OvmfPkg/CryptoPkg: Enhance C runtime functions #6467
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As part of the effort to get Boringssl to work with EDK2, there are many C runtime apis that get referenced and are currently not implemented in EDK2. In particular, this change adds 1. Stubs for file functions 2. Implementations of the following api : - strdup, bsearch, getentropy, __ashlti3 Cc: Ard Biesheuvel <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Laszlo Ersek <[email protected]> Cc: Anthony Perard <[email protected]> Cc: Julien Grall <[email protected]> Signed-off-by: Leena Soman <[email protected]>
Enable x2apic mode in case the number of possible CPUs (including hotplug-able CPus which are not (yet) online) is larger than 255. Signed-off-by: Gerd Hoffmann <[email protected]>
BaseCryptLib turn gettimeofday() from a Macro into a function call, apply the same change to BaseCryptLibMbedTls Signed-off-by: Amy Chan <[email protected]>
This commit is to check if the resource HOB range does not exceed the max supported physical address. The function BuildMemoryMapFromResDescHobs is to build Memory Region from resource HOBs. Then the memory maps will be used during creating or modifying SMM page table. If the resource HOB range exceeds the max supported physical address, then subsequent calling of PageTableMap() will fail. Signed-off-by: Dun Tan <[email protected]>
As TPM2.0 is popular, updating default value for the Setup menu supports a benefit for some systems that have another TPM Setup menu to select TPM2.0 devices (e.g. dTPM, fTPM) depending on platform bios. For example, when loading default configuration using F9 key in Setup (Brower Action: SystemLevel), it is possible for them to load an unsynchronized value. If user does not adjust the value before saving Setup, it could influence an unexpected TPM initialization at next boot. Setting TPM2.0 as default value supports the benefit related to the case. Signed-off-by: Phil Noh <[email protected]>
This patch updates libspdm to pull in various bug fixes, but primarily commit ca4854be3325bd8fc7f2c714574d17aac2d4e13b which updates libspdm's MbedTLS submodule to v3.6.2, fixing CVE https://nvd.nist.gov/vuln/detail/CVE-2023-37920 there. This CVE does not affect libspdm or edk2, but automatic CVE scanning tools see the bad version of the certifi pip module in the edk2/libspdm code trees and flag these projects as failing. libspdm has been updated to pull in the newer MbedTLS that fixes this issue and this patch updates edk2 to pull in the newer libspdm. Signed-off-by: Oliver Smith-Denny <[email protected]>
If a GitHub account has been deleted entirely, a `None` user will be returrned from the GitHub API. This change accounts for a `None` user when querying GitHub APIs for user information. Signed-off-by: Michael Kubacki <[email protected]>
Drop the ArmSoftFloatLib dependency from the OpensslLib implementations, so that we can retire this git submodule and associated dependencies in other components. The upshot of this is that OpenSSL can no longer be used on 32-bit ARM by components that rely on the random number generation routines (which is where the floating point usage resides). In practice, this means that ARM platforms should use MbedTLs instead for things like signed capsules, authenticated variables and TPM2 support. HTTPS boot is no longer supported, as TlsDxe depends on OpensslLib directly. Note that MbedTLS itself -surprisingly- depends on OpensslLib as well, but only for the SM3 routines, and incorporating those does not require softfloat support. Signed-off-by: Ard Biesheuvel <[email protected]>
Redfish uses JsonLib, which supports encoding real numbers. This handling is implemented using C floating point types, which means that on 32-bit ARM, a softfloat library is required, even though the CPUs we still (marginally) care about all support floating point in hardware. The UEFI spec does not permit the use of floating point on ARM at all, and so the correct thing to do here is to simply disable this driver on 32-bit ARM entirely. Note that the ARM platform code does allow the VFP unit to be enabled at boot time, and so rebuilding this driver with hardware FP should be feasible, in case anyone has an interest in running it on a 32-bit ARM system. Signed-off-by: Ard Biesheuvel <[email protected]>
