Commits · github/master · CodeLinaro / la / abl / tianocore / edk2

Apr 19, 2025

MdePkg: Fix typos in PerformanceLib.h · 62390a89

Paul Huang authored 2 days ago


propery -> property
lof     -> log
evnent  -> event

Signed-off-by: Paul Huang <aphroteus@gmail.com>

62390a89

Apr 18, 2025

Maintainers.txt: Add Kun Qin as reviewer for ARM-FFA folders in SecurityPkg · 5e5ca20b

Kun Qin authored 4 days ago


- Updated Maintainers.txt to include Kun Qin as a maintainer for the ARM-
  FFA sections in SecurityPkg.
- Added his contact information: email and GitHub username.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>

5e5ca20b

SecurityPkg: Tpm2InstanceLibFfa: Introduce Tpm2InstanceLib over FF-A · 548c2912

Kun Qin authored 1 week ago

This change introduces a `Tpm2InstanceLibFfa` library to support TPM over
FF-A and works with Tpm2DeviceLibRouter* libraries.

The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/



The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>

548c2912

SecurityPkg: Tpm2DeviceLibFfa: Introduce TPM device library over FF-A · 86d56808

kuqin12 authored 1 month ago

This change introduces a `Tpm2DeviceLibFfa` library to support TPM over
FF-A.

The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/



The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.

Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>

86d56808

SecurityPkg: Tpm2ServiceFfa: Introduce TPM over FF-A Definitions · df77417d

Kun Qin authored 1 week ago

TPM over FF-A is a mechanism enabling the normal world to communicate
with TPM devices offered as a FF-A service in the secure world.

This update introduces a header file containing definitions from the TPM
over FF-A specification, as detailed in the following documentation:
https://developer.arm.com/documentation/den0138/latest/

Signed-off-by: Kun Qin <kun.qin@microsoft.com>

df77417d

SecurityPkg: Tcg2AcpiFfa: Add Tcg2Acpi for FFA enabled ARM platforms · 7d297e37

Kun Qin authored 1 month ago

This change adds a new driver Tcg2AcpiFfa. It will publish the TPM2 and
the corresponding SSDT table that is responsible for supporting the
physical presence interface through ASL methods during OS runtime.

Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>

7d297e37

SecurityPkg: SmmTcg2PhysicalPresenceLib: Add ARM platforms implementation · 219c3bac

Kun Qin authored 1 month ago


This change adds a new library instance of SmmTcg2PhysicalPresenceLib. It
will directly check on the PCD value instead of relying on the HOB value,
which will require change on the TFA/SPMC side.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>

219c3bac

SecurityPkg: Tcg2StandaloneMmArm: Add Tcg2StandaloneMm for ARM platforms · ec5d8ad3

Kun Qin authored 1 month ago


This change adds a new driver Tcg2StandaloneMmArm. It will register an
MMI handler that is responsible for supporting the physical presence
interface from ASL methods during OS runtime.

Platforms need to expose the PPI ACPI function GUID in the Standalone MM
secure partition.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>

ec5d8ad3

SecurityPkg: PhysicalPresenceData: Add a GUID used for ACPI functions · f89ae9ca

Kun Qin authored 1 month ago


This change adds a GUID for the physical presence interface. This is
defined in TCG Physical Presence Interface v1.30, Rev. 00.52: Section
8.1 ACPI Functions.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>

f89ae9ca

$INDIA\sachinganesh's avatar$

MdePkg: Add conditional backwards compatibility to MpServices2 aliases · 29960f38

INDIA\sachinganesh authored 3 weeks ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg. EDKII_PEI_MP_SERVICES2_PPI structure and PPI GUID
are provided as backward compatible references.

These references have been wrapped under a conditional to aid with
its eventual removal.

To enable, define ENABLE_DEPRECATED_EDKII_MP_SERVICES2.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

29960f38

$INDIA\sachinganesh's avatar$

UefiCpuPkg/S3Resume2Pei: Rename EDKII_PEI_MP_SERVICES2_PPI · e5dae263

INDIA\sachinganesh authored 1 month ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.

Relevant changes have been made here.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

e5dae263

$INDIA\sachinganesh's avatar$

UefiCpuPkg/Test: Rename EDKII_PEI_MP_SERVICES2_PPI · 7aa2b310

INDIA\sachinganesh authored 1 month ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.

