import edk2-20190829git37eef91017ad-9.el8
This commit is contained in:
commit
6baa27570e
2
.edk2.metadata
Normal file
2
.edk2.metadata
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
c7ca6a13a5f9e7fe8071010c26a11ba41548308b SOURCES/edk2-37eef91017ad.tar.xz
|
||||||
|
cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SOURCES/edk2-37eef91017ad.tar.xz
|
||||||
|
SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
@ -0,0 +1,668 @@
|
|||||||
|
From ac1a0b44df858e53be9e8af499e80a459f0cef16 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||||
|
Date: Tue, 29 Oct 2019 15:43:11 +0000
|
||||||
|
Subject: CryptoPkg/OpensslLib: Update process_files.pl to generate .h files
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- New patch (cherry-picked from upstream, to be dropped at the next
|
||||||
|
downstream rebase).
|
||||||
|
|
||||||
|
- Upstream moved to OpenSSL_1.1.1b (for TianoCore#1089) in release
|
||||||
|
edk2-stable201905. As part of that OpenSSL update, "OpensslLib.inf" and
|
||||||
|
"OpensslLibCrypto.inf" failed to list some new header files.
|
||||||
|
|
||||||
|
- As a part of edk2-stable201908, commit 8906f076de35
|
||||||
|
("CryptoPkg/OpensslLib: Add missing header files in INF file",
|
||||||
|
2019-08-16) fixed up "OpensslLib.inf" and "OpensslLibCrypto.inf" with
|
||||||
|
the missing header files, but did so manually.
|
||||||
|
|
||||||
|
- The present patch (which is going to be released in edk2-stable201911)
|
||||||
|
updates "process_files.pl" to list the subject header files
|
||||||
|
automatically.
|
||||||
|
|
||||||
|
- This patch is being backported primarily in order to keep further
|
||||||
|
backports for the modified files conflict-free. It might also come in
|
||||||
|
handy once we adopt RHEL8's own OpenSSL version (in case we have to
|
||||||
|
re-run "process_files.pl" ourselves).
|
||||||
|
|
||||||
|
There are missing headers added into INF files at 8906f076de35b222a..
|
||||||
|
They are now manually added but not auto-generated. So we update the
|
||||||
|
perl script to enable this feature.
|
||||||
|
Meanwhile, update the order of the .h files in INF files, which are
|
||||||
|
auto-generated now.
|
||||||
|
https://bugzilla.tianocore.org/show_bug.cgi?id=2085
|
||||||
|
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
(cherry picked from commit 9f4fbd56d43054cc73d722c1643659f9741c0fcf)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 103 +++++++++---------
|
||||||
|
.../Library/OpensslLib/OpensslLibCrypto.inf | 96 ++++++++--------
|
||||||
|
CryptoPkg/Library/OpensslLib/process_files.pl | 28 +++++
|
||||||
|
3 files changed, 129 insertions(+), 98 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
index 7432321fd4..dd873a0dcd 100644
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
@@ -34,9 +34,7 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
|
||||||
|
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
|
||||||
|
$(OPENSSL_PATH)/crypto/aes/aes_wrap.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/aria/aria.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/a_digest.c
|
||||||
|
@@ -101,21 +99,12 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/x_sig.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/x_val.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_null.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_posix.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_win.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/async.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/async_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/async_wait.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/b_addr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/b_dump.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/b_sock.c
|
||||||
|
@@ -138,7 +127,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/bss_mem.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/bss_null.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_add.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
|
||||||
|
@@ -170,9 +158,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_srp.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_word.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_x931p.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/buffer/buffer.c
|
||||||
|
$(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
|
||||||
|
@@ -181,7 +166,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/comp/comp_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_api.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_def.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_err.c
|
||||||
|
@@ -190,8 +174,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_ssl.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||||
|
$(OPENSSL_PATH)/crypto/cpt_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/cryptlib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ctype.c
|
||||||
|
@@ -215,8 +197,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/des/set_key.c
|
||||||
|
$(OPENSSL_PATH)/crypto/des/str2key.c
|
||||||
|
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/des/spr.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_check.c
|
||||||
|
@@ -231,7 +211,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_err.c
|
||||||
|
@@ -239,7 +218,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/ebcdic.c
|
||||||
|
$(OPENSSL_PATH)/crypto/err/err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/err/err_prn.c
|
||||||
|
@@ -304,13 +282,11 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/ex_data.c
|
||||||
|
$(OPENSSL_PATH)/crypto/getenv.c
|
||||||
|
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/hmac/hmac.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/init.c
|
||||||
|
$(OPENSSL_PATH)/crypto/kdf/hkdf.c
|
||||||
|
$(OPENSSL_PATH)/crypto/kdf/kdf_err.c
|
||||||
|
@@ -318,13 +294,10 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
|
||||||
|
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
|
||||||
|
$(OPENSSL_PATH)/crypto/lhash/lhash.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
|
||||||
|
$(OPENSSL_PATH)/crypto/md4/md4_one.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
|
||||||
|
$(OPENSSL_PATH)/crypto/md5/md5_one.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/mem.c
|
||||||
|
$(OPENSSL_PATH)/crypto/mem_clr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/mem_dbg.c
|
||||||
|
@@ -339,7 +312,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/modes/ofb128.c
|
||||||
|
$(OPENSSL_PATH)/crypto/modes/wrap128.c
|
||||||
|
$(OPENSSL_PATH)/crypto/modes/xts128.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/o_dir.c
|
||||||
|
$(OPENSSL_PATH)/crypto/o_fips.c
|
||||||
|
$(OPENSSL_PATH)/crypto/o_fopen.c
|
||||||
|
@@ -351,9 +323,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_lib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_xref.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
|
||||||
|
@@ -364,7 +333,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/pem/pem_all.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pem/pem_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pem/pem_info.c
|
||||||
|
@@ -392,7 +360,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
|
||||||
|
@@ -401,7 +368,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/drbg_lib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_egd.c
|
||||||
|
@@ -410,10 +376,8 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_win.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
|
||||||
|
@@ -436,24 +400,18 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/keccak1600.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha256.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha512.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash.c
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sm3/sm3.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sm4/sm4.c
|
||||||
|
$(OPENSSL_PATH)/crypto/stack/stack.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/threads_none.c
|
||||||
|
$(OPENSSL_PATH)/crypto/threads_pthread.c
|
||||||
|
$(OPENSSL_PATH)/crypto/threads_win.c
|
||||||
|
@@ -463,8 +421,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/ui/ui_null.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ui/ui_openssl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ui/ui_util.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||||
|
$(OPENSSL_PATH)/crypto/uid.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/by_dir.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/by_file.c
|
||||||
|
@@ -502,7 +458,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/x_req.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/x_x509.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/x_x509a.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
|
||||||
|
@@ -540,11 +495,57 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/mips_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/des/spr.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||||
|
- $(OPENSSL_PATH)/ms/uplink.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||||
|
$(OPENSSL_PATH)/ssl/bio_ssl.c
|
||||||
|
$(OPENSSL_PATH)/ssl/d1_lib.c
|
||||||
|
$(OPENSSL_PATH)/ssl/d1_msg.c
|
||||||
|
@@ -589,13 +590,13 @@
|
||||||
|
$(OPENSSL_PATH)/ssl/t1_trce.c
|
||||||
|
$(OPENSSL_PATH)/ssl/tls13_enc.c
|
||||||
|
$(OPENSSL_PATH)/ssl/tls_srp.c
|
||||||
|
- $(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||||
|
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||||||
|
$(OPENSSL_PATH)/ssl/statem/statem_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/ssl/packet_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/ssl/ssl_cert_table.h
|
||||||
|
$(OPENSSL_PATH)/ssl/ssl_locl.h
|
||||||
|
$(OPENSSL_PATH)/ssl/record/record.h
|
||||||
|
- $(OPENSSL_PATH)/ssl/ssl_cert_table.h
|
||||||
|
- $(OPENSSL_PATH)/ssl/packet_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||||
|
# Autogenerated files list ends here
|
||||||
|
|
||||||
|
ossl_store.c
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
index 8134b45eda..a1bb560255 100644
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
@@ -33,9 +33,7 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
|
||||||
|
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
|
||||||
|
$(OPENSSL_PATH)/crypto/aes/aes_wrap.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/aria/aria.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/a_digest.c
|
||||||
|
@@ -100,21 +98,12 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/x_sig.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/x_val.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_null.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_posix.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_win.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/async.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/async_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/async/async_wait.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/b_addr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/b_dump.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/b_sock.c
|
||||||
|
@@ -137,7 +126,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/bss_mem.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/bss_null.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_add.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
|
||||||
|
@@ -169,9 +157,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_srp.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_word.c
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_x931p.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/buffer/buffer.c
|
||||||
|
$(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
|
||||||
|
@@ -180,7 +165,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/comp/comp_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_api.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_def.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_err.c
|
||||||
|
@@ -189,8 +173,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_ssl.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||||
|
$(OPENSSL_PATH)/crypto/cpt_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/cryptlib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ctype.c
|
||||||
|
@@ -214,8 +196,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/des/set_key.c
|
||||||
|
$(OPENSSL_PATH)/crypto/des/str2key.c
|
||||||
|
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/des/spr.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_check.c
|
||||||
|
@@ -230,7 +210,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_err.c
|
||||||
|
@@ -238,7 +217,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
|
||||||
|
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/ebcdic.c
|
||||||
|
$(OPENSSL_PATH)/crypto/err/err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/err/err_prn.c
|
||||||
|
@@ -280,7 +258,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/evp_pkey.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/m_md2.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/m_md4.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/m_md5.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/m_mdc2.c
|
||||||
|
@@ -304,13 +281,11 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/ex_data.c
|
||||||
|
$(OPENSSL_PATH)/crypto/getenv.c
|
||||||
|
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/hmac/hmac.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/init.c
|
||||||
|
$(OPENSSL_PATH)/crypto/kdf/hkdf.c
|
||||||
|
$(OPENSSL_PATH)/crypto/kdf/kdf_err.c
|
||||||
|
@@ -318,12 +293,10 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
|
||||||
|
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
|
||||||
|
$(OPENSSL_PATH)/crypto/lhash/lhash.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
|
||||||
|
$(OPENSSL_PATH)/crypto/md4/md4_one.c
|
||||||
|
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
|
||||||
|
$(OPENSSL_PATH)/crypto/md5/md5_one.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/mem.c
|
||||||
|
$(OPENSSL_PATH)/crypto/mem_clr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/mem_dbg.c
|
||||||
|
@@ -338,7 +311,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/modes/ofb128.c
|
||||||
|
$(OPENSSL_PATH)/crypto/modes/wrap128.c
|
||||||
|
$(OPENSSL_PATH)/crypto/modes/xts128.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/o_dir.c
|
||||||
|
$(OPENSSL_PATH)/crypto/o_fips.c
|
||||||
|
$(OPENSSL_PATH)/crypto/o_fopen.c
|
||||||
|
@@ -350,9 +322,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_lib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_xref.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
|
||||||
|
@@ -363,7 +332,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/pem/pem_all.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pem/pem_err.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pem/pem_info.c
|
||||||
|
@@ -399,8 +367,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
|
||||||
|
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/drbg_lib.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_egd.c
|
||||||
|
@@ -409,10 +375,8 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rand/rand_win.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
|
||||||
|
@@ -435,24 +399,18 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
|
||||||
|
$(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/keccak1600.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha256.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sha/sha512.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash.c
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
|
||||||
|
$(OPENSSL_PATH)/crypto/sm3/sm3.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sm4/sm4.c
|
||||||
|
$(OPENSSL_PATH)/crypto/stack/stack.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/threads_none.c
|
||||||
|
$(OPENSSL_PATH)/crypto/threads_pthread.c
|
||||||
|
$(OPENSSL_PATH)/crypto/threads_win.c
|
||||||
|
@@ -462,9 +420,7 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/ui/ui_null.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ui/ui_openssl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/ui/ui_util.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/uid.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/by_dir.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/by_file.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/t_crl.c
|
||||||
|
@@ -501,7 +457,6 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/x_req.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/x_x509.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509/x_x509a.c
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
|
||||||
|
@@ -539,10 +494,57 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/mips_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/des/spr.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||||
|
# Autogenerated files list ends here
|
||||||
|
buildinf.h
|
||||||
|
rand_pool_noise.h
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
index e13c0acb4d..4fe54cd808 100755
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
@@ -144,6 +144,34 @@ foreach my $product ((@{$unified_info{libraries}},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Update the perl script to generate the missing header files
|
||||||
|
+#
|
||||||
|
+my @dir_list = ();
|
||||||
|
+for (keys %{$unified_info{dirinfo}}){
|
||||||
|
+ push @dir_list,$_;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+my $dir = getcwd();
|
||||||
|
+my @files = ();
|
||||||
|
+my @headers = ();
|
||||||
|
+chdir ("openssl");
|
||||||
|
+foreach(@dir_list){
|
||||||
|
+ @files = glob($_."/*.h");
|
||||||
|
+ push @headers, @files;
|
||||||
|
+}
|
||||||
|
+chdir ($dir);
|
||||||
|
+
|
||||||
|
+foreach (@headers){
|
||||||
|
+ if(/ssl/){
|
||||||
|
+ push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
|
||||||
|
+ next;
|
||||||
|
+ }
|
||||||
|
+ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
#
|
||||||
|
# Update OpensslLib.inf with autogenerated file list
|
||||||
|
#
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
159
SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
Normal file
159
SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
Normal file
@ -0,0 +1,159 @@
|
|||||||
|
From bbda3f776bfcdbcb77b82f1f7fd5dafd798d9784 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||||
|
Date: Mon, 21 Oct 2019 15:53:42 +0800
|
||||||
|
Subject: CryptoPkg: Upgrade OpenSSL to 1.1.1d
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- New patch (cherry-picked from upstream, to be dropped at the next
|
||||||
|
downstream rebase).
|
||||||
|
|
||||||
|
- Upstream OpenSSL-1.1.1c contains commit 5fba3afad017 ("Rework DSO API
|
||||||
|
conditions and configuration option", 2019-04-10). This upstream OpenSSL
|
||||||
|
change requires edk2 to #define DSO_NONE explicitly.
|
||||||
|
|
||||||
|
- The present patch (which is going to be released in edk2-stable201911)
|
||||||
|
updates "process_files.pl" to generate "dso_conf.h" with the above
|
||||||
|
macro, and captures the result (i.e. the actual definition of the macro)
|
||||||
|
in the git tree.
|
||||||
|
|
||||||
|
- This patch is being backported primarily for the DSO_NONE macro (OpenSSL
|
||||||
|
in RHEL-8.2.0 is based on OpenSSL-1.1.1c). The patch could also come in
|
||||||
|
handy in case we have to re-run "process_files.pl" ourselves.
|
||||||
|
|
||||||
|
Upgrade openssl from 1.1.1b to 1.1.1d.
|
||||||
|
Something needs to be noticed is that, there is a bug existing in the
|
||||||
|
released 1_1_1d version(894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596),
|
||||||
|
which causes build failure. So we switch the code base to a usable
|
||||||
|
version, which is 2 commits later than the stable tag.
|
||||||
|
Now we use the version c3656cc594daac8167721dde7220f0e59ae146fc.
|
||||||
|
This log is to fix the build failure.
|
||||||
|
https://bugzilla.tianocore.org/show_bug.cgi?id=2226
|
||||||
|
|
||||||
|
Besides, the absense of "DSO_NONE" in dso_conf.h causes build failure
|
||||||
|
in OvmfPkg. So update process_files.pl to generate information from
|
||||||
|
"crypto/include/internal/dso_conf.h.in".
|
||||||
|
|
||||||
|
shm.h and utsname.h are added to avoid GCC build failure.
|
||||||
|
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Cc: Liming Gao <liming.gao@intel.com>
|
||||||
|
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Tested-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 1bcc65b9a1408cf445b7b3f9499b27d9c235db71)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
CryptoPkg/Library/Include/internal/dso_conf.h | 16 ++++++++++++++++
|
||||||
|
CryptoPkg/Library/Include/sys/shm.h | 9 +++++++++
|
||||||
|
CryptoPkg/Library/Include/sys/utsname.h | 9 +++++++++
|
||||||
|
CryptoPkg/Library/OpensslLib/openssl | 2 +-
|
||||||
|
CryptoPkg/Library/OpensslLib/process_files.pl | 17 +++++++++++++++--
|
||||||
|
5 files changed, 50 insertions(+), 3 deletions(-)
|
||||||
|
create mode 100644 CryptoPkg/Library/Include/sys/shm.h
|
||||||
|
create mode 100644 CryptoPkg/Library/Include/sys/utsname.h
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||||
|
index e69de29bb2..43c891588b 100644
|
||||||
|
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||||
|
+++ b/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||||
|
@@ -0,0 +1,16 @@
|
||||||
|
+/* WARNING: do not edit! */
|
||||||
|
+/* Generated from crypto/include/internal/dso_conf.h.in */
|
||||||
|
+/*
|
||||||
|
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
+ * this file except in compliance with the License. You can obtain a copy
|
||||||
|
+ * in the file LICENSE in the source distribution or at
|
||||||
|
+ * https://www.openssl.org/source/license.html
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifndef HEADER_DSO_CONF_H
|
||||||
|
+# define HEADER_DSO_CONF_H
|
||||||
|
+# define DSO_NONE
|
||||||
|
+# define DSO_EXTENSION ".so"
|
||||||
|
+#endif
|
||||||
|
diff --git a/CryptoPkg/Library/Include/sys/shm.h b/CryptoPkg/Library/Include/sys/shm.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..dc0b8e81c8
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/Include/sys/shm.h
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+/** @file
|
||||||
|
+ Include file to support building the third-party cryptographic library.
|
||||||
|
+
|
||||||
|
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <CrtLibSupport.h>
|
||||||
|
diff --git a/CryptoPkg/Library/Include/sys/utsname.h b/CryptoPkg/Library/Include/sys/utsname.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..dc0b8e81c8
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/Include/sys/utsname.h
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+/** @file
|
||||||
|
+ Include file to support building the third-party cryptographic library.
|
||||||
|
+
|
||||||
|
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <CrtLibSupport.h>
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
index 4fe54cd808..bbcfa0d0e7 100755
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
@@ -2,7 +2,7 @@
|
||||||
|
#
|
||||||
|
# This script runs the OpenSSL Configure script, then processes the
|
||||||
|
# resulting file list into our local OpensslLib[Crypto].inf and also
|
||||||
|
-# takes a copy of opensslconf.h.
|
||||||
|
+# takes copies of opensslconf.h and dso_conf.h.
|
||||||
|
#
|
||||||
|
# This only needs to be done once by a developer when updating to a
|
||||||
|
# new version of OpenSSL (or changing options, etc.). Normal users
|
||||||
|
@@ -106,6 +106,14 @@ BEGIN {
|
||||||
|
) == 0 ||
|
||||||
|
die "Failed to generate opensslconf.h!\n";
|
||||||
|
|
||||||
|
+ # Generate dso_conf.h per config data
|
||||||
|
+ system(
|
||||||
|
+ "perl -I. -Mconfigdata util/dofile.pl " .
|
||||||
|
+ "crypto/include/internal/dso_conf.h.in " .
|
||||||
|
+ "> include/internal/dso_conf.h"
|
||||||
|
+ ) == 0 ||
|
||||||
|
+ die "Failed to generate dso_conf.h!\n";
|
||||||
|
+
|
||||||
|
chdir($basedir) ||
|
||||||
|
die "Cannot change to base directory \"" . $basedir . "\"";
|
||||||
|
|
||||||
|
@@ -249,12 +257,17 @@ rename( $new_inf_file, $inf_file ) ||
|
||||||
|
print "Done!";
|
||||||
|
|
||||||
|
#
|
||||||
|
-# Copy opensslconf.h generated from OpenSSL Configuration
|
||||||
|
+# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
|
||||||
|
#
|
||||||
|
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
|
||||||
|
copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
|
||||||
|
$OPENSSL_PATH . "/../../Include/openssl/") ||
|
||||||
|
die "Cannot copy opensslconf.h!";
|
||||||
|
+print "Done!";
|
||||||
|
+print "\n--> Duplicating dso_conf.h into Include/internal ... ";
|
||||||
|
+copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
|
||||||
|
+ $OPENSSL_PATH . "/../../Include/internal/") ||
|
||||||
|
+ die "Cannot copy dso_conf.h!";
|
||||||
|
print "Done!\n";
|
||||||
|
|
||||||
|
print "\nProcessing Files Done!\n";
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,613 @@
|
|||||||
|
From 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 11 Jun 2014 23:33:33 +0200
|
||||||
|
Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- trivial context update (performed silently by git-cherry-pick) for
|
||||||
|
upstream commit 3207a872a405 ("OvmfPkg: Update DSC/FDF files to consume
|
||||||
|
CSM components in OvmfPkg", 2019-06-14)
|
||||||
|
|
||||||
|
- A note for the future: the logo could change completely in a subsequent
|
||||||
|
rebase. See <https://bugzilla.tianocore.org/show_bug.cgi?id=2050> (in
|
||||||
|
CONFIRMED status at the time of writing).
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The
|
||||||
|
OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace
|
||||||
|
obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The
|
||||||
|
ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg:
|
||||||
|
Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14).
|
||||||
|
|
||||||
|
Consequently, because the NetworkPkg iSCSI driver requires OpenSSL
|
||||||
|
unconditionally, as explained in
|
||||||
|
<https://bugzilla.tianocore.org/show_bug.cgi?id=1278#c3>, this patch now
|
||||||
|
builds LogoOpenSSLDxe unconditionally, squashing and updating previous
|
||||||
|
downstream commits
|
||||||
|
|
||||||
|
- 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo
|
||||||
|
(RHEL only)
|
||||||
|
- 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only)
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove
|
||||||
|
incorrect comments.", 2018-02-28)
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- After picking previous downstream-only commit 32192c62e289, carry new
|
||||||
|
upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing
|
||||||
|
dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to
|
||||||
|
"LogoOpenSSLDxe.inf".
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- For more fun, upstream completely changed the way logo bitmaps are
|
||||||
|
embedded in the firmware binary (see for example commit ab970515d2c6,
|
||||||
|
"OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this
|
||||||
|
rebase, we reimplement the previous downstream-only commit e775fb20c999,
|
||||||
|
as described below.
|
||||||
|
|
||||||
|
- Beyond the new bitmap file (which we preserve intact from the last
|
||||||
|
downstream branch), we introduce:
|
||||||
|
|
||||||
|
- a new IDF (image description file) referencing the new BMP,
|
||||||
|
|
||||||
|
- a new driver INF file, referencing the new BMP and new IDF (same C
|
||||||
|
source code though),
|
||||||
|
|
||||||
|
- a new UNI (~description) file for the new driver INF file.
|
||||||
|
|
||||||
|
- In the OVMF DSC and FDF files, we select the new driver INF for
|
||||||
|
inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they
|
||||||
|
both make use of OpenSSL (although different subsets of it).
|
||||||
|
|
||||||
|
- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE,
|
||||||
|
because the ArmVirtQemu platform does not support TLS_ENABLE yet.
|
||||||
|
|
||||||
|
- This patch is best displayed with "git show --find-copies-harder".
|
||||||
|
|
||||||
|
Notes about the d7c0dfa -> 90bb4c5 rebase:
|
||||||
|
|
||||||
|
- squash in the following downstream-only commits (made originally for
|
||||||
|
<https://bugzilla.redhat.com/show_bug.cgi?id=1308678>):
|
||||||
|
|
||||||
|
- eef9eb0 restore TianoCore splash logo without OpenSSL advertisment
|
||||||
|
(RHEL only)
|
||||||
|
|
||||||
|
- 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure
|
||||||
|
Boot (RH only)
|
||||||
|
|
||||||
|
The reason is that ideas keep changing when and where to include the
|
||||||
|
Secure Boot feature, so the logo must be controllable directly on the
|
||||||
|
build command line, from the RPM spec file. See the following
|
||||||
|
references:
|
||||||
|
|
||||||
|
- https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html
|
||||||
|
- https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html
|
||||||
|
- https://bugzilla.redhat.com/show_bug.cgi?id=1323363
|
||||||
|
|
||||||
|
- This squashed variant should remain the final version of this patch.
|
||||||
|
|
||||||
|
Notes about the c9e5618 -> b9ffeab rebase:
|
||||||
|
- AAVMF gained Secure Boot support, therefore the logo is again modified
|
||||||
|
in the common location, and no FDF changes are necessary.
|
||||||
|
|
||||||
|
Notes about the 9ece15a -> c9e5618 rebase:
|
||||||
|
- Logo.bmp is no longer modified in-place; instead a modified copy is
|
||||||
|
created. That's because AAVMF includes the logo too, but it doesn't
|
||||||
|
include OpenSSL / Secure Boot, so we need the original copy too.
|
||||||
|
|
||||||
|
Because we may include the OpenSSL library in our OVMF and AAVMF builds
|
||||||
|
now, we should advertise it as required by its license. This patch takes
|
||||||
|
the original TianoCore logo, shifts it up by 20 pixels, and adds the
|
||||||
|
horizontally centered message
|
||||||
|
|
||||||
|
This product includes software developed by the OpenSSL Project
|
||||||
|
for use in the OpenSSL Toolkit (http://www.openssl.org/)
|
||||||
|
|
||||||
|
below.
|
||||||
|
|
||||||
|
Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24
|
||||||
|
Logo.bmp: PC bitmap, Windows 3.x format, 193 x 58 x 8
|
||||||
|
|
||||||
|
Downstream only because upstream edk2 does not intend to release a
|
||||||
|
secure-boot-enabled OVMF build. (However the advertising requirement in
|
||||||
|
the OpenSSL license,
|
||||||
|
"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed
|
||||||
|
nonetheless, which is why I'm changing the logo.)
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b)
|
||||||
|
(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be)
|
||||||
|
(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3)
|
||||||
|
(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d)
|
||||||
|
(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849)
|
||||||
|
---
|
||||||
|
ArmVirtPkg/ArmVirtQemu.dsc | 2 +-
|
||||||
|
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +-
|
||||||
|
ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +-
|
||||||
|
MdeModulePkg/Logo/Logo-OpenSSL.bmp | Bin 0 -> 156342 bytes
|
||||||
|
MdeModulePkg/Logo/Logo-OpenSSL.idf | 15 +++++++
|
||||||
|
MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 61 +++++++++++++++++++++++++++
|
||||||
|
MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 22 ++++++++++
|
||||||
|
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgIa32.fdf | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgX64.fdf | 2 +-
|
||||||
|
13 files changed, 107 insertions(+), 9 deletions(-)
|
||||||
|
create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp
|
||||||
|
create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf
|
||||||
|
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
|
||||||
|
|
||||||
|
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
index 7ae6702ac1..a3cc3f26ec 100644
|
||||||
|
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
@@ -364,7 +364,7 @@
|
||||||
|
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||||
|
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
|
||||||
|
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
|
||||||
|
- MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
MdeModulePkg/Application/UiApp/UiApp.inf {
|
||||||
|
<LibraryClasses>
|
||||||
|
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||||
|
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||||
|
index 31f615a9d0..57f2f625fe 100644
|
||||||
|
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||||
|
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||||
|
@@ -176,7 +176,7 @@ READ_LOCK_STATUS = TRUE
|
||||||
|
#
|
||||||
|
# TianoCore logo (splash screen)
|
||||||
|
#
|
||||||
|
- INF MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
# Ramdisk support
|
||||||
|
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||||
|
index 3b0f04967a..27e65b7638 100644
|
||||||
|
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||||
|
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||||
|
@@ -348,7 +348,7 @@
|
||||||
|
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||||
|
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
|
||||||
|
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
|
||||||
|
- MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
MdeModulePkg/Application/UiApp/UiApp.inf {
|
||||||
|
<LibraryClasses>
|
||||||
|
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||||
|
diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29
|
||||||
|
GIT binary patch
|
||||||
|
literal 156342
|
||||||
|
zcmeI5d(>~$xW~&aw_M64<QfWz7#dP?t3($>NYZ7LkVerMIgB$pYT%5)88Oa?KguvP
|
||||||
|
zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY
|
||||||
|
zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l
|
||||||
|
zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12
|
||||||
|
zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo*
|
||||||
|
z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t
|
||||||
|
z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw
|
||||||
|
z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8
|
||||||
|
zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&n<tedLa%?xslom<X-FfGo
|
||||||
|
z|N7Uz;zQR$QEQ9?GD3Gi=7I|@pfCK+KmYs#4?Hjq5uDk6`|VNq*T4RC_0?DJzyJQK
|
||||||
|
zsC})Wq6;y((@r~m>s#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a?
|
||||||
|
zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE
|
||||||
|
z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb
|
||||||
|
zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK
|
||||||
|
zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI
|
||||||
|
zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W)
|
||||||
|
ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN
|
||||||
|
z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5&
|
||||||
|
z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc
|
||||||
|
z(W5B_Snb5D<<krM8Rdr0QJ*T%G?&$9Kl|Aaedt5q{N^`bbkRjt=pxTd#b-YA8EUQl
|
||||||
|
zKchfbq0T+_*u#B>LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2`
|
||||||
|
zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC
|
||||||
|
z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr
|
||||||
|
zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O
|
||||||
|
ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_<AJw{W#8P-F
|
||||||
|
zCZ+ter#+36>Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm
|
||||||
|
zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y
|
||||||
|
z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn<x8h_IHKi^H{SS?OD<7Pl&u5c1iZic)vw55
|
||||||
|
zPYCS8DxE<E)W+zbHi&JlM^g+iInTa(VydW{U!X0uhR=omt+(FFeX!eo+~Xc+g)Z`x
|
||||||
|
zdj8N=)=t4F&^=~kG;gb}a*}(FCaQITC`z4#i;q6~=*up<jJqdTY_rWab6qT>7Jr_#
|
||||||
|
zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT
|
||||||
|
zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL
|
||||||
|
z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7
|
||||||
|
zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9
|
||||||
|
zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO
|
||||||
|
zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44<v6$8atncWoEpM%TfyD5
|
||||||
|
zOKl<QH-<r@2>UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ
|
||||||
|
zZ)HZA9HQN?fBowS=bd-nQAZucL<BNN<e-BNlK!B=7$Y*peh}MQkER%4wG*?Jk9!5$
|
||||||
|
za=YO(`jIg>9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT
|
||||||
|
zMP`<n_i+x3u2}-%qy?KI2ieQE8H)@%t3@GJQLXK^+fEA9!X?Qg9Y7gIU_L>$;+{w6
|
||||||
|
zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts
|
||||||
|
zL;~R<E6L(oPAf#^!mHl--`*n_trZ3-svVA^Ip*035tJEaa=!3|FC2E*VF<?^cN{an
|
||||||
|
zpZw$}k$H$uzVrtb#u$+)_Ji2gdNjoVtDTs&eB3M0mfH=V(T|M5>A-VBcb3QU(O`l6
|
||||||
|
zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e
|
||||||
|
zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3<H!}
|
||||||
|
zOgDezBOgJQ@<<0zX6g9rU;p~pgk<J_zx&<qN?y8jDNh()@{*U}8|xq9T7^bKwH~n|
|
||||||
|
zXWMPJ?Y8KgL4^VYSF8z9zcvi0+bE*cMlA5;4GMOE>HMf%xC9#(>mO=IFj^}NHV#Lj
|
||||||
|
z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt
|
||||||
|
zeC{#^7{V<qOo9rSOuO{bOX-pOULeo<hfja{(=J^*1?~;O)IW6+y5!tu#Iq31@hO~3
|
||||||
|
zI7SRYrl&O{C>ZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb
|
||||||
|
zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y
|
||||||
|
z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A
|
||||||
|
zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH
|
||||||
|
z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q
|
||||||
|
z#U5^JZ4<b$t--qHc9p*$iO#Qj2f3KD%!onr@|V9{>wkHy#0}}mC!ZV}nnU^RZ+|=Y
|
||||||
|
zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg|
|
||||||
|
zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz
|
||||||
|
z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~<Y{if>z)>P3#
|
||||||
|
z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+<gohY|!t!t&VqcB%E2zeG7{rS&-E|$&A
|
||||||
|
zRTB%*&a<BNEN1AqDOiZk)nlLW-p=>98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3
|
||||||
|
z<ZvD3hF6+V9#ePS(OC^gfeB*%0MAbg)*WoKr-?u!kO(9Ki9jNd2qXfDKq8O`Bm#**
|
||||||
|
zB9I8o3j*^!p))T|r_psDfqQG*va*mB>-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq
|
||||||
|
zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1
|
||||||
|
zxc%S<KgjCC1qR8yFA-U2{Vn`qvGClFie8IFrjr)%tnm{2=r>hrZ`6<0RHgQodrAoh
|
||||||
|
zSgFbiHWu-)l-PgPQu`<dRrqrq-s8s$rTEic{^Z79@#o0g;&op=SNPLN_FA@n!=*+?
