diff --git a/0001-CryptoPkg-OpensslLib-Modify-process_files.pl-for-Ope.patch b/0001-CryptoPkg-OpensslLib-Modify-process_files.pl-for-Ope.patch deleted file mode 100644 index 9e46e174116fb3dac9ff026076a7bf46f7baec86..0000000000000000000000000000000000000000 --- a/0001-CryptoPkg-OpensslLib-Modify-process_files.pl-for-Ope.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 87c0bd44a43769905f3bb9bea4c8af307c58a79b Mon Sep 17 00:00:00 2001 -From: Xiang Zheng -Date: Fri, 17 Apr 2020 15:05:54 +0800 -Subject: [PATCH 1/2] CryptoPkg/OpensslLib: Modify process_files.pl for OpenSSL - 1.1.1f - -Before upgrading the version of OpenSSL to 1.1.1f, we need to update -process_files.pl so that we can auto-generate the correct files. - -This patch may confict with the opensource codes in the future, than -let it go with opensouce. - -Change-Id: Id17969bab444bad8cdd139258ef53d5eed91ff88 -Signed-off-by: Xiang Zheng ---- - .../Library/Include/{internal => crypto}/dso_conf.h | 0 - CryptoPkg/Library/OpensslLib/process_files.pl | 10 +++++----- - 2 files changed, 5 insertions(+), 5 deletions(-) - rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (100%) - -diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h -similarity index 100% -rename from CryptoPkg/Library/Include/internal/dso_conf.h -rename to CryptoPkg/Library/Include/crypto/dso_conf.h -diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl -index bbcfa0d0..a99ad866 100755 ---- a/CryptoPkg/Library/OpensslLib/process_files.pl -+++ b/CryptoPkg/Library/OpensslLib/process_files.pl -@@ -109,8 +109,8 @@ BEGIN { - # Generate dso_conf.h per config data - system( - "perl -I. -Mconfigdata util/dofile.pl " . -- "crypto/include/internal/dso_conf.h.in " . -- "> include/internal/dso_conf.h" -+ "include/crypto/dso_conf.h.in " . -+ "> include/crypto/dso_conf.h" - ) == 0 || - die "Failed to generate dso_conf.h!\n"; - -@@ -264,9 +264,9 @@ copy($OPENSSL_PATH . "/include/openssl/opensslconf.h", - $OPENSSL_PATH . "/../../Include/openssl/") || - die "Cannot copy opensslconf.h!"; - print "Done!"; --print "\n--> Duplicating dso_conf.h into Include/internal ... "; --copy($OPENSSL_PATH . "/include/internal/dso_conf.h", -- $OPENSSL_PATH . "/../../Include/internal/") || -+print "\n--> Duplicating dso_conf.h into Include/crypto ... "; -+copy($OPENSSL_PATH . "/include/crypto/dso_conf.h", -+ $OPENSSL_PATH . "/../../Include/crypto/") || - die "Cannot copy dso_conf.h!"; - print "Done!\n"; - --- -2.19.1 - diff --git a/0018-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch b/0001-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch similarity index 98% rename from 0018-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch rename to 0001-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch index 8b413819f5d573432fa43ffe1df47a4e891ce18c..1ef3740c54615cf7a256db382f43effc0519b162 100644 --- a/0018-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch +++ b/0001-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch @@ -29,216 +29,216 @@ index 355c6f129f..cbbc56ae5b 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -1,5 +1,6 @@ - /** @file -- This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration. -+ This file is for Challenge-Handshake Authentication Protocol (CHAP) -+ Configuration. - - Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
- SPDX-License-Identifier: BSD-2-Clause-Patent + /** @file +- This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration. ++ This file is for Challenge-Handshake Authentication Protocol (CHAP) ++ Configuration. + + Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent @@ -18,9 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - @param[in] ChallengeLength The length of iSCSI CHAP challenge message. - @param[out] ChapResponse The calculation of the expected hash value. - -- @retval EFI_SUCCESS The expected hash value was calculatedly successfully. -- @retval EFI_PROTOCOL_ERROR The length of the secret should be at least the -- length of the hash value for the hashing algorithm chosen. -+ @retval EFI_SUCCESS The expected hash value was calculatedly -+ successfully. -+ @retval EFI_PROTOCOL_ERROR The length of the secret should be at least -+ the length of the hash value for the hashing -+ algorithm chosen. - @retval EFI_PROTOCOL_ERROR MD5 hash operation fail. - @retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD5. - + @param[in] ChallengeLength The length of iSCSI CHAP challenge message. + @param[out] ChapResponse The calculation of the expected hash value. + +- @retval EFI_SUCCESS The expected hash value was calculatedly successfully. +- @retval EFI_PROTOCOL_ERROR The length of the secret should be at least the +- length of the hash value for the hashing algorithm chosen. ++ @retval EFI_SUCCESS The expected hash value was calculatedly ++ successfully. ++ @retval EFI_PROTOCOL_ERROR The length of the secret should be at least ++ the length of the hash value for the hashing ++ algorithm chosen. + @retval EFI_PROTOCOL_ERROR MD5 hash operation fail. + @retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD5. + @@ -94,8 +97,10 @@ Exit: - @param[in] AuthData iSCSI CHAP authentication data. - @param[in] TargetResponse The response from target. - -- @retval EFI_SUCCESS The response from target passed authentication. -- @retval EFI_SECURITY_VIOLATION The response from target was not expected value. -+ @retval EFI_SUCCESS The response from target passed -+ authentication. -+ @retval EFI_SECURITY_VIOLATION The response from target was not expected -+ value. - @retval Others Other errors as indicated. - - **/ + @param[in] AuthData iSCSI CHAP authentication data. + @param[in] TargetResponse The response from target. + +- @retval EFI_SUCCESS The response from target passed authentication. +- @retval EFI_SECURITY_VIOLATION The response from target was not expected value. ++ @retval EFI_SUCCESS The response from target passed ++ authentication. ++ @retval EFI_SECURITY_VIOLATION The response from target was not expected ++ value. + @retval Others Other errors as indicated. + + **/ @@ -193,7 +198,10 @@ IScsiCHAPOnRspReceived ( - // - // The first Login Response. - // -- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG); -+ Value = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_TARGET_PORTAL_GROUP_TAG -+ ); - if (Value == NULL) { - goto ON_EXIT; - } + // + // The first Login Response. + // +- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG); ++ Value = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_TARGET_PORTAL_GROUP_TAG ++ ); + if (Value == NULL) { + goto ON_EXIT; + } @@ -205,13 +213,17 @@ IScsiCHAPOnRspReceived ( - - Session->TargetPortalGroupTag = (UINT16) Result; - -- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD); -+ Value = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_AUTH_METHOD -+ ); - if (Value == NULL) { - goto ON_EXIT; - } - // -- // Initiator mandates CHAP authentication but target replies without "CHAP", or -- // initiator suggets "None" but target replies with some kind of auth method. -+ // Initiator mandates CHAP authentication but target replies without -+ // "CHAP", or initiator suggets "None" but target replies with some kind of -+ // auth