summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-01-18NetworkPkg: Fix SPD entry edit policy issue in IPSecConfig.Jiaxin Wu
The current implementation doesn't handle the relationship between SPD and SAD well, which may introduce some security and connection issue after SPD updated. For SPD entry edit policy, if one SPD entry is edited/updated, the original SAs list should be discard. Current IPSecConfig tool does not dealt properly with those rules. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19653 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18NetworkPkg: Fix IpSec SPD and SAD mapping issue when SPD is updatedJiaxin Wu
The current implementation doesn't handle the relationship between SPD and SAD well, which may introduce some security and connection issue after SPD updated. For SPD SetData policy: A) When delete the existed SPD entry, its related SAs also should be removed from its Sas list(SadEntry->BySpd). If the SA entry is established by IKE, we can remove it from global SAD list(SadEntry->List) and then free it directly since its SpdEntry will be freed later. B) SPD SetData operation should do some setting date validity-check. For example, whether the SaId specified by setting Data is valid. If the setting date is invalid, EFI_INVALID_PARAMETER should be returned. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19652 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18BaseTools: VPD Tool to allocate VPD region be aligned based on value typeYonghong Zhu
Base on build spec update, ASCII strings(“string”), will be byte aligned, Unicode strings(L”string”) will be two-byte aligned, Byte arrays, {0x00, 0x01} will be 8-byte aligned. This patch is going to update VPD Tool to allocate VOID* PCDs to an offset value that is aligned based in syntax of the PCD value. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19651 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18BaseTools: VOID* PCDs in VPD region must be aligned based on value typeYonghong Zhu
Base on build spec update, ASCII strings(“string”), will be byte aligned, Unicode strings(L”string”) will be two-byte aligned, Byte arrays, {0x00, 0x01} will be 8-byte aligned. This patch is going to halt with an error message if a VOID* PCD has an offset value that is not aligned based on the syntax of the PCD value. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19650 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-18BaseTools: Fix GenPatchPcdTable to support '-' characters in file namesYonghong Zhu
The Regular Expression parsing of lines in MAP files does not currently support the use of '-' in the column for the filename the symbol is sources from, it cause a build break from the GenPatchPcdTable. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19649 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15ShellPkg: Update 'dh' command to reflect correct driver handle informationTapan Shah
'dh' command shows Supported EFI Specification Version value as DriverVersion. Changing it to 'SupportedEfiSpecVersion' to provide more accurate information. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Tapan Shah <tapandshah@hpe.com> Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19648 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15MdeModulePkg:Fix the potential memory leak issue in Display EngineDandan Bi
The MenuOption insert to gMenuOption allocate memory every time,but not free. Now add the code to free it.And for Date/Time,it will create 3 menus,but previously the Description point to the same address,so when free the Description,it will cause issue,now reset the Description pointer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19647 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15SecurityPkg: SecureBootConfigDxe: Fix string typoChao Zhang
Fix secure boot mode transition string typo. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19646 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15SecurityPkg: SecureBootConfigDxe: Enhance secure boot string update logicChao Zhang
ExtractConfig is called many times, so it's not efficient to update Secure Boot STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in ExtractConfig. As these 2 strings are displayed on one form, always update them when opening the form. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19645 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-15SecurityPkg: SecureBootConfigDxe: Change KEY_TRANS_SECURE_BOOT_MODE valueChao Zhang
Change KEY_TRANS_SECURE_BOOT_MODE value, as it conflicts with OPTION_DEL_KEK_QUESTION_ID. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19644 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-14NetworkPkg: Remove DNS QType and QClass definitionJiaxin Wu
This patch is used to remove DNS QType and QClass definition in DnsImpl.h since it will be exposed in NetLib.h. Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19643 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-14MdeModulePkg: Add DNS QType and QClass values definitionJiaxin Wu
This patch is used to add DNS QType and QClass values definition in NetLib.h Cc: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Hegde Nagaraj P <nagaraj-p.hegde@hpe.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19642 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-12NetworkPkg: Fix some typos in Http boot driver.Paulo Alcantara
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Paulo Alcantara <paulo.alc.cavalcanti@hp.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19640 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-12SecurityPkg: TcgDxe,Tcg2Dxe,TrEEDxe: New PCD for TCG event log and TCG2 ↵Chao Zhang