ArmSoftFloatLib is going away, so remove all residual references to it. Continuous-integration-options: PatchCheck.ignore-multi-package Signed-off-by: Ard Biesheuvel <[email protected]>
Drop the softfloat library implementation now that it is no longer used. Signed-off-by: Ard Biesheuvel <[email protected]>
This code is no longer in use so it can be dropped. Signed-off-by: Ard Biesheuvel <[email protected]>
ARM requires softfloat routines when incorporating OpenSSL, which is a bit of a hassle for no benefit, given that ARM is mostly obsolete at this point. SignedCapsulePkg relies on OpenSSL for authentication, and while it might be feasible to migrate ARM to MbedTLS and retain support, let's just drop support entirely. Signed-off-by: Ard Biesheuvel <[email protected]>
Add definitions for the non-global page tables descriptor attribute, as well as the E2H TCR bit, so that we can use them in the MMU code. Signed-off-by: Ard Biesheuvel <[email protected]>
When VHE is enabled, some pre-existing timer system register specifiers are redirected to the HYP timer. To access the conventional timer, special aliases have to be used that end in _EL02. These aliases are not understood by Clang's internal assembler, so use the generic mnemonics instead. Signed-off-by: Ard Biesheuvel <[email protected]>
Remove the code path for execution at EL3, which just dumps an error. None of the other code is remotely suitable for execution at EL3, and so just ASSERT()'ing here is sufficient, and simplifies future changes related to VHE. Signed-off-by: Ard Biesheuvel <[email protected]>
With VHE enabled, EL2 uses the EL2&0 translation regime, which is compatible with the EL1&0 translation regime when it comes to the TCR configuration register and the page table descriptor. Given that some CPUs may have VHE force enabled when executing at EL2, the MMU code needs to be able to deal with this even if it doesn't enable VHE itself. Signed-off-by: Ard Biesheuvel <[email protected]>
HCR_EL2 may contain fields that should be preserved (such as E2H, which may be RES1 for all intents and purposes other than reading back the register). So preserve the existing value when setting the TGE bit. Signed-off-by: Ard Biesheuvel <[email protected]>
The implementation of ArmMonitorLib that selects the conduit (SMC or HVC) based on the PSCI FDT node is suitable for other VMMs as well, so rename it more appropriately. Signed-off-by: Ard Biesheuvel <[email protected]>
ArmVirtKvmTool might execute at EL2 when running under nested virtualization, and in this case, it should not use HVC but SMC to invoke PSCI and SMCCC services. Like QEMU, kvmtool provides the PSCI conduit via a node in the FDT, and as per the SMCCC, the PSCI conduit and the SMCCC conduit are guaranteed to be the same. So switch to the ArmMonitorLib implementation that selects the conduit based on this FDT node. Signed-off-by: Ard Biesheuvel <[email protected]>
As part of the effort to get Boringssl to work with EDK2, there are many C runtime apis that get referenced and are currently not implemented in EDK2. In particular, this change adds 1. Stubs for file functions 2. Implementations of the following api : - strdup, bsearch, getentropy Cc: Ard Biesheuvel <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Laszlo Ersek <[email protected]> Cc: Anthony Perard <[email protected]> Cc: Julien Grall <[email protected]> Signed-off-by: Leena Soman <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Update SecureBootDefaultKeys.fdf.inc to add support for 2 more DB certificates, for a total of 5. This allows all the files from https://github.com/microsoft/secureboot_objects/tree/main/PreSignedObjects/DB/Certificates to be supported. Signed-off-by: Rebecca Cran <[email protected]>
The "Found ACPI table" messages are informative and don't indicate an error, so reduce the debug level from DEBUG_ERROR to DEBUG_INFO. Signed-off-by: Rebecca Cran <[email protected]>
|
Can you clean up the patch titles and explanations please? I see two patches with identical names. |
StrSize() account the terminating NULL character and cannot return 0. Replace StrSize() StrLen(). BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4859 Reported-by: Tormod Volden <[email protected]> Signed-off-by: Pierre Gondois <[email protected]>