method. - // - if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) { - if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) { + + Session->TargetPortalGroupTag = (UINT16) Result; + +- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD); ++ Value = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_AUTH_METHOD ++ ); + if (Value == NULL) { + goto ON_EXIT; + } + // +- // Initiator mandates CHAP authentication but target replies without "CHAP", or +- // initiator suggets "None" but target replies with some kind of auth method. ++ // Initiator mandates CHAP authentication but target replies without ++ // "CHAP", or initiator suggets "None" but target replies with some kind of ++ // auth method. + // + if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) { + if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) { @@ -236,7 +248,10 @@ IScsiCHAPOnRspReceived ( - // - // The Target replies with CHAP_A= CHAP_I= CHAP_C= - // -- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM); -+ Value = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_ALGORITHM -+ ); - if (Value == NULL) { - goto ON_EXIT; - } + // + // The Target replies with CHAP_A= CHAP_I= CHAP_C= + // +- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM); ++ Value = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_ALGORITHM ++ ); + if (Value == NULL) { + goto ON_EXIT; + } @@ -249,12 +264,18 @@ IScsiCHAPOnRspReceived ( - goto ON_EXIT; - } - -- Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER); -+ Identifier = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_IDENTIFIER -+ ); - if (Identifier == NULL) { - goto ON_EXIT; - } - -- Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE); -+ Challenge = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_CHALLENGE -+ ); - if (Challenge == NULL) { - goto ON_EXIT; - } + goto ON_EXIT; + } + +- Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER); ++ Identifier = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_IDENTIFIER ++ ); + if (Identifier == NULL) { + goto ON_EXIT; + } + +- Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE); ++ Challenge = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_CHALLENGE ++ ); + if (Challenge == NULL) { + goto ON_EXIT; + } @@ -269,7 +290,11 @@ IScsiCHAPOnRspReceived ( - - AuthData->InIdentifier = (UINT32) Result; - AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; -- IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge); -+ IScsiHexToBin ( -+ (UINT8 *) AuthData->InChallenge, -+ &AuthData->InChallengeLength, -+ Challenge -+ ); - Status = IScsiCHAPCalculateResponse ( - AuthData->InIdentifier, - AuthData->AuthConfig->CHAPSecret, + + AuthData->InIdentifier = (UINT32) Result; + AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; +- IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge); ++ IScsiHexToBin ( ++ (UINT8 *) AuthData->InChallenge, ++ &AuthData->InChallengeLength, ++ Challenge ++ ); + Status = IScsiCHAPCalculateResponse ( + AuthData->InIdentifier, + AuthData->AuthConfig->CHAPSecret, @@ -303,7 +328,10 @@ IScsiCHAPOnRspReceived ( - goto ON_EXIT; - } - -- Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE); -+ Response = IScsiGetValueByKeyFromList ( -+ KeyValueList, -+ ISCSI_KEY_CHAP_RESPONSE -+ ); - if (Response == NULL) { - goto ON_EXIT; - } + goto ON_EXIT; + } + +- Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE); ++ Response = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_RESPONSE ++ ); + if (Response == NULL) { + goto ON_EXIT; + } @@ -341,7 +369,8 @@ ON_EXIT: - @param[in, out] Pdu The PDU to send out. - - @retval EFI_SUCCESS All check passed and the phase-related CHAP -- authentication info is filled into the iSCSI PDU. -+ authentication info is filled into the iSCSI -+ PDU. - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. - @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. - + @param[in, out] Pdu The PDU to send out. + + @retval EFI_SUCCESS All check passed and the phase-related CHAP +- authentication info is filled into the iSCSI PDU. ++ authentication info is filled into the iSCSI ++ PDU. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. + @@ -392,7 +421,11 @@ IScsiCHAPToSendReq ( - // It's the initial Login Request. Fill in the key=value pairs mandatory - // for the initial Login Request. - // -- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName); -+ IScsiAddKeyValuePair ( -+ Pdu, -+ ISCSI_KEY_INITIATOR_NAME, -+ mPrivate->InitiatorName -+ ); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal"); - IScsiAddKeyValuePair ( - Pdu, + // It's the initial Login Request. Fill in the key=value pairs mandatory + // for the initial Login Request. + // +- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName); ++ IScsiAddKeyValuePair ( ++ Pdu, ++ ISCSI_KEY_INITIATOR_NAME, ++ mPrivate->InitiatorName ++ ); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal"); + IScsiAddKeyValuePair ( + Pdu, @@ -413,7 +446,8 @@ IScsiCHAPToSendReq ( - - case ISCSI_CHAP_STEP_ONE: - // -- // First step, send the Login Request with CHAP_A= key-value pair. -+ // First step, send the Login Request with CHAP_A= key-value -+ // pair. - // - AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr); + + case ISCSI_CHAP_STEP_ONE: + // +- // First step, send the Login Request with CHAP_A= key-value pair. ++ // First step, send the Login Request with CHAP_A= key-value ++ // pair. + // + AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr); @@ -429,11 +463,20 @@ IScsiCHAPToSendReq ( - // - // CHAP_N= - // -- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName); -+ IScsiAddKeyValuePair ( -+ Pdu, -+ ISCSI_KEY_CHAP_NAME, -+ (CHAR8 *) &AuthData->AuthConfig->CHAPName -+ ); - // - // CHAP_R= - // -- IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen); -+ IScsiBinToHex ( -+ (UINT8 *) AuthData->CHAPResponse, -+ ISCSI_CHAP_RSP_LEN, -+ Response, -+ &RspLen -+ ); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); - - if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { + // + // CHAP_N= + // +- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName); ++ IScsiAddKeyValuePair ( ++ Pdu, ++ ISCSI_KEY_CHAP_NAME, ++ (CHAR8 *) &AuthData->AuthConfig->CHAPName ++ ); + // + // CHAP_R= + // +- IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen); ++ IScsiBinToHex ( ++ (UINT8 *) AuthData->CHAPResponse, ++ ISCSI_CHAP_RSP_LEN, ++ Response, ++ &RspLen ++ ); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); + + if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { @@ -448,7 +491,12 @@ IScsiCHAPToSendReq ( - // - IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); - AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; -- IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen); -+ IScsiBinToHex ( -+ (UINT8 *) AuthData->OutChallenge, -+ ISCSI_CHAP_RSP_LEN, -+ Challenge, -+ &ChallengeLen -+ ); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); - - Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; + // + IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); + AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; +- IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen); ++ IScsiBinToHex ( ++ (UINT8 *) AuthData->OutChallenge, ++ ISCSI_CHAP_RSP_LEN, ++ Challenge, ++ &ChallengeLen ++ ); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); + + Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h index 140bba0dcd..5e59fb678b 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -88,7 +88,8 @@ IScsiCHAPOnRspReceived ( - @param[in, out] Pdu The PDU to send out. - - @retval EFI_SUCCESS All check passed and the phase-related CHAP -- authentication info is filled into the iSCSI PDU. -+ authentication info is filled into the iSCSI -+ PDU. - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. - @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. - + @param[in, out] Pdu The PDU to send out. + + @retval EFI_SUCCESS All check passed and the phase-related CHAP +- authentication info is filled into the iSCSI PDU. ++ authentication info is filled into the iSCSI ++ PDU. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. + -- 2.27.0 diff --git a/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1f.patch b/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1f.patch deleted file mode 100644 index b022c171028de0cc3a112ac28e32355226b3e54c..0000000000000000000000000000000000000000 --- a/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1f.patch +++ /dev/null @@ -1,337 +0,0 @@ -From 55d39c51a03048f4bb1218fc70a9ed445e2b75f6 Mon Sep 17 00:00:00 2001 -From: Xiang Zheng -Date: Mon, 20 Apr 2020 17:40:25 +0800 -Subject: [PATCH 2/2] CryptoPkg: Upgrade OpenSSL to 1.1.1f - -Upgrade OpenSLL to 1.1.1f - -Signed-off-by: Xiang Zheng ---- - CryptoPkg/CryptoPkg.dec | 1 - - .../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +- - .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +- - CryptoPkg/Library/Include/crypto/dso_conf.h | 6 +- - .../Library/Include/openssl/opensslconf.h | 3 - - CryptoPkg/Library/OpensslLib/OpensslLib.inf | 88 +++++++++---------- - .../Library/OpensslLib/OpensslLibCrypto.inf | 78 ++++++++-------- - CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +- - 8 files changed, 90 insertions(+), 94 deletions(-) - -diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec -index 4d1a1368..5888941b 100644 ---- a/CryptoPkg/CryptoPkg.dec -+++ b/CryptoPkg/CryptoPkg.dec -@@ -23,7 +23,6 @@ - Private - Library/Include - Library/OpensslLib/openssl/include -- Library/OpensslLib/openssl/crypto/include - - [LibraryClasses] - ## @libraryclass Provides basic library functions for cryptographic primitives. -diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -index eacf4826..235331c2 100644 ---- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - **/ - - #include "InternalCryptLib.h" --#include "internal/sm3.h" -+#include "crypto/sm3.h" - - /** - Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. -diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -index 229c244b..c9fdb65b 100644 ---- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -@@ -15,13 +15,13 @@ - #include - #include - #include --#include -+#include - #include - #include - #include - #include - #include --#include -+#include - - /** - This function will return the leaf signer certificate in a chain. This is -diff --git a/CryptoPkg/Library/Include/crypto/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h -index 43c89158..abbbf62c 100644 ---- a/CryptoPkg/Library/Include/crypto/dso_conf.h -+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h -@@ -1,5 +1,5 @@ - /* WARNING: do not edit! */ --/* Generated from crypto/include/internal/dso_conf.h.in */ -+/* Generated from include/crypto/dso_conf.h.in */ - /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. - * -@@ -9,8 +9,8 @@ - * https://www.openssl.org/source/license.html - */ - --#ifndef HEADER_DSO_CONF_H --# define HEADER_DSO_CONF_H -+#ifndef OSSL_CRYPTO_DSO_CONF_H -+# define OSSL_CRYPTO_DSO_CONF_H - # define DSO_NONE - # define DSO_EXTENSION ".so" - #endif -diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h -index 2b4d538e..a27aa658 100644 ---- a/CryptoPkg/Library/Include/openssl/opensslconf.h -+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h -@@ -241,9 +241,6 @@ extern "C" { - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - # define OPENSSL_NO_DYNAMIC_ENGINE - #endif --#ifndef OPENSSL_NO_AFALGENG --# define OPENSSL_NO_AFALGENG --#endif - - - /* -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -index 3fa52f55..a010e6bc 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -@@ -494,57 +494,57 @@ - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c - $(OPENSSL_PATH)/crypto/x509v3/v3err.c -- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h -- $(OPENSSL_PATH)/crypto/dh/dh_locl.h -- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h -- $(OPENSSL_PATH)/crypto/conf/conf_def.h -- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h -- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h -- $(OPENSSL_PATH)/crypto/sha/sha_locl.h -- $(OPENSSL_PATH)/crypto/md5/md5_locl.h -- $(OPENSSL_PATH)/crypto/store/store_locl.h -- $(OPENSSL_PATH)/crypto/dso/dso_locl.h -- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h -+ $(OPENSSL_PATH)/crypto/dso/dso_local.h -+ $(OPENSSL_PATH)/crypto/dh/dh_local.h -+ $(OPENSSL_PATH)/crypto/rc4/rc4_local.h -+ $(OPENSSL_PATH)/crypto/ui/ui_local.h -+ $(OPENSSL_PATH)/crypto/async/async_local.h -+ $(OPENSSL_PATH)/crypto/modes/modes_local.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h -+ $(OPENSSL_PATH)/crypto/asn1/charmap.h -+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h -+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -+ $(OPENSSL_PATH)/crypto/md4/md4_local.h -+ $(OPENSSL_PATH)/crypto/rand/rand_local.h -+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h -+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h -+ $(OPENSSL_PATH)/crypto/evp/evp_local.h -+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h -+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -+ $(OPENSSL_PATH)/crypto/des/des_local.h -+ $(OPENSSL_PATH)/crypto/des/spr.h - $(OPENSSL_PATH)/crypto/arm_arch.h - $(OPENSSL_PATH)/crypto/mips_arch.h - $(OPENSSL_PATH)/crypto/ppc_arch.h - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h -- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h -- $(OPENSSL_PATH)/crypto/bn/bn_prime.h -- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -- $(OPENSSL_PATH)/crypto/ui/ui_locl.h -- $(OPENSSL_PATH)/crypto/md4/md4_locl.h -- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h -- $(OPENSSL_PATH)/crypto/asn1/charmap.h -- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h -- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -- $(OPENSSL_PATH)/crypto/evp/evp_locl.h -- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h -- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h -- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h -- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h -- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h -- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h -+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h -+ $(OPENSSL_PATH)/crypto/md5/md5_local.h -+ $(OPENSSL_PATH)/crypto/aes/aes_local.h -+ $(OPENSSL_PATH)/crypto/store/store_local.h -+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h -+ $(OPENSSL_PATH)/crypto/objects/obj_local.h -+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h -+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h -- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h -- $(OPENSSL_PATH)/crypto/des/des_locl.h -- $(OPENSSL_PATH)/crypto/des/spr.h -- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h -- $(OPENSSL_PATH)/crypto/aes/aes_locl.h -- $(OPENSSL_PATH)/crypto/async/async_locl.