Relevant changes have been made here.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

7aa2b310

$INDIA\sachinganesh's avatar$

UefiCpuPkg/Library: Rename EDKII_PEI_MP_SERVICES2_PPI · 1d6b8aaf

INDIA\sachinganesh authored 1 month ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.

Relevant changes have been made here.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

1d6b8aaf

$INDIA\sachinganesh's avatar$

UefiCpuPkg/Include: Rename EDKII_PEI_MP_SERVICES2_PPI · b66d325c

INDIA\sachinganesh authored 1 month ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.

Relevant changes have been made here.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

b66d325c

$INDIA\sachinganesh's avatar$

UefiCpuPkg/CpuMpPei: Rename EDKII_PEI_MP_SERVICES2_PPI · 7de3a101

INDIA\sachinganesh authored 1 month ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.

Relevant changes have been made here.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

7de3a101

$INDIA\sachinganesh's avatar$

OvmfPkg: Rename EDKII_PEI_MP_SERVICES2_PPI · 997e4e39

INDIA\sachinganesh authored 1 month ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.

Relevant changes have been made here.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

997e4e39

$INDIA\sachinganesh's avatar$

UefiCpuPkg: Remove EDKII_PEI_MP_SERVICES2_PPI · aef50446

INDIA\sachinganesh authored 4 weeks ago


EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.

The related header and PPI GUID has been removed from UefiCpuPkg

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

aef50446

$INDIA\sachinganesh's avatar$

MdePkg: Add EFI_PEI_MP_SERVICES2_PPI · 27b063a1

INDIA\sachinganesh authored 1 month ago


EFI_PEI_MP_SERVICES2_PPI has been added to MdePkg.

This PPI earlier existed as EDKII_PEI_MP_SERVICES2_PPI in UefiCpuPkg.

EDKII_PEI_MP_SERVICES2_PPI structure and PPI GUID are provided as
references for backwards compatibility.

Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

27b063a1

OvmfPkg/QemuKernelLoaderFsDxe: fix allocation failure check · 89b595d1
Gerd Hoffmann authored 3 days ago
```
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
```
89b595d1

EmbeddedPkg: Add two new APIs in PrePiHobLib · be720b8d

Dun Tan authored 1 week ago


This commit is to add two new APIs in EmbeddedPkg
PrePiHobLib:

1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.

2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.

Signed-off-by: Dun Tan <dun.tan@intel.com>

be720b8d

ArmVirtPkg: Add two new APIs in ArmVirtDxeHobLib · 9ae1c8d4

Dun Tan authored 1 week ago


This commit is to add two new APIs in ArmVirtDxeHobLib:

1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.

2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.

Signed-off-by: Dun Tan <dun.tan@intel.com>

9ae1c8d4

StandaloneMmPkg: Add two new APIs in HobLib · 6b48cdc9

Dun Tan authored 1 week ago


This commit is to add two new APIs in StandaloneMmPkg
StandaloneMmHobLib and StandaloneMmCoreHobLib:

1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.

2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.

Signed-off-by: Dun Tan <dun.tan@intel.com>

6b48cdc9

UefiPayloadPkg: Add two new APIs in HobLib · cdd31b64

Dun Tan authored 1 week ago


This commit is to add two new APIs in UefiPayloadPkg
DxeHobLib and PayloadEntryHobLib:

1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.

2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.

Signed-off-by: Dun Tan <dun.tan@intel.com>

cdd31b64

MdeModulePkg: Add two new APIs in BaseHobLibNull · a9cf419e

Dun Tan authored 1 week ago


This commit is to add two new APIs in MdeModulePkg
BaseHobLibNull:

1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.

2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.

Signed-off-by: Dun Tan <dun.tan@intel.com>

a9cf419e

MdePkg: Add two new APIs in HobLib · 161fa22b

Dun Tan authored 1 week ago


This commit is to add two new APIs in MdePkg PeiHobLib,
DxeHobLib, DxeCoreHobLib and MockHobLib:

1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.

2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.

Signed-off-by: Dun Tan <dun.tan@intel.com>

161fa22b

MdePkg/Include: Add two new APIs in HobLib.h · 3872c380

Dun Tan authored 1 week ago


This commit is to add two new APIs in HobLib.h:
GetNextMemoryAllocationGuidHob ()
TagMemoryAllocationHobWithGuid ()

The UEFI_PI_SPEC defines the EFI_GUID Name in the
EFI_HOB_MEMORY_ALLOCATION_HEADER as:
A GUID that defines the memory allocation region’s type
and purpose, as well as other fields within the memory
allocation HOB.