StrSize() cannot return 0. As done in other packages, StrSize() checks the length of the string doesn't exceed PcdMaximumUnicodeStringLength. Add comments to make it more obvious. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4859 Reported-by: Tormod Volden <[email protected]> Signed-off-by: Pierre Gondois <[email protected]>
Since the pixiefail CVE fix the network stack requires a hardware random number generator. This can currently be a modern CPU supporting the RDRAND instruction or a virtio-rng device. The latter is initialized during the BDS phase. To ensure all depending (network) modules are also started, we need to run the dispatcher once more after the device was initialized. Without this, network boot is not available under certain hardware configurations. Fixes: 4c4ceb2 ("NetworkPkg: SECURITY PATCH CVE-2023-45237") Analysed-by: Stefano Garzarella <[email protected]> Suggested-by: Gerd Hoffmann <[email protected]> Signed-off-by: Oliver Steffen <[email protected]>
Clean up PcdOvmfHostBridgePciDevId and PcdNullPointerDetectionPropertyMask from QemuVideoDxe.inf Signed-off-by: Marc Chen <[email protected]>
Use UefiDriverEntryPointFwCfgOverrideLib for IScsiDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/ISCSISupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <[email protected]>
Use UefiDriverEntryPointFwCfgOverrideLib for UsbMassStorageDxe so
the driver can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/UsbStorageSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <[email protected]>
UefiDriverEntryPointFwCfgOverrideLib will use PcdEntryPointOverrideDefaultValue to decide what to do in case the fw_cfg file specified via PcdEntryPointOverrideFwCfgVarName is not present. Default is "yes". This allows to disable drivers by default and only enable them when requested via fw_cfg. Also log a message with the config option applied and whenever the default value or a fw_cfg option was used. Signed-off-by: Gerd Hoffmann <[email protected]>
While IScsiDxe certainly is a useful feature it is rarely used, and it slows down firmware boot quite a bit. So disable it by default and only load it in case this is explicitly requested via fw_cfg. Signed-off-by: Gerd Hoffmann <[email protected]>
Add AARCH64 support on FdtParserLib. Signed-off-by: Ajan Zhong <[email protected]>
If alignment check is enabled in AARCH64 platform, FDT parser might dereference non-aligned 64-bit address to fetch 64-bit data. Use unaligned data read to avoid triggering unaligned data access. Signed-off-by: Ajan Zhong <[email protected]>
According to ACPI Specification, 64 bit physical address of the XSDT provides indentical functionality to the RSDT but accommodates physical address of description headers that are larger than 32 bits. In this case physical address of XSDT table is 64 bit aligned, however size of ACPI description tabled header is not 64 bit aligned. It leads to the entry of other description headers are not 64 bit aligned. In AARCH64 architecture, deference non-aligned 64 bit address to fetch 64-bit data will trigger Alignment fault. Use ReadUnaligned64 method to fix this unaligned data access issue. Signed-off-by: Ajan Zhong <[email protected]>
Following the UEFI Shell Specification revision 2.2, add helper for the '-fwui' option of the reset command. Signed-off-by: Pierre Gondois <[email protected]>
Signed-off-by: Leena Soman <[email protected]>
Add IPMI Serial definitions Specification reference: https://www.intel.com/content/www/us/en/products/docs/servers/ipmi/ipmi-second-gen-interface-spec-v2-rev1-1.html Signed-off-by: John Chung <[email protected]>
This change adds new PCDs for IPMI Serial. Specification reference: https://www.intel.com/content/www/us/en/products/docs/servers/ipmi/ipmi-second-gen-interface-spec-v2-rev1-1.html Signed-off-by: John Chung <[email protected]>
gEdkiiCcPpi is designed to support CC measurement in PEI phase. Cc: Jiewen Yao <[email protected]> Signed-off-by: Min Xu <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
PeiTpmMeasurementLib is updated to support both TCG measurement and CC Measurement. gEfiPeiMasterBootModePpiGuid is removed from [Depex] because it is not needed for the library. Cc: Jiewen Yao <[email protected]> Signed-off-by: Min Xu <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
