-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clear fix httpboot #461
base: OpenSSL11_EOL
Are you sure you want to change the base?
Clear fix httpboot #461
Conversation
The ArmGicAcknowledgeInterrupt () returns the value returned by the Interrupt Acknowledge Register and the InterruptID separately in an out parameter. The function documents the following: 'InterruptId is returned separately from the register value because in the GICv2 the register value contains the CpuId and InterruptId while in the GICv3 the register value is only the InterruptId.' This function skips setting the InterruptId in the out parameter for GICv3. Although the return value from the function is the InterruptId for GICv3, this breaks the function usage model as the caller expects the InterruptId in the out parameter for the function. e.g. The caller may end up using the InterruptID which could potentially be an uninitialised variable value. Therefore, set the InterruptID in the function out parameter for GICv3 as well. Signed-off-by: Sami Mujawar <[email protected]> Reviewed-by: Ard Biesheuvel <[email protected]>
Clean up error handling using cascading labels + goto. (port of commit 379b179 + bcab714) Signed-off-by: Pedro Falcato <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Reviewed-by: Hao A Wu <[email protected]>
When a UEFI_DRIVER attempts to open a protocol interface with BY_DRIVER attribute that it already has open with BY_DRIVER attribute, OpenProtocol() returns EFI_ALREADY_STARTED. This is not an error. The UEFI-2.7 spec currently says, > EFI_ALREADY_STARTED -- Attributes is BY_DRIVER and there is an item on > the open list with an attribute of BY_DRIVER > whose agent handle is the same as AgentHandle. Downgrade the log mask for this one condition to DEBUG_INFO, in SataControllerStart(). This will match the log mask of the other two informative messages in this function. (ported from commit 5dfba97) Signed-off-by: Pedro Falcato <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Reviewed-by: Hao A Wu <[email protected]>
ASSERT (Private != NULL) already covers this check. See commit 81310a6. Signed-off-by: Pedro Falcato <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Reviewed-by: Hao A Wu <[email protected]>
ASSERT (Private != NULL) (where Private = CR(...)) is ineffective as CR(Ptr, Type, Member, Sig) either returns Ptr - offsetof(Type, Member), or ASSERTS on the signature, so it's unlikely to ever return NULL (must be passed a pointer = member's offset, or in this case, 0x4). ASSERT on This != NULL instead. Signed-off-by: Pedro Falcato <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Reviewed-by: Hao A Wu <[email protected]>
Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for OvmfPkg{Ia32, X64, Ia32X64} platforms. Tested-by: Gerd Hoffmann <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]>
Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the Microvm platform. Signed-off-by: Pedro Falcato <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>
Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the Bhyve platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]> Acked-by: Peter Grehan <[email protected]> Acked-by: Corvin Köhne <[email protected]>
Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the CloudHv platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>
Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the IntelTdx platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Ard Biesheuvel <[email protected]>
Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the AmdSev platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>
Replace the OVMF-specific SataControllerDxe (to be later removed) with the generic, MdeModulePkg one, for the OvmfXen platform. Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Acked-by: Anthony PERARD <[email protected]>
Now that OvmfPkg/SataControllerDxe and its MdeModulePkg counterpart have been unified, and no in-tree uses of the OVMF variant remain, let's delete it. Tested-by: Gerd Hoffmann <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Signed-off-by: Pedro Falcato <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Reviewed-by: Laszlo Ersek <[email protected]>
…view. As per the SMBIOS spec, in smbios type0 table, if the Bios size is greater than 16MB, extended bios size is used to update size information and bios size is set to 0xff. when this data is printed by smbiosview, both bios size and extended bios size is printed if the smbios version is beyond 3.1, which is incorrect as Bios size is set to 0xff when rom size is more than 16MB. To fix this bug, added a condition to print bios size only when it is not set to 0xff or if the smbios version is older than 3.1. Signed-off-by: Thejaswani Putta <[email protected]> Cc: Ray Ni <[email protected]> Cc: Zhichao Gao <[email protected]> Reviewed-by: Zhichao Gao <[email protected]>