final event log area TCG event log and TCG2 final event log area length can be configurable to meet platform event log requirement. PcdTcgLogAreaMinLen : 0x10000 based on minimum requirement in TCG ACPI Spec 00.37 PcdTcg2FinalLogAreaLen : 0x8000 based on experience value Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19639 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11BaseTools AARCH64: build XIP modules with strict alignmentArd Biesheuvel
GCC for AARCH64 recognizes byte swapping load and store sequences and may replace them with wider loads or stores combined with rev instructions. In some cases (i.e., with GCC version 5 and later) this may result in unaligned accesses, which are not allowed before we turn the MMU on. So build any modules or static libraries that may execute with the MMU off with -mstrict-align. Other modules don't need this switch, so we can remove it from the CLANG35/AARCH64 common CC flags. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19638 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11BaseTools AARCH64: add separate GCC build rule for XIP objectsArd Biesheuvel
This introduces a special .c to .obj build rule for GCC/AARCH64 that takes into account additional compiler flags that have been specified via *_*_*_CC_XIPFLAGS. These will be passed after (and in addition to) the ordinary CC_FLAGS. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19637 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11BaseTools/VfrCompile: honor CC if it is setMichael Thomas
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Thomas <malinka@entropy-development.com> Reviewed-by: Yonghong Zhu <yonghong.zhu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19636 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11SecurityPkg: Clear AuthSession content after use.Yao, Jiewen
Some commands in Tpm2CommandLib accept AuthSession as input parameter and copy to local command buffer. After use, this AuthSession content should be zeroed, because there might be some secrete there. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19635 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11SecurityPkg: Add Tpm2Startup return code check.Yao, Jiewen
Tpm2Startup does not check TPM device return code. It might cause problem, that error is not detected in Tcg2Peim, for example, S3 resume case. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19634 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11SecurityPkg: MOR drivers use Tcg2Protocol instead of TrEE.Yao, Jiewen
The official TCG standard uses Tcg2Protocol, instead of TrEE. We should update TCG driver to use Tcg2Protocol, too. TrEE should be used only for old TrEE implementation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19633 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11MdeModulePkg/NvmExpressDxe: Fix MS toolchain /Od 32bit build failureFeng Tian
Note NVME_ACQ & NVME_ASQ internal data structure are changed to make build pass. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19632 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11MdeModulePkg/UfsBlockIoPei: Fix MS toolchain /Od 32bit build failureFeng Tian
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19631 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11MdeModulePkg: Fix GraphicsConsole driver resolution out of sync issueRuiyu Ni
When the GOP doesn't support the resolution specified by PcdVideoHorizontalResolution and PcdVideoVerticalResolution, the code tries to set the resolution to 800x600 but uses the resolution equals to the PCD when calculating the text print position. The patch fixes the bug by updating the resolution to 800x600 for this case. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19630 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11PcAtChipsetPkg SerialIoLib: Fix VS2010 build errorHao Wu
When overriding compiler options '/GL' with '/GL-', VS2010 will report warning C4701 potentially uninitialized local variable for 'LcrParity' and 'LcrStop' in function SerialPortSetAttributes(). This commit fixes this build issue. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19629 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-11MdeModulePkg BaseSerialPortLib: Fix VS2010 build errorHao Wu
When overriding compiler options '/GL' with '/GL-', VS2010 will report warning C4701 potentially uninitialized local variable for 'LcrParity' and 'LcrStop' in function SerialPortSetAttributes(). This commit fixes this build issue. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19628 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-10StdLib: Fix compilation errors caused by previous commit of daConsole.cDaryl McDaniel
Move functions da_ConFlush and da_ConClose to just before da_ConPoll so that they are defined after any calls to them. Replace da_ConFlush with the actual final implementation instead of the initial version which was committed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Daryl McDaniel <edk2-lists@mc2research.org> Reviewed-by: Michael Zimmermann <sigmaepsilon92@gmail.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19627 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08MdeModulePkg: DeleteLoadOptionVariable() removes Boot####Ruiyu Ni
Change EfiBootManagerDeleteLoadOptionVariable() to not just remove #### from BootOrder but also remove Boot#### variable. The old behavior tries to do less for performance but it leaves unreferenced Boot#### which cannot be reclaimed in variable reclaim operation though the Boot#### will be eventually be overwritten by EfiBootManagerAddLoadOptionVariable(). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19626 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08Refine error handle code, avoid assert when load this module twice.Eric Dong
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19625 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08MdeModulePkg: Update MNP driver to recycle TX buffer asynchronously.Fu Siyuan