|
||||||
|
zDB|xddq34N2I_`R4OKfVWC~c?-(29YpLt&li<Eg&*GVUx#G5Nv*-lcX3d@bIN#Fb0
|
||||||
|
zQEpq{?RT^o-vc0nH9Vtx4RC7Xw(U%#3-Zc;X2wY7mi8}y`3rA*P?7iitvoODi?70Q
|
||||||
|
zk%V}#Vs|Jlk~I(tgDi;yipIBBWO)iq3V&j<{dE;uY%5@@`z!i|LXlG>y9%`-LB*)t
|
||||||
|
z0JfJO;vrk<L$v7JBGX9=Xf|GAZ#xK$H|j@gXg1z*&)??qN4GEne;CG_Rv;<Nsuk96
|
||||||
|
z_I?zDn>hX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgB<FFE9q`noa{%J1h_i
|
||||||
|
zSlZuQ;BSZcQxUM`opT8MStqY4@S8si%Z;u@{HFs43mj<vnAm^aAe)Uw?Op?%#<*=*
|
||||||
|
zZge5`RIgdkcTBiiGoIu7gV5yN6#O|1L=bC5IUX!`M+!07a5Y*(9{lzSI@4hi{lSQn
|
||||||
|
zgI`w}RIsU{FEKf&Qz$fsM0CCZY>gk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD
|
||||||
|
zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Q<b
|
||||||
|
zsMA2z4y$63Y=3is8xgLBZjr+pt4A4~kzJb(99~t!i$vfrZfN2kST-89du?!P<F;YB
|
||||||
|
z(FJ3LfCF)Qm&l!0GDZd7tn~i(zn}Ni#LOtW3$j)#YPcG!jQRG88kz!==xX$q36^+L
|
||||||
|
z%bz*_{7TV!?6u@Vp)n+)^9^7J`C-C`qWNB*tYaaX=)S~0mQp3Yku!d>p|I9?%YE^}
|
||||||
|
zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc
|
||||||
|
z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$
|
||||||
|
zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG
|
||||||
|
zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ
|
||||||
|
z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY
|
||||||
|
zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf
|
||||||
|
z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;<eqg*5#u10HPzP%#L
|
||||||
|
zQ()3?FZ#e_HxmwX{`r-n_1L21LZLAvgn()_faOs3GEdRa-JbO3k~#P-fW}Mg?>4>S
|
||||||
|
zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl>
|
||||||
|
z7^rJH4OAO`j``+-dZ#@M60IS}<JIU|G%^J^y!n^Qxjym7CvR!UZ{lw>YFFFf)W&VY
|
||||||
|
za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R)
|
||||||
|
zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y
|
||||||
|
zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp
|
||||||
|
zKFQt>Vbm<Ux`o0el8ugF)~`ZFGk&UL4AeE92C5A|$9!|axFPVI(;w*|iRE~_8eNM<
|
||||||
|
zrT~ZUZ!%$LBfO}dN6$(&8g<9p;MB%#!*Zhwb`k*x;#3L49-C4iKYl>=t6%*pub_){
|
||||||
|
zCA$l<)_b;6)NnQ0<R*s6gqR~aetU%+8l3_YYW1E+jF8pv`IQJ1UEuzkm!JLHil6$3
|
||||||
|
zLL94&At3}*s{t%Uz06a1B0K&3O9+jX?$;cmiN;Ip?>4>SzuFu1i70ta6~A`DdXC=j
|
||||||
|
zVqk`4D7>weC&k1#JZWL!jy<uUMxErF8jNEmD0xQD`W_yP*emNer>LuB?XwXz%QkDF
|
||||||
|
zYqrr5PP5vlI>ta<(`lgE@N@8+3#<j?Z?p*F7|=WcW9@+^Vd--B$Tqqrh_s&q9InuO
|
||||||
|
zW86ldW8TECWTR1cya7&a++w_8xzPnXiGXpYZWzgo=PkF~lEpbpo=D*v-}naPU}ath
|
||||||
|
z`n9ip%}ERH0y(v_m7<2LHia<e+bgI|he_=`8vMG-ph5&8b|=ccI>4^wr`@sI7!sJZ
|
||||||
|
zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6
|
||||||
|
zsm0{}`|r=14;<iOB^)7z_z461*{#cMAoJ+84`K9LcGDKRX342_gd$=$o^&x@i%)fo
|
||||||
|
zfx4m7MYa1;k_gL~?<w$<@03$cA?9VM@TCT(EHw#0FM5w`t!skF`&og*3*%t~F0rnT
|
||||||
|
z%*32u>04_w9-uBbSZj=1wN<lBX`>7F69<S`8Ogv7dVc3J@g`)t#THvwlN$?i$afAx
|
||||||
|
zJXj=aXRE3-T(wQ^$8m-+?;He<BY}?J(>NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+
|
||||||
|
zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV
|
||||||
|
zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B
|
||||||
|
zp7K{7GJLB2)HbE_<iuQ=T@??f{)9o>`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE
|
||||||
|
z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K%
|
||||||
|
zc<qSR@(0Y#L-BlgvWhmRt3F+=IYD%Rf0Tqi&J#HEWVZL9^tRQT*;{=~=G<Bv)8aa-
|
||||||
|
zlTfd-hdw)=2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q
|
||||||
|
z0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**
|
||||||
|
zB9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`
|
||||||
|
zBm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(P$0lJ{_>XytO^3f
|
||||||
|
zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW
|
||||||
|
zvK_w54ib*s{pCdx<x~Ir<7gg#)M1ScwTsR@`}C7e)OOZs|6@4{OP4Oa_R1?RyYPbc
|
||||||
|
zhT5$+--ssL_19djJ;F`bU&mfKWG-E@<gUew?^tx3wma{*BMKyygEe<Kg*icB>`+U+
|
||||||
|
zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK
|
||||||
|
zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_ga<bby^J7Q&qT
|
||||||
|
ziV>B`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g
|
||||||
|
zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5<Ha3eBxHw&!B4z<)v
|
||||||
|
z1QLM)0iT5MDWR^&*Mw_9`6v_rt|I?JzT#r&a#s9HMa_-C-Eb}>vhUWL{rld#LnSaW
|
||||||
|
zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgM<J9r<8$mhZ!wxSe=iM!dP
|
||||||
|
zzkCI2L+;e2U4coXRAG-AITXSB)TL3G;*tQ2m?D!L>ChaRR3Q`NWYVa52T-<54&6jk
|
||||||
|
z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi<G
|
||||||
|
zWFn9Vj77jF60B<e?S{bSU(U&q{LA^w#`!Fv*kech3sXP=jSV&Ui*ud{5GV=#y*A$j
|
||||||
|
zvyce<i&^&Mvqy)y5fs=%A~XR{5f?98wv-~c+nt4X=mq2}@}lGDV-}V{P2@#gQ830K
|
||||||
|
zBkEFwpR`C37D!^5e5jDtMSLW2OzyEKiCOqmb;+SojL;%7MOelZT~i0i#4&Q%C{<sO
|
||||||
|
zvBQtLY`Dt)1AFdl9jaiHq|Cza)Wsk=>}i57aDByd`it`*14L?zOuC7O<Up?iP>`Zb
|
||||||
|
zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6
|
||||||
|
zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=|
|
||||||
|
zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQ<UNc
|
||||||
|
zq=^DVi8ELrX`aOnKQTK3U7)Af!E<nsaazP}?9h<%k<Gs}ho2N-AG0)s9rUS=Sv*96
|
||||||
|
z_!m<&jbpGj)#WgIoYW<RDl@KxUooOGnFu5TV-fIq#CawDHQN>fr!>mb@vk@wzKEOR
|
||||||
|
zUl^giiGN`YjEEEA6vzVN5F<bqVl?a^Ll%l0QNY`odEuoq@h?SKfKwE5sxH(+5nY2{
|
||||||
|
zsD*v<v4DLjTlypc2QFrh49#JLQZ$7gyoPZ~$su3Ni)9?ZAjWY_b@7wdQAUl6oOEaf
|
||||||
|
zfgE&@+2fLZkg^&=4GWSXN@RS-INqwFWa_FG{*aFwvPP*Kzz$u2<*BFxs_wHVM_92(
|
||||||
|
z2Ytwz9^sxaVb3K^K4?F7sHI*akO&kA_(bBgcjW8%*TU5E51hc-AOg!0X2rkI1QZON
|
||||||
|
z5veIE#2{P%(ZCK+344-o4Q$9B>LCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6
|
||||||
|
zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc<P_9y!4YSy!AzGmqSi?Ouu_F?MQZXVQs7^1?
|
||||||
|
zN6mbPH8o0qb+telC(*%4O7RD5vB{o%TBIQupGHN^7^JRyhcznV8_KB3Np2~~CkKD%
|
||||||
|
z8p`T5nV97wjVTWsgknTxG7(4w#v<SoiF3^J4@KnbB+6n65lU^38YeuO;#u}Ob+uO}
|
||||||
|
zrL*E+g=R1UG$8_os-P0`B|uVe4L9c8M6*YRJ0v^)g{QCpPsth%u%V2@=z{<P_MslA
|
||||||
|
z8G}?OhaW*Stb_oYlSwTlR}?O%A?O&ogbnE(eTM<9jDRu~RhMM3en3gwpcNTJUtv3$
|
||||||
|
zw53e;Vq5k!M?=a-hiPbx$j*#)o(e9TnWGSK!@{_PGG=3sP(Y0z_^3Pbb0#ZPpHaA{
|
||||||
|
zzu*RdGYa81cBrLZB9I6a2>3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox
|
||||||
|
z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`<Kx(5PUL1d36lzLD0@c(#-S!%H%
|
||||||
|
zU>V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@
|
||||||
|
z;@R>q?8C{=X3m9KyurT&nC9F<fP!Zt$|Xw*&UN=wm>PkxLoM|ZfkdD{z-Jwk38Gqf
|
||||||
|
zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZs<UH63%W?JlP<
|
||||||
|
zCkPZHDwByoA}|(#IXMHTH!?F*IkZi0J!`HG1jY`v)Jp^sfdT=apgiX0!48uK+ALcj
|
||||||
|
zA7!FcG}(x7wMX!#9Mp(UiE6tWu_~F`6WF@-6xLh>iV>B`L?96ui-1pi)&}t0pQmuO
|
||||||
|
zjkyJsVOUM<GMP{aPNG(uQqU7BO*JrM;MP-Ea}gLj)KV`INCXN5eA>gmwe@7qN10I9
|
||||||
|
zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q
|
||||||
|
z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{
|
||||||
|
zrxeR<HJ#WhYSF8<OT~!FWFn9Vj77j_9rFxCzNXr)5Ff0Wd3yzHPQkx~%q;BHCK9)A
|
||||||
|
zQGn}t5{MdWV43A`5d=ytLU>A9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH
|
||||||
|
zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$
|
||||||
|
zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW)
|
||||||
|
z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw
|
||||||
|
z3l@f;rKYP((H5Gr$(|rLmcp<mdN*WceBjS9dShygKx7c5d9x5qeCYIYCG^^;jy34A
|
||||||
|
z;7VB4trSJ>6r6t4$t%^Y9|aV;zhXpXG7(4w#v<U;Y0l%{IMwSp2Md%I^AE(oS^x)&
|
||||||
|
zwfPq{Ht5g%E27k2izosmhpPf4NTz7fi|S}dy@r3`Ww9rJBxWcq*ep6R{-qbRE;lH`
|
||||||
|
z2v;wBhQ!sJ_Sh`?h-Iiy3~Qc6fKRnKQ>;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_
|
||||||
|
z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C
|
||||||
|
zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk
|
||||||
|
zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y
|
||||||
|
zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA
|
||||||
|
zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr=
|
||||||
|
zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W
|
||||||
|
z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK<i8w#Q2)WYbaoUR{YBqMYY&_
|
||||||
|
z{sGQaTM#;z83Pyv*j#-<$HWcsnd6{B!qvtvM#?B_A~;&;Wl0Q5M^x*%f*9U*`8UpK
|
||||||
|
zK;OMT)>>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_
|
||||||
|
zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO
|
||||||
|
z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPT<Xx3#lMaCx0rvJ
|
||||||
|
zZTvfO{=qRROzP)v^a7gm!!+@u_b@UX%GMkIN^NldLGdq>zaT>uOf~q|a}+cx{*6-y
|
||||||
|
z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB
|
||||||
|
zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<<Tq+<(2pX33R^wk3;8R^)jD`d{
|
||||||
|
zsOl&<)EyuHs;>AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9
|
||||||
|
zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^
|
||||||
|
zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095
|
||||||
|
zOig9PT5<lDYXhyY;js1yY?1nHRz@ZVRHhPvL|`-mJ`b5LAhvC9DC@;KB0KgL#C=NY
|
||||||
|
ztH8EAQWzQkcGo{(ABKfk;X8<uj&xfjD5eO7?)o$FGDSF0RP>`Z>N@_#zD%)aez~YZ
|
||||||
|
z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{
|
||||||
|
z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r
|
||||||
|
zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^
|
||||||
|
zg<d)aMb=iH4Z;=UP{pbyQ<{k68(BWqf<q~SL)l<esF@#iBeSCqmFow~6Yx6jritP=
|
||||||
|
zIiNC?2qXfd5%9SLahPzS+PG<L1ACOAHi)vlnfq*fjDTgx4pM`*@T67+$HcRcBeZKZ
|
||||||
|
zswiJZ{4NW)QZy>damB9JKZs<hjwS?6U22J5DI!1CqD8uoCi$`nJFB_K%aq1m#K&U2
|
||||||
|
zp{qO67NAAg(`<+U3zGvann1}cnuzlcu`V(di-&tsz$`^<zHD^O%GJ?hEfo`iL|_sD
|
||||||
|
zpY8DvD<b(u8RhxoU&X(o!pL0qP=a_?+!y(m*;^(VM3>s5qfIuEVafQ{8IFHZ(DOQ1
|
||||||
|
zL2xbpxXzOgb_Q=@TibU<H4QI=o0TO*-c;0CC=^M8Py$ah2~Hi2qC@N)X9Eg86{Qwa
|
||||||
|
z6XsudInuQ1dOiWQZmI1n+%B9XIXR#*l?WsPqY?1wr1)2%Zsgo3qYUM>gI`Lgj(=e>
|
||||||
|
zMU)Nx<vO9YaXjPljlX-r<pCB}%u85Gl**>~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo
|
||||||
|
zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh
|
||||||
|
z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{<Xtx0jlLuAq36V
|
||||||
|
zUD(j5%f*8#)Gf$*unM)>RlEdP#0v4%e#ImMtXlgq`3qxe(=<X&v&d&Ygj$U%Qb4Ch
|
||||||
|
zyEZsEpfZ&RBm$!m@L5#M|MmvLD9=g!OGL>XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE
|
||||||
|
zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr
|
||||||
|
zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?D<v+=r8c!<bcXlB9I7-
|
||||||
|
zM!@H`<KN!M7si~!`3J&VJ>c?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7>
|
||||||
|
zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a
|
||||||
|
z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q
|
||||||
|
zf7)`qfCKTHn1c<ucMDcvF&WReh=>Vw*|W7Di!H#8j2>&Lm<S{SlL+{H9vT16-}+yB
|
||||||
|
zlERvWz~q3+R3eZFj7GqxI<X{ws@vXB9;s%tDXjGfj2>&Lm<S{SlL(j{SPiDtvf8t>
|
||||||
|
z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K
|
||||||
|
zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@
|
||||||
|
z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33W<Ob
|
||||||
|
zm>f`<N(2&t(Fph~>WzQnL<F*xQ%D4i!054-iitoXFo}TAq9XoPvdFY@3W<Obm>f`<
|
||||||
|
zN(2&t(Fph~a{Oz~wUF}<Mk$3Z0;9)TDkcJnz$5}bog&*t+2l*6l~YIrjKJi8%2Xnd
|
||||||
|
z2#iL+XOZJy6K+?qateun5g0wzQZW%o1SS#iS(Go<F%&7x3W3Q1m8nD^5g3iYtj@Gl
|
||||||
|
zP6WCLj2>&Lm<S{SlL&NAr_4zNW`)4yfXY-NkO+)MU{+^ZDklP61V)dwRJ=D3_<z$H
|
||||||
|
BLUI5A
|
||||||
|
|
||||||
|
literal 0
|
||||||
|
HcmV?d00001
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.idf b/MdeModulePkg/Logo/Logo-OpenSSL.idf
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..a80de29a63
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/MdeModulePkg/Logo/Logo-OpenSSL.idf
|
||||||
|
@@ -0,0 +1,15 @@
|
||||||
|
+// /** @file
|
||||||
|
+// Platform Logo image definition file.
|
||||||
|
+//
|
||||||
|
+// Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+//
|
||||||
|
+// This program and the accompanying materials
|
||||||
|
+// are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
+// which accompanies this distribution. The full text of the license may be found at
|
||||||
|
+// http://opensource.org/licenses/bsd-license.php
|
||||||
|
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
+//
|
||||||
|
+// **/
|
||||||
|
+
|
||||||
|
+#image IMG_LOGO Logo-OpenSSL.bmp
|
||||||
|
diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..2f79d873e2
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
@@ -0,0 +1,61 @@
|
||||||
|
+## @file
|
||||||
|
+# The default logo bitmap picture shown on setup screen.
|
||||||
|
+#
|
||||||
|
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+#
|
||||||
|
+# This program and the accompanying materials
|
||||||
|
+# are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
+# which accompanies this distribution. The full text of the license may be found at
|
||||||
|
+# http://opensource.org/licenses/bsd-license.php
|
||||||
|
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
+#
|
||||||
|
+#
|
||||||
|
+##
|
||||||
|
+
|
||||||
|
+[Defines]
|
||||||
|
+ INF_VERSION = 0x00010005
|
||||||
|
+ BASE_NAME = LogoOpenSSLDxe
|
||||||
|
+ MODULE_UNI_FILE = LogoOpenSSLDxe.uni
|
||||||
|
+ FILE_GUID = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF
|
||||||
|
+ MODULE_TYPE = DXE_DRIVER
|
||||||
|
+ VERSION_STRING = 1.0
|
||||||
|
+
|
||||||
|
+ ENTRY_POINT = InitializeLogo
|
||||||
|
+#
|
||||||
|
+# This flag specifies whether HII resource section is generated into PE image.
|
||||||
|
+#
|
||||||
|
+ UEFI_HII_RESOURCE_SECTION = TRUE
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# The following information is for reference only and not required by the build tools.
|
||||||
|
+#
|
||||||
|
+# VALID_ARCHITECTURES = IA32 X64
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
+[Sources]
|
||||||
|
+ Logo-OpenSSL.bmp
|
||||||
|
+ Logo.c
|
||||||
|
+ Logo-OpenSSL.idf
|
||||||
|
+
|
||||||
|
+[Packages]
|
||||||
|
+ MdeModulePkg/MdeModulePkg.dec
|
||||||
|
+ MdePkg/MdePkg.dec
|
||||||
|
+
|
||||||
|
+[LibraryClasses]
|
||||||
|
+ UefiBootServicesTableLib
|
||||||
|
+ UefiDriverEntryPoint
|
||||||
|
+ DebugLib
|
||||||
|
+
|
||||||
|
+[Protocols]
|
||||||
|
+ gEfiHiiDatabaseProtocolGuid ## CONSUMES
|
||||||
|
+ gEfiHiiImageExProtocolGuid ## CONSUMES
|
||||||
|
+ gEfiHiiPackageListProtocolGuid ## PRODUCES CONSUMES
|
||||||
|
+ gEdkiiPlatformLogoProtocolGuid ## PRODUCES
|
||||||
|
+
|
||||||
|
+[Depex]
|
||||||
|
+ gEfiHiiDatabaseProtocolGuid AND
|
||||||
|
+ gEfiHiiImageExProtocolGuid
|
||||||
|
+
|
||||||
|
+[UserExtensions.TianoCore."ExtraFiles"]
|
||||||
|
+ LogoDxeExtra.uni
|
||||||
|
diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..7227ac3910
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
|
||||||
|
@@ -0,0 +1,22 @@
|
||||||
|
+// /** @file
|
||||||
|
+// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen.
|
||||||
|
+//
|
||||||
|
+// This module provides the logo bitmap picture (with OpenSSL advertisment)
|
||||||
|
+// shown on setup screen, through EDKII Platform Logo protocol.
|
||||||
|
+//
|
||||||
|
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+//
|
||||||
|
+// This program and the accompanying materials
|
||||||
|
+// are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
+// which accompanies this distribution. The full text of the license may be found at
|
||||||
|
+// http://opensource.org/licenses/bsd-license.php
|
||||||
|
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
+//
|
||||||
|
+// **/
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+#string STR_MODULE_ABSTRACT #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen."
|
||||||
|
+
|
||||||
|
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
|
||||||
|
+
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
index 66e944436a..044379e1ed 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
@@ -688,7 +688,7 @@
|
||||||
|
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||||
|
!endif
|
||||||
|
}
|
||||||
|
- MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
MdeModulePkg/Application/UiApp/UiApp.inf {
|
||||||
|
<LibraryClasses>
|
||||||
|
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
index 785affeb90..326f82384e 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
@@ -283,7 +283,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||||
|
!endif
|
||||||
|
INF ShellPkg/Application/Shell/Shell.inf
|
||||||
|
|
||||||
|
-INF MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
# Network modules
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
index 51c2bfb44f..2ff68102d3 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
@@ -701,7 +701,7 @@
|
||||||
|
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||||
|
!endif
|
||||||
|
}
|
||||||
|
- MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
MdeModulePkg/Application/UiApp/UiApp.inf {
|
||||||
|
<LibraryClasses>
|
||||||
|
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
index 7440707256..aefb6614ad 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||||
|
!endif
|
||||||
|
INF ShellPkg/Application/Shell/Shell.inf
|
||||||
|
|
||||||
|
-INF MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
# Network modules
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
index ba7a758844..3a66d4d424 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
@@ -699,7 +699,7 @@
|
||||||
|
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||||
|
!endif
|
||||||
|
}
|
||||||
|
- MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
MdeModulePkg/Application/UiApp/UiApp.inf {
|
||||||
|
<LibraryClasses>
|
||||||
|
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
index 7440707256..aefb6614ad 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||||
|
!endif
|
||||||
|
INF ShellPkg/Application/Shell/Shell.inf
|
||||||
|
|
||||||
|
-INF MdeModulePkg/Logo/LogoDxe.inf
|
||||||
|
+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
# Network modules
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,70 @@
|
|||||||
|
From e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Thu, 20 Feb 2014 22:54:45 +0100
|
||||||
|
Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- trivial context difference due to upstream commit 2fe5f2f52918
|
||||||
|
("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
|
||||||
|
by git-cherry-pick automatically
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Upstream prefers short debug messages (sometimes even limited to 80
|
||||||
|
characters), but any line length under 512 characters is just unsuitable
|
||||||
|
for effective debugging. (For example, config strings in HII routing,
|
||||||
|
logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
|
||||||
|
level, can be several hundred characters long.) 512 is an empirically good
|
||||||
|
value.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb)
|
||||||
|
(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6)
|
||||||
|
(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
|
||||||
|
(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
|
||||||
|
(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
|
||||||
|
(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
|
||||||
|
---
|
||||||
|
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||||
|
index 3dfa3126c3..9451c50c70 100644
|
||||||
|
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||||
|
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||||
|
@@ -21,7 +21,7 @@
|
||||||
|
//
|
||||||
|
// Define the maximum debug and assert message length that this library supports
|
||||||
|
//
|
||||||
|
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
|
||||||
|
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
|
||||||
|
|
||||||
|
//
|
||||||
|
// VA_LIST can not initialize to NULL for all compiler, so we use this to
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,574 @@
|
|||||||
|
From 3aa0316ea1db5416cb528179a3ba5ce37c1279b7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Thu, 12 Jun 2014 00:17:59 +0200
|
||||||
|
Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- update commit message as requested in
|
||||||
|
<https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
The Int10h VBE Shim is capable of emitting short debug messages when the
|
||||||
|
win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet
|
||||||
|
version is preferred; for us debug messages are important as a default.
|
||||||
|
|
||||||
|
For this patch, the DEBUG macro is enabled in the assembly file, and then
|
||||||
|
the header file is regenerated from the assembly, by running
|
||||||
|
"OvmfPkg/QemuVideoDxe/VbeShim.sh".