Currently there is no API in HobLib to handle this Name
GUID in EFI_HOB_MEMORY_ALLOCATION_HEADER, and the code
logic is common. So the following 2 APIs are added to:

1.The GetNextMemoryAllocationGuidHob () returns the next
instance of the Memory Allocation HOB with the matched
GUID from a starting HOB pointer.

2.The TagMemoryAllocationHobWithGuid () searchs the HOB
list for the Memory Allocation HOB with a matching base
address and set the Name GUID. Then the instance of the
tagged Memory Allocation HOB with matched base address is
returned.

Signed-off-by: Dun Tan <dun.tan@intel.com>

3872c380

Apr 17, 2025

OvmfPkg: Enable Smbios measurement · cd76265f

Ceping Sun authored 1 week ago

Refer to TCG spec section 3.4.2 "SMBIOS structures that contain static
configuration information (e.g. Platform Manufacturer Enterprise Number
assigned by IANA, platform model number, Vendor and Device IDs for each
SMBIOS table) that is relevant to the security of the platform MUST be
measured using the event type EV_EFI_HANDOFF_TABLES2"

Smbios tables shall be measured as defined in the spec.

Spec: PC-Client-Platform-Firmware-Profile-Version-1.06-Revision-52

https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/



Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Hunter Adrian <adrian.hunter@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

cd76265f

DynamicTablesPkg: AcpiSpcrLib: Support as-is baud rate setting · 8d3c7c19

Sarah Walker authored 1 month ago

The SPCR specification at
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/serial-port-console-redirection-table


states that baud rate 0 is interpreted as "as-is". This indicates that the
OS should rely on the current UART configuration until the full featured
driver is initialized.

Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>

8d3c7c19

MdePkg: Add as-is baud rate setting to SPCR · 28b952a5

Sarah Walker authored 1 month ago

The SPCR specification at
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/serial-port-console-redirection-table


states that baud rate 0 is interpreted as "as-is". This indicates that the
OS should rely on the current UART configuration until the full featured
driver is initialized.

Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>

28b952a5

ShellPkg: AcpiView: Add parser support for SPCR Revision 4 · edaae7bc

Sarah Walker authored 2 months ago

Revision 4 adds fields for UART clock frequency, precise baud rate and ACPI
object namespace string. The revision 4 specification is at
https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/serial-port-console-redirection-table

Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>

edaae7bc

DynamicTablesPkg: AcpiSpcrLib: Add support for SPCR revision 4 · 60558255

Sarah Walker authored 2 months ago

Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>

60558255

SecurityPkg/OpalPasswordDxe: Improve the function to get device name · 1f6c875d

Phil Noh authored 1 week ago

Improve OpalDriverGetDriverDeviceName function that gets device name
through the component name protocol. Currently the function searches for
all handles (as controller handle) to find the right GetControllerName
service for the child handle. The update improves the way to get device
name and supports better performance (e.g. 1681(μs) -> 3(μs) for 1 NVMe
device). This can prevent a compatibility issue for GetControllerName
service of some drivers, which is not flexible for handle parameter
information (e.g. it was found that an EFI driver caused an exception
error/hang when GetControllerName service for the driver is called in
OpalDriverGetDeviceNameByProtocol function).

Signed-off-by: Phil Noh <Phil.Noh@amd.com>

1f6c875d

SecurityPkg-Tpm2DeviceLibDTpm: Check SNP enabled prior to using AmdSvsmLib · c2d8e923

Jacob Xu authored 3 weeks ago

AmdSvsmLib currently doesn't check if SNP enabled, thus using AmdSvsmLib
may errantly cause the caller code to believe SVSM is present. This
leads to boot failure on non-SNP enabled VMs.

We use the PcdConfidentialComputingGuestAttr since it remains valid
after MpInitLib runs which invalidates PcdSevEsWorkArea's cached
sev-status msr which we use to check for SNP enabled in other places.

The added functions ConfidentialComputingGuestHas() and
AmdMemEncryptionAttrCheck() are copied from MpLib.c, which is intended
to be replaced later on with a more minimal library perhaps in MdePkg to
cleanup some of the circular dependencies currently surrounding SvsmLib.