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h -- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h -+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h -- $(OPENSSL_PATH)/crypto/objects/obj_dat.h -- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h -- $(OPENSSL_PATH)/crypto/objects/obj_xref.h -+ $(OPENSSL_PATH)/crypto/conf/conf_def.h -+ $(OPENSSL_PATH)/crypto/conf/conf_local.h -+ $(OPENSSL_PATH)/crypto/comp/comp_local.h -+ $(OPENSSL_PATH)/crypto/sha/sha_local.h -+ $(OPENSSL_PATH)/crypto/x509/x509_local.h -+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h -+ $(OPENSSL_PATH)/crypto/bio/bio_local.h -+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h - $(OPENSSL_PATH)/ssl/bio_ssl.c - $(OPENSSL_PATH)/ssl/d1_lib.c - $(OPENSSL_PATH)/ssl/d1_msg.c -@@ -589,13 +589,13 @@ - $(OPENSSL_PATH)/ssl/t1_trce.c - $(OPENSSL_PATH)/ssl/tls13_enc.c - $(OPENSSL_PATH)/ssl/tls_srp.c -- $(OPENSSL_PATH)/ssl/statem/statem.h -- $(OPENSSL_PATH)/ssl/statem/statem_locl.h -- $(OPENSSL_PATH)/ssl/packet_locl.h -+ $(OPENSSL_PATH)/ssl/packet_local.h - $(OPENSSL_PATH)/ssl/ssl_cert_table.h -- $(OPENSSL_PATH)/ssl/ssl_locl.h -+ $(OPENSSL_PATH)/ssl/ssl_local.h -+ $(OPENSSL_PATH)/ssl/statem/statem.h -+ $(OPENSSL_PATH)/ssl/statem/statem_local.h - $(OPENSSL_PATH)/ssl/record/record.h -- $(OPENSSL_PATH)/ssl/record/record_locl.h -+ $(OPENSSL_PATH)/ssl/record/record_local.h - # Autogenerated files list ends here - buildinf.h - rand_pool_noise.h -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -index f1f9fbb9..de8a9ef2 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -@@ -494,57 +494,57 @@ - $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c - $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c - $(OPENSSL_PATH)/crypto/x509v3/v3err.c -- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h -- $(OPENSSL_PATH)/crypto/dh/dh_locl.h -- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h -- $(OPENSSL_PATH)/crypto/conf/conf_def.h -- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h -- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h -- $(OPENSSL_PATH)/crypto/sha/sha_locl.h -- $(OPENSSL_PATH)/crypto/md5/md5_locl.h -- $(OPENSSL_PATH)/crypto/store/store_locl.h -- $(OPENSSL_PATH)/crypto/dso/dso_locl.h -- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h -+ $(OPENSSL_PATH)/crypto/dso/dso_local.h -+ $(OPENSSL_PATH)/crypto/dh/dh_local.h -+ $(OPENSSL_PATH)/crypto/rc4/rc4_local.h -+ $(OPENSSL_PATH)/crypto/ui/ui_local.h -+ $(OPENSSL_PATH)/crypto/async/async_local.h -+ $(OPENSSL_PATH)/crypto/modes/modes_local.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h -+ $(OPENSSL_PATH)/crypto/asn1/charmap.h -+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h -+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -+ $(OPENSSL_PATH)/crypto/md4/md4_local.h -+ $(OPENSSL_PATH)/crypto/rand/rand_local.h -+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h -+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h -+ $(OPENSSL_PATH)/crypto/evp/evp_local.h -+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h -+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -+ $(OPENSSL_PATH)/crypto/des/des_local.h -+ $(OPENSSL_PATH)/crypto/des/spr.h - $(OPENSSL_PATH)/crypto/arm_arch.h - $(OPENSSL_PATH)/crypto/mips_arch.h - $(OPENSSL_PATH)/crypto/ppc_arch.h - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h -- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h -- $(OPENSSL_PATH)/crypto/bn/bn_prime.h -- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -- $(OPENSSL_PATH)/crypto/ui/ui_locl.h -- $(OPENSSL_PATH)/crypto/md4/md4_locl.h -- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h -- $(OPENSSL_PATH)/crypto/asn1/charmap.h -- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h -- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -- $(OPENSSL_PATH)/crypto/evp/evp_locl.h -- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h -- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h -- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h -- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h -- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h -- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h -+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h -+ $(OPENSSL_PATH)/crypto/md5/md5_local.h -+ $(OPENSSL_PATH)/crypto/aes/aes_local.h -+ $(OPENSSL_PATH)/crypto/store/store_local.h -+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h -+ $(OPENSSL_PATH)/crypto/objects/obj_local.h -+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h -+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h -- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h -- $(OPENSSL_PATH)/crypto/des/des_locl.h -- $(OPENSSL_PATH)/crypto/des/spr.h -- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h -- $(OPENSSL_PATH)/crypto/aes/aes_locl.h -- $(OPENSSL_PATH)/crypto/async/async_locl.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h -- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h -+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h -- $(OPENSSL_PATH)/crypto/objects/obj_dat.h -- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h -- $(OPENSSL_PATH)/crypto/objects/obj_xref.h -+ $(OPENSSL_PATH)/crypto/conf/conf_def.h -+ $(OPENSSL_PATH)/crypto/conf/conf_local.h -+ $(OPENSSL_PATH)/crypto/comp/comp_local.h -+ $(OPENSSL_PATH)/crypto/sha/sha_local.h -+ $(OPENSSL_PATH)/crypto/x509/x509_local.h -+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h -+ $(OPENSSL_PATH)/crypto/bio/bio_local.h -+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h - # Autogenerated files list ends here - buildinf.h - rand_pool_noise.h -diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c -index 9f3983f7..9e0179b0 100644 ---- a/CryptoPkg/Library/OpensslLib/rand_pool.c -+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c -@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - **/ - --#include "internal/rand_int.h" -+#include "crypto/rand.h" - #include - - #include --- -2.19.1 - diff --git a/0019-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch b/0002-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch similarity index 99% rename from 0019-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch rename to 0002-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch index 7ddeeaac4a96d266a6067e24b698e7f0cf5bf9c9..dec87eaf2ab1388b58fc32033931bf1169718e68 100644 --- a/0019-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch +++ b/0002-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch @@ -38,27 +38,27 @@ index cbbc56ae5b..df3c2eb120 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -289,7 +289,7 @@ IScsiCHAPOnRspReceived ( - } - - AuthData->InIdentifier = (UINT32) Result; -- AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; -+ AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); - IScsiHexToBin ( - (UINT8 *) AuthData->InChallenge, - &AuthData->InChallengeLength, + } + + AuthData->InIdentifier = (UINT32) Result; +- AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; ++ AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); + IScsiHexToBin ( + (UINT8 *) AuthData->InChallenge, + &AuthData->InChallengeLength, diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h index 5e59fb678b..1fc1d96ea3 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -49,7 +49,7 @@ typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { - typedef struct _ISCSI_CHAP_AUTH_DATA { - ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; - UINT32 InIdentifier; -- UINT8 InChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; -+ UINT8 InChallenge[1024]; - UINT32 InChallengeLength; - // - // Calculated CHAP Response (CHAP_R) value. + typedef struct _ISCSI_CHAP_AUTH_DATA { + ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; + UINT32 InIdentifier; +- UINT8 InChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; ++ UINT8 InChallenge[1024]; + UINT32 InChallengeLength; + // + // Calculated CHAP Response (CHAP_R) value. -- 2.27.0 diff --git a/0020-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch b/0003-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch similarity index 99% rename from 0020-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch rename to 0003-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch index 82ee449ee976ff653be1e563c96e5ed6c6c0cd0d..baba8ddd50c712123558d995572c89cdfc77e39d 100644 --- a/0020-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch +++ b/0003-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch @@ -46,50 +46,50 @@ index df3c2eb120..9e192ce292 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -122,7 +122,7 @@ IScsiCHAPAuthTarget ( - AuthData->AuthConfig->ReverseCHAPSecret, - SecretSize, - AuthData->OutChallenge, -- AuthData->OutChallengeLength, -+ ISCSI_CHAP_RSP_LEN, // ChallengeLength - VerifyRsp - ); - + AuthData->AuthConfig->ReverseCHAPSecret, + SecretSize, + AuthData->OutChallenge, +- AuthData->OutChallengeLength, ++ ISCSI_CHAP_RSP_LEN, // ChallengeLength + VerifyRsp + ); + @@ -490,7 +490,6 @@ IScsiCHAPToSendReq ( - // CHAP_C= - // - IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); -- AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; - IScsiBinToHex ( - (UINT8 *) AuthData->OutChallenge, - ISCSI_CHAP_RSP_LEN, + // CHAP_C= + // + IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); +- AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; + IScsiBinToHex ( + (UINT8 *) AuthData->OutChallenge, + ISCSI_CHAP_RSP_LEN, diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h index 1fc1d96ea3..35d5d6ec29 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.h +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h @@ -19,7 +19,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - #define ISCSI_CHAP_ALGORITHM_MD5 5 - --#define ISCSI_CHAP_AUTH_MAX_LEN 1024 - /// - /// MD5_HASHSIZE - /// + + #define ISCSI_CHAP_ALGORITHM_MD5 5 + +-#define ISCSI_CHAP_AUTH_MAX_LEN 1024 + /// + /// MD5_HASHSIZE + /// @@ -59,9 +58,13 @@ typedef struct _ISCSI_CHAP_AUTH_DATA { - // - // Auth-data to be sent out for mutual authentication. - // -+ // While the challenge size is technically independent of the hashing -+ // algorithm, it is good practice to avoid hashing *fewer bytes* than the -+ // digest size. In other words, it's good practice to feed *at least as many -+ // bytes* to the hashing algorithm as the hashing algorithm will output. -+ // - UINT32 OutIdentifier; -- UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; -- UINT32 OutChallengeLength; -+ UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN]; - } ISCSI_CHAP_AUTH_DATA; - - /** + // + // Auth-data to be sent out for mutual authentication. + // ++ // While the challenge size is technically independent of the hashing ++ // algorithm, it is good practice to avoid hashing *fewer bytes* than the ++ // digest size. In other words, it's good practice to feed *at least as many ++ // bytes* to the hashing algorithm as the hashing algorithm will output. ++ // + UINT32 OutIdentifier; +- UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; +- UINT32 OutChallengeLength; ++ UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN]; + } ISCSI_CHAP_AUTH_DATA; + + /** -- 2.27.0 diff --git a/0003-OvmfPkg-Tcg2ConfigPei-introduce-a-signalling-PPI-to-.patch b/0003-OvmfPkg-Tcg2ConfigPei-introduce-a-signalling-PPI-to-.patch deleted file mode 100644 index 670aaa0306d199a44cf227ac64b45f38e43ac44a..0000000000000000000000000000000000000000 --- a/0003-OvmfPkg-Tcg2ConfigPei-introduce-a-signalling-PPI-to-.patch +++ /dev/null @@ -1,61 +0,0 @@ -From bf5008f94fd887f7f9c1daf1a09f47c0733d38ed Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:06 +0100 -Subject: [PATCH 03/13] OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to - depex on - -On ARM systems, the TPM does not live at a fixed address, and so we -need the platform to discover it first. So introduce a PPI that signals -that the TPM address has been discovered and recorded in the appropriate -PCD, and make Tcg2ConfigPei depex on it when built for ARM or AARCH64. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - OvmfPkg/OvmfPkg.dec | 5 +++++ - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 6 +++++- - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec -index 4c5b651..7c27f01 100644 ---- a/OvmfPkg/OvmfPkg.dec -+++ b/OvmfPkg/OvmfPkg.dec -@@ -87,6 +87,11 @@ - gEfiLegacyBiosGuid = {0x2E3044AC, 0x879F, 0x490F, {0x97, 0x60, 0xBB, 0xDF, 0xAF, 0x69, 0x5F, 0x50}} - gEfiLegacyDevOrderVariableGuid = {0xa56074db, 0x65fe, 0x45f7, {0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}} - -+[Ppis] -+ # PPI whose presence in the PPI database signals that the TPM base address -+ # has been discovered and recorded -+ gOvmfTpmDiscoveredPpiGuid = {0xb9a61ad0, 0x2802, 0x41f3, {0xb5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}} -+ - [Protocols] - gVirtioDeviceProtocolGuid = {0xfa920010, 0x6785, 0x4941, {0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}} - gXenBusProtocolGuid = {0x3d3ca290, 0xb9a5, 0x11e3, {0xb7, 0x5d, 0xb8, 0xac, 0x6f, 0x7d, 0x65, 0xe6}} -diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -index e34cd62..6673ce0 100644 ---- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -@@ -25,6 +25,7 @@ - [Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec -+ OvmfPkg/OvmfPkg.dec - SecurityPkg/SecurityPkg.dec - - [LibraryClasses] -@@ -43,5 +44,8 @@ - [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES - --[Depex] -+[Depex.IA32, Depex.X64] - TRUE -+ -+[Depex.ARM, Depex.AARCH64] -+ gOvmfTpmDiscoveredPpiGuid --- -2.18.2 - diff --git a/0004-ArmVirtPkg-PlatformPeiLib-make-PcdLib-dependency-exp.patch b/0004-ArmVirtPkg-PlatformPeiLib-make-PcdLib-dependency-exp.patch deleted file mode 100644 index 33ef20c8eb52ff3bebc94cb6f56f2bf8f0f6d500..0000000000000000000000000000000000000000 --- a/0004-ArmVirtPkg-PlatformPeiLib-make-PcdLib-dependency-exp.