|
||||||
|
|
||||||
|
"VbeShim.h" is not auto-generated; it is manually generated. The patch
|
||||||
|
does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the
|
||||||
|
manually re-generated) "VbeShim.h" atomically. Doing so helps with local
|
||||||
|
downstream builds, with bisection, and also keeps redhat/README a bit
|
||||||
|
simpler.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f)
|
||||||
|
(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2)
|
||||||
|
(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c)
|
||||||
|
(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba)
|
||||||
|
(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e)
|
||||||
|
(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471)
|
||||||
|
---
|
||||||
|
OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +-
|
||||||
|
OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++-----------
|
||||||
|
2 files changed, 308 insertions(+), 175 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||||
|
index cb2a60d827..26fe1bcc32 100644
|
||||||
|
--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||||
|
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||||
|
@@ -12,7 +12,7 @@
|
||||||
|
;------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
; enable this macro for debug messages
|
||||||
|
-;%define DEBUG
|
||||||
|
+%define DEBUG
|
||||||
|
|
||||||
|
%macro DebugLog 1
|
||||||
|
%ifdef DEBUG
|
||||||
|
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h
|
||||||
|
index cc9b6e14cd..325d6478a1 100644
|
||||||
|
--- a/OvmfPkg/QemuVideoDxe/VbeShim.h
|
||||||
|
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.h
|
||||||
|
@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = {
|
||||||
|
/* 000001FE nop */ 0x90,
|
||||||
|
/* 000001FF nop */ 0x90,
|
||||||
|
/* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F,
|
||||||
|
- /* 00000203 jz 0x22d */ 0x74, 0x28,
|
||||||
|
+ /* 00000203 jz 0x235 */ 0x74, 0x30,
|
||||||
|
/* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F,
|
||||||
|
- /* 00000208 jz 0x245 */ 0x74, 0x3B,
|
||||||
|
+ /* 00000208 jz 0x255 */ 0x74, 0x4B,
|
||||||
|
/* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F,
|
||||||
|
- /* 0000020D jz 0x269 */ 0x74, 0x5A,
|
||||||
|
+ /* 0000020D jz 0x289 */ 0x74, 0x7A,
|
||||||
|
/* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F,
|
||||||
|
- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01,
|
||||||
|
+ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01,
|
||||||
|
/* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F,
|
||||||
|
- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01,
|
||||||
|
+ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01,
|
||||||
|
/* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F,
|
||||||
|
- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01,
|
||||||
|
+ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01,
|
||||||
|
/* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00,
|
||||||
|
- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01,
|
||||||
|
- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE,
|
||||||
|
- /* 0000022D push es */ 0x06,
|
||||||
|
- /* 0000022E push di */ 0x57,
|
||||||
|
- /* 0000022F push ds */ 0x1E,
|
||||||
|
- /* 00000230 push si */ 0x56,
|
||||||
|
- /* 00000231 push cx */ 0x51,
|
||||||
|
- /* 00000232 push cs */ 0x0E,
|
||||||
|
- /* 00000233 pop ds */ 0x1F,
|
||||||
|
- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00,
|
||||||
|
- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||||
|
- /* 0000023A cld */ 0xFC,
|
||||||
|
- /* 0000023B rep movsb */ 0xF3, 0xA4,
|
||||||
|
- /* 0000023D pop cx */ 0x59,
|
||||||
|
- /* 0000023E pop si */ 0x5E,
|
||||||
|
- /* 0000023F pop ds */ 0x1F,
|
||||||
|
- /* 00000240 pop di */ 0x5F,
|
||||||
|
- /* 00000241 pop es */ 0x07,
|
||||||
|
- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01,
|
||||||
|
- /* 00000245 push es */ 0x06,
|
||||||
|
- /* 00000246 push di */ 0x57,
|
||||||
|
- /* 00000247 push ds */ 0x1E,
|
||||||
|
- /* 00000248 push si */ 0x56,
|
||||||
|
- /* 00000249 push cx */ 0x51,
|
||||||
|
- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF,
|
||||||
|
- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00,
|
||||||
|
- /* 00000252 jz 0x256 */ 0x74, 0x02,
|
||||||
|
- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5,
|
||||||
|
- /* 00000256 push cs */ 0x0E,
|
||||||
|
- /* 00000257 pop ds */ 0x1F,
|
||||||
|
- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01,
|
||||||
|
- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||||
|
- /* 0000025E cld */ 0xFC,
|
||||||
|
- /* 0000025F rep movsb */ 0xF3, 0xA4,
|
||||||
|
- /* 00000261 pop cx */ 0x59,
|
||||||
|
- /* 00000262 pop si */ 0x5E,
|
||||||
|
- /* 00000263 pop ds */ 0x1F,
|
||||||
|
- /* 00000264 pop di */ 0x5F,
|
||||||
|
- /* 00000265 pop es */ 0x07,
|
||||||
|
- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00,
|
||||||
|
- /* 00000269 push dx */ 0x52,
|
||||||
|
- /* 0000026A push ax */ 0x50,
|
||||||
|
- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40,
|
||||||
|
- /* 0000026F jz 0x273 */ 0x74, 0x02,
|
||||||
|
- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8,
|
||||||
|
- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03,
|
||||||
|
- /* 00000276 mov al,0x20 */ 0xB0, 0x20,
|
||||||
|
- /* 00000278 out dx,al */ 0xEE,
|
||||||
|
- /* 00000279 push dx */ 0x52,
|
||||||
|
- /* 0000027A push ax */ 0x50,
|
||||||
|
- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||||
|
- /* 00000281 out dx,ax */ 0xEF,
|
||||||
|
- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
- /* 00000288 out dx,ax */ 0xEF,
|
||||||
|
- /* 00000289 pop ax */ 0x58,
|
||||||
|
- /* 0000028A pop dx */ 0x5A,
|
||||||
|
- /* 0000028B push dx */ 0x52,
|
||||||
|
- /* 0000028C push ax */ 0x50,
|
||||||
|
- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00,
|
||||||
|
- /* 00000293 out dx,ax */ 0xEF,
|
||||||
|
- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
- /* 0000029A out dx,ax */ 0xEF,
|
||||||
|
- /* 0000029B pop ax */ 0x58,
|
||||||
|
- /* 0000029C pop dx */ 0x5A,
|
||||||
|
- /* 0000029D push dx */ 0x52,
|
||||||
|
- /* 0000029E push ax */ 0x50,
|
||||||
|
- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00,
|
||||||
|
- /* 000002A5 out dx,ax */ 0xEF,
|
||||||
|
- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
- /* 000002AC out dx,ax */ 0xEF,
|
||||||
|
- /* 000002AD pop ax */ 0x58,
|
||||||
|
- /* 000002AE pop dx */ 0x5A,
|
||||||
|
- /* 000002AF push dx */ 0x52,
|
||||||
|
- /* 000002B0 push ax */ 0x50,
|
||||||
|
- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00,
|
||||||
|
- /* 000002B7 out dx,ax */ 0xEF,
|
||||||
|
- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
- /* 000002BE out dx,ax */ 0xEF,
|
||||||
|
- /* 000002BF pop ax */ 0x58,
|
||||||
|
- /* 000002C0 pop dx */ 0x5A,
|
||||||
|
- /* 000002C1 push dx */ 0x52,
|
||||||
|
- /* 000002C2 push ax */ 0x50,
|
||||||
|
- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00,
|
||||||
|
- /* 000002C9 out dx,ax */ 0xEF,
|
||||||
|
- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00,
|
||||||
|
- /* 000002D0 out dx,ax */ 0xEF,
|
||||||
|
- /* 000002D1 pop ax */ 0x58,
|
||||||
|
- /* 000002D2 pop dx */ 0x5A,
|
||||||
|
- /* 000002D3 push dx */ 0x52,
|
||||||
|
- /* 000002D4 push ax */ 0x50,
|
||||||
|
- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00,
|
||||||
|
- /* 000002DB out dx,ax */ 0xEF,
|
||||||
|
- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||||
|
- /* 000002E2 out dx,ax */ 0xEF,
|
||||||
|
- /* 000002E3 pop ax */ 0x58,
|
||||||
|
- /* 000002E4 pop dx */ 0x5A,
|
||||||
|
- /* 000002E5 push dx */ 0x52,
|
||||||
|
- /* 000002E6 push ax */ 0x50,
|
||||||
|
- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00,
|
||||||
|
- /* 000002ED out dx,ax */ 0xEF,
|
||||||
|
- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||||
|
- /* 000002F4 out dx,ax */ 0xEF,
|
||||||
|
- /* 000002F5 pop ax */ 0x58,
|
||||||
|
- /* 000002F6 pop dx */ 0x5A,
|
||||||
|
- /* 000002F7 push dx */ 0x52,
|
||||||
|
- /* 000002F8 push ax */ 0x50,
|
||||||
|
- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00,
|
||||||
|
- /* 000002FF out dx,ax */ 0xEF,
|
||||||
|
- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||||
|
- /* 00000306 out dx,ax */ 0xEF,
|
||||||
|
- /* 00000307 pop ax */ 0x58,
|
||||||
|
- /* 00000308 pop dx */ 0x5A,
|
||||||
|
- /* 00000309 push dx */ 0x52,
|
||||||
|
- /* 0000030A push ax */ 0x50,
|
||||||
|
- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00,
|
||||||
|
- /* 00000311 out dx,ax */ 0xEF,
|
||||||
|
- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||||
|
- /* 00000318 out dx,ax */ 0xEF,
|
||||||
|
- /* 00000319 pop ax */ 0x58,
|
||||||
|
- /* 0000031A pop dx */ 0x5A,
|
||||||
|
- /* 0000031B push dx */ 0x52,
|
||||||
|
- /* 0000031C push ax */ 0x50,
|
||||||
|
- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||||
|
- /* 00000323 out dx,ax */ 0xEF,
|
||||||
|
- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00,
|
||||||
|
- /* 0000032A out dx,ax */ 0xEF,
|
||||||
|
- /* 0000032B pop ax */ 0x58,
|
||||||
|
- /* 0000032C pop dx */ 0x5A,
|
||||||
|
- /* 0000032D pop ax */ 0x58,
|
||||||
|
- /* 0000032E pop dx */ 0x5A,
|
||||||
|
- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B,
|
||||||
|
- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40,
|
||||||
|
- /* 00000334 jmp short 0x34c */ 0xEB, 0x16,
|
||||||
|
- /* 00000336 jmp short 0x350 */ 0xEB, 0x18,
|
||||||
|
- /* 00000338 jmp short 0x350 */ 0xEB, 0x16,
|
||||||
|
- /* 0000033A cmp al,0x3 */ 0x3C, 0x03,
|
||||||
|
- /* 0000033C jz 0x345 */ 0x74, 0x07,
|
||||||
|
- /* 0000033E cmp al,0x12 */ 0x3C, 0x12,
|
||||||
|
- /* 00000340 jz 0x349 */ 0x74, 0x07,
|
||||||
|
- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE,
|
||||||
|
- /* 00000345 mov al,0x30 */ 0xB0, 0x30,
|
||||||
|
- /* 00000347 jmp short 0x34b */ 0xEB, 0x02,
|
||||||
|
- /* 00000349 mov al,0x20 */ 0xB0, 0x20,
|
||||||
|
- /* 0000034B iretw */ 0xCF,
|
||||||
|
- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00,
|
||||||
|
- /* 0000034F iretw */ 0xCF,
|
||||||
|
- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01,
|
||||||
|
- /* 00000353 iretw */ 0xCF,
|
||||||
|
+ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01,
|
||||||
|
+ /* 0000022B push si */ 0x56,
|
||||||
|
+ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03,
|
||||||
|
+ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01,
|
||||||
|
+ /* 00000232 pop si */ 0x5E,
|
||||||
|
+ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE,
|
||||||
|
+ /* 00000235 push es */ 0x06,
|
||||||
|
+ /* 00000236 push di */ 0x57,
|
||||||
|
+ /* 00000237 push ds */ 0x1E,
|
||||||
|
+ /* 00000238 push si */ 0x56,
|
||||||
|
+ /* 00000239 push cx */ 0x51,
|
||||||
|
+ /* 0000023A push si */ 0x56,
|
||||||
|
+ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03,
|
||||||
|
+ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01,
|
||||||
|
+ /* 00000241 pop si */ 0x5E,
|
||||||
|
+ /* 00000242 push cs */ 0x0E,
|
||||||
|
+ /* 00000243 pop ds */ 0x1F,
|
||||||
|
+ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00,
|
||||||
|
+ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||||
|
+ /* 0000024A cld */ 0xFC,
|
||||||
|
+ /* 0000024B rep movsb */ 0xF3, 0xA4,
|
||||||
|
+ /* 0000024D pop cx */ 0x59,
|
||||||
|
+ /* 0000024E pop si */ 0x5E,
|
||||||
|
+ /* 0000024F pop ds */ 0x1F,
|
||||||
|
+ /* 00000250 pop di */ 0x5F,
|
||||||
|
+ /* 00000251 pop es */ 0x07,
|
||||||
|
+ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01,
|
||||||
|
+ /* 00000255 push es */ 0x06,
|
||||||
|
+ /* 00000256 push di */ 0x57,
|
||||||
|
+ /* 00000257 push ds */ 0x1E,
|
||||||
|
+ /* 00000258 push si */ 0x56,
|
||||||
|
+ /* 00000259 push cx */ 0x51,
|
||||||
|
+ /* 0000025A push si */ 0x56,
|
||||||
|
+ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04,
|
||||||
|
+ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01,
|
||||||
|
+ /* 00000261 pop si */ 0x5E,
|
||||||
|
+ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF,
|
||||||
|
+ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00,
|
||||||
|
+ /* 0000026A jz 0x276 */ 0x74, 0x0A,
|
||||||
|
+ /* 0000026C push si */ 0x56,
|
||||||
|
+ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04,
|
||||||
|
+ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01,
|
||||||
|
+ /* 00000273 pop si */ 0x5E,
|
||||||
|
+ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD,
|
||||||
|
+ /* 00000276 push cs */ 0x0E,
|
||||||
|
+ /* 00000277 pop ds */ 0x1F,
|
||||||
|
+ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01,
|
||||||
|
+ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||||
|
+ /* 0000027E cld */ 0xFC,
|
||||||
|
+ /* 0000027F rep movsb */ 0xF3, 0xA4,
|
||||||
|
+ /* 00000281 pop cx */ 0x59,
|
||||||
|
+ /* 00000282 pop si */ 0x5E,
|
||||||
|
+ /* 00000283 pop ds */ 0x1F,
|
||||||
|
+ /* 00000284 pop di */ 0x5F,
|
||||||
|
+ /* 00000285 pop es */ 0x07,
|
||||||
|
+ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01,
|
||||||
|
+ /* 00000289 push dx */ 0x52,
|
||||||
|
+ /* 0000028A push ax */ 0x50,
|
||||||
|
+ /* 0000028B push si */ 0x56,
|
||||||
|
+ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04,
|
||||||
|
+ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01,
|
||||||
|
+ /* 00000292 pop si */ 0x5E,
|
||||||
|
+ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40,
|
||||||
|
+ /* 00000297 jz 0x2a3 */ 0x74, 0x0A,
|
||||||
|
+ /* 00000299 push si */ 0x56,
|
||||||
|
+ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04,
|
||||||
|
+ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01,
|
||||||
|
+ /* 000002A0 pop si */ 0x5E,
|
||||||
|
+ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90,
|
||||||
|
+ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03,
|
||||||
|
+ /* 000002A6 mov al,0x20 */ 0xB0, 0x20,
|
||||||
|
+ /* 000002A8 out dx,al */ 0xEE,
|
||||||
|
+ /* 000002A9 push dx */ 0x52,
|
||||||
|
+ /* 000002AA push ax */ 0x50,
|
||||||
|
+ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||||
|
+ /* 000002B1 out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
+ /* 000002B8 out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002B9 pop ax */ 0x58,
|
||||||
|
+ /* 000002BA pop dx */ 0x5A,
|
||||||
|
+ /* 000002BB push dx */ 0x52,
|
||||||
|
+ /* 000002BC push ax */ 0x50,
|
||||||
|
+ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00,
|
||||||
|
+ /* 000002C3 out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
+ /* 000002CA out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002CB pop ax */ 0x58,
|
||||||
|
+ /* 000002CC pop dx */ 0x5A,
|
||||||
|
+ /* 000002CD push dx */ 0x52,
|
||||||
|
+ /* 000002CE push ax */ 0x50,
|
||||||
|
+ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00,
|
||||||
|
+ /* 000002D5 out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
+ /* 000002DC out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002DD pop ax */ 0x58,
|
||||||
|
+ /* 000002DE pop dx */ 0x5A,
|
||||||
|
+ /* 000002DF push dx */ 0x52,
|
||||||
|
+ /* 000002E0 push ax */ 0x50,
|
||||||
|
+ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00,
|
||||||
|
+ /* 000002E7 out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||||
|
+ /* 000002EE out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002EF pop ax */ 0x58,
|
||||||
|
+ /* 000002F0 pop dx */ 0x5A,
|
||||||
|
+ /* 000002F1 push dx */ 0x52,
|
||||||
|
+ /* 000002F2 push ax */ 0x50,
|
||||||
|
+ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00,
|
||||||
|
+ /* 000002F9 out dx,ax */ 0xEF,
|
||||||
|
+ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00,
|
||||||
|
+ /* 00000300 out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000301 pop ax */ 0x58,
|
||||||
|
+ /* 00000302 pop dx */ 0x5A,
|
||||||
|
+ /* 00000303 push dx */ 0x52,
|
||||||
|
+ /* 00000304 push ax */ 0x50,
|
||||||
|
+ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00,
|
||||||
|
+ /* 0000030B out dx,ax */ 0xEF,
|
||||||
|
+ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||||
|
+ /* 00000312 out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000313 pop ax */ 0x58,
|
||||||
|
+ /* 00000314 pop dx */ 0x5A,
|
||||||
|
+ /* 00000315 push dx */ 0x52,
|
||||||
|
+ /* 00000316 push ax */ 0x50,
|
||||||
|
+ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00,
|
||||||
|
+ /* 0000031D out dx,ax */ 0xEF,
|
||||||
|
+ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||||
|
+ /* 00000324 out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000325 pop ax */ 0x58,
|
||||||
|
+ /* 00000326 pop dx */ 0x5A,
|
||||||
|
+ /* 00000327 push dx */ 0x52,
|
||||||
|
+ /* 00000328 push ax */ 0x50,
|
||||||
|
+ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00,
|
||||||
|
+ /* 0000032F out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||||
|
+ /* 00000336 out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000337 pop ax */ 0x58,
|
||||||
|
+ /* 00000338 pop dx */ 0x5A,
|
||||||
|
+ /* 00000339 push dx */ 0x52,
|
||||||
|
+ /* 0000033A push ax */ 0x50,
|
||||||
|
+ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00,
|
||||||
|
+ /* 00000341 out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||||
|
+ /* 00000348 out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000349 pop ax */ 0x58,
|
||||||
|
+ /* 0000034A pop dx */ 0x5A,
|
||||||
|
+ /* 0000034B push dx */ 0x52,
|
||||||
|
+ /* 0000034C push ax */ 0x50,
|
||||||
|
+ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||||
|
+ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||||
|
+ /* 00000353 out dx,ax */ 0xEF,
|
||||||
|
+ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||||
|
+ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00,
|
||||||
|
+ /* 0000035A out dx,ax */ 0xEF,
|
||||||
|
+ /* 0000035B pop ax */ 0x58,
|
||||||
|
+ /* 0000035C pop dx */ 0x5A,
|
||||||
|
+ /* 0000035D pop ax */ 0x58,
|
||||||
|
+ /* 0000035E pop dx */ 0x5A,
|
||||||
|
+ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B,
|
||||||
|
+ /* 00000361 push si */ 0x56,
|
||||||
|
+ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04,
|
||||||
|
+ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00,
|
||||||
|
+ /* 00000368 pop si */ 0x5E,
|
||||||
|
+ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40,
|
||||||
|
+ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E,
|
||||||
|
+ /* 0000036E push si */ 0x56,
|
||||||
|
+ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04,
|
||||||
|
+ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00,
|
||||||
|
+ /* 00000375 pop si */ 0x5E,
|
||||||
|
+ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40,
|
||||||
|
+ /* 00000378 push si */ 0x56,
|
||||||
|
+ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04,
|
||||||
|
+ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00,
|
||||||
|
+ /* 0000037F pop si */ 0x5E,
|
||||||
|
+ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36,
|
||||||
|
+ /* 00000382 push si */ 0x56,
|
||||||
|
+ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04,
|
||||||
|
+ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00,
|
||||||
|
+ /* 00000389 pop si */ 0x5E,
|
||||||
|
+ /* 0000038A cmp al,0x3 */ 0x3C, 0x03,
|
||||||
|
+ /* 0000038C jz 0x39d */ 0x74, 0x0F,
|
||||||
|
+ /* 0000038E cmp al,0x12 */ 0x3C, 0x12,
|
||||||
|
+ /* 00000390 jz 0x3a1 */ 0x74, 0x0F,
|
||||||
|
+ /* 00000392 push si */ 0x56,
|
||||||
|
+ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04,
|
||||||
|
+ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00,
|
||||||
|
+ /* 00000399 pop si */ 0x5E,
|
||||||
|
+ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE,
|
||||||
|
+ /* 0000039D mov al,0x30 */ 0xB0, 0x30,
|
||||||
|
+ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02,
|
||||||
|
+ /* 000003A1 mov al,0x20 */ 0xB0, 0x20,
|
||||||
|
+ /* 000003A3 push si */ 0x56,
|
||||||
|
+ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03,
|
||||||
|
+ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00,
|
||||||
|
+ /* 000003AA pop si */ 0x5E,
|
||||||
|
+ /* 000003AB iretw */ 0xCF,
|
||||||
|
+ /* 000003AC push si */ 0x56,
|
||||||
|
+ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03,
|
||||||
|
+ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00,
|
||||||
|
+ /* 000003B3 pop si */ 0x5E,
|
||||||
|
+ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00,
|
||||||
|
+ /* 000003B7 iretw */ 0xCF,
|
||||||
|
+ /* 000003B8 push si */ 0x56,
|
||||||
|
+ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03,
|
||||||
|
+ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00,
|
||||||
|
+ /* 000003BF pop si */ 0x5E,
|
||||||
|
+ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01,
|
||||||
|
+ /* 000003C3 iretw */ 0xCF,
|
||||||
|
+ /* 000003C4 pushaw */ 0x60,
|
||||||
|
+ /* 000003C5 push ds */ 0x1E,
|
||||||
|
+ /* 000003C6 push cs */ 0x0E,
|
||||||
|
+ /* 000003C7 pop ds */ 0x1F,
|
||||||
|
+ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04,
|
||||||
|
+ /* 000003CB lodsb */ 0xAC,
|
||||||
|
+ /* 000003CC cmp al,0x0 */ 0x3C, 0x00,
|
||||||
|
+ /* 000003CE jz 0x3d3 */ 0x74, 0x03,
|
||||||
|
+ /* 000003D0 out dx,al */ 0xEE,
|
||||||
|
+ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8,
|
||||||
|
+ /* 000003D3 pop ds */ 0x1F,
|
||||||
|
+ /* 000003D4 popaw */ 0x61,
|
||||||
|
+ /* 000003D5 ret */ 0xC3,
|
||||||
|
+ /* 000003D6 inc bp */ 0x45,
|
||||||
|
+ /* 000003D7 js 0x442 */ 0x78, 0x69,
|
||||||
|
+ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A,
|
||||||
|
+ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E,
|
||||||
|
+ /* 000003DE jnc 0x455 */ 0x73, 0x75,
|
||||||
|
+ /* 000003E0 jo 0x452 */ 0x70, 0x70,
|
||||||
|
+ /* 000003E2 outsw */ 0x6F,
|
||||||
|
+ /* 000003E3 jc 0x459 */ 0x72, 0x74,
|
||||||
|
+ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00,
|
||||||
|
+ /* 000003E9 push bp */ 0x55,
|
||||||
|
+ /* 000003EA outsb */ 0x6E,
|
||||||
|
+ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77,
|
||||||
|
+ /* 000003EF outsb */ 0x6E,
|
||||||
|
+ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75,
|
||||||
|
+ /* 000003F3 outsb */ 0x6E,
|
||||||
|
+ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69,
|
||||||
|
+ /* 000003F7 outsw */ 0x6F,
|
||||||
|
+ /* 000003F8 outsb */ 0x6E,
|
||||||
|
+ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00,
|
||||||
|
+ /* 000003FB inc di */ 0x47,
|
||||||
|
+ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49,
|
||||||
|
+ /* 000003FF outsb */ 0x6E,
|
||||||
|
+ /* 00000400 outsd */ 0x66, 0x6F,
|
||||||
|
+ /* 00000402 or al,[bx+si] */ 0x0A, 0x00,
|
||||||
|
+ /* 00000404 inc di */ 0x47,
|
||||||
|
+ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D,
|
||||||
|
+ /* 00000408 outsw */ 0x6F,
|
||||||
|
+ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49,
|
||||||
|
+ /* 0000040C outsb */ 0x6E,
|
||||||
|
+ /* 0000040D outsd */ 0x66, 0x6F,
|
||||||
|
+ /* 0000040F or al,[bx+si] */ 0x0A, 0x00,
|
||||||
|
+ /* 00000411 inc di */ 0x47,
|
||||||
|
+ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D,
|
||||||
|
+ /* 00000415 outsw */ 0x6F,
|
||||||
|
+ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00,
|
||||||
|
+ /* 0000041A push bx */ 0x53,
|
||||||
|
+ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D,
|
||||||
|
+ /* 0000041E outsw */ 0x6F,
|
||||||
|
+ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00,
|
||||||
|
+ /* 00000423 push bx */ 0x53,
|
||||||
|
+ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D,
|
||||||
|
+ /* 00000427 outsw */ 0x6F,
|
||||||
|
+ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C,
|
||||||
|
+ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61,
|
||||||
|
+ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A,
|
||||||
|
+ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E,
|
||||||
|
+ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E,
|
||||||
|
+ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F,
|
||||||
|
+ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00,
|
||||||
|
+ /* 0000043F inc di */ 0x47,
|
||||||
|
+ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50,
|
||||||
|
+ /* 00000443 insw */ 0x6D,
|
||||||
|
+ /* 00000444 inc bx */ 0x43,
|
||||||
|
+ /* 00000445 popaw */ 0x61,
|
||||||
|
+ /* 00000446 jo 0x4a9 */ 0x70, 0x61,
|
||||||
|
+ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C,
|
||||||
|
+ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73,
|
||||||
|
+ /* 00000450 or al,[bx+si] */ 0x0A, 0x00,
|
||||||
|
+ /* 00000452 push dx */ 0x52,
|
||||||
|
+ /* 00000453 gs popaw */ 0x65, 0x61,
|
||||||
|
+ /* 00000455 fs inc bp */ 0x64, 0x45,
|
||||||
|
+ /* 00000457 fs */ 0x64,
|
||||||
|
+ /* 00000458 db 0x69 */ 0x69,
|
||||||
|
+ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00,
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,156 @@
|
|||||||
|
From 12cb13a1da913912bd9148ce8f2353a75be77f18 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 25 Feb 2014 18:40:35 +0100
|
||||||
|
Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- update commit message as requested in
|
||||||
|
<https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
|
||||||
|
390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
|
||||||
|
InitializeTerminalConsoleTextMode", 2017-01-10).
|
||||||
|
|
||||||
|
When the console output is multiplexed to several devices by
|
||||||
|
ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
|
||||||
|
supported by all console output devices.
|
||||||
|
|
||||||
|
Two notable output devices are provided by:
|
||||||
|
(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
|
||||||
|
(2) MdeModulePkg/Universal/Console/TerminalDxe.
|
||||||
|
|
||||||
|
GraphicsConsoleDxe supports four modes at most -- see
|
||||||
|
InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData":
|
||||||
|
|
||||||
|
(1a) 80x25 (required by the UEFI spec as mode 0),
|
||||||
|
(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
|
||||||
|
requires the driver to provide it as mode 1),
|
||||||
|
(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
|
||||||
|
spec requires from all plug-in graphics devices),
|
||||||
|
(1d) "full screen" resolution, derived form the underlying GOP's
|
||||||
|
horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
|
||||||
|
(8) and EFI_GLYPH_HEIGHT (19), respectively.
|
||||||
|
|
||||||
|
The automatic "full screen resolution" makes GraphicsConsoleDxe's
|
||||||
|
character console very flexible. However, TerminalDxe (which runs on
|
||||||
|
serial ports) only provides the following fixed resolutions -- see
|
||||||
|
InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData":
|
||||||
|
|
||||||
|
(2a) 80x25 (required by the UEFI spec as mode 0),
|
||||||
|
(2b) 80x50 (since the character resolution of a serial device cannot be
|
||||||
|
interrogated easily, this is added unconditionally as mode 1),
|
||||||
|
(2c) 100x31 (since the character resolution of a serial device cannot be
|
||||||
|
interrogated easily, this is added unconditionally as mode 2).
|
||||||
|
|
||||||
|
When ConSplitterDxe combines (1) and (2), multiplexing console output to
|
||||||
|
both video output and serial terminal, the list of commonly supported text
|
||||||
|
modes (ie. the "intersection") comprises:
|
||||||
|
|
||||||
|
(3a) 80x25, unconditionally, from (1a) and (2a),
|
||||||
|
(3b) 80x50, if the graphics console provides at least 640x950 pixel
|
||||||
|
resolution, from (1b) and (2b)
|
||||||
|
(3c) 100x31, if the graphics device is a plug-in one (because in that case
|
||||||
|
800x600 is a mandated pixel resolution), from (1c) and (2c).
|
||||||
|
|
||||||
|
Unfortunately, the "full screen resolution" (1d) of the GOP-based text
|
||||||
|
console is not available in general.
|
||||||
|
|
||||||
|
Mitigate this problem by extending "mTerminalConsoleModeData" with a
|
||||||
|
handful of text resolutions that are derived from widespread maximal pixel
|
||||||
|
resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
|
||||||
|
the most frequent (1d) values from the intersection, and eg. the MODE
|
||||||
|
command in the UEFI shell will offer the "best" (ie. full screen)
|
||||||
|
resolution too.
|
||||||
|
|
||||||
|
Upstreaming efforts for this patch have been discontinued; it was clear
|
||||||
|
from the off-list thread that consensus was impossible to reach.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
|
||||||
|
(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
|
||||||
|
(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
|
||||||
|
(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
|
||||||
|
(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
|
||||||
|
---
|
||||||
|
.../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++--
|
||||||
|
1 file changed, 38 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||||
|
index c76b2c5100..eff9d9787f 100644
|
||||||
|
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||||
|
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||||
|
@@ -107,9 +107,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
|
||||||
|
};
|
||||||
|
|
||||||
|
TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
|
||||||
|
- {80, 25},
|
||||||
|
- {80, 50},
|
||||||
|
- {100, 31},
|
||||||
|
+ { 80, 25 }, // from graphics resolution 640 x 480
|
||||||
|
+ { 80, 50 }, // from graphics resolution 640 x 960
|
||||||
|
+ { 100, 25 }, // from graphics resolution 800 x 480
|
||||||
|
+ { 100, 31 }, // from graphics resolution 800 x 600
|
||||||
|
+ { 104, 32 }, // from graphics resolution 832 x 624
|
||||||
|
+ { 120, 33 }, // from graphics resolution 960 x 640
|
||||||
|
+ { 128, 31 }, // from graphics resolution 1024 x 600
|
||||||
|
+ { 128, 40 }, // from graphics resolution 1024 x 768
|
||||||
|
+ { 144, 45 }, // from graphics resolution 1152 x 864
|
||||||
|
+ { 144, 45 }, // from graphics resolution 1152 x 870
|
||||||
|
+ { 160, 37 }, // from graphics resolution 1280 x 720
|
||||||
|
+ { 160, 40 }, // from graphics resolution 1280 x 760
|
||||||
|
+ { 160, 40 }, // from graphics resolution 1280 x 768
|
||||||
|
+ { 160, 42 }, // from graphics resolution 1280 x 800
|
||||||
|
+ { 160, 50 }, // from graphics resolution 1280 x 960
|
||||||
|
+ { 160, 53 }, // from graphics resolution 1280 x 1024
|
||||||
|
+ { 170, 40 }, // from graphics resolution 1360 x 768
|
||||||
|
+ { 170, 40 }, // from graphics resolution 1366 x 768
|
||||||
|
+ { 175, 55 }, // from graphics resolution 1400 x 1050
|
||||||
|
+ { 180, 47 }, // from graphics resolution 1440 x 900
|
||||||
|
+ { 200, 47 }, // from graphics resolution 1600 x 900
|
||||||
|
+ { 200, 63 }, // from graphics resolution 1600 x 1200
|
||||||
|
+ { 210, 55 }, // from graphics resolution 1680 x 1050
|
||||||
|
+ { 240, 56 }, // from graphics resolution 1920 x 1080
|
||||||
|
+ { 240, 63 }, // from graphics resolution 1920 x 1200
|
||||||
|
+ { 240, 75 }, // from graphics resolution 1920 x 1440
|
||||||
|
+ { 250, 105 }, // from graphics resolution 2000 x 2000
|
||||||
|
+ { 256, 80 }, // from graphics resolution 2048 x 1536
|
||||||
|
+ { 256, 107 }, // from graphics resolution 2048 x 2048
|
||||||
|
+ { 320, 75 }, // from graphics resolution 2560 x 1440
|
||||||
|
+ { 320, 84 }, // from graphics resolution 2560 x 1600
|
||||||
|
+ { 320, 107 }, // from graphics resolution 2560 x 2048
|
||||||
|
+ { 350, 110 }, // from graphics resolution 2800 x 2100
|
||||||
|
+ { 400, 126 }, // from graphics resolution 3200 x 2400
|
||||||
|
+ { 480, 113 }, // from graphics resolution 3840 x 2160
|
||||||
|
+ { 512, 113 }, // from graphics resolution 4096 x 2160
|
||||||
|
+ { 960, 227 }, // from graphics resolution 7680 x 4320
|
||||||
|
+ { 1024, 227 }, // from graphics resolution 8192 x 4320
|
||||||
|
//
|
||||||
|
// New modes can be added here.
|
||||||
|
//
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,160 @@
|
|||||||
|
From a11602f5e2ef930be5b693ddfd0c789a1bd4c60c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 25 Feb 2014 22:40:01 +0100
|
||||||
|
Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
|
||||||
|
only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- Conflict in "MdeModulePkg/MdeModulePkg.dec" due to upstream commits
|
||||||
|
- 1103ba946aee ("MdeModulePkg: Add Capsule On Disk related definition.",
|
||||||
|
2019-06-26),
|
||||||
|
- 1c7b3eb84631 ("MdeModulePkg/DxeIpl: Introduce PCD
|
||||||
|
PcdUse5LevelPageTable", 2019-08-09),
|
||||||
|
with easy manual resolution.
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec"
|
||||||
|
context change from upstream commits e043f7895b83 ("MdeModulePkg: Add
|
||||||
|
PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2
|
||||||
|
("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03).
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- refresh commit 519b9751573e against various context changes
|
||||||
|
|
||||||
|
The
|
||||||
|
|
||||||
|
CSI Ps ; Ps ; Ps t
|
||||||
|
|
||||||
|
escape sequence serves for window manipulation. We can use the
|
||||||
|
|
||||||
|
CSI 8 ; <rows> ; <columns> t
|
||||||
|
|
||||||
|
sequence to adapt eg. the xterm window size to the selected console mode.
|
||||||
|
|
||||||
|
Reference: <http://rtfm.etla.org/xterm/ctlseq.html>
|
||||||
|
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444)
|
||||||
|
(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574)
|
||||||
|
(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90)
|
||||||
|
(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
|
||||||
|
(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc)
|
||||||
|
---
|
||||||
|
MdeModulePkg/MdeModulePkg.dec | 4 +++
|
||||||
|
.../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++
|
||||||
|
.../Console/TerminalDxe/TerminalDxe.inf | 2 ++
|
||||||
|
3 files changed, 36 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||||
|
index 19935c88fa..5690bbd8b3 100644
|
||||||
|
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||||
|
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||||
|
@@ -2002,6 +2002,10 @@
|
||||||
|
# @Prompt Capsule On Disk relocation device path.
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdCodRelocationDevPath|{0xFF}|VOID*|0x0000002f
|
||||||
|
|
||||||
|
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
|
||||||
|
+ # mode change.
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
|
||||||
|
+
|
||||||
|
[PcdsPatchableInModule]
|
||||||
|
## Specify memory size with page number for PEI code when
|
||||||
|
# Loading Module at Fixed Address feature is enabled.
|
||||||
|
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||||
|
index 7ef655cca5..1113252df2 100644
|
||||||
|
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||||
|
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||||
|
@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
+#include <Library/PrintLib.h>
|
||||||
|
+
|
||||||
|
#include "Terminal.h"
|
||||||
|
|
||||||
|
//
|
||||||
|
@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
|
||||||
|
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 };
|
||||||
|
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 };
|
||||||
|
|
||||||
|
+//
|
||||||
|
+// Note that this is an ASCII format string, taking two INT32 arguments:
|
||||||
|
+// rows, columns.
|
||||||
|
+//
|
||||||
|
+// A %d (INT32) format specification can expand to at most 11 characters.
|
||||||
|
+//
|
||||||
|
+CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt";
|
||||||
|
+#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2))
|
||||||
|
+
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// Body of the ConOut functions
|
||||||
|
//
|
||||||
|
@@ -502,6 +514,24 @@ TerminalConOutSetMode (
|
||||||
|
return EFI_DEVICE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (PcdGetBool (PcdResizeXterm)) {
|
||||||
|
+ CHAR16 ResizeSequence[RESIZE_SEQ_SIZE];
|
||||||
|
+
|
||||||
|
+ UnicodeSPrintAsciiFormat (
|
||||||
|
+ ResizeSequence,
|
||||||
|
+ sizeof ResizeSequence,
|
||||||
|
+ mResizeTextAreaFormatString,
|
||||||
|
+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows,
|
||||||
|
+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns
|
||||||
|
+ );
|
||||||
|
+ TerminalDevice->OutputEscChar = TRUE;
|
||||||
|
+ Status = This->OutputString (This, ResizeSequence);
|
||||||
|
+ TerminalDevice->OutputEscChar = FALSE;
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return EFI_DEVICE_ERROR;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
This->Mode->Mode = (INT32) ModeNumber;
|
||||||
|
|
||||||
|
Status = This->ClearScreen (This);
|
||||||
|
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||||
|
index 24e164ef4d..d1160ed1c7 100644
|
||||||
|
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||||
|
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||||
|
@@ -55,6 +55,7 @@
|
||||||
|
DebugLib
|
||||||
|
PcdLib
|
||||||
|
BaseLib
|
||||||
|
+ PrintLib
|
||||||
|
|
||||||
|
[Guids]
|
||||||
|
## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
|
||||||
|
@@ -83,6 +84,7 @@
|
||||||
|
[Pcd]
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## CONSUMES
|
||||||
|
|
||||||
|
# [Event]
|
||||||
|
# # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,116 @@
|
|||||||
|
From 2cc462ee963d0be119bc97bfc9c70d292a40516f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 14 Oct 2015 15:59:06 +0200
|
||||||
|
Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- refresh downstream-only commit 8abc2a6ddad2 against context differences
|
||||||
|
in the DSC files from upstream commit 5e167d7e784c
|
||||||
|
("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if
|
||||||
|
SMM_REQUIRE", 2017-03-12).
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721)
|
||||||
|
(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d)
|
||||||
|
(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038)
|
||||||
|
(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3)
|
||||||
|
(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
|
||||||
|
(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2)
|
||||||
|
---
|
||||||
|
OvmfPkg/OvmfPkgIa32.dsc | 1 +
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
|
||||||
|
OvmfPkg/OvmfPkgX64.dsc | 1 +
|
||||||
|
OvmfPkg/PlatformPei/Platform.c | 1 +
|
||||||
|
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
|
||||||
|
5 files changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
index 044379e1ed..accf5c0211 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
@@ -525,6 +525,7 @@
|
||||||
|
# ($(SMM_REQUIRE) == FALSE)
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||||
|
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
index 2ff68102d3..8812da9943 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
@@ -531,6 +531,7 @@
|
||||||
|
# ($(SMM_REQUIRE) == FALSE)
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||||
|
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
index 3a66d4d424..73e1b7824f 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
@@ -530,6 +530,7 @@
|
||||||
|
# ($(SMM_REQUIRE) == FALSE)
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||||
|
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||||
|
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
|
||||||
|
index 3ba2459872..bbbf1ac2a8 100644
|
||||||
|
--- a/OvmfPkg/PlatformPei/Platform.c
|
||||||
|
+++ b/OvmfPkg/PlatformPei/Platform.c
|
||||||
|
@@ -667,6 +667,7 @@ InitializePlatform (
|
||||||
|
PeiFvInitialization ();
|
||||||
|
MemMapInitialization ();
|
||||||
|
NoexecDxeInitialization ();
|
||||||
|
+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
|
||||||
|
}
|
||||||
|
|
||||||
|
InstallClearCacheCallback ();
|
||||||
|
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||||
|
index d9fd9c8f05..666803916c 100644
|
||||||
|
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||||
|
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||||
|
@@ -89,6 +89,7 @@
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,62 @@
|
|||||||
|
From 0dd0ad0dcdfd1189ed8aa880765403d1f587cc59 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 12 Apr 2016 20:50:25 +0200
|
||||||
|
Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 8e2153358aa2bba2c91faa87a70beadcaae03fd8)
|
||||||
|
(cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd)
|
||||||
|
(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03)
|
||||||
|
(cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9)
|
||||||
|
(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699)
|
||||||
|
(cherry picked from commit f372886be5f1c41677f168be77c484bae5841361)
|
||||||
|
---
|
||||||
|
ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
|
||||||
|
index 4d27d7d30b..feceed5f93 100644
|
||||||
|
--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
|
||||||
|
+++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
|
||||||
|
@@ -15,7 +15,7 @@
|
||||||
|
FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF
|
||||||
|
MODULE_TYPE = BASE
|
||||||
|
VERSION_STRING = 1.0
|
||||||
|
- LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER
|
||||||
|
+ LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER UEFI_DRIVER
|
||||||
|
|
||||||
|
CONSTRUCTOR = QemuFwCfgInitialize
|
||||||
|
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,223 @@
|
|||||||
|
From 8338545260fbb423f796d5196faaaf8ff6e1ed99 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Sun, 26 Jul 2015 08:02:50 +0000
|
||||||
|
Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- Refresh downstream-only commit d4564d39dfdb against context changes in
|
||||||
|
"ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870
|
||||||
|
("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable
|
||||||
|
override", 2017-03-29).
