRY *DebugEntry;
  EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY *RsdsEntry;
  UINT32                          *NewTimeStamp;  
  //
@ -2809,6 +2810,7 @@ Returns:
  // Resource Directory entry need to review.
  //
  Optional32Hdr = (EFI_IMAGE_OPTIONAL_HEADER32 *) ((UINT8*) FileHdr + sizeof (EFI_IMAGE_FILE_HEADER));
  Optional64Hdr = (EFI_IMAGE_OPTIONAL_HEADER64 *) ((UINT8*) FileHdr + sizeof (EFI_IMAGE_FILE_HEADER));
  if (Optional32Hdr->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
    SectionHeader = (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *) Optional32Hdr +  FileHdr->SizeOfOptionalHeader);
    if (Optional32Hdr->NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_EXPORT && \
@ -2828,7 +2830,6 @@ Returns:
      }
    }
  } else {
    Optional64Hdr = (EFI_IMAGE_OPTIONAL_HEADER64 *) ((UINT8*) FileHdr + sizeof (EFI_IMAGE_FILE_HEADER));
    SectionHeader = (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *) Optional64Hdr +  FileHdr->SizeOfOptionalHeader);
    if (Optional64Hdr->NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_EXPORT && \
        Optional64Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_EXPORT].Size != 0) {
@ -2892,6 +2893,19 @@ Returns:
      memset (FileBuffer + DebugEntry->FileOffset, 0, DebugEntry->SizeOfData);
      memset (DebugEntry, 0, sizeof (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY));
    }
    if (DebugEntry->Type == EFI_IMAGE_DEBUG_TYPE_CODEVIEW) {
      RsdsEntry = (EFI_IMAGE_DEBUG_CODEVIEW_RSDS_ENTRY *) (FileBuffer + DebugEntry->FileOffset);
      if (RsdsEntry->Signature == CODEVIEW_SIGNATURE_MTOC) {
        // MTOC sets DebugDirectoryEntrySize to size of the .debug section, so fix it.
        if (!ZeroDebugFlag) {
          if (Optional32Hdr->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
            Optional32Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG].Size = sizeof (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY);
          } else {
            Optional64Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG].Size = sizeof (EFI_IMAGE_DEBUG_DIRECTORY_ENTRY);
          }
        }
      }
    }
  }
  return EFI_SUCCESS;
--- a/BaseTools/Source/C/GenPage/GNUmakefile
+++ b/BaseTools/Source/C/GenPage/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GenPage
--- a/BaseTools/Source/C/GenSec/GNUmakefile
+++ b/BaseTools/Source/C/GenSec/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GenSec
--- a/BaseTools/Source/C/GenSec/GenSec.c
+++ b/BaseTools/Source/C/GenSec/GenSec.c
@ -74,7 +74,8 @@ STATIC CHAR8      *mGUIDedSectionAttribue[]  = { "NONE", "PROCESSING_REQUIRED",
 STATIC CHAR8 *mAlignName[] = {
  "1", "2", "4", "8", "16", "32", "64", "128", "256", "512",
-  "1K", "2K", "4K", "8K", "16K", "32K", "64K"
+  "1K", "2K", "4K", "8K", "16K", "32K", "64K", "128K", "256K",
  "512K", "1M", "2M", "4M", "8M", "16M"
 };
 //
@ -184,7 +185,7 @@ Returns:
                        used in Ver section.\n");
  fprintf (stdout, "  --sectionalign SectionAlign\n\
                        SectionAlign points to section alignment, which support\n\
-                        the alignment scope 1~64K. It is specified in same\n\
+                        the alignment scope 1~16M. It is specified in same\n\
                        order that the section file is input.\n");
  fprintf (stdout, "  -v, --verbose         Turn on verbose output with informational messages.\n");
  fprintf (stdout, "  -q, --quiet           Disable all messages except key message and fatal error\n");
@ -356,7 +357,7 @@ StringtoAlignment (
 Routine Description:
-  Converts Align String to align value (1~64K). 
+  Converts Align String to align value (1~16M).
 Arguments:
--- a/BaseTools/Source/C/GenVtf/GNUmakefile
+++ b/BaseTools/Source/C/GenVtf/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GenVtf
--- a/BaseTools/Source/C/GnuGenBootSector/GNUmakefile
+++ b/BaseTools/Source/C/GnuGenBootSector/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = GnuGenBootSector
--- a/BaseTools/Source/C/Include/Common/PiFirmwareFile.h
+++ b/BaseTools/Source/C/Include/Common/PiFirmwareFile.h
@ -4,7 +4,7 @@
  @par Revision Reference:
  Version 1.4.
-  Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials are licensed and made available
  under the terms and conditions of the BSD License which accompanies this
@ -63,6 +63,7 @@ typedef UINT8 EFI_FFS_FILE_STATE;
 // FFS File Attributes.
 // 
 #define FFS_ATTRIB_LARGE_FILE         0x01
 #define FFS_ATTRIB_DATA_ALIGNMENT2    0x02
 #define FFS_ATTRIB_FIXED              0x04
 #define FFS_ATTRIB_DATA_ALIGNMENT     0x38
 #define FFS_ATTRIB_CHECKSUM           0x40
--- a/BaseTools/Source/C/LzmaCompress/GNUmakefile
+++ b/BaseTools/Source/C/LzmaCompress/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = LzmaCompress
--- a/BaseTools/Source/C/Makefile
+++ b/BaseTools/Source/C/Makefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH = IA32
+HOST_ARCH = IA32
 !INCLUDE Makefiles\ms.common
--- a/BaseTools/Source/C/Makefiles/footer.makefile
+++ b/BaseTools/Source/C/Makefiles/footer.makefile
@ -13,12 +13,12 @@
 DEPFILES = $(OBJECTS:%.o=%.d)
-$(MAKEROOT)/libs-$(ARCH):
+$(MAKEROOT)/libs-$(HOST_ARCH):
-	mkdir -p $(MAKEROOT)/libs-$(ARCH)
+	mkdir -p $(MAKEROOT)/libs-$(HOST_ARCH)
 .PHONY: install
-install: $(MAKEROOT)/libs-$(ARCH) $(LIBRARY)
+install: $(MAKEROOT)/libs-$(HOST_ARCH) $(LIBRARY)
-	cp $(LIBRARY) $(MAKEROOT)/libs-$(ARCH)
+	cp $(LIBRARY) $(MAKEROOT)/libs-$(HOST_ARCH)
 $(LIBRARY): $(OBJECTS) 
 	$(BUILD_AR) crs $@ $^
--- a/BaseTools/Source/C/Makefiles/header.makefile
+++ b/BaseTools/Source/C/Makefiles/header.makefile
@ -1,10 +1,10 @@
 ## @file
 #
 # The makefile can be invoked with
-# ARCH = x86_64 or x64 for EM64T build
+# HOST_ARCH = x86_64 or x64 for EM64T build
-# ARCH = ia32 or IA32 for IA32 build
+# HOST_ARCH = ia32 or IA32 for IA32 build
-# ARCH = ia64 or IA64 for IA64 build
+# HOST_ARCH = ia64 or IA64 for IA64 build
-# ARCH = Arm or ARM for ARM build
+# HOST_ARCH = Arm or ARM for ARM build
 #
 # Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
@ -15,7 +15,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 CYGWIN:=$(findstring CYGWIN, $(shell uname -s))
 LINUX:=$(findstring Linux, $(shell uname -s))
@ -27,19 +27,19 @@ BUILD_AS ?= gcc
 BUILD_AR ?= ar
 BUILD_LD ?= ld
 LINKER ?= $(BUILD_CC)
-ifeq ($(ARCH), IA32)
+ifeq ($(HOST_ARCH), IA32)
 ARCH_INCLUDE = -I $(MAKEROOT)/Include/Ia32/
 endif
-ifeq ($(ARCH), X64)
+ifeq ($(HOST_ARCH), X64)
 ARCH_INCLUDE = -I $(MAKEROOT)/Include/X64/
 endif
-ifeq ($(ARCH), ARM)
+ifeq ($(HOST_ARCH), ARM)
 ARCH_INCLUDE = -I $(MAKEROOT)/Include/Arm/
 endif
-ifeq ($(ARCH), AARCH64)
+ifeq ($(HOST_ARCH), AARCH64)
 ARCH_INCLUDE = -I $(MAKEROOT)/Include/AArch64/
 endif
@ -54,7 +54,7 @@ endif
 BUILD_LFLAGS =
 BUILD_CXXFLAGS = -Wno-unused-result
-ifeq ($(ARCH), IA32)
+ifeq ($(HOST_ARCH), IA32)
 #
 # Snow Leopard  is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults 
 #  to x86_64. So make sure tools match uname -m. You can manual have a 64-bit kernal on Snow Leopard
--- a/BaseTools/Source/C/Makefiles/ms.common
+++ b/BaseTools/Source/C/Makefiles/ms.common
@ -19,8 +19,8 @@
 !ERROR "BASE_TOOLS_PATH is not set! Please run build_tools.bat at first!"
 !ENDIF
-!IFNDEF ARCH
+!IFNDEF HOST_ARCH
-ARCH = IA32
+HOST_ARCH = IA32
 !ENDIF
 MAKE        = nmake -nologo
@ -36,7 +36,7 @@ LIB_PATH    = $(BASE_TOOLS_PATH)\Lib
 SYS_BIN_PATH=$(EDK_TOOLS_PATH)\Bin
 SYS_LIB_PATH=$(EDK_TOOLS_PATH)\Lib
-!IF "$(ARCH)"=="IA32"
+!IF "$(HOST_ARCH)"=="IA32"
 ARCH_INCLUDE = $(SOURCE_PATH)\Include\Ia32
 BIN_PATH     = $(BASE_TOOLS_PATH)\Bin\Win32
 LIB_PATH     = $(BASE_TOOLS_PATH)\Lib\Win32
@ -44,7 +44,7 @@ SYS_BIN_PATH = $(EDK_TOOLS_PATH)\Bin\Win32
 SYS_LIB_PATH = $(EDK_TOOLS_PATH)\Lib\Win32
 !ENDIF
-!IF "$(ARCH)"=="X64"
+!IF "$(HOST_ARCH)"=="X64"
 ARCH_INCLUDE = $(SOURCE_PATH)\Include\X64
 BIN_PATH     = $(BASE_TOOLS_PATH)\Bin\Win64
 LIB_PATH     = $(BASE_TOOLS_PATH)\Lib\Win64
--- a/BaseTools/Source/C/Split/GNUmakefile
+++ b/BaseTools/Source/C/Split/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = Split
--- a/BaseTools/Source/C/TianoCompress/GNUmakefile
+++ b/BaseTools/Source/C/TianoCompress/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = TianoCompress
--- a/BaseTools/Source/C/TianoCompress/TianoCompress.c
+++ b/BaseTools/Source/C/TianoCompress/TianoCompress.c
@ -1753,6 +1753,7 @@ Returns:
  SCRATCH_DATA      *Scratch;
  UINT8      *Src;
  UINT32     OrigSize;
  UINT32     CompSize;
  SetUtilityName(UTILITY_NAME);
@ -1761,6 +1762,7 @@ Returns:
  OutBuffer = NULL;
  Scratch   = NULL;
  OrigSize = 0;
  CompSize = 0;
  InputLength = 0;
  InputFileName = NULL;
  OutputFileName = NULL;
@ -1979,15 +1981,25 @@ Returns:
  if (DebugMode) {
    DebugMsg(UTILITY_NAME, 0, DebugLevel, "Decoding\n", NULL);
  }
  if (InputLength < 8){
    Error (NULL, 0, 3000, "Invalid", "The input file %s is too small.", InputFileName);
    goto ERROR;
  }
  //
  // Get Compressed file original size
  // 
  Src     = (UINT8 *)FileBuffer;                     
  OrigSize  = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24);  
  CompSize  = Src[0] + (Src[1] << 8) + (Src[2] <<16) + (Src[3] <<24);
  //
  // Allocate OutputBuffer
  //
  if (InputLength < CompSize + 8 || (CompSize + 8) < 8) {
    Error (NULL, 0, 3000, "Invalid", "The input file %s data is invalid.", InputFileName);
    goto ERROR;
  }
  OutBuffer = (UINT8 *)malloc(OrigSize);
  if (OutBuffer == NULL) {
    Error (NULL, 0, 4001, "Resource:", "Memory cannot be allocated!");
@ -2066,11 +2078,11 @@ Returns: (VOID)
 --*/
 {
-  Sd->mBitBuf = (UINT32) (Sd->mBitBuf << NumOfBits);
+  Sd->mBitBuf = (UINT32) (((UINT64)Sd->mBitBuf) << NumOfBits);
  while (NumOfBits > Sd->mBitCount) {
-    Sd->mBitBuf |= (UINT32) (Sd->mSubBitBuf << (NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount)));
+    Sd->mBitBuf |= (UINT32) (((UINT64)Sd->mSubBitBuf) << (NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount)));
    if (Sd->mCompSize > 0) {
      //
@ -2171,12 +2183,16 @@ Returns:
  UINT16  Mask;
  UINT16  WordOfStart;
  UINT16  WordOfCount;
  UINT16  MaxTableLength;
  for (Index = 0; Index <= 16; Index++) {
    Count[Index] = 0;
  }
  for (Index = 0; Index < NumOfChar; Index++) {
    if (BitLen[Index] > 16) {
      return (UINT16) BAD_TABLE;
    }
    Count[BitLen[Index]]++;
  }
@ -2220,6 +2236,7 @@ Returns:
  Avail = NumOfChar;
  Mask  = (UINT16) (1U << (15 - TableBits));
  MaxTableLength = (UINT16) (1U << TableBits);
  for (Char = 0; Char < NumOfChar; Char++) {
@ -2233,6 +2250,9 @@ Returns:
    if (Len <= TableBits) {
      for (Index = Start[Len]; Index < NextCode; Index++) {
        if (Index >= MaxTableLength) {
          return (UINT16) BAD_TABLE;
        }
        Table[Index] = Char;
      }
@ -2617,14 +2637,25 @@ Returns: (VOID)
      DataIdx     = Sd->mOutBuf - DecodeP (Sd) - 1;
      BytesRemain--;
      while ((INT16) (BytesRemain) >= 0) {
        Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];
        if (Sd->mOutBuf >= Sd->mOrigSize) {
          goto Done ;
        }
        if (DataIdx >= Sd->mOrigSize) {
          Sd->mBadTableFlag = (UINT16) BAD_TABLE;
          goto Done ;
        }
        Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];
        BytesRemain--;
      }
      //
      // Once mOutBuf is fully filled, directly return
      //
      if (Sd->mOutBuf >= Sd->mOrigSize) {
        goto Done ;
      }
    }
  }
--- a/BaseTools/Source/C/VfrCompile/GNUmakefile
+++ b/BaseTools/Source/C/VfrCompile/GNUmakefile
@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = VfrCompile
--- a/BaseTools/Source/C/VolInfo/GNUmakefile
+++ b/BaseTools/Source/C/VolInfo/GNUmakefile
@ -10,7 +10,7 @@
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
-ARCH ?= IA32
+HOST_ARCH ?= IA32
 MAKEROOT ?= ..
 APPNAME = VolInfo
--- a/BaseTools/Source/C/VolInfo/VolInfo.c
+++ b/BaseTools/Source/C/VolInfo/VolInfo.c
@ -331,7 +331,10 @@ Returns:
      if (OpenSslEnv == NULL) {
        OpenSslPath = OpenSslCommand;
      } else {
-        OpenSslPath = malloc(strlen(OpenSslEnv)+strlen(OpenSslCommand)+1);
+        //
        // We add quotes to the Openssl Path in case it has space characters
        //
        OpenSslPath = malloc(2+strlen(OpenSslEnv)+strlen(OpenSslCommand)+1);
        if (OpenSslPath == NULL) {
          Error (NULL, 0, 4001, "Resource", "memory cannot be allocated!");
          return GetUtilityStatus ();
@ -1591,11 +1594,12 @@ CombinePath (
 {
  UINT32 DefaultPathLen;
  UINT64 Index;
-
+  CHAR8  QuotesStr[] = "\"";
  strcpy(NewPath, QuotesStr);
  DefaultPathLen = strlen(DefaultPath);
-  strcpy(NewPath, DefaultPath);
+  strcat(NewPath, DefaultPath);
  Index = 0;
-  for (; Index < DefaultPathLen; Index ++) {
+  for (; Index < DefaultPathLen + 1; Index ++) {
    if (NewPath[Index] == '\\' || NewPath[Index] == '/') {
      if (NewPath[Index + 1] != '\0') {
        NewPath[Index] = '/';
@ -1607,6 +1611,7 @@ CombinePath (
    NewPath[Index + 1] = '\0';
  }
  strcat(NewPath, AppendPath);
  strcat(NewPath, QuotesStr);
  return EFI_SUCCESS;
 }
--- a/BaseTools/Source/Python/AutoGen/AutoGen.py
+++ b/BaseTools/Source/Python/AutoGen/AutoGen.py
@ -62,7 +62,10 @@ gMakeTypeMap = {"MSFT":"nmake", "GCC":"gmake"}
 ## Build rule configuration file
-gDefaultBuildRuleFile = 'Conf/build_rule.txt'
+gDefaultBuildRuleFile = 'build_rule.txt'
 ## Tools definition configuration file
 gDefaultToolsDefFile = 'tools_def.txt'
 ## Build rule default version
 AutoGenReqBuildRuleVerNum = "0.1"
@ -413,7 +416,7 @@ class WorkspaceAutoGen(AutoGen):
                            if HasTokenSpace:
                                if (PcdItem.TokenCName, PcdItem.TokenSpaceGuidCName) == (TokenCName, TokenSpaceGuidCName):
                                    PcdDatumType = PcdItem.DatumType
-                                    NewValue = self._BuildOptionPcdValueFormat(TokenSpaceGuidCName, TokenCName, PcdDatumType, pcdvalue)
+                                    NewValue = BuildOptionPcdValueFormat(TokenSpaceGuidCName, TokenCName, PcdDatumType, pcdvalue)
                                    FoundFlag = True
                            else:
                                if PcdItem.TokenCName == TokenCName:
@ -422,7 +425,7 @@ class WorkspaceAutoGen(AutoGen):
                                            TokenSpaceGuidCNameList.append(PcdItem.TokenSpaceGuidCName)
                                            PcdDatumType = PcdItem.DatumType
                                            TokenSpaceGuidCName = PcdItem.TokenSpaceGuidCName
-                                            NewValue = self._BuildOptionPcdValueFormat(TokenSpaceGuidCName, TokenCName, PcdDatumType, pcdvalue)
+                                            NewValue = BuildOptionPcdValueFormat(TokenSpaceGuidCName, TokenCName, PcdDatumType, pcdvalue)
                                            FoundFlag = True
                                        else:
                                            EdkLogger.error(
@ -501,6 +504,22 @@ class WorkspaceAutoGen(AutoGen):
                                SourcePcdDict['FixedAtBuild'].append((BuildData.Pcds[key].TokenCName, BuildData.Pcds[key].TokenSpaceGuidCName))
                else:
                    pass
            #
            # A PCD can only use one type for all source modules
            #
            for i in SourcePcdDict_Keys:
                for j in SourcePcdDict_Keys:
                    if i != j:
                        IntersectionList = list(set(SourcePcdDict[i]).intersection(set(SourcePcdDict[j])))
                        if len(IntersectionList) > 0:
                            EdkLogger.error(
                            'build',
                            FORMAT_INVALID,
                            "Building modules from source INFs, following PCD use %s and %s access method. It must be corrected to use only one access method." % (i, j),
                            ExtraData="%s" % '\n\t'.join([str(P[1]+'.'+P[0]) for P in IntersectionList])
                            )
                    else:
                        pass
            #
            # intersection the BinaryPCD for Mixed PCD
@ -642,15 +661,35 @@ class WorkspaceAutoGen(AutoGen):
        self._BuildCommand = None
        #
-        # Create BuildOptions Macro & PCD metafile.
+        # Create BuildOptions Macro & PCD metafile, also add the Active Platform and FDF file.
        #
        content = 'gCommandLineDefines: '
        content += str(GlobalData.gCommandLineDefines)
        content += os.linesep
        content += 'BuildOptionPcd: '
        content += str(GlobalData.BuildOptionPcd)
        content += os.linesep
        content += 'Active Platform: '
        content += str(self.Platform)
        content += os.linesep
        if self.FdfFile:
            content += 'Flash Image Definition: '
            content += str(self.FdfFile)
        SaveFileOnChange(os.path.join(self.BuildDir, 'BuildOptions'), content, False)
        #
        # Create PcdToken Number file for Dynamic/DynamicEx Pcd.
        #
        PcdTokenNumber = 'PcdTokenNumber: '
        if Pa.PcdTokenNumber:
            if Pa.DynamicPcdList:
                for Pcd in Pa.DynamicPcdList:
                    PcdTokenNumber += os.linesep
                    PcdTokenNumber += str((Pcd.TokenCName, Pcd.TokenSpaceGuidCName))
                    PcdTokenNumber += ' : '
                    PcdTokenNumber += str(Pa.PcdTokenNumber[Pcd.TokenCName, Pcd.TokenSpaceGuidCName])
        SaveFileOnChange(os.path.join(self.BuildDir, 'PcdTokenNumber'), PcdTokenNumber, False)
        #
        # Get set of workspace metafiles
        #
@ -678,31 +717,6 @@ class WorkspaceAutoGen(AutoGen):
                print >> file, f
        return True
    def _BuildOptionPcdValueFormat(self, TokenSpaceGuidCName, TokenCName, PcdDatumType, Value):
        if PcdDatumType == 'VOID*':
            if Value.startswith('L'):
                if not Value[1]:
                    EdkLogger.error('build', OPTION_VALUE_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", B"{...}"')
                Value = Value[0] + '"' + Value[1:] + '"'
            elif Value.startswith('B'):
                if not Value[1]:
                    EdkLogger.error('build', OPTION_VALUE_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", B"{...}"')
                Value = Value[1:]
            else:
                if not Value[0]:
                    EdkLogger.error('build', OPTION_VALUE_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", B"{...}"')
                Value = '"' + Value + '"'
        IsValid, Cause = CheckPcdDatum(PcdDatumType, Value)
        if not IsValid:
            EdkLogger.error('build', FORMAT_INVALID, Cause, ExtraData="%s.%s" % (TokenSpaceGuidCName, TokenCName))
        if PcdDatumType == 'BOOLEAN':
            Value = Value.upper()
            if Value == 'TRUE' or Value == '1':
                Value = '1'
            elif Value == 'FALSE' or Value == '0':
                Value = '0'
        return  Value
    def _GetMetaFiles(self, Target, Toolchain, Arch):
        AllWorkSpaceMetaFiles = set()
@ -721,10 +735,19 @@ class WorkspaceAutoGen(AutoGen):
        AllWorkSpaceMetaFiles.add(self.MetaFile.Path)
        #
        # add build_rule.txt & tools_def.txt
        #
        AllWorkSpaceMetaFiles.add(os.path.join(GlobalData.gConfDirectory, gDefaultBuildRuleFile))
        AllWorkSpaceMetaFiles.add(os.path.join(GlobalData.gConfDirectory, gDefaultToolsDefFile))
        # add BuildOption metafile
        #
        AllWorkSpaceMetaFiles.add(os.path.join(self.BuildDir, 'BuildOptions'))
        # add PcdToken Number file for Dynamic/DynamicEx Pcd
        #
        AllWorkSpaceMetaFiles.add(os.path.join(self.BuildDir, 'PcdTokenNumber'))
        for Arch in self.ArchList:
            Platform = self.BuildDatabase[self.MetaFile, Arch, Target, Toolchain]
            PGen = PlatformAutoGen(self, self.MetaFile, Target, Toolchain, Arch)
@ -2735,10 +2758,7 @@ class ModuleAutoGen(AutoGen):
        if self._FixedAtBuildPcds:
            return self._FixedAtBuildPcds
        for Pcd in self.ModulePcdList:
-            if self.IsLibrary:
+            if Pcd.Type != "FixedAtBuild":
                if not (Pcd.Pending == False and Pcd.Type == "FixedAtBuild"):
                    continue
            elif Pcd.Type != "FixedAtBuild":
                continue
            if Pcd not in self._FixedAtBuildPcds:
                self._FixedAtBuildPcds.append(Pcd)
@ -3917,6 +3937,13 @@ class ModuleAutoGen(AutoGen):
                else:
                    continue
                PcdValue = ''
                if Pcd.DatumType == 'BOOLEAN':
                    BoolValue = Pcd.DefaultValue.upper()
                    if BoolValue == 'TRUE':
                        Pcd.DefaultValue = '1'
                    elif BoolValue == 'FALSE':
                        Pcd.DefaultValue = '0'
                if Pcd.DatumType != 'VOID*':
                    HexFormat = '0x%02x'
                    if Pcd.DatumType == 'UINT16':
@ -4183,6 +4210,8 @@ class ModuleAutoGen(AutoGen):
        with open(self.GetTimeStampPath(),'r') as f:
            for source in f:
                source = source.rstrip('\n')
                if not os.path.exists(source):
                    return False
                if source not in ModuleAutoGen.TimeDict :
                    ModuleAutoGen.TimeDict[source] = os.stat(source)[8]
                if ModuleAutoGen.TimeDict[source] > DstTimeStamp:
--- a/BaseTools/Source/Python/AutoGen/GenC.py
+++ b/BaseTools/Source/Python/AutoGen/GenC.py
@ -1203,21 +1203,22 @@ def CreateLibraryPcdCode(Info, AutoGenC, AutoGenH, Pcd):
        else:
            AutoGenH.Append('extern volatile  %s  %s%s;\n' % (DatumType, PcdVariableName, Array))
        AutoGenH.Append('#define %s  %s_gPcd_BinaryPatch_%s\n' %(GetModeName, Type, TokenCName))
        PcdDataSize = GetPcdSize(Pcd)
        if Pcd.DatumType == 'VOID*':
            AutoGenH.Append('#define %s(SizeOfBuffer, Buffer)  LibPatchPcdSetPtrAndSize((VOID *)_gPcd_BinaryPatch_%s, &_gPcd_BinaryPatch_Size_%s, (UINTN)_PCD_PATCHABLE_%s_SIZE, (SizeOfBuffer), (Buffer))\n' % (SetModeName, TokenCName, TokenCName, TokenCName))
            AutoGenH.Append('#define %s(SizeOfBuffer, Buffer)  LibPatchPcdSetPtrAndSizeS((VOID *)_gPcd_BinaryPatch_%s, &_gPcd_BinaryPatch_Size_%s, (UINTN)_PCD_PATCHABLE_%s_SIZE, (SizeOfBuffer), (Buffer))\n' % (SetModeStatusName, TokenCName, TokenCName, TokenCName))
            AutoGenH.Append('#define %s %s\n' % (PatchPcdSizeTokenName, Pcd.MaxDatumSize))
        else:
            AutoGenH.Append('#define %s(Value)  (%s = (Value))\n' % (SetModeName, PcdVariableName))
            AutoGenH.Append('#define %s(Value)  ((%s = (Value)), RETURN_SUCCESS)\n' % (SetModeStatusName, PcdVariableName))
        PcdDataSize = GetPcdSize(Pcd)
            AutoGenH.Append('#define %s %s\n' % (PatchPcdSizeTokenName, PcdDataSize))
        AutoGenH.Append('#define %s %s\n' % (GetModeSizeName,PatchPcdSizeVariableName))
        AutoGenH.Append('extern UINTN %s; \n' % PatchPcdSizeVariableName)
    if PcdItemType == TAB_PCDS_FIXED_AT_BUILD or PcdItemType == TAB_PCDS_FEATURE_FLAG:
        key = ".".join((Pcd.TokenSpaceGuidCName,Pcd.TokenCName))
-        
+        PcdVariableName = '_gPcd_' + gItemTypeStringDatabase[Pcd.Type] + '_' + TokenCName
        if DatumType == 'VOID*' and Array == '[]':
            DatumType = ['UINT8', 'UINT16'][Pcd.DefaultValue[0] == 'L']
        AutoGenH.Append('extern const %s _gPcd_FixedAtBuild_%s%s;\n' %(DatumType, TokenCName, Array))
@ -1225,6 +1226,9 @@ def CreateLibraryPcdCode(Info, AutoGenC, AutoGenH, Pcd):
        AutoGenH.Append('//#define %s  ASSERT(FALSE)  // It is not allowed to set value for a FIXED_AT_BUILD PCD\n' % SetModeName)
        if PcdItemType == TAB_PCDS_FIXED_AT_BUILD and (key in Info.ConstPcd or (Info.IsLibrary and not Info._ReferenceModules)):
            if  Pcd.DatumType == 'VOID*':
                AutoGenH.Append('#define _PCD_VALUE_%s %s%s\n' %(TokenCName, Type, PcdVariableName))
            else:
                AutoGenH.Append('#define _PCD_VALUE_%s %s\n' %(TokenCName, Pcd.DefaultValue))
        if PcdItemType == TAB_PCDS_FIXED_AT_BUILD:
--- a/BaseTools/Source/Python/AutoGen/GenMake.py
+++ b/BaseTools/Source/Python/AutoGen/GenMake.py
@ -1,7 +1,7 @@
 ## @file
 # Create makefile for MS nmake and GNU make
 #
-# Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -386,7 +386,7 @@ ${END}
 #
 clean:
 \t${BEGIN}${clean_command}
-\t${END}
+\t${END}\t$(RM) AutoGenTimeStamp
 #
 # clean all generated files
@ -395,6 +395,7 @@ cleanall:
 ${BEGIN}\t${cleanall_command}
 ${END}\t$(RM) *.pdb *.idb > NUL 2>&1
 \t$(RM) $(BIN_DIR)${separator}$(MODULE_NAME).efi
 \t$(RM) AutoGenTimeStamp
 #
 # clean all dependent libraries built
@ -1452,6 +1453,14 @@ class TopLevelMakefile(BuildFile):
        if GlobalData.BuildOptionPcd:
            for index, option in enumerate(GlobalData.gCommand):
                if "--pcd" == option and GlobalData.gCommand[index+1]:
                    pcdName, pcdValue = GlobalData.gCommand[index+1].split('=')
                    if pcdValue.startswith('H'):
                        pcdValue = 'H' + '"' + pcdValue[1:] + '"'
                        ExtraOption += " --pcd " + pcdName + '=' + pcdValue
                    elif pcdValue.startswith('L'):
                        pcdValue = 'L' + '"' + pcdValue[1:] + '"'
                        ExtraOption += " --pcd " + pcdName + '=' + pcdValue
                    else:
                        ExtraOption += " --pcd " + GlobalData.gCommand[index+1]
        MakefileName = self._FILE_NAME_[self._FileType]
--- a/BaseTools/Source/Python/Common/FdfParserLite.py
+++ b/BaseTools/Source/Python/Common/FdfParserLite.py
@ -1,7 +1,7 @@
 ## @file
 # parse FDF file
 #
-#  Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -2340,7 +2340,8 @@ class FdfParser(object):
        AlignValue = None
        if self.__GetAlignment():
-            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            AlignValue = self.__Token
@ -2608,7 +2609,8 @@ class FdfParser(object):
        AlignValue = None
        if self.__GetAlignment():
-            if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            AlignValue = self.__Token
@ -2924,7 +2926,8 @@ class FdfParser(object):
        AlignValue = ""
        if self.__GetAlignment():
-            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment At Line ", self.FileName, self.CurrentLineNumber)
            AlignValue = self.__Token
@ -2988,7 +2991,8 @@ class FdfParser(object):
                CheckSum = True
            if self.__GetAlignment():
-                if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+                if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                        "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                    raise Warning("Incorrect alignment At Line ", self.FileName, self.CurrentLineNumber)
                if self.__Token == 'Auto' and (not SectionName == 'PE32') and (not SectionName == 'TE'):
                    raise Warning("Auto alignment can only be used in PE32 or TE section ", self.FileName, self.CurrentLineNumber)
@ -3062,7 +3066,8 @@ class FdfParser(object):
                FvImageSectionObj.FvFileType = self.__Token
                if self.__GetAlignment():
-                    if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+                    if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                            "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                        raise Warning("Incorrect alignment At Line ", self.FileName, self.CurrentLineNumber)
                    FvImageSectionObj.Alignment = self.__Token
@ -3129,7 +3134,8 @@ class FdfParser(object):
                EfiSectionObj.BuildNum = self.__Token
        if self.__GetAlignment():
-            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            if self.__Token == 'Auto' and (not SectionName == 'PE32') and (not SectionName == 'TE'):
                raise Warning("Auto alignment can only be used in PE32 or TE section ", self.FileName, self.CurrentLineNumber)
--- a/BaseTools/Source/Python/Common/Misc.py
+++ b/BaseTools/Source/Python/Common/Misc.py
@ -67,8 +67,26 @@ def GetVariableOffset(mapfilepath, efifilepath, varnames):
    if (firstline.startswith("Archive member included ") and
        firstline.endswith(" file (symbol)")):
        return _parseForGCC(lines, efifilepath, varnames)
    if firstline.startswith("# Path:"):
        return _parseForXcode(lines, efifilepath, varnames)
    return _parseGeneral(lines, efifilepath, varnames)
 def _parseForXcode(lines, efifilepath, varnames):
    status = 0
    ret = []
    for index, line in enumerate(lines):
        line = line.strip()
        if status == 0 and line == "# Symbols:":
            status = 1
            continue
        if status == 1 and len(line) != 0:
            for varname in varnames:
                if varname in line:
                    m = re.match('^([\da-fA-FxX]+)([\s\S]*)([_]*%s)$' % varname, line)
                    if m != None:
                        ret.append((varname, m.group(1)))
    return ret
 def _parseForGCC(lines, efifilepath, varnames):
    """ Parse map file generated by GCC linker """
    status = 0
@ -2062,6 +2080,32 @@ def PackRegistryFormatGuid(Guid):
                int(Guid[4][-2:], 16)
                )
 def BuildOptionPcdValueFormat(TokenSpaceGuidCName, TokenCName, PcdDatumType, Value):
    if PcdDatumType == 'VOID*':
        if Value.startswith('L'):
            if not Value[1]:
                EdkLogger.error("build", FORMAT_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", H"{...}"')
            Value = Value[0] + '"' + Value[1:] + '"'
        elif Value.startswith('H'):
            if not Value[1]:
                EdkLogger.error("build", FORMAT_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", H"{...}"')
            Value = Value[1:]
        else:
            if not Value[0]:
                EdkLogger.error("build", FORMAT_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", H"{...}"')
            Value = '"' + Value + '"'
    IsValid, Cause = CheckPcdDatum(PcdDatumType, Value)
    if not IsValid:
        EdkLogger.error("build", FORMAT_INVALID, Cause, ExtraData="%s.%s" % (TokenSpaceGuidCName, TokenCName))
    if PcdDatumType == 'BOOLEAN':
        Value = Value.upper()
        if Value == 'TRUE' or Value == '1':
            Value = '1'
        elif Value == 'FALSE' or Value == '0':
            Value = '0'
    return  Value
 ##
 #
 # This acts like the main() function for the script, unless it is 'import'ed into another
--- a/BaseTools/Source/Python/Ecc/Check.py
+++ b/BaseTools/Source/Python/Ecc/Check.py
@ -1,7 +1,7 @@
 ## @file
 # This file is used to define checkpoints used by ECC tool
 #
-# Copyright (c) 2008 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -41,6 +41,134 @@ class Check(object):
        self.DeclAndDataTypeCheck()
        self.FunctionLayoutCheck()
        self.NamingConventionCheck()
        self.SmmCommParaCheck()
    def SmmCommParaCheck(self):
        self.SmmCommParaCheckBufferType()