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 4b9b1a6908eae0440b0d230d3ac39c6ff2a3f15f Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:07 +0100 -Subject: [PATCH 04/13] ArmVirtPkg/PlatformPeiLib: make PcdLib dependency - explicit in .INF - -We currently include PcdLib.h in PlatformPeiLib, without declaring -this dependency in its .INF description. Since all the PCDs we use -resolve to fixed type in practice, this does not really matter at -the moment, but since we will be adding dynamic PCD references in -a subsequent patch, let's make the PcdLib dependency explicit, so -that its dispatch is guaranteed to be ordered correctly with respect -to the provider of the dynamic PCD PPI. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf -index 46db117..1ef04d1 100644 ---- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf -+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf -@@ -29,6 +29,7 @@ - DebugLib - HobLib - FdtLib -+ PcdLib - - [FixedPcd] - gArmTokenSpaceGuid.PcdFvSize --- -2.18.2 - diff --git a/0021-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch b/0004-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch similarity index 98% rename from 0021-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch rename to 0004-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch index 2be51c1cf4b3879c4b51f23fc9467ea193f79402..e12a0c36b90574a0963742a03c211ba887d7c7c2 100644 --- a/0021-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch +++ b/0004-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch @@ -31,64 +31,64 @@ index 0ffb340ce0..543c408302 100644 --- a/NetworkPkg/IScsiDxe/IScsiDxe.inf +++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf @@ -65,6 +65,7 @@ - NetworkPkg/NetworkPkg.dec - - [LibraryClasses] -+ BaseCryptLib - BaseLib - BaseMemoryLib - DebugLib + NetworkPkg/NetworkPkg.dec + + [LibraryClasses] ++ BaseCryptLib + BaseLib + BaseMemoryLib + DebugLib @@ -72,14 +73,13 @@ - HiiLib - MemoryAllocationLib - NetLib -- TcpIoLib - PrintLib -+ TcpIoLib - UefiBootServicesTableLib - UefiDriverEntryPoint -+ UefiHiiServicesLib - UefiLib - UefiRuntimeServicesTableLib -- UefiHiiServicesLib -- BaseCryptLib - - [Protocols] - gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES ## SystemTable + HiiLib + MemoryAllocationLib + NetLib +- TcpIoLib + PrintLib ++ TcpIoLib + UefiBootServicesTableLib + UefiDriverEntryPoint ++ UefiHiiServicesLib + UefiLib + UefiRuntimeServicesTableLib +- UefiHiiServicesLib +- BaseCryptLib + + [Protocols] + gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES ## SystemTable diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h index 387ab9765e..d895c7feb9 100644 --- a/NetworkPkg/IScsiDxe/IScsiImpl.h +++ b/NetworkPkg/IScsiDxe/IScsiImpl.h @@ -35,21 +35,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - #include - #include - --#include --#include --#include --#include -+#include - #include - #include -+#include -+#include -+#include - #include -+#include - #include -+#include - #include --#include -+#include - #include --#include --#include --#include --#include -+#include - - #include - #include + #include + #include + +-#include +-#include +-#include +-#include ++#include + #include + #include ++#include ++#include ++#include + #include ++#include + #include ++#include + #include +-#include ++#include + #include +-#include +-#include +-#include +-#include ++#include + + #include + #include -- 2.27.0 diff --git a/0005-ArmVirtPkg-PlatformPeiLib-discover-the-TPM-base-addr.patch b/0005-ArmVirtPkg-PlatformPeiLib-discover-the-TPM-base-addr.patch deleted file mode 100644 index c80e7dbe59789ec36136eb58d62e5131e155af27..0000000000000000000000000000000000000000 --- a/0005-ArmVirtPkg-PlatformPeiLib-discover-the-TPM-base-addr.patch +++ /dev/null @@ -1,318 +0,0 @@ -From f1bb8ca123be4d0194a9f65b93a9c65c85861b50 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:08 +0100 -Subject: [PATCH 05/13] ArmVirtPkg/PlatformPeiLib: discover the TPM base - address from the DT - -Introduce a boolean PCD that tells us whether TPM support is enabled -in the build, and if it is, record the TPM base address in the existing -routine that traverses the device tree in the platform PEIM. - -If a TPM is found, install the gOvmfTpmDiscoveredPpiGuid signalling PPI -that will unlock the dispatch of OvmfPkg's Tcg2ConfigPei. If TPM2 -support is enabled in the build but no TPM2 device is found, install the -gPeiTpmInitializationDonePpiGuid PPI, which is normally installed by -Tcg2ConfigPei if no TPM2 is found, but in our case Tcg2ConfigPei will -never run so let's do it here instead. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Acked-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirtPkg.dec | 6 ++ - ArmVirtPkg/ArmVirtQemu.dsc | 5 + - ArmVirtPkg/ArmVirtQemuKernel.dsc | 6 ++ - ArmVirtPkg/ArmVirtXen.dsc | 6 ++ - .../Library/PlatformPeiLib/PlatformPeiLib.c | 101 ++++++++++++++++-- - .../Library/PlatformPeiLib/PlatformPeiLib.inf | 19 +++- - 6 files changed, 129 insertions(+), 14 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec -index a019cc2..0619efc 100644 ---- a/ArmVirtPkg/ArmVirtPkg.dec -+++ b/ArmVirtPkg/ArmVirtPkg.dec -@@ -36,6 +36,12 @@ - [Protocols] - gFdtClientProtocolGuid = { 0xE11FACA0, 0x4710, 0x4C8E, { 0xA7, 0xA2, 0x01, 0xBA, 0xA2, 0x59, 0x1B, 0x4C } } - -+[PcdsFeatureFlag] -+ # -+ # Feature Flag PCD that defines whether TPM2 support is enabled -+ # -+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004 -+ - [PcdsFixedAtBuild, PcdsPatchableInModule] - # - # This is the physical address where the device tree is expected to be stored -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 7ae6702..984df5c 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -237,6 +237,11 @@ - gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 - gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - -+ # -+ # TPM2 support -+ # -+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 -+ - [PcdsDynamicHii] - gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS - -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 3b0f049..8243876 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -172,6 +172,12 @@ - gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|3 - - [PcdsPatchableInModule.common] -+ # we need to provide a resolution for this PCD that supports PcdSet64() -+ # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c, -+ # even though that call will be compiled out on this platform as it does -+ # not (and cannot) support the TPM2 driver stack -+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 -+ - # - # This will be overridden in the code - # -diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc -index 1b42a9a..8a6ace2 100644 ---- a/ArmVirtPkg/ArmVirtXen.dsc -+++ b/ArmVirtPkg/ArmVirtXen.dsc -@@ -95,6 +95,12 @@ - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|TRUE - - [PcdsPatchableInModule.common] -+ # we need to provide a resolution for this PCD that supports PcdSet64() -+ # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c, -+ # even though that call will be compiled out on this platform as it does -+ # not (and cannot) support the TPM2 driver stack -+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 -+ - # - # This will be overridden in the code - # -diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c -index 0a14695..eabd800 100644 ---- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c -+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c -@@ -1,7 +1,7 @@ - /** @file - * - * Copyright (c) 2011-2014, ARM Limited. All rights reserved. --* Copyright (c) 2014, Linaro Limited. All rights reserved. -+* Copyright (c) 2014-2020, Linaro Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-2-Clause-Patent - * -@@ -13,11 +13,24 @@ - #include - #include - #include -+#include - #include - - #include - #include - -+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi = { -+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, -+ &gOvmfTpmDiscoveredPpiGuid, -+ NULL -+}; -+ -+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2InitializationDonePpi = { -+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, -+ &gPeiTpmInitializationDonePpiGuid, -+ NULL -+}; -+ - EFI_STATUS - EFIAPI - PlatformPeim ( -@@ -31,14 +44,18 @@ PlatformPeim ( - UINT64 *FdtHobData; - UINT64 *UartHobData; - INT32 Node, Prev; -+ INT32 Parent, Depth; - CONST CHAR8 *Compatible; - CONST CHAR8 *CompItem; - CONST CHAR8 *NodeStatus; - INT32 Len; -+ INT32 RangesLen; - INT32 StatusLen; - CONST UINT64 *RegProp; -+ CONST UINT32 *RangesProp; - UINT64 UartBase; -- -+ UINT64 TpmBase; -+ EFI_STATUS Status; - - Base = (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress); - ASSERT (Base != NULL); -@@ -58,18 +75,18 @@ PlatformPeim ( - ASSERT (UartHobData != NULL); - *UartHobData = 0; - -- // -- // Look for a UART node -- // -- for (Prev = 0;; Prev = Node) { -- Node = fdt_next_node (Base, Prev, NULL); -+ TpmBase = 0; -+ -+ for (Prev = Depth = 0;; Prev = Node) { -+ Node = fdt_next_node (Base, Prev, &Depth); - if (Node < 0) { - break; - } - -- // -- // Check for UART node -- // -+ if (Depth == 1) { -+ Parent = Node; -+ } -+ - Compatible = fdt_getprop (Base, Node, "compatible", &Len); - - // -@@ -93,10 +110,74 @@ PlatformPeim ( - - *UartHobData = UartBase; - break; -+ } else if (FeaturePcdGet (PcdTpm2SupportEnabled) && -+ AsciiStrCmp (CompItem, "tcg,tpm-tis-mmio") == 0) { -+ -+ RegProp = fdt_getprop (Base, Node, "reg", &Len); -+ ASSERT (Len == 8 || Len == 16); -+ if (Len == 8) { -+ TpmBase = fdt32_to_cpu (RegProp[0]); -+ } else if (Len == 16) { -+ TpmBase = fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RegProp)); -+ } -+ -+ if (Depth > 1) { -+ // -+ // QEMU/mach-virt may put the TPM on the platform bus, in which case -+ // we have to take its 'ranges' property into account to translate the -+ // MMIO address. This consists of a -+ // tuple, where the child base and the size use the same number of -+ // cells as the 'reg' property above, and the parent base uses 2 cells -+ // -+ RangesProp = fdt_getprop (Base, Parent, "ranges", &RangesLen); -+ ASSERT (RangesProp != NULL); -+ -+ // -+ // a plain 'ranges' attribute without a value implies a 1:1 mapping -+ // -+ if (RangesLen != 0) { -+ // -+ // assume a single translated range with 2 cells for the parent base -+ // -+ if (RangesLen != Len + 2 * sizeof (UINT32)) { -+ DEBUG ((DEBUG_WARN, -+ "%a: 'ranges' property has unexpected size %d\n", -+ __FUNCTION__, RangesLen)); -+ break; -+ } -+ -+ if (Len == 8) { -+ TpmBase -= fdt32_to_cpu (RangesProp[0]); -+ } else { -+ TpmBase -= fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp)); -+ } -+ -+ // -+ // advance RangesProp to the parent bus address -+ // -+ RangesProp = (UINT32 *)((UINT8 *)RangesProp + Len / 2); -+ TpmBase += fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp)); -+ } -+ } -+ break; - } - } - } - -+ if (FeaturePcdGet (PcdTpm2SupportEnabled)) { -+ if (TpmBase != 0) { -+ DEBUG ((DEBUG_INFO, "%a: TPM @ 0x%lx\n", __FUNCTION__, TpmBase)); -+ -+ Status = (EFI_STATUS)PcdSet64S (PcdTpmBaseAddress, TpmBase); -+ ASSERT_EFI_ERROR (Status); -+ -+ Status = PeiServicesInstallPpi (&mTpm2DiscoveredPpi); -+ } else { -+ Status = PeiServicesInstallPpi (&mTpm2InitializationDonePpi); -+ } -+ ASSERT_EFI_ERROR (Status); -+ } -+ - BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize)); - - return EFI_SUCCESS; -diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf -index 1ef04d1..5dae4df 100644 ---- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf -+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf -@@ -1,7 +1,7 @@ - #/** @file - # - # Copyright (c) 2011-2015, ARM Limited. All rights reserved. --# Copyright (c) 2014, Linaro Limited. All rights reserved. -+# Copyright (c) 2014-2020, Linaro Limited. All rights reserved. - # - # SPDX-License-Identifier: BSD-2-Clause-Patent - # -@@ -11,7 +11,7 @@ - INF_VERSION = 0x00010005 - BASE_NAME = PlatformPeiLib - FILE_GUID = 59C11815-F8DA-4F49-B4FB-EC1E41ED1F06 -- MODULE_TYPE = SEC -+ MODULE_TYPE = BASE - VERSION_STRING = 1.0 - LIBRARY_CLASS = PlatformPeiLib - -@@ -21,15 +21,21 @@ - [Packages] - ArmPkg/ArmPkg.dec - ArmVirtPkg/ArmVirtPkg.dec -- MdePkg/MdePkg.dec -- MdeModulePkg/MdeModulePkg.dec - EmbeddedPkg/EmbeddedPkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ MdePkg/MdePkg.dec -+ OvmfPkg/OvmfPkg.dec -+ SecurityPkg/SecurityPkg.dec -+ -+[FeaturePcd] -+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled - - [LibraryClasses] - DebugLib - HobLib - FdtLib - PcdLib -+ PeiServicesLib - - [FixedPcd] - gArmTokenSpaceGuid.PcdFvSize -@@ -38,6 +44,11 @@ - [Pcd] - gArmTokenSpaceGuid.PcdFvBaseAddress - gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress -+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRODUCES -+ -+[Ppis] -+ gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRODUCES -+ gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES - - [Guids] - gEarlyPL011BaseAddressGuid --- -2.18.2 - diff --git a/0022-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch b/0005-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch similarity index 98% rename from 0022-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch rename to 0005-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch index f1eddbe58dd3c5aeccbf2f193a7f77317c6d0e0f..c5cc1523bc4d197dab5a158c12bae3bf1a6f1cbd 100644 --- a/0022-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch +++ b/0005-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch @@ -66,82 +66,82 @@ index 543c408302..1dde56d00c 100644 --- a/NetworkPkg/IScsiDxe/IScsiDxe.inf +++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf @@ -74,6 +74,7 @@ - MemoryAllocationLib - NetLib - PrintLib -+ SafeIntLib - TcpIoLib - UefiBootServicesTableLib - UefiDriverEntryPoint + MemoryAllocationLib + NetLib + PrintLib ++ SafeIntLib + TcpIoLib + UefiBootServicesTableLib + UefiDriverEntryPoint diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h index d895c7feb9..ac3a25730e 100644 --- a/NetworkPkg/IScsiDxe/IScsiImpl.h +++ b/NetworkPkg/IScsiDxe/IScsiImpl.h @@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - #include - #include - #include -+#include - #include - #include - #include + #include + #include + #include ++#include + #include + #include + #include diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c index b8fef3ff6f..42988e15cb 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -316,6 +316,7 @@ IScsiMacAddrToStr ( - @retval EFI_SUCCESS The binary data is converted to the hexadecimal