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such
|
||||||
|
setter functions for dynamic PCDs that don't return a status code (such
|
||||||
|
as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds --
|
||||||
|
there's really no circumstance in this case when it could fail.
|
||||||
|
|
||||||
|
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262)
|
||||||
|
(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c)
|
||||||
|
(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65)
|
||||||
|
(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
|
||||||
|
(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04)
|
||||||
|
---
|
||||||
|
ArmVirtPkg/ArmVirtQemu.dsc | 7 +-
|
||||||
|
.../TerminalPcdProducerLib.c | 87 +++++++++++++++++++
|
||||||
|
.../TerminalPcdProducerLib.inf | 41 +++++++++
|
||||||
|
3 files changed, 134 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
|
||||||
|
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||||
|
|
||||||
|
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
index a3cc3f26ec..696b0b5bcd 100644
|
||||||
|
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
@@ -237,6 +237,8 @@
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
|
||||||
|
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||||
|
+
|
||||||
|
[PcdsDynamicHii]
|
||||||
|
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
|
||||||
|
|
||||||
|
@@ -314,7 +316,10 @@
|
||||||
|
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
|
||||||
|
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
|
||||||
|
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
|
||||||
|
- MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||||
|
+ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf {
|
||||||
|
+ <LibraryClasses>
|
||||||
|
+ NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||||
|
+ }
|
||||||
|
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
|
||||||
|
|
||||||
|
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||||
|
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..814ad48199
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
|
||||||
|
@@ -0,0 +1,87 @@
|
||||||
|
+/** @file
|
||||||
|
+* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
|
||||||
|
+*
|
||||||
|
+* Copyright (C) 2015-2016, Red Hat, Inc.
|
||||||
|
+* Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
|
||||||
|
+*
|
||||||
|
+* This program and the accompanying materials are licensed and made available
|
||||||
|
+* under the terms and conditions of the BSD License which accompanies this
|
||||||
|
+* distribution. The full text of the license may be found at
|
||||||
|
+* http://opensource.org/licenses/bsd-license.php
|
||||||
|
+*
|
||||||
|
+* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
+* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
|
||||||
|
+* IMPLIED.
|
||||||
|
+*
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/PcdLib.h>
|
||||||
|
+#include <Library/QemuFwCfgLib.h>
|
||||||
|
+
|
||||||
|
+STATIC
|
||||||
|
+RETURN_STATUS
|
||||||
|
+GetNamedFwCfgBoolean (
|
||||||
|
+ IN CONST CHAR8 *FwCfgFileName,
|
||||||
|
+ OUT BOOLEAN *Setting
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ RETURN_STATUS Status;
|
||||||
|
+ FIRMWARE_CONFIG_ITEM FwCfgItem;
|
||||||
|
+ UINTN FwCfgSize;
|
||||||
|
+ UINT8 Value[3];
|
||||||
|
+
|
||||||
|
+ Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize);
|
||||||
|
+ if (RETURN_ERROR (Status)) {
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+ if (FwCfgSize > sizeof Value) {
|
||||||
|
+ return RETURN_BAD_BUFFER_SIZE;
|
||||||
|
+ }
|
||||||
|
+ QemuFwCfgSelectItem (FwCfgItem);
|
||||||
|
+ QemuFwCfgReadBytes (FwCfgSize, Value);
|
||||||
|
+
|
||||||
|
+ if ((FwCfgSize == 1) ||
|
||||||
|
+ (FwCfgSize == 2 && Value[1] == '\n') ||
|
||||||
|
+ (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) {
|
||||||
|
+ switch (Value[0]) {
|
||||||
|
+ case '0':
|
||||||
|
+ case 'n':
|
||||||
|
+ case 'N':
|
||||||
|
+ *Setting = FALSE;
|
||||||
|
+ return RETURN_SUCCESS;
|
||||||
|
+
|
||||||
|
+ case '1':
|
||||||
|
+ case 'y':
|
||||||
|
+ case 'Y':
|
||||||
|
+ *Setting = TRUE;
|
||||||
|
+ return RETURN_SUCCESS;
|
||||||
|
+
|
||||||
|
+ default:
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return RETURN_PROTOCOL_ERROR;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
|
||||||
|
+ do { \
|
||||||
|
+ BOOLEAN Setting; \
|
||||||
|
+ RETURN_STATUS PcdStatus; \
|
||||||
|
+ \
|
||||||
|
+ if (!RETURN_ERROR (GetNamedFwCfgBoolean ( \
|
||||||
|
+ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
|
||||||
|
+ PcdStatus = PcdSetBoolS (TokenName, Setting); \
|
||||||
|
+ ASSERT_RETURN_ERROR (PcdStatus); \
|
||||||
|
+ } \
|
||||||
|
+ } while (0)
|
||||||
|
+
|
||||||
|
+RETURN_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+TerminalPcdProducerLibConstructor (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
|
||||||
|
+ return RETURN_SUCCESS;
|
||||||
|
+}
|
||||||
|
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..fecb37bcdf
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||||
|
@@ -0,0 +1,41 @@
|
||||||
|
+## @file
|
||||||
|
+# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
|
||||||
|
+#
|
||||||
|
+# Copyright (C) 2015-2016, Red Hat, Inc.
|
||||||
|
+# Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
|
||||||
|
+#
|
||||||
|
+# This program and the accompanying materials are licensed and made available
|
||||||
|
+# under the terms and conditions of the BSD License which accompanies this
|
||||||
|
+# distribution. The full text of the license may be found at
|
||||||
|
+# http://opensource.org/licenses/bsd-license.php
|
||||||
|
+#
|
||||||
|
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
|
||||||
|
+# IMPLIED.
|
||||||
|
+#
|
||||||
|
+##
|
||||||
|
+
|
||||||
|
+[Defines]
|
||||||
|
+ INF_VERSION = 0x00010005
|
||||||
|
+ BASE_NAME = TerminalPcdProducerLib
|
||||||
|
+ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
|
||||||
|
+ MODULE_TYPE = BASE
|
||||||
|
+ VERSION_STRING = 1.0
|
||||||
|
+ LIBRARY_CLASS = TerminalPcdProducerLib|DXE_DRIVER
|
||||||
|
+ CONSTRUCTOR = TerminalPcdProducerLibConstructor
|
||||||
|
+
|
||||||
|
+[Sources]
|
||||||
|
+ TerminalPcdProducerLib.c
|
||||||
|
+
|
||||||
|
+[Packages]
|
||||||
|
+ MdePkg/MdePkg.dec
|
||||||
|
+ OvmfPkg/OvmfPkg.dec
|
||||||
|
+ MdeModulePkg/MdeModulePkg.dec
|
||||||
|
+
|
||||||
|
+[LibraryClasses]
|
||||||
|
+ DebugLib
|
||||||
|
+ PcdLib
|
||||||
|
+ QemuFwCfgLib
|
||||||
|
+
|
||||||
|
+[Pcd]
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,147 @@
|
|||||||
|
From 229c88dc3ded9baeaca8b87767dc5c41c05afd6e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
||||||
|
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
|
||||||
|
only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- update the patch against the following upstream commits:
|
||||||
|
- 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
|
||||||
|
- 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
|
||||||
|
tool chain", 2018-11-27)
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com>
|
||||||
|
Patchwork-id: 62119
|
||||||
|
O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell
|
||||||
|
from the firmware image (RH only)
|
||||||
|
Bugzilla: 1147592
|
||||||
|
Acked-by: Andrew Jones <drjones@redhat.com>
|
||||||
|
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
|
||||||
|
binary from the firmware image.
|
||||||
|
|
||||||
|
Peter Jones advised us that firmware vendors for physical systems disable
|
||||||
|
the memory-mapped, firmware image-contained UEFI shell in
|
||||||
|
SecureBoot-enabled builds. The reason being that the memory-mapped shell
|
||||||
|
can always load, it may have direct access to various hardware in the
|
||||||
|
system, and it can run UEFI shell scripts (which cannot be signed at all).
|
||||||
|
|
||||||
|
Intended use of the new build option:
|
||||||
|
|
||||||
|
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
|
||||||
|
firmware image will contain a shell binary, independently of SecureBoot
|
||||||
|
enablement, which is flexible for interactive development. (Ie. no
|
||||||
|
change for in-tree builds.)
|
||||||
|
|
||||||
|
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
|
||||||
|
'-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
|
||||||
|
|
||||||
|
- OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
|
||||||
|
|
||||||
|
- OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
|
||||||
|
|
||||||
|
- UefiShell.iso: a bootable ISO image with the shell on it as default
|
||||||
|
boot loader. The shell binary will load when SecureBoot is turned off,
|
||||||
|
and won't load when SecureBoot is turned on (because it is not
|
||||||
|
signed).
|
||||||
|
|
||||||
|
UefiShell.iso is the reason we're not excluding the shell from the DSC
|
||||||
|
files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
|
||||||
|
is specified, the shell binary needs to be built the same, only it
|
||||||
|
will be included in UefiShell.iso.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
|
||||||
|
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
|
||||||
|
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
|
||||||
|
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
|
||||||
|
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
|
||||||
|
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
|
||||||
|
---
|
||||||
|
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
||||||
|
OvmfPkg/OvmfPkgX64.fdf | 2 ++
|
||||||
|
3 files changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
index 326f82384e..dff2fcd9f6 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
@@ -278,10 +278,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||||
|
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||||
|
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||||
|
|
||||||
|
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||||
|
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||||
|
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||||
|
!endif
|
||||||
|
INF ShellPkg/Application/Shell/Shell.inf
|
||||||
|
+!endif
|
||||||
|
|
||||||
|
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
index aefb6614ad..6684a2e799 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||||
|
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||||
|
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||||
|
|
||||||
|
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||||
|
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||||
|
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||||
|
!endif
|
||||||
|
INF ShellPkg/Application/Shell/Shell.inf
|
||||||
|
+!endif
|
||||||
|
|
||||||
|
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
index aefb6614ad..6684a2e799 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||||
|
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||||
|
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||||
|
|
||||||
|
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||||
|
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||||
|
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||||
|
!endif
|
||||||
|
INF ShellPkg/Application/Shell/Shell.inf
|
||||||
|
+!endif
|
||||||
|
|
||||||
|
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||||
|
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,81 @@
|
|||||||
|
From 9f756c1ad83cc81f7d892cd036d59a2b567b02dc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 14 Oct 2015 13:49:43 +0200
|
||||||
|
Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
|
||||||
|
machine firmware) print a reasonably early, simple hello message to the
|
||||||
|
serial port, regardless of debug mask settings. This should inform
|
||||||
|
interactive users, and provide some rough help in localizing boot
|
||||||
|
problems, even with restrictive debug masks.
|
||||||
|
|
||||||
|
If a platform doesn't want this feature, it should stick with the default
|
||||||
|
empty string.
|
||||||
|
|
||||||
|
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
|
||||||
|
Downstream only:
|
||||||
|
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
|
||||||
|
|
||||||
|
Suggested-by: Drew Jones <drjones@redhat.com>
|
||||||
|
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
|
||||||
|
(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
|
||||||
|
(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
|
||||||
|
(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
|
||||||
|
(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
|
||||||
|
(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
|
||||||
|
---
|
||||||
|
ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||||
|
index c8ea183313..bab4804a17 100644
|
||||||
|
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||||
|
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||||
|
@@ -108,6 +108,13 @@
|
||||||
|
## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
|
||||||
|
gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
|
||||||
|
|
||||||
|
+ #
|
||||||
|
+ # Early hello message (ASCII string), printed to the serial port.
|
||||||
|
+ # If set to the empty string, nothing is printed.
|
||||||
|
+ # Otherwise, a trailing CRLF should be specified explicitly.
|
||||||
|
+ #
|
||||||
|
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100
|
||||||
|
+
|
||||||
|
[PcdsFixedAtBuild.common,PcdsDynamic.common]
|
||||||
|
## PL031 RealTimeClock
|
||||||
|
gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,133 @@
|
|||||||
|
From 8d5a8827aabc67cb2a046697e1a750ca8d9cc453 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 14 Oct 2015 13:59:20 +0200
|
||||||
|
Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
|
||||||
|
port (RH)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed
|
||||||
|
temporary stack before entering PEI core", 2017-11-09) -- conflict
|
||||||
|
resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf"
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
The FixedPcdGetSize() macro expands to an integer constant, therefore an
|
||||||
|
optimizing compiler can eliminate the new code, if the platform DSC
|
||||||
|
doesn't override the empty string (size=1) default of
|
||||||
|
PcdEarlyHelloMessage.
|
||||||
|
|
||||||
|
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
|
||||||
|
Downstream only:
|
||||||
|
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
|
||||||
|
|
||||||
|
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
|
||||||
|
(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
|
||||||
|
(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
|
||||||
|
(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
|
||||||
|
(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
|
||||||
|
(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
|
||||||
|
---
|
||||||
|
ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++
|
||||||
|
ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++
|
||||||
|
ArmPlatformPkg/PrePeiCore/PrePeiCore.h | 1 +
|
||||||
|
ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf | 2 ++
|
||||||
|
ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++
|
||||||
|
5 files changed, 15 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||||
|
index d379ad8b7a..ff1672f94d 100644
|
||||||
|
--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||||
|
+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||||
|
@@ -111,6 +111,11 @@ PrimaryMain (
|
||||||
|
UINTN TemporaryRamBase;
|
||||||
|
UINTN TemporaryRamSize;
|
||||||
|
|
||||||
|
+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
|
||||||
|
+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
|
||||||
|
+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
CreatePpiList (&PpiListSize, &PpiList);
|
||||||
|
|
||||||
|
// Enable the GIC Distributor
|
||||||
|
diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||||
|
index 1500d2bd51..5b0790beac 100644
|
||||||
|
--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||||
|
+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||||
|
@@ -29,6 +29,11 @@ PrimaryMain (
|
||||||
|
UINTN TemporaryRamBase;
|
||||||
|
UINTN TemporaryRamSize;
|
||||||
|
|
||||||
|
+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
|
||||||
|
+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
|
||||||
|
+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
CreatePpiList (&PpiListSize, &PpiList);
|
||||||
|
|
||||||
|
// Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
|
||||||
|
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||||
|
index 7140c7f5b5..1d69a2b468 100644
|
||||||
|
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||||
|
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||||
|
@@ -15,6 +15,7 @@
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/IoLib.h>
|
||||||
|
#include <Library/PcdLib.h>
|
||||||
|
+#include <Library/SerialPortLib.h>
|
||||||
|
|
||||||
|
#include <PiPei.h>
|
||||||
|
#include <Ppi/TemporaryRamSupport.h>
|
||||||
|
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||||
|
index f2ac45d171..fc93fda965 100644
|
||||||
|
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||||
|
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||||
|
@@ -67,6 +67,8 @@
|
||||||
|
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
|
||||||
|
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
|
||||||
|
|
||||||
|
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
|
||||||
|
+
|
||||||
|
gArmTokenSpaceGuid.PcdGicDistributorBase
|
||||||
|
gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
|
||||||
|
gArmTokenSpaceGuid.PcdGicSgiIntId
|
||||||
|
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||||
|
index 84c319c367..46d1b30978 100644
|
||||||
|
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||||
|
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||||
|
@@ -65,4 +65,6 @@
|
||||||
|
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
|
||||||
|
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
|
||||||
|
|
||||||
|
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
|
||||||
|
+
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,68 @@
|
|||||||
|
From ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 14 Oct 2015 14:07:17 +0200
|
||||||
|
Subject: ArmVirtPkg: set early hello message (RH only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg:
|
||||||
|
don't set PcdCoreCount", 2019-02-13)
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Print a friendly banner on QEMU, regardless of debug mask settings.
|
||||||
|
|
||||||
|
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
|
||||||
|
Downstream only:
|
||||||
|
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
|
||||||
|
|
||||||
|
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
|
||||||
|
(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
|
||||||
|
(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
|
||||||
|
(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
|
||||||
|
(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
|
||||||
|
(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
|
||||||
|
---
|
||||||
|
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
index 696b0b5bcd..08c7a36339 100644
|
||||||
|
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
@@ -101,6 +101,7 @@
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE
|
||||||
|
|
||||||
|
[PcdsFixedAtBuild.common]
|
||||||
|
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
|
||||||
|
!if $(ARCH) == AARCH64
|
||||||
|
gArmTokenSpaceGuid.PcdVFPEnabled|1
|
||||||
|
!endif
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
94
SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
Normal file
94
SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
From 3cb92f9ba18ac79911bd5258ff4f949cc617ae89 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Date: Tue, 21 Nov 2017 00:57:45 +0100
|
||||||
|
Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Message-id: <20171120235748.29669-5-pbonzini@redhat.com>
|
||||||
|
Patchwork-id: 77760
|
||||||
|
O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
|
||||||
|
Bugzilla: 1488247
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
|
||||||
|
Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed
|
||||||
|
debug messages, and code in OvmfPkg logs many messages on the
|
||||||
|
DEBUG_VERBOSE level.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117)
|
||||||
|
(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9)
|
||||||
|
(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76)
|
||||||
|
(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
|
||||||
|
(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50)
|
||||||
|
---
|
||||||
|
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
||||||
|
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
index accf5c0211..759075a815 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
@@ -479,7 +479,7 @@
|
||||||
|
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||||
|
# // significantly impact boot performance
|
||||||
|
# DEBUG_ERROR 0x80000000 // Error
|
||||||
|
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||||
|
|
||||||
|
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
index 8812da9943..634e20f09c 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
@@ -484,7 +484,7 @@
|
||||||
|
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||||
|
# // significantly impact boot performance
|
||||||
|
# DEBUG_ERROR 0x80000000 // Error
|
||||||
|
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||||
|
|
||||||
|
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
index 73e1b7824f..bc5a345a37 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
@@ -484,7 +484,7 @@
|
||||||
|
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||||
|
# // significantly impact boot performance
|
||||||
|
# DEBUG_ERROR 0x80000000 // Error
|
||||||
|
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||||
|
|
||||||
|
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,141 @@
|
|||||||
|
From c8c3f893e7c3710afe45c46839e97954871536e4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Date: Tue, 21 Nov 2017 00:57:46 +0100
|
||||||
|
Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
|
||||||
|
QemuVideoDxe/QemuRamfbDxe (RH)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- Due to upstream commit 4b04d9d73604 ("OvmfPkg: Don't build in
|
||||||
|
QemuVideoDxe when we have CSM", 2019-06-26), the contexts of
|
||||||
|
"QemuVideoDxe.inf" / "QemuRamfbDxe.inf" have changed in the DSC files.
|
||||||
|
Resolve the conflict manually.
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14)
|
||||||
|
introduced another GOP driver that consumes FrameBufferBltLib, and
|
||||||
|
thereby produces a large number of (mostly useless) debug messages at
|
||||||
|
the DEBUG_VERBOSE level. Extend the patch to suppress those messages in
|
||||||
|
both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly.
|
||||||
|
QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also
|
||||||
|
the original commit message at the bottom of this downstream patch).
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Message-id: <20171120235748.29669-6-pbonzini@redhat.com>
|
||||||
|
Patchwork-id: 77761
|
||||||
|
O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
|
||||||
|
QemuVideoDxe (RH only)
|
||||||
|
Bugzilla: 1488247
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
|
||||||
|
In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses
|
||||||
|
MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to
|
||||||
|
FrameBufferBltLib.
|
||||||
|
|
||||||
|
The FrameBufferBltLib instance added in commit b1ca386074bd
|
||||||
|
("MdeModulePkg: Add FrameBufferBltLib library instance") logs many
|
||||||
|
messages on the VERBOSE level; for example, a normal boot with OVMF can
|
||||||
|
produce 500+ "VideoFill" messages, dependent on the progress bar, when the
|
||||||
|
VERBOSE bit is set in PcdDebugPrintErrorLevel.
|
||||||
|
|
||||||
|
QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose
|
||||||
|
none of its messages this way.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52)
|
||||||
|
(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3)
|
||||||
|
(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0)
|
||||||
|
(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
|
||||||
|
(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850)
|
||||||
|
---
|
||||||
|
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
|
||||||
|
OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++--
|
||||||
|
3 files changed, 24 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
index 759075a815..6a07a6af81 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
@@ -742,9 +742,15 @@
|
||||||
|
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||||
|
|
||||||
|
!ifndef $(CSM_ENABLE)
|
||||||
|
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||||
|
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
!endif
|
||||||
|
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
index 634e20f09c..c7f52992e9 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
@@ -755,9 +755,15 @@
|
||||||
|
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||||
|
|
||||||
|
!ifndef $(CSM_ENABLE)
|
||||||
|
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||||
|
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
!endif
|
||||||
|
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
index bc5a345a37..594ecb5362 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
@@ -753,9 +753,15 @@
|
||||||
|
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||||
|
|
||||||
|
!ifndef $(CSM_ENABLE)
|
||||||
|
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||||
|
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
!endif
|
||||||
|
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,85 @@
|
|||||||
|
From e5b8152bced2364a1ded0926dbba4d65e23e3f84 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Wed, 27 Jan 2016 03:05:18 +0100
|
||||||
|
Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
|
||||||
|
only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- The previous version of this patch (downstream commit 76b4ac28e975)
|
||||||
|
caused a regression (RHBZ#1714446), which was fixed up in downstream
|
||||||
|
commit 5a216abaa737 ("ArmVirtPkg: silence DEBUG_VERBOSE masking
|
||||||
|
~0x00400000 in QemuRamfbDxe (RH only)", 2019-08-05).
|
||||||
|
|
||||||
|
Squash the fixup into the original patch. Fuse the commit messages.
|
||||||
|
(Acked-by tags are not preserved, lest we confuse ourselves while
|
||||||
|
reviewing this rebase.)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add
|
||||||
|
QemuRamfbDxe", 2018-06-14)
|
||||||
|
|
||||||
|
QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in
|
||||||
|
commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library
|
||||||
|
instance") logs many messages on the VERBOSE level; for example, a normal
|
||||||
|
boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages,
|
||||||
|
dependent on the progress bar, when the VERBOSE bit is set in
|
||||||
|
PcdDebugPrintErrorLevel.
|
||||||
|
|
||||||
|
Clear the VERBOSE bit without touching other bits -- those other bits
|
||||||
|
differ between the "silent" and "verbose" builds, so we can't set them as
|
||||||
|
constants.
|
||||||
|
|
||||||
|
QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose
|
||||||
|
none of its messages, with the VERBOSE bit clear.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 76b4ac28e975bd63c25db903a1d42c47b38cc756)
|
||||||
|
Reported-by: Andrew Jones <drjones@redhat.com>
|
||||||
|
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++-
|
||||||
|
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
|
||||||
|
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
index 08c7a36339..b3dcdd747b 100644
|
||||||
|
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||||
|
@@ -422,7 +422,10 @@
|
||||||
|
#
|
||||||
|
# Video support
|
||||||
|
#
|
||||||
|
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
|
||||||
|
+ }
|
||||||
|
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||||
|
OvmfPkg/PlatformDxe/Platform.inf
|
||||||
|
|
||||||
|
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||||
|
index 27e65b7638..008181055a 100644
|
||||||
|
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||||
|
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||||
|
@@ -400,7 +400,10 @@
|
||||||
|
#
|
||||||
|
# Video support
|
||||||
|
#
|
||||||
|
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
|
||||||
|
+ }
|
||||||
|
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||||
|
OvmfPkg/PlatformDxe/Platform.inf
|
||||||
|
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,83 @@
|
|||||||
|
From aa2b66b18a62d652bdbefae7b5732297294306ca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
Date: Thu, 1 Aug 2019 20:43:48 +0200
|
||||||
|
Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
|
||||||
|
builds (RH only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- We have to carry this downstream-only patch -- committed originally as
|
||||||
|
aaaedc1e2cfd -- indefinitely.
|
||||||
|
|
||||||
|
- To avoid confusion, remove the tags from the commit message that had
|
||||||
|
been added by the downstream maintainer scripts, such as: Message-id,
|
||||||
|
Patchwork-id, O-Subject, Acked-by. These remain available on the
|
||||||
|
original downstream commit. The Bugzilla line is preserved, as it
|
||||||
|
doesn't relate to a specific posting, but to the problem.
|
||||||
|
|
||||||
|
Bugzilla: 1714446
|
||||||
|
|
||||||
|
To suppress an error message on the silent build when ramfb is
|
||||||
|
not configured, change QemuRamfbDxe to return EFI_SUCCESS even
|
||||||
|
when it fails.
|
||||||
|
Some memory is wasted (driver stays resident without
|
||||||
|
any good use), but it is mostly harmless, as the memory
|
||||||
|
is released by the OS after ExitBootServices().
|
||||||
|
|
||||||
|
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++
|
||||||
|
OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 +
|
||||||
|
2 files changed, 15 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||||
|
index 0d49d8bbab..dbf9bcbe16 100644
|
||||||
|
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||||
|
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||||
|
@@ -13,6 +13,7 @@
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/DebugPrintErrorLevelLib.h>
|
||||||
|
#include <Library/DevicePathLib.h>
|
||||||
|
#include <Library/FrameBufferBltLib.h>
|
||||||
|
#include <Library/MemoryAllocationLib.h>
|
||||||
|
@@ -242,6 +243,19 @@ InitializeQemuRamfb (
|
||||||
|
|
||||||
|
Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
+#if defined (MDE_CPU_AARCH64)
|
||||||
|
+ //
|
||||||
|
+ // RHBZ#1714446
|
||||||
|
+ // If no ramfb device was configured, this platform DXE driver should
|
||||||
|
+ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
|
||||||
|
+ // using a silent build, an error message is issued to the guest console.
|
||||||
|
+ // Since this confuse users, return success and stay resident. The wasted
|
||||||
|
+ // guest RAM still gets freed later after ExitBootServices().
|
||||||
|
+ //
|
||||||
|
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
return EFI_NOT_FOUND;
|
||||||
|
}
|
||||||
|
if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
|
||||||
|
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
index e3890b8c20..6ffee5acb2 100644
|
||||||
|
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||||
|
@@ -29,6 +29,7 @@
|
||||||
|
BaseLib
|
||||||
|
BaseMemoryLib
|
||||||
|
DebugLib
|
||||||
|
+ DebugPrintErrorLevelLib
|
||||||
|
DevicePathLib
|
||||||
|
FrameBufferBltLib
|
||||||
|
MemoryAllocationLib
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,104 @@
|
|||||||
|
From b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
Date: Tue, 21 Nov 2017 00:57:47 +0100
|
||||||
|
Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
|
||||||
|
only)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||||
|
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||||
|
|
||||||
|
- no change
|
||||||
|
|
||||||
|
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||||
|
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- reorder the rebase changelog in the commit message so that it reads like
|
||||||
|
a blog: place more recent entries near the top
|
||||||
|
- no changes to the patch body
|
||||||
|
|
||||||
|
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||||
|
|
||||||
|
- no changes
|
||||||
|
|
||||||
|
Message-id: <20171120235748.29669-7-pbonzini@redhat.com>
|
||||||
|
Patchwork-id: 77759
|
||||||
|
O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
|
||||||
|
NvmExpressDxe (RH only)
|
||||||
|
Bugzilla: 1488247
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Acked-by: Thomas Huth <thuth@redhat.com>
|
||||||
|
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
|
||||||
|
NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE
|
||||||
|
level.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f)
|
||||||
|
(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4)
|
||||||
|
(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8)
|
||||||
|
(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
|
||||||
|
(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958)
|
||||||
|
---
|
||||||
|
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
|
||||||
|
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
|
||||||
|
3 files changed, 12 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
index 6a07a6af81..1c56e0948a 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
@@ -735,7 +735,10 @@
|
||||||
|
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||||
|
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||||
|
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||||
|
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||||
|
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||||
|
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||||
|
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
index c7f52992e9..29e12c9dff 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
@@ -748,7 +748,10 @@
|
||||||
|
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||||
|
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||||
|
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||||
|
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||||
|
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||||
|
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||||
|
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
index 594ecb5362..11fe9f6050 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
@@ -746,7 +746,10 @@
|
||||||
|
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||||
|
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||||
|
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||||
|
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||||
|
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||||
|
+ <PcdsFixedAtBuild>
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||||
|
+ }
|
||||||
|
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||||
|
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||||
|
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
@ -0,0 +1,79 @@
|
|||||||
|
From 57bd3f146590df8757865d8f2cdd1db3cf3f4d40 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Sat, 16 Nov 2019 17:11:27 +0100
|
||||||
|
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
|
||||||
|
(RH)
|
||||||
|
|
||||||
|
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||||
|
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||||
|
|
||||||
|
- new patch
|
||||||
|
|
||||||
|
The downstream changes in RHEL8's OpenSSL package, for example in
|
||||||
|
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
|
||||||
|
preexistent code into those new files. In order to avoid undefined
|
||||||
|
references in link editing, we have to list the new files.
|
||||||
|
|
||||||
|
Note: "process_files.pl" is not re-run at this time manually, because
|
||||||
|
|
||||||
|
(a) "process_files.pl" would pollute the file list (and some of the
|
||||||
|
auto-generated header files) with RHEL8-specific FIPS artifacts, which
|
||||||
|
are explicitly unwanted in edk2,
|
||||||
|
|
||||||
|
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
|
||||||
|
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
|
||||||
|
and will help with future changes too.
|
||||||
|
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
|
||||||
|
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
|
||||||
|
2 files changed, 22 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
index dd873a0dcd..d1c7602b87 100644
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
@@ -598,6 +598,17 @@
|
||||||
|
$(OPENSSL_PATH)/ssl/record/record.h
|
||||||
|
$(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||||
|
# Autogenerated files list ends here
|
||||||
|
+# RHEL8-specific OpenSSL file list starts here
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||||
|
+# RHEL8-specific OpenSSL file list ends here
|
||||||
|
|
||||||
|
ossl_store.c
|
||||||
|
rand_pool.c
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
index a1bb560255..0785a421dd 100644
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
@@ -546,6 +546,17 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||||
|
# Autogenerated files list ends here
|
||||||
|
+# RHEL8-specific OpenSSL file list starts here
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||||||
|
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||||
|
+# RHEL8-specific OpenSSL file list ends here
|
||||||
|
buildinf.h
|
||||||
|
rand_pool_noise.h
|
||||||
|
ossl_store.c
|
||||||
|
--
|
||||||
|
2.18.1
|
||||||
|
|
21
SOURCES/LICENSE.qosb
Normal file
21
SOURCES/LICENSE.qosb
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2017 Patrick Uiterwijk
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
22
SOURCES/RedHatSecureBootPkKek1.pem
Normal file
22
SOURCES/RedHatSecureBootPkKek1.pem
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
|
||||||
|
BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
|
||||||
|
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
|
||||||
|
MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
|
||||||
|
RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
|
||||||
|
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
|
||||||
|
+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
|
||||||
|
huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
|
||||||
|
bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
|
||||||
|
3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
|
||||||
|
y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
|
||||||
|
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
|
||||||
|
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
|
||||||
|
HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
|
||||||
|
ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
|
||||||
|
3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
|
||||||
|
1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
|
||||||
|
qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
|
||||||
|
NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
|
||||||
|
R+SqIs/vdWGA40O3SFdzET14m2k=
|
||||||
|
-----END CERTIFICATE-----
|
@ -0,0 +1,338 @@
|
|||||||
|
From 3c9574af677c24b969c3baa6a527dabaf97f11a2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:31:53 +0100
|
||||||
|
Subject: [PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-6-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92461
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the
|
||||||
|
edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib,
|
||||||
|
StdLibPrivateInternalFiles", 2019-04-29).