In case ShellConvertStringToUint64() fails the Handles are left uninitialized. That can for example happen for Handle2 and Handle3 in case only one parameter was specified on the command line. Which can trigger the ASSERT() in line 185. Reproducer: boot ovmf to efi shell in qemu, using q35 machine type, then try disconnect the sata controller in efi shell. Fix that by explicitly setting them to NULL in that case. While being at it also simplify the logic and avoid pointlessly calling ShellConvertStringToUint64() in case ParamN is NULL. Signed-off-by: Gerd Hoffmann <[email protected]> Reviewed-by: Zhichao Gao <[email protected]>
Uncrustify checks are too rigid, making them counter-productive: - it leads to code that is arguably harder to parse visually (e.g., the changes to ArmPkg/Include/Chipset/AArch64Mmu.h in commit 429309e) - it forces indentation-only changes to code in the vicinity of actual changes, making the code history more bloated than necessary (see commit 7f19832 for an example) - finding out from the web UI what exactly Uncrustify objected to is not straight-forward. So let's enable AuditMode for ArmPkg, so that interested parties can see the uncrustify recommendations if desired, but without preventing the changes from being merged. This leaves it at the discretion of the ArmPkg maintainers to decide which level of conformance is required. Cc: Leif Lindholm <[email protected]> Cc: "Kinney, Michael D" <[email protected]> Cc: Michael Kubacki <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]> Reviewed-by: Leif Lindholm <[email protected]>
They are useful for those platforms where SMC SiP calls exist. Signed-off-by: Marcin Juszkiewicz <[email protected]> Reviewed-by: Leif Lindholm <[email protected]>
The RISC-V version of the DXE IPL does not implement setting the stack NX, so before switching to an implementation that will ASSERT() on the missing support, drop the PCD setting that enables it. Signed-off-by: Ard Biesheuvel <[email protected]> Reviewed-by: Sunil V L <[email protected]>
Edk2 was failing, rather than creating more PML4 entries, when they weren't present in the initial memory acceptance flow. Because of that VMs with more than 512G memory were crashing. This code fixes that. This change affects only SEV-SNP VMs. The code was tested by successfully booting a 512G SEV-SNP VM. Signed-off-by: Mikolaj Lisik <[email protected]> Acked-by: Gerd Hoffmann <[email protected]> Acked-by: Tom Lendacky <[email protected]>
Xen and bhyve are placing ACPI tables into system memory. So, they can share the same code. Therefore, create a new library which searches and installs ACPI tables from system memory. Signed-off-by: Corvin Köhne <[email protected]> Reviewed-by: Anthony PERARD <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>
This makes the function reuseable by bhyve. Signed-off-by: Corvin Köhne <[email protected]> Reviewed-by: Anthony PERARD <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>
It's much easier to create configuration dependent ACPI tables for bhyve than for OVMF. For this reason, don't use the statically created ACPI tables provided by OVMF. Instead, prefer the dynamically created ACPI tables of bhyve. If bhyve provides no ACPI tables or we are unable to detect those, fall back to OVMF tables. Ideally, we use the qemu fwcfg interface to pass the ACPI tables from bhyve to OVMF. bhyve will support this in the future. However, current bhyve executables don't support passing ACPI tables by the qemu fwcfg interface. They just copy the ACPI into main memory. For that reason, pick up the ACPI tables from main memory. Signed-off-by: Corvin Köhne <[email protected]> Reviewed-by: Rebecca Cran <[email protected]> Acked-by: Peter Grehan <[email protected]> Acked-by: Gerd Hoffmann <[email protected]>
Currently, CharEncodingCheckPlugin prints a message for every file that passes the test, which for some platforms can cause most of the CI build log to be filled with this print. It does not add any value, so this patch removes the noisy print and only prints if the encoding check fails. Cc: Sean Brogan <[email protected]> Cc: Michael Kubacki <[email protected]> Cc: Michael D Kinney <[email protected]> Cc: Liming Gao <[email protected]> Reviewed-by: Michael D Kinney <[email protected]> Reviewed-by: Michael Kubacki <[email protected]> Signed-off-by: Oliver Smith-Denny <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4474 ACPI_Spec_6_5_Aug29 Table 5.19 page 128 that MADT Revision field is 6. Cc: Michael D Kinney <[email protected]> Cc: Liming Gao <[email protected]> Cc: Zhiguang Liu <[email protected]> Cc: Jiewen Yao <[email protected]> Signed-off-by: Aryeh Chen <[email protected]> Reviewed-by: Michael D Kinney <[email protected]> Reviewed-by: Liming Gao <[email protected]> Tested-by: Aryeh Chen <[email protected]>