    # Check if SMM communication function has correct parameter type
    # 1. Get function calling with instance./->Communicate() interface
    # and make sure the protocol instance is of type EFI_SMM_COMMUNICATION_PROTOCOL.
    # 2. Find the origin of the 2nd parameter of Communicate() interface, if -
    #    a. it is a local buffer on stack
    #       report error.
    #    b. it is a global buffer, check the driver that holds the global buffer is of type DXE_RUNTIME_DRIVER
    #       report success.
    #    c. it is a buffer by AllocatePage/AllocatePool (may be wrapped by nested function calls),
    #       check the EFI_MEMORY_TYPE to be EfiRuntimeServicesCode,EfiRuntimeServicesData,
    #       EfiACPIMemoryNVS or EfiReservedMemoryType
    #       report success.
    #    d. it is a buffer located via EFI_SYSTEM_TABLE.ConfigurationTable (may be wrapped by nested function calls)
    #       report warning to indicate human code review.
    #    e. it is a buffer from other kind of pointers (may need to trace into nested function calls to locate),
    #       repeat checks in a.b.c and d.
    def SmmCommParaCheckBufferType(self):
        if EccGlobalData.gConfig.SmmCommParaCheckBufferType == '1' or EccGlobalData.gConfig.SmmCommParaCheckAll == '1':
            EdkLogger.quiet("Checking SMM communication parameter type ...")
            # Get all EFI_SMM_COMMUNICATION_PROTOCOL interface
            CommApiList = []
            for IdentifierTable in EccGlobalData.gIdentifierTableList:
                SqlCommand = """select ID, Name, BelongsToFile from %s
                                where Modifier = 'EFI_SMM_COMMUNICATION_PROTOCOL*' """ % (IdentifierTable)
                RecordSet = EccGlobalData.gDb.TblFile.Exec(SqlCommand)
                if RecordSet:
                    for Record in RecordSet:
                        if Record[1] not in CommApiList:
                            CommApiList.append(Record[1])
            # For each interface, check the second parameter
            for CommApi in CommApiList:
                for IdentifierTable in EccGlobalData.gIdentifierTableList:
                    SqlCommand = """select ID, Name, Value, BelongsToFile, StartLine from %s
                    where Name = '%s->Communicate' and Model = %s""" \
                    % (IdentifierTable, CommApi, MODEL_IDENTIFIER_FUNCTION_CALLING)
                    RecordSet = EccGlobalData.gDb.TblFile.Exec(SqlCommand)
                    if RecordSet:
                        # print IdentifierTable
                        for Record in RecordSet:
                            # Get the second parameter for Communicate function
                            SecondPara = Record[2].split(',')[1].strip()
                            SecondParaIndex = None
                            if SecondPara.startswith('&'):
                                SecondPara = SecondPara[1:]
                            if SecondPara.endswith(']'):
                                SecondParaIndex = SecondPara[SecondPara.find('[') + 1:-1]
                                SecondPara = SecondPara[:SecondPara.find('[')]
                            # Get the ID
                            Id = Record[0]
                            # Get the BelongsToFile
                            BelongsToFile = Record[3]
                            # Get the source file path
                            SqlCommand = """select FullPath from File where ID = %s""" % BelongsToFile
                            NewRecordSet = EccGlobalData.gDb.TblFile.Exec(SqlCommand)
                            FullPath = NewRecordSet[0][0]
                            # Get the line no of function calling
                            StartLine = Record[4]
                            # Get the module type
                            SqlCommand = """select Value3 from INF where BelongsToFile = (select ID from File
                                            where Path = (select Path from File where ID = %s) and Model = 1011)
                                            and Value2 = 'MODULE_TYPE'""" % BelongsToFile
                            NewRecordSet = EccGlobalData.gDb.TblFile.Exec(SqlCommand)
                            ModuleType = NewRecordSet[0][0] if NewRecordSet else None
                            # print BelongsToFile, FullPath, StartLine, ModuleType, SecondPara
                            Value = FindPara(FullPath, SecondPara, StartLine)
                            # Find the value of the parameter
                            if Value:
                                if 'AllocatePage' in Value \
                                    or 'AllocatePool' in Value \
                                    or 'AllocateRuntimePool' in Value \
                                    or 'AllocateZeroPool' in Value:
                                    pass
                                else:
                                    if '->' in Value:
                                        if not EccGlobalData.gException.IsException(
                                               ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE, Value):
                                            EccGlobalData.gDb.TblReport.Insert(ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE,
                                                                               OtherMsg="Please review the buffer type"
                                                                               + "is correct or not. If it is correct" +
                                                                               " please add [%s] to exception list"
                                                                               % Value,
                                                                               BelongsToTable=IdentifierTable,
                                                                               BelongsToItem=Id)
                                    else:
                                        if not EccGlobalData.gException.IsException(
                                               ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE, Value):
                                            EccGlobalData.gDb.TblReport.Insert(ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE,
                                                                               OtherMsg="Please review the buffer type"
                                                                               + "is correct or not. If it is correct" +
                                                                               " please add [%s] to exception list"
                                                                               % Value,
                                                                               BelongsToTable=IdentifierTable,
                                                                               BelongsToItem=Id)
                            # Not find the value of the parameter
                            else:
                                SqlCommand = """select ID, Modifier, Name, Value, Model, BelongsToFunction from %s
                                                where Name = '%s' and StartLine < %s order by StartLine DESC""" \
                                                % (IdentifierTable, SecondPara, StartLine)
                                NewRecordSet = EccGlobalData.gDb.TblFile.Exec(SqlCommand)
                                if NewRecordSet:
                                    Value = NewRecordSet[0][1]
                                    if 'AllocatePage' in Value \
                                        or 'AllocatePool' in Value \
                                        or 'AllocateRuntimePool' in Value \
                                        or 'AllocateZeroPool' in Value:
                                        pass
                                    else:
                                        if not EccGlobalData.gException.IsException(
                                            ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE, Value):
                                            EccGlobalData.gDb.TblReport.Insert(ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE,
                                                                               OtherMsg="Please review the buffer type"
                                                                               + "is correct or not. If it is correct" +
                                                                               " please add [%s] to exception list"
                                                                               % Value,
                                                                               BelongsToTable=IdentifierTable,
                                                                               BelongsToItem=Id)
                                else:
                                    pass
    # Check UNI files
    def UniCheck(self):
@ -941,7 +1069,7 @@ class Check(object):
    # Check Guid Format in module INF
    def MetaDataFileCheckModuleFileGuidFormat(self):
-        if EccGlobalData.gConfig.MetaDataFileCheckModuleFileGuidFormat or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
+        if EccGlobalData.gConfig.MetaDataFileCheckModuleFileGuidFormat == '1' or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
            EdkLogger.quiet("Check Guid Format in module INF ...")
            Table = EccGlobalData.gDb.TblInf
            SqlCommand = """
@ -984,7 +1112,7 @@ class Check(object):
    # Check Protocol Format in module INF
    def MetaDataFileCheckModuleFileProtocolFormat(self):
-        if EccGlobalData.gConfig.MetaDataFileCheckModuleFileProtocolFormat or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
+        if EccGlobalData.gConfig.MetaDataFileCheckModuleFileProtocolFormat == '1' or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
            EdkLogger.quiet("Check Protocol Format in module INF ...")
            Table = EccGlobalData.gDb.TblInf
            SqlCommand = """
@ -1015,7 +1143,7 @@ class Check(object):
    # Check Ppi Format in module INF
    def MetaDataFileCheckModuleFilePpiFormat(self):
-        if EccGlobalData.gConfig.MetaDataFileCheckModuleFilePpiFormat or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
+        if EccGlobalData.gConfig.MetaDataFileCheckModuleFilePpiFormat == '1' or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
            EdkLogger.quiet("Check Ppi Format in module INF ...")
            Table = EccGlobalData.gDb.TblInf
            SqlCommand = """
@ -1043,7 +1171,7 @@ class Check(object):
    # Check Pcd Format in module INF
    def MetaDataFileCheckModuleFilePcdFormat(self):
-        if EccGlobalData.gConfig.MetaDataFileCheckModuleFilePcdFormat or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
+        if EccGlobalData.gConfig.MetaDataFileCheckModuleFilePcdFormat == '1' or EccGlobalData.gConfig.MetaDataFileCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
            EdkLogger.quiet("Check Pcd Format in module INF ...")
            Table = EccGlobalData.gDb.TblInf
            SqlCommand = """
@ -1139,9 +1267,10 @@ class Check(object):
                        FileTable = 'Identifier' + str(Id)
                        self.NamingConventionCheckDefineStatement(FileTable)
                        self.NamingConventionCheckTypedefStatement(FileTable)
                        self.NamingConventionCheckIfndefStatement(FileTable)
                        self.NamingConventionCheckVariableName(FileTable)
                        self.NamingConventionCheckSingleCharacterVariable(FileTable)
                        if os.path.splitext(F)[1] in ('.h'):
                            self.NamingConventionCheckIfndefStatement(FileTable)
        self.NamingConventionCheckPathName()
        self.NamingConventionCheckFunctionName()
@ -1183,7 +1312,7 @@ class Check(object):
    # Check whether the #ifndef at the start of an include file uses both prefix and postfix underscore characters, '_'.
    def NamingConventionCheckIfndefStatement(self, FileTable):
-        if EccGlobalData.gConfig.NamingConventionCheckTypedefStatement == '1' or EccGlobalData.gConfig.NamingConventionCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
+        if EccGlobalData.gConfig.NamingConventionCheckIfndefStatement == '1' or EccGlobalData.gConfig.NamingConventionCheckAll == '1' or EccGlobalData.gConfig.CheckAll == '1':
            EdkLogger.quiet("Checking naming covention of #ifndef statement ...")
            SqlCommand = """select ID, Value from %s where Model = %s""" % (FileTable, MODEL_IDENTIFIER_MACRO_IFNDEF)
@ -1260,6 +1389,19 @@ class Check(object):
                    if not EccGlobalData.gException.IsException(ERROR_NAMING_CONVENTION_CHECK_SINGLE_CHARACTER_VARIABLE, Record[1]):
                        EccGlobalData.gDb.TblReport.Insert(ERROR_NAMING_CONVENTION_CHECK_SINGLE_CHARACTER_VARIABLE, OtherMsg="The variable name [%s] does not follow the rules" % (Record[1]), BelongsToTable=FileTable, BelongsToItem=Record[0])
 def FindPara(FilePath, Para, CallingLine):
    Lines = open(FilePath).readlines()
    Line = ''
    for Index in range(CallingLine - 1, 0, -1):
        # Find the nearest statement for Para
        Line = Lines[Index].strip()
        if Line.startswith('%s = ' % Para):
            Line = Line.strip()
            return Line
            break
    return ''
 ##
 #
 # This acts like the main() function for the script, unless it is 'import'ed into another
--- a/BaseTools/Source/Python/Ecc/Configuration.py
+++ b/BaseTools/Source/Python/Ecc/Configuration.py
@ -1,7 +1,7 @@
 ## @file
 # This file is used to define class Configuration
 #
-# Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -256,6 +256,11 @@ class Configuration(object):
        # Check PCD whether defined the prompt, help in the DEC file and localized information in the associated UNI file.
        self.UniCheckPCDInfo = 1
        # Check SMM communication function parameter
        self.SmmCommParaCheckAll = 0
        # Check if the EFI_SMM_COMMUNICATION_PROTOCOL parameter buffer type is Reserved / ACPI NVS or UEFI RT code/data
        self.SmmCommParaCheckBufferType = -1
        #
        # The check points in this section are reserved
        #
--- a/BaseTools/Source/Python/Ecc/EccToolError.py
+++ b/BaseTools/Source/Python/Ecc/EccToolError.py
@ -1,7 +1,7 @@
 ## @file
 # Standardized Error Hanlding infrastructures.
 #
-# Copyright (c) 2008 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -105,6 +105,8 @@ ERROR_META_DATA_FILE_CHECK_LIBRARY_NOT_DEFINED = 10022
 ERROR_SPELLING_CHECK_ALL = 11000
 ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE = 12001
 gEccErrorMessage = {
    ERROR_GENERAL_CHECK_ALL : "",
    ERROR_GENERAL_CHECK_NO_TAB : "'TAB' character is not allowed in source code, please replace each 'TAB' with two spaces",
@ -198,5 +200,7 @@ gEccErrorMessage = {
    ERROR_META_DATA_FILE_CHECK_FORMAT_PCD : "Wrong Pcd Format used in Module file",
    ERROR_META_DATA_FILE_CHECK_LIBRARY_NOT_DEFINED : "Not defined LibraryClass used in the Module file.",
    ERROR_SPELLING_CHECK_ALL : "",
    ERROR_SMM_COMM_PARA_CHECK_BUFFER_TYPE : "SMM communication function may use wrong parameter type",
    }
--- a/BaseTools/Source/Python/Ecc/Exception.py
+++ b/BaseTools/Source/Python/Ecc/Exception.py
@ -1,7 +1,7 @@
 ## @file
 # This file is used to parse exception items found by ECC tool
 #
-# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -72,7 +72,7 @@ class ExceptionCheck(object):
            self.ExceptionList = self.ExceptionListXml.ToList()
    def IsException(self, ErrorID, KeyWord, FileID=-1):
-        if (str(ErrorID), KeyWord) in self.ExceptionList:
+        if (str(ErrorID), KeyWord.replace('\r\n', '\n')) in self.ExceptionList:
            return True
        else:
            return False
--- a/BaseTools/Source/Python/Ecc/config.ini
+++ b/BaseTools/Source/Python/Ecc/config.ini
@ -261,6 +261,13 @@ UniCheckPCDInfo = 1
 # Uncheck whether UNI file is in UTF-16 format
 GeneralCheckUni = -1
 #
 # SMM Communicate Function Parameter Checking
 #
 SmmCommParaCheckAll = 0
 # Check if the EFI_SMM_COMMUNICATION_PROTOCOL parameter buffer type is Reserved / ACPI NVS or UEFI RT code/data
 SmmCommParaCheckBufferType = 1
 #
 # The check points in this section are reserved
 #
--- a/BaseTools/Source/Python/GenFds/Capsule.py
+++ b/BaseTools/Source/Python/GenFds/Capsule.py
@ -1,7 +1,7 @@
 ## @file
 # generate capsule
 #
-#  Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -141,6 +141,11 @@ class Capsule (CapsuleClassObject) :
            Content.write(File.read())
            File.close()
        for fmp in self.FmpPayloadList:
            if fmp.Existed:
                FwMgrHdr.write(pack('=Q', PreSize))
                PreSize += len(fmp.Buffer)
                Content.write(fmp.Buffer)
                continue
            if fmp.ImageFile:
                for Obj in fmp.ImageFile:
                    fmp.ImageFile = Obj.GenCapsuleSubItem()
@ -169,12 +174,12 @@ class Capsule (CapsuleClassObject) :
                    dwLength = 4 + 2 + 2 + 16 + 16 + 256 + 256
                fmp.ImageFile = CapOutputTmp
                AuthData = [fmp.MonotonicCount, dwLength, WIN_CERT_REVISION, WIN_CERT_TYPE_EFI_GUID, fmp.Certificate_Guid]
-                Buffer = fmp.GenCapsuleSubItem(AuthData)
+                fmp.Buffer = fmp.GenCapsuleSubItem(AuthData)
            else:
-                Buffer = fmp.GenCapsuleSubItem()
+                fmp.Buffer = fmp.GenCapsuleSubItem()
            FwMgrHdr.write(pack('=Q', PreSize))
-            PreSize += len(Buffer)
+            PreSize += len(fmp.Buffer)
-            Content.write(Buffer)
+            Content.write(fmp.Buffer)
        BodySize = len(FwMgrHdr.getvalue()) + len(Content.getvalue())
        Header.write(pack('=I', HdrSize + BodySize))
        #
--- a/BaseTools/Source/Python/GenFds/CapsuleData.py
+++ b/BaseTools/Source/Python/GenFds/CapsuleData.py
@ -183,6 +183,8 @@ class CapsulePayload(CapsuleData):
        self.VendorCodeFile = []
        self.Certificate_Guid = None
        self.MonotonicCount = None
        self.Existed = False
        self.Buffer = None
    def GenCapsuleSubItem(self, AuthData=[]):
        if not self.Version:
@ -239,4 +241,5 @@ class CapsulePayload(CapsuleData):
            VendorFile = open(self.VendorCodeFile, 'rb')
            Buffer += VendorFile.read()
            VendorFile.close()
        self.Existed = True
        return Buffer
--- a/BaseTools/Source/Python/GenFds/DataSection.py
+++ b/BaseTools/Source/Python/GenFds/DataSection.py
@ -1,7 +1,7 @@
 ## @file
 # process data section generation
 #
-#  Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -79,8 +79,10 @@ class DataSection (DataSectionClassObject):
            ImageObj = PeImageClass (Filename)
            if ImageObj.SectionAlignment < 0x400:
                self.Alignment = str (ImageObj.SectionAlignment)
-            else:
+            elif ImageObj.SectionAlignment < 0x100000:
                self.Alignment = str (ImageObj.SectionAlignment / 0x400) + 'K'
            else:
                self.Alignment = str (ImageObj.SectionAlignment / 0x100000) + 'M'
        NoStrip = True
        if self.SecType in ('TE', 'PE32'):
--- a/BaseTools/Source/Python/GenFds/EfiSection.py
+++ b/BaseTools/Source/Python/GenFds/EfiSection.py
@ -1,7 +1,7 @@
 ## @file
 # process rule section generation
 #
-#  Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -231,8 +231,10 @@ class EfiSection (EfiSectionClassObject):
                        ImageObj = PeImageClass (File)
                        if ImageObj.SectionAlignment < 0x400:
                            Align = str (ImageObj.SectionAlignment)
-                        else:
+                        elif ImageObj.SectionAlignment < 0x100000:
                            Align = str (ImageObj.SectionAlignment / 0x400) + 'K'
                        else:
                            Align = str (ImageObj.SectionAlignment / 0x100000) + 'M'
                    if File[(len(File)-4):] == '.efi':
                        MapFile = File.replace('.efi', '.map')
--- a/BaseTools/Source/Python/GenFds/FdfParser.py
+++ b/BaseTools/Source/Python/GenFds/FdfParser.py
@ -2763,7 +2763,8 @@ class FdfParser:
        while True:
            AlignValue = None
            if self.__GetAlignment():
-                if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+                if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                        "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                    raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
                #For FFS, Auto is default option same to ""
                if not self.__Token == "Auto":
@ -2822,7 +2823,8 @@ class FdfParser:
            FfsFileObj.CheckSum = True
        if self.__GetAlignment():
-            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            #For FFS, Auto is default option same to ""
            if not self.__Token == "Auto":
@ -2893,7 +2895,8 @@ class FdfParser:
        AlignValue = None
        if self.__GetAlignment():
-            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            AlignValue = self.__Token
@ -3182,7 +3185,8 @@ class FdfParser:
        AlignValue = None
        if self.__GetAlignment():
-            if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            AlignValue = self.__Token
@ -3773,7 +3777,8 @@ class FdfParser:
        AlignValue = ""
        if self.__GetAlignment():
-            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            #For FFS, Auto is default option same to ""
            if not self.__Token == "Auto":
@ -3822,7 +3827,8 @@ class FdfParser:
            SectAlignment = ""
            if self.__GetAlignment():
-                if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+                if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                        "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                    raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
                if self.__Token == 'Auto' and (not SectionName == 'PE32') and (not SectionName == 'TE'):
                    raise Warning("Auto alignment can only be used in PE32 or TE section ", self.FileName, self.CurrentLineNumber)
@ -3901,7 +3907,8 @@ class FdfParser:
                FvImageSectionObj.FvFileType = self.__Token
                if self.__GetAlignment():
-                    if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+                    if self.__Token not in ("8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                            "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                        raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
                    FvImageSectionObj.Alignment = self.__Token
@ -3968,7 +3975,8 @@ class FdfParser:
                EfiSectionObj.BuildNum = self.__Token
        if self.__GetAlignment():
-            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K"):
+            if self.__Token not in ("Auto", "8", "16", "32", "64", "128", "512", "1K", "4K", "32K" ,"64K", "128K",
                                    "256K", "512K", "1M", "2M", "4M", "8M", "16M"):
                raise Warning("Incorrect alignment '%s'" % self.__Token, self.FileName, self.CurrentLineNumber)
            if self.__Token == 'Auto' and (not SectionName == 'PE32') and (not SectionName == 'TE'):
                raise Warning("Auto alignment can only be used in PE32 or TE section ", self.FileName, self.CurrentLineNumber)
--- a/BaseTools/Source/Python/GenFds/FfsInfStatement.py
+++ b/BaseTools/Source/Python/GenFds/FfsInfStatement.py
@ -1,7 +1,7 @@
 ## @file
 # process FFS generation from INF statement
 #
-#  Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #  Copyright (c) 2014-2016 Hewlett-Packard Development Company, L.P.<BR>
 #
 #  This program and the accompanying materials
@ -728,8 +728,10 @@ class FfsInfStatement(FfsInfStatementClassObject):
                    ImageObj = PeImageClass (File)
                    if ImageObj.SectionAlignment < 0x400:
                        self.Alignment = str (ImageObj.SectionAlignment)
-                    else:
+                    elif ImageObj.SectionAlignment < 0x100000:
                        self.Alignment = str (ImageObj.SectionAlignment / 0x400) + 'K'
                    else:
                        self.Alignment = str (ImageObj.SectionAlignment / 0x100000) + 'M'
                if not NoStrip:
                    FileBeforeStrip = os.path.join(self.OutputPath, ModuleName + '.reloc')
@ -767,8 +769,10 @@ class FfsInfStatement(FfsInfStatementClassObject):
                ImageObj = PeImageClass (GenSecInputFile)
                if ImageObj.SectionAlignment < 0x400:
                    self.Alignment = str (ImageObj.SectionAlignment)
-                else:
+                elif ImageObj.SectionAlignment < 0x100000:
                    self.Alignment = str (ImageObj.SectionAlignment / 0x400) + 'K'
                else:
                    self.Alignment = str (ImageObj.SectionAlignment / 0x100000) + 'M'
            if not NoStrip:
                FileBeforeStrip = os.path.join(self.OutputPath, ModuleName + '.reloc')
--- a/BaseTools/Source/Python/GenFds/Fv.py
+++ b/BaseTools/Source/Python/GenFds/Fv.py
@ -196,9 +196,12 @@ class FV (FvClassObject):
            FvAlignmentValue = 1 << (ord (FvHeaderBuffer[0x2E]) & 0x1F)
            # FvAlignmentValue is larger than or equal to 1K
            if FvAlignmentValue >= 0x400:
-                if FvAlignmentValue >= 0x10000:
+                if FvAlignmentValue >= 0x100000:
-                    #The max alignment supported by FFS is 64K.
+                    #The max alignment supported by FFS is 16M.
-                    self.FvAlignment = "64K"
+                    if FvAlignmentValue >= 0x1000000:
                        self.FvAlignment = "16M"
                    else:
                        self.FvAlignment = str(FvAlignmentValue / 0x100000) + "M"
                else:
                    self.FvAlignment = str (FvAlignmentValue / 0x400) + "K"
            else:
--- a/BaseTools/Source/Python/GenFds/FvImageSection.py
+++ b/BaseTools/Source/Python/GenFds/FvImageSection.py
@ -1,7 +1,7 @@
 ## @file
 # process FV image section generation
 #
-#  Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -80,9 +80,12 @@ class FvImageSection(FvImageSectionClassObject):
            # MaxFvAlignment is larger than or equal to 1K
            if MaxFvAlignment >= 0x400:
-                if MaxFvAlignment >= 0x10000:
+                if MaxFvAlignment >= 0x100000:
-                    #The max alignment supported by FFS is 64K.
+                    #The max alignment supported by FFS is 16M.
-                    self.Alignment = "64K"
+                    if MaxFvAlignment >=1000000:
                        self.Alignment = "16M"
                    else:
                        self.Alignment = str(MaxFvAlignment / 0x100000) + "M"
                else:
                    self.Alignment = str (MaxFvAlignment / 0x400) + "K"
            else:
@ -117,9 +120,12 @@ class FvImageSection(FvImageSectionClassObject):
                        FvAlignmentValue = 1 << (ord (FvHeaderBuffer[0x2E]) & 0x1F)
                        # FvAlignmentValue is larger than or equal to 1K
                        if FvAlignmentValue >= 0x400:
-                            if FvAlignmentValue >= 0x10000:
+                            if FvAlignmentValue >= 0x100000:
-                                #The max alignment supported by FFS is 64K.
+                                #The max alignment supported by FFS is 16M.