|
||||||
|
|
||||||
|
We'd like to use the inet_pton() function in CryptoPkg. Resurrect the
|
||||||
|
"inet_pton.c" file from just before the StdLib removal, as follows:
|
||||||
|
|
||||||
|
$ git show \
|
||||||
|
964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \
|
||||||
|
> CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||||
|
|
||||||
|
The inet_pton() function is only intended for the DXE phase at this time,
|
||||||
|
therefore only the "BaseCryptLib" instance INF file receives the new file.
|
||||||
|
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
(cherry picked from commit 8d16ef8269b2ff373d8da674e59992adfdc032d3)
|
||||||
|
---
|
||||||
|
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
|
||||||
|
CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 +++++++++++++++++++++
|
||||||
|
CryptoPkg/Library/Include/CrtLibSupport.h | 1 +
|
||||||
|
3 files changed, 259 insertions(+)
|
||||||
|
create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||||
|
index 8d4988e..b5cfd8b 100644
|
||||||
|
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||||
|
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||||
|
@@ -58,6 +58,7 @@
|
||||||
|
SysCall/CrtWrapper.c
|
||||||
|
SysCall/TimerWrapper.c
|
||||||
|
SysCall/BaseMemAllocation.c
|
||||||
|
+ SysCall/inet_pton.c
|
||||||
|
|
||||||
|
[Sources.Ia32]
|
||||||
|
Rand/CryptRandTsc.c
|
||||||
|
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..32e1ab8
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||||
|
@@ -0,0 +1,257 @@
|
||||||
|
+/* Copyright (c) 1996 by Internet Software Consortium.
|
||||||
|
+ *
|
||||||
|
+ * Permission to use, copy, modify, and distribute this software for any
|
||||||
|
+ * purpose with or without fee is hereby granted, provided that the above
|
||||||
|
+ * copyright notice and this permission notice appear in all copies.
|
||||||
|
+ *
|
||||||
|
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
|
||||||
|
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
|
||||||
|
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
|
||||||
|
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
||||||
|
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
|
||||||
|
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
||||||
|
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
||||||
|
+ * SOFTWARE.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Portions copyright (c) 1999, 2000
|
||||||
|
+ * Intel Corporation.
|
||||||
|
+ * All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
|
+ * modification, are permitted provided that the following conditions
|
||||||
|
+ * are met:
|
||||||
|
+ *
|
||||||
|
+ * 1. Redistributions of source code must retain the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer.
|
||||||
|
+ *
|
||||||
|
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
+ * notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ * documentation and/or other materials provided with the distribution.
|
||||||
|
+ *
|
||||||
|
+ * 3. All advertising materials mentioning features or use of this software
|
||||||
|
+ * must display the following acknowledgement:
|
||||||
|
+ *
|
||||||
|
+ * This product includes software developed by Intel Corporation and
|
||||||
|
+ * its contributors.
|
||||||
|
+ *
|
||||||
|
+ * 4. Neither the name of Intel Corporation or its contributors may be
|
||||||
|
+ * used to endorse or promote products derived from this software
|
||||||
|
+ * without specific prior written permission.
|
||||||
|
+ *
|
||||||
|
+ * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS''
|
||||||
|
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
+ * ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE
|
||||||
|
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||||
|
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||||
|
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||||
|
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||||
|
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
||||||
|
+ * THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
+ *
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#if defined(LIBC_SCCS) && !defined(lint)
|
||||||
|
+static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $";
|
||||||
|
+#endif /* LIBC_SCCS and not lint */
|
||||||
|
+
|
||||||
|
+#include <sys/param.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <sys/socket.h>
|
||||||
|
+#include <netinet/in.h>
|
||||||
|
+#include <arpa/inet.h>
|
||||||
|
+#include <arpa/nameser.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <errno.h>
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * WARNING: Don't even consider trying to compile this on a system where
|
||||||
|
+ * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+static int inet_pton4 (const char *src, u_char *dst);
|
||||||
|
+static int inet_pton6 (const char *src, u_char *dst);
|
||||||
|
+
|
||||||
|
+/* int
|
||||||
|
+ * inet_pton(af, src, dst)
|
||||||
|
+ * convert from presentation format (which usually means ASCII printable)
|
||||||
|
+ * to network format (which is usually some kind of binary format).
|
||||||
|
+ * return:
|
||||||
|
+ * 1 if the address was valid for the specified address family
|
||||||
|
+ * 0 if the address wasn't valid (`dst' is untouched in this case)
|
||||||
|
+ * -1 if some other error occurred (`dst' is untouched in this case, too)
|
||||||
|
+ * author:
|
||||||
|
+ * Paul Vixie, 1996.
|
||||||
|
+ */
|
||||||
|
+int
|
||||||
|
+inet_pton(
|
||||||
|
+ int af,
|
||||||
|
+ const char *src,
|
||||||
|
+ void *dst
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ switch (af) {
|
||||||
|
+ case AF_INET:
|
||||||
|
+ return (inet_pton4(src, dst));
|
||||||
|
+ case AF_INET6:
|
||||||
|
+ return (inet_pton6(src, dst));
|
||||||
|
+ default:
|
||||||
|
+ errno = EAFNOSUPPORT;
|
||||||
|
+ return (-1);
|
||||||
|
+ }
|
||||||
|
+ /* NOTREACHED */
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* int
|
||||||
|
+ * inet_pton4(src, dst)
|
||||||
|
+ * like inet_aton() but without all the hexadecimal and shorthand.
|
||||||
|
+ * return:
|
||||||
|
+ * 1 if `src' is a valid dotted quad, else 0.
|
||||||
|
+ * notice:
|
||||||
|
+ * does not touch `dst' unless it's returning 1.
|
||||||
|
+ * author:
|
||||||
|
+ * Paul Vixie, 1996.
|
||||||
|
+ */
|
||||||
|
+static int
|
||||||
|
+inet_pton4(
|
||||||
|
+ const char *src,
|
||||||
|
+ u_char *dst
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ static const char digits[] = "0123456789";
|
||||||
|
+ int saw_digit, octets, ch;
|
||||||
|
+ u_char tmp[NS_INADDRSZ], *tp;
|
||||||
|
+
|
||||||
|
+ saw_digit = 0;
|
||||||
|
+ octets = 0;
|
||||||
|
+ *(tp = tmp) = 0;
|
||||||
|
+ while ((ch = *src++) != '\0') {
|
||||||
|
+ const char *pch;
|
||||||
|
+
|
||||||
|
+ if ((pch = strchr(digits, ch)) != NULL) {
|
||||||
|
+ u_int new = *tp * 10 + (u_int)(pch - digits);
|
||||||
|
+
|
||||||
|
+ if (new > 255)
|
||||||
|
+ return (0);
|
||||||
|
+ *tp = (u_char)new;
|
||||||
|
+ if (! saw_digit) {
|
||||||
|
+ if (++octets > 4)
|
||||||
|
+ return (0);
|
||||||
|
+ saw_digit = 1;
|
||||||
|
+ }
|
||||||
|
+ } else if (ch == '.' && saw_digit) {
|
||||||
|
+ if (octets == 4)
|
||||||
|
+ return (0);
|
||||||
|
+ *++tp = 0;
|
||||||
|
+ saw_digit = 0;
|
||||||
|
+ } else
|
||||||
|
+ return (0);
|
||||||
|
+ }
|
||||||
|
+ if (octets < 4)
|
||||||
|
+ return (0);
|
||||||
|
+
|
||||||
|
+ memcpy(dst, tmp, NS_INADDRSZ);
|
||||||
|
+ return (1);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* int
|
||||||
|
+ * inet_pton6(src, dst)
|
||||||
|
+ * convert presentation level address to network order binary form.
|
||||||
|
+ * return:
|
||||||
|
+ * 1 if `src' is a valid [RFC1884 2.2] address, else 0.
|
||||||
|
+ * notice:
|
||||||
|
+ * (1) does not touch `dst' unless it's returning 1.
|
||||||
|
+ * (2) :: in a full address is silently ignored.
|
||||||
|
+ * credit:
|
||||||
|
+ * inspired by Mark Andrews.
|
||||||
|
+ * author:
|
||||||
|
+ * Paul Vixie, 1996.
|
||||||
|
+ */
|
||||||
|
+static int
|
||||||
|
+inet_pton6(
|
||||||
|
+ const char *src,
|
||||||
|
+ u_char *dst
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ static const char xdigits_l[] = "0123456789abcdef",
|
||||||
|
+ xdigits_u[] = "0123456789ABCDEF";
|
||||||
|
+ u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
|
||||||
|
+ const char *xdigits, *curtok;
|
||||||
|
+ int ch, saw_xdigit;
|
||||||
|
+ u_int val;
|
||||||
|
+
|
||||||
|
+ memset((tp = tmp), '\0', NS_IN6ADDRSZ);
|
||||||
|
+ endp = tp + NS_IN6ADDRSZ;
|
||||||
|
+ colonp = NULL;
|
||||||
|
+ /* Leading :: requires some special handling. */
|
||||||
|
+ if (*src == ':')
|
||||||
|
+ if (*++src != ':')
|
||||||
|
+ return (0);
|
||||||
|
+ curtok = src;
|
||||||
|
+ saw_xdigit = 0;
|
||||||
|
+ val = 0;
|
||||||
|
+ while ((ch = *src++) != '\0') {
|
||||||
|
+ const char *pch;
|
||||||
|
+
|
||||||
|
+ if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
|
||||||
|
+ pch = strchr((xdigits = xdigits_u), ch);
|
||||||
|
+ if (pch != NULL) {
|
||||||
|
+ val <<= 4;
|
||||||
|
+ val |= (pch - xdigits);
|
||||||
|
+ if (val > 0xffff)
|
||||||
|
+ return (0);
|
||||||
|
+ saw_xdigit = 1;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ if (ch == ':') {
|
||||||
|
+ curtok = src;
|
||||||
|
+ if (!saw_xdigit) {
|
||||||
|
+ if (colonp)
|
||||||
|
+ return (0);
|
||||||
|
+ colonp = tp;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ if (tp + NS_INT16SZ > endp)
|
||||||
|
+ return (0);
|
||||||
|
+ *tp++ = (u_char) (val >> 8) & 0xff;
|
||||||
|
+ *tp++ = (u_char) val & 0xff;
|
||||||
|
+ saw_xdigit = 0;
|
||||||
|
+ val = 0;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
|
||||||
|
+ inet_pton4(curtok, tp) > 0) {
|
||||||
|
+ tp += NS_INADDRSZ;
|
||||||
|
+ saw_xdigit = 0;
|
||||||
|
+ break; /* '\0' was seen by inet_pton4(). */
|
||||||
|
+ }
|
||||||
|
+ return (0);
|
||||||
|
+ }
|
||||||
|
+ if (saw_xdigit) {
|
||||||
|
+ if (tp + NS_INT16SZ > endp)
|
||||||
|
+ return (0);
|
||||||
|
+ *tp++ = (u_char) (val >> 8) & 0xff;
|
||||||
|
+ *tp++ = (u_char) val & 0xff;
|
||||||
|
+ }
|
||||||
|
+ if (colonp != NULL) {
|
||||||
|
+ /*
|
||||||
|
+ * Since some memmove()'s erroneously fail to handle
|
||||||
|
+ * overlapping regions, we'll do the shift by hand.
|
||||||
|
+ */
|
||||||
|
+ const int n = (int)(tp - colonp);
|
||||||
|
+ int i;
|
||||||
|
+
|
||||||
|
+ for (i = 1; i <= n; i++) {
|
||||||
|
+ endp[- i] = colonp[n - i];
|
||||||
|
+ colonp[n - i] = 0;
|
||||||
|
+ }
|
||||||
|
+ tp = endp;
|
||||||
|
+ }
|
||||||
|
+ if (tp != endp)
|
||||||
|
+ return (0);
|
||||||
|
+ memcpy(dst, tmp, NS_IN6ADDRSZ);
|
||||||
|
+ return (1);
|
||||||
|
+}
|
||||||
|
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
index e603fad..5a20ba6 100644
|
||||||
|
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
@@ -192,6 +192,7 @@ void abort (void) __attribute__((__noreturn__));
|
||||||
|
#else
|
||||||
|
void abort (void);
|
||||||
|
#endif
|
||||||
|
+int inet_pton (int, const char *, void *);
|
||||||
|
|
||||||
|
//
|
||||||
|
// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,188 @@
|
|||||||
|
From 1ab1024f94401300fe9a1d5cdce6c15a2b091e02 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:31:50 +0100
|
||||||
|
Subject: [PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies
|
||||||
|
(CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-5-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92453
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
In a later patch in this series, we're going to resurrect "inet_pton.c"
|
||||||
|
(originally from the StdLib package). That source file has a number of
|
||||||
|
standard C and BSD socket dependencies. Provide those dependencies here:
|
||||||
|
|
||||||
|
- The header files below will simply #include <CrtLibSupport.h>:
|
||||||
|
|
||||||
|
- arpa/inet.h
|
||||||
|
- arpa/nameser.h
|
||||||
|
- netinet/in.h
|
||||||
|
- sys/param.h
|
||||||
|
- sys/socket.h
|
||||||
|
|
||||||
|
- EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
|
||||||
|
e2d3a25f1a31; which is the commit immediately preceding the removal of
|
||||||
|
StdLib from edk2 (964f432b9b0a).
|
||||||
|
|
||||||
|
Note that the other error macro, which we alread #define, namely EINVAL,
|
||||||
|
has a value (22) that also matches "StdLib/Include/errno.h".
|
||||||
|
|
||||||
|
- The AF_INET and AF_INET6 address family macros come from
|
||||||
|
"StdLib/Include/sys/socket.h".
|
||||||
|
|
||||||
|
- The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
|
||||||
|
"StdLib/Include/arpa/nameser.h".
|
||||||
|
|
||||||
|
- The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
|
||||||
|
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
(cherry picked from commit 2ac41c12c0d4b3d3ee8f905ab80da019e784de00)
|
||||||
|
---
|
||||||
|
CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++
|
||||||
|
CryptoPkg/Library/Include/arpa/inet.h | 9 +++++++++
|
||||||
|
CryptoPkg/Library/Include/arpa/nameser.h | 9 +++++++++
|
||||||
|
CryptoPkg/Library/Include/netinet/in.h | 9 +++++++++
|
||||||
|
CryptoPkg/Library/Include/sys/param.h | 9 +++++++++
|
||||||
|
CryptoPkg/Library/Include/sys/socket.h | 9 +++++++++
|
||||||
|
6 files changed, 61 insertions(+)
|
||||||
|
create mode 100644 CryptoPkg/Library/Include/arpa/inet.h
|
||||||
|
create mode 100644 CryptoPkg/Library/Include/arpa/nameser.h
|
||||||
|
create mode 100644 CryptoPkg/Library/Include/netinet/in.h
|
||||||
|
create mode 100644 CryptoPkg/Library/Include/sys/param.h
|
||||||
|
create mode 100644 CryptoPkg/Library/Include/sys/socket.h
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
index b90da20..e603fad 100644
|
||||||
|
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
@@ -74,6 +74,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
// Definitions for global constants used by CRT library routines
|
||||||
|
//
|
||||||
|
#define EINVAL 22 /* Invalid argument */
|
||||||
|
+#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */
|
||||||
|
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
|
||||||
|
#define LONG_MAX 0X7FFFFFFFL /* max value for a long */
|
||||||
|
#define LONG_MIN (-LONG_MAX-1) /* min value for a long */
|
||||||
|
@@ -81,13 +82,28 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#define CHAR_BIT 8 /* Number of bits in a char */
|
||||||
|
|
||||||
|
//
|
||||||
|
+// Address families.
|
||||||
|
+//
|
||||||
|
+#define AF_INET 2 /* internetwork: UDP, TCP, etc. */
|
||||||
|
+#define AF_INET6 24 /* IP version 6 */
|
||||||
|
+
|
||||||
|
+//
|
||||||
|
+// Define constants based on RFC0883, RFC1034, RFC 1035
|
||||||
|
+//
|
||||||
|
+#define NS_INT16SZ 2 /*%< #/bytes of data in a u_int16_t */
|
||||||
|
+#define NS_INADDRSZ 4 /*%< IPv4 T_A */
|
||||||
|
+#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */
|
||||||
|
+
|
||||||
|
+//
|
||||||
|
// Basic types mapping
|
||||||
|
//
|
||||||
|
typedef UINTN size_t;
|
||||||
|
+typedef UINTN u_int;
|
||||||
|
typedef INTN ssize_t;
|
||||||
|
typedef INT32 time_t;
|
||||||
|
typedef UINT8 __uint8_t;
|
||||||
|
typedef UINT8 sa_family_t;
|
||||||
|
+typedef UINT8 u_char;
|
||||||
|
typedef UINT32 uid_t;
|
||||||
|
typedef UINT32 gid_t;
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/Include/arpa/inet.h b/CryptoPkg/Library/Include/arpa/inet.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..988e4e0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/Include/arpa/inet.h
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+/** @file
|
||||||
|
+ Include file to support building third-party standard C / BSD sockets code.
|
||||||
|
+
|
||||||
|
+ Copyright (C) 2019, Red Hat, Inc.
|
||||||
|
+
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <CrtLibSupport.h>
|
||||||
|
diff --git a/CryptoPkg/Library/Include/arpa/nameser.h b/CryptoPkg/Library/Include/arpa/nameser.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..988e4e0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/Include/arpa/nameser.h
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+/** @file
|
||||||
|
+ Include file to support building third-party standard C / BSD sockets code.
|
||||||
|
+
|
||||||
|
+ Copyright (C) 2019, Red Hat, Inc.
|
||||||
|
+
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <CrtLibSupport.h>
|
||||||
|
diff --git a/CryptoPkg/Library/Include/netinet/in.h b/CryptoPkg/Library/Include/netinet/in.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..988e4e0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/Include/netinet/in.h
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+/** @file
|
||||||
|
+ Include file to support building third-party standard C / BSD sockets code.
|
||||||
|
+
|
||||||
|
+ Copyright (C) 2019, Red Hat, Inc.
|
||||||
|
+
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <CrtLibSupport.h>
|
||||||
|
diff --git a/CryptoPkg/Library/Include/sys/param.h b/CryptoPkg/Library/Include/sys/param.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..988e4e0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/Include/sys/param.h
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+/** @file
|
||||||
|
+ Include file to support building third-party standard C / BSD sockets code.
|
||||||
|
+
|
||||||
|
+ Copyright (C) 2019, Red Hat, Inc.
|
||||||
|
+
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <CrtLibSupport.h>
|
||||||
|
diff --git a/CryptoPkg/Library/Include/sys/socket.h b/CryptoPkg/Library/Include/sys/socket.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..988e4e0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/CryptoPkg/Library/Include/sys/socket.h
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+/** @file
|
||||||
|
+ Include file to support building third-party standard C / BSD sockets code.
|
||||||
|
+
|
||||||
|
+ Copyright (C) 2019, Red Hat, Inc.
|
||||||
|
+
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <CrtLibSupport.h>
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,86 @@
|
|||||||
|
From 697cb1880b624f83bc9e926c3614d070eb365f06 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:31:47 +0100
|
||||||
|
Subject: [PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function
|
||||||
|
(CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-4-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92458
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
According to the ISO C standard, strchr() is a function. We #define it as
|
||||||
|
a macro. Unfortunately, our macro evaluates the first argument ("str")
|
||||||
|
twice. If the expression passed for "str" has side effects, the behavior
|
||||||
|
may be undefined.
|
||||||
|
|
||||||
|
In a later patch in this series, we're going to resurrect "inet_pton.c"
|
||||||
|
(originally from the StdLib package), which calls strchr() just like that:
|
||||||
|
|
||||||
|
strchr((xdigits = xdigits_l), ch)
|
||||||
|
strchr((xdigits = xdigits_u), ch)
|
||||||
|
|
||||||
|
To enable this kind of function call, turn strchr() into a function.
|
||||||
|
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
(cherry picked from commit eb520d94dba7369d1886cd5522d5a2c36fb02209)
|
||||||
|
---
|
||||||
|
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 +++++
|
||||||
|
CryptoPkg/Library/Include/CrtLibSupport.h | 2 +-
|
||||||
|
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||||
|
index 71a2ef3..42235ab 100644
|
||||||
|
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||||
|
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||||
|
@@ -115,6 +115,11 @@ QuickSortWorker (
|
||||||
|
// -- String Manipulation Routines --
|
||||||
|
//
|
||||||
|
|
||||||
|
+char *strchr(const char *str, int ch)
|
||||||
|
+{
|
||||||
|
+ return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Scan a string for the last occurrence of a character */
|
||||||
|
char *strrchr (const char *str, int c)
|
||||||
|
{
|
||||||
|
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
index 5806f50..b90da20 100644
|
||||||
|
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||||
|
@@ -147,6 +147,7 @@ int isupper (int);
|
||||||
|
int tolower (int);
|
||||||
|
int strcmp (const char *, const char *);
|
||||||
|
int strncasecmp (const char *, const char *, size_t);
|
||||||
|
+char *strchr (const char *, int);
|
||||||
|
char *strrchr (const char *, int);
|
||||||
|
unsigned long strtoul (const char *, char **, int);
|
||||||
|
long strtol (const char *, char **, int);
|
||||||
|
@@ -188,7 +189,6 @@ void abort (void);
|
||||||
|
#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
|
||||||
|
#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
|
||||||
|
#define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
|
||||||
|
-#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
|
||||||
|
#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
|
||||||
|
#define strcasecmp(str1,str2) (int)AsciiStriCmp(str1,str2)
|
||||||
|
#define sprintf(buf,...) AsciiSPrint(buf,MAX_STRING_SIZE,__VA_ARGS__)
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,134 @@
|
|||||||
|
From 3885ce313d1d06359aa76b085668c1391d8a5f50 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:31:43 +0100
|
||||||
|
Subject: [PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"
|
||||||
|
(CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-3-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92460
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
In the patch, we add the new API "TlsSetVerifyHost" for the TLS
|
||||||
|
protocol to set the specified host name that need to be verified.
|
||||||
|
|
||||||
|
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||||
|
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||||
|
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||||
|
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com>
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
(cherry picked from commit 2ca74e1a175232cc201798e27437700adc7fb07e)
|
||||||
|
---
|
||||||
|
CryptoPkg/Include/Library/TlsLib.h | 20 +++++++++++++++++++
|
||||||
|
CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++++++++++++++++++++++-
|
||||||
|
2 files changed, 57 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h
|
||||||
|
index 9875cb6..3af7d4b 100644
|
||||||
|
--- a/CryptoPkg/Include/Library/TlsLib.h
|
||||||
|
+++ b/CryptoPkg/Include/Library/TlsLib.h
|
||||||
|
@@ -397,6 +397,26 @@ TlsSetVerify (
|
||||||
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
+ Set the specified host name to be verified.
|
||||||
|
+
|
||||||
|
+ @param[in] Tls Pointer to the TLS object.
|
||||||
|
+ @param[in] Flags The setting flags during the validation.
|
||||||
|
+ @param[in] HostName The specified host name to be verified.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The HostName setting was set successfully.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
|
||||||
|
+ @retval EFI_ABORTED Invalid HostName setting.
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+TlsSetVerifyHost (
|
||||||
|
+ IN VOID *Tls,
|
||||||
|
+ IN UINT32 Flags,
|
||||||
|
+ IN CHAR8 *HostName
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
|
||||||
|
|
||||||
|
This function sets a session ID to be used when the TLS/SSL connection is
|
||||||
|
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||||
|
index 74b577d..2bf5aee 100644
|
||||||
|
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||||
|
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
/** @file
|
||||||
|
SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
|
||||||
|
|
||||||
|
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@@ -498,6 +498,42 @@ TlsSetVerify (
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
+ Set the specified host name to be verified.
|
||||||
|
+
|
||||||
|
+ @param[in] Tls Pointer to the TLS object.
|
||||||
|
+ @param[in] Flags The setting flags during the validation.
|
||||||
|
+ @param[in] HostName The specified host name to be verified.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The HostName setting was set successfully.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
|
||||||
|
+ @retval EFI_ABORTED Invalid HostName setting.
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+TlsSetVerifyHost (
|
||||||
|
+ IN VOID *Tls,
|
||||||
|
+ IN UINT32 Flags,
|
||||||
|
+ IN CHAR8 *HostName
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ TLS_CONNECTION *TlsConn;
|
||||||
|
+
|
||||||
|
+ TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
|
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ SSL_set_hostflags(TlsConn->Ssl, Flags);
|
||||||
|
+
|
||||||
|
+ if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
|
||||||
|
+ return EFI_ABORTED;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
|
||||||
|
|
||||||
|
This function sets a session ID to be used when the TLS/SSL connection is
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,100 @@
|
|||||||
|
From 970b5f67512e00fb26765a14b4a1cb8a8a04276d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:31:57 +0100
|
||||||
|
Subject: [PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address
|
||||||
|
literals as such (CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-7-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92452
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
Using the inet_pton() function that we imported in the previous patches,
|
||||||
|
recognize if "HostName" is an IP address literal, and then parse it into
|
||||||
|
binary representation. Passing the latter to OpenSSL for server
|
||||||
|
certificate validation is important, per RFC-2818
|
||||||
|
<https://tools.ietf.org/html/rfc2818#section-3.1>:
|
||||||
|
|
||||||
|
> In some cases, the URI is specified as an IP address rather than a
|
||||||
|
> hostname. In this case, the iPAddress subjectAltName must be present in
|
||||||
|
> the certificate and must exactly match the IP in the URI.
|
||||||
|
|
||||||
|
Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL
|
||||||
|
version that is currently consumed by edk2, said function depends on
|
||||||
|
sscanf() for parsing IPv4 literals. In
|
||||||
|
"CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an
|
||||||
|
empty -- always failing -- stub for sscanf(), however.
|
||||||
|
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
Suggested-by: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Acked-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
(cherry picked from commit 1e72b1fb2ec597caedb5170079bb213f6d67f32a)
|
||||||
|
---
|
||||||
|
CryptoPkg/Library/TlsLib/TlsConfig.c | 28 ++++++++++++++++++++++++----
|
||||||
|
1 file changed, 24 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||||
|
index 2bf5aee..307eb57 100644
|
||||||
|
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||||
|
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||||
|
@@ -517,7 +517,11 @@ TlsSetVerifyHost (
|
||||||
|
IN CHAR8 *HostName
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- TLS_CONNECTION *TlsConn;
|
||||||
|
+ TLS_CONNECTION *TlsConn;
|
||||||
|
+ X509_VERIFY_PARAM *VerifyParam;
|
||||||
|
+ UINTN BinaryAddressSize;
|
||||||
|
+ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
|
||||||
|
+ INTN ParamStatus;
|
||||||
|
|
||||||
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
|
if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
|
||||||
|
@@ -526,11 +530,27 @@ TlsSetVerifyHost (
|
||||||
|
|
||||||
|
SSL_set_hostflags(TlsConn->Ssl, Flags);
|
||||||
|
|
||||||
|
- if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
|
||||||
|
- return EFI_ABORTED;
|
||||||
|
+ VerifyParam = SSL_get0_param (TlsConn->Ssl);
|
||||||
|
+ ASSERT (VerifyParam != NULL);
|
||||||
|
+
|
||||||
|
+ BinaryAddressSize = 0;
|
||||||
|
+ if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {
|
||||||
|
+ BinaryAddressSize = NS_IN6ADDRSZ;
|
||||||
|
+ } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {
|
||||||
|
+ BinaryAddressSize = NS_INADDRSZ;
|
||||||
|
}
|
||||||
|
|
||||||
|
- return EFI_SUCCESS;
|
||||||
|
+ if (BinaryAddressSize > 0) {
|
||||||
|
+ DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
|
||||||
|
+ "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
|
||||||
|
+ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
|
||||||
|
+ ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
|
||||||
|
+ BinaryAddressSize);
|
||||||
|
+ } else {
|
||||||
|
+ ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,148 @@
|
|||||||
|
From 4ef57a1e6b9411e785e00e8874bd5c67235e9134 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 11 Feb 2020 17:01:59 +0100
|
||||||
|
Subject: [PATCH 1/2] MdeModulePkg: Enable/Disable S3BootScript dynamically.