Since the TdxHelperLib is used for measurement in PEI phase, it required TDVF to add the library. Cc: Erdem Aktas <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Elena Reshetova <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
Add below APIs to support the implementation for CC measurement. - TdxHelperMapPcrToMrIndex - TdxHelperHashAndExtendToRtmr - TdxHelperBuildTdxMeasurementGuidHob Cc: Erdem Aktas <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Elena Reshetova <[email protected]> Signed-off-by: Min Xu <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
Since TdxHelperLib has the API(TdxHelperMapPcrToMrIndex) to map PCR to MR index, the duplicate codes are removed. Cc: Erdem Aktas <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Elena Reshetova <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
TdTcg2Pei is added to install the gEdkiiCcPpi for a TD-Guest. Cc: Erdem Aktas <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Elena Reshetova <[email protected]> Signed-off-by: Min Xu <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
Because PeiTpmMeasurementLib supports both TCG measurement and CC measurement, it shall be controled by TPM2_ENABLE and CC_MEASUREMENT_EANBLE. Cc: Erdem Aktas <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Elena Reshetova <[email protected]> Signed-off-by: Min Xu <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
Add TdTcg2Pei in OvmfPkgX64.dsc in early PEI phase to support CC measurement. Cc: Erdem Aktas <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Elena Reshetova <[email protected]> Signed-off-by: Min Xu <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
Since TdxHelperLib was defined in LibraryClasses for OvmfPkgX64.dsc, the extra definitions is removed. And for other dsc, add the Null-TdxHelperLib to remove the extra definitions. Cc: Erdem Aktas <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Elena Reshetova <[email protected]> Signed-off-by: Ceping Sun <[email protected]>
As part of the effort to get Boringssl to work with EDK2, there are many C runtime apis that get referenced and are currently not implemented in EDK2. In particular, this change adds 1. Stubs for file functions 2. Implementations of the following api : - strdup, bsearch, getentropy Cc: Ard Biesheuvel <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Laszlo Ersek <[email protected]> Cc: Anthony Perard <[email protected]> Cc: Julien Grall <[email protected]> Signed-off-by: Leena Soman <[email protected]>
As part of the effort to get Boringssl to work with EDK2, there are many C runtime apis that get referenced and are currently not implemented in EDK2. In particular, this change adds 1. Stubs for file functions 2. Implementations of the following api : - strdup, bsearch, getentropy, __ashlti3 Cc: Ard Biesheuvel <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Laszlo Ersek <[email protected]> Cc: Anthony Perard <[email protected]> Cc: Julien Grall <[email protected]> Signed-off-by: Leena Soman <[email protected]>
Signed-off-by: Leena Soman <[email protected]>
Signed-off-by: Leena Soman <[email protected]>
Co-authored-by: Dionna Amalie Glaze <[email protected]>
Signed-off-by: Leena Soman <[email protected]>
Signed-off-by: Leena Soman <[email protected]>
Fixed CI pipeline errors Signed-off-by: Leena Soman <[email protected]>
|
Uh oh, bad rebase point. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As part of the effort to get Boringssl to work with EDK2, there are many C runtime apis that get referenced and are currently not implemented in EDK2. This change adds those apis to edk2.
Cc: Ard Biesheuvel [email protected]
Cc: Jordan Justen [email protected]
Cc: Laszlo Ersek [email protected]
Cc: Anthony Perard [email protected]
Cc: Julien Grall [email protected]
Description
In particular, this change adds the following :
Stubs for file functions. These have been implemented to return -1 rather than 0 since there is no file system support and to fail any calls that are call into them.
Implementations of the following api which are referenced and used by Boringssl code :
strdup : string duplication function
bsearch : binary search
getentropy : return entropy of requested length
__ashlti3 : Left shift for 128 bit integers
Breaking change?
Impacts security?
Includes tests?
How This Was Tested
Calls to the apis are successful when tested locally.
Integration Instructions
N/A