-                                self.Alignment = "64K"
+                                if FvAlignmentValue >= 0x1000000:
                                    self.Alignment = "16M"
                                else:
                                    self.Alignment = str(FvAlignmentValue / 0x100000) + "M"
                            else:
                                self.Alignment = str (FvAlignmentValue / 0x400) + "K"
                        else:
--- a/BaseTools/Source/Python/GenFds/GenFds.py
+++ b/BaseTools/Source/Python/GenFds/GenFds.py
@ -39,6 +39,7 @@ from Common.Misc import SaveFileOnChange
 from Common.Misc import ClearDuplicatedInf
 from Common.Misc import GuidStructureStringToGuidString
 from Common.Misc import CheckPcdDatum
 from Common.Misc import BuildOptionPcdValueFormat
 from Common.BuildVersion import gBUILD_VERSION
 from Common.MultipleWorkspace import MultipleWorkspace as mws
@ -408,31 +409,6 @@ def CheckBuildOptionPcd():
            GlobalData.BuildOptionPcd[i] = (TokenSpaceGuidCName, TokenCName, NewValue)
 def BuildOptionPcdValueFormat(TokenSpaceGuidCName, TokenCName, PcdDatumType, Value):
    if PcdDatumType == 'VOID*':
        if Value.startswith('L'):
            if not Value[1]:
                EdkLogger.error('GenFds', OPTION_VALUE_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", B"{...}"')
            Value = Value[0] + '"' + Value[1:] + '"'
        elif Value.startswith('B'):
            if not Value[1]:
                EdkLogger.error('GenFds', OPTION_VALUE_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", B"{...}"')
            Value = Value[1:]
        else:
            if not Value[0]:
                EdkLogger.error('GenFds', OPTION_VALUE_INVALID, 'For Void* type PCD, when specify the Value in the command line, please use the following format: "string", L"string", B"{...}"')
            Value = '"' + Value + '"'
    IsValid, Cause = CheckPcdDatum(PcdDatumType, Value)
    if not IsValid:
        EdkLogger.error('build', FORMAT_INVALID, Cause, ExtraData="%s.%s" % (TokenSpaceGuidCName, TokenCName))
    if PcdDatumType == 'BOOLEAN':
        Value = Value.upper()
        if Value == 'TRUE' or Value == '1':
            Value = '1'
        elif Value == 'FALSE' or Value == '0':
            Value = '0'
    return  Value
 ## FindExtendTool()
 #
--- a/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
+++ b/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
@ -1,7 +1,7 @@
 ## @file
 # Global variables for GenFds
 #
-#  Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -420,8 +420,10 @@ class GenFdsGlobalVariable:
    def GetAlignment (AlignString):
        if AlignString == None:
            return 0
-        if AlignString in ("1K", "2K", "4K", "8K", "16K", "32K", "64K"):
+        if AlignString in ("1K", "2K", "4K", "8K", "16K", "32K", "64K", "128K", "256K", "512K"):
            return int (AlignString.rstrip('K')) * 1024
        elif AlignString in ("1M", "2M", "4M", "8M", "16M"):
            return int (AlignString.rstrip('M')) * 1024 * 1024
        else:
            return int (AlignString)
@ -429,7 +431,7 @@ class GenFdsGlobalVariable:
    def GenerateFfs(Output, Input, Type, Guid, Fixed=False, CheckSum=False, Align=None,
                    SectionAlign=None):
        Cmd = ["GenFfs", "-t", Type, "-g", Guid]
-        mFfsValidAlign = ["0", "8", "16", "128", "512", "1K", "4K", "32K", "64K"]
+        mFfsValidAlign = ["0", "8", "16", "128", "512", "1K", "4K", "32K", "64K", "128K", "256K", "512K", "1M", "2M", "4M", "8M", "16M"]
        if Fixed == True:
            Cmd += ["-x"]
        if CheckSum:
--- a/BaseTools/Source/Python/GenPatchPcdTable/GenPatchPcdTable.py
+++ b/BaseTools/Source/Python/GenPatchPcdTable/GenPatchPcdTable.py
@ -5,7 +5,7 @@
 #    PCD Name    Offset in binary
 #    ========    ================
 #
-# Copyright (c) 2008 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008 - 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -58,8 +58,25 @@ def parsePcdInfoFromMapFile(mapfilepath, efifilepath):
    if (firstline.startswith("Archive member included ") and
        firstline.endswith(" file (symbol)")):
        return _parseForGCC(lines, efifilepath)
    if firstline.startswith("# Path:"):
        return _parseForXcode(lines, efifilepath)
    return _parseGeneral(lines, efifilepath)
 def _parseForXcode(lines, efifilepath):
    status = 0
    pcds = []
    for index, line in enumerate(lines):
        line = line.strip()
        if status == 0 and line == "# Symbols:":
            status = 1
            continue
        if status == 1 and len(line) != 0:
            if '_gPcd_BinaryPatch_' in line:
                m = re.match('^([\da-fA-FxX]+)([\s\S]*)([_]*_gPcd_BinaryPatch_([\w]+))', line)
                if m != None:
                    pcds.append((m.groups(0)[3], int(m.groups(0)[0], 16)))
    return pcds
 def _parseForGCC(lines, efifilepath):
    """ Parse map file generated by GCC linker """
    status = 0
--- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
+++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
@ -102,6 +102,8 @@ if __name__ == '__main__':
  try:
    OpenSslPath = os.environ['OPENSSL_PATH']
    OpenSslCommand = os.path.join(OpenSslPath, OpenSslCommand)
    if ' ' in OpenSslCommand:
      OpenSslCommand = '"' + OpenSslCommand + '"'
  except:
    pass
--- a/BaseTools/Source/Python/Pkcs7Sign/Readme.md
+++ b/BaseTools/Source/Python/Pkcs7Sign/Readme.md
@ -21,10 +21,44 @@ You may need the following steps for initialization:
    rd ./demoCA /S/Q
    mkdir ./demoCA
-    echo "" > ./demoCA/index.txt
+    echo.>./demoCA/index.txt
    echo 01 > ./demoCA/serial
    mkdir ./demoCA/newcerts
 OpenSSL will apply the options from the specified sections in openssl.cnf when creating certificates or certificate signing requests. Make sure your configuration in openssl.cnf is correct and rational for certificate constraints.
 The following sample sections were used when generating test certificates in this readme.
    ...
    [ req ]
    default_bits        = 2048
    default_keyfile     = privkey.pem
    distinguished_name  = req_distinguished_name
    attributes          = req_attributes
    x509_extensions     = v3_ca       # The extensions to add to the self signed cert
    ...
    [ v3_ca ]
    # Extensions for a typical Root CA.
    subjectKeyIdentifier=hash
    authorityKeyIdentifier=keyid:always,issuer
    basicConstraints = critical,CA:true
    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
    ...
    [ v3_intermediate_ca ]
    # Extensions for a typical intermediate CA.
    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid:always,issuer
    basicConstraints = critical, CA:true
    keyUsage = critical, digitalSignature, cRLSign, keyCertSign
    ...
    [ usr_cert ]
    # Extensions for user end certificates.
    basicConstraints = CA:FALSE
    nsCertType = client, email
    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid,issuer
    keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
    extendedKeyUsage = clientAuth, emailProtection
    ...
 * Generate the certificate chain:
 NOTE: User MUST set a UNIQUE "Common Name" on the different certificate
@ -37,7 +71,7 @@ Generate a root key:
 Generate a self-signed root certificate:
-    openssl req -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt
+    openssl req -extensions v3_ca -new -x509 -days 3650 -key TestRoot.key -out TestRoot.crt
    openssl x509 -in TestRoot.crt -out TestRoot.cer -outform DER
    openssl x509 -inform DER -in TestRoot.cer -outform PEM -out TestRoot.pub.pem
@ -50,7 +84,7 @@ Generate the intermediate key:
 Generate the intermediate certificate:
    openssl req -new -days 3650 -key TestSub.key -out TestSub.csr
-    openssl ca -extensions v3_ca -in TestSub.csr -days 3650 -out TestSub.crt -cert TestRoot.crt -keyfile TestRoot.key
+    openssl ca -extensions v3_intermediate_ca -in TestSub.csr -days 3650 -out TestSub.crt -cert TestRoot.crt -keyfile TestRoot.key
    openssl x509 -in TestSub.crt -out TestSub.cer -outform DER
    openssl x509 -inform DER -in TestSub.cer -outform PEM -out TestSub.pub.pem
@ -63,7 +97,7 @@ Generate User key:
 Generate User certificate:
    openssl req -new -days 3650 -key TestCert.key -out TestCert.csr
-    openssl ca -in TestCert.csr -days 3650 -out TestCert.crt -cert TestSub.crt -keyfile TestSub.key`
+    openssl ca -extensions usr_cert -in TestCert.csr -days 3650 -out TestCert.crt -cert TestSub.crt -keyfile TestSub.key
    openssl x509 -in TestCert.crt -out TestCert.cer -outform DER
    openssl x509 -inform DER -in TestCert.cer -outform PEM -out TestCert.pub.pem
--- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pem
@ -1,57 +1,60 @@
 Bag Attributes
-    localKeyID: 01 00 00 00 
+    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96 
-    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
+subject=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestCert/emailAddress=edkii@tianocore.org
-    friendlyName: PvkTmp:133cc061-112c-467a-b8cf-dc0a56d7830e
+issuer=/C=CN/ST=SH/O=TianoCore/OU=EDKII/CN=TestSub/emailAddress=edkii@tianocore.org
 Key Attributes
    X509v3 Key Usage: 80 
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCSPHYSohF+fim4
 89iNx8CcCG/fPb7KLu9Dsq+pB4Pc/UJtaaA+D7RK3PhqNCrWbb+gCNgm7lxiOCrH
 mm0tPal71UV8VFUiTM7Zf1y8VBFCHJ92ykmS7MDwqV25oMGGocz4jdcPl3r2yFFq
 d9jaBAPjUsHRbs8AC8CKHexOACfeydgQoj9KPWH9DUFQyXcbtMyGXAvFCktnSNRQ
 f01UdNJebeD6+wlQn0sUaojn1lu570OdZ3AkJlm6bTEKvfHeOB21GaHnQ1O1RVtq
 vd/KjFHhxSSw8meTsyqN/Toa/80FyUKEmTIaJdEaq/C2XKaUACezsYqvRxDq+pli
 kyiIpt6bAgMBAAECggEAEeqpdrf3l71iZEAwCJLwNM3N0xawEPp2Ix+56OY8UC+R
 W3FlCiWHa+Kt5uk0VGhG4Zcj0IVEuV3zU9hGRxQ2dy8Wn9h/Q8AQWdKCbKqKIMT7
 /qRjJkauju3ZR1x8SX/6anuKXWUsUh8R5o7/eRqj1U6242+FmhZWhTWMVbQsLl3y
 AShlw56zwdto543Ssl+MLuUtkxT4UZwmo6k/BucvdYsvwWp8dAluhDp2onAfOMLn
 10Bk3Bl9AgnpcQEeGwFConmgBv31UhdYftfIj2R4tTZRDuC+GzRT6jl1Qu6JfPSp
 30tmW5x3aa3946VZw2DKNiBqqYllJM1+kkzmGj+jgQKBgQC1Pzl8gv3q2TH9MlTD
 Tn9rUEs5OhjCrgZrSXoY2rfLcqJf2Tqm6I4xsVXvuePMyu8+DRD1Xizq6otUzNsN
 qh+UVkGRrFYRsgCgv1ratUti2ZlIPrR3JZsz8f23TAMGFFWCNHDH2rb1UanRD+g8
 vO4fQM8FPxBfb6wcgDYqNNMdGwKBgQDOjKhqp5sNNXNF7/rfH6H8RfKVOXuCK1Xy
 PU3Hgzd1wMfoebku4j5zQi2topzy664k9oeLCJj4GNDeHAqMttWD6TzDlMGJfdnj
 bNcrr+HnqUXByU2kS+bcTgBzsyT/1m1M7pKwtSYJzYXP1AHQny3Ip5kutCMo19td
 R4LfdebcgQKBgF3CHQzJ/mw0euWN2cdGnid3W9J4uUJMH8n0MpMU4ar+2/xVNUAO
 YTBXmirusGbKO8SPocwsMXQ8bGMrrc19yeREUpr22XdB6408L9WfnyW9hsuWlGhm
 LclLT4I4cf/9GNbIJedcvvRckEozvmFdIplMP0tpeiDEdfYwZNSkiuktAoGBAL5m
 gTXYDSFO/VUiFFOsOElyPV174LOsuQyVoGZjOjOtI1rVInTqkAD1p1/hf+aahSyD
 qYzrvv8s+RVWKg9u10JDNgVg0kupHLr98RfPiWJg8vHhXFYwtb6tlNMS9+9yvczm
 O4jzY/4zW7+qQoYKxkyq2pVn7uVOnmPNcQIHEGqBAoGBAJMfZV2vpxY6kti8SXzb
 PscYI3ZbbKyJLq4+KHGcKCqqbLiY4ao8vflDyDwBm+TJg4xq9wjJAN2riE9nuuds
 99mYW/8R30BIfiH/4oBHjggb0NC5K3vHR4KGDKcUiIKZPv1r7mNeYw227N4n/dPM
 NXjlZVuS6mqc2T+GPzAJj/Uf
 -----END PRIVATE KEY-----
 Bag Attributes
    localKeyID: 01 00 00 00 
 subject=/CN=TestCert
 issuer=/CN=TestSub
 -----BEGIN CERTIFICATE-----
-MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIxEDAO
+MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
-BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxMjM1OTU5WjAT
+CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
-MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFub2Nv
-ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
+cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTELMAkGA1UE
-KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbmg
+BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsM
-wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0NQVDJ
+BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWRraWlA
-dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptMQq9
+dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe+
-8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr8LZc
+2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOAOR
-ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIwADBEBgNV
+W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DVP
-HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzdFJvb3SC
+WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
-ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CSY4xG
+fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
-9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AXZtx
+xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
-DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu24JV
+CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB
-K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZqrzLdp
+AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50
-opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
+IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
-HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOolyVT
+HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBeAwHQYD
-/A==
+VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQA7
 vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3fJxq7
 CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
 /gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg93
 F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
 l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
 yekXblzF5lQY0goqDiks
 -----END CERTIFICATE-----
 Bag Attributes
    localKeyID: 32 25 22 FA 81 B3 BF 25 E2 F7 8F 0B 1B C4 50 70 BB B7 85 96 
 Key Attributes: <No Attributes>
 -----BEGIN PRIVATE KEY-----
 MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD3vtjV/039IljC
 YGDFzKFjor3l/RRsfWHMB/gSp/WT2R4oOgrGegde38AVnpPKyDgDkVvBS/lMkYbJ
 yhf6CozDe2sIi42nJI6vJtGzxR1ZeHSaKLpR5kjwrETHhv6VrOA1T1oiKBdbr1ze
 jGd87dIaH4Kj5xoyUBdByxAqz6sgb+7IrfXyGjWf3JanEd2anV0EVHxJO3RPKYPm
 YzTWv+VkxsEgQeyHpLuIxmysm76Y+hbRD//GMgCQt3zg/mODyEApxcc1nIThqxXK
 HqoH/4S4c6Ikb2pYJ743M26N1uLIBcBQ/1saA6m9ZdZqB8jrm8OaEwnQ/ifkMHRZ
 dZApBvivAgMBAAECggEBAJ8NtLJ27T/1vBxWuepjfL217sroFyOrv4y5FQgNMvnP
 q6/Ry7cvAupjJjP7EhFfR67qtIi92PjSeUG18HzEJykdZFMhHTlQnBZRCtKqWzRk
 xB9wxGXuPafeQW4D+hBn4632GvzQ1mYziKEMbShkmr3QuxO1PDlO+A9yahfCKbBx
 SPCo+McV+N4c8ft/0UPMxqJLcZSMWscrBMCw1OhGdHry4CEr+NWHBeAAUWXrGSlq
 BPwM6PT00fku1RwQrw0QZw0YKL8VH5iA/uD8hfuaO2YUlt2Z025csNRyIPrizr6v
 Q8Is7jetqPpXulWSBtSYoghTj97DeYQQsQwck+tQN6kCgYEA/beFmdojyc9CoLkd
 0MgwyPBdWma77rj80PAgeRm0hl2KQa8pA6dL/1y5x3vA25gqBr++q+KmSkYT6z/Z
 n3llOk6pRlSWFlxuSLHVjOb/Qp1V/uxEG68Tg8L/I3SlMWiQ+/MnsXNHh+WEtKcZ
 FCVd0ASA4NbsKYKflT2QgraDB00CgYEA+fmRrwRlkh2OxVrxpGFER2uosYGlwQiq
 Xb75eU8BnpO8CCnXtBK4Uv3J6l/zfc+Tr2LzzgPkQiWd4NF1/EFxCNQA5kxGcPf5
 F4f8dPr8CrADO1JNrX2ITHsosaaC1ImdW/r6tl66Ie2ueCImk5Yfu5DQv7JrKh/d
 lrTEUxJL2esCgYEA2VKBla9MSGjH4XOvHk7busJotC6be3fo1e9ZYWGrSAyHiIvI
 zeBXMHz0hPJz16UXGoDTideyKJyuIyul9Pu+wZrvU9bQWIcD0DDDgtW6gAzUxG8M
 R8pHJO26LVyUwyWWSrmUnmLoOndWnIck7CS1nqC849o0n7nLh8IcLlq3EWECgYEA
 1HkeLE4na2f2R6fChv8qAy7uJ1rUodwUuzQtZsAR11EpXSL7tpLG27veGXpPQ9vh
 Yw1PwAesx9Cjfklr6OtTAbb5wMaKhVExB6BNpL0E6KytQon1foaaCLASadXnlHIY
 L+uHmOWxfk9BodkdQwsyk8JGvPoRfq+xMH0b9qQxltsCgYEAtNf8yvoTXUHa2zje
 PvI6OiQjuiON5UIt9KkQNrIrcm4wiQ2eVdkCQcUstuXtmBtvnsrxlay0jbSz2bV6
 1sWlJIvfZJujC901yMs5+twr6jMuXZ6ashWF1f2UbwgtKvh49PPgly4RhWST3Kp1
 J1AmCrzTwtaNmTZd1g5IYreXpKw=
 -----END PRIVATE KEY-----
--- a/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestCert.pub.pem
@ -1,19 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIC/TCCAemgAwIBAgIQ0+nLBVt+jbJMSfzhFpRJrDAJBgUrDgMCHQUAMBIxEDAO
+MIIEKzCCAxOgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCQ04x
-BgNVBAMTB1Rlc3RTdWIwHhcNMTYwODA0MTUwMjMwWhcNMzkxMjMxMjM1OTU5WjAT
+CzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJ
-MREwDwYDVQQDEwhUZXN0Q2VydDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+MRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZIhvcNAQkBFhNlZGtpaUB0aWFub2Nv
-ggEBAJI8dhKiEX5+Kbjz2I3HwJwIb989vsou70Oyr6kHg9z9Qm1poD4PtErc+Go0
+cmUub3JnMB4XDTE3MDQxMDA4MzgwNFoXDTE4MDQxMDA4MzgwNFowdTELMAkGA1UE
-KtZtv6AI2CbuXGI4KseabS09qXvVRXxUVSJMztl/XLxUEUIcn3bKSZLswPCpXbmg
+BhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsM
-wYahzPiN1w+XevbIUWp32NoEA+NSwdFuzwALwIod7E4AJ97J2BCiP0o9Yf0NQVDJ
+BUVES0lJMREwDwYDVQQDDAhUZXN0Q2VydDEiMCAGCSqGSIb3DQEJARYTZWRraWlA
-dxu0zIZcC8UKS2dI1FB/TVR00l5t4Pr7CVCfSxRqiOfWW7nvQ51ncCQmWbptMQq9
+dGlhbm9jb3JlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPe+
-8d44HbUZoedDU7VFW2q938qMUeHFJLDyZ5OzKo39Ohr/zQXJQoSZMhol0Rqr8LZc
+2NX/Tf0iWMJgYMXMoWOiveX9FGx9YcwH+BKn9ZPZHig6CsZ6B17fwBWek8rIOAOR
-ppQAJ7Oxiq9HEOr6mWKTKIim3psCAwEAAaNWMFQwDAYDVR0TAQH/BAIwADBEBgNV
+W8FL+UyRhsnKF/oKjMN7awiLjackjq8m0bPFHVl4dJooulHmSPCsRMeG/pWs4DVP
-HQEEPTA7gBAeQOcW6KCBdWSbrvKQrBrfoRUwEzERMA8GA1UEAxMIVGVzdFJvb3SC
+WiIoF1uvXN6MZ3zt0hofgqPnGjJQF0HLECrPqyBv7sit9fIaNZ/clqcR3ZqdXQRU
-ELOMZKZtPz2BS8i5NTXdHNMwCQYFKw4DAh0FAAOCAQEAK7YgK6iiTo07d3CSY4xG
+fEk7dE8pg+ZjNNa/5WTGwSBB7Ieku4jGbKybvpj6FtEP/8YyAJC3fOD+Y4PIQCnF
-9N0QS2m4LsBPrF8pFmk5h6R81MFEdBZrA+zggbUujQ2IGB7k6F7WvP3F3B3AXZtx
+xzWchOGrFcoeqgf/hLhzoiRvalgnvjczbo3W4sgFwFD/WxoDqb1l1moHyOubw5oT
-DW1FYrQheQhTT5wx85LxFdLy+q6uwUtJi/VyErPmZOcds3QaBXPvG/UykFbu24JV
+CdD+J+QwdFl1kCkG+K8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB
-K2ScLpQVyzmkTN7GWSXrIO6eHHMQgeRX3XjRutbR8CKP1pWTOY+MO4G6YZqrzLdp
+AQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50
-opYFPgvdZpTL3IKSSkp31Amu5oidkvzLgallC3SOYdLZirWEIAAXW2LVYXwiiL6L
+IENlcnRpZmljYXRlMB0GA1UdDgQWBBTACEuCjiL/cFrP+l8hECWctq+Q+TAfBgNV
-HEIV/G9u85jhKhv/z9l8F/1Eg4HHGSYba8pf1HQA+WsQwi4BVp4x4MBoeHOolyVT
+HSMEGDAWgBTWnWbWSXz6II1ddWkqQQp6A1ql6zAOBgNVHQ8BAf8EBAMCBeAwHQYD
-/A==
+VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQA7
 vYHdpk9u63dpMKAt5MrKU9dxVn/wuqNaYQMucvQLpcE12fgWMhV2wOHlmk3fJxq7
 CnD8QVaRbL3OQYWQQDA+sGNSJ9r71WFFET++94Rny6BzTz+dkrvIS4WaL/vLZ17c
 /gOsMCZUlhodxDcSSkachab3eE/VTEzOMUm41YYeW7USIoNSSgkWSnwZQVgcIg93
 F9X6lIr0Ik6rxHMq2ManiuSh6cMjJMGYGf2/58TySIefrXTe2A3TKQR27OYjfXJO
 l/H7u+4HS9AVCA7b9NihR5iSho5HrWqNC4Mmuz8D8iFOI2nWcek86StDswtoqDtu
 yekXblzF5lQY0goqDiks
 -----END CERTIFICATE-----
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.cer
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pem
@ -1,56 +1,58 @@
 Bag Attributes
-    localKeyID: 01 00 00 00 
+    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30 
-    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
+subject=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddress=edkii@tianocore.org
-    friendlyName: PvkTmp:76c92422-d6f3-4763-9b80-b423fd921d00
+issuer=/C=CN/ST=SH/L=SH/O=TianoCore/OU=EDKII/CN=TestRoot/emailAddress=edkii@tianocore.org
 Key Attributes
    X509v3 Key Usage: 80 
 -----BEGIN PRIVATE KEY-----
 MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCU5jNPVsMHoNCZ
 V8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CAvrh4WVub/SeSaczKjj6e
 gUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsbLBYu7lYBh/bI1FMHZ5kL
 Rr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9iUS6YHSm6a4r7Qw5oKfW+
 Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfoRlKvUIqmfhZpg2lbbk3H
 z4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8LeYzJ14hJ7ncOEjWOpbh
 F0dlZc49AgMBAAECgf8dY26Sej8u15Xiri/l3zXgy7aR7uAAbFGoM8fv2exQgIDk
 FrdxTDtqzqTSxGAkfUWs4Ip2DUEeZDwF/qjW4FCzb3mI/QmNt70Yd9KsEDAmDkZ2
 wylcYC2l7IqVEl6HZMpNyiu5hfXdTn/tlkkUIiKr6POYmFR6IyPiS61Tm4LQXyhv
 iW+Lx0GqFQcH82CsbNRNgJGJk/BIiHn7kNDi5rRrKsmTuKEQB9iwF/rKp+lnJN0g
 4qTv2bbZVxj39QWdOovU5LCL+1WJdkA2mpFpZjBEsTdF+UEGCbixdiftfovnZa64
 rofw3pIxr97XS42D3OmdPmSokpwqcQtjTXfScCECgYEAvxBMHcEFMZX644hhZtH7
 t0/PCka9DUBZfe58r+lmgSvlbMCka9OvKGtr86+j0IdWqmGWxRHAuk3KR3NIC3EU
 mD0rYSWiStW0I/cmHidS/a9OdWWHtWi1LcXX7KBn9AjKjPzghqAfDAkRxYfZKLIo
 PRL44O/RM6nJ1j7az5CgWR0CgYEAx4FW/xVVL1Z0kn/VyNVYLdlhV4zMNn6Cu0ko
 jebQydDBh4Tsne2A4dPonZQSsEiJ6jhzaUZr7l5OAEp+0aX0M/h6JbxTcA4CK3Xr
 X2TAaOCkPc1r0I79ZduKymyMNrWfXHenvFVl57klp9eFRQJ6o+pZB9ysFzPHXbci
 4VCsX6ECgYBMqAdB8M1apafxXihmDl2FoJmar+LtzCGbqvGPyn772FbGGUxejqG5
 /89iB9gbtBELbvgEvSisFsXPgOso3Ae9RN2Aro68o50QyPocIv7jFVDPPRsDp6z5
 XmVRZNIQUO6jPln+6YNLWuAsdmKkN0Z5qoD8DnvK1JZMRQ+ZM5eB6QKBgQCuvz+w
 VsMyn4uj9o0PSK/gGRQGV7FX2iAwY7g98vrWix+40FlhS3MkWzTZMaXc+uyyV5ff
 kmtfcwLnhljm0XHBQ9fZzcdX0y1bXAI6oElYk8vIxnG1UEnsOgyrmcCG+zcHC1fE
 wxhri+TLyx9UfwNlKBOrq0KhYB00nQDUUpFpgQKBgQCPWpNeNQ8hCARnayhzu2fE
 HEPG1P/resOp0u+c4jy4TeHVa9806wqZlkYNRKNn09Ub5Ajpp05dwdb+JvUSkWwr
 vOmE94WeLg5FuNzPAQjwAe+Eq54Vk8TdAhdLSu1m2xdBKFtEOk6TQTmRBCiknwhg
 19TgHd8hEFnz6ZICAeWGbQ==
 -----END PRIVATE KEY-----
 Bag Attributes
    localKeyID: 01 00 00 00 
 subject=/CN=TestRoot
 issuer=/CN=TestRoot
 -----BEGIN CERTIFICATE-----
-MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMBMxETAP
+MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzNTk1OVow
+VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAlUaWFu
-EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiMCAGCSqG
-AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CA
+SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw0x
-vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsb
+NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNV
-LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9i
+BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYD
-US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfo
+VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9y
-RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8GL/
-LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAEM61es/l
+2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9fk
-Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYVDoKT1
+GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGULw7x
-DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtTMzBq
+phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3qS
-YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
+HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
-r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtcr
+Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC010
-yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
+lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1Ud
-L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Glmo
+IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
+VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTGdHtcv
 ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI3aYI
 WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
 14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
 oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
 QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgIwd
 -----END CERTIFICATE-----
 Bag Attributes
    localKeyID: F4 2E C8 1D 29 A0 02 47 B7 93 2B 69 8D 8D D1 33 7A E3 09 30 
 Key Attributes: <No Attributes>
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5KSlsYAzXI/Z9
 7vBi/9nJqlWMgZVWP7dWU7DCghLFO3UjuU3WxFVz86qVqBvzk36eQOQdIpyTBwvX
 qlvX5BohhNdjWQNQH/UUVZORm/VSsL8OXGg7WVKYllbhq8RDuwVXeEUBn1gVUw4R
 lC8O8aYZom6GOSszjcfF6+4eM9MylMFZxAyXCxJIXzP2YHR9V8ITLX2ph6M16pGD
 P2d6kh8BU59iX5kS/XMbLZ4rbDRJr08Hj8Dpa55feTXaKlyI7vZIYdqW40hGoJQc
 nfZchw7vdAmRDT1a58VMinqsoYW2Z0QXVVI66BFNWKKTAGLqe4Dtz73fdYBLuWVj
 rQtNdPpZAgMBAAECggEAci5d6wT4Jht5P4N/Ha2kweWWR8UJMFyuVD/bura3mITn
 4ZW92HjOMWjLgupeAkCsTi65/PWBFHG97cqSRHnXW2At6ofTsS9j1JxJGfvQtqNj
 zhlR9XdJperfvN5Nc277BkuWUj/O86d5/4Ef29lMknZGLeNHLs15qiWpe1p+HKvt
 +DfL7Prl5qWA5G90QmXgRQJbThl1TYLCYkETB+9m3MIRm8Z01XKH+fm4ahgclEkG
 XaQl04DhMEo7A/sC8NUnozOMEf81Ixkt3wEpoEDtZ+WhRTrgLF23Q4sXAIBMlEfz