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200211170200.12389-2-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93776
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 1/2] MdeModulePkg: Enable/Disable S3BootScript dynamically.
|
||||||
|
Bugzilla: 1801274
|
||||||
|
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
From: Chasel Chiu <chasel.chiu@intel.com>
|
||||||
|
|
||||||
|
--v-- RHEL8 note start --v--
|
||||||
|
|
||||||
|
This patch is cherry-picked from upstream as a contextual (not semantic /
|
||||||
|
functional) pre-requisite for the next patch.
|
||||||
|
|
||||||
|
Functionally, this patch makes no difference in OVMF, for two reasons:
|
||||||
|
|
||||||
|
- Downstream, we don't enable S3 anyway (per QEMU default).
|
||||||
|
|
||||||
|
- The S3-related modules that are built into OVMF (S3SaveStateDxe,
|
||||||
|
BootScriptExecutorDxe) already consider PcdAcpiS3Enable, and exit their
|
||||||
|
entry point functions with EFI_UNSUPPORTED when the PCD is FALSE. As a
|
||||||
|
consequence, the DESTRUCTOR function of the PiDxeS3BootScriptLib library
|
||||||
|
instance (which is linked into those binaries) will undo whatever the
|
||||||
|
CONSTRUCTOR function did; no resources will be leaked.
|
||||||
|
|
||||||
|
https://edk2.groups.io/g/devel/message/47996
|
||||||
|
http://mid.mail-archive.com/e43e3f56-d2db-7989-b6f1-03e1c810d908@redhat.com
|
||||||
|
|
||||||
|
--^-- RHEL8 note end --^--
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2212
|
||||||
|
|
||||||
|
In binary model the same binary may have to support both
|
||||||
|
S3 enabled and disabled scenarios, however not all DXE
|
||||||
|
drivers linking PiDxeS3BootScriptLib can return error to
|
||||||
|
invoke library DESTRUCTOR for releasing resource.
|
||||||
|
|
||||||
|
To support this usage model below PCD is used to skip
|
||||||
|
S3BootScript functions when PCD set to FALSE:
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
|
||||||
|
|
||||||
|
Test: Verified on internal platform and S3BootScript
|
||||||
|
functions can be skipped by PCD during boot time.
|
||||||
|
|
||||||
|
Cc: Hao A Wu <hao.a.wu@intel.com>
|
||||||
|
Cc: Eric Dong <eric.dong@intel.com>
|
||||||
|
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
|
||||||
|
Cc: Liming Gao <liming.gao@intel.com>
|
||||||
|
Cc: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
|
||||||
|
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
|
||||||
|
Reviewed-by: Eric Dong <eric.dong@intel.com>
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit ed9db1b91ceba7d3a24743d4d9314c6fbe11c4b3)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/PiDxeS3BootScriptLib/BootScriptSave.c | 17 ++++++++++++++++-
|
||||||
|
.../Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf | 4 ++--
|
||||||
|
2 files changed, 18 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
|
||||||
|
index c116727..9106e7d 100644
|
||||||
|
--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
|
||||||
|
+++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
/** @file
|
||||||
|
Save the S3 data to S3 boot script.
|
||||||
|
|
||||||
|
- Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@@ -124,6 +124,7 @@ VOID *mRegistrationSmmReadyToLock = NULL;
|
||||||
|
BOOLEAN mS3BootScriptTableAllocated = FALSE;
|
||||||
|
BOOLEAN mS3BootScriptTableSmmAllocated = FALSE;
|
||||||
|
EFI_SMM_SYSTEM_TABLE2 *mBootScriptSmst = NULL;
|
||||||
|
+BOOLEAN mAcpiS3Enable = TRUE;
|
||||||
|
|
||||||
|
/**
|
||||||
|
This is an internal function to add a terminate node the entry, recalculate the table
|
||||||
|
@@ -436,6 +437,12 @@ S3BootScriptLibInitialize (
|
||||||
|
BOOLEAN InSmm;
|
||||||
|
EFI_PHYSICAL_ADDRESS Buffer;
|
||||||
|
|
||||||
|
+ if (!PcdGetBool (PcdAcpiS3Enable)) {
|
||||||
|
+ mAcpiS3Enable = FALSE;
|
||||||
|
+ DEBUG ((DEBUG_INFO, "%a: Skip S3BootScript because ACPI S3 disabled.\n", gEfiCallerBaseName));
|
||||||
|
+ return RETURN_SUCCESS;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
S3TablePtr = (SCRIPT_TABLE_PRIVATE_DATA*)(UINTN)PcdGet64(PcdS3BootScriptTablePrivateDataPtr);
|
||||||
|
//
|
||||||
|
// The Boot script private data is not be initialized. create it
|
||||||
|
@@ -562,6 +569,10 @@ S3BootScriptLibDeinitialize (
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
|
||||||
|
+ if (!mAcpiS3Enable) {
|
||||||
|
+ return RETURN_SUCCESS;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
DEBUG ((EFI_D_INFO, "%a() in %a module\n", __FUNCTION__, gEfiCallerBaseName));
|
||||||
|
|
||||||
|
if (mEventDxeSmmReadyToLock != NULL) {
|
||||||
|
@@ -810,6 +821,10 @@ S3BootScriptGetEntryAddAddress (
|
||||||
|
{
|
||||||
|
UINT8* NewEntryPtr;
|
||||||
|
|
||||||
|
+ if (!mAcpiS3Enable) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (mS3BootScriptTablePtr->SmmLocked) {
|
||||||
|
//
|
||||||
|
// We need check InSmm, because after SmmReadyToLock, only SMM driver is allowed to write boot script.
|
||||||
|
diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
|
||||||
|
index 517ea69..2b894c9 100644
|
||||||
|
--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
|
||||||
|
+++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
## @file
|
||||||
|
# DXE S3 boot script Library.
|
||||||
|
#
|
||||||
|
-# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#
|
||||||
|
@@ -65,4 +65,4 @@
|
||||||
|
## SOMETIMES_PRODUCES
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdS3BootScriptTablePrivateSmmDataPtr
|
||||||
|
gEfiMdeModulePkgTokenSpaceGuid.PcdS3BootScriptRuntimeTableReservePageNumber ## CONSUMES
|
||||||
|
-
|
||||||
|
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,182 @@
|
|||||||
|
From 51d2956d480fef83f765013c8aec7f7ddc14b84d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 11 Feb 2020 17:02:00 +0100
|
||||||
|
Subject: [PATCH 2/2] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric
|
||||||
|
truncation (CVE-2019-14563)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200211170200.12389-3-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93777
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 2/2] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric truncation (CVE-2019-14563)
|
||||||
|
Bugzilla: 1801274
|
||||||
|
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
From: Hao A Wu <hao.a.wu@intel.com>
|
||||||
|
|
||||||
|
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2001
|
||||||
|
|
||||||
|
For S3BootScriptLib APIs:
|
||||||
|
|
||||||
|
S3BootScriptSaveIoWrite
|
||||||
|
S3BootScriptSaveMemWrite
|
||||||
|
S3BootScriptSavePciCfgWrite
|
||||||
|
S3BootScriptSavePciCfg2Write
|
||||||
|
S3BootScriptSaveSmbusExecute
|
||||||
|
S3BootScriptSaveInformation
|
||||||
|
S3BootScriptSaveInformationAsciiString
|
||||||
|
S3BootScriptLabel (happen in S3BootScriptLabelInternal())
|
||||||
|
|
||||||
|
possible numeric truncations will happen that may lead to S3 boot script
|
||||||
|
entry with improper size being returned to store the boot script data.
|
||||||
|
This commit will add checks to prevent this kind of issue.
|
||||||
|
|
||||||
|
Please note that the remaining S3BootScriptLib APIs:
|
||||||
|
|
||||||
|
S3BootScriptSaveIoReadWrite
|
||||||
|
S3BootScriptSaveMemReadWrite
|
||||||
|
S3BootScriptSavePciCfgReadWrite
|
||||||
|
S3BootScriptSavePciCfg2ReadWrite
|
||||||
|
S3BootScriptSaveStall
|
||||||
|
S3BootScriptSaveDispatch2
|
||||||
|
S3BootScriptSaveDispatch
|
||||||
|
S3BootScriptSaveMemPoll
|
||||||
|
S3BootScriptSaveIoPoll
|
||||||
|
S3BootScriptSavePciPoll
|
||||||
|
S3BootScriptSavePci2Poll
|
||||||
|
S3BootScriptCloseTable
|
||||||
|
S3BootScriptExecute
|
||||||
|
S3BootScriptMoveLastOpcode
|
||||||
|
S3BootScriptCompare
|
||||||
|
|
||||||
|
are not affected by such numeric truncation.
|
||||||
|
|
||||||
|
Signed-off-by: Hao A Wu <hao.a.wu@intel.com>
|
||||||
|
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Eric Dong <eric.dong@intel.com>
|
||||||
|
Acked-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
(cherry picked from commit 322ac05f8bbc1bce066af1dabd1b70ccdbe28891)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/PiDxeS3BootScriptLib/BootScriptSave.c | 52 +++++++++++++++++++++-
|
||||||
|
1 file changed, 51 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
|
||||||
|
index 9106e7d..9315fc9 100644
|
||||||
|
--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
|
||||||
|
+++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
/** @file
|
||||||
|
Save the S3 data to S3 boot script.
|
||||||
|
|
||||||
|
- Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+ Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@@ -1006,6 +1006,14 @@ S3BootScriptSaveIoWrite (
|
||||||
|
EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite;
|
||||||
|
|
||||||
|
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Truncation check
|
||||||
|
+ //
|
||||||
|
+ if ((Count > MAX_UINT8) ||
|
||||||
|
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) {
|
||||||
|
+ return RETURN_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count));
|
||||||
|
|
||||||
|
Script = S3BootScriptGetEntryAddAddress (Length);
|
||||||
|
@@ -1102,6 +1110,14 @@ S3BootScriptSaveMemWrite (
|
||||||
|
EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite;
|
||||||
|
|
||||||
|
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Truncation check
|
||||||
|
+ //
|
||||||
|
+ if ((Count > MAX_UINT8) ||
|
||||||
|
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) {
|
||||||
|
+ return RETURN_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count));
|
||||||
|
|
||||||
|
Script = S3BootScriptGetEntryAddAddress (Length);
|
||||||
|
@@ -1206,6 +1222,14 @@ S3BootScriptSavePciCfgWrite (
|
||||||
|
}
|
||||||
|
|
||||||
|
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Truncation check
|
||||||
|
+ //
|
||||||
|
+ if ((Count > MAX_UINT8) ||
|
||||||
|
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE))) {
|
||||||
|
+ return RETURN_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE) + (WidthInByte * Count));
|
||||||
|
|
||||||
|
Script = S3BootScriptGetEntryAddAddress (Length);
|
||||||
|
@@ -1324,6 +1348,14 @@ S3BootScriptSavePciCfg2Write (
|
||||||
|
}
|
||||||
|
|
||||||
|
WidthInByte = (UINT8) (0x01 << (Width & 0x03));
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Truncation check
|
||||||
|
+ //
|
||||||
|
+ if ((Count > MAX_UINT8) ||
|
||||||
|
+ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE))) {
|
||||||
|
+ return RETURN_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE) + (WidthInByte * Count));
|
||||||
|
|
||||||
|
Script = S3BootScriptGetEntryAddAddress (Length);
|
||||||
|
@@ -1549,6 +1581,12 @@ S3BootScriptSaveSmbusExecute (
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ //
|
||||||
|
+ // Truncation check
|
||||||
|
+ //
|
||||||
|
+ if (BufferLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)) {
|
||||||
|
+ return RETURN_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
DataSize = (UINT8)(sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE) + BufferLength);
|
||||||
|
|
||||||
|
Script = S3BootScriptGetEntryAddAddress (DataSize);
|
||||||
|
@@ -1736,6 +1774,12 @@ S3BootScriptSaveInformation (
|
||||||
|
UINT8 *Script;
|
||||||
|
EFI_BOOT_SCRIPT_INFORMATION ScriptInformation;
|
||||||
|
|
||||||
|
+ //
|
||||||
|
+ // Truncation check
|
||||||
|
+ //
|
||||||
|
+ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) {
|
||||||
|
+ return RETURN_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength);
|
||||||
|
|
||||||
|
Script = S3BootScriptGetEntryAddAddress (Length);
|
||||||
|
@@ -2195,6 +2239,12 @@ S3BootScriptLabelInternal (
|
||||||
|
UINT8 *Script;
|
||||||
|
EFI_BOOT_SCRIPT_INFORMATION ScriptInformation;
|
||||||
|
|
||||||
|
+ //
|
||||||
|
+ // Truncation check
|
||||||
|
+ //
|
||||||
|
+ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) {
|
||||||
|
+ return RETURN_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength);
|
||||||
|
|
||||||
|
Script = S3BootScriptGetEntryAddAddress (Length);
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,101 @@
|
|||||||
|
From e57f49101a66663a4f5425995e9ea97ae0858e1b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 14 Jan 2020 12:39:05 +0100
|
||||||
|
Subject: [PATCH 1/2] MdeModulePkg/UefiBootManagerLib: log reserved mem
|
||||||
|
allocation failure
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200114123906.8547-2-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93339
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 1/2] MdeModulePkg/UefiBootManagerLib: log reserved mem allocation failure
|
||||||
|
Bugzilla: 1789797
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
The LoadFile protocol can report such a large buffer size that we cannot
|
||||||
|
allocate enough reserved pages for. This particularly affects HTTP(S)
|
||||||
|
Boot, if the remote file is very large (for example, an ISO image).
|
||||||
|
|
||||||
|
While the TianoCore wiki mentions this at
|
||||||
|
<https://github.com/tianocore/tianocore.github.io/wiki/HTTP-Boot#ram-disk-image-size>:
|
||||||
|
|
||||||
|
> The maximum RAM disk image size depends on how much continuous reserved
|
||||||
|
> memory block the platform could provide.
|
||||||
|
|
||||||
|
it's hard to remember; so log a DEBUG_ERROR message when the allocation
|
||||||
|
fails.
|
||||||
|
|
||||||
|
This patch produces error messages such as:
|
||||||
|
|
||||||
|
> UiApp:BmExpandLoadFile: failed to allocate reserved pages:
|
||||||
|
> BufferSize=4501536768
|
||||||
|
> LoadFile="PciRoot(0x0)/Pci(0x3,0x0)/MAC(5254001B103E,0x1)/
|
||||||
|
> IPv4(0.0.0.0,TCP,DHCP,192.168.124.106,192.168.124.1,255.255.255.0)/
|
||||||
|
> Dns(192.168.124.1)/
|
||||||
|
> Uri(https://ipv4-server/RHEL-7.7-20190723.1-Server-x86_64-dvd1.iso)"
|
||||||
|
> FilePath=""
|
||||||
|
|
||||||
|
(Manually rewrapped here for keeping PatchCheck.py happy.)
|
||||||
|
|
||||||
|
Cc: Hao A Wu <hao.a.wu@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Ray Ni <ray.ni@intel.com>
|
||||||
|
Cc: Zhichao Gao <zhichao.gao@intel.com>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
|
||||||
|
Acked-by: Hao A Wu <hao.a.wu@intel.com>
|
||||||
|
(cherry picked from commit a56af23f066e2816c67b7c6e64de7ddefcd70780)
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 31 ++++++++++++++++++++++++
|
||||||
|
1 file changed, 31 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
|
||||||
|
index 952033f..ded9ae9 100644
|
||||||
|
--- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
|
||||||
|
+++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
|
||||||
|
@@ -1386,6 +1386,37 @@ BmExpandLoadFile (
|
||||||
|
//
|
||||||
|
FileBuffer = AllocateReservedPages (EFI_SIZE_TO_PAGES (BufferSize));
|
||||||
|
if (FileBuffer == NULL) {
|
||||||
|
+ DEBUG_CODE (
|
||||||
|
+ EFI_DEVICE_PATH *LoadFilePath;
|
||||||
|
+ CHAR16 *LoadFileText;
|
||||||
|
+ CHAR16 *FileText;
|
||||||
|
+
|
||||||
|
+ LoadFilePath = DevicePathFromHandle (LoadFileHandle);
|
||||||
|
+ if (LoadFilePath == NULL) {
|
||||||
|
+ LoadFileText = NULL;
|
||||||
|
+ } else {
|
||||||
|
+ LoadFileText = ConvertDevicePathToText (LoadFilePath, FALSE, FALSE);
|
||||||
|
+ }
|
||||||
|
+ FileText = ConvertDevicePathToText (FilePath, FALSE, FALSE);
|
||||||
|
+
|
||||||
|
+ DEBUG ((
|
||||||
|
+ DEBUG_ERROR,
|
||||||
|
+ "%a:%a: failed to allocate reserved pages: "
|
||||||
|
+ "BufferSize=%Lu LoadFile=\"%s\" FilePath=\"%s\"\n",
|
||||||
|
+ gEfiCallerBaseName,
|
||||||
|
+ __FUNCTION__,
|
||||||
|
+ (UINT64)BufferSize,
|
||||||
|
+ LoadFileText,
|
||||||
|
+ FileText
|
||||||
|
+ ));
|
||||||
|
+
|
||||||
|
+ if (FileText != NULL) {
|
||||||
|
+ FreePool (FileText);
|
||||||
|
+ }
|
||||||
|
+ if (LoadFileText != NULL) {
|
||||||
|
+ FreePool (LoadFileText);
|
||||||
|
+ }
|
||||||
|
+ );
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,156 @@
|
|||||||
|
From 22ebe3ff84003e9256759e230ac68da35c6d77a2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:31:37 +0100
|
||||||
|
Subject: [PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of
|
||||||
|
EfiTlsVerifyHost (CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-2-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92457
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
In the patch, we add the new data type named "EfiTlsVerifyHost" and
|
||||||
|
the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP)
|
||||||
|
to enable the host name check so as to avoid the potential
|
||||||
|
Man-In-The-Middle attack.
|
||||||
|
|
||||||
|
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||||
|
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||||
|
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||||
|
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com>
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Liming Gao <liming.gao@intel.com>
|
||||||
|
(cherry picked from commit 31efec82796cb950e99d1622aa9c0eb8380613a0)
|
||||||
|
---
|
||||||
|
MdePkg/Include/Protocol/Tls.h | 68 ++++++++++++++++++++++++++++++++++++-------
|
||||||
|
1 file changed, 57 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
|
||||||
|
index bf1b672..af524ae 100644
|
||||||
|
--- a/MdePkg/Include/Protocol/Tls.h
|
||||||
|
+++ b/MdePkg/Include/Protocol/Tls.h
|
||||||
|
@@ -42,10 +42,6 @@ typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
|
||||||
|
///
|
||||||
|
typedef enum {
|
||||||
|
///
|
||||||
|
- /// Session Configuration
|
||||||
|
- ///
|
||||||
|
-
|
||||||
|
- ///
|
||||||
|
/// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
|
||||||
|
///
|
||||||
|
EfiTlsVersion,
|
||||||
|
@@ -86,11 +82,6 @@ typedef enum {
|
||||||
|
/// The corresponding Data is of type EFI_TLS_SESSION_STATE.
|
||||||
|
///
|
||||||
|
EfiTlsSessionState,
|
||||||
|
-
|
||||||
|
- ///
|
||||||
|
- /// Session information
|
||||||
|
- ///
|
||||||
|
-
|
||||||
|
///
|
||||||
|
/// TLS session data client random.
|
||||||
|
/// The corresponding Data is of type EFI_TLS_RANDOM.
|
||||||
|
@@ -106,9 +97,15 @@ typedef enum {
|
||||||
|
/// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
|
||||||
|
///
|
||||||
|
EfiTlsKeyMaterial,
|
||||||
|
+ ///
|
||||||
|
+ /// TLS session hostname for validation which is used to verify whether the name
|
||||||
|
+ /// within the peer certificate matches a given host name.
|
||||||
|
+ /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_NONE.
|
||||||
|
+ /// The corresponding Data is of type EFI_TLS_VERIFY_HOST.
|
||||||
|
+ ///
|
||||||
|
+ EfiTlsVerifyHost,
|
||||||
|
|
||||||
|
EfiTlsSessionDataTypeMaximum
|
||||||
|
-
|
||||||
|
} EFI_TLS_SESSION_DATA_TYPE;
|
||||||
|
|
||||||
|
///
|
||||||
|
@@ -178,7 +175,8 @@ typedef UINT32 EFI_TLS_VERIFY;
|
||||||
|
///
|
||||||
|
#define EFI_TLS_VERIFY_PEER 0x1
|
||||||
|
///
|
||||||
|
-/// TLS session will fail peer certificate is absent.
|
||||||
|
+/// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server mode.
|
||||||
|
+/// TLS session will fail if client certificate is absent.
|
||||||
|
///
|
||||||
|
#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2
|
||||||
|
///
|
||||||
|
@@ -188,6 +186,54 @@ typedef UINT32 EFI_TLS_VERIFY;
|
||||||
|
#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
|
||||||
|
|
||||||
|
///
|
||||||
|
+/// EFI_TLS_VERIFY_HOST_FLAG
|
||||||
|
+///
|
||||||
|
+typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG;
|
||||||
|
+///
|
||||||
|
+/// There is no additional flags set for hostname validation.
|
||||||
|
+/// Wildcards are supported and they match only in the left-most label.
|
||||||
|
+///
|
||||||
|
+#define EFI_TLS_VERIFY_FLAG_NONE 0x00
|
||||||
|
+///
|
||||||
|
+/// Always check the Subject Distinguished Name (DN) in the peer certificate even if the
|
||||||
|
+/// certificate contains Subject Alternative Name (SAN).
|
||||||
|
+///
|
||||||
|
+#define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT 0x01
|
||||||
|
+///
|
||||||
|
+/// Disable the match of all wildcards.
|
||||||
|
+///
|
||||||
|
+#define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS 0x02
|
||||||
|
+///
|
||||||
|
+/// Disable the "*" as wildcard in labels that have a prefix or suffix (e.g. "www*" or "*www").
|
||||||
|
+///
|
||||||
|
+#define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS 0x04
|
||||||
|
+///
|
||||||
|
+/// Allow the "*" to match more than one labels. Otherwise, only matches a single label.
|
||||||
|
+///
|
||||||
|
+#define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS 0x08
|
||||||
|
+///
|
||||||
|
+/// Restrict to only match direct child sub-domains which start with ".".
|
||||||
|
+/// For example, a name of ".example.com" would match "www.example.com" with this flag,
|
||||||
|
+/// but would not match "www.sub.example.com".
|
||||||
|
+///
|
||||||
|
+#define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
|
||||||
|
+///
|
||||||
|
+/// Never check the Subject Distinguished Name (DN) even there is no
|
||||||
|
+/// Subject Alternative Name (SAN) in the certificate.
|
||||||
|
+///
|
||||||
|
+#define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT 0x20
|
||||||
|
+
|
||||||
|
+///
|
||||||
|
+/// EFI_TLS_VERIFY_HOST
|
||||||
|
+///
|
||||||
|
+#pragma pack (1)
|
||||||
|
+typedef struct {
|
||||||
|
+ EFI_TLS_VERIFY_HOST_FLAG Flags;
|
||||||
|
+ CHAR8 *HostName;
|
||||||
|
+} EFI_TLS_VERIFY_HOST;
|
||||||
|
+#pragma pack ()
|
||||||
|
+
|
||||||
|
+///
|
||||||
|
/// EFI_TLS_RANDOM
|
||||||
|
/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
|
||||||
|
/// Hello Messages".
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,99 @@
|
|||||||
|
From d28c0053e94b8e721307ac1698d86e5dfb328e6d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:32:04 +0100
|
||||||
|
Subject: [PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification
|
||||||
|
(CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-9-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92459
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
Set the HostName by consuming TLS protocol to enable the host name
|
||||||
|
check so as to avoid the potential Man-In-The-Middle attack.
|
||||||
|
|
||||||
|
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||||
|
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||||
|
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||||
|
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com>
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit e2fc50812895b17e8b23f5a9c43cde29531b200f)
|
||||||
|
---
|
||||||
|
NetworkPkg/HttpDxe/HttpProto.h | 1 +
|
||||||
|
NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++++++++++++----
|
||||||
|
2 files changed, 18 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
|
||||||
|
index 6e1f517..34308e0 100644
|
||||||
|
--- a/NetworkPkg/HttpDxe/HttpProto.h
|
||||||
|
+++ b/NetworkPkg/HttpDxe/HttpProto.h
|
||||||
|
@@ -82,6 +82,7 @@ typedef struct {
|
||||||
|
EFI_TLS_VERSION Version;
|
||||||
|
EFI_TLS_CONNECTION_END ConnectionEnd;
|
||||||
|
EFI_TLS_VERIFY VerifyMethod;
|
||||||
|
+ EFI_TLS_VERIFY_HOST VerifyHost;
|
||||||
|
EFI_TLS_SESSION_STATE SessionState;
|
||||||
|
} TLS_CONFIG_DATA;
|
||||||
|
|
||||||
|
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
|
||||||
|
index 988bbcb..5dfb13b 100644
|
||||||
|
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
|
||||||
|
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
|
||||||
|
@@ -623,13 +623,16 @@ TlsConfigureSession (
|
||||||
|
//
|
||||||
|
// TlsConfigData initialization
|
||||||
|
//
|
||||||
|
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
|
||||||
|
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
|
||||||
|
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
|
||||||
|
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
|
||||||
|
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
|
||||||
|
+ HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS;
|
||||||
|
+ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
|
||||||
|
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
|
||||||
|
|
||||||
|
//
|
||||||
|
// EfiTlsConnectionEnd,
|
||||||
|
- // EfiTlsVerifyMethod
|
||||||
|
+ // EfiTlsVerifyMethod,
|
||||||
|
+ // EfiTlsVerifyHost,
|
||||||
|
// EfiTlsSessionState
|
||||||
|
//
|
||||||
|
Status = HttpInstance->Tls->SetSessionData (
|
||||||
|
@@ -654,6 +657,16 @@ TlsConfigureSession (
|
||||||
|
|
||||||
|
Status = HttpInstance->Tls->SetSessionData (
|
||||||
|
HttpInstance->Tls,
|
||||||
|
+ EfiTlsVerifyHost,
|
||||||
|
+ &HttpInstance->TlsConfigData.VerifyHost,
|
||||||
|
+ sizeof (EFI_TLS_VERIFY_HOST)
|
||||||
|
+ );
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ Status = HttpInstance->Tls->SetSessionData (
|
||||||
|
+ HttpInstance->Tls,
|
||||||
|
EfiTlsSessionState,
|
||||||
|
&(HttpInstance->TlsConfigData.SessionState),
|
||||||
|
sizeof (EFI_TLS_SESSION_STATE)
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,120 @@
|
|||||||
|
From 555d93f2daa551dc2311b15210a918aa79ed18ff Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 14 Jan 2020 12:39:06 +0100
|
||||||
|
Subject: [PATCH 2/2] NetworkPkg/HttpDxe: fix 32-bit truncation in HTTPS
|
||||||
|
download
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200114123906.8547-3-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93340
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 2/2] NetworkPkg/HttpDxe: fix 32-bit truncation in HTTPS download
|
||||||
|
Bugzilla: 1789797
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
When downloading over TLS, each TLS message ("APP packet") is returned as
|
||||||
|
a (decrypted) fragment table by EFI_TLS_PROTOCOL.ProcessPacket().
|
||||||
|
|
||||||
|
The TlsProcessMessage() function in "NetworkPkg/HttpDxe/HttpsSupport.c"
|
||||||
|
linearizes the fragment table into a single contiguous data block. The
|
||||||
|
resultant flat data block contains both TLS headers and data.
|
||||||
|
|
||||||
|
The HttpsReceive() function parses the actual application data -- in this
|
||||||
|
case: decrypted HTTP data -- out of the flattened TLS data block, peeling
|
||||||
|
off the TLS headers.
|
||||||
|
|
||||||
|
The HttpResponseWorker() function in "NetworkPkg/HttpDxe/HttpImpl.c"
|
||||||
|
propagates this HTTP data outwards, implementing the
|
||||||
|
EFI_HTTP_PROTOCOL.Response() function.
|
||||||
|
|
||||||
|
Now consider the following documentation for EFI_HTTP_PROTOCOL.Response(),
|
||||||
|
quoted from "MdePkg/Include/Protocol/Http.h":
|
||||||
|
|
||||||
|
> It is the responsibility of the caller to allocate a buffer for Body and
|
||||||
|
> specify the size in BodyLength. If the remote host provides a response
|
||||||
|
> that contains a content body, up to BodyLength bytes will be copied from
|
||||||
|
> the receive buffer into Body and BodyLength will be updated with the
|
||||||
|
> amount of bytes received and copied to Body. This allows the client to
|
||||||
|
> download a large file in chunks instead of into one contiguous block of
|
||||||
|
> memory.
|
||||||
|
|
||||||
|
Note that, if the caller-allocated buffer is larger than the
|
||||||
|
server-provided chunk, then the transfer length is limited by the latter.
|
||||||
|
This is in fact the dominant case when downloading a huge file (for which
|
||||||
|
UefiBootManagerLib allocated a huge contiguous RAM Disk buffer) in small
|
||||||
|
TLS messages.
|
||||||
|
|
||||||
|
For adjusting BodyLength as described above -- i.e., to the application
|
||||||
|
data chunk that has been extracted from the TLS message --, the
|
||||||
|
HttpResponseWorker() function employs the following assignment:
|
||||||
|
|
||||||
|
HttpMsg->BodyLength = MIN (Fragment.Len, (UINT32) HttpMsg->BodyLength);
|
||||||
|
|
||||||
|
The (UINT32) cast is motivated by the MIN() requirement -- in
|
||||||
|
"MdePkg/Include/Base.h" -- that both arguments be of the same type.
|
||||||
|
|
||||||
|
"Fragment.Len" (NET_FRAGMENT.Len) has type UINT32, and
|
||||||
|
"HttpMsg->BodyLength" (EFI_HTTP_MESSAGE.BodyLength) has type UINTN.
|
||||||
|
Therefore a cast is indeed necessary.
|
||||||
|
|
||||||
|
Unfortunately, the cast is done in the wrong direction. Consider the
|
||||||
|
following circumstances:
|
||||||
|
|
||||||
|
- "Fragment.Len" happens to be consistently 16KiB, dictated by the HTTPS
|
||||||
|
Server's TLS stack,
|
||||||
|
|
||||||
|
- the size of the file to download is 4GiB + N*16KiB, where N is a
|
||||||
|
positive integer.
|
||||||
|
|
||||||
|
As the download progresses, each received 16KiB application data chunk
|
||||||
|
brings the *next* input value of BodyLength closer down to 4GiB. The cast
|
||||||
|
in MIN() always masks off the high-order bits from the input value of
|
||||||
|
BodyLength, but this is no problem because the low-order bits are nonzero,
|
||||||
|
therefore the MIN() always permits progress.
|
||||||
|
|
||||||
|
However, once BodyLength reaches 4GiB exactly on input, the MIN()
|
||||||
|
invocation produces a zero value. HttpResponseWorker() adjusts the output
|
||||||
|
value of BodyLength to zero, and then passes it to HttpParseMessageBody().
|
||||||
|
|
||||||
|
HttpParseMessageBody() (in "NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c")
|
||||||
|
rejects the zero BodyLength with EFI_INVALID_PARAMETER, which is fully
|
||||||
|
propagated outwards, and aborts the HTTPS download. HttpBootDxe writes the
|
||||||
|
message "Error: Unexpected network error" to the UEFI console.
|
||||||
|
|
||||||
|
For example, a file with size (4GiB + 197MiB) terminates after downloading
|
||||||
|
just 197MiB.
|
||||||
|
|
||||||
|
Invert the direction of the cast: widen "Fragment.Len" to UINTN.
|
||||||
|
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||||
|
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
|
||||||
|
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||||
|
(cherry picked from commit 4cca7923992a13f6b753782f469ee944da2db796)
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
NetworkPkg/HttpDxe/HttpImpl.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c
|
||||||
|
index 6b87731..1acbb60 100644
|
||||||
|
--- a/NetworkPkg/HttpDxe/HttpImpl.c
|
||||||
|
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
|
||||||
|
@@ -1348,7 +1348,7 @@ HttpResponseWorker (
|
||||||
|
//
|
||||||
|
// Process the received the body packet.
|
||||||
|
//
|
||||||
|
- HttpMsg->BodyLength = MIN (Fragment.Len, (UINT32) HttpMsg->BodyLength);
|
||||||
|
+ HttpMsg->BodyLength = MIN ((UINTN) Fragment.Len, HttpMsg->BodyLength);
|
||||||
|
|
||||||
|
CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength);
|
||||||
|
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,117 @@
|
|||||||
|
From 24a4a1d62ae749c197f36d72f645c7142f368e6a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Mon, 2 Dec 2019 12:32:00 +0100
|
||||||
|
Subject: [PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to
|
||||||
|
TlsDxe driver (CVE-2019-14553)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20191117220052.15700-8-lersek@redhat.com>
|
||||||
|
Patchwork-id: 92456
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553)
|
||||||
|
Bugzilla: 1536624
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||||
|
CVE: CVE-2019-14553
|
||||||
|
The new data type named "EfiTlsVerifyHost" and the
|
||||||
|
EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol.
|
||||||
|
|
||||||
|
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||||
|
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||||
|
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||||
|
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||||
|
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com>
|
||||||
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||||
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
(cherry picked from commit 703e7ab21ff8fda9ababf7751d59bd28ad5da947)
|
||||||
|
---
|
||||||
|
NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++++++++++++++++++++++---
|
||||||
|
1 file changed, 41 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtocol.c
|
||||||
|
index a7a993f..001e540 100644
|
||||||
|
--- a/NetworkPkg/TlsDxe/TlsProtocol.c
|
||||||
|
+++ b/NetworkPkg/TlsDxe/TlsProtocol.c
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
/** @file
|
||||||
|
Implementation of EFI TLS Protocol Interfaces.
|
||||||
|
|
||||||
|
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@@ -56,12 +56,16 @@ TlsSetSessionData (
|
||||||
|
UINT16 *CipherId;
|
||||||
|
CONST EFI_TLS_CIPHER *TlsCipherList;
|
||||||
|
UINTN CipherCount;
|
||||||
|
+ CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;
|
||||||
|
+ EFI_TLS_VERIFY VerifyMethod;
|
||||||
|
+ UINTN VerifyMethodSize;
|
||||||
|
UINTN Index;
|
||||||
|
|
||||||
|
EFI_TPL OldTpl;
|
||||||
|
|
||||||
|
- Status = EFI_SUCCESS;
|
||||||
|
- CipherId = NULL;
|
||||||
|
+ Status = EFI_SUCCESS;
|
||||||
|
+ CipherId = NULL;
|
||||||
|
+ VerifyMethodSize = sizeof (EFI_TLS_VERIFY);
|
||||||
|
|
||||||
|
if (This == NULL || Data == NULL || DataSize == 0) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
@@ -149,6 +153,40 @@ TlsSetSessionData (
|
||||||
|
|
||||||
|
TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
|
||||||
|
break;
|
||||||
|
+ case EfiTlsVerifyHost:
|
||||||
|
+ if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {
|
||||||
|
+ Status = EFI_INVALID_PARAMETER;
|
||||||
|
+ goto ON_EXIT;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;
|
||||||
|
+
|
||||||
|
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&
|
||||||
|
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {
|
||||||
|
+ Status = EFI_INVALID_PARAMETER;
|
||||||
|
+ goto ON_EXIT;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&
|
||||||
|
+ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||
|
||||||
|
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {
|
||||||
|
+ Status = EFI_INVALID_PARAMETER;
|
||||||
|
+ goto ON_EXIT;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ goto ON_EXIT;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {
|
||||||
|
+ Status = EFI_INVALID_PARAMETER;
|
||||||
|
+ goto ON_EXIT;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);
|
||||||
|
+
|
||||||
|
+ break;
|
||||||
|
case EfiTlsSessionID:
|
||||||
|
if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
|
||||||
|
Status = EFI_INVALID_PARAMETER;
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,64 @@
|
|||||||
|
From 78cfb461bedb0e0491b267528b2ebd30adc1d87c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 27 Mar 2020 07:01:18 +0100
|
||||||
|
Subject: [PATCH] OvmfPkg/QemuVideoDxe: unbreak "secondary-vga" and
|
||||||
|
"bochs-display" support
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Message-id: <20200226173820.16398-2-lersek@redhat.com>
|
||||||
|
Patchwork-id: 94054
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 1/1] OvmfPkg/QemuVideoDxe: unbreak "secondary-vga" and "bochs-display" support
|
||||||
|
Bugzilla: 1806359
|
||||||
|
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
|
||||||
|
In edk2 commit 333f32ec23dd, QemuVideoDxe gained support for QEMU's
|
||||||
|
"secondary-vga" device model (originally introduced in QEMU commit
|
||||||
|
63e3e24db2e9).
|
||||||
|
|
||||||
|
In QEMU commit 765c94290863, the "bochs-display" device was introduced,
|
||||||
|
which would work with QemuVideoDxe out of the box, reusing the
|
||||||
|
"secondary-vga" logic.
|
||||||
|
|
||||||
|
Support for both models has been broken since edk2 commit 662bd0da7fd7.
