| Age | Commit message (Collapse) | Author |
|---|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15887 6f19259b-4bc3-4df7-8a09-765794883524
|
|
1. Add a checkpoint to check if an UNI file is a valid UTF-16 file
2. Add a checkpoint to check if a GUID/PPI/PROTOCOL/PCD is in a valid format.
3. Some other minor changes.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15886 6f19259b-4bc3-4df7-8a09-765794883524
|
|
1. Skip the content defined in USER EXTENSION section without raising an error.
2. Wrap os.utime to use two arguments.
3. Add GenFdsCommand for PlatformAutoGen
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15865 6f19259b-4bc3-4df7-8a09-765794883524
|
|
generated or links other libraries.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15864 6f19259b-4bc3-4df7-8a09-765794883524
|
|
source files.
2. If there are sub directories in current module, the corresponding directory in OUTPUT should be created.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Chen, Hesheng <hesheng.chen@intel.com>
Reviewed-by: Feng, Bob C <bob.c.feng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15860 6f19259b-4bc3-4df7-8a09-765794883524
|
|
1. Fix a bug in GenFds for wrongly handling '"' of command line parameter.
2. Provide different input parameter mode for different OS. For Linux, using a list. For Windows, using a string.
3. Remove 3 un-existing function calling.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15847 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yingke Liu <yingke.d.liu@intel.com>
Reviewed-by: Hauch, Larry <larry.hauch@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15844 6f19259b-4bc3-4df7-8a09-765794883524
|
|
system caused by patch at r15816.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15831 6f19259b-4bc3-4df7-8a09-765794883524
|
|
supporting a pure binary build without any complier.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15816 6f19259b-4bc3-4df7-8a09-765794883524
|
|
can’t be larger than 255. There is an OS API provided by Microsoft to add “\\?\” before the path header to support the long file path. Enable this feature on basetools.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hess Chen <hesheng.chen@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15809 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: lhauch <larry.hauch@intel.com>
Fix the behavior of the –version flag in the Rsa2048Sha256 tools and update logic for showing program name, version, usage, and copyright information to match other BaseTools.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15805 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
MdePkg/Include/Guid/WinCertificate.h
=================================
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
//
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
{0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
///
/// WIN_CERTIFICATE_UEFI_GUID.CertData
///
typedef struct {
EFI_GUID HashType;
UINT8 PublicKey[256];
UINT8 Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;
MdePkg/Include/Protocol/Hash.h
=================================
#define EFI_HASH_ALGORITHM_SHA256_GUID \
{ \
0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \
}
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15800 6f19259b-4bc3-4df7-8a09-765794883524
|
|
relocations
- ADR_PREL_LO21: support for loading a PC relative label offset.
- R_AARCH64_CONDBR19: support for conditional branch instruction (ELF64 code: 280).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Harry Liebel <Harry.Liebel@arm.com>
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Yingke Liu <yingke.d.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15745 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15733 6f19259b-4bc3-4df7-8a09-765794883524
|
|
also compatible with old format.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15723 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15686 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming liming.gao@intel.com
Review-by: Kinney, Michael D michael.d.kinney@intel.com
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15685 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15684 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15683 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15682 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Liu, Yingke D (yingke.d.liu@intel.com)
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15605 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15188 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Liu, Jiang A <jiang.a.liu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15089 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14856 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14710 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Heshen Chen <chen.heshen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14591 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13467 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: liming Gao <liming.gao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13464 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Liu Yingke <yingke.d.liu@intel.com>
Reviewed-by: Yurui Zeng <yurui.zeng@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13353 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13178 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: lgao4
Reviewed-by: gikidy
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12883 6f19259b-4bc3-4df7-8a09-765794883524
|
|
includes:
1. Support use expression as DSC file PCD value.
2. Update FDF parser to fix bug to get complete macro value.
3. Fix bug to replace SET statement macro and evaluate SET statement PCD value in FDF file.
4. Fix a bug for MACRO defined in conditional block cannot be processed correctly
Signed-off-by: lgao4
Reviewed-by: gikidy
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12827 6f19259b-4bc3-4df7-8a09-765794883524
|
|
includes:
1. Fix !include issues
2. Fix Trim to skip the postfix 'U' for hexadecimal and decimal numbers
3. Fix building error C2733 when building C++ code.
4. Add GCC46 tool chain definition
5. Add new RVCT and RVCTLINUX tool chains
Signed-off-by: lgao4
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12782 6f19259b-4bc3-4df7-8a09-765794883524
|
|
includes
1. Fix the issue that root directory of disk can’t be used as WORKSPACE.
2. Update AutoGen code style to pass C++ compiler.
Signed-off-by: lgao4
Reviewed-by: jsu1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12676 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: lgao4
Reviewed-by: gikidy
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12602 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: lgao4
Reviewed-by: jsu1
Reviewed-by: ydliu
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12525 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: lgao4
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12379 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: lgao4
Reviewed-by: gikidy
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12372 6f19259b-4bc3-4df7-8a09-765794883524
|
|
BaseTool Branch:
https://edk2-buildtools.svn.sourceforge.net/svnroot/edk2-buildtools/branches/Releases/BaseTools_r2100
Signed-off-by: lgao4
Reviewed-by: hchen30
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12214 6f19259b-4bc3-4df7-8a09-765794883524
|
|
HII_VENDOR_DEVICE_PATH and remove DevicePath.h file."
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12175 6f19259b-4bc3-4df7-8a09-765794883524
|
|
DevicePath.h file.
Signed-off-by: gikidy
Reviewed-by: lgao4
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12174 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: ydong10
Reviewed-by: lgao4
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11768 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Signed-off-by: ydong10
Reviewed-by: lgao4
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11766 6f19259b-4bc3-4df7-8a09-765794883524
|
|
BaseTool Branch:
https://edk2-buildtools.svn.sourceforge.net/svnroot/edk2-buildtools/branches/Releases/BaseTools_r2100
Signed-off-by: lgao4
Reviewed-by: gikidy
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11708 6f19259b-4bc3-4df7-8a09-765794883524
|
|
BaseTool Branch:
https://edk2-buildtools.svn.sourceforge.net/svnroot/edk2-buildtools/branches/Releases/BaseTools_r2100
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11702 6f19259b-4bc3-4df7-8a09-765794883524
|
|
BaseTool Branch:
https://edk2-buildtools.svn.sourceforge.net/svnroot/edk2-buildtools/branches/Releases/BaseTools_r2100
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11640 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11118 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@11057 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10937 6f19259b-4bc3-4df7-8a09-765794883524
|
|
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10915 6f19259b-4bc3-4df7-8a09-765794883524
|