 Pz2UaX/9KBT1dRbZseStIjJKMc8qd+pC7Ww2tuHEOQKBgQDmLdFSgHc2URQW/Otj
 fr9S/Z7EPSOA/tmh4dFhQGwzKF4Us838deRz2cRTbgq5BHuBCrMEPRBiX8h4WLEB
 NVZ73JjgOfyshcDXWNg5noc9f24HYHMZnjcFmHNokpyIgxLl2qgN8f03doJEmKkj
 pm/VnfZmkGDd65IXRp8MYMTQOwKBgQDN7ofqKWK5SA+vt+tDOkCYq6eHKb9+ImPh
 PreikT5xc9SMtb0tGlIjKydsiqA9Jv1WRnpUG0fVfMyagBSOrKt9wC143VEvOtkR
 QJehmLLYG97HP7CXtniAWeKuc2pfCd+nGdHLFmduuTEEDcxab5LQc5dvYQ/RfznF
 YVunt73qewKBgQCg11VUpCYpU2CJa7SEMtY4hLbDg8FiazLiVqx7m4u/964+IyKG
 Dk9T0NDKR7PAc2xl0HclOBJR24J27erJ4F6NcKl2za5NU61cDV4SbT8tbvUQvInR
 Veg2xb+nTAOLtKOo8DDMhdMeRXZjvpU6LxwolhfOtYaqq+jK0PNkr933bwKBgA0G
 RiBgR7cyQJO7jSyuVYGSccERuePPZwPLBLBKgWmJiurvX6ynmoRQ6WhrCCF2AtXf
 FUOWih+Nih9HdIVllF8atYWMceML1MjLjguRbdZPRPLTK2cdClgL11NzR0oFhNi7
 wFIY86fEHL6F5OPfZKi8dtp7iBWW919tfe+IpoFbAoGBAMzNKKBHG5eMuKQI/Dww
 50PDHu25TGUiTc1bHx18v7mGlcvhEPkDYAKd3y7FN5VRoooarGYlLDHXez0FvDTa
 ABFUUad70bULTqRTSmld0I9CWWnYs0vaFKgIemddQ7W2eXr7N+N+ED+OK/PvWjMq
 LMKhChf252RfOYdB+WN6alVG
 -----END PRIVATE KEY-----
--- a/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestRoot.pub.pem
@ -1,18 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIC8DCCAdygAwIBAgIQNDAnfwU9lYVDoKT1DJrnyjAJBgUrDgMCHQUAMBMxETAP
+MIID7DCCAtSgAwIBAgIJAMCRxeK3ZsD4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDE0OFoXDTM5MTIzMTIzNTk1OVow
+VQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNVBAcMAlNIMRIwEAYDVQQKDAlUaWFu
-EzERMA8GA1UEAxMIVGVzdFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+b0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYDVQQDDAhUZXN0Um9vdDEiMCAGCSqG
-AoIBAQCU5jNPVsMHoNCZV8PhVkIBcFkcL0pmjzSek7227JKkkFFdxo+1w4YV32CA
+SIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9yZzAeFw0xNzA0MTAwODI3NDBaFw0x
-vrh4WVub/SeSaczKjj6egUdbhO9cm7NKQ1uNCzEEALaKwKn1IdA/zbBnfVAzLvsb
+NzA1MTAwODI3NDBaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0gxCzAJBgNV
-LBYu7lYBh/bI1FMHZ5kLRr8dkMbbf21iDEqsqKI8eQ+tj/7B6OUnPfmmmh3sml9i
+BAcMAlNIMRIwEAYDVQQKDAlUaWFub0NvcmUxDjAMBgNVBAsMBUVES0lJMREwDwYD
-US6YHSm6a4r7Qw5oKfW+Z0hEKEX+HTtQcmrAuwyfAmGtY6eH9jKfPhZc7swFvRfo
+VQQDDAhUZXN0Um9vdDEiMCAGCSqGSIb3DQEJARYTZWRraWlAdGlhbm9jb3JlLm9y
-RlKvUIqmfhZpg2lbbk3Hz4C4zfZmP75soOicJmC6qQXdcUq9AKgM91CrRNY+hyE8
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkpKWxgDNcj9n3u8GL/
-LeYzJ14hJ7ncOEjWOpbhF0dlZc49AgMBAAGjSDBGMEQGA1UdAQQ9MDuAEM61es/l
+2cmqVYyBlVY/t1ZTsMKCEsU7dSO5TdbEVXPzqpWoG/OTfp5A5B0inJMHC9eqW9fk
-Icdr8+yS1L9lKjWhFTATMREwDwYDVQQDEwhUZXN0Um9vdIIQNDAnfwU9lYVDoKT1
+GiGE12NZA1Af9RRVk5Gb9VKwvw5caDtZUpiWVuGrxEO7BVd4RQGfWBVTDhGULw7x
-DJrnyjAJBgUrDgMCHQUAA4IBAQBrDeAK0O5bP7ZzSGLo9Fvh7dkAxeUOaPtTMzBq
+phmiboY5KzONx8Xr7h4z0zKUwVnEDJcLEkhfM/ZgdH1XwhMtfamHozXqkYM/Z3qS
-YLruOFtRY3DVfgX+5EUqFWIb/Nh1k1b25gaFIfcIRya5/gVOkCJU9DkJTFyOzXw7
+HwFTn2JfmRL9cxstnitsNEmvTwePwOlrnl95NdoqXIju9khh2pbjSEaglByd9lyH
-r0stGAb0XCQqZPdZdSiXqZAsukYCamRmSTLLXTT+JOREsMKtFxsFfdNYiC6+Dtcr
+Du90CZENPVrnxUyKeqyhhbZnRBdVUjroEU1YopMAYup7gO3Pvd91gEu5ZWOtC010
-yly/KCU92Ls8OFLmJ/rSuEVrX39LsCMF6K9n6OJsL5/4c3/DF7yyalsq82vT3H/f
+lkCAwEAAaNjMGEwHQYDVR0OBBYEFBaq1o4bLUPzLbAkrTZlP7L6sSztMB8GA1Ud
-L9CrBgz+A+eNguyEPch97ctqWzVIVQf7qngaAbuYRYvaiuMhV4YVIxdQG5y8Glmo
+IwQYMBaAFBaq1o4bLUPzLbAkrTZlP7L6sSztMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-Kq06fgEkg/ewYea9T9mRkKcquQw7q5UgHPB0zgK6FF3xkSVK
+VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCV3t+kFNuSIngavTGdHtcv
 ChARXXRh6DDE8xXpMFT0uwwEeBNdLN2MkpDRnNDQGKOj/IwoWtSRTQjD9hrI3aYI
 WOIVlfstLYqxMIC9mrbhLCA+3cTHVWXPKBf07tq+d3DVUtYVevutr/3VRZBa5jFC
 14SzSVZq00fzv2hgiw/ir/Tj7BK54joWEU5Nc3mvR4VMdiaeizLAjsLcJ6bvrJOe
 oV7PNEXgKsedTdfXN3KX+Fj5tjVI8dEKcn/9TXzpzNhIG0lSU95RAVM1vJDNjIrM
 QyCnRf8rVbCLLf9VFUuE0MPTkJyUS1XVYuoiq2Jo3VPG3KXdmi2OeXwunORmgIwd
 -----END CERTIFICATE-----
--- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pem
@ -1,57 +1,59 @@
-Bag Attributes
+Certificate:
-    localKeyID: 01 00 00 00 
+    Data:
-    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
+        Version: 3 (0x2)
-    friendlyName: PvkTmp:11e8b08d-46fb-45a2-90c4-d458be4a1276
+        Serial Number: 4098 (0x1002)
-Key Attributes
+    Signature Algorithm: sha256WithRSAEncryption
-    X509v3 Key Usage: 80 
+        Issuer: C = CN, ST = SH, L = SH, O = TianoCore, OU = EDKII, CN = TestRoot, emailAddress = edkii@tianocore.org
-----BEGIN PRIVATE KEY-----
+        Validity
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCfNn3oUo5iCBXg
+            Not Before: Apr 10 08:33:45 2017 GMT
-x1AUxgHG/h23/WyThgYj2NAToG3S51i0MGamyjGP8GbBphRc0ORpIhQE8Va+NPjW
+            Not After : Apr 10 08:33:45 2018 GMT
-cdoh4sXLOroW3Es26sR+cxdRwNF0/YxK/+JboYDmdUecgcwqipIv795bVQjRLCyT
+        Subject: C = CN, ST = SH, O = TianoCore, OU = EDKII, CN = TestSub, emailAddress = edkii@tianocore.org
-/+LjLXs/B3XM/jc4jHa7gs+AmwH2DXz9VTsIHmXrm/KGZ64VQzFbJYJl+KvFAmlm
+        Subject Public Key Info:
-LcL+t099lyiJYL+3LY2ajonzkAidVQylIfsmhAlcnGee6MYfPxLQRe4pIIlhyXAK
+            Public Key Algorithm: rsaEncryption
-ZixBnAlZvifo3JRwTKXRHzkj6Vp5KhDsi/31Y54iLJQHiet/FlymIHrtkFpC47xi
+                Public-Key: (2048 bit)
-ndF6jNpfAgMBAAECggEAD4owC9xS+A/gosnmxRWhLXJhet3fb8llvAX4zpGau+Uc
+                Modulus:
-wVRKu1OCNucOAISx+W/iJhN6GhQRlWByO+wXkGB5UcwaRwpFb8dxBQPoGMYAgQdm
+                    00:c5:3a:af:16:34:9a:14:61:74:8c:39:1a:04:1f:
-XsOkV7E8dZdTirEYjmZsElsP5vY2dW7MWGhiFYO7mHv6ltbmk5G83Qci3biYyRKB
+                    7b:95:d3:40:b7:ea:26:a7:7b:8d:76:d3:86:1b:7c:
-4Qb+q/1yl9tdqRvMnLshgSNSa2onGiJ8k9NniSnfnKCc4S0pliy2Z5HOPQCi2QAk
+                    07:17:d2:56:72:36:13:b4:6c:75:b7:bf:d1:35:d1:
-eVWORHz5jL8lzlVCflOL7VZiS13YORMDIj0S9LyMhXO4bAtsgWfldqOupNgNW0qI
+                    31:d5:9a:07:c1:62:4e:aa:3d:bd:d8:40:8b:48:9a:
-FwzrNvIXhQxeUiqylzfKNCzuBA11CFBnPt/+agv10QKBgQDH82PHMC3GH8Teq0lw
+                    c5:46:c4:c3:10:2c:d4:82:d9:6d:f4:c3:de:85:fa:
-J5G+zYQol1ikRU7O116cAcV04P8HAiAmZ2lrP4DSJWD3y3sOjnnK54KmXkHVcNJI
+                    34:1d:d1:74:7a:5f:16:34:59:2b:2b:03:61:46:62:
-IDjb8d/BZjuYqdylfKhoKNgAdI1WcNKOz7KOK6Le8/ZK1uh1ZHMA6M+L9mTtQjhW
+                    d7:88:62:59:4d:d8:55:00:52:54:e1:15:5e:a9:ec:
-DyoMvEGsQmNHnYF5n3zPQWUMFQKBgQDL17jZMLOORK2U+Iqu0cTVttGUjg/agP+r
+                    d6:e8:51:fd:ef:8e:68:5f:d2:40:d2:61:ef:2c:1d:
-D4RWwA6BKI0vW3fFOka9MsjBpRZkZdXucq1TusDl8/J30FD/Cjp/gt9RwCQAvk44
+                    5b:a7:6e:14:4c:12:bc:60:81:8e:66:c9:84:51:c2:
-Zp6HU3TFEsBdXU+3XeJqTtyJqFuPkRQWrd0UeudSiEJammAlzyF7pPZioF1mucOA
+                    89:51:fc:e5:7f:86:9a:78:a4:c1:f7:0f:a9:a5:97:
-nCcDecLFowKBgBv1gKI9rmjh0FmCggZYwhx4CF7UquRtfJOXsfcGmGG7hG2qcmxs
+                    60:dd:6f:c8:a0:fd:ea:07:2f:01:36:0a:e8:bd:0e:
-UWVZv92itGhx34ctjQI+VRqGW5ZI7F6BgvHeZHdaoEK8ncnWIIZQD8QgiBLqO8cU
+                    dc:48:2e:85:22:7b:bb:db:68:78:eb:cd:6a:54:07:
-a9dNarzaSDo2ytJ/dUVPSJY9oec7Nz1xaWPWfyhjMBa3g39KOd2RO1vxAoGBAMRD
+                    f7:81:a5:52:8f:f3:5c:09:1e:76:a3:d1:91:8f:ee:
-Q9r6JSeJwId6diy0FAyhJVEfJux+36tYGVddO5nn7Wf3bW4cGhf4WYr45IJt+njH
+                    86:2c:85:49:99:96:4f:5f:5b:0d:08:ae:d8:20:e8:
-OVMwsKG3K3FoxVOKCaDT5SjVEtUUZkOvqlspY3iMAWLjgOlQH7uzimuQCfhE+06K
+                    e3:67:70:c6:ec:0e:0e:bd:bf:3c:f6:db:e4:45:d5:
-wB4D581zHFAX6xL8R4TA4+k59jP+D9o4fue9yGZ5AoGAMn+TsY1IZFSY1fw6TTHq
+                    7a:bb:9f:d1:3b:18:89:fc:63:ac:c2:30:b8:fa:bb:
-sp9PiYQQqTMjRkzE7GRXbb1rdE6WoLkSk4Dz4u/B9E7YVzTZggYhPisChu6wZPtK
+                    8a:24:63:4e:79:58:78:72:ab:27:36:3d:bb:4f:47:
-IiXBGu8h3GygUGI/WdNRKHW5nst9IZWrtVJ06c87jWqOktbgBnrbqXUG1rgRZr+i
+                    d6:ef
-n3sJLF+GGwzdp/gCxLMH66M=
+                Exponent: 65537 (0x10001)
-----END PRIVATE KEY-----
+        X509v3 extensions:
-Bag Attributes
+            X509v3 Subject Key Identifier: 
-    localKeyID: 01 00 00 00 
+                D6:9D:66:D6:49:7C:FA:20:8D:5D:75:69:2A:41:0A:7A:03:5A:A5:EB
-subject=/CN=TestSub
+            X509v3 Authority Key Identifier: 
-issuer=/CN=TestRoot
+                keyid:16:AA:D6:8E:1B:2D:43:F3:2D:B0:24:AD:36:65:3F:B2:FA:B1:2C:ED
-----BEGIN CERTIFICATE-----
+
-MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBMxETAP
+            X509v3 Basic Constraints: critical
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIzNTk1OVow
+                CA:TRUE
-EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+            X509v3 Key Usage: critical
-ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/wZsGm
+                Digital Signature, Certificate Sign, CRL Sign
-FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
+    Signature Algorithm: sha256WithRSAEncryption
-zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZn
+         83:3c:ae:b2:fc:99:3d:33:b3:da:ca:26:83:8c:a9:ae:f8:bb:
-rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57o
+         ad:05:37:97:a5:f8:0d:2b:4e:3e:e5:b7:12:68:f8:64:d4:bd:
-xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
+         ff:65:7d:57:98:61:cd:47:10:a5:6a:bd:66:89:74:ce:5e:28:
-638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUwAwEB/zBE
+         29:39:67:c9:1f:54:ec:78:76:b1:dd:04:91:63:b6:8c:2f:86:
-BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGVzdFJv
+         59:1f:c4:2b:a1:4a:8c:a8:5b:f6:8a:92:f0:83:bb:92:92:5c:
-b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSHCmatVNg
+         b1:1c:18:95:3d:d6:be:6d:79:9d:4f:7b:92:1f:68:f5:1f:cd:
-LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcEGY
+         f4:37:2d:1e:e3:f6:eb:f2:8a:a4:8d:a1:c5:db:0c:3a:59:01:
-+mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcyt
+         dc:be:a9:c1:0b:04:ba:e8:02:a9:85:cd:d7:48:0d:f6:60:30:
-U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW1D
+         2b:05:ba:e0:c7:d8:9f:23:14:37:04:0a:a7:bc:b6:c8:25:31:
-MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3KC0
+         e4:9a:41:a5:83:c2:ee:89:d3:fa:a5:7c:ae:a6:14:22:a4:5f:
-NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F2Mw
+         73:03:f2:7b:3c:51:f7:76:2a:0a:cf:ee:71:35:1c:bc:ff:3f:
-HgNmsA==
+         9b:d5:b1:33:e0:b6:fc:2a:c8:ab:84:89:cd:fa:1c:ee:12:8c:
-----END CERTIFICATE-----
+         07:ba:93:46:50:b3:3f:73:05:be:67:58:60:90:05:2c:d3:b6:
         19:7c:a4:f0:6e:ee:d4:f2:0e:f5:02:79:5f:2c:28:83:1e:83:
         c6:92:ba:7c
--- a/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
+++ b/BaseTools/Source/Python/Pkcs7Sign/TestSub.pub.pem
@ -1,19 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDADCCAeygAwIBAgIQs4xkpm0/PYFLyLk1Nd0c0zAJBgUrDgMCHQUAMBMxETAP
+MIID1jCCAr6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAkNO
-BgNVBAMTCFRlc3RSb290MB4XDTE2MDgwNDE1MDIwOVoXDTM5MTIzMTIzNTk1OVow
+MQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxEjAQBgNVBAoMCVRpYW5vQ29yZTEO
-EjEQMA4GA1UEAxMHVGVzdFN1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+MAwGA1UECwwFRURLSUkxETAPBgNVBAMMCFRlc3RSb290MSIwIAYJKoZIhvcNAQkB
-ggEBAJ82fehSjmIIFeDHUBTGAcb+Hbf9bJOGBiPY0BOgbdLnWLQwZqbKMY/wZsGm
+FhNlZGtpaUB0aWFub2NvcmUub3JnMB4XDTE3MDQxMDA4MzM0NVoXDTE4MDQxMDA4
-FFzQ5GkiFATxVr40+NZx2iHixcs6uhbcSzbqxH5zF1HA0XT9jEr/4luhgOZ1R5yB
+MzM0NVowdDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMRIwEAYDVQQKDAlUaWFu
-zCqKki/v3ltVCNEsLJP/4uMtez8Hdcz+NziMdruCz4CbAfYNfP1VOwgeZeub8oZn
+b0NvcmUxDjAMBgNVBAsMBUVES0lJMRAwDgYDVQQDDAdUZXN0U3ViMSIwIAYJKoZI
-rhVDMVslgmX4q8UCaWYtwv63T32XKIlgv7ctjZqOifOQCJ1VDKUh+yaECVycZ57o
+hvcNAQkBFhNlZGtpaUB0aWFub2NvcmUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
-xh8/EtBF7ikgiWHJcApmLEGcCVm+J+jclHBMpdEfOSPpWnkqEOyL/fVjniIslAeJ
+AQ8AMIIBCgKCAQEAxTqvFjSaFGF0jDkaBB97ldNAt+omp3uNdtOGG3wHF9JWcjYT
-638WXKYgeu2QWkLjvGKd0XqM2l8CAwEAAaNZMFcwDwYDVR0TAQH/BAUwAwEB/zBE
+tGx1t7/RNdEx1ZoHwWJOqj292ECLSJrFRsTDECzUgtlt9MPehfo0HdF0el8WNFkr
-BgNVHQEEPTA7gBDOtXrP5SHHa/PsktS/ZSo1oRUwEzERMA8GA1UEAxMIVGVzdFJv
+KwNhRmLXiGJZTdhVAFJU4RVeqezW6FH9745oX9JA0mHvLB1bp24UTBK8YIGOZsmE
-b3SCEDQwJ38FPZWFQ6Ck9Qya58owCQYFKw4DAh0FAAOCAQEAFT8uXdMSHCmatVNg
+UcKJUfzlf4aaeKTB9w+ppZdg3W/IoP3qBy8BNgrovQ7cSC6FInu722h4681qVAf3
-LMKsyVA/jJgXGncHmAy59Vjo2+KCIooEuY3NaK527LxB1yi9+UyMe2+Ia4KWcEGY
+gaVSj/NcCR52o9GRj+6GLIVJmZZPX1sNCK7YIOjjZ3DG7A4Ovb889tvkRdV6u5/R
-+mb+PDTDrlsYtjIU3aRzDpyXUrkYV/D6vZaw+zsgAquQkCi+WwEYZ4uCSUznlcyt
+OxiJ/GOswjC4+ruKJGNOeVh4cqsnNj27T0fW7wIDAQABo2MwYTAdBgNVHQ4EFgQU
-U3p2Rd/+tvQqq5UerPfRBIs6JTUerwRGUQurTNpzqCGClo3zi58yuOEbNIrOzW1D
+1p1m1kl8+iCNXXVpKkEKegNapeswHwYDVR0jBBgwFoAUFqrWjhstQ/MtsCStNmU/
-MtQFKUtKkMx4rg6NT9kq/ICXt8k3UIsXh52NTYchkLlsnCgaoKzW2DFqSMFL3KC0
+svqxLO0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN
-NmQtmKaPo3mBIYJT0WDofYzas2TQO8cBiQHGrSqXNFAfI5eUo3qLtsRE+7Z9F2Mw
+AQELBQADggEBAIM8rrL8mT0zs9rKJoOMqa74u60FN5el+A0rTj7ltxJo+GTUvf9l
-HgNmsA==
+fVeYYc1HEKVqvWaJdM5eKCk5Z8kfVOx4drHdBJFjtowvhlkfxCuhSoyoW/aKkvCD
 u5KSXLEcGJU91r5teZ1Pe5IfaPUfzfQ3LR7j9uvyiqSNocXbDDpZAdy+qcELBLro
 AqmFzddIDfZgMCsFuuDH2J8jFDcECqe8tsglMeSaQaWDwu6J0/qlfK6mFCKkX3MD
 8ns8Ufd2KgrP7nE1HLz/P5vVsTPgtvwqyKuEic36HO4SjAe6k0ZQsz9zBb5nWGCQ
 BSzTthl8pPBu7tTyDvUCeV8sKIMeg8aSunw=
 -----END CERTIFICATE-----
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py
@ -64,6 +64,8 @@ if __name__ == '__main__':
  try:
    OpenSslPath = os.environ['OPENSSL_PATH']
    OpenSslCommand = os.path.join(OpenSslPath, OpenSslCommand)
    if ' ' in OpenSslCommand:
      OpenSslCommand = '"' + OpenSslCommand + '"'
  except:
    pass
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@ -4,7 +4,7 @@
 #   {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf}}
 # This tool has been tested with OpenSSL 1.0.1e 11 Feb 2013
 #
-# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@ -85,6 +85,8 @@ if __name__ == '__main__':
  try:
    OpenSslPath = os.environ['OPENSSL_PATH']
    OpenSslCommand = os.path.join(OpenSslPath, OpenSslCommand)
    if ' ' in OpenSslCommand:
      OpenSslCommand = '"' + OpenSslCommand + '"'
  except:
    pass
@ -174,7 +176,7 @@ if __name__ == '__main__':
    # 
    # Sign the input file using the specified private key and capture signature from STDOUT
    #
-    Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+    Process = subprocess.Popen('%s dgst -sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
    Signature = Process.communicate(input=FullInputFileBuffer)[0]
    if Process.returncode <> 0:
      sys.exit(Process.returncode)
@ -223,7 +225,7 @@ if __name__ == '__main__':
    #
    # Verify signature
    #    
-    Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+    Process = subprocess.Popen('%s dgst -sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
    Process.communicate(input=FullInputFileBuffer)
    if Process.returncode <> 0:
      print 'ERROR: Verification failed'
--- a/BaseTools/Source/Python/build/build.py
+++ b/BaseTools/Source/Python/build/build.py
@ -2,7 +2,7 @@
 # build a platform or a module
 #
 #  Copyright (c) 2014, Hewlett-Packard Development Company, L.P.<BR>
-#  Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
@ -54,7 +54,7 @@ import Common.GlobalData as GlobalData
 # Version and Copyright
 VersionNumber = "0.60" + ' ' + gBUILD_VERSION
 __version__ = "%prog Version " + VersionNumber
-__copyright__ = "Copyright (c) 2007 - 2016, Intel Corporation  All rights reserved."
+__copyright__ = "Copyright (c) 2007 - 2017, Intel Corporation  All rights reserved."
 ## standard targets of build command
 gSupportedTarget = ['all', 'genc', 'genmake', 'modules', 'libraries', 'fds', 'clean', 'cleanall', 'cleanlib', 'run']
@ -989,7 +989,6 @@ class Build():
                self.PostbuildScript = PostbuildList[0]
                self.Postbuild = ' '.join(PostbuildList)
                self.Postbuild += self.PassCommandOption(self.BuildTargetList, self.ArchList, self.ToolChainList)
                #self.LanuchPostbuild()
            else:
                EdkLogger.error("Postbuild", POSTBUILD_ERROR, "the postbuild script %s is not exist.\n If you'd like to disable the Postbuild process, please use the format: -D POSTBUILD=\"\" " %(PostbuildList[0]))
@ -1040,7 +1039,7 @@ class Build():
                Process = Popen(args, stdout=PIPE, stderr=PIPE)
            else:
                args = ' && '.join((self.Prebuild, 'env > ' + PrebuildEnvFile))
-                Process = Popen(args, stdout=PIPE, stderr=PIPE, shell=True, executable="/bin/bash")
+                Process = Popen(args, stdout=PIPE, stderr=PIPE, shell=True)
            # launch two threads to read the STDOUT and STDERR
            EndOfProcedure = Event()
@ -1076,13 +1075,13 @@ class Build():
                os.environ.update(dict(envs))
            EdkLogger.info("\n- Prebuild Done -\n")
-    def LanuchPostbuild(self):
+    def LaunchPostbuild(self):
        if self.Postbuild:
            EdkLogger.info("\n- Postbuild Start -\n")
            if sys.platform == "win32":
                Process = Popen(self.Postbuild, stdout=PIPE, stderr=PIPE)
            else:
-                Process = Popen(self.Postbuild, stdout=PIPE, stderr=PIPE, shell=True, executable="/bin/bash")
+                Process = Popen(self.Postbuild, stdout=PIPE, stderr=PIPE, shell=True)
            # launch two threads to read the STDOUT and STDERR
            EndOfProcedure = Event()
            EndOfProcedure.clear()
@ -2331,7 +2330,7 @@ def Main():
    if ReturnCode == 0:
        try:
-            MyBuild.LanuchPostbuild()
+            MyBuild.LaunchPostbuild()
            Conclusion = "Done"
        except:
            Conclusion = "Failed"
--- a/BaseTools/get_vsvars.bat
+++ b/BaseTools/get_vsvars.bat
@ -16,6 +16,12 @@
@echo off
 goto  :main
 :set_vsvars
 for /f "usebackq tokens=1* delims=: " %%i in (`%*`) do (
  if /i "%%i"=="installationPath" call "%%j\VC\Auxiliary\Build\vcvars32.bat"
 )
 goto :EOF
 :read_vsvars
@rem Do nothing if already found, otherwise call vsvars32.bat if there
 if defined VCINSTALLDIR goto :EOF
@ -33,6 +39,8 @@ REM       (Or invoke the relevant vsvars32 file beforehand).
 :main
 if defined VCINSTALLDIR goto :done
  if exist "%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe"  call :set_vsvars "%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe"
  if exist "%ProgramFiles%\Microsoft Visual Studio\Installer\vswhere.exe"       call :set_vsvars "%ProgramFiles%\Microsoft Visual Studio\Installer\vswhere.exe"
  if defined VS140COMNTOOLS  call :read_vsvars  "%VS140COMNTOOLS%"
  if defined VS120COMNTOOLS  call :read_vsvars  "%VS120COMNTOOLS%"
  if defined VS110COMNTOOLS  call :read_vsvars  "%VS110COMNTOOLS%"
--- a/BaseTools/set_vsprefix_envs.bat
+++ b/BaseTools/set_vsprefix_envs.bat
@ -3,7 +3,7 @@
@REM   however it may be executed directly from the BaseTools project folder
@REM   if the file is not executed within a WORKSPACE\BaseTools folder.
@REM
-@REM Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+@REM Copyright (c) 2016-2017, Intel Corporation. All rights reserved.<BR>
@REM
@REM This program and the accompanying materials are licensed and made available
@REM under the terms and conditions of the BSD License which accompanies this
@ -90,6 +90,37 @@ if defined VS140COMNTOOLS (
  )
 )
@REM set VS2017
 if not defined VS150COMNTOOLS (
  if exist "%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe" (
    for /f "usebackq tokens=1* delims=: " %%i in (`"%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe"`) do (
      if /i "%%i"=="installationPath" call "%%j\VC\Auxiliary\Build\vcvars32.bat"
    )
  ) else if exist "%ProgramFiles%\Microsoft Visual Studio\Installer\vswhere.exe" (
    for /f "usebackq tokens=1* delims=: " %%i in (`"%ProgramFiles%\Microsoft Visual Studio\Installer\vswhere.exe"`) do (
      if /i "%%i"=="installationPath" call "%%j\VC\Auxiliary\Build\vcvars32.bat"
    )
  ) else (
    goto SetWinDDK
  )
 )
 if defined VCToolsInstallDir (
  if not defined VS2017_PREFIX (
    set "VS2017_PREFIX=%VCToolsInstallDir%"
  )
 )
 if not defined WINSDK10_PREFIX (
  if defined WindowsSdkVerBinPath (
    set "WINSDK10_PREFIX=%WindowsSdkVerBinPath%"
  ) else if exist "%ProgramFiles(x86)%\Windows Kits\10\bin" (
    set "WINSDK10_PREFIX=%ProgramFiles(x86)%\Windows Kits\10\bin\"
  ) else if exist "%ProgramFiles%\Windows Kits\10\bin" (
    set "WINSDK10_PREFIX=%ProgramFiles%\Windows Kits\10\bin\"
  )
 )
 :SetWinDDK
 if not defined WINDDK3790_PREFIX (
  set WINDDK3790_PREFIX=C:\WINDDK\3790.1830\bin\
 )
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@ -20,7 +20,7 @@
  PACKAGE_NAME                   = CryptoPkg
  PACKAGE_UNI_FILE               = CryptoPkg.uni
  PACKAGE_GUID                   = 36470E80-36F2-4ba0-8CC8-937C7D9FF888
-  PACKAGE_VERSION                = 0.96
+  PACKAGE_VERSION                = 0.97
 [Includes]
  Include
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@ -1,7 +1,7 @@
 ## @file
 #  Cryptographic Library Package for UEFI Security Implementation.
 #
-#  Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@ -20,7 +20,7 @@
 [Defines]
  PLATFORM_NAME                  = CryptoPkg
  PLATFORM_GUID                  = E1063286-6C8C-4c25-AEF0-67A9A5B6E6B6
-  PLATFORM_VERSION               = 0.96
+  PLATFORM_VERSION               = 0.97
  DSC_SPECIFICATION              = 0x00010005
  OUTPUT_DIRECTORY               = Build/CryptoPkg
  SUPPORTED_ARCHITECTURES        = IA32|X64|IPF|ARM|AARCH64
--- a/CryptoPkg/Include/Library/BaseCryptLib.h
+++ b/CryptoPkg/Include/Library/BaseCryptLib.h
@ -1790,7 +1790,7 @@ Arc4Init (
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
-  @param[in]   Arc4Context  Pointer to the ARC4 context.
+  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @param[in]       Input        Pointer to the buffer containing the data to be encrypted.
  @param[in]       InputSize    Size of the Input buffer in bytes.
  @param[out]      Output       Pointer to a buffer that receives the ARC4 encryption output.
@ -1822,7 +1822,7 @@ Arc4Encrypt (
  If Output is NULL, then return FALSE.
  If this interface is not supported, then return FALSE.
-  @param[in]   Arc4Context  Pointer to the ARC4 context.
+  @param[in, out]  Arc4Context  Pointer to the ARC4 context.
  @param[in]       Input        Pointer to the buffer containing the data to be decrypted.
  @param[in]       InputSize    Size of the Input buffer in bytes.
  @param[out]      Output       Pointer to a buffer that receives the ARC4 decryption output.
@ -2511,7 +2511,7 @@ Pkcs7Verify (
  @retval     TRUE          The P7Data was correctly formatted for processing.
  @retval     FALSE         The P7Data was not correctly formatted for processing.
-*/
+**/
 BOOLEAN
 EFIAPI
 Pkcs7GetAttachedContent (
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c
@ -232,7 +232,9 @@ DhGenerateKey (
      return FALSE;
    }
    if (PublicKey != NULL) {
      BN_bn2bin (DhPubKey, PublicKey);
    }
    *PublicKeySize = Size;
  }
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@ -558,7 +558,9 @@ Pkcs7GetCertificatesList (
    }
  }
  CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx);
  if (CtxUntrusted != NULL) {
    (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer);
  }
  //
  // Build certificates stack chained from Signer's certificate.
@ -711,8 +713,10 @@ _Error:
  }
  sk_X509_free (Signers);
  if (CertCtx != NULL) {
    X509_STORE_CTX_cleanup (CertCtx);
    X509_STORE_CTX_free (CertCtx);
  }
  if (SingleCert != NULL) {
    free (SingleCert);
@ -925,7 +929,7 @@ _Exit:
  @retval     TRUE          The P7Data was correctly formatted for processing.
  @retval     FALSE         The P7Data was not correctly formatted for processing.