|
||||||
|
Said patch ended up requiring VGA IO Ports -- i.e., at least one of
|
||||||
|
EFI_PCI_IO_ATTRIBUTE_VGA_IO and EFI_PCI_IO_ATTRIBUTE_VGA_IO_16 -- even if
|
||||||
|
the device wasn't actually VGA compatible.
|
||||||
|
|
||||||
|
Restrict the IO Ports requirement to VGA compatible devices.
|
||||||
|
|
||||||
|
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||||
|
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||||
|
Cc: Marc W Chen <marc.w.chen@intel.com>
|
||||||
|
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Fixes: 662bd0da7fd77e4d2cf9ef4a78015af5cad7d9db
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2555
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200224171741.7494-1-lersek@redhat.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||||
|
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
(cherry picked from commit edfe16a6d9f8c6830d7ad93ee7616225fe4e9c13)
|
||||||
|
---
|
||||||
|
OvmfPkg/QemuVideoDxe/Driver.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/QemuVideoDxe/Driver.c b/OvmfPkg/QemuVideoDxe/Driver.c
|
||||||
|
index 522110e..902dd1b 100644
|
||||||
|
--- a/OvmfPkg/QemuVideoDxe/Driver.c
|
||||||
|
+++ b/OvmfPkg/QemuVideoDxe/Driver.c
|
||||||
|
@@ -292,7 +292,7 @@ QemuVideoControllerDriverStart (
|
||||||
|
}
|
||||||
|
|
||||||
|
SupportedVgaIo &= (UINT64)(EFI_PCI_IO_ATTRIBUTE_VGA_IO | EFI_PCI_IO_ATTRIBUTE_VGA_IO_16);
|
||||||
|
- if (SupportedVgaIo == 0) {
|
||||||
|
+ if (SupportedVgaIo == 0 && IS_PCI_VGA (&Pci)) {
|
||||||
|
Status = EFI_UNSUPPORTED;
|
||||||
|
goto ClosePciIo;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,82 @@
|
|||||||
|
From b68d6a626977f48ac4d05396edcb70a73b12c66c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:45 +0100
|
||||||
|
Subject: [PATCH 09/12] SecurityPkg/DxeImageVerificationHandler: eliminate
|
||||||
|
"Status" variable
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-10-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93619
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 09/12] SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
The "Status" variable is set to EFI_ACCESS_DENIED at the top of the
|
||||||
|
function. Then it is overwritten with EFI_SECURITY_VIOLATION under the
|
||||||
|
"Failed" (earlier: "Done") label. We finally return "Status".
|
||||||
|
|
||||||
|
The above covers the complete usage of "Status" in
|
||||||
|
DxeImageVerificationHandler(). Remove the variable, and simply return
|
||||||
|
EFI_SECURITY_VIOLATION in the end.
|
||||||
|
|
||||||
|
This patch is a no-op, regarding behavior.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-9-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit fb02f5b2cd0b2a2d413a4f4fc41e085be2ede089)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 5 +----
|
||||||
|
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index 51968bd..b49fe87 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1560,7 +1560,6 @@ DxeImageVerificationHandler (
|
||||||
|
IN BOOLEAN BootPolicy
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- EFI_STATUS Status;
|
||||||
|
EFI_IMAGE_DOS_HEADER *DosHdr;
|
||||||
|
BOOLEAN IsVerified;
|
||||||
|
EFI_SIGNATURE_LIST *SignatureList;
|
||||||
|
@@ -1588,7 +1587,6 @@ DxeImageVerificationHandler (
|
||||||
|
SecDataDir = NULL;
|
||||||
|
PkcsCertData = NULL;
|
||||||
|
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
|
||||||
|
- Status = EFI_ACCESS_DENIED;
|
||||||
|
IsVerified = FALSE;
|
||||||
|
|
||||||
|
|
||||||
|
@@ -1880,13 +1878,12 @@ Failed:
|
||||||
|
DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
|
||||||
|
FreePool(NameStr);
|
||||||
|
}
|
||||||
|
- Status = EFI_SECURITY_VIOLATION;
|
||||||
|
|
||||||
|
if (SignatureList != NULL) {
|
||||||
|
FreePool (SignatureList);
|
||||||
|
}
|
||||||
|
|
||||||
|
- return Status;
|
||||||
|
+ return EFI_SECURITY_VIOLATION;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,103 @@
|
|||||||
|
From ff8b6134756fca6b0c55fedc76aeb5000f783875 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:48 +0100
|
||||||
|
Subject: [PATCH 12/12] SecurityPkg/DxeImageVerificationHandler: fix "defer"
|
||||||
|
vs. "deny" policies
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-13-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93620
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 12/12] SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policies
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
In DxeImageVerificationHandler(), we should return EFI_SECURITY_VIOLATION
|
||||||
|
for a rejected image only if the platform sets
|
||||||
|
DEFER_EXECUTE_ON_SECURITY_VIOLATION as the policy for the image's source.
|
||||||
|
Otherwise, EFI_ACCESS_DENIED must be returned.
|
||||||
|
|
||||||
|
Right now, EFI_SECURITY_VIOLATION is returned for all rejected images,
|
||||||
|
which is wrong -- it causes LoadImage() to hold on to rejected images (in
|
||||||
|
untrusted state), for further platform actions. However, if a platform
|
||||||
|
already set DENY_EXECUTE_ON_SECURITY_VIOLATION, the platform will not
|
||||||
|
expect the rejected image to stick around in memory (regardless of its
|
||||||
|
untrusted state).
|
||||||
|
|
||||||
|
Therefore, adhere to the platform policy in the return value of the
|
||||||
|
DxeImageVerificationHandler() function.
|
||||||
|
|
||||||
|
Furthermore, according to "32.4.2 Image Execution Information Table" in
|
||||||
|
the UEFI v2.8 spec, and considering that edk2 only supports (AuditMode==0)
|
||||||
|
at the moment:
|
||||||
|
|
||||||
|
> When AuditMode==0, if the image's signature is not found in the
|
||||||
|
> authorized database, or is found in the forbidden database, the image
|
||||||
|
> will not be started and instead, information about it will be placed in
|
||||||
|
> this table.
|
||||||
|
|
||||||
|
we have to store an EFI_IMAGE_EXECUTION_INFO record in both the "defer"
|
||||||
|
case and the "deny" case. Thus, the AddImageExeInfo() call is not being
|
||||||
|
made conditional on (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION); the
|
||||||
|
documentation is updated instead.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Fixes: 5db28a6753d307cdfb1cfdeb2f63739a9f959837
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-12-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit 8b0932c19f31cbf9da26d3b8d4e8d954bdbb5269)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 11 ++++++++---
|
||||||
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index 015a5b6..dbfbfcb 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1548,7 +1548,8 @@ Done:
|
||||||
|
execution table.
|
||||||
|
@retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
|
||||||
|
authenticate, and the platform policy dictates that the DXE
|
||||||
|
- Foundation many not use File.
|
||||||
|
+ Foundation may not use File. The image has
|
||||||
|
+ been added to the file execution table.
|
||||||
|
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
@@ -1872,7 +1873,8 @@ DxeImageVerificationHandler (
|
||||||
|
|
||||||
|
Failed:
|
||||||
|
//
|
||||||
|
- // Policy decides to defer or reject the image; add its information in image executable information table.
|
||||||
|
+ // Policy decides to defer or reject the image; add its information in image
|
||||||
|
+ // executable information table in either case.
|
||||||
|
//
|
||||||
|
NameStr = ConvertDevicePathToText (File, FALSE, TRUE);
|
||||||
|
AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
|
||||||
|
@@ -1885,7 +1887,10 @@ Failed:
|
||||||
|
FreePool (SignatureList);
|
||||||
|
}
|
||||||
|
|
||||||
|
- return EFI_SECURITY_VIOLATION;
|
||||||
|
+ if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) {
|
||||||
|
+ return EFI_SECURITY_VIOLATION;
|
||||||
|
+ }
|
||||||
|
+ return EFI_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,87 @@
|
|||||||
|
From d9f12d175da2d203be078d03c9127293ea6fe86b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:47 +0100
|
||||||
|
Subject: [PATCH 11/12] SecurityPkg/DxeImageVerificationHandler: fix imgexec
|
||||||
|
info on memalloc fail
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-12-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93618
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 11/12] SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
It makes no sense to call AddImageExeInfo() with (Signature == NULL) and
|
||||||
|
(SignatureSize > 0). AddImageExeInfo() does not crash in such a case -- it
|
||||||
|
avoids the CopyMem() call --, but it creates an invalid
|
||||||
|
EFI_IMAGE_EXECUTION_INFO record. Namely, the
|
||||||
|
"EFI_IMAGE_EXECUTION_INFO.InfoSize" field includes "SignatureSize", but
|
||||||
|
the actual signature bytes are not filled in.
|
||||||
|
|
||||||
|
Document and ASSERT() this condition in AddImageExeInfo().
|
||||||
|
|
||||||
|
In DxeImageVerificationHandler(), zero out "SignatureListSize" if we set
|
||||||
|
"SignatureList" to NULL due to AllocateZeroPool() failure.
|
||||||
|
|
||||||
|
(Another approach could be to avoid calling AddImageExeInfo() completely,
|
||||||
|
in case AllocateZeroPool() fails. Unfortunately, the UEFI v2.8 spec does
|
||||||
|
not seem to state clearly whether a signature is mandatory in
|
||||||
|
EFI_IMAGE_EXECUTION_INFO, if the "Action" field is
|
||||||
|
EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED or EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND.
|
||||||
|
|
||||||
|
For now, the EFI_IMAGE_EXECUTION_INFO addition logic is not changed; we
|
||||||
|
only make sure that the record we add is not malformed.)
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-11-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit 6aa31db5ebebe18b55aa5359142223a03592416f)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index c98b9e4..015a5b6 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -704,7 +704,7 @@ GetImageExeInfoTableSize (
|
||||||
|
@param[in] Name Input a null-terminated, user-friendly name.
|
||||||
|
@param[in] DevicePath Input device path pointer.
|
||||||
|
@param[in] Signature Input signature info in EFI_SIGNATURE_LIST data structure.
|
||||||
|
- @param[in] SignatureSize Size of signature.
|
||||||
|
+ @param[in] SignatureSize Size of signature. Must be zero if Signature is NULL.
|
||||||
|
|
||||||
|
**/
|
||||||
|
VOID
|
||||||
|
@@ -761,6 +761,7 @@ AddImageExeInfo (
|
||||||
|
//
|
||||||
|
// Signature size can be odd. Pad after signature to ensure next EXECUTION_INFO entry align
|
||||||
|
//
|
||||||
|
+ ASSERT (Signature != NULL || SignatureSize == 0);
|
||||||
|
NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
|
||||||
|
|
||||||
|
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
|
||||||
|
@@ -1858,6 +1859,7 @@ DxeImageVerificationHandler (
|
||||||
|
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
||||||
|
SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
||||||
|
if (SignatureList == NULL) {
|
||||||
|
+ SignatureListSize = 0;
|
||||||
|
goto Failed;
|
||||||
|
}
|
||||||
|
SignatureList->SignatureHeaderSize = 0;
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,64 @@
|
|||||||
|
From e2efec69c63703c324099b987204a38fdb0d9d6f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:46 +0100
|
||||||
|
Subject: [PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for
|
||||||
|
(FileBuffer==NULL)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-11-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93613
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
"FileBuffer" is a non-optional input (pointer) parameter to
|
||||||
|
DxeImageVerificationHandler(). Normally, when an edk2 function receives a
|
||||||
|
NULL argument for such a parameter, we return EFI_INVALID_PARAMETER or
|
||||||
|
RETURN_INVALID_PARAMETER. However, those don't conform to the
|
||||||
|
SECURITY2_FILE_AUTHENTICATION_HANDLER prototype.
|
||||||
|
|
||||||
|
Return EFI_ACCESS_DENIED when "FileBuffer" is NULL; it means that no image
|
||||||
|
has been loaded.
|
||||||
|
|
||||||
|
This patch does not change the control flow in the function, it only
|
||||||
|
changes the "Status" outcome from API-incompatible error codes to
|
||||||
|
EFI_ACCESS_DENIED, under some circumstances.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-10-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit 6d57592740cdd0b6868baeef7929d6e6fef7a8e3)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index b49fe87..c98b9e4 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1655,7 +1655,7 @@ DxeImageVerificationHandler (
|
||||||
|
// Read the Dos header.
|
||||||
|
//
|
||||||
|
if (FileBuffer == NULL) {
|
||||||
|
- return EFI_INVALID_PARAMETER;
|
||||||
|
+ return EFI_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
mImageBase = (UINT8 *) FileBuffer;
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,71 @@
|
|||||||
|
From 58902877128851f628fe644a5c71600866317fac Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:42 +0100
|
||||||
|
Subject: [PATCH 06/12] SecurityPkg/DxeImageVerificationHandler: fix retval on
|
||||||
|
memalloc failure
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-7-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93616
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 06/12] SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
A SECURITY2_FILE_AUTHENTICATION_HANDLER function is not expected to return
|
||||||
|
EFI_OUT_OF_RESOURCES. We should only return EFI_SUCCESS,
|
||||||
|
EFI_SECURITY_VIOLATION, or EFI_ACCESS_DENIED.
|
||||||
|
|
||||||
|
In case we run out of memory while preparing "SignatureList" for
|
||||||
|
AddImageExeInfo(), we should simply stick with the EFI_ACCESS_DENIED value
|
||||||
|
that is already in "Status" -- from just before the "Action" condition --,
|
||||||
|
and not suppress it with EFI_OUT_OF_RESOURCES.
|
||||||
|
|
||||||
|
This patch does not change the control flow in the function, it only
|
||||||
|
changes the "Status" outcome from API-incompatible error codes to
|
||||||
|
EFI_ACCESS_DENIED, under some circumstances.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-6-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit f891b052c5ec13c1032fb9d340d5262ac1a7e7e1)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 --
|
||||||
|
1 file changed, 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index 5cc82c1..5f09a66 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1541,7 +1541,6 @@ Done:
|
||||||
|
and non-NULL FileBuffer did authenticate, and the platform
|
||||||
|
policy dictates that the DXE Foundation may execute the image in
|
||||||
|
FileBuffer.
|
||||||
|
- @retval EFI_OUT_RESOURCE Fail to allocate memory.
|
||||||
|
@retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
|
||||||
|
the platform policy dictates that File should be placed
|
||||||
|
in the untrusted state. The image has been added to the file
|
||||||
|
@@ -1862,7 +1861,6 @@ DxeImageVerificationHandler (
|
||||||
|
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
||||||
|
SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
||||||
|
if (SignatureList == NULL) {
|
||||||
|
- Status = EFI_OUT_OF_RESOURCES;
|
||||||
|
goto Done;
|
||||||
|
}
|
||||||
|
SignatureList->SignatureHeaderSize = 0;
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,97 @@
|
|||||||
|
From 37b5981bf7eb94314b62810da495d724873d904a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:40 +0100
|
||||||
|
Subject: [PATCH 04/12] SecurityPkg/DxeImageVerificationHandler: keep PE/COFF
|
||||||
|
info status internal
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-5-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93609
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 04/12] SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internal
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
The PeCoffLoaderGetImageInfo() function may return various error codes,
|
||||||
|
such as RETURN_INVALID_PARAMETER and RETURN_UNSUPPORTED.
|
||||||
|
|
||||||
|
Such error values should not be assigned to our "Status" variable in the
|
||||||
|
DxeImageVerificationHandler() function, because "Status" generally stands
|
||||||
|
for the main exit value of the function. And
|
||||||
|
SECURITY2_FILE_AUTHENTICATION_HANDLER functions are expected to return one
|
||||||
|
of EFI_SUCCESS, EFI_SECURITY_VIOLATION, and EFI_ACCESS_DENIED only.
|
||||||
|
|
||||||
|
Introduce the "PeCoffStatus" helper variable for keeping the return value
|
||||||
|
of PeCoffLoaderGetImageInfo() internal to the function. If
|
||||||
|
PeCoffLoaderGetImageInfo() fails, we'll jump to the "Done" label with
|
||||||
|
"Status" being EFI_ACCESS_DENIED, inherited from the top of the function.
|
||||||
|
|
||||||
|
Note that this is consistent with the subsequent PE/COFF Signature check,
|
||||||
|
where we jump to the "Done" label with "Status" having been re-set to
|
||||||
|
EFI_ACCESS_DENIED.
|
||||||
|
|
||||||
|
As a consequence, we can at once remove the
|
||||||
|
|
||||||
|
Status = EFI_ACCESS_DENIED;
|
||||||
|
|
||||||
|
assignment right after the "PeCoffStatus" check.
|
||||||
|
|
||||||
|
This patch does not change the control flow in the function, it only
|
||||||
|
changes the "Status" outcome from API-incompatible error codes to
|
||||||
|
EFI_ACCESS_DENIED, under some circumstances.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-4-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit 61a9fa589a15e9005bec293f9766c78b60fbc9fc)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 7 +++----
|
||||||
|
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index 8204c9c..e6c8a54 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1580,6 +1580,7 @@ DxeImageVerificationHandler (
|
||||||
|
EFI_IMAGE_DATA_DIRECTORY *SecDataDir;
|
||||||
|
UINT32 OffSet;
|
||||||
|
CHAR16 *NameStr;
|
||||||
|
+ RETURN_STATUS PeCoffStatus;
|
||||||
|
|
||||||
|
SignatureList = NULL;
|
||||||
|
SignatureListSize = 0;
|
||||||
|
@@ -1669,8 +1670,8 @@ DxeImageVerificationHandler (
|
||||||
|
//
|
||||||
|
// Get information about the image being loaded
|
||||||
|
//
|
||||||
|
- Status = PeCoffLoaderGetImageInfo (&ImageContext);
|
||||||
|
- if (EFI_ERROR (Status)) {
|
||||||
|
+ PeCoffStatus = PeCoffLoaderGetImageInfo (&ImageContext);
|
||||||
|
+ if (RETURN_ERROR (PeCoffStatus)) {
|
||||||
|
//
|
||||||
|
// The information can't be got from the invalid PeImage
|
||||||
|
//
|
||||||
|
@@ -1678,8 +1679,6 @@ DxeImageVerificationHandler (
|
||||||
|
goto Done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- Status = EFI_ACCESS_DENIED;
|
||||||
|
-
|
||||||
|
DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
|
||||||
|
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
|
||||||
|
//
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,79 @@
|
|||||||
|
From 73de814a5f30c2c6d82736082c1114a028d12115 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:41 +0100
|
||||||
|
Subject: [PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down
|
||||||
|
PE/COFF hash status
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-6-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93615
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
Inside the "for" loop that scans the signatures of the image, we call
|
||||||
|
HashPeImageByType(), and assign its return value to "Status".
|
||||||
|
|
||||||
|
Beyond the immediate retval check, this assignment is useless (never
|
||||||
|
consumed). That's because a subsequent access to "Status" may only be one
|
||||||
|
of the following:
|
||||||
|
|
||||||
|
- the "Status" assignment when we call HashPeImageByType() in the next
|
||||||
|
iteration of the loop,
|
||||||
|
|
||||||
|
- the "Status = EFI_ACCESS_DENIED" assignment right after the final
|
||||||
|
"IsVerified" check.
|
||||||
|
|
||||||
|
To make it clear that the assignment is only useful for the immediate
|
||||||
|
HashPeImageByType() retval check, introduce a specific helper variable,
|
||||||
|
called "HashStatus".
|
||||||
|
|
||||||
|
This patch is a no-op, functionally.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-5-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit 47650a5cab608e07c31d66bdb9b4cc6e58bdf22f)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 5 +++--
|
||||||
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index e6c8a54..5cc82c1 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1581,6 +1581,7 @@ DxeImageVerificationHandler (
|
||||||
|
UINT32 OffSet;
|
||||||
|
CHAR16 *NameStr;
|
||||||
|
RETURN_STATUS PeCoffStatus;
|
||||||
|
+ EFI_STATUS HashStatus;
|
||||||
|
|
||||||
|
SignatureList = NULL;
|
||||||
|
SignatureListSize = 0;
|
||||||
|
@@ -1802,8 +1803,8 @@ DxeImageVerificationHandler (
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
- Status = HashPeImageByType (AuthData, AuthDataSize);
|
||||||
|
- if (EFI_ERROR (Status)) {
|
||||||
|
+ HashStatus = HashPeImageByType (AuthData, AuthDataSize);
|
||||||
|
+ if (EFI_ERROR (HashStatus)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,142 @@
|
|||||||
|
From 5aa2d52451b7890480d31a3437a0024bfd9e1a57 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:39 +0100
|
||||||
|
Subject: [PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else"
|
||||||
|
after return/break
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-4-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93614
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
In the code structure
|
||||||
|
|
||||||
|
if (condition) {
|
||||||
|
//
|
||||||
|
// block1
|
||||||
|
//
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
//
|
||||||
|
// block2
|
||||||
|
//
|
||||||
|
}
|
||||||
|
|
||||||
|
nesting "block2" in an "else" branch is superfluous, and harms
|
||||||
|
readability. It can be transformed to:
|
||||||
|
|
||||||
|
if (condition) {
|
||||||
|
//
|
||||||
|
// block1
|
||||||
|
//
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
//
|
||||||
|
// block2
|
||||||
|
//
|
||||||
|
|
||||||
|
with identical behavior, and improved readability (less nesting).
|
||||||
|
|
||||||
|
The same applies to "break" (instead of "return") in a loop body.
|
||||||
|
|
||||||
|
Perform these transformations on DxeImageVerificationHandler().
|
||||||
|
|
||||||
|
This patch is a no-op for behavior. Use
|
||||||
|
|
||||||
|
git show -b -W
|
||||||
|
|
||||||
|
for reviewing it more easily.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-3-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit eccb856f013aec700234211e7371f03454ef9d52)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../DxeImageVerificationLib.c | 41 +++++++++++-----------
|
||||||
|
1 file changed, 21 insertions(+), 20 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index 5afd723..8204c9c 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1621,7 +1621,8 @@ DxeImageVerificationHandler (
|
||||||
|
//
|
||||||
|
if (Policy == ALWAYS_EXECUTE) {
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
- } else if (Policy == NEVER_EXECUTE) {
|
||||||
|
+ }
|
||||||
|
+ if (Policy == NEVER_EXECUTE) {
|
||||||
|
return EFI_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1833,7 +1834,8 @@ DxeImageVerificationHandler (
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));
|
||||||
|
IsVerified = FALSE;
|
||||||
|
break;
|
||||||
|
- } else if (!IsVerified) {
|
||||||
|
+ }
|
||||||
|
+ if (!IsVerified) {
|
||||||
|
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
|
||||||
|
IsVerified = TRUE;
|
||||||
|
} else {
|
||||||
|
@@ -1851,25 +1853,24 @@ DxeImageVerificationHandler (
|
||||||
|
|
||||||
|
if (IsVerified) {
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
- } else {
|
||||||
|
- Status = EFI_ACCESS_DENIED;
|
||||||
|
- if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
|
||||||
|
- //
|
||||||
|
- // Get image hash value as signature of executable.
|
||||||
|
- //
|
||||||
|
- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
||||||
|
- SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
||||||
|
- if (SignatureList == NULL) {
|
||||||
|
- Status = EFI_OUT_OF_RESOURCES;
|
||||||
|
- goto Done;
|
||||||
|
- }
|
||||||
|
- SignatureList->SignatureHeaderSize = 0;
|
||||||
|
- SignatureList->SignatureListSize = (UINT32) SignatureListSize;
|
||||||
|
- SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
|
||||||
|
- CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
|
||||||
|
- Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
|
||||||
|
- CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
|
||||||
|
+ }
|
||||||
|
+ Status = EFI_ACCESS_DENIED;
|
||||||
|
+ if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
|
||||||
|
+ //
|
||||||
|
+ // Get image hash value as signature of executable.
|
||||||
|
+ //
|
||||||
|
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
||||||
|
+ SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
||||||
|
+ if (SignatureList == NULL) {
|
||||||
|
+ Status = EFI_OUT_OF_RESOURCES;
|
||||||
|
+ goto Done;
|
||||||
|
}
|
||||||
|
+ SignatureList->SignatureHeaderSize = 0;
|
||||||
|
+ SignatureList->SignatureListSize = (UINT32) SignatureListSize;
|
||||||
|
+ SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
|
||||||
|
+ CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
|
||||||
|
+ Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
|
||||||
|
+ CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
|
||||||
|
}
|
||||||
|
|
||||||
|
Done:
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,55 @@
|
|||||||
|
From d25dc10aa262b33794f16b75a0ada3aad507abe7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:43 +0100
|
||||||
|
Subject: [PATCH 07/12] SecurityPkg/DxeImageVerificationHandler: remove
|
||||||
|
superfluous Status setting
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-8-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93617
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 07/12] SecurityPkg/DxeImageVerificationHandler: remove superfluous Status setting
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
After the final "IsVerified" check, we set "Status" to EFI_ACCESS_DENIED.
|
||||||
|
This is superfluous, as "Status" already carries EFI_ACCESS_DENIED value
|
||||||
|
there, from the top of the function. Remove the assignment.
|
||||||
|
|
||||||
|
Functionally, this change is a no-op.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-7-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit 12a4ef58a8b1f8610f6f7cd3ffb973f924f175fb)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index 5f09a66..6ccce1f 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1853,7 +1853,6 @@ DxeImageVerificationHandler (
|
||||||
|
if (IsVerified) {
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
- Status = EFI_ACCESS_DENIED;
|
||||||
|
if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
|
||||||
|
//
|
||||||
|
// Get image hash value as signature of executable.
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,119 @@
|
|||||||
|
From cd4f4b384857f4295d336d66fc8693348ef08a33 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:38 +0100
|
||||||
|
Subject: [PATCH 02/12] SecurityPkg/DxeImageVerificationHandler: simplify
|
||||||
|
"VerifyStatus"
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-3-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93611
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 02/12] SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
In the DxeImageVerificationHandler() function, the "VerifyStatus" variable
|
||||||
|
can only contain one of two values: EFI_SUCCESS and EFI_ACCESS_DENIED.
|
||||||
|
Furthermore, the variable is only consumed with EFI_ERROR().
|
||||||
|
|
||||||
|
Therefore, using the EFI_STATUS type for the variable is unnecessary.
|
||||||
|
Worse, given the complex meanings of the function's return values, using
|
||||||
|
EFI_STATUS for "VerifyStatus" is actively confusing.
|
||||||
|
|
||||||
|
Rename the variable to "IsVerified", and make it a simple BOOLEAN.
|
||||||
|
|
||||||
|
This patch is a no-op, regarding behavior.
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-2-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit 1e0f973b65c34841288c25fd441a37eec8a30ac7)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../DxeImageVerificationLib.c | 20 ++++++++++----------
|
||||||
|
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index a0a12b5..5afd723 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1563,7 +1563,7 @@ DxeImageVerificationHandler (
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
EFI_IMAGE_DOS_HEADER *DosHdr;
|
||||||
|
- EFI_STATUS VerifyStatus;
|
||||||
|
+ BOOLEAN IsVerified;
|
||||||
|
EFI_SIGNATURE_LIST *SignatureList;
|
||||||
|
UINTN SignatureListSize;
|
||||||
|
EFI_SIGNATURE_DATA *Signature;
|
||||||
|
@@ -1588,7 +1588,7 @@ DxeImageVerificationHandler (
|
||||||
|
PkcsCertData = NULL;
|
||||||
|
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
|
||||||
|
Status = EFI_ACCESS_DENIED;
|
||||||
|
- VerifyStatus = EFI_ACCESS_DENIED;
|
||||||
|
+ IsVerified = FALSE;
|
||||||
|
|
||||||
|
|
||||||
|
//
|
||||||
|
@@ -1812,16 +1812,16 @@ DxeImageVerificationHandler (
|
||||||
|
//
|
||||||
|
if (IsForbiddenByDbx (AuthData, AuthDataSize)) {
|
||||||
|
Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
|
||||||
|
- VerifyStatus = EFI_ACCESS_DENIED;
|
||||||
|
+ IsVerified = FALSE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Check the digital signature against the valid certificate in allowed database (db).
|
||||||
|
//
|
||||||
|
- if (EFI_ERROR (VerifyStatus)) {
|
||||||
|
+ if (!IsVerified) {
|
||||||
|
if (IsAllowedByDb (AuthData, AuthDataSize)) {
|
||||||
|
- VerifyStatus = EFI_SUCCESS;
|
||||||
|
+ IsVerified = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1831,11 +1831,11 @@ DxeImageVerificationHandler (
|
||||||
|
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
|
||||||
|
Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));
|
||||||
|
- VerifyStatus = EFI_ACCESS_DENIED;
|
||||||
|
+ IsVerified = FALSE;
|
||||||
|
break;
|
||||||
|
- } else if (EFI_ERROR (VerifyStatus)) {
|
||||||
|
+ } else if (!IsVerified) {
|
||||||
|
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
|
||||||
|
- VerifyStatus = EFI_SUCCESS;
|
||||||
|
+ IsVerified = TRUE;
|
||||||
|
} else {
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is not allowed by DB and %s hash of image is not found in DB/DBX.\n", mHashTypeStr));
|
||||||
|
}
|
||||||
|
@@ -1846,10 +1846,10 @@ DxeImageVerificationHandler (
|
||||||
|
//
|
||||||
|
// The Size in Certificate Table or the attribute certificate table is corrupted.
|
||||||
|
//
|
||||||
|
- VerifyStatus = EFI_ACCESS_DENIED;
|
||||||
|
+ IsVerified = FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!EFI_ERROR (VerifyStatus)) {
|
||||||
|
+ if (IsVerified) {
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
} else {
|
||||||
|
Status = EFI_ACCESS_DENIED;
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,139 @@
|
|||||||
|
From 3e06fe42d63856e48c6457dbb7e816b82416c9ca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:44 +0100
|
||||||
|
Subject: [PATCH 08/12] SecurityPkg/DxeImageVerificationHandler: unnest
|
||||||
|
AddImageExeInfo() call
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-9-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93610
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 08/12] SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() call
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
Before the "Done" label at the end of DxeImageVerificationHandler(), we
|
||||||
|
now have a single access to "Status": we set "Status" to EFI_ACCESS_DENIED
|
||||||
|
at the top of the function. Therefore, the (Status != EFI_SUCCESS)
|
||||||
|
condition is always true under the "Done" label.
|
||||||
|
|
||||||
|
Accordingly, unnest the AddImageExeInfo() call dependent on that
|
||||||
|
condition, remove the condition, and also rename the "Done" label to
|
||||||
|
"Failed".
|
||||||
|
|
||||||
|
Functionally, this patch is a no-op. It's easier to review with:
|
||||||
|
|
||||||
|
git show -b -W
|
||||||
|
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200116190705.18816-8-lersek@redhat.com>
|
||||||
|
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
[lersek@redhat.com: replace EFI_D_INFO w/ DEBUG_INFO for PatchCheck.py]
|
||||||
|
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
||||||
|
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
||||||
|
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
||||||
|
(cherry picked from commit c602e97446a8e818bf09182f5dc9f3fa409ece95)
|
||||||
|
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../DxeImageVerificationLib.c | 34 ++++++++++------------
|
||||||
|
1 file changed, 16 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index 6ccce1f..51968bd 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -1676,7 +1676,7 @@ DxeImageVerificationHandler (
|
||||||
|
// The information can't be got from the invalid PeImage
|
||||||
|
//
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: PeImage invalid. Cannot retrieve image information.\n"));
|
||||||
|
- goto Done;
|
||||||
|
+ goto Failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
|
||||||
|
@@ -1698,7 +1698,7 @@ DxeImageVerificationHandler (
|
||||||
|
// It is not a valid Pe/Coff file.
|
||||||
|
//
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Not a valid PE/COFF image.\n"));
|
||||||
|
- goto Done;
|
||||||
|
+ goto Failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
|
||||||
|
@@ -1729,7 +1729,7 @@ DxeImageVerificationHandler (
|
||||||
|
//
|
||||||
|
if (!HashPeImage (HASHALG_SHA256)) {
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Failed to hash this image using %s.\n", mHashTypeStr));
|
||||||
|
- goto Done;
|
||||||
|
+ goto Failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
|
||||||
|
@@ -1737,7 +1737,7 @@ DxeImageVerificationHandler (
|
||||||
|
// Image Hash is in forbidden database (DBX).
|
||||||
|
//
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed and %s hash of image is forbidden by DBX.\n", mHashTypeStr));
|
||||||
|
- goto Done;
|
||||||
|
+ goto Failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
|
||||||
|
@@ -1751,7 +1751,7 @@ DxeImageVerificationHandler (
|
||||||
|
// Image Hash is not found in both forbidden and allowed database.