This patch updates the MNP driver to recycle TX buffer asynchronously, instead of using a while loop wait after each transmit command. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19624 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08MdeModulePkg: update SNP.GetStatus to handle multiple recycled TX buffer.Fu Siyuan
This patch fixes a bug in SNP.GetStatus() interface. The UNDI driver may return multiple transmitted buffers in a single GetStatus command, while SNP.GetStatus could only return one pointer each time, the rest of them are lost. This patch fixes this issue by store these recycled pointer in a temporary buffer in SNP driver. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19623 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-08SecurityPkg : Tpm2DeviceLibDTpm : Rename TisTpmCommand to avoid name collisionSamer El-Haj-Mahmoud
Change TisTpmCommand to Tpm2TisTpmCommand. Makes function name more clear. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hpe.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19622 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07QuarkPlatformPkg/PlatformSecureLib: Remove redundant GPIO expander configMichael Kinney
Remove GPIO expander configuration actions that are now performed in PEI Phase in PlatformInit module. In order to detect physical presence only the state of the Reset Button needs to be read. Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19621 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07QuarkPlatformPkg/PlatformEarlyInit: Configure GPIO expanderMichael Kinney
Configure GPIO expander in PEI phase 1) Configure all GPIO expander pins connected to Reset Button as inputs 2) Configure multiplexer for I2C to route I2C bus to Arduino Header Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19620 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07QuarkPlatformPkg/PlatformHelperLib: Move PCAL functions for PEI useMichael Kinney
The functions used to manage the PCAL GPIO I2C expander are located in a DXE specific source file. Move these functions to a source file that is common to both the PEI and DXE versions of this library so these GPIO pins can be managed from PEIMs. Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19619 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07QuarkPlatformPkg/PlatformInit: Adjust memory bin size to avoid rebootMichael Kinney
Update memory bin sizes in Memory Type Information on first boot after FLASH update to avoid reboot when memory bins are too small when all features are enabled. Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19618 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07SecurityPkg/Tcg: Fix debug messagesMichael Kinney
Debug messages are using a format strings with %s for a Unicode string, but the strings being printed are ASCII strings and this results in corrupted debug messages. Change the the format string to use %a instead of %s. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19617 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07ShellPkg: Clean-up 'map' command error message handlingTapan Shah
Refactor 'map' command error handling code and add standard error message Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Tapan Shah <tapandshah@hpe.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19616 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07QuarkSocPkg: Remove X64 from SUPPORTED_ARCHITECTURESMichael Kinney
QuarkSocPkg is only for IA32. Remove X64 from SUPPORTED_ARCCHITECTURES in DSC file. Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19615 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07OvmfPkg: execute option ROM images regardless of Secure BootLaszlo Ersek
Change the image verification policy for option ROM images to 0x00 (ALWAYS_EXECUTE). While this may not be a good idea for physical platforms (see e.g. <https://trmm.net/Thunderstrike>), on the QEMU platform the benefits seem to outweigh the drawbacks: - For QEMU's virtual PCI devices, and for some assigned PCI devices, the option ROMs come from host-side files, which can never be rewritten from within the guest. Since the host admin has full control over a guest anyway, executing option ROMs that originate from host-side files presents no additional threat to the guest. - For assigned physical PCI devices with option ROMs, the argument is not so clear-cut. In theory a setup could exist where: - the host-side UEFI firmware (with DENY_EXECUTE_ON_SECURITY_VIOLATION) rejects the option ROM of a malicious physical PCI device, but - when the device is assigned to the guest, OVMF executes the option ROM in the guest, - the option ROM breaks out of the guest (using an assumed QEMU vulnerability) and gains QEMU user privileges on the host. However, in order to escalate as far as it would happen on the bare metal with ALWAYS_EXECUTE (i.e., in order to gain firmware-level access on the host), the malicious option ROM would have to break through (1) QEMU, (2) traditional UID and GID based privilege separation on the host, (3) sVirt (SELinux) on the host, (4) the host OS - host firmware boundary. This is not impossible, but not likely enough to discourage the use cases below. - This patch makes it possible to use unsigned iPXE network drivers that QEMU presents in the option ROMs of virtual NICs and assigned SR-IOV VFs, even if Secure Boot is in User Mode or Deployed Mode. - The change also makes it possible to execute unsigned, outdated (revoked), or downright malicious option ROMs of assigned physical devices in guests, for corporate, entertainment, academia, or security research purposes. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19614 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07OvmfPkg: inherit Image Verification Policy defaults from SecurityPkgLaszlo Ersek