-*/
+**/
 BOOLEAN
 EFIAPI
 Pkcs7GetAttachedContent (
--- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
@ -7,7 +7,7 @@
 #  buffer overflow or integer overflow.
 #
 #  Note: MD4 Digest functions, SHA-384 Digest functions, SHA-512 Digest functions,
-#  HMAC-MD5 functions, HMAC-SHA1/SHA256 functions, TDES/ARC4 functions, RSA external
+#  HMAC-MD5 functions, HMAC-SHA1 functions, TDES/ARC4 functions, RSA external
 #  functions, PKCS#7 SignedData sign functions, Diffie-Hellman functions, and 
 #  authenticode signature verification functions are not supported in this instance.
 #
@ -46,7 +46,7 @@
  Hash/CryptSha512Null.c
  Hmac/CryptHmacMd5Null.c
  Hmac/CryptHmacSha1Null.c
-  Hmac/CryptHmacSha256Null.c
+  Hmac/CryptHmacSha256.c
  Cipher/CryptAes.c
  Cipher/CryptTdesNull.c
  Cipher/CryptArc4Null.c
--- a/DuetPkg/EfiLdr/TianoDecompress.c
+++ b/DuetPkg/EfiLdr/TianoDecompress.c
@ -93,11 +93,11 @@ Returns: (VOID)
 --*/
 {
-  Sd->mBitBuf = (UINT32) (Sd->mBitBuf << NumOfBits);
+  Sd->mBitBuf = (UINT32) LShiftU64 (((UINT64)Sd->mBitBuf), NumOfBits);
  while (NumOfBits > Sd->mBitCount) {
-
+    NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount);
-    Sd->mBitBuf |= (UINT32) (Sd->mSubBitBuf << (NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount)));
+    Sd->mBitBuf |= (UINT32) LShiftU64 (((UINT64)Sd->mSubBitBuf), NumOfBits);
    if (Sd->mCompSize > 0) {
      //
--- a/IntelFrameworkModulePkg/Bus/Pci/IdeBusDxe/Atapi.c
+++ b/IntelFrameworkModulePkg/Bus/Pci/IdeBusDxe/Atapi.c
@ -1,7 +1,7 @@
 /** @file
   This file contains all helper functions on the ATAPI command 
-  Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials                          
  are licensed and made available under the terms and conditions of the BSD License         
  which accompanies this distribution.  The full text of the license may be found at        
@ -1053,7 +1053,7 @@ AtapiReadCapacity (
 	if (!EFI_ERROR (Status) && *SResult == SenseNoSenseKey) {
      if (IdeDev->Type == IdeCdRom) {
-        IdeDev->BlkIo.Media->LastBlock = (Data.LastLba3 << 24) |
+        IdeDev->BlkIo.Media->LastBlock = ((UINT32) Data.LastLba3 << 24) |
          (Data.LastLba2 << 16) |
          (Data.LastLba1 << 8) |
          Data.LastLba0;
@ -1076,7 +1076,7 @@ AtapiReadCapacity (
          IdeDev->BlkIo.Media->LastBlock    = 0;
        } else {
-          IdeDev->BlkIo.Media->LastBlock =  (FormatData.LastLba3 << 24) |
+          IdeDev->BlkIo.Media->LastBlock = ((UINT32) FormatData.LastLba3 << 24) |
            (FormatData.LastLba2 << 16) | 
            (FormatData.LastLba1 << 8)  |
            FormatData.LastLba0;
--- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf
+++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf
@ -137,6 +137,7 @@
  gEfiLegacyBiosProtocolGuid                    ## PRODUCES
  gEfiSerialIoProtocolGuid                      ## CONSUMES
  gEfiSioProtocolGuid                           ## CONSUMES
  gEdkiiIoMmuProtocolGuid                       ## CONSUMES
 [Pcd]
  gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLegacyBiosCacheLegacyRegion  ## CONSUMES
--- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h
+++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h
@ -47,6 +47,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/PciRootBridgeIo.h>
 #include <Protocol/SerialIo.h>
 #include <Protocol/SuperIo.h>
 #include <Protocol/IoMmu.h>
 #include <Library/BaseLib.h>
 #include <Library/DebugLib.h>
--- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c
+++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyPci.c
@ -41,7 +41,7 @@ BOOLEAN                             mIgnoreBbsUpdateFlag;
 BOOLEAN                             mVgaInstallationInProgress  = FALSE;
 UINT32                              mRomCount                   = 0x00;
 ROM_INSTANCE_ENTRY                  mRomEntry[ROM_MAX_ENTRIES];
-
+EDKII_IOMMU_PROTOCOL                *mIoMmu;
 /**
  Query shadowed legacy ROM parameters registered by RomShadow() previously.
@ -2696,6 +2696,61 @@ Done:
  return Status;
 }
 /**
  Let IOMMU grant DMA access for the PCI device.
  @param  PciHandle             The EFI handle for the PCI device.
  @param  HostAddress           The system memory address to map to the PCI controller.
  @param  NumberOfBytes         The number of bytes to map.
  @retval EFI_SUCCESS  The DMA access is granted.
 **/
 EFI_STATUS
 IoMmuGrantAccess (
  IN  EFI_HANDLE                        PciHandle,
  IN  EFI_PHYSICAL_ADDRESS              HostAddress,
  IN  UINTN                             NumberOfBytes
  )
 {
  EFI_PHYSICAL_ADDRESS            DeviceAddress;
  VOID                            *Mapping;
  EFI_STATUS                      Status;
  if (PciHandle == NULL) {
    return EFI_UNSUPPORTED;
  }
  Status = EFI_SUCCESS;
  if (mIoMmu == NULL) {
    gBS->LocateProtocol (&gEdkiiIoMmuProtocolGuid, NULL, (VOID **)&mIoMmu);
  }
  if (mIoMmu != NULL) {
    Status = mIoMmu->Map (
                       mIoMmu,
                       EdkiiIoMmuOperationBusMasterCommonBuffer,
                       (VOID *)(UINTN)HostAddress,
                       &NumberOfBytes,
                       &DeviceAddress,
                       &Mapping
                       );
    if (EFI_ERROR(Status)) {
      DEBUG ((DEBUG_ERROR, "LegacyPci - IoMmuMap - %r\n", Status));
    } else {
      ASSERT (DeviceAddress == HostAddress);
      Status = mIoMmu->SetAttribute (
                         mIoMmu,
                         PciHandle,
                         Mapping,
                         EDKII_IOMMU_ACCESS_READ | EDKII_IOMMU_ACCESS_WRITE
                         );
      if (EFI_ERROR(Status)) {
        DEBUG ((DEBUG_ERROR, "LegacyPci - IoMmuSetAttribute - %r\n", Status));
      }
    }
  }
  return Status;
 }
 /**
  Load a legacy PC-AT OPROM on the PciHandle device. Return information
  about how many disks were added by the OPROM and the shadow address and
@ -2978,6 +3033,21 @@ LegacyBiosInstallPciRom (
      RuntimeImageLength = Pcir->MaxRuntimeImageLength * 512;
    }
  }
  //
  // Grant access for below 1M
  // BDA/EBDA/LowPMM and scratch memory for OPROM.
  //
  IoMmuGrantAccess (PciHandle, 0, SIZE_1MB);
  //
  // Grant access for HiPmm
  //
  IoMmuGrantAccess (
    PciHandle,
    Private->IntThunk->EfiToLegacy16InitTable.HiPmmMemory,
    Private->IntThunk->EfiToLegacy16InitTable.HiPmmMemorySizeInBytes
    );
  //
  // Shadow and initialize the OpROM.
  //
--- a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c
+++ b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c
@ -30,14 +30,14 @@ FillBuf (
  //
  // Left shift NumOfBits of bits in advance
  //
-  Sd->mBitBuf = (UINT32) (Sd->mBitBuf << NumOfBits);
+  Sd->mBitBuf = (UINT32) LShiftU64 (((UINT64)Sd->mBitBuf), NumOfBits);
  //
  // Copy data needed in bytes into mSbuBitBuf
  //
  while (NumOfBits > Sd->mBitCount) {
-
+    NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount);
-    Sd->mBitBuf |= (UINT32) (Sd->mSubBitBuf << (NumOfBits = (UINT16) (NumOfBits - Sd->mBitCount)));
+    Sd->mBitBuf |= (UINT32) LShiftU64 (((UINT64)Sd->mSubBitBuf), NumOfBits);
    if (Sd->mCompSize > 0) {
      //
@ -143,6 +143,7 @@ MakeTable (
  UINT16  Mask;
  UINT16  WordOfStart;
  UINT16  WordOfCount;
  UINT16  MaxTableLength;
  //
  // The maximum mapping table width supported by this internal
@ -155,6 +156,9 @@ MakeTable (
  }
  for (Index = 0; Index < NumOfChar; Index++) {
    if (BitLen[Index] > 16) {
      return (UINT16) BAD_TABLE;
    }
    Count[BitLen[Index]]++;
  }
@ -196,6 +200,7 @@ MakeTable (
  Avail = NumOfChar;
  Mask  = (UINT16) (1U << (15 - TableBits));
  MaxTableLength = (UINT16) (1U << TableBits);
  for (Char = 0; Char < NumOfChar; Char++) {
@ -209,6 +214,9 @@ MakeTable (
    if (Len <= TableBits) {
      for (Index = Start[Len]; Index < NextCode; Index++) {
        if (Index >= MaxTableLength) {
          return (UINT16) BAD_TABLE;
        }
        Table[Index] = Char;
      }
@ -615,13 +623,23 @@ Decode (
      //
      BytesRemain--;
      while ((INT16) (BytesRemain) >= 0) {
        Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];
        if (Sd->mOutBuf >= Sd->mOrigSize) {
          goto Done ;
        }
        if (DataIdx >= Sd->mOrigSize) {
          Sd->mBadTableFlag = (UINT16) BAD_TABLE;
          goto Done ;
        }
        Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++];
        BytesRemain--;
      }
      //
      // Once mOutBuf is fully filled, directly return
      //
      if (Sd->mOutBuf >= Sd->mOrigSize) {
        goto Done ;
      }
    }
  }
@ -688,7 +706,7 @@ UefiDecompressGetInfo (
  }
  CompressedSize   = ReadUnaligned32 ((UINT32 *)Source);
-  if (SourceSize < (CompressedSize + 8)) {
+  if (SourceSize < (CompressedSize + 8) || (CompressedSize + 8) < 8) {
    return RETURN_INVALID_PARAMETER;
  }
--- a/IntelFrameworkPkg/Library/FrameworkUefiLib/UefiLibPrint.c
+++ b/IntelFrameworkPkg/Library/FrameworkUefiLib/UefiLibPrint.c
@ -2,7 +2,7 @@
  Mde UEFI library API implementation.
  Print to StdErr or ConOut defined in EFI_SYSTEM_TABLE
-  Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
@ -474,7 +474,14 @@ InternalPrintGraphic (
  } else if (FeaturePcdGet (PcdUgaConsumeSupport)) {
    ASSERT (UgaDraw!= NULL);
-    Blt->Image.Bitmap = AllocateZeroPool (Blt->Width * Blt->Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL));
+    //
    // Ensure Width * Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) doesn't overflow.
    //
    if (Blt->Width > DivU64x32 (MAX_UINTN, Blt->Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL))) {
      goto Error;
    }
    Blt->Image.Bitmap = AllocateZeroPool ((UINT32) Blt->Width * Blt->Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL));
    ASSERT (Blt->Image.Bitmap != NULL);
    //
--- a/IntelFsp2Pkg/FspSecCore/Ia32/FspApiEntryM.nasm
+++ b/IntelFsp2Pkg/FspSecCore/Ia32/FspApiEntryM.nasm
@ -194,6 +194,17 @@ ASM_PFX(AsmGetPeiCoreOffset):
   mov   eax, dword [ASM_PFX(FspPeiCoreEntryOff)]
   ret
 ;----------------------------------------------------------------------------
 ; TempRamInit API
 ;
 ; Empty function for WHOLEARCHIVE build option
 ;
 ;----------------------------------------------------------------------------
 global ASM_PFX(TempRamInitApi)
 ASM_PFX(TempRamInitApi):
  jmp $
  ret
 ;----------------------------------------------------------------------------
 ; Module Entrypoint API
 ;----------------------------------------------------------------------------
--- a/IntelFsp2Pkg/FspSecCore/Ia32/FspApiEntryS.nasm
+++ b/IntelFsp2Pkg/FspSecCore/Ia32/FspApiEntryS.nasm
@ -53,6 +53,17 @@ ASM_PFX(FspApiCommonContinue):
  jmp    $
  ret
 ;----------------------------------------------------------------------------
 ; TempRamInit API
 ;
 ; Empty function for WHOLEARCHIVE build option
 ;
 ;----------------------------------------------------------------------------
 global ASM_PFX(TempRamInitApi)
 ASM_PFX(TempRamInitApi):
  jmp $
  ret
 ;----------------------------------------------------------------------------
 ; Module Entrypoint API
 ;----------------------------------------------------------------------------
--- a/IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/X64/Thunk64To32.nasm
+++ b/IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/X64/Thunk64To32.nasm
@ -1,5 +1,5 @@
 ;
-; Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 ; This program and the accompanying materials
 ; are licensed and made available under the terms and conditions of the BSD License
 ; which accompanies this distribution.  The full text of the license may be found at
@ -81,7 +81,7 @@ ASM_PFX(AsmExecute32BitCode):
    ;
    mov     rax, dword 0x10              ; load long mode selector
    shl     rax, 32
-    mov     r9,  ReloadCS          ;Assume the ReloadCS is under 4G
+    lea     r9,  [ReloadCS]          ;Assume the ReloadCS is under 4G
    or      rax, r9
    push    rax
    ;
@ -95,7 +95,7 @@ ASM_PFX(AsmExecute32BitCode):
    ; save the 32-bit function entry and the return address into stack which will be
    ; retrieve in compatibility mode.
    ;
-    mov     rax, ReturnBack   ;Assume the ReloadCS is under 4G
+    lea     rax, [ReturnBack]   ;Assume the ReloadCS is under 4G
    shl     rax, 32
    or      rax, rcx
    push    rax
@ -110,7 +110,7 @@ ASM_PFX(AsmExecute32BitCode):
    ;
    mov     rcx, dword 0x8               ; load compatible mode selector
    shl     rcx, 32
-    mov     rdx, Compatible ; assume address < 4G
+    lea     rdx, [Compatible] ; assume address < 4G
    or      rcx, rdx
    push    rcx
    retf
@ -208,7 +208,7 @@ ReloadCS:
    ;
    pop     r9                 ; get  CS
    shl     r9,  32            ; rcx[32..47] <- Cs
-    mov     rcx, .0
+    lea     rcx, [.0]
    or      rcx, r9
    push    rcx
    retf
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/BmDma.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/BmDma.c
@ -0,0 +1,544 @@
 /** @file
  BmDma related function
  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
  http://opensource.org/licenses/bsd-license.php
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "DmaProtection.h"
 // TBD: May make it a policy
 #define DMA_MEMORY_TOP          MAX_UINTN
 //#define DMA_MEMORY_TOP          0x0000000001FFFFFFULL
 #define MAP_HANDLE_INFO_SIGNATURE  SIGNATURE_32 ('H', 'M', 'A', 'P')
 typedef struct {
  UINT32                                    Signature;
  LIST_ENTRY                                Link;
  EFI_HANDLE                                DeviceHandle;
  UINT64                                    IoMmuAccess;
 } MAP_HANDLE_INFO;
 #define MAP_HANDLE_INFO_FROM_LINK(a) CR (a, MAP_HANDLE_INFO, Link, MAP_HANDLE_INFO_SIGNATURE)
 #define MAP_INFO_SIGNATURE  SIGNATURE_32 ('D', 'M', 'A', 'P')
 typedef struct {
  UINT32                                    Signature;
  LIST_ENTRY                                Link;
  EDKII_IOMMU_OPERATION                     Operation;
  UINTN                                     NumberOfBytes;
  UINTN                                     NumberOfPages;
  EFI_PHYSICAL_ADDRESS                      HostAddress;
  EFI_PHYSICAL_ADDRESS                      DeviceAddress;
  LIST_ENTRY                                HandleList;
 } MAP_INFO;
 #define MAP_INFO_FROM_LINK(a) CR (a, MAP_INFO, Link, MAP_INFO_SIGNATURE)
 LIST_ENTRY                        gMaps = INITIALIZE_LIST_HEAD_VARIABLE(gMaps);
 /**
  This function fills DeviceHandle/IoMmuAccess to the MAP_HANDLE_INFO,
  based upon the DeviceAddress.
  @param[in]  DeviceHandle      The device who initiates the DMA access request.
  @param[in]  DeviceAddress     The base of device memory address to be used as the DMA memory.
  @param[in]  Length            The length of device memory address to be used as the DMA memory.
  @param[in]  IoMmuAccess       The IOMMU access.
 **/
 VOID
 SyncDeviceHandleToMapInfo (
  IN EFI_HANDLE            DeviceHandle,
  IN EFI_PHYSICAL_ADDRESS  DeviceAddress,
  IN UINT64                Length,
  IN UINT64                IoMmuAccess
  )
 {
  MAP_INFO                 *MapInfo;
  MAP_HANDLE_INFO          *MapHandleInfo;
  LIST_ENTRY               *Link;
  EFI_TPL                  OriginalTpl;
  //
  // Find MapInfo according to DeviceAddress
  //
  OriginalTpl = gBS->RaiseTPL (VTD_TPL_LEVEL);
  MapInfo = NULL;
  for (Link = GetFirstNode (&gMaps)
       ; !IsNull (&gMaps, Link)
       ; Link = GetNextNode (&gMaps, Link)
       ) {
    MapInfo = MAP_INFO_FROM_LINK (Link);
    if (MapInfo->DeviceAddress == DeviceAddress) {
      break;
    }
  }
  if ((MapInfo == NULL) || (MapInfo->DeviceAddress != DeviceAddress)) {
    DEBUG ((DEBUG_ERROR, "SyncDeviceHandleToMapInfo: DeviceAddress(0x%lx) - not found\n", DeviceAddress));
    gBS->RestoreTPL (OriginalTpl);
    return ;
  }
  //
  // Find MapHandleInfo according to DeviceHandle
  //
  MapHandleInfo = NULL;
  for (Link = GetFirstNode (&MapInfo->HandleList)
       ; !IsNull (&MapInfo->HandleList, Link)
       ; Link = GetNextNode (&MapInfo->HandleList, Link)
       ) {
    MapHandleInfo = MAP_HANDLE_INFO_FROM_LINK (Link);
    if (MapHandleInfo->DeviceHandle == DeviceHandle) {
      break;
    }
  }
  if ((MapHandleInfo != NULL) && (MapHandleInfo->DeviceHandle == DeviceHandle)) {
    MapHandleInfo->IoMmuAccess       = IoMmuAccess;
    gBS->RestoreTPL (OriginalTpl);
    return ;
  }
  //
  // No DeviceHandle
  // Initialize and insert the MAP_HANDLE_INFO structure
  //
  MapHandleInfo = AllocatePool (sizeof (MAP_HANDLE_INFO));
  if (MapHandleInfo == NULL) {
    DEBUG ((DEBUG_ERROR, "SyncDeviceHandleToMapInfo: %r\n", EFI_OUT_OF_RESOURCES));
    gBS->RestoreTPL (OriginalTpl);
    return ;
  }
  MapHandleInfo->Signature         = MAP_HANDLE_INFO_SIGNATURE;
  MapHandleInfo->DeviceHandle      = DeviceHandle;
  MapHandleInfo->IoMmuAccess       = IoMmuAccess;
  InsertTailList (&MapInfo->HandleList, &MapHandleInfo->Link);
  gBS->RestoreTPL (OriginalTpl);
  return ;
 }
 /**
  Provides the controller-specific addresses required to access system memory from a
  DMA bus master.
  @param  This                  The protocol instance pointer.
  @param  Operation             Indicates if the bus master is going to read or write to system memory.
  @param  HostAddress           The system memory address to map to the PCI controller.
  @param  NumberOfBytes         On input the number of bytes to map. On output the number of bytes
                                that were mapped.
  @param  DeviceAddress         The resulting map address for the bus master PCI controller to use to
                                access the hosts HostAddress.
  @param  Mapping               A resulting value to pass to Unmap().
  @retval EFI_SUCCESS           The range was mapped for the returned NumberOfBytes.
  @retval EFI_UNSUPPORTED       The HostAddress cannot be mapped as a common buffer.
  @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
  @retval EFI_OUT_OF_RESOURCES  The request could not be completed due to a lack of resources.
  @retval EFI_DEVICE_ERROR      The system hardware could not map the requested address.
 **/
 EFI_STATUS
 EFIAPI
 IoMmuMap (
  IN     EDKII_IOMMU_PROTOCOL                       *This,
  IN     EDKII_IOMMU_OPERATION                      Operation,
  IN     VOID                                       *HostAddress,
  IN OUT UINTN                                      *NumberOfBytes,
  OUT    EFI_PHYSICAL_ADDRESS                       *DeviceAddress,
  OUT    VOID                                       **Mapping
  )
 {
  EFI_STATUS                                        Status;
  EFI_PHYSICAL_ADDRESS                              PhysicalAddress;
  MAP_INFO                                          *MapInfo;
  EFI_PHYSICAL_ADDRESS                              DmaMemoryTop;
  BOOLEAN                                           NeedRemap;
  EFI_TPL                                           OriginalTpl;
  if (NumberOfBytes == NULL || DeviceAddress == NULL ||
      Mapping == NULL) {
    DEBUG ((DEBUG_ERROR, "IoMmuMap: %r\n", EFI_INVALID_PARAMETER));
    return EFI_INVALID_PARAMETER;
  }
  DEBUG ((DEBUG_VERBOSE, "IoMmuMap: ==> 0x%08x - 0x%08x (%x)\n", HostAddress, *NumberOfBytes, Operation));
  //
  // Make sure that Operation is valid
  //
  if ((UINT32) Operation >= EdkiiIoMmuOperationMaximum) {
    DEBUG ((DEBUG_ERROR, "IoMmuMap: %r\n", EFI_INVALID_PARAMETER));
    return EFI_INVALID_PARAMETER;
  }
  NeedRemap = FALSE;
  PhysicalAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress;
  DmaMemoryTop = DMA_MEMORY_TOP;
  //
  // Alignment check
  //
  if ((*NumberOfBytes != ALIGN_VALUE(*NumberOfBytes, SIZE_4KB)) ||
      (PhysicalAddress != ALIGN_VALUE(PhysicalAddress, SIZE_4KB))) {
    if ((Operation == EdkiiIoMmuOperationBusMasterCommonBuffer) ||
        (Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64)) {
      //
      // The input buffer might be a subset from IoMmuAllocateBuffer.
      // Skip the check.
      //
    } else {
      NeedRemap = TRUE;
    }
  }
  if ((PhysicalAddress + *NumberOfBytes) >= DMA_MEMORY_TOP) {
    NeedRemap = TRUE;
  }
  if (((Operation != EdkiiIoMmuOperationBusMasterRead64 &&
        Operation != EdkiiIoMmuOperationBusMasterWrite64 &&
        Operation != EdkiiIoMmuOperationBusMasterCommonBuffer64)) &&
      ((PhysicalAddress + *NumberOfBytes) > SIZE_4GB)) {
    //
    // If the root bridge or the device cannot handle performing DMA above
    // 4GB but any part of the DMA transfer being mapped is above 4GB, then
    // map the DMA transfer to a buffer below 4GB.
    //
    NeedRemap = TRUE;
    DmaMemoryTop = MIN (DmaMemoryTop, SIZE_4GB - 1);
  }
  if (Operation == EdkiiIoMmuOperationBusMasterCommonBuffer ||
      Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64) {
    if (NeedRemap) {
      //
      // Common Buffer operations can not be remapped.  If the common buffer
      // is above 4GB, then it is not possible to generate a mapping, so return
      // an error.
      //
      DEBUG ((DEBUG_ERROR, "IoMmuMap: %r\n", EFI_UNSUPPORTED));
      return EFI_UNSUPPORTED;
    }
  }
  //
  // Allocate a MAP_INFO structure to remember the mapping when Unmap() is
  // called later.
  //
  MapInfo = AllocatePool (sizeof (MAP_INFO));
  if (MapInfo == NULL) {
    *NumberOfBytes = 0;
    DEBUG ((DEBUG_ERROR, "IoMmuMap: %r\n", EFI_OUT_OF_RESOURCES));
    return EFI_OUT_OF_RESOURCES;
  }
  //
  // Initialize the MAP_INFO structure
  //
  MapInfo->Signature         = MAP_INFO_SIGNATURE;
  MapInfo->Operation         = Operation;
  MapInfo->NumberOfBytes     = *NumberOfBytes;
  MapInfo->NumberOfPages     = EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes);
  MapInfo->HostAddress       = PhysicalAddress;
  MapInfo->DeviceAddress     = DmaMemoryTop;
  InitializeListHead(&MapInfo->HandleList);
  //
  // Allocate a buffer below 4GB to map the transfer to.
  //
  if (NeedRemap) {
    Status = gBS->AllocatePages (
                    AllocateMaxAddress,
                    EfiBootServicesData,
                    MapInfo->NumberOfPages,
                    &MapInfo->DeviceAddress
                    );
    if (EFI_ERROR (Status)) {
      FreePool (MapInfo);
      *NumberOfBytes = 0;
      DEBUG ((DEBUG_ERROR, "IoMmuMap: %r\n", Status));
      return Status;
    }
    //
    // If this is a read operation from the Bus Master's point of view,
    // then copy the contents of the real buffer into the mapped buffer
    // so the Bus Master can read the contents of the real buffer.
    //
    if (Operation == EdkiiIoMmuOperationBusMasterRead ||
        Operation == EdkiiIoMmuOperationBusMasterRead64) {
      CopyMem (
        (VOID *) (UINTN) MapInfo->DeviceAddress,
        (VOID *) (UINTN) MapInfo->HostAddress,
        MapInfo->NumberOfBytes
        );
    }
  } else {
    MapInfo->DeviceAddress = MapInfo->HostAddress;
  }
  OriginalTpl = gBS->RaiseTPL (VTD_TPL_LEVEL);
  InsertTailList (&gMaps, &MapInfo->Link);
  gBS->RestoreTPL (OriginalTpl);
  //
  // The DeviceAddress is the address of the maped buffer below 4GB
  //
  *DeviceAddress = MapInfo->DeviceAddress;
  //
  // Return a pointer to the MAP_INFO structure in Mapping
  //
  *Mapping       = MapInfo;
  DEBUG ((DEBUG_VERBOSE, "IoMmuMap: 0x%08x - 0x%08x <==\n", *DeviceAddress, *Mapping));
  return EFI_SUCCESS;
 }
 /**
  Completes the Map() operation and releases any corresponding resources.
  @param  This                  The protocol instance pointer.
  @param  Mapping               The mapping value returned from Map().
  @retval EFI_SUCCESS           The range was unmapped.
  @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by Map().
  @retval EFI_DEVICE_ERROR      The data was not committed to the target system memory.
 **/
 EFI_STATUS
 EFIAPI
 IoMmuUnmap (
  IN  EDKII_IOMMU_PROTOCOL                     *This,
  IN  VOID                                     *Mapping
  )
 {
  MAP_INFO                 *MapInfo;
  MAP_HANDLE_INFO          *MapHandleInfo;
  LIST_ENTRY               *Link;
  EFI_TPL                  OriginalTpl;
  DEBUG ((DEBUG_VERBOSE, "IoMmuUnmap: 0x%08x\n", Mapping));
  if (Mapping == NULL) {
    DEBUG ((DEBUG_ERROR, "IoMmuUnmap: %r\n", EFI_INVALID_PARAMETER));
    return EFI_INVALID_PARAMETER;
  }
  OriginalTpl = gBS->RaiseTPL (VTD_TPL_LEVEL);
  MapInfo = NULL;
  for (Link = GetFirstNode (&gMaps)
       ; !IsNull (&gMaps, Link)
       ; Link = GetNextNode (&gMaps, Link)
       ) {
    MapInfo = MAP_INFO_FROM_LINK (Link);
    if (MapInfo == Mapping) {
      break;
    }
  }
  //
  // Mapping is not a valid value returned by Map()
  //
  if (MapInfo != Mapping) {
    gBS->RestoreTPL (OriginalTpl);
    DEBUG ((DEBUG_ERROR, "IoMmuUnmap: %r\n", EFI_INVALID_PARAMETER));
    return EFI_INVALID_PARAMETER;
  }
  RemoveEntryList (&MapInfo->Link);
  gBS->RestoreTPL (OriginalTpl);
  //
  // remove all nodes in MapInfo->HandleList
  //
  while (!IsListEmpty (&MapInfo->HandleList)) {
    MapHandleInfo = MAP_HANDLE_INFO_FROM_LINK (MapInfo->HandleList.ForwardLink);
    RemoveEntryList (&MapHandleInfo->Link);
    FreePool (MapHandleInfo);
  }
  if (MapInfo->DeviceAddress != MapInfo->HostAddress) {
    //
    // If this is a write operation from the Bus Master's point of view,
    // then copy the contents of the mapped buffer into the real buffer
    // so the processor can read the contents of the real buffer.
    //
    if (MapInfo->Operation == EdkiiIoMmuOperationBusMasterWrite ||
        MapInfo->Operation == EdkiiIoMmuOperationBusMasterWrite64) {
      CopyMem (
        (VOID *) (UINTN) MapInfo->HostAddress,
        (VOID *) (UINTN) MapInfo->DeviceAddress,
        MapInfo->NumberOfBytes
        );
    }
    //
    // Free the mapped buffer and the MAP_INFO structure.
    //
    gBS->FreePages (MapInfo->DeviceAddress, MapInfo->NumberOfPages);
  }
  FreePool (Mapping);
  return EFI_SUCCESS;
 }
 /**
  Allocates pages that are suitable for an OperationBusMasterCommonBuffer or
  OperationBusMasterCommonBuffer64 mapping.
  @param  This                  The protocol instance pointer.
  @param  Type                  This parameter is not used and must be ignored.
  @param  MemoryType            The type of memory to allocate, EfiBootServicesData or
                                EfiRuntimeServicesData.
  @param  Pages                 The number of pages to allocate.
  @param  HostAddress           A pointer to store the base system memory address of the
                                allocated range.
  @param  Attributes            The requested bit mask of attributes for the allocated range.
  @retval EFI_SUCCESS           The requested memory pages were allocated.
  @retval EFI_UNSUPPORTED       Attributes is unsupported. The only legal attribute bits are
                                MEMORY_WRITE_COMBINE, MEMORY_CACHED and DUAL_ADDRESS_CYCLE.
  @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
  @retval EFI_OUT_OF_RESOURCES  The memory pages could not be allocated.