|
||||||
|
//
|
||||||
|
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed and %s hash of image is not found in DB/DBX.\n", mHashTypeStr));
|
||||||
|
- goto Done;
|
||||||
|
+ goto Failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
@@ -1860,7 +1860,7 @@ DxeImageVerificationHandler (
|
||||||
|
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
||||||
|
SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
||||||
|
if (SignatureList == NULL) {
|
||||||
|
- goto Done;
|
||||||
|
+ goto Failed;
|
||||||
|
}
|
||||||
|
SignatureList->SignatureHeaderSize = 0;
|
||||||
|
SignatureList->SignatureListSize = (UINT32) SignatureListSize;
|
||||||
|
@@ -1870,19 +1870,17 @@ DxeImageVerificationHandler (
|
||||||
|
CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
|
||||||
|
}
|
||||||
|
|
||||||
|
-Done:
|
||||||
|
- if (Status != EFI_SUCCESS) {
|
||||||
|
- //
|
||||||
|
- // Policy decides to defer or reject the image; add its information in image executable information table.
|
||||||
|
- //
|
||||||
|
- NameStr = ConvertDevicePathToText (File, FALSE, TRUE);
|
||||||
|
- AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
|
||||||
|
- if (NameStr != NULL) {
|
||||||
|
- DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));
|
||||||
|
- FreePool(NameStr);
|
||||||
|
- }
|
||||||
|
- Status = EFI_SECURITY_VIOLATION;
|
||||||
|
+Failed:
|
||||||
|
+ //
|
||||||
|
+ // Policy decides to defer or reject the image; add its information in image executable information table.
|
||||||
|
+ //
|
||||||
|
+ NameStr = ConvertDevicePathToText (File, FALSE, TRUE);
|
||||||
|
+ AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
|
||||||
|
+ if (NameStr != NULL) {
|
||||||
|
+ DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
|
||||||
|
+ FreePool(NameStr);
|
||||||
|
}
|
||||||
|
+ Status = EFI_SECURITY_VIOLATION;
|
||||||
|
|
||||||
|
if (SignatureList != NULL) {
|
||||||
|
FreePool (SignatureList);
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
103
SOURCES/edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch
Normal file
103
SOURCES/edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
From 7f364d9a95905efee0a8b46e4108042aaebe7849 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 31 Jan 2020 12:42:37 +0100
|
||||||
|
Subject: [PATCH 01/12] SecurityPkg: Fix spelling errors [PARTIAL PICK]
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200131124248.22369-2-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93612
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 01/12] SecurityPkg: Fix spelling errors [PARTIAL PICK]
|
||||||
|
Bugzilla: 1751993
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
From: Sean Brogan <sean.brogan@microsoft.com>
|
||||||
|
|
||||||
|
--v-- RHEL-8 note start --v--
|
||||||
|
|
||||||
|
This is a partial cherry-pick, restricted to
|
||||||
|
"SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c".
|
||||||
|
|
||||||
|
The upstream patch has a super-ugly diffstat (81 files changed, 205
|
||||||
|
insertions(+), 205 deletions(-)), fixing spelling errors all over
|
||||||
|
SecurityPkg in one go. It doesn't apply cleanly down-stream, and I don't
|
||||||
|
want to pick more (unrelated) SecurityPkg dependencies for this backport
|
||||||
|
series.
|
||||||
|
|
||||||
|
Thus, the only alternative to this partial cherry-pick would be resolving
|
||||||
|
conflicts over the rest of this series. That's obviously worse than a
|
||||||
|
partial typo fix backport. At the next rebase, we're going to drop this
|
||||||
|
patch and the rest of the backport series alike, anyway.
|
||||||
|
|
||||||
|
--^-- RHEL-8 note end --^--
|
||||||
|
|
||||||
|
https://bugzilla.tianocore.org/show_bug.cgi?id=2265
|
||||||
|
|
||||||
|
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
||||||
|
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
(cherry picked from commit d6b926e76e3d639ac37610e97d33ff9e3a6281eb)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 10 +++++-----
|
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
index fe4cdcc..a0a12b5 100644
|
||||||
|
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
||||||
|
@@ -745,7 +745,7 @@ AddImageExeInfo (
|
||||||
|
if (ImageExeInfoTable != NULL) {
|
||||||
|
//
|
||||||
|
// The table has been found!
|
||||||
|
- // We must enlarge the table to accomodate the new exe info entry.
|
||||||
|
+ // We must enlarge the table to accommodate the new exe info entry.
|
||||||
|
//
|
||||||
|
ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable);
|
||||||
|
} else {
|
||||||
|
@@ -947,7 +947,7 @@ Done:
|
||||||
|
|
||||||
|
@param[in] VariableName Name of database variable that is searched in.
|
||||||
|
@param[in] Signature Pointer to signature that is searched for.
|
||||||
|
- @param[in] CertType Pointer to hash algrithom.
|
||||||
|
+ @param[in] CertType Pointer to hash algorithm.
|
||||||
|
@param[in] SignatureSize Size of Signature.
|
||||||
|
|
||||||
|
@return TRUE Found the signature in the variable database.
|
||||||
|
@@ -992,7 +992,7 @@ IsSignatureFoundInDatabase (
|
||||||
|
goto Done;
|
||||||
|
}
|
||||||
|
//
|
||||||
|
- // Enumerate all signature data in SigDB to check if executable's signature exists.
|
||||||
|
+ // Enumerate all signature data in SigDB to check if signature exists for executable.
|
||||||
|
//
|
||||||
|
CertList = (EFI_SIGNATURE_LIST *) Data;
|
||||||
|
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
|
||||||
|
@@ -1844,7 +1844,7 @@ DxeImageVerificationHandler (
|
||||||
|
|
||||||
|
if (OffSet != (SecDataDir->VirtualAddress + SecDataDir->Size)) {
|
||||||
|
//
|
||||||
|
- // The Size in Certificate Table or the attribute certicate table is corrupted.
|
||||||
|
+ // The Size in Certificate Table or the attribute certificate table is corrupted.
|
||||||
|
//
|
||||||
|
VerifyStatus = EFI_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
@@ -1855,7 +1855,7 @@ DxeImageVerificationHandler (
|
||||||
|
Status = EFI_ACCESS_DENIED;
|
||||||
|
if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
|
||||||
|
//
|
||||||
|
- // Get image hash value as executable's signature.
|
||||||
|
+ // Get image hash value as signature of executable.
|
||||||
|
//
|
||||||
|
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
|
||||||
|
SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -0,0 +1,152 @@
|
|||||||
|
From 2613601640be75f79e9dd8d2db21ad45d227d907 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Fri, 17 Jan 2020 11:33:43 +0100
|
||||||
|
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: fix 2M->4K page splitting
|
||||||
|
regression for PDEs
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-id: <20200117113343.30392-2-lersek@redhat.com>
|
||||||
|
Patchwork-id: 93389
|
||||||
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 1/1] UefiCpuPkg/PiSmmCpuDxeSmm: fix 2M->4K page splitting regression for PDEs
|
||||||
|
Bugzilla: 1789335
|
||||||
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||||
|
|
||||||
|
In commit 4eee0cc7cc0d ("UefiCpuPkg/PiSmmCpu: Enable 5 level paging when
|
||||||
|
CPU supports", 2019-07-12), the Page Directory Entry setting was regressed
|
||||||
|
(corrupted) when splitting a 2MB page to 512 4KB pages, in the
|
||||||
|
InitPaging() function.
|
||||||
|
|
||||||
|
Consider the following hunk, displayed with
|
||||||
|
|
||||||
|
$ git show --function-context --ignore-space-change 4eee0cc7cc0db
|
||||||
|
|
||||||
|
> //
|
||||||
|
> // If it is 2M page, check IsAddressSplit()
|
||||||
|
> //
|
||||||
|
> if (((*Pd & IA32_PG_PS) != 0) && IsAddressSplit (Address)) {
|
||||||
|
> //
|
||||||
|
> // Based on current page table, create 4KB page table for split area.
|
||||||
|
> //
|
||||||
|
> ASSERT (Address == (*Pd & PHYSICAL_ADDRESS_MASK));
|
||||||
|
>
|
||||||
|
> Pt = AllocatePageTableMemory (1);
|
||||||
|
> ASSERT (Pt != NULL);
|
||||||
|
>
|
||||||
|
> + *Pd = (UINTN) Pt | IA32_PG_RW | IA32_PG_P;
|
||||||
|
> +
|
||||||
|
> // Split it
|
||||||
|
> - for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++) {
|
||||||
|
> - Pt[PtIndex] = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
|
||||||
|
> + for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++, Pt++) {
|
||||||
|
> + *Pt = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
|
||||||
|
> } // end for PT
|
||||||
|
> *Pd = (UINT64)(UINTN)Pt | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
|
||||||
|
> } // end if IsAddressSplit
|
||||||
|
> } // end for PD
|
||||||
|
|
||||||
|
First, the new assignment to the Page Directory Entry (*Pd) is
|
||||||
|
superfluous. That's because (a) we set (*Pd) after the Page Table Entry
|
||||||
|
loop anyway, and (b) here we do not attempt to access the memory starting
|
||||||
|
at "Address" (which is mapped by the original value of the Page Directory
|
||||||
|
Entry).
|
||||||
|
|
||||||
|
Second, appending "Pt++" to the incrementing expression of the PTE loop is
|
||||||
|
a bug. It causes "Pt" to point *right past* the just-allocated Page Table,
|
||||||
|
once we finish the loop. But the PDE assignment that immediately follows
|
||||||
|
the loop assumes that "Pt" still points to the *start* of the new Page
|
||||||
|
Table.
|
||||||
|
|
||||||
|
The result is that the originally mapped 2MB page disappears from the
|
||||||
|
processor's view. The PDE now points to a "Page Table" that is filled with
|
||||||
|
garbage. The random entries in that "Page Table" will cause some virtual
|
||||||
|
addresses in the original 2MB area to fault. Other virtual addresses in
|
||||||
|
the same range will no longer have a 1:1 physical mapping, but be
|
||||||
|
scattered over random physical page frames.
|
||||||
|
|
||||||
|
The second phase of the InitPaging() function ("Go through page table and
|
||||||
|
set several page table entries to absent or execute-disable") already
|
||||||
|
manipulates entries in wrong Page Tables, for such PDEs that got split in
|
||||||
|
the first phase.
|
||||||
|
|
||||||
|
This issue has been caught as follows:
|
||||||
|
|
||||||
|
- OVMF is started with 2001 MB of guest RAM.
|
||||||
|
|
||||||
|
- This places the main SMRAM window at 0x7C10_1000.
|
||||||
|
|
||||||
|
- The SMRAM management in the SMM Core links this SMRAM window into
|
||||||
|
"mSmmMemoryMap", with a FREE_PAGE_LIST record placed at the start of the
|
||||||
|
area.
|
||||||
|
|
||||||
|
- At "SMM Ready To Lock" time, PiSmmCpuDxeSmm calls InitPaging(). The
|
||||||
|
first phase (quoted above) decides to split the 2MB page at 0x7C00_0000
|
||||||
|
into 512 4KB pages, and corrupts the PDE. The new Page Table is
|
||||||
|
allocated at 0x7CE0_D000, but the PDE is set to 0x7CE0_E000 (plus
|
||||||
|
attributes 0x67).
|
||||||
|
|
||||||
|
- Due to the corrupted PDE, the second phase of InitPaging() already looks
|
||||||
|
up the PTE for Address=0x7C10_1000 in the wrong place. The second phase
|
||||||
|
goes on to mark bogus PTEs as "NX".
|
||||||
|
|
||||||
|
- PiSmmCpuDxeSmm calls SetMemMapAttributes(). Address 0x7C10_1000 is at
|
||||||
|
the base of the SMRAM window, therefore it happens to be listed in the
|
||||||
|
SMRAM map as an EfiConventionalMemory region. SetMemMapAttributes()
|
||||||
|
calls SmmSetMemoryAttributes() to mark the region as XP. However,
|
||||||
|
GetPageTableEntry() in ConvertMemoryPageAttributes() fails -- address
|
||||||
|
0x7C10_1000 is no longer mapped by anything! -- and so the attribute
|
||||||
|
setting fails with RETURN_UNSUPPORTED. This error goes unnoticed, as
|
||||||
|
SetMemMapAttributes() ignores the return value of
|
||||||
|
SmmSetMemoryAttributes().
|
||||||
|
|
||||||
|
- When SetMemMapAttributes() reaches another entry in the SMRAM map,
|
||||||
|
ConvertMemoryPageAttributes() decides it needs to split a 2MB page, and
|
||||||
|
calls SplitPage().
|
||||||
|
|
||||||
|
- SplitPage() calls AllocatePageTableMemory() for the new Page Table,
|
||||||
|
which takes us to InternalAllocMaxAddress() in the SMM Core.
|
||||||
|
|
||||||
|
- The SMM core attempts to read the FREE_PAGE_LIST record at 0x7C10_1000.
|
||||||
|
Because this virtual address is no longer mapped, the firmware crashes
|
||||||
|
in InternalAllocMaxAddress(), when accessing (Pages->NumberOfPages).
|
||||||
|
|
||||||
|
Remove the useless assignment to (*Pd) from before the loop. Revert the
|
||||||
|
loop incrementing and the PTE assignment to the known good version.
|
||||||
|
|
||||||
|
Cc: Eric Dong <eric.dong@intel.com>
|
||||||
|
Cc: Ray Ni <ray.ni@intel.com>
|
||||||
|
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1789335
|
||||||
|
Fixes: 4eee0cc7cc0db74489b99c19eba056b53eda6358
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||||
|
Reviewed-by: Ray Ni <ray.ni@intel.com>
|
||||||
|
(cherry picked from commit a5235562444021e9c5aff08f45daa6b5b7952c7a)
|
||||||
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
---
|
||||||
|
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 6 ++----
|
||||||
|
1 file changed, 2 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
|
||||||
|
index c513152..c47b557 100644
|
||||||
|
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
|
||||||
|
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
|
||||||
|
@@ -657,11 +657,9 @@ InitPaging (
|
||||||
|
Pt = AllocatePageTableMemory (1);
|
||||||
|
ASSERT (Pt != NULL);
|
||||||
|
|
||||||
|
- *Pd = (UINTN) Pt | IA32_PG_RW | IA32_PG_P;
|
||||||
|
-
|
||||||
|
// Split it
|
||||||
|
- for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++, Pt++) {
|
||||||
|
- *Pt = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
|
||||||
|
+ for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++) {
|
||||||
|
+ Pt[PtIndex] = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
|
||||||
|
} // end for PT
|
||||||
|
*Pd = (UINT64)(UINTN)Pt | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
|
||||||
|
} // end if IsAddressSplit
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
31
SOURCES/edk2-aarch64-verbose.json
Normal file
31
SOURCES/edk2-aarch64-verbose.json
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"description": "UEFI firmware for ARM64 virtual machines, verbose logs",
|
||||||
|
"interface-types": [
|
||||||
|
"uefi"
|
||||||
|
],
|
||||||
|
"mapping": {
|
||||||
|
"device": "flash",
|
||||||
|
"executable": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
|
||||||
|
"format": "raw"
|
||||||
|
},
|
||||||
|
"nvram-template": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
|
||||||
|
"format": "raw"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"architecture": "aarch64",
|
||||||
|
"machines": [
|
||||||
|
"virt-*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"features": [
|
||||||
|
"verbose-static"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
|
||||||
|
]
|
||||||
|
}
|
31
SOURCES/edk2-aarch64.json
Normal file
31
SOURCES/edk2-aarch64.json
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"description": "UEFI firmware for ARM64 virtual machines",
|
||||||
|
"interface-types": [
|
||||||
|
"uefi"
|
||||||
|
],
|
||||||
|
"mapping": {
|
||||||
|
"device": "flash",
|
||||||
|
"executable": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
|
||||||
|
"format": "raw"
|
||||||
|
},
|
||||||
|
"nvram-template": {
|
||||||
|
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
|
||||||
|
"format": "raw"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"architecture": "aarch64",
|
||||||
|
"machines": [
|
||||||
|
"virt-*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"features": [
|
||||||
|
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
|
||||||
|
]
|
||||||
|
}
|
36
SOURCES/edk2-ovmf-sb.json
Normal file
36
SOURCES/edk2-ovmf-sb.json
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
{
|
||||||
|
"description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
|
||||||
|
"interface-types": [
|
||||||
|
"uefi"
|
||||||
|
],
|
||||||
|
"mapping": {
|
||||||
|
"device": "flash",
|
||||||
|
"executable": {
|
||||||
|
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
|
||||||
|
"format": "raw"
|
||||||
|
},
|
||||||
|
"nvram-template": {
|
||||||
|
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
|
||||||
|
"format": "raw"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"architecture": "x86_64",
|
||||||
|
"machines": [
|
||||||
|
"pc-q35-*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"features": [
|
||||||
|
"acpi-s3",
|
||||||
|
"amd-sev",
|
||||||
|
"enrolled-keys",
|
||||||
|
"requires-smm",
|
||||||
|
"secure-boot",
|
||||||
|
"verbose-dynamic"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
|
||||||
|
]
|
||||||
|
}
|
35
SOURCES/edk2-ovmf.json
Normal file
35
SOURCES/edk2-ovmf.json
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
{
|
||||||
|
"description": "OVMF with SB+SMM, empty varstore",
|
||||||
|
"interface-types": [
|
||||||
|
"uefi"
|
||||||
|
],
|
||||||
|
"mapping": {
|
||||||
|
"device": "flash",
|
||||||
|
"executable": {
|
||||||
|
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
|
||||||
|
"format": "raw"
|
||||||
|
},
|
||||||
|
"nvram-template": {
|
||||||
|
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
|
||||||
|
"format": "raw"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"architecture": "x86_64",
|
||||||
|
"machines": [
|
||||||
|
"pc-q35-*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"features": [
|
||||||
|
"acpi-s3",
|
||||||
|
"amd-sev",
|
||||||
|
"requires-smm",
|
||||||
|
"secure-boot",
|
||||||
|
"verbose-dynamic"
|
||||||
|
],
|
||||||
|
"tags": [
|
||||||
|
|
||||||
|
]
|
||||||
|
}
|
295
SOURCES/ovmf-vars-generator
Executable file
295
SOURCES/ovmf-vars-generator
Executable file
@ -0,0 +1,295 @@
|
|||||||
|
#!/bin/python3
|
||||||
|
# Copyright (C) 2017 Red Hat
|
||||||
|
# Authors:
|
||||||
|
# - Patrick Uiterwijk <puiterwijk@redhat.com>
|
||||||
|
# - Kashyap Chamarthy <kchamart@redhat.com>
|
||||||
|
#
|
||||||
|
# Licensed under MIT License, for full text see LICENSE
|
||||||
|
#
|
||||||
|
# Purpose: Launch a QEMU guest and enroll ithe UEFI keys into an OVMF
|
||||||
|
# variables ("VARS") file. Then boot a Linux kernel with QEMU.
|
||||||
|
# Finally, perform a check to verify if Secure Boot
|
||||||
|
# is enabled.
|
||||||
|
|
||||||
|
from __future__ import print_function
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import os
|
||||||
|
import logging
|
||||||
|
import tempfile
|
||||||
|
import shutil
|
||||||
|
import string
|
||||||
|
import subprocess
|
||||||
|
|
||||||
|
|
||||||
|
def strip_special(line):
|
||||||
|
return ''.join([c for c in str(line) if c in string.printable])
|
||||||
|
|
||||||
|
|
||||||
|
def generate_qemu_cmd(args, readonly, *extra_args):
|
||||||
|
if args.disable_smm:
|
||||||
|
machinetype = 'pc'
|
||||||
|
else:
|
||||||
|
machinetype = 'q35,smm=on'
|
||||||
|
machinetype += ',accel=%s' % ('kvm' if args.enable_kvm else 'tcg')
|
||||||
|
|
||||||
|
if args.oem_string is None:
|
||||||
|
oemstrings = []
|
||||||
|
else:
|
||||||
|
oemstring_values = [
|
||||||
|
",value=" + s.replace(",", ",,") for s in args.oem_string ]
|
||||||
|
oemstrings = [
|
||||||
|
'-smbios',
|
||||||
|
"type=11" + ''.join(oemstring_values) ]
|
||||||
|
|
||||||
|
return [
|
||||||
|
args.qemu_binary,
|
||||||
|
'-machine', machinetype,
|
||||||
|
'-display', 'none',
|
||||||
|
'-no-user-config',
|
||||||
|
'-nodefaults',
|
||||||
|
'-m', '768',
|
||||||
|
'-smp', '2,sockets=2,cores=1,threads=1',
|
||||||
|
'-chardev', 'pty,id=charserial1',
|
||||||
|
'-device', 'isa-serial,chardev=charserial1,id=serial1',
|
||||||
|
'-global', 'driver=cfi.pflash01,property=secure,value=%s' % (
|
||||||
|
'off' if args.disable_smm else 'on'),
|
||||||
|
'-drive',
|
||||||
|
'file=%s,if=pflash,format=raw,unit=0,readonly=on' % (
|
||||||
|
args.ovmf_binary),
|
||||||
|
'-drive',
|
||||||
|
'file=%s,if=pflash,format=raw,unit=1,readonly=%s' % (
|
||||||
|
args.out_temp, 'on' if readonly else 'off'),
|
||||||
|
'-serial', 'stdio'] + oemstrings + list(extra_args)
|
||||||
|
|
||||||
|
|
||||||
|
def download(url, target, suffix, no_download):
|
||||||
|
istemp = False
|
||||||
|
if target and os.path.exists(target):
|
||||||
|
return target, istemp
|
||||||
|
if not target:
|
||||||
|
temped = tempfile.mkstemp(prefix='qosb.', suffix='.%s' % suffix)
|
||||||
|
os.close(temped[0])
|
||||||
|
target = temped[1]
|
||||||
|
istemp = True
|
||||||
|
if no_download:
|
||||||
|
raise Exception('%s did not exist, but downloading was disabled' %
|
||||||
|
target)
|
||||||
|
import requests
|
||||||
|
logging.debug('Downloading %s to %s', url, target)
|
||||||
|
r = requests.get(url, stream=True)
|
||||||
|
with open(target, 'wb') as f:
|
||||||
|
for chunk in r.iter_content(chunk_size=1024):
|
||||||
|
if chunk:
|
||||||
|
f.write(chunk)
|
||||||
|
return target, istemp
|
||||||
|
|
||||||
|
|
||||||
|
def enroll_keys(args):
|
||||||
|
shutil.copy(args.ovmf_template_vars, args.out_temp)
|
||||||
|
|
||||||
|
logging.info('Starting enrollment')
|
||||||
|
|
||||||
|
cmd = generate_qemu_cmd(
|
||||||
|
args,
|
||||||
|
False,
|
||||||
|
'-drive',
|
||||||
|
'file=%s,format=raw,if=none,media=cdrom,id=drive-cd1,'
|
||||||
|
'readonly=on' % args.uefi_shell_iso,
|
||||||
|
'-device',
|
||||||
|
'ide-cd,drive=drive-cd1,id=cd1,'
|
||||||
|
'bootindex=1')
|
||||||
|
p = subprocess.Popen(cmd,
|
||||||
|
stdin=subprocess.PIPE,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.STDOUT)
|
||||||
|
logging.info('Performing enrollment')
|
||||||
|
# Wait until the UEFI shell starts (first line is printed)
|
||||||
|
read = p.stdout.readline()
|
||||||
|
if b'char device redirected' in read:
|
||||||
|
read = p.stdout.readline()
|
||||||
|
# Skip passed QEMU warnings, like the following one we see in Ubuntu:
|
||||||
|
# qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
|
||||||
|
while b'qemu-system-x86_64: warning:' in read:
|
||||||
|
read = p.stdout.readline()
|
||||||
|
if args.print_output:
|
||||||
|
print(strip_special(read), end='')
|
||||||
|
print()
|
||||||
|
# Send the escape char to enter the UEFI shell early
|
||||||
|
p.stdin.write(b'\x1b')
|
||||||
|
p.stdin.flush()
|
||||||
|
# And then run the following three commands from the UEFI shell:
|
||||||
|
# change into the first file system device; install the default
|
||||||
|
# keys and certificates, and reboot
|
||||||
|
p.stdin.write(b'fs0:\r\n')
|
||||||
|
p.stdin.write(b'EnrollDefaultKeys.efi\r\n')
|
||||||
|
p.stdin.write(b'reset -s\r\n')
|
||||||
|
p.stdin.flush()
|
||||||
|
while True:
|
||||||
|
read = p.stdout.readline()
|
||||||
|
if args.print_output:
|
||||||
|
print('OUT: %s' % strip_special(read), end='')
|
||||||
|
print()
|
||||||
|
if b'info: success' in read:
|
||||||
|
break
|
||||||
|
p.wait()
|
||||||
|
if args.print_output:
|
||||||
|
print(strip_special(p.stdout.read()), end='')
|
||||||
|
logging.info('Finished enrollment')
|
||||||
|
|
||||||
|
|
||||||
|
def test_keys(args):
|
||||||
|
logging.info('Grabbing test kernel')
|
||||||
|
kernel, kerneltemp = download(args.kernel_url, args.kernel_path,
|
||||||
|
'kernel', args.no_download)
|
||||||
|
|
||||||
|
logging.info('Starting verification')
|
||||||
|
try:
|
||||||
|
cmd = generate_qemu_cmd(
|
||||||
|
args,
|
||||||
|
True,
|
||||||
|
'-append', 'console=tty0 console=ttyS0,115200n8',
|
||||||
|
'-kernel', kernel)
|
||||||
|
p = subprocess.Popen(cmd,
|
||||||
|
stdin=subprocess.PIPE,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.STDOUT)
|
||||||
|
logging.info('Performing verification')
|
||||||
|
while True:
|
||||||
|
read = p.stdout.readline()
|
||||||
|
if args.print_output:
|
||||||
|
print('OUT: %s' % strip_special(read), end='')
|
||||||
|
print()
|
||||||
|
if b'Secure boot disabled' in read:
|
||||||
|
raise Exception('Secure Boot was disabled')
|
||||||
|
elif b'Secure boot enabled' in read:
|
||||||
|
logging.info('Confirmed: Secure Boot is enabled')
|
||||||
|
break
|
||||||
|
elif b'Kernel is locked down from EFI secure boot' in read:
|
||||||
|
logging.info('Confirmed: Secure Boot is enabled')
|
||||||
|
break
|
||||||
|
p.kill()
|
||||||
|
if args.print_output:
|
||||||
|
print(strip_special(p.stdout.read()), end='')
|
||||||
|
logging.info('Finished verification')
|
||||||
|
finally:
|
||||||
|
if kerneltemp:
|
||||||
|
os.remove(kernel)
|
||||||
|
|
||||||
|
|
||||||
|
def parse_args():
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument('output', help='Filename for output vars file')
|
||||||
|
parser.add_argument('--out-temp', help=argparse.SUPPRESS)
|
||||||
|
parser.add_argument('--force', help='Overwrite existing output file',
|
||||||
|
action='store_true')
|
||||||
|
parser.add_argument('--print-output', help='Print the QEMU guest output',
|
||||||
|
action='store_true')
|
||||||
|
parser.add_argument('--verbose', '-v', help='Increase verbosity',
|
||||||
|
action='count')
|
||||||
|
parser.add_argument('--quiet', '-q', help='Decrease verbosity',
|
||||||
|
action='count')
|
||||||
|
parser.add_argument('--qemu-binary', help='QEMU binary path',
|
||||||
|
default='/usr/bin/qemu-system-x86_64')
|
||||||
|
parser.add_argument('--enable-kvm', help='Enable KVM acceleration',
|
||||||
|
action='store_true')
|
||||||
|
parser.add_argument('--ovmf-binary', help='OVMF secureboot code file',
|
||||||
|
default='/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd')
|
||||||
|
parser.add_argument('--ovmf-template-vars', help='OVMF empty vars file',
|
||||||
|
default='/usr/share/edk2/ovmf/OVMF_VARS.fd')
|
||||||
|
parser.add_argument('--uefi-shell-iso', help='Path to uefi shell iso',
|
||||||
|
default='/usr/share/edk2/ovmf/UefiShell.iso')
|
||||||
|
parser.add_argument('--skip-enrollment',
|
||||||
|
help='Skip enrollment, only test', action='store_true')
|
||||||
|
parser.add_argument('--skip-testing',
|
||||||
|
help='Skip testing generated "VARS" file',
|
||||||
|
action='store_true')
|
||||||
|
parser.add_argument('--kernel-path',
|
||||||
|
help='Specify a consistent path for kernel')
|
||||||
|
parser.add_argument('--no-download', action='store_true',
|
||||||
|
help='Never download a kernel')
|
||||||
|
parser.add_argument('--fedora-version',
|
||||||
|
help='Fedora version to get kernel for checking',
|
||||||
|
default='27')
|
||||||
|
parser.add_argument('--kernel-url', help='Kernel URL',
|
||||||
|
default='https://download.fedoraproject.org/pub/fedora'
|
||||||
|
'/linux/releases/%(version)s/Everything/x86_64'
|
||||||
|
'/os/images/pxeboot/vmlinuz')
|
||||||
|
parser.add_argument('--disable-smm',
|
||||||
|
help=('Don\'t restrict varstore pflash writes to '
|
||||||
|
'guest code that executes in SMM. Use this '
|
||||||
|
'option only if your OVMF binary doesn\'t have '
|
||||||
|
'the edk2 SMM driver stack built into it '
|
||||||
|
'(possibly because your QEMU binary lacks SMM '
|
||||||
|
'emulation). Note that without restricting '
|
||||||
|
'varstore pflash writes to guest code that '
|
||||||
|
'executes in SMM, a malicious guest kernel, '
|
||||||
|
'used for testing, could undermine Secure '
|
||||||
|
'Boot.'),
|
||||||
|
action='store_true')
|
||||||
|
parser.add_argument('--oem-string',
|
||||||
|
help=('Pass the argument to the guest as a string in '
|
||||||
|
'the SMBIOS Type 11 (OEM Strings) table. '
|
||||||
|
'Multiple occurrences of this option are '
|
||||||
|
'collected into a single SMBIOS Type 11 table. '
|
||||||
|
'A pure ASCII string argument is strongly '
|
||||||
|
'suggested.'),
|
||||||
|
action='append')
|
||||||
|
args = parser.parse_args()
|
||||||
|
args.kernel_url = args.kernel_url % {'version': args.fedora_version}
|
||||||
|
|
||||||
|
validate_args(args)
|
||||||
|
return args
|
||||||
|
|
||||||
|
|
||||||
|
def validate_args(args):
|
||||||
|
if (os.path.exists(args.output)
|
||||||
|
and not args.force
|
||||||
|
and not args.skip_enrollment):
|
||||||
|
raise Exception('%s already exists' % args.output)
|
||||||
|
|
||||||
|
if args.skip_enrollment and not os.path.exists(args.output):
|
||||||
|
raise Exception('%s does not yet exist' % args.output)
|
||||||
|
|
||||||
|
verbosity = (args.verbose or 1) - (args.quiet or 0)
|
||||||
|
if verbosity >= 2:
|
||||||
|
logging.basicConfig(level=logging.DEBUG)
|
||||||
|
elif verbosity == 1:
|
||||||
|
logging.basicConfig(level=logging.INFO)
|
||||||
|
elif verbosity < 0:
|
||||||
|
logging.basicConfig(level=logging.ERROR)
|
||||||
|
else:
|
||||||
|
logging.basicConfig(level=logging.WARN)
|
||||||
|
|
||||||
|
if args.skip_enrollment:
|
||||||
|
args.out_temp = args.output
|
||||||
|
else:
|
||||||
|
temped = tempfile.mkstemp(prefix='qosb.', suffix='.vars')
|
||||||
|
os.close(temped[0])
|
||||||
|
args.out_temp = temped[1]
|
||||||
|
logging.debug('Temp output: %s', args.out_temp)
|
||||||
|
|
||||||
|
|
||||||
|
def move_to_dest(args):
|
||||||
|
shutil.copy(args.out_temp, args.output)
|
||||||
|
os.remove(args.out_temp)
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
args = parse_args()
|
||||||
|
if not args.skip_enrollment:
|
||||||
|
enroll_keys(args)
|
||||||
|
if not args.skip_testing:
|
||||||
|
test_keys(args)
|
||||||
|
if not args.skip_enrollment:
|
||||||
|
move_to_dest(args)
|
||||||
|
if args.skip_testing:
|
||||||
|
logging.info('Created %s' % args.output)
|
||||||
|
else:
|
||||||
|
logging.info('Created and verified %s' % args.output)
|
||||||
|
else:
|
||||||
|
logging.info('Verified %s', args.output)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
2422
SOURCES/ovmf-whitepaper-c770f8c.txt
Normal file
2422
SOURCES/ovmf-whitepaper-c770f8c.txt
Normal file
File diff suppressed because it is too large
Load Diff
1177
SPECS/edk2.spec
Normal file
1177
SPECS/edk2.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user