Signed-off-by: Jacob Xu <jacobhxu@google.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>

c2d8e923

SecurityPkg: Update SecureBootVariableLibUnitTest · eefd4fdb

Doug Flick authored 4 days ago


Updates SecureBootVariableLibUnitTest to use a valid
EFI_SIGNATURE_LIST and EFI_SIGNATURE_DATA

Signed-off-by: Doug Flick <dougflick@microsoft.com>

eefd4fdb

SecurityPkg: SecureBootVariableLib: Prevent Invalid DBX · bfb1a45e

Doug Flick authored 1 week ago


This commit adds the ability to skip the setting the Dbx variable if
the Default being provided is less than the size of the
EFI_SIGNATURE_LIST structure. This is to prevent the
setting of an invalid DBX which would cause the system to fail to boot.

Additionally, this can be used to signal that setting the DBX
should leave DBX undefined for Platforms that want to let the OS
be the sole servicer of the DBX.

Breakdown of the math is as follows:

1. **`sizeof(EFI_SIGNATURE_LIST)`**:
   - This is the size of the `EFI_SIGNATURE_LIST` structure itself,
   which includes:
     - `EFI_GUID SignatureType` (16 bytes)
     - `UINT32 SignatureListSize` (4 bytes)
     - `UINT32 SignatureHeaderSize` (4 bytes)
     - `UINT32 SignatureSize` (4 bytes)
   - Total: `16 + 4 + 4 + 4 = 28 bytes`

2. **`SignatureHeaderSize`**:
   - This is the size of the optional signature header. If no header is
   provided, this value is `0`.

3. **`SignatureSize`**:
   - This is the size of each `EFI_SIGNATURE_DATA` entry. For an empty
   list, this value is `0`.

The total size of an empty `EFI_SIGNATURE_LIST` is:
```c
sizeof(EFI_SIGNATURE_LIST) + SignatureHeaderSize
```

1. **No Signature Header**:
   - If `SignatureHeaderSize = 0`, the size is:
     ```c
     28 + 0 = 28 bytes
     ```

2. **With a Signature Header**:
   - If `SignatureHeaderSize = 16` (example size for a header), the
   size is:
     ```c
     28 + 16 = 44 bytes
     ```

- **Minimum Size**: `28 bytes` (if `SignatureHeaderSize = 0`).
- **Additional Size**: Add the value of `SignatureHeaderSize` if a
header is included.

Signed-off-by: Doug Flick <dougflick@microsoft.com>

bfb1a45e

Remove unnecessary RsaFree call in failing path · 5f5cf1c1
Baraneedharan Anbazhagan authored 1 week ago
```
Signed-off-by: Anbazhagan Baraneedharan <anbazhagan@hp.com>
```
5f5cf1c1

SecurityPkg/AuthVariableLib: Fix memory leak in CheckSignatureListFormat · fce142fd

Baraneedharan Anbazhagan authored 3 weeks ago


RsaGetPublicKeyFromX509  allocates memory for RsaContext parameter
and the memory allocated earlier is not necessary

Signed-off-by: Anbazhagan Baraneedharan <anbazhagan@hp.com>

fce142fd

MdeModulePkg/PlatformDriOverrideDxe:Fix typos · 2e81eb8f
Gao Qihang authored 4 days ago
```
`dynamicly`->`dynamically`

Signed-off-by: Gao Qihang <gaoqihang@loongson.cn>
```
2e81eb8f
MdeModulePkg/DriverHealthManagerDxe:Fix typo · 1968afaf
Gao Qihang authored 4 days ago
```
`dynamicly`->`dynamically`

Signed-off-by: Gao Qihang <gaoqihang@loongson.cn>
```
1968afaf

Apr 16, 2025

MdeModulePkg/UsbMassStorageDxe: Remove excessive logging · 948d4ba0

Pohan Wu authored 1 month ago


When a USB mass storage device is not ready (e.g., still powering up
or the hard disk has not reached the desired RPM), the ExecCommand
function fails.This failure is not a true error. Logging it as
DEBUG_ERROR will generate logs for properly functioning devices as
well, potentially flooding logs for older devices.

As mentioned in the command, proper error information retrieval
should occur in the sense request. The solution is to downgrade
the log level from DEBUG_ERROR to DEBUG_INFO.

Signed-off-by: Jack Pham <jackp@qti.qualcomm.com>

948d4ba0