 **/
 EFI_STATUS
 EFIAPI
 IoMmuAllocateBuffer (
  IN     EDKII_IOMMU_PROTOCOL                     *This,
  IN     EFI_ALLOCATE_TYPE                        Type,
  IN     EFI_MEMORY_TYPE                          MemoryType,
  IN     UINTN                                    Pages,
  IN OUT VOID                                     **HostAddress,
  IN     UINT64                                   Attributes
  )
 {
  EFI_STATUS                Status;
  EFI_PHYSICAL_ADDRESS      PhysicalAddress;
  DEBUG ((DEBUG_VERBOSE, "IoMmuAllocateBuffer: ==> 0x%08x\n", Pages));
  //
  // Validate Attributes
  //
  if ((Attributes & EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER) != 0) {
    DEBUG ((DEBUG_ERROR, "IoMmuAllocateBuffer: %r\n", EFI_UNSUPPORTED));
    return EFI_UNSUPPORTED;
  }
  //
  // Check for invalid inputs
  //
  if (HostAddress == NULL) {
    DEBUG ((DEBUG_ERROR, "IoMmuAllocateBuffer: %r\n", EFI_INVALID_PARAMETER));
    return EFI_INVALID_PARAMETER;
  }
  //
  // The only valid memory types are EfiBootServicesData and
  // EfiRuntimeServicesData
  //
  if (MemoryType != EfiBootServicesData &&
      MemoryType != EfiRuntimeServicesData) {
    DEBUG ((DEBUG_ERROR, "IoMmuAllocateBuffer: %r\n", EFI_INVALID_PARAMETER));
    return EFI_INVALID_PARAMETER;
  }
  PhysicalAddress = DMA_MEMORY_TOP;
  if ((Attributes & EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE) == 0) {
    //
    // Limit allocations to memory below 4GB
    //
    PhysicalAddress = MIN (PhysicalAddress, SIZE_4GB - 1);
  }
  Status = gBS->AllocatePages (
                  AllocateMaxAddress,
                  MemoryType,
                  Pages,
                  &PhysicalAddress
                  );
  if (!EFI_ERROR (Status)) {
    *HostAddress = (VOID *) (UINTN) PhysicalAddress;
  }
  DEBUG ((DEBUG_VERBOSE, "IoMmuAllocateBuffer: 0x%08x <==\n", *HostAddress));
  return Status;
 }
 /**
  Frees memory that was allocated with AllocateBuffer().
  @param  This                  The protocol instance pointer.
  @param  Pages                 The number of pages to free.
  @param  HostAddress           The base system memory address of the allocated range.
  @retval EFI_SUCCESS           The requested memory pages were freed.
  @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress and Pages
                                was not allocated with AllocateBuffer().
 **/
 EFI_STATUS
 EFIAPI
 IoMmuFreeBuffer (
  IN  EDKII_IOMMU_PROTOCOL                     *This,
  IN  UINTN                                    Pages,
  IN  VOID                                     *HostAddress
  )
 {
  DEBUG ((DEBUG_VERBOSE, "IoMmuFreeBuffer: 0x%\n", Pages));
  return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages);
 }
 /**
  Get device information from mapping.
  @param[in]  Mapping        The mapping.
  @param[out] DeviceAddress  The device address of the mapping.
  @param[out] NumberOfPages  The number of pages of the mapping.
  @retval EFI_SUCCESS            The device information is returned.
  @retval EFI_INVALID_PARAMETER  The mapping is invalid.
 **/
 EFI_STATUS
 GetDeviceInfoFromMapping (
  IN  VOID                                     *Mapping,
  OUT EFI_PHYSICAL_ADDRESS                     *DeviceAddress,
  OUT UINTN                                    *NumberOfPages
  )
 {
  MAP_INFO                 *MapInfo;
  LIST_ENTRY               *Link;
  if (Mapping == NULL) {
    return EFI_INVALID_PARAMETER;
  }
  MapInfo = NULL;
  for (Link = GetFirstNode (&gMaps)
       ; !IsNull (&gMaps, Link)
       ; Link = GetNextNode (&gMaps, Link)
       ) {
    MapInfo = MAP_INFO_FROM_LINK (Link);
    if (MapInfo == Mapping) {
      break;
    }
  }
  //
  // Mapping is not a valid value returned by Map()
  //
  if (MapInfo != Mapping) {
    return EFI_INVALID_PARAMETER;
  }
  *DeviceAddress = MapInfo->DeviceAddress;
  *NumberOfPages = MapInfo->NumberOfPages;
  return EFI_SUCCESS;
 }
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmaProtection.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmaProtection.c
@ -0,0 +1,672 @@
 /** @file
  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
  http://opensource.org/licenses/bsd-license.php.
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "DmaProtection.h"
 UINT64                                  mBelow4GMemoryLimit;
 UINT64                                  mAbove4GMemoryLimit;
 EDKII_PLATFORM_VTD_POLICY_PROTOCOL      *mPlatformVTdPolicy;
 VTD_ACCESS_REQUEST                      *mAccessRequest = NULL;
 UINTN                                   mAccessRequestCount = 0;
 UINTN                                   mAccessRequestMaxCount = 0;
 /**
  Append VTd Access Request to global.
  @param[in]  Segment           The Segment used to identify a VTd engine.
  @param[in]  SourceId          The SourceId used to identify a VTd engine and table entry.
  @param[in]  BaseAddress       The base of device memory address to be used as the DMA memory.
  @param[in]  Length            The length of device memory address to be used as the DMA memory.
  @param[in]  IoMmuAccess       The IOMMU access.
  @retval EFI_SUCCESS           The IoMmuAccess is set for the memory range specified by BaseAddress and Length.
  @retval EFI_INVALID_PARAMETER BaseAddress is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER Length is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER Length is 0.
  @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combination of access.
  @retval EFI_UNSUPPORTED       The bit mask of IoMmuAccess is not supported by the IOMMU.
  @retval EFI_UNSUPPORTED       The IOMMU does not support the memory range specified by BaseAddress and Length.
  @retval EFI_OUT_OF_RESOURCES  There are not enough resources available to modify the IOMMU access.
  @retval EFI_DEVICE_ERROR      The IOMMU device reported an error while attempting the operation.
 **/
 EFI_STATUS
 RequestAccessAttribute (
  IN UINT16                 Segment,
  IN VTD_SOURCE_ID          SourceId,
  IN UINT64                 BaseAddress,
  IN UINT64                 Length,
  IN UINT64                 IoMmuAccess
  )
 {
  VTD_ACCESS_REQUEST        *NewAccessRequest;
  UINTN                     Index;
  //
  // Optimization for memory.
  //
  // If the last record is to IoMmuAccess=0,
  // Check previous records and remove the matched entry.
  //
  if (IoMmuAccess == 0) {
    for (Index = 0; Index < mAccessRequestCount; Index++) {
      if ((mAccessRequest[Index].Segment == Segment) &&
          (mAccessRequest[Index].SourceId.Uint16 == SourceId.Uint16) &&
          (mAccessRequest[Index].BaseAddress == BaseAddress) &&
          (mAccessRequest[Index].Length == Length) &&
          (mAccessRequest[Index].IoMmuAccess != 0)) {
        //
        // Remove this record [Index].
        // No need to add the new record.
        //
        if (Index != mAccessRequestCount - 1) {
          CopyMem (
            &mAccessRequest[Index],
            &mAccessRequest[Index + 1],
            sizeof (VTD_ACCESS_REQUEST) * (mAccessRequestCount - 1 - Index)
            );
        }
        ZeroMem (&mAccessRequest[mAccessRequestCount - 1], sizeof(VTD_ACCESS_REQUEST));
        mAccessRequestCount--;
        return EFI_SUCCESS;
      }
    }
  }
  if (mAccessRequestCount >= mAccessRequestMaxCount) {
    NewAccessRequest = AllocateZeroPool (sizeof(*NewAccessRequest) * (mAccessRequestMaxCount + MAX_VTD_ACCESS_REQUEST));
    if (NewAccessRequest == NULL) {
      return EFI_OUT_OF_RESOURCES;
    }
    mAccessRequestMaxCount += MAX_VTD_ACCESS_REQUEST;
    if (mAccessRequest != NULL) {
      CopyMem (NewAccessRequest, mAccessRequest, sizeof(*NewAccessRequest) * mAccessRequestCount);
      FreePool (mAccessRequest);
    }
    mAccessRequest = NewAccessRequest;
  }
  ASSERT (mAccessRequestCount < mAccessRequestMaxCount);
  mAccessRequest[mAccessRequestCount].Segment = Segment;
  mAccessRequest[mAccessRequestCount].SourceId = SourceId;
  mAccessRequest[mAccessRequestCount].BaseAddress = BaseAddress;
  mAccessRequest[mAccessRequestCount].Length = Length;
  mAccessRequest[mAccessRequestCount].IoMmuAccess = IoMmuAccess;
  mAccessRequestCount++;
  return EFI_SUCCESS;
 }
 /**
  Process Access Requests from before DMAR table is installed.
 **/
 VOID
 ProcessRequestedAccessAttribute (
  VOID
  )
 {
  UINTN       Index;
  EFI_STATUS  Status;
  DEBUG ((DEBUG_INFO, "ProcessRequestedAccessAttribute ...\n"));
  for (Index = 0; Index < mAccessRequestCount; Index++) {
    DEBUG ((
      DEBUG_INFO,
      "PCI(S%x.B%x.D%x.F%x) ",
      mAccessRequest[Index].Segment,
      mAccessRequest[Index].SourceId.Bits.Bus,
      mAccessRequest[Index].SourceId.Bits.Device,
      mAccessRequest[Index].SourceId.Bits.Function
      ));
    DEBUG ((
      DEBUG_INFO,
      "(0x%lx~0x%lx) - %lx\n",
      mAccessRequest[Index].BaseAddress,
      mAccessRequest[Index].Length,
      mAccessRequest[Index].IoMmuAccess
      ));
    Status = SetAccessAttribute (
               mAccessRequest[Index].Segment,
               mAccessRequest[Index].SourceId,
               mAccessRequest[Index].BaseAddress,
               mAccessRequest[Index].Length,
               mAccessRequest[Index].IoMmuAccess
               );
    if (EFI_ERROR (Status)) {
      DEBUG ((DEBUG_ERROR, "SetAccessAttribute %r: ", Status));
    }
  }
  if (mAccessRequest != NULL) {
    FreePool (mAccessRequest);
  }
  mAccessRequest = NULL;
  mAccessRequestCount = 0;
  mAccessRequestMaxCount = 0;
  DEBUG ((DEBUG_INFO, "ProcessRequestedAccessAttribute Done\n"));
 }
 /**
  return the UEFI memory information.
  @param[out] Below4GMemoryLimit  The below 4GiB memory limit
  @param[out] Above4GMemoryLimit  The above 4GiB memory limit
 **/
 VOID
 ReturnUefiMemoryMap (
  OUT UINT64   *Below4GMemoryLimit,
  OUT UINT64   *Above4GMemoryLimit
  )
 {
  EFI_STATUS                  Status;
  EFI_MEMORY_DESCRIPTOR       *EfiMemoryMap;
  EFI_MEMORY_DESCRIPTOR       *EfiMemoryMapEnd;
  EFI_MEMORY_DESCRIPTOR       *EfiEntry;
  EFI_MEMORY_DESCRIPTOR       *NextEfiEntry;
  EFI_MEMORY_DESCRIPTOR       TempEfiEntry;
  UINTN                       EfiMemoryMapSize;
  UINTN                       EfiMapKey;
  UINTN                       EfiDescriptorSize;
  UINT32                      EfiDescriptorVersion;
  UINT64                      MemoryBlockLength;
  *Below4GMemoryLimit = 0;
  *Above4GMemoryLimit = 0;
  //
  // Get the EFI memory map.
  //
  EfiMemoryMapSize  = 0;
  EfiMemoryMap      = NULL;
  Status = gBS->GetMemoryMap (
                  &EfiMemoryMapSize,
                  EfiMemoryMap,
                  &EfiMapKey,
                  &EfiDescriptorSize,
                  &EfiDescriptorVersion
                  );
  ASSERT (Status == EFI_BUFFER_TOO_SMALL);
  do {
    //
    // Use size returned back plus 1 descriptor for the AllocatePool.
    // We don't just multiply by 2 since the "for" loop below terminates on
    // EfiMemoryMapEnd which is dependent upon EfiMemoryMapSize. Otherwize
    // we process bogus entries and create bogus E820 entries.
    //
    EfiMemoryMap = (EFI_MEMORY_DESCRIPTOR *) AllocatePool (EfiMemoryMapSize);
    ASSERT (EfiMemoryMap != NULL);
    Status = gBS->GetMemoryMap (
                    &EfiMemoryMapSize,
                    EfiMemoryMap,
                    &EfiMapKey,
                    &EfiDescriptorSize,
                    &EfiDescriptorVersion
                    );
    if (EFI_ERROR (Status)) {
      FreePool (EfiMemoryMap);
    }
  } while (Status == EFI_BUFFER_TOO_SMALL);
  ASSERT_EFI_ERROR (Status);
  //
  // Sort memory map from low to high
  //
  EfiEntry        = EfiMemoryMap;
  NextEfiEntry    = NEXT_MEMORY_DESCRIPTOR (EfiEntry, EfiDescriptorSize);
  EfiMemoryMapEnd = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) EfiMemoryMap + EfiMemoryMapSize);
  while (EfiEntry < EfiMemoryMapEnd) {
    while (NextEfiEntry < EfiMemoryMapEnd) {
      if (EfiEntry->PhysicalStart > NextEfiEntry->PhysicalStart) {
        CopyMem (&TempEfiEntry, EfiEntry, sizeof (EFI_MEMORY_DESCRIPTOR));
        CopyMem (EfiEntry, NextEfiEntry, sizeof (EFI_MEMORY_DESCRIPTOR));
        CopyMem (NextEfiEntry, &TempEfiEntry, sizeof (EFI_MEMORY_DESCRIPTOR));
      }
      NextEfiEntry = NEXT_MEMORY_DESCRIPTOR (NextEfiEntry, EfiDescriptorSize);
    }
    EfiEntry      = NEXT_MEMORY_DESCRIPTOR (EfiEntry, EfiDescriptorSize);
    NextEfiEntry  = NEXT_MEMORY_DESCRIPTOR (EfiEntry, EfiDescriptorSize);
  }
  //
  //
  //
  DEBUG ((DEBUG_INFO, "MemoryMap:\n"));
  EfiEntry        = EfiMemoryMap;
  EfiMemoryMapEnd = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) EfiMemoryMap + EfiMemoryMapSize);
  while (EfiEntry < EfiMemoryMapEnd) {
    MemoryBlockLength = (UINT64) (LShiftU64 (EfiEntry->NumberOfPages, 12));
    DEBUG ((DEBUG_INFO, "Entry(0x%02x) 0x%016lx - 0x%016lx\n", EfiEntry->Type, EfiEntry->PhysicalStart, EfiEntry->PhysicalStart + MemoryBlockLength));
    switch (EfiEntry->Type) {
    case EfiLoaderCode:
    case EfiLoaderData:
    case EfiBootServicesCode:
    case EfiBootServicesData:
    case EfiConventionalMemory:
    case EfiRuntimeServicesCode:
    case EfiRuntimeServicesData:
    case EfiACPIReclaimMemory:
    case EfiACPIMemoryNVS:
    case EfiReservedMemoryType:
      if ((EfiEntry->PhysicalStart + MemoryBlockLength) <= BASE_1MB) {
        //
        // Skip the memory block is under 1MB
        //
      } else if (EfiEntry->PhysicalStart >= BASE_4GB) {
        if (*Above4GMemoryLimit < EfiEntry->PhysicalStart + MemoryBlockLength) {
          *Above4GMemoryLimit = EfiEntry->PhysicalStart + MemoryBlockLength;
        }
      } else {
        if (*Below4GMemoryLimit < EfiEntry->PhysicalStart + MemoryBlockLength) {
          *Below4GMemoryLimit = EfiEntry->PhysicalStart + MemoryBlockLength;
        }
      }
      break;
    }
    EfiEntry = NEXT_MEMORY_DESCRIPTOR (EfiEntry, EfiDescriptorSize);
  }
  FreePool (EfiMemoryMap);
  DEBUG ((DEBUG_INFO, "Result:\n"));
  DEBUG ((DEBUG_INFO, "Below4GMemoryLimit:  0x%016lx\n", *Below4GMemoryLimit));
  DEBUG ((DEBUG_INFO, "Above4GMemoryLimit:  0x%016lx\n", *Above4GMemoryLimit));
  return ;
 }
 /**
  The scan bus callback function to always enable page attribute.
  @param[in]  Context               The context of the callback.
  @param[in]  Segment               The segment of the source.
  @param[in]  Bus                   The bus of the source.
  @param[in]  Device                The device of the source.
  @param[in]  Function              The function of the source.
  @retval EFI_SUCCESS           The VTd entry is updated to always enable all DMA access for the specific device.
 **/
 EFI_STATUS
 EFIAPI
 ScanBusCallbackAlwaysEnablePageAttribute (
  IN VOID           *Context,
  IN UINT16         Segment,
  IN UINT8          Bus,
  IN UINT8          Device,
  IN UINT8          Function
  )
 {
  VTD_SOURCE_ID           SourceId;
  EFI_STATUS              Status;
  SourceId.Bits.Bus = Bus;
  SourceId.Bits.Device = Device;
  SourceId.Bits.Function = Function;
  Status = AlwaysEnablePageAttribute (Segment, SourceId);
  return Status;
 }
 /**
  Always enable the VTd page attribute for the device in the DeviceScope.
  @param[in]  DeviceScope  the input device scope data structure
  @retval EFI_SUCCESS           The VTd entry is updated to always enable all DMA access for the specific device in the device scope.
 **/
 EFI_STATUS
 AlwaysEnablePageAttributeDeviceScope (
  IN  EDKII_PLATFORM_VTD_DEVICE_SCOPE   *DeviceScope
  )
 {
  UINT8                             Bus;
  UINT8                             Device;
  UINT8                             Function;
  VTD_SOURCE_ID                     SourceId;
  UINT8                             SecondaryBusNumber;
  EFI_STATUS                        Status;
  Status = GetPciBusDeviceFunction (DeviceScope->SegmentNumber, &DeviceScope->DeviceScope, &Bus, &Device, &Function);
  if (DeviceScope->DeviceScope.Type == EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_BRIDGE) {
    //
    // Need scan the bridge and add all devices.
    //
    SecondaryBusNumber = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(DeviceScope->SegmentNumber, Bus, Device, Function, PCI_BRIDGE_SECONDARY_BUS_REGISTER_OFFSET));
    Status = ScanPciBus (NULL, DeviceScope->SegmentNumber, SecondaryBusNumber, ScanBusCallbackAlwaysEnablePageAttribute);
    return Status;
  } else {
    SourceId.Bits.Bus      = Bus;
    SourceId.Bits.Device   = Device;
    SourceId.Bits.Function = Function;
    Status = AlwaysEnablePageAttribute (DeviceScope->SegmentNumber, SourceId);
    return Status;
  }
 }
 /**
  Always enable the VTd page attribute for the device matching DeviceId.
  @param[in]  PciDeviceId  the input PCI device ID
  @retval EFI_SUCCESS           The VTd entry is updated to always enable all DMA access for the specific device matching DeviceId.
 **/
 EFI_STATUS
 AlwaysEnablePageAttributePciDeviceId (
  IN  EDKII_PLATFORM_VTD_PCI_DEVICE_ID   *PciDeviceId
  )
 {
  UINTN            VtdIndex;
  UINTN            PciIndex;
  PCI_DEVICE_DATA  *PciDeviceData;
  EFI_STATUS       Status;
  for (VtdIndex = 0; VtdIndex < mVtdUnitNumber; VtdIndex++) {
    for (PciIndex = 0; PciIndex < mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceDataNumber; PciIndex++) {
      PciDeviceData = &mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceData[PciIndex];
      if (((PciDeviceId->VendorId == 0xFFFF) || (PciDeviceId->VendorId == PciDeviceData->PciDeviceId.VendorId)) &&
          ((PciDeviceId->DeviceId == 0xFFFF) || (PciDeviceId->DeviceId == PciDeviceData->PciDeviceId.DeviceId)) &&
          ((PciDeviceId->RevisionId == 0xFF) || (PciDeviceId->RevisionId == PciDeviceData->PciDeviceId.RevisionId)) &&
          ((PciDeviceId->SubsystemVendorId == 0xFFFF) || (PciDeviceId->SubsystemVendorId == PciDeviceData->PciDeviceId.SubsystemVendorId)) &&
          ((PciDeviceId->SubsystemDeviceId == 0xFFFF) || (PciDeviceId->SubsystemDeviceId == PciDeviceData->PciDeviceId.SubsystemDeviceId)) ) {
        Status = AlwaysEnablePageAttribute (mVtdUnitInformation[VtdIndex].Segment, PciDeviceData->PciSourceId);
        if (EFI_ERROR(Status)) {
          continue;
        }
      }
    }
  }
  return EFI_SUCCESS;
 }
 /**
  Always enable the VTd page attribute for the device.
  @param[in]  DeviceInfo  the exception device information
  @retval EFI_SUCCESS           The VTd entry is updated to always enable all DMA access for the specific device in the device info.
 **/
 EFI_STATUS
 AlwaysEnablePageAttributeExceptionDeviceInfo (
  IN  EDKII_PLATFORM_VTD_EXCEPTION_DEVICE_INFO   *DeviceInfo
  )
 {
  switch (DeviceInfo->Type) {
  case EDKII_PLATFORM_VTD_EXCEPTION_DEVICE_INFO_TYPE_DEVICE_SCOPE:
    return AlwaysEnablePageAttributeDeviceScope ((VOID *)(DeviceInfo + 1));
  case EDKII_PLATFORM_VTD_EXCEPTION_DEVICE_INFO_TYPE_PCI_DEVICE_ID:
    return AlwaysEnablePageAttributePciDeviceId ((VOID *)(DeviceInfo + 1));
  default:
    return EFI_UNSUPPORTED;
  }
 }
 /**
  Initialize platform VTd policy.
 **/
 VOID
 InitializePlatformVTdPolicy (
  VOID
  )
 {
  EFI_STATUS                               Status;
  UINTN                                    DeviceInfoCount;
  VOID                                     *DeviceInfo;
  EDKII_PLATFORM_VTD_EXCEPTION_DEVICE_INFO *ThisDeviceInfo;
  UINTN                                    Index;
  //
  // It is optional.
  //
  Status = gBS->LocateProtocol (
                  &gEdkiiPlatformVTdPolicyProtocolGuid,
                  NULL,
                  (VOID **)&mPlatformVTdPolicy
                  );
  if (!EFI_ERROR(Status)) {
    DEBUG ((DEBUG_INFO, "InitializePlatformVTdPolicy\n"));
    Status = mPlatformVTdPolicy->GetExceptionDeviceList (mPlatformVTdPolicy, &DeviceInfoCount, &DeviceInfo);
    if (!EFI_ERROR(Status)) {
      ThisDeviceInfo = DeviceInfo;
      for (Index = 0; Index < DeviceInfoCount; Index++) {
        if (ThisDeviceInfo->Type == EDKII_PLATFORM_VTD_EXCEPTION_DEVICE_INFO_TYPE_END) {
          break;
        }
        AlwaysEnablePageAttributeExceptionDeviceInfo (ThisDeviceInfo);
        ThisDeviceInfo = (VOID *)((UINTN)ThisDeviceInfo + ThisDeviceInfo->Length);
      }
      FreePool (DeviceInfo);
    }
  }
 }
 /**
  Setup VTd engine.
 **/
 VOID
 SetupVtd (
  VOID
  )
 {
  EFI_STATUS      Status;
  VOID            *PciEnumerationComplete;
  UINTN           Index;
  UINT64          Below4GMemoryLimit;
  UINT64          Above4GMemoryLimit;
  //
  // PCI Enumeration must be done
  //
  Status = gBS->LocateProtocol (
                  &gEfiPciEnumerationCompleteProtocolGuid,
                  NULL,
                  &PciEnumerationComplete
                  );
  ASSERT_EFI_ERROR (Status);
  ReturnUefiMemoryMap (&Below4GMemoryLimit, &Above4GMemoryLimit);
  Below4GMemoryLimit = ALIGN_VALUE_UP(Below4GMemoryLimit, SIZE_256MB);
  DEBUG ((DEBUG_INFO, " Adjusted Below4GMemoryLimit: 0x%016lx\n", Below4GMemoryLimit));
  mBelow4GMemoryLimit = Below4GMemoryLimit;
  mAbove4GMemoryLimit = Above4GMemoryLimit;
  //
  // 1. setup
  //
  DEBUG ((DEBUG_INFO, "ParseDmarAcpiTable\n"));
  Status = ParseDmarAcpiTableDrhd ();
  if (EFI_ERROR (Status)) {
    return;
  }
  DEBUG ((DEBUG_INFO, "PrepareVtdConfig\n"));
  PrepareVtdConfig ();
  //
  // 2. initialization
  //
  DEBUG ((DEBUG_INFO, "SetupTranslationTable\n"));
  Status = SetupTranslationTable ();
  if (EFI_ERROR (Status)) {
    return;
  }
  InitializePlatformVTdPolicy ();
  ParseDmarAcpiTableRmrr ();
  ProcessRequestedAccessAttribute ();
  for (Index = 0; Index < mVtdUnitNumber; Index++) {
    DEBUG ((DEBUG_INFO,"VTD Unit %d (Segment: %04x)\n", Index, mVtdUnitInformation[Index].Segment));
    if (mVtdUnitInformation[Index].ExtRootEntryTable != NULL) {
      DumpDmarExtContextEntryTable (mVtdUnitInformation[Index].ExtRootEntryTable);
    }
    if (mVtdUnitInformation[Index].RootEntryTable != NULL) {
      DumpDmarContextEntryTable (mVtdUnitInformation[Index].RootEntryTable);
    }
  }
  //
  // 3. enable
  //
  DEBUG ((DEBUG_INFO, "EnableDmar\n"));
  Status = EnableDmar ();
  if (EFI_ERROR (Status)) {
    return;
  }
  DEBUG ((DEBUG_INFO, "DumpVtdRegs\n"));
  DumpVtdRegsAll ();
 }
 /**
  Notification function of ACPI Table change.
  This is a notification function registered on ACPI Table change event.
  @param  Event        Event whose notification function is being invoked.
  @param  Context      Pointer to the notification function's context.
 **/
 VOID
 EFIAPI
 AcpiNotificationFunc (
  IN EFI_EVENT        Event,
  IN VOID             *Context
  )
 {
  EFI_STATUS          Status;
  Status = GetDmarAcpiTable ();
  if (EFI_ERROR (Status)) {
    if (Status == EFI_ALREADY_STARTED) {
      gBS->CloseEvent (Event);
    }
    return;
  }
  SetupVtd ();
  gBS->CloseEvent (Event);
 }
 /**
  Exit boot service callback function.
  @param[in]  Event    The event handle.
  @param[in]  Context  The event content.
 **/
 VOID
 EFIAPI
 OnExitBootServices (
  IN EFI_EVENT                               Event,
  IN VOID                                    *Context
  )
 {
  DEBUG ((DEBUG_INFO, "Vtd OnExitBootServices\n"));
  DumpVtdRegsAll ();
  if ((PcdGet8(PcdVTdPolicyPropertyMask) & BIT1) == 0) {
    DisableDmar ();
    DumpVtdRegsAll ();
  }
 }
 /**
  Legacy boot callback function.
  @param[in]  Event    The event handle.
  @param[in]  Context  The event content.
 **/
 VOID
 EFIAPI
 OnLegacyBoot (
  EFI_EVENT                               Event,
  VOID                                    *Context
  )
 {
  DEBUG ((DEBUG_INFO, "Vtd OnLegacyBoot\n"));
  DumpVtdRegsAll ();
  DisableDmar ();
  DumpVtdRegsAll ();
 }
 /**
  Initialize DMA protection.
 **/
 VOID
 InitializeDmaProtection (
  VOID
  )
 {
  EFI_STATUS  Status;
  EFI_EVENT   ExitBootServicesEvent;
  EFI_EVENT   LegacyBootEvent;
  EFI_EVENT   EventAcpi10;
  EFI_EVENT   EventAcpi20;
  Status = gBS->CreateEventEx (
                  EVT_NOTIFY_SIGNAL,
                  VTD_TPL_LEVEL,
                  AcpiNotificationFunc,
                  NULL,
                  &gEfiAcpi10TableGuid,
                  &EventAcpi10
                  );
  ASSERT_EFI_ERROR (Status);
  Status = gBS->CreateEventEx (
                  EVT_NOTIFY_SIGNAL,
                  VTD_TPL_LEVEL,
                  AcpiNotificationFunc,
                  NULL,
                  &gEfiAcpi20TableGuid,
                  &EventAcpi20
                  );
  ASSERT_EFI_ERROR (Status);
  //
  // Signal the events initially for the case
  // that DMAR table has been installed.
  //
  gBS->SignalEvent (EventAcpi20);
  gBS->SignalEvent (EventAcpi10);
  Status = gBS->CreateEventEx (
                  EVT_NOTIFY_SIGNAL,
                  TPL_CALLBACK,
                  OnExitBootServices,
                  NULL,
                  &gEfiEventExitBootServicesGuid,
                  &ExitBootServicesEvent
                  );
  ASSERT_EFI_ERROR (Status);
  Status = EfiCreateEventLegacyBootEx (
             TPL_CALLBACK,
             OnLegacyBoot,
             NULL,
             &LegacyBootEvent
             );
  ASSERT_EFI_ERROR (Status);
  return ;
 }
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmaProtection.h
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmaProtection.h
@ -0,0 +1,607 @@
 /** @file
  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
  http://opensource.org/licenses/bsd-license.php.
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #ifndef _DMAR_PROTECTION_H_
 #define _DMAR_PROTECTION_H_
 #include <Uefi.h>
 #include <PiDxe.h>
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/IoLib.h>
 #include <Library/PciSegmentLib.h>
 #include <Library/DebugLib.h>
 #include <Library/UefiLib.h>
 #include <Library/CacheMaintenanceLib.h>
 #include <Library/PerformanceLib.h>
 #include <Library/PrintLib.h>
 #include <Guid/EventGroup.h>
 #include <Guid/Acpi.h>
 #include <Protocol/DxeSmmReadyToLock.h>
 #include <Protocol/PciRootBridgeIo.h>
 #include <Protocol/PciIo.h>
 #include <Protocol/PciEnumerationComplete.h>
 #include <Protocol/PlatformVtdPolicy.h>
 #include <Protocol/IoMmu.h>
 #include <IndustryStandard/Pci.h>
 #include <IndustryStandard/DmaRemappingReportingTable.h>
 #include <IndustryStandard/Vtd.h>
 #define VTD_64BITS_ADDRESS(Lo, Hi) (LShiftU64 (Lo, 12) | LShiftU64 (Hi, 32))
 #define ALIGN_VALUE_UP(Value, Alignment)  (((Value) + (Alignment) - 1) & (~((Alignment) - 1)))
 #define ALIGN_VALUE_LOW(Value, Alignment) ((Value) & (~((Alignment) - 1)))
 #define VTD_TPL_LEVEL TPL_NOTIFY
 //
 // This is the initial max PCI DATA number.
 // The number may be enlarged later.
 //
 #define MAX_VTD_PCI_DATA_NUMBER             0x100
 typedef struct {
  UINT8                            DeviceType;
  VTD_SOURCE_ID                    PciSourceId;
  EDKII_PLATFORM_VTD_PCI_DEVICE_ID PciDeviceId;
  // for statistic analysis
  UINTN                            AccessCount;
 } PCI_DEVICE_DATA;
 typedef struct {
  BOOLEAN                          IncludeAllFlag;
  UINTN                            PciDeviceDataNumber;
  UINTN                            PciDeviceDataMaxNumber;
  PCI_DEVICE_DATA                  *PciDeviceData;
 } PCI_DEVICE_INFORMATION;
 typedef struct {
  UINTN                            VtdUnitBaseAddress;
  UINT16                           Segment;
  VTD_CAP_REG                      CapReg;
  VTD_ECAP_REG                     ECapReg;
  VTD_ROOT_ENTRY                   *RootEntryTable;
  VTD_EXT_ROOT_ENTRY               *ExtRootEntryTable;
  VTD_SECOND_LEVEL_PAGING_ENTRY    *FixedSecondLevelPagingEntry;
  BOOLEAN                          HasDirtyContext;
  BOOLEAN                          HasDirtyPages;
  PCI_DEVICE_INFORMATION           PciDeviceInfo;
 } VTD_UNIT_INFORMATION;
 //
 // This is the initial max ACCESS request.