Implement the SpeculationBarrier with implementations consisting of fence instruction which provides finer-grain memory orderings. Perform Data Barrier in RiscV: fence rw,rw Perform Instruction Barrier in RiscV: fence.i; fence r,r More detail is in Appendix A: RVWMO Explanatory Material in https://github.com/riscv/riscv-isa-manual This API is first introduced in the below commits for IA32 and x64 tianocore/edk2@d9f1cac tianocore/edk2@e83d841 and below the commit for ARM and AArch64 implementation tianocore/edk2@c0959b4 This commit is to add the RiscV64 implementation which will be used by variable service under Variable/RuntimeDxe Cc: Andrei Warkentin <[email protected]> Cc: Evan Chai <[email protected]> Cc: Sunil V L <[email protected]> Cc: Tuan Phan <[email protected]> Signed-off-by: Yong Li <[email protected]> Reviewed-by: Sunil V L <[email protected]>
If there is no port multiplier, PortMultiplierPort should be converted to 0 to follow AHCI spec. The same logic already applied in AtaAtapiPassThruDxe driver. Signed-off-by: Neo Hsueh <[email protected]> Acked-by: Abner Chang <[email protected]> Reviewed-by: Hao A Wu <[email protected]>
RedfishClientPkg is moved from edk2-staging repository to edk2-redfish-client repository. Update the link in Readme.md to new location. Signed-off-by: Nickle Wang <[email protected]> Cc: Abner Chang <[email protected]> Cc: Igor Kulchytskyy <[email protected]> Reviewed-by: Abner Chang <[email protected]>
Supreeth is no longer [email protected]. Therefore, remove the reviewer entry from StandaloneMmPkg. Signed-off-by: Sami Mujawar <[email protected]>
Add Ray, remove Jiewen. Signed-off-by: Ray Ni <[email protected]> Reviewed-by: Sami Mujawar <[email protected]> Reviewed-by: Jiewen Yao <[email protected]>
Currently, have two command for pre-build binary support 1. --BuildEntryOnly: build UPL Entry file 2. --PreBuildUplBinary: build UPL binary based on UPL And these two commands should be exclusived, shouldn't have chance run it in the meantime. Case1: Build UPL entry with CLANGDWARF python UefiPayloadPkg/UniversalPayloadBuild.py --BuildEntryOnly Case2: Use pre-built UPL entry and build other fv by VS2019 python UefiPayloadPkg/UniversalPayloadBuild.py -t VS2019 \ --PreBuildUplBinary UniversalPayload.elf Case3: Build UPL Entry with CLANGDWARF and build other fv by VS2019 python UefiPayloadPkg/UniversalPayloadBuild.py -t VS2019 Cc: Guo Dong <[email protected]> Cc: Ray Ni <[email protected]> Cc: Sean Rhodes <[email protected]> Cc: James Lu <[email protected]> Cc: Gua Guo <[email protected]> Signed-off-by: Gua Guo <[email protected]> Reviewed-by: James Lu <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Yi Li <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
In Pkcs7 spec RFC2315: The IMPLICIT [0] tag in the authenticatedAttributes field is not part of the Attributes value. The Attributes value’s tag is SET OF, and the DER encoding of the SET OF tag, rather than of the IMPLICIT [0] tag, is to be digested along with the length and contents octets of the Attributes value. And this operation is same with Openssl code ``` alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); ``` in PKCS7_signatureVerify API. Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
Signed-off-by: Wenxing Hou <[email protected]>
The before TlsSetCaCertificate use local variable is wrong. Signed-off-by: Wenxing Hou <[email protected]>
dc429a5
to
eb29e61
Compare
mbedtls_ecp_group_id grp_id; | ||
UINT16 *GroupList; | ||
|
||
GroupList = AllocateZeroPool(sizeof(UINT16) * 2); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where to free this pool? I am worried about potential memory leak.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- conf and fd context not free after use too: TlsConn->fd;TlsConn->Conf
- if need to use pools, it is best to add them to Tls context.
mbedtls_ssl_conf_ca_chain((mbedtls_ssl_config *)TlsConn->Ssl->conf, &Crt, NULL); | ||
mbedtls_x509_crt_free(&Crt); | ||
mbedtls_ssl_conf_ca_chain((mbedtls_ssl_config *)TlsConn->Ssl->conf, Crt, NULL); | ||
mbedtls_ssl_conf_cert_profile((mbedtls_ssl_config *)TlsConn->Ssl->conf, &mbedtls_x509_crt_profile_default); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we move mbedtls_ssl_conf_cert_profile() and mbedtls_ssl_conf_sig_algs() to init function?
Change
memcpy
toCopyMem
and changedmalloc
toAllocateZeroPool
.