string - and the length of the string is updated. - @retval EFI_BUFFER_TOO_SMALL The string is too small. -+ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. - @retval EFI_INVALID_PARAMETER The IP string is malformatted. - - **/ + @retval EFI_SUCCESS The binary data is converted to the hexadecimal string + and the length of the string is updated. + @retval EFI_BUFFER_TOO_SMALL The string is too small. ++ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. + @retval EFI_INVALID_PARAMETER The IP string is malformatted. + + **/ @@ -327,18 +328,28 @@ IScsiBinToHex ( - IN OUT UINT32 *HexLength - ) - { -- UINTN Index; -+ UINT32 HexLengthMin; -+ UINT32 HexLengthProvided; -+ UINT32 Index; - - if ((HexStr == NULL) || (BinBuffer == NULL) || (BinLength == 0)) { - return EFI_INVALID_PARAMETER; - } - -- if (((*HexLength) - 3) < BinLength * 2) { -- *HexLength = BinLength * 2 + 3; -+ // -+ // Safely calculate: HexLengthMin := BinLength * 2 + 3. -+ // -+ if (RETURN_ERROR (SafeUint32Mult (BinLength, 2, &HexLengthMin)) || -+ RETURN_ERROR (SafeUint32Add (HexLengthMin, 3, &HexLengthMin))) { -+ return EFI_BAD_BUFFER_SIZE; -+ } -+ -+ HexLengthProvided = *HexLength; -+ *HexLength = HexLengthMin; -+ if (HexLengthProvided < HexLengthMin) { - return EFI_BUFFER_TOO_SMALL; - } - -- *HexLength = BinLength * 2 + 3; - // - // Prefix for Hex String. - // + IN OUT UINT32 *HexLength + ) + { +- UINTN Index; ++ UINT32 HexLengthMin; ++ UINT32 HexLengthProvided; ++ UINT32 Index; + + if ((HexStr == NULL) || (BinBuffer == NULL) || (BinLength == 0)) { + return EFI_INVALID_PARAMETER; + } + +- if (((*HexLength) - 3) < BinLength * 2) { +- *HexLength = BinLength * 2 + 3; ++ // ++ // Safely calculate: HexLengthMin := BinLength * 2 + 3. ++ // ++ if (RETURN_ERROR (SafeUint32Mult (BinLength, 2, &HexLengthMin)) || ++ RETURN_ERROR (SafeUint32Add (HexLengthMin, 3, &HexLengthMin))) { ++ return EFI_BAD_BUFFER_SIZE; ++ } ++ ++ HexLengthProvided = *HexLength; ++ *HexLength = HexLengthMin; ++ if (HexLengthProvided < HexLengthMin) { + return EFI_BUFFER_TOO_SMALL; + } + +- *HexLength = BinLength * 2 + 3; + // + // Prefix for Hex String. + // diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h index 46c725aab3..231413993b 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -150,6 +150,7 @@ IScsiAsciiStrToIp ( - @retval EFI_SUCCESS The binary data is converted to the hexadecimal string - and the length of the string is updated. - @retval EFI_BUFFER_TOO_SMALL The string is too small. -+ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. - @retval EFI_INVALID_PARAMETER The IP string is malformatted. - - **/ + @retval EFI_SUCCESS The binary data is converted to the hexadecimal string + and the length of the string is updated. + @retval EFI_BUFFER_TOO_SMALL The string is too small. ++ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. + @retval EFI_INVALID_PARAMETER The IP string is malformatted. + + **/ -- 2.27.0 diff --git a/0006-ArmVirtPkg-implement-ArmVirtPsciResetSystemPeiLib.patch b/0006-ArmVirtPkg-implement-ArmVirtPsciResetSystemPeiLib.patch deleted file mode 100644 index e6458bcefaf04e10fc697fc6c8fe33e40f4fa195..0000000000000000000000000000000000000000 --- a/0006-ArmVirtPkg-implement-ArmVirtPsciResetSystemPeiLib.patch +++ /dev/null @@ -1,311 +0,0 @@ -From be6f854c61807ab26d7cc6db797876ed00d54469 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:09 +0100 -Subject: [PATCH 06/13] ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib - -Implement a ArmVirtPkg specific version of the PSCI ResetSystemLib that -is usable in the PEI phase, as the existing one relies on the FDT client -protocol, making it unsuitable. - -Note that accessing the device tree passed by QEMU via its initial base -address is guaranteed to be safe at any time during the PEI phase, so we -can defer discovery of the PSCI method until the time the reset library -is actually invoked (which is rarely) - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Acked-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - .../ArmVirtPsciResetSystemPeiLib.c | 232 ++++++++++++++++++ - .../ArmVirtPsciResetSystemPeiLib.inf | 39 +++ - 2 files changed, 271 insertions(+) - create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c - create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf - -diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c -new file mode 100644 -index 0000000..9cfd55d ---- /dev/null -+++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c -@@ -0,0 +1,232 @@ -+/** @file -+ Reset System lib using PSCI hypervisor or secure monitor calls -+ -+ Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
-+ Copyright (c) 2013, ARM Ltd. All rights reserved.
-+ Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.
-+ Copyright (c) 2019, Intel Corporation. All rights reserved.
-+ -+ SPDX-License-Identifier: BSD-2-Clause-Patent -+ -+**/ -+ -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+typedef enum { -+ PsciMethodUnknown, -+ PsciMethodSmc, -+ PsciMethodHvc, -+} PSCI_METHOD; -+ -+STATIC -+PSCI_METHOD -+DiscoverPsciMethod ( -+ VOID -+ ) -+{ -+ VOID *DeviceTreeBase; -+ INT32 Node, Prev; -+ INT32 Len; -+ CONST CHAR8 *Compatible; -+ CONST CHAR8 *CompatibleItem; -+ CONST VOID *Prop; -+ -+ DeviceTreeBase = (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress); -+ ASSERT (fdt_check_header (DeviceTreeBase) == 0); -+ -+ // -+ // Enumerate all FDT nodes looking for the PSCI node and capture the method -+ // -+ for (Prev = 0;; Prev = Node) { -+ Node = fdt_next_node (DeviceTreeBase, Prev, NULL); -+ if (Node < 0) { -+ break; -+ } -+ -+ Compatible = fdt_getprop (DeviceTreeBase, Node, "compatible", &Len); -+ if (Compatible == NULL) { -+ continue; -+ } -+ -+ // -+ // Iterate over the NULL-separated items in the compatible string -+ // -+ for (CompatibleItem = Compatible; CompatibleItem < Compatible + Len; -+ CompatibleItem += 1 + AsciiStrLen (CompatibleItem)) { -+ -+ if (AsciiStrCmp (CompatibleItem, "arm,psci-0.2") != 0) { -+ continue; -+ } -+ -+ Prop = fdt_getprop (DeviceTreeBase, Node, "method", NULL); -+ if (!Prop) { -+ DEBUG ((DEBUG_ERROR, "%a: Missing PSCI method property\n", -+ __FUNCTION__)); -+ return PsciMethodUnknown; -+ } -+ -+ if (AsciiStrnCmp (Prop, "hvc", 3) == 0) { -+ return PsciMethodHvc; -+ } else if (AsciiStrnCmp (Prop, "smc", 3) == 0) { -+ return PsciMethodSmc; -+ } else { -+ DEBUG ((DEBUG_ERROR, "%a: Unknown PSCI method \"%a\"\n", __FUNCTION__, -+ Prop)); -+ return PsciMethodUnknown; -+ } -+ } -+ } -+ return PsciMethodUnknown; -+} -+ -+STATIC -+VOID -+PerformPsciAction ( -+ IN UINTN Arg0 -+ ) -+{ -+ ARM_SMC_ARGS ArmSmcArgs; -+ ARM_HVC_ARGS ArmHvcArgs; -+ -+ ArmSmcArgs.Arg0 = Arg0; -+ ArmHvcArgs.Arg0 = Arg0; -+ -+ switch (DiscoverPsciMethod ()) { -+ case PsciMethodHvc: -+ ArmCallHvc (&ArmHvcArgs); -+ break; -+ -+ case PsciMethodSmc: -+ ArmCallSmc (&ArmSmcArgs); -+ break; -+ -+ default: -+ DEBUG ((DEBUG_ERROR, "%a: no PSCI method defined\n", __FUNCTION__)); -+ ASSERT (FALSE); -+ } -+} -+ -+/** -+ This function causes a system-wide reset (cold reset), in which -+ all circuitry within the system returns to its initial state. This type of reset -+ is asynchronous to system operation and operates without regard to -+