 // The number may be enlarged later.
 //
 #define MAX_VTD_ACCESS_REQUEST      0x100
 typedef struct {
  UINT16                Segment;
  VTD_SOURCE_ID         SourceId;
  UINT64                BaseAddress;
  UINT64                Length;
  UINT64                IoMmuAccess;
 } VTD_ACCESS_REQUEST;
 /**
  The scan bus callback function.
  It is called in PCI bus scan for each PCI device under the bus.
  @param[in]  Context               The context of the callback.
  @param[in]  Segment               The segment of the source.
  @param[in]  Bus                   The bus of the source.
  @param[in]  Device                The device of the source.
  @param[in]  Function              The function of the source.
  @retval EFI_SUCCESS           The specific PCI device is processed in the callback.
 **/
 typedef
 EFI_STATUS
 (EFIAPI *SCAN_BUS_FUNC_CALLBACK_FUNC) (
  IN VOID           *Context,
  IN UINT16         Segment,
  IN UINT8          Bus,
  IN UINT8          Device,
  IN UINT8          Function
  );
 extern EFI_ACPI_DMAR_HEADER  *mAcpiDmarTable;
 extern UINTN                            mVtdUnitNumber;
 extern VTD_UNIT_INFORMATION             *mVtdUnitInformation;
 extern UINT64                           mBelow4GMemoryLimit;
 extern UINT64                           mAbove4GMemoryLimit;
 extern EDKII_PLATFORM_VTD_POLICY_PROTOCOL   *mPlatformVTdPolicy;
 /**
  Prepare VTD configuration.
 **/
 VOID
 PrepareVtdConfig (
  VOID
  );
 /**
  Setup VTd translation table.
  @retval EFI_SUCCESS           Setup translation table successfully.
  @retval EFI_OUT_OF_RESOURCE   Setup translation table fail.
 **/
 EFI_STATUS
 SetupTranslationTable (
  VOID
  );
 /**
  Enable DMAR translation.
  @retval EFI_SUCCESS           DMAR translation is enabled.
  @retval EFI_DEVICE_ERROR      DMAR translation is not enabled.
 **/
 EFI_STATUS
 EnableDmar (
  VOID
  );
 /**
  Disable DMAR translation.
  @retval EFI_SUCCESS           DMAR translation is disabled.
  @retval EFI_DEVICE_ERROR      DMAR translation is not disabled.
 **/
 EFI_STATUS
 DisableDmar (
  VOID
  );
 /**
  Invalid VTd global IOTLB.
  @param[in]  VtdIndex              The index of VTd engine.
  @retval EFI_SUCCESS           VTd global IOTLB is invalidated.
  @retval EFI_DEVICE_ERROR      VTd global IOTLB is not invalidated.
 **/
 EFI_STATUS
 InvalidateVtdIOTLBGlobal (
  IN UINTN  VtdIndex
  );
 /**
  Dump VTd registers.
  @param[in]  VtdIndex              The index of VTd engine.
 **/
 VOID
 DumpVtdRegs (
  IN UINTN  VtdIndex
  );
 /**
  Dump VTd registers for all VTd engine.
 **/
 VOID
 DumpVtdRegsAll (
  VOID
  );
 /**
  Dump VTd capability registers.
  @param[in]  CapReg              The capability register.
 **/
 VOID
 DumpVtdCapRegs (
  IN VTD_CAP_REG *CapReg
  );
 /**
  Dump VTd extended capability registers.
  @param[in]  ECapReg              The extended capability register.
 **/
 VOID
 DumpVtdECapRegs (
  IN VTD_ECAP_REG *ECapReg
  );
 /**
  Register PCI device to VTd engine.
  @param[in]  VtdIndex              The index of VTd engine.
  @param[in]  Segment               The segment of the source.
  @param[in]  SourceId              The SourceId of the source.
  @param[in]  DeviceType            The DMAR device scope type.
  @param[in]  CheckExist            TRUE: ERROR will be returned if the PCI device is already registered.
                                    FALSE: SUCCESS will be returned if the PCI device is registered.
  @retval EFI_SUCCESS           The PCI device is registered.
  @retval EFI_OUT_OF_RESOURCES  No enough resource to register a new PCI device.
  @retval EFI_ALREADY_STARTED   The device is already registered.
 **/
 EFI_STATUS
 RegisterPciDevice (
  IN UINTN          VtdIndex,
  IN UINT16         Segment,
  IN VTD_SOURCE_ID  SourceId,
  IN UINT8          DeviceType,
  IN BOOLEAN        CheckExist
  );
 /**
  The scan bus callback function to always enable page attribute.
  @param[in]  Context               The context of the callback.
  @param[in]  Segment               The segment of the source.
  @param[in]  Bus                   The bus of the source.
  @param[in]  Device                The device of the source.
  @param[in]  Function              The function of the source.
  @retval EFI_SUCCESS           The VTd entry is updated to always enable all DMA access for the specific device.
 **/
 EFI_STATUS
 EFIAPI
 ScanBusCallbackRegisterPciDevice (
  IN VOID           *Context,
  IN UINT16         Segment,
  IN UINT8          Bus,
  IN UINT8          Device,
  IN UINT8          Function
  );
 /**
  Scan PCI bus and invoke callback function for each PCI devices under the bus.
  @param[in]  Context               The context of the callback function.
  @param[in]  Segment               The segment of the source.
  @param[in]  Bus                   The bus of the source.
  @param[in]  Callback              The callback function in PCI scan.
  @retval EFI_SUCCESS           The PCI devices under the bus are scaned.
 **/
 EFI_STATUS
 ScanPciBus (
  IN VOID                         *Context,
  IN UINT16                       Segment,
  IN UINT8                        Bus,
  IN SCAN_BUS_FUNC_CALLBACK_FUNC  Callback
  );
 /**
  Dump the PCI device information managed by this VTd engine.
  @param[in]  VtdIndex              The index of VTd engine.
 **/
 VOID
 DumpPciDeviceInfo (
  IN UINTN  VtdIndex
  );
 /**
  Find the VTd index by the Segment and SourceId.
  @param[in]  Segment               The segment of the source.
  @param[in]  SourceId              The SourceId of the source.
  @param[out] ExtContextEntry       The ExtContextEntry of the source.
  @param[out] ContextEntry          The ContextEntry of the source.
  @return The index of the VTd engine.
  @retval (UINTN)-1  The VTd engine is not found.
 **/
 UINTN
 FindVtdIndexByPciDevice (
  IN  UINT16                  Segment,
  IN  VTD_SOURCE_ID           SourceId,
  OUT VTD_EXT_CONTEXT_ENTRY   **ExtContextEntry,
  OUT VTD_CONTEXT_ENTRY       **ContextEntry
  );
 /**
  Get the DMAR ACPI table.
  @retval EFI_SUCCESS           The DMAR ACPI table is got.
  @retval EFI_ALREADY_STARTED   The DMAR ACPI table has been got previously.
  @retval EFI_NOT_FOUND         The DMAR ACPI table is not found.
 **/
 EFI_STATUS
 GetDmarAcpiTable (
  VOID
  );
 /**
  Parse DMAR DRHD table.
  @return EFI_SUCCESS  The DMAR DRHD table is parsed.
 **/
 EFI_STATUS
 ParseDmarAcpiTableDrhd (
  VOID
  );
 /**
  Parse DMAR RMRR table.
  @return EFI_SUCCESS  The DMAR RMRR table is parsed.
 **/
 EFI_STATUS
 ParseDmarAcpiTableRmrr (
  VOID
  );
 /**
  Dump DMAR context entry table.
  @param[in]  RootEntry DMAR root entry.
 **/
 VOID
 DumpDmarContextEntryTable (
  IN VTD_ROOT_ENTRY *RootEntry
  );
 /**
  Dump DMAR extended context entry table.
  @param[in]  ExtRootEntry DMAR extended root entry.
 **/
 VOID
 DumpDmarExtContextEntryTable (
  IN VTD_EXT_ROOT_ENTRY *ExtRootEntry
  );
 /**
  Dump DMAR second level paging entry.
  @param[in]  SecondLevelPagingEntry The second level paging entry.
 **/
 VOID
 DumpSecondLevelPagingEntry (
  IN VOID *SecondLevelPagingEntry
  );
 /**
  Set VTd attribute for a system memory.
  @param[in]  VtdIndex                The index used to identify a VTd engine.
  @param[in]  DomainIdentifier        The domain ID of the source.
  @param[in]  SecondLevelPagingEntry  The second level paging entry in VTd table for the device.
  @param[in]  BaseAddress             The base of device memory address to be used as the DMA memory.
  @param[in]  Length                  The length of device memory address to be used as the DMA memory.
  @param[in]  IoMmuAccess             The IOMMU access.
  @retval EFI_SUCCESS            The IoMmuAccess is set for the memory range specified by BaseAddress and Length.
  @retval EFI_INVALID_PARAMETER  BaseAddress is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER  Length is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER  Length is 0.
  @retval EFI_INVALID_PARAMETER  IoMmuAccess specified an illegal combination of access.
  @retval EFI_UNSUPPORTED        The bit mask of IoMmuAccess is not supported by the IOMMU.
  @retval EFI_UNSUPPORTED        The IOMMU does not support the memory range specified by BaseAddress and Length.
  @retval EFI_OUT_OF_RESOURCES   There are not enough resources available to modify the IOMMU access.
  @retval EFI_DEVICE_ERROR       The IOMMU device reported an error while attempting the operation.
 **/
 EFI_STATUS
 SetPageAttribute (
  IN UINTN                         VtdIndex,
  IN UINT16                        DomainIdentifier,
  IN VTD_SECOND_LEVEL_PAGING_ENTRY *SecondLevelPagingEntry,
  IN UINT64                        BaseAddress,
  IN UINT64                        Length,
  IN UINT64                        IoMmuAccess
  );
 /**
  Set VTd attribute for a system memory.
  @param[in]  Segment           The Segment used to identify a VTd engine.
  @param[in]  SourceId          The SourceId used to identify a VTd engine and table entry.
  @param[in]  BaseAddress       The base of device memory address to be used as the DMA memory.
  @param[in]  Length            The length of device memory address to be used as the DMA memory.
  @param[in]  IoMmuAccess       The IOMMU access.
  @retval EFI_SUCCESS            The IoMmuAccess is set for the memory range specified by BaseAddress and Length.
  @retval EFI_INVALID_PARAMETER  BaseAddress is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER  Length is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER  Length is 0.
  @retval EFI_INVALID_PARAMETER  IoMmuAccess specified an illegal combination of access.
  @retval EFI_UNSUPPORTED        The bit mask of IoMmuAccess is not supported by the IOMMU.
  @retval EFI_UNSUPPORTED        The IOMMU does not support the memory range specified by BaseAddress and Length.
  @retval EFI_OUT_OF_RESOURCES   There are not enough resources available to modify the IOMMU access.
  @retval EFI_DEVICE_ERROR       The IOMMU device reported an error while attempting the operation.
 **/
 EFI_STATUS
 SetAccessAttribute (
  IN UINT16                Segment,
  IN VTD_SOURCE_ID         SourceId,
  IN UINT64                BaseAddress,
  IN UINT64                Length,
  IN UINT64                IoMmuAccess
  );
 /**
  Return the index of PCI data.
  @param[in]  VtdIndex          The index used to identify a VTd engine.
  @param[in]  Segment           The Segment used to identify a VTd engine.
  @param[in]  SourceId          The SourceId used to identify a VTd engine and table entry.
  @return The index of the PCI data.
  @retval (UINTN)-1  The PCI data is not found.
 **/
 UINTN
 GetPciDataIndex (
  IN UINTN          VtdIndex,
  IN UINT16         Segment,
  IN VTD_SOURCE_ID  SourceId
  );
 /**
  Dump VTd registers if there is error.
 **/
 VOID
 DumpVtdIfError (
  VOID
  );
 /**
  Initialize platform VTd policy.
 **/
 VOID
 InitializePlatformVTdPolicy (
  VOID
  );
 /**
  Always enable the VTd page attribute for the device.
  @param[in]  Segment           The Segment used to identify a VTd engine.
  @param[in]  SourceId          The SourceId used to identify a VTd engine and table entry.
  @retval EFI_SUCCESS           The VTd entry is updated to always enable all DMA access for the specific device.
 **/
 EFI_STATUS
 AlwaysEnablePageAttribute (
  IN UINT16                  Segment,
  IN VTD_SOURCE_ID           SourceId
  );
 /**
  Convert the DeviceHandle to SourceId and Segment.
  @param[in]  DeviceHandle      The device who initiates the DMA access request.
  @param[out] Segment           The Segment used to identify a VTd engine.
  @param[out] SourceId          The SourceId used to identify a VTd engine and table entry.
  @retval EFI_SUCCESS            The Segment and SourceId are returned.
  @retval EFI_INVALID_PARAMETER  DeviceHandle is an invalid handle.
  @retval EFI_UNSUPPORTED        DeviceHandle is unknown by the IOMMU.
 **/
 EFI_STATUS
 DeviceHandleToSourceId (
  IN EFI_HANDLE            DeviceHandle,
  OUT UINT16               *Segment,
  OUT VTD_SOURCE_ID        *SourceId
  );
 /**
  Get device information from mapping.
  @param[in]  Mapping        The mapping.
  @param[out] DeviceAddress  The device address of the mapping.
  @param[out] NumberOfPages  The number of pages of the mapping.
  @retval EFI_SUCCESS            The device information is returned.
  @retval EFI_INVALID_PARAMETER  The mapping is invalid.
 **/
 EFI_STATUS
 GetDeviceInfoFromMapping (
  IN  VOID                                     *Mapping,
  OUT EFI_PHYSICAL_ADDRESS                     *DeviceAddress,
  OUT UINTN                                    *NumberOfPages
  );
 /**
  Initialize DMA protection.
 **/
 VOID
 InitializeDmaProtection (
  VOID
  );
 /**
  Allocate zero pages.
  @param[in]  Pages the number of pages.
  @return the page address.
  @retval NULL No resource to allocate pages.
 **/
 VOID *
 EFIAPI
 AllocateZeroPages (
  IN UINTN  Pages
  );
 /**
  Flush VTD page table and context table memory.
  This action is to make sure the IOMMU engine can get final data in memory.
  @param[in]  VtdIndex          The index used to identify a VTd engine.
  @param[in]  Base              The base address of memory to be flushed.
  @param[in]  Size              The size of memory in bytes to be flushed.
 **/
 VOID
 FlushPageTableMemory (
  IN UINTN  VtdIndex,
  IN UINTN  Base,
  IN UINTN  Size
  );
 /**
  Get PCI device information from DMAR DevScopeEntry.
  @param[in]  Segment               The segment number.
  @param[in]  DmarDevScopeEntry     DMAR DevScopeEntry
  @param[out] Bus                   The bus number.
  @param[out] Device                The device number.
  @param[out] Function              The function number.
  @retval EFI_SUCCESS  The PCI device information is returned.
 **/
 EFI_STATUS
 GetPciBusDeviceFunction (
  IN  UINT16                                      Segment,
  IN  EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER *DmarDevScopeEntry,
  OUT UINT8                                       *Bus,
  OUT UINT8                                       *Device,
  OUT UINT8                                       *Function
  );
 /**
  Append VTd Access Request to global.
  @param[in]  Segment           The Segment used to identify a VTd engine.
  @param[in]  SourceId          The SourceId used to identify a VTd engine and table entry.
  @param[in]  BaseAddress       The base of device memory address to be used as the DMA memory.
  @param[in]  Length            The length of device memory address to be used as the DMA memory.
  @param[in]  IoMmuAccess       The IOMMU access.
  @retval EFI_SUCCESS           The IoMmuAccess is set for the memory range specified by BaseAddress and Length.
  @retval EFI_INVALID_PARAMETER BaseAddress is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER Length is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER Length is 0.
  @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combination of access.
  @retval EFI_UNSUPPORTED       The bit mask of IoMmuAccess is not supported by the IOMMU.
  @retval EFI_UNSUPPORTED       The IOMMU does not support the memory range specified by BaseAddress and Length.
  @retval EFI_OUT_OF_RESOURCES  There are not enough resources available to modify the IOMMU access.
  @retval EFI_DEVICE_ERROR      The IOMMU device reported an error while attempting the operation.
 **/
 EFI_STATUS
 RequestAccessAttribute (
  IN UINT16                 Segment,
  IN VTD_SOURCE_ID          SourceId,
  IN UINT64                 BaseAddress,
  IN UINT64                 Length,
  IN UINT64                 IoMmuAccess
  );
 #endif
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.c
@ -0,0 +1,399 @@
 /** @file
  Intel VTd driver.
  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
  http://opensource.org/licenses/bsd-license.php
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "DmaProtection.h"
 /**
  Provides the controller-specific addresses required to access system memory from a
  DMA bus master.
  @param  This                  The protocol instance pointer.
  @param  Operation             Indicates if the bus master is going to read or write to system memory.
  @param  HostAddress           The system memory address to map to the PCI controller.
  @param  NumberOfBytes         On input the number of bytes to map. On output the number of bytes
                                that were mapped.
  @param  DeviceAddress         The resulting map address for the bus master PCI controller to use to
                                access the hosts HostAddress.
  @param  Mapping               A resulting value to pass to Unmap().
  @retval EFI_SUCCESS           The range was mapped for the returned NumberOfBytes.
  @retval EFI_UNSUPPORTED       The HostAddress cannot be mapped as a common buffer.
  @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
  @retval EFI_OUT_OF_RESOURCES  The request could not be completed due to a lack of resources.
  @retval EFI_DEVICE_ERROR      The system hardware could not map the requested address.
 **/
 EFI_STATUS
 EFIAPI
 IoMmuMap (
  IN     EDKII_IOMMU_PROTOCOL                       *This,
  IN     EDKII_IOMMU_OPERATION                      Operation,
  IN     VOID                                       *HostAddress,
  IN OUT UINTN                                      *NumberOfBytes,
  OUT    EFI_PHYSICAL_ADDRESS                       *DeviceAddress,
  OUT    VOID                                       **Mapping
  );
 /**
  Completes the Map() operation and releases any corresponding resources.
  @param  This                  The protocol instance pointer.
  @param  Mapping               The mapping value returned from Map().
  @retval EFI_SUCCESS           The range was unmapped.
  @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by Map().
  @retval EFI_DEVICE_ERROR      The data was not committed to the target system memory.
 **/
 EFI_STATUS
 EFIAPI
 IoMmuUnmap (
  IN  EDKII_IOMMU_PROTOCOL                     *This,
  IN  VOID                                     *Mapping
  );
 /**
  Allocates pages that are suitable for an OperationBusMasterCommonBuffer or
  OperationBusMasterCommonBuffer64 mapping.
  @param  This                  The protocol instance pointer.
  @param  Type                  This parameter is not used and must be ignored.
  @param  MemoryType            The type of memory to allocate, EfiBootServicesData or
                                EfiRuntimeServicesData.
  @param  Pages                 The number of pages to allocate.
  @param  HostAddress           A pointer to store the base system memory address of the
                                allocated range.
  @param  Attributes            The requested bit mask of attributes for the allocated range.
  @retval EFI_SUCCESS           The requested memory pages were allocated.
  @retval EFI_UNSUPPORTED       Attributes is unsupported. The only legal attribute bits are
                                MEMORY_WRITE_COMBINE, MEMORY_CACHED and DUAL_ADDRESS_CYCLE.
  @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
  @retval EFI_OUT_OF_RESOURCES  The memory pages could not be allocated.
 **/
 EFI_STATUS
 EFIAPI
 IoMmuAllocateBuffer (
  IN     EDKII_IOMMU_PROTOCOL                     *This,
  IN     EFI_ALLOCATE_TYPE                        Type,
  IN     EFI_MEMORY_TYPE                          MemoryType,
  IN     UINTN                                    Pages,
  IN OUT VOID                                     **HostAddress,
  IN     UINT64                                   Attributes
  );
 /**
  Frees memory that was allocated with AllocateBuffer().
  @param  This                  The protocol instance pointer.
  @param  Pages                 The number of pages to free.
  @param  HostAddress           The base system memory address of the allocated range.
  @retval EFI_SUCCESS           The requested memory pages were freed.
  @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress and Pages
                                was not allocated with AllocateBuffer().
 **/
 EFI_STATUS
 EFIAPI
 IoMmuFreeBuffer (
  IN  EDKII_IOMMU_PROTOCOL                     *This,
  IN  UINTN                                    Pages,
  IN  VOID                                     *HostAddress
  );
 /**
  This function fills DeviceHandle/IoMmuAccess to the MAP_HANDLE_INFO,
  based upon the DeviceAddress.
  @param[in]  DeviceHandle      The device who initiates the DMA access request.
  @param[in]  DeviceAddress     The base of device memory address to be used as the DMA memory.
  @param[in]  Length            The length of device memory address to be used as the DMA memory.
  @param[in]  IoMmuAccess       The IOMMU access.
 **/
 VOID
 SyncDeviceHandleToMapInfo (
  IN EFI_HANDLE            DeviceHandle,
  IN EFI_PHYSICAL_ADDRESS  DeviceAddress,
  IN UINT64                Length,
  IN UINT64                IoMmuAccess
  );
 /**
  Convert the DeviceHandle to SourceId and Segment.
  @param[in]  DeviceHandle      The device who initiates the DMA access request.
  @param[out] Segment           The Segment used to identify a VTd engine.
  @param[out] SourceId          The SourceId used to identify a VTd engine and table entry.
  @retval EFI_SUCCESS            The Segment and SourceId are returned.
  @retval EFI_INVALID_PARAMETER  DeviceHandle is an invalid handle.
  @retval EFI_UNSUPPORTED        DeviceHandle is unknown by the IOMMU.
 **/
 EFI_STATUS
 DeviceHandleToSourceId (
  IN EFI_HANDLE            DeviceHandle,
  OUT UINT16               *Segment,
  OUT VTD_SOURCE_ID        *SourceId
  )
 {
  EFI_PCI_IO_PROTOCOL                      *PciIo;
  UINTN                                    Seg;
  UINTN                                    Bus;
  UINTN                                    Dev;
  UINTN                                    Func;
  EFI_STATUS                               Status;
  EDKII_PLATFORM_VTD_DEVICE_INFO           DeviceInfo;
  Status = EFI_NOT_FOUND;
  if (mPlatformVTdPolicy != NULL) {
    Status = mPlatformVTdPolicy->GetDeviceId (mPlatformVTdPolicy, DeviceHandle, &DeviceInfo);
    if (!EFI_ERROR(Status)) {
      *Segment  = DeviceInfo.Segment;
      *SourceId = DeviceInfo.SourceId;
      return EFI_SUCCESS;
    }
  }
  Status = gBS->HandleProtocol (DeviceHandle, &gEfiPciIoProtocolGuid, (VOID **)&PciIo);
  if (EFI_ERROR(Status)) {
    return EFI_UNSUPPORTED;
  }
  Status = PciIo->GetLocation (PciIo, &Seg, &Bus, &Dev, &Func);
  if (EFI_ERROR(Status)) {
    return EFI_UNSUPPORTED;
  }
  *Segment = (UINT16)Seg;
  SourceId->Bits.Bus = (UINT8)Bus;
  SourceId->Bits.Device = (UINT8)Dev;
  SourceId->Bits.Function = (UINT8)Func;
  return EFI_SUCCESS;
 }
 /**
  Set IOMMU attribute for a system memory.
  If the IOMMU protocol exists, the system memory cannot be used
  for DMA by default.
  When a device requests a DMA access for a system memory,
  the device driver need use SetAttribute() to update the IOMMU
  attribute to request DMA access (read and/or write).
  The DeviceHandle is used to identify which device submits the request.
  The IOMMU implementation need translate the device path to an IOMMU device ID,
  and set IOMMU hardware register accordingly.
  1) DeviceHandle can be a standard PCI device.
     The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ.
     The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE.
     The memory for BusMasterCommonBuffer need set EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE.
     After the memory is used, the memory need set 0 to keep it being protected.
  2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc).
     The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or EDKII_IOMMU_ACCESS_WRITE.
  @param[in]  This              The protocol instance pointer.
  @param[in]  DeviceHandle      The device who initiates the DMA access request.
  @param[in]  DeviceAddress     The base of device memory address to be used as the DMA memory.
  @param[in]  Length            The length of device memory address to be used as the DMA memory.
  @param[in]  IoMmuAccess       The IOMMU access.
  @retval EFI_SUCCESS            The IoMmuAccess is set for the memory range specified by DeviceAddress and Length.
  @retval EFI_INVALID_PARAMETER  DeviceHandle is an invalid handle.
  @retval EFI_INVALID_PARAMETER  DeviceAddress is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER  Length is not IoMmu Page size aligned.
  @retval EFI_INVALID_PARAMETER  Length is 0.
  @retval EFI_INVALID_PARAMETER  IoMmuAccess specified an illegal combination of access.
  @retval EFI_UNSUPPORTED        DeviceHandle is unknown by the IOMMU.
  @retval EFI_UNSUPPORTED        The bit mask of IoMmuAccess is not supported by the IOMMU.
  @retval EFI_UNSUPPORTED        The IOMMU does not support the memory range specified by DeviceAddress and Length.
  @retval EFI_OUT_OF_RESOURCES   There are not enough resources available to modify the IOMMU access.
  @retval EFI_DEVICE_ERROR       The IOMMU device reported an error while attempting the operation.
 **/
 EFI_STATUS
 VTdSetAttribute (
  IN EDKII_IOMMU_PROTOCOL  *This,
  IN EFI_HANDLE            DeviceHandle,
  IN EFI_PHYSICAL_ADDRESS  DeviceAddress,
  IN UINT64                Length,
  IN UINT64                IoMmuAccess
  )
 {
  EFI_STATUS           Status;
  UINT16               Segment;
  VTD_SOURCE_ID        SourceId;
  CHAR8                PerfToken[sizeof("VTD(S0000.B00.D00.F00)")];
  UINT32               Identifier;
  DumpVtdIfError ();
  Status = DeviceHandleToSourceId (DeviceHandle, &Segment, &SourceId);
  if (EFI_ERROR(Status)) {
    return Status;
  }
  DEBUG ((DEBUG_VERBOSE, "IoMmuSetAttribute: "));
  DEBUG ((DEBUG_VERBOSE, "PCI(S%x.B%x.D%x.F%x) ", Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function));
  DEBUG ((DEBUG_VERBOSE, "(0x%lx~0x%lx) - %lx\n", DeviceAddress, Length, IoMmuAccess));
  if (mAcpiDmarTable == NULL) {
    //
    // Record the entry to driver global variable.
    // As such once VTd is activated, the setting can be adopted.
    //
    Status = RequestAccessAttribute (Segment, SourceId, DeviceAddress, Length, IoMmuAccess);
  } else {
    PERF_CODE (
      AsciiSPrint (PerfToken, sizeof(PerfToken), "S%04xB%02xD%02xF%01x", Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function);
      Identifier = (Segment << 16) | SourceId.Uint16;
      PERF_START_EX (gImageHandle, PerfToken, "IntelVTD", 0, Identifier);
    );
    Status = SetAccessAttribute (Segment, SourceId, DeviceAddress, Length, IoMmuAccess);
    PERF_CODE (
      Identifier = (Segment << 16) | SourceId.Uint16;
      PERF_END_EX (gImageHandle, PerfToken, "IntelVTD", 0, Identifier);
    );
  }
  if (!EFI_ERROR(Status)) {
    SyncDeviceHandleToMapInfo (
      DeviceHandle,
      DeviceAddress,
      Length,
      IoMmuAccess
      );
  }
  return Status;
 }
 /**
  Set IOMMU attribute for a system memory.
  If the IOMMU protocol exists, the system memory cannot be used
  for DMA by default.
  When a device requests a DMA access for a system memory,
  the device driver need use SetAttribute() to update the IOMMU
  attribute to request DMA access (read and/or write).
  The DeviceHandle is used to identify which device submits the request.
  The IOMMU implementation need translate the device path to an IOMMU device ID,
  and set IOMMU hardware register accordingly.
  1) DeviceHandle can be a standard PCI device.
     The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ.
     The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE.
     The memory for BusMasterCommonBuffer need set EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE.
     After the memory is used, the memory need set 0 to keep it being protected.
  2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc).
     The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or EDKII_IOMMU_ACCESS_WRITE.
  @param[in]  This              The protocol instance pointer.
  @param[in]  DeviceHandle      The device who initiates the DMA access request.
  @param[in]  Mapping           The mapping value returned from Map().
  @param[in]  IoMmuAccess       The IOMMU access.
  @retval EFI_SUCCESS            The IoMmuAccess is set for the memory range specified by DeviceAddress and Length.
  @retval EFI_INVALID_PARAMETER  DeviceHandle is an invalid handle.
  @retval EFI_INVALID_PARAMETER  Mapping is not a value that was returned by Map().
  @retval EFI_INVALID_PARAMETER  IoMmuAccess specified an illegal combination of access.
  @retval EFI_UNSUPPORTED        DeviceHandle is unknown by the IOMMU.
  @retval EFI_UNSUPPORTED        The bit mask of IoMmuAccess is not supported by the IOMMU.
  @retval EFI_UNSUPPORTED        The IOMMU does not support the memory range specified by Mapping.
  @retval EFI_OUT_OF_RESOURCES   There are not enough resources available to modify the IOMMU access.
  @retval EFI_DEVICE_ERROR       The IOMMU device reported an error while attempting the operation.
 **/
 EFI_STATUS
 EFIAPI
 IoMmuSetAttribute (
  IN EDKII_IOMMU_PROTOCOL  *This,
  IN EFI_HANDLE            DeviceHandle,
  IN VOID                  *Mapping,
  IN UINT64                IoMmuAccess
  )
 {
  EFI_STATUS            Status;
  EFI_PHYSICAL_ADDRESS  DeviceAddress;
  UINTN                 NumberOfPages;
  EFI_TPL               OriginalTpl;
  OriginalTpl = gBS->RaiseTPL (VTD_TPL_LEVEL);
  Status = GetDeviceInfoFromMapping (Mapping, &DeviceAddress, &NumberOfPages);
  if (!EFI_ERROR(Status)) {
    Status = VTdSetAttribute (
               This,
               DeviceHandle,
               DeviceAddress,
               EFI_PAGES_TO_SIZE(NumberOfPages),
               IoMmuAccess
               );
  }
  gBS->RestoreTPL (OriginalTpl);
  return Status;
 }
 EDKII_IOMMU_PROTOCOL  mIntelVTd = {
  EDKII_IOMMU_PROTOCOL_REVISION,
  IoMmuSetAttribute,
  IoMmuMap,
  IoMmuUnmap,
  IoMmuAllocateBuffer,
  IoMmuFreeBuffer,
 };
 /**
  Initialize the VTd driver.
  @param[in]  ImageHandle  ImageHandle of the loaded driver
  @param[in]  SystemTable  Pointer to the System Table
  @retval  EFI_SUCCESS           The Protocol is installed.
  @retval  EFI_OUT_OF_RESOURCES  Not enough resources available to initialize driver.
  @retval  EFI_DEVICE_ERROR      A device error occurred attempting to initialize the driver.
 **/
 EFI_STATUS
 EFIAPI
 IntelVTdInitialize (
  IN EFI_HANDLE        ImageHandle,
  IN EFI_SYSTEM_TABLE  *SystemTable
  )
 {
  EFI_STATUS  Status;
  EFI_HANDLE  Handle;
  if ((PcdGet8(PcdVTdPolicyPropertyMask) & BIT0) == 0) {
    return EFI_UNSUPPORTED;
  }
  InitializeDmaProtection ();
  Handle = NULL;
  Status = gBS->InstallMultipleProtocolInterfaces (
                  &Handle,
                  &gEdkiiIoMmuProtocolGuid, &mIntelVTd,
                  NULL
                  );
  ASSERT_EFI_ERROR (Status);
  return Status;
 }
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf
@ -0,0 +1,87 @@
 ## @file
 # Intel VTd DXE Driver.
 #
 # This driver initializes VTd engine based upon DMAR ACPI tables
 # and provide DMA protection to PCI or ACPI device.
 #
 # Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
 # http://opensource.org/licenses/bsd-license.php
 #
 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #
 ##
 [Defines]
  INF_VERSION                    = 0x00010005
  BASE_NAME                      = IntelVTdDxe
  MODULE_UNI_FILE                = IntelVTdDxe.uni
  FILE_GUID                      = 987555D6-595D-4CFA-B895-59B89368BD4D
  MODULE_TYPE                    = DXE_DRIVER
  VERSION_STRING                 = 1.0
  ENTRY_POINT                    = IntelVTdInitialize
 #
 # The following information is for reference only and not required by the build tools.
 #
 #  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
 #
 #
 [Sources]
  IntelVTdDxe.c
  BmDma.c
  DmaProtection.c
  DmaProtection.h
  DmarAcpiTable.c
  PciInfo.c
  TranslationTable.c
  TranslationTableEx.c
  VtdReg.c
 [Packages]
  MdePkg/MdePkg.dec
  MdeModulePkg/MdeModulePkg.dec
  IntelSiliconPkg/IntelSiliconPkg.dec
 [LibraryClasses]
  DebugLib
  UefiDriverEntryPoint
  UefiBootServicesTableLib
  BaseLib
  IoLib
  PciSegmentLib
  BaseMemoryLib
  MemoryAllocationLib
  UefiLib
  CacheMaintenanceLib
  PerformanceLib
  PrintLib
 [Guids]
  gEfiEventExitBootServicesGuid   ## CONSUMES ## Event
  ## CONSUMES ## SystemTable
  ## CONSUMES ## Event
  gEfiAcpi20TableGuid
  ## CONSUMES ## SystemTable
  ## CONSUMES ## Event
  gEfiAcpi10TableGuid
 [Protocols]
  gEdkiiIoMmuProtocolGuid                     ## PRODUCES
  gEfiPciIoProtocolGuid                       ## CONSUMES
  gEfiPciEnumerationCompleteProtocolGuid      ## CONSUMES
  gEdkiiPlatformVTdPolicyProtocolGuid         ## SOMETIMES_CONSUMES
 [Pcd]
  gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask   ## CONSUMES
 [Depex]
  gEfiPciRootBridgeIoProtocolGuid
 [UserExtensions.TianoCore."ExtraFiles"]
  IntelVTdDxeExtra.uni
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.uni
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxe.uni
@ -0,0 +1,20 @@
 // /** @file
 // IntelVTdDxe Module Localized Abstract and Description Content
 //
 // Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
 //
 // This program and the accompanying materials are
 // licensed and made available under the terms and conditions of the BSD License
 // which accompanies this distribution.  The full text of the license may be found at
 // http://opensource.org/licenses/bsd-license.php
 //
 // THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 //
 // **/
 #string STR_MODULE_ABSTRACT             #language en-US "Intel VTd DXE Driver."
 #string STR_MODULE_DESCRIPTION          #language en-US "This driver initializes VTd engine based upon DMAR ACPI tables and provide DMA protection to PCI or ACPI device."
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxeExtra.uni
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/IntelVTdDxeExtra.uni
@ -0,0 +1,20 @@
 // /** @file
 // IntelVTdDxe Localized Strings and Content
 //
 // Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
 //
 // This program and the accompanying materials are
 // licensed and made available under the terms and conditions of the BSD License
 // which accompanies this distribution.  The full text of the license may be found at
 // http://opensource.org/licenses/bsd-license.php
 //
 // THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 //
 // **/
 #string STR_PROPERTIES_MODULE_NAME
 #language en-US
 "Intel VTd DXE Driver"
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/PciInfo.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/PciInfo.c
@ -0,0 +1,379 @@
 /** @file
  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
  http://opensource.org/licenses/bsd-license.php.
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "DmaProtection.h"
 /**
  Return the index of PCI data.
  @param[in]  VtdIndex          The index used to identify a VTd engine.
  @param[in]  Segment           The Segment used to identify a VTd engine.
  @param[in]  SourceId          The SourceId used to identify a VTd engine and table entry.
  @return The index of the PCI data.
  @retval (UINTN)-1  The PCI data is not found.
 **/
 UINTN
 GetPciDataIndex (
  IN UINTN          VtdIndex,
  IN UINT16         Segment,
  IN VTD_SOURCE_ID  SourceId
  )
 {
  UINTN          Index;
  VTD_SOURCE_ID  *PciSourceId;
  if (Segment != mVtdUnitInformation[VtdIndex].Segment) {
    return (UINTN)-1;
  }
  for (Index = 0; Index < mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceDataNumber; Index++) {
    PciSourceId = &mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceData[Index].PciSourceId;
    if ((PciSourceId->Bits.Bus == SourceId.Bits.Bus) &&
        (PciSourceId->Bits.Device == SourceId.Bits.Device) &&
        (PciSourceId->Bits.Function == SourceId.Bits.Function) ) {
      return Index;
    }
  }
  return (UINTN)-1;
 }
 /**
  Register PCI device to VTd engine.
  @param[in]  VtdIndex              The index of VTd engine.
  @param[in]  Segment               The segment of the source.
  @param[in]  SourceId              The SourceId of the source.
  @param[in]  DeviceType            The DMAR device scope type.
  @param[in]  CheckExist            TRUE: ERROR will be returned if the PCI device is already registered.
                                    FALSE: SUCCESS will be returned if the PCI device is registered.
  @retval EFI_SUCCESS           The PCI device is registered.
  @retval EFI_OUT_OF_RESOURCES  No enough resource to register a new PCI device.
  @retval EFI_ALREADY_STARTED   The device is already registered.
 **/
 EFI_STATUS
 RegisterPciDevice (
  IN UINTN          VtdIndex,
  IN UINT16         Segment,
  IN VTD_SOURCE_ID  SourceId,
  IN UINT8          DeviceType,
  IN BOOLEAN        CheckExist
  )
 {
  PCI_DEVICE_INFORMATION           *PciDeviceInfo;
  VTD_SOURCE_ID                    *PciSourceId;
  UINTN                            PciDataIndex;
  UINTN                            Index;
  PCI_DEVICE_DATA                  *NewPciDeviceData;
  EDKII_PLATFORM_VTD_PCI_DEVICE_ID *PciDeviceId;
  PciDeviceInfo = &mVtdUnitInformation[VtdIndex].PciDeviceInfo;
  if (PciDeviceInfo->IncludeAllFlag) {
    //
    // Do not register device in other VTD Unit
    //
    for (Index = 0; Index < VtdIndex; Index++) {
      PciDataIndex = GetPciDataIndex (Index, Segment, SourceId);
      if (PciDataIndex != (UINTN)-1) {
        DEBUG ((DEBUG_INFO, "  RegisterPciDevice: PCI S%04x B%02x D%02x F%02x already registered by Other Vtd(%d)\n", Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function, Index));
        return EFI_SUCCESS;
      }
    }
  }
  PciDataIndex = GetPciDataIndex (VtdIndex, Segment, SourceId);
  if (PciDataIndex == (UINTN)-1) {
    //
    // Register new
    //
    if (PciDeviceInfo->PciDeviceDataNumber >= PciDeviceInfo->PciDeviceDataMaxNumber) {
      //
      // Reallocate
      //
      NewPciDeviceData = AllocateZeroPool (sizeof(*NewPciDeviceData) * (PciDeviceInfo->PciDeviceDataMaxNumber + MAX_VTD_PCI_DATA_NUMBER));
      if (NewPciDeviceData == NULL) {
        return EFI_OUT_OF_RESOURCES;
      }
      PciDeviceInfo->PciDeviceDataMaxNumber += MAX_VTD_PCI_DATA_NUMBER;
      if (PciDeviceInfo->PciDeviceData != NULL) {
        CopyMem (NewPciDeviceData, PciDeviceInfo->PciDeviceData, sizeof(*NewPciDeviceData) * PciDeviceInfo->PciDeviceDataNumber);
        FreePool (PciDeviceInfo->PciDeviceData);
      }
      PciDeviceInfo->PciDeviceData = NewPciDeviceData;
    }
    ASSERT (PciDeviceInfo->PciDeviceDataNumber < PciDeviceInfo->PciDeviceDataMaxNumber);
    PciSourceId = &PciDeviceInfo->PciDeviceData[PciDeviceInfo->PciDeviceDataNumber].PciSourceId;
    PciSourceId->Bits.Bus = SourceId.Bits.Bus;
    PciSourceId->Bits.Device = SourceId.Bits.Device;
    PciSourceId->Bits.Function = SourceId.Bits.Function;
    DEBUG ((DEBUG_INFO, "  RegisterPciDevice: PCI S%04x B%02x D%02x F%02x", Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function));
    PciDeviceId = &PciDeviceInfo->PciDeviceData[PciDeviceInfo->PciDeviceDataNumber].PciDeviceId;
    if ((DeviceType == EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_ENDPOINT) ||
        (DeviceType == EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_BRIDGE)) {
      PciDeviceId->VendorId   = PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function, PCI_VENDOR_ID_OFFSET));
      PciDeviceId->DeviceId   = PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function, PCI_DEVICE_ID_OFFSET));
      PciDeviceId->RevisionId = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function, PCI_REVISION_ID_OFFSET));
      DEBUG ((DEBUG_INFO, " (%04x:%04x:%02x", PciDeviceId->VendorId, PciDeviceId->DeviceId, PciDeviceId->RevisionId));
      if (DeviceType == EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_ENDPOINT) {
        PciDeviceId->SubsystemVendorId = PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function, PCI_SUBSYSTEM_VENDOR_ID_OFFSET));
        PciDeviceId->SubsystemDeviceId = PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function, PCI_SUBSYSTEM_ID_OFFSET));
        DEBUG ((DEBUG_INFO, ":%04x:%04x", PciDeviceId->SubsystemVendorId, PciDeviceId->SubsystemDeviceId));
      }
      DEBUG ((DEBUG_INFO, ")"));
    }
    PciDeviceInfo->PciDeviceData[PciDeviceInfo->PciDeviceDataNumber].DeviceType = DeviceType;
    if ((DeviceType != EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_ENDPOINT) &&
        (DeviceType != EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_BRIDGE)) {
      DEBUG ((DEBUG_INFO, " (*)"));
    }
    DEBUG ((DEBUG_INFO, "\n"));
    PciDeviceInfo->PciDeviceDataNumber++;
  } else {
    if (CheckExist) {
      DEBUG ((DEBUG_INFO, "  RegisterPciDevice: PCI S%04x B%02x D%02x F%02x already registered\n", Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function));
      return EFI_ALREADY_STARTED;
    }
  }
  return EFI_SUCCESS;
 }
 /**
  The scan bus callback function to register PCI device.
  @param[in]  Context               The context of the callback.
  @param[in]  Segment               The segment of the source.
  @param[in]  Bus                   The bus of the source.
  @param[in]  Device                The device of the source.
  @param[in]  Function              The function of the source.
  @retval EFI_SUCCESS           The PCI device is registered.
 **/
 EFI_STATUS
 EFIAPI
 ScanBusCallbackRegisterPciDevice (
  IN VOID           *Context,
  IN UINT16         Segment,
  IN UINT8          Bus,
  IN UINT8          Device,
  IN UINT8          Function
  )
 {
  VTD_SOURCE_ID           SourceId;
  UINTN                   VtdIndex;
  UINT8                   BaseClass;
  UINT8                   SubClass;
  UINT8                   DeviceType;
  EFI_STATUS              Status;
  VtdIndex = (UINTN)Context;
  SourceId.Bits.Bus = Bus;
  SourceId.Bits.Device = Device;
  SourceId.Bits.Function = Function;
  DeviceType = EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_ENDPOINT;
  BaseClass = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, Function, PCI_CLASSCODE_OFFSET + 2));
  if (BaseClass == PCI_CLASS_BRIDGE) {
    SubClass = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, Function, PCI_CLASSCODE_OFFSET + 1));
    if (SubClass == PCI_CLASS_BRIDGE_P2P) {
      DeviceType = EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_BRIDGE;
    }
  }
  Status = RegisterPciDevice (VtdIndex, Segment, SourceId, DeviceType, FALSE);
  return Status;
 }
 /**
  Scan PCI bus and invoke callback function for each PCI devices under the bus.
  @param[in]  Context               The context of the callback function.
  @param[in]  Segment               The segment of the source.
  @param[in]  Bus                   The bus of the source.
  @param[in]  Callback              The callback function in PCI scan.
  @retval EFI_SUCCESS           The PCI devices under the bus are scaned.
 **/
 EFI_STATUS
 ScanPciBus (
  IN VOID                         *Context,
  IN UINT16                       Segment,
  IN UINT8                        Bus,
  IN SCAN_BUS_FUNC_CALLBACK_FUNC  Callback
  )
 {
  UINT8                   Device;
  UINT8                   Function;
  UINT8                   SecondaryBusNumber;
  UINT8                   HeaderType;
  UINT8                   BaseClass;
  UINT8                   SubClass;
  UINT16                  VendorID;
  UINT16                  DeviceID;
  EFI_STATUS              Status;
  // Scan the PCI bus for devices
  for (Device = 0; Device <= PCI_MAX_DEVICE; Device++) {
    for (Function = 0; Function <= PCI_MAX_FUNC; Function++) {
      VendorID  = PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, Function, PCI_VENDOR_ID_OFFSET));
      DeviceID  = PciSegmentRead16 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, Function, PCI_DEVICE_ID_OFFSET));
      if (VendorID == 0xFFFF && DeviceID == 0xFFFF) {
        if (Function == 0) {
          //
          // If function 0 is not implemented, do not scan other functions.
          //
          break;
        }
        continue;
      }
      Status = Callback (Context, Segment, Bus, Device, Function);
      if (EFI_ERROR (Status)) {
        return Status;
      }
      BaseClass = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, Function, PCI_CLASSCODE_OFFSET + 2));
      if (BaseClass == PCI_CLASS_BRIDGE) {
        SubClass = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, Function, PCI_CLASSCODE_OFFSET + 1));
        if (SubClass == PCI_CLASS_BRIDGE_P2P) {
          SecondaryBusNumber = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, Function, PCI_BRIDGE_SECONDARY_BUS_REGISTER_OFFSET));
          DEBUG ((DEBUG_INFO,"  ScanPciBus: PCI bridge S%04x B%02x D%02x F%02x (SecondBus:%02x)\n", Segment, Bus, Device, Function, SecondaryBusNumber));
          if (SecondaryBusNumber != 0) {
            Status = ScanPciBus (Context, Segment, SecondaryBusNumber, Callback);
            if (EFI_ERROR (Status)) {
              return Status;
            }
          }
        }
      }
      if (Function == 0) {
        HeaderType = PciSegmentRead8 (PCI_SEGMENT_LIB_ADDRESS(Segment, Bus, Device, 0, PCI_HEADER_TYPE_OFFSET));
        if ((HeaderType & HEADER_TYPE_MULTI_FUNCTION) == 0x00) {
          //
          // It is not a multi-function device, do not scan other functions.
          //
          break;
        }
      }
    }
  }
  return EFI_SUCCESS;
 }
 /**
  Dump the PCI device information managed by this VTd engine.
  @param[in]  VtdIndex              The index of VTd engine.
 **/
 VOID
 DumpPciDeviceInfo (
  IN UINTN  VtdIndex
  )
 {
  UINTN  Index;
  DEBUG ((DEBUG_INFO,"PCI Device Information (Number 0x%x, IncludeAll - %d):\n",
    mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceDataNumber,
    mVtdUnitInformation[VtdIndex].PciDeviceInfo.IncludeAllFlag
    ));
  for (Index = 0; Index < mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceDataNumber; Index++) {
    DEBUG ((DEBUG_INFO,"  S%04x B%02x D%02x F%02x\n",
      mVtdUnitInformation[VtdIndex].Segment,
      mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceData[Index].PciSourceId.Bits.Bus,
      mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceData[Index].PciSourceId.Bits.Device,
      mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceData[Index].PciSourceId.Bits.Function
      ));
  }
 }
 /**
  Find the VTd index by the Segment and SourceId.
  @param[in]  Segment               The segment of the source.
  @param[in]  SourceId              The SourceId of the source.
  @param[out] ExtContextEntry       The ExtContextEntry of the source.
  @param[out] ContextEntry          The ContextEntry of the source.
  @return The index of the VTd engine.
  @retval (UINTN)-1  The VTd engine is not found.
 **/
 UINTN
 FindVtdIndexByPciDevice (
  IN  UINT16                  Segment,
  IN  VTD_SOURCE_ID           SourceId,
  OUT VTD_EXT_CONTEXT_ENTRY   **ExtContextEntry,
  OUT VTD_CONTEXT_ENTRY       **ContextEntry
  )
 {
  UINTN                   VtdIndex;
  VTD_ROOT_ENTRY          *RootEntry;
  VTD_CONTEXT_ENTRY       *ContextEntryTable;
  VTD_CONTEXT_ENTRY       *ThisContextEntry;
  VTD_EXT_ROOT_ENTRY      *ExtRootEntry;
  VTD_EXT_CONTEXT_ENTRY   *ExtContextEntryTable;
  VTD_EXT_CONTEXT_ENTRY   *ThisExtContextEntry;
  UINTN                   PciDataIndex;
  for (VtdIndex = 0; VtdIndex < mVtdUnitNumber; VtdIndex++) {
    if (Segment != mVtdUnitInformation[VtdIndex].Segment) {
      continue;
    }
    PciDataIndex = GetPciDataIndex (VtdIndex, Segment, SourceId);
    if (PciDataIndex == (UINTN)-1) {
      continue;
    }
 //    DEBUG ((DEBUG_INFO,"FindVtdIndex(0x%x) for S%04x B%02x D%02x F%02x\n", VtdIndex, Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function));
    if (mVtdUnitInformation[VtdIndex].ExtRootEntryTable != 0) {
      ExtRootEntry = &mVtdUnitInformation[VtdIndex].ExtRootEntryTable[SourceId.Index.RootIndex];
      ExtContextEntryTable = (VTD_EXT_CONTEXT_ENTRY *)(UINTN)VTD_64BITS_ADDRESS(ExtRootEntry->Bits.LowerContextTablePointerLo, ExtRootEntry->Bits.LowerContextTablePointerHi) ;
      ThisExtContextEntry  = &ExtContextEntryTable[SourceId.Index.ContextIndex];
      if (ThisExtContextEntry->Bits.AddressWidth == 0) {
        continue;
      }
      *ExtContextEntry = ThisExtContextEntry;
      *ContextEntry    = NULL;
    } else {
      RootEntry = &mVtdUnitInformation[VtdIndex].RootEntryTable[SourceId.Index.RootIndex];
      ContextEntryTable = (VTD_CONTEXT_ENTRY *)(UINTN)VTD_64BITS_ADDRESS(RootEntry->Bits.ContextTablePointerLo, RootEntry->Bits.ContextTablePointerHi) ;
      ThisContextEntry  = &ContextEntryTable[SourceId.Index.ContextIndex];
      if (ThisContextEntry->Bits.AddressWidth == 0) {
        continue;
      }
      *ExtContextEntry = NULL;
      *ContextEntry    = ThisContextEntry;
    }
    return VtdIndex;
  }
  return (UINTN)-1;
 }
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
--- a/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTableEx.c
+++ b/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTableEx.c
@ -0,0 +1,158 @@
 /** @file
  Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials
  are licensed and made available under the terms and conditions of the BSD License
  which accompanies this distribution.  The full text of the license may be found at
  http://opensource.org/licenses/bsd-license.php.
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 #include "DmaProtection.h"
 /**
  Create extended context entry.
  @param[in]  VtdIndex  The index of the VTd engine.
  @retval EFI_SUCCESS          The extended context entry is created.
  @retval EFI_OUT_OF_RESOURCE  No enough resource to create extended context entry.
 **/
 EFI_STATUS
 CreateExtContextEntry (
  IN UINTN  VtdIndex
  )
 {
  UINTN                  Index;
  VOID                   *Buffer;
  UINTN                  RootPages;
  UINTN                  ContextPages;
  VTD_EXT_ROOT_ENTRY     *ExtRootEntry;
  VTD_EXT_CONTEXT_ENTRY  *ExtContextEntryTable;
  VTD_EXT_CONTEXT_ENTRY  *ExtContextEntry;
  VTD_SOURCE_ID          *PciSourceId;
  VTD_SOURCE_ID          SourceId;
  UINTN                  MaxBusNumber;
  UINTN                  EntryTablePages;
  MaxBusNumber = 0;
  for (Index = 0; Index < mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceDataNumber; Index++) {
    PciSourceId = &mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceData[Index].PciSourceId;
    if (PciSourceId->Bits.Bus > MaxBusNumber) {
      MaxBusNumber = PciSourceId->Bits.Bus;
    }
  }
  DEBUG ((DEBUG_INFO,"  MaxBusNumber - 0x%x\n", MaxBusNumber));
  RootPages = EFI_SIZE_TO_PAGES (sizeof (VTD_EXT_ROOT_ENTRY) * VTD_ROOT_ENTRY_NUMBER);
  ContextPages = EFI_SIZE_TO_PAGES (sizeof (VTD_EXT_CONTEXT_ENTRY) * VTD_CONTEXT_ENTRY_NUMBER);
  EntryTablePages = RootPages + ContextPages * (MaxBusNumber + 1);
  Buffer = AllocateZeroPages (EntryTablePages);
  if (Buffer == NULL) {
    DEBUG ((DEBUG_INFO,"Could not Alloc Root Entry Table.. \n"));
    return EFI_OUT_OF_RESOURCES;
  }
  mVtdUnitInformation[VtdIndex].ExtRootEntryTable = (VTD_EXT_ROOT_ENTRY *)Buffer;
  Buffer = (UINT8 *)Buffer + EFI_PAGES_TO_SIZE (RootPages);
  for (Index = 0; Index < mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceDataNumber; Index++) {
    PciSourceId = &mVtdUnitInformation[VtdIndex].PciDeviceInfo.PciDeviceData[Index].PciSourceId;
    SourceId.Bits.Bus = PciSourceId->Bits.Bus;
    SourceId.Bits.Device = PciSourceId->Bits.Device;
    SourceId.Bits.Function = PciSourceId->Bits.Function;
    ExtRootEntry = &mVtdUnitInformation[VtdIndex].ExtRootEntryTable[SourceId.Index.RootIndex];
    if (ExtRootEntry->Bits.LowerPresent == 0) {
      ExtRootEntry->Bits.LowerContextTablePointerLo  = (UINT32) RShiftU64 ((UINT64)(UINTN)Buffer, 12);
      ExtRootEntry->Bits.LowerContextTablePointerHi  = (UINT32) RShiftU64 ((UINT64)(UINTN)Buffer, 32);
      ExtRootEntry->Bits.LowerPresent = 1;
      ExtRootEntry->Bits.UpperContextTablePointerLo  = (UINT32) RShiftU64 ((UINT64)(UINTN)Buffer, 12) + 1;
      ExtRootEntry->Bits.UpperContextTablePointerHi  = (UINT32) RShiftU64 (RShiftU64 ((UINT64)(UINTN)Buffer, 12) + 1, 20);
      ExtRootEntry->Bits.UpperPresent = 1;
      Buffer = (UINT8 *)Buffer + EFI_PAGES_TO_SIZE (ContextPages);
    }
    ExtContextEntryTable = (VTD_EXT_CONTEXT_ENTRY *)(UINTN)VTD_64BITS_ADDRESS(ExtRootEntry->Bits.LowerContextTablePointerLo, ExtRootEntry->Bits.LowerContextTablePointerHi) ;
    ExtContextEntry = &ExtContextEntryTable[SourceId.Index.ContextIndex];
    ExtContextEntry->Bits.TranslationType = 0;
    ExtContextEntry->Bits.FaultProcessingDisable = 0;
    ExtContextEntry->Bits.Present = 0;
    DEBUG ((DEBUG_INFO,"DOMAIN: S%04x, B%02x D%02x F%02x\n", mVtdUnitInformation[VtdIndex].Segment, SourceId.Bits.Bus, SourceId.Bits.Device, SourceId.Bits.Function));
    switch (mVtdUnitInformation[VtdIndex].CapReg.Bits.SAGAW) {
    case BIT1:
      ExtContextEntry->Bits.AddressWidth = 0x1;
      break;
    case BIT2:
      ExtContextEntry->Bits.AddressWidth = 0x2;
      break;
    }
  }
  FlushPageTableMemory (VtdIndex, (UINTN)mVtdUnitInformation[VtdIndex].ExtRootEntryTable, EFI_PAGES_TO_SIZE(EntryTablePages));
  return EFI_SUCCESS;
 }
 /**
  Dump DMAR extended context entry table.
  @param[in]  ExtRootEntry DMAR extended root entry.
 **/
 VOID
 DumpDmarExtContextEntryTable (
  IN VTD_EXT_ROOT_ENTRY *ExtRootEntry
  )
 {
  UINTN                 Index;
  UINTN                 Index2;
  VTD_EXT_CONTEXT_ENTRY *ExtContextEntry;
  DEBUG ((DEBUG_INFO,"=========================\n"));
  DEBUG ((DEBUG_INFO,"DMAR ExtContext Entry Table:\n"));
  DEBUG ((DEBUG_INFO,"ExtRootEntry Address - 0x%x\n", ExtRootEntry));
  for (Index = 0; Index < VTD_ROOT_ENTRY_NUMBER; Index++) {
    if ((ExtRootEntry[Index].Uint128.Uint64Lo != 0) || (ExtRootEntry[Index].Uint128.Uint64Hi != 0)) {
      DEBUG ((DEBUG_INFO,"  ExtRootEntry(0x%02x) B%02x - 0x%016lx %016lx\n",
        Index, Index, ExtRootEntry[Index].Uint128.Uint64Hi, ExtRootEntry[Index].Uint128.Uint64Lo));
    }
    if (ExtRootEntry[Index].Bits.LowerPresent == 0) {
      continue;
    }
    ExtContextEntry = (VTD_EXT_CONTEXT_ENTRY *)(UINTN)VTD_64BITS_ADDRESS(ExtRootEntry[Index].Bits.LowerContextTablePointerLo, ExtRootEntry[Index].Bits.LowerContextTablePointerHi);
    for (Index2 = 0; Index2 < VTD_CONTEXT_ENTRY_NUMBER/2; Index2++) {
      if ((ExtContextEntry[Index2].Uint256.Uint64_1 != 0) || (ExtContextEntry[Index2].Uint256.Uint64_2 != 0) ||
          (ExtContextEntry[Index2].Uint256.Uint64_3 != 0) || (ExtContextEntry[Index2].Uint256.Uint64_4 != 0)) {
        DEBUG ((DEBUG_INFO,"    ExtContextEntryLower(0x%02x) D%02xF%02x - 0x%016lx %016lx %016lx %016lx\n",
          Index2, Index2 >> 3, Index2 & 0x7, ExtContextEntry[Index2].Uint256.Uint64_4, ExtContextEntry[Index2].Uint256.Uint64_3, ExtContextEntry[Index2].Uint256.Uint64_2, ExtContextEntry[Index2].Uint256.Uint64_1));
      }
      if (ExtContextEntry[Index2].Bits.Present == 0) {
        continue;
      }
      DumpSecondLevelPagingEntry ((VOID *)(UINTN)VTD_64BITS_ADDRESS(ExtContextEntry[Index2].Bits.SecondLevelPageTranslationPointerLo, ExtContextEntry[Index2].Bits.SecondLevelPageTranslationPointerHi));
    }
    if (ExtRootEntry[Index].Bits.UpperPresent == 0) {
      continue;
    }
    ExtContextEntry = (VTD_EXT_CONTEXT_ENTRY *)(UINTN)VTD_64BITS_ADDRESS(ExtRootEntry[Index].Bits.UpperContextTablePointerLo, ExtRootEntry[Index].Bits.UpperContextTablePointerHi);
    for (Index2 = 0; Index2 < VTD_CONTEXT_ENTRY_NUMBER/2; Index2++) {
      if ((ExtContextEntry[Index2].Uint256.Uint64_1 != 0) || (ExtContextEntry[Index2].Uint256.Uint64_2 != 0) ||
          (ExtContextEntry[Index2].Uint256.Uint64_3 != 0) || (ExtContextEntry[Index2].Uint256.Uint64_4 != 0)) {
        DEBUG ((DEBUG_INFO,"    ExtContextEntryUpper(0x%02x) D%02xF%02x - 0x%016lx %016lx %016lx %016lx\n",
          Index2, (Index2 + 128) >> 3, (Index2 + 128) & 0x7, ExtContextEntry[Index2].Uint256.Uint64_4, ExtContextEntry[Index2].Uint256.Uint64_3, ExtContextEntry[Index2].Uint256.Uint64_2, ExtContextEntry[Index2].Uint256.Uint64_1));
      }
      if (ExtContextEntry[Index2].Bits.Present == 0) {
        continue;
      }
    }
  }
  DEBUG ((DEBUG_INFO,"=========================\n"));
 }
--- a/Show More
+++ b/Show More
`@ -1 +1,2 @@`
	`Win32 https://svn.code.sf.net/p/edk2-toolbinaries/code/trunk/Win32`	`Win32 -r 253 https://svn.code.sf.net/p/edk2-toolbinaries/code/trunk/Win32`
		`GIT: 0e088c19ab31fccd1d2f55d9e4fe0314b57c0097 https://github.com/tianocore/edk2-BaseTools-win32.git`