Secure Boot support was originally addded to OvmfPkg on 2012-Mar-09, in SVN r13093 (git 8cee3de7e9f4), titled OvmfPkg: Enable secure-boot support when SECURE_BOOT_ENABLE==TRUE At that time the image verification policies in SecurityPkg/SecurityPkg.dec were: - option ROM image: 0x00 (ALWAYS_EXECUTE) - removable media image: 0x05 (QUERY_USER_ON_SECURITY_VIOLATION) - fixed media image: 0x05 (QUERY_USER_ON_SECURITY_VIOLATION) The author of SVN r13093 apparently didn't want to depend on the SecurityPkg defaults for the latter two image origins, plus the ALWAYS_EXECUTE policy for option ROM images must have been deemed too lax. For this reason SVN r13093 immediately spelled out 0x05 (QUERY_USER_ON_SECURITY_VIOLATION) within OvmfPkg for all three image origins. Fast forward to 2013-Aug-28: policy 0x05 (QUERY_USER_ON_SECURITY_VIOLATION) had been forbidden in the UEFI spec, and SVN r14607 (git db44ea6c4e09) reflected this in the source code: - The policies for the latter two image origins were switched from 0x05 to 0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) in SecurityPkg, - the patch changed the default policy for option ROM images too, from 0x00 (ALWAYS_EXECUTE) to 0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION), - any other client DSC files, including OvmfPkg's, underwent a whole-sale 0x05 (QUERY_USER_ON_SECURITY_VIOLATION) -> 0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) replacement too. The practical result of that patch for OvmfPkg was that the explicit 0x04 settings would equal the strict SecurityPkg defaults exactly. And that's what we have today: the "override the default values from SecurityPkg" comments in OvmfPkg's DSC files are stale, in practice. It is extremely unlikely that SecurityPkg would change the defaults from 0x04 (DENY_EXECUTE_ON_SECURITY_VIOLATION) any time in the future, so let's just inherit those in OvmfPkg. Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19613 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07MdeModulePkg/ScsiDisk: Increase the value of SCSI_DISK_TIMEOUT to 30sFeng Tian
As ScsiDisk and ScsiBus driver are used to manage SCSI or ATAPI devices, the timeout value is updated to 30s to follow ATA/ATAPI spec in which the device may take up to 30s to respond command. The change is used to solve device compatibility issue found with a TEAC DV-W28S-WZ3 slim DVD plus a SONY AccuCORE DVD-R media in which the DVD spends 8s to response READ_CAPACITY cmd after resetting the host machine. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19612 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-07MdeModulePkg/Ide: return correct status when DRQ is not ready for ATAPIFeng Tian
When executing ATAPI cmd at IDE mode, EFI_SUCCESS may be returned wrongly with old logic but in fact DRQ is not ready and the transaction doesn't get executed correctly at this time. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19611 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06Revert "ShellPkg : Add UEFI_APPLICATION module type to ↵Laszlo Ersek
UefiShellInstall1CommandsLib.inf" SVN r19585 broke the OVMF build: > ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf(20): > error 3001: MODULE_TYPE UEFI_DRIVER UEFI_APPLICATION is not supported > for EDK II, valid values are: > BASE SEC PEI_CORE PEIM DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER > DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION USER_DEFINED > SMM_CORE Revert the patch. Reported-by: Laszlo Ersek <lersek@redhat.com> Suggested-by: "El-Haj-Mahmoud, Samer" <samer.el-haj-mahmoud@hpe.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19610 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06NetworkPkg: DnsDxe: fix return type of DnsFillinQNameForQueryIp()Laszlo Ersek
Change the return type of DnsFillinQNameForQueryIp() from (UINT8*) to (CHAR*). This brings the function in sync with both its internal variables and all of its call sites, fixing the following gcc build breakage: > NetworkPkg/DnsDxe/DnsImpl.c: In function 'DnsFillinQNameForQueryIp': > NetworkPkg/DnsDxe/DnsImpl.c:1068:3: error: pointer targets in return > differ in signedness > [-Werror=pointer-sign] > return QueryName; > ^ The code was added in git commit fcae1a99 (SVN r19579). Cc: Subramanian Sriram <sriram-s@hpe.com> Cc: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Ye Ting <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19609 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06ShellPkg: Make 'alias' can display a single alias name.Qiu Shumin
When we run command "alias cat" Shell print out "alias: Too few arguments". This patch makes value of single alias name can be displayed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qiu Shumin <shumin.qiu@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19608 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06ShellPkg: Fix Shell assert when mv a file to a NULL target.Qiu Shumin
When run command 'mv file ' the Shell assert. The patch refined the length of the buffer to fix this bug. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qiu Shumin <shumin.qiu@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19607 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06Rollback the commit because it has potential issue.Dandan Bi
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19606 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06MdeModulePkg: Add error DEBUG statements in ATA passthru driverSamer El-Haj-Mahmoud
DEBUG errors for COMRESET and Port phy not ready. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com> Reviewed-by: Feng Tian <feng.tian@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19605 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06BaseTools: Fix 'caculate' typosHao Wu
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19604 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-06MdeModulePkg: Fix 'accroding' typos in MdeModulePkg.dec/.uniHao Wu
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19603 6f19259b-4bc3-4df7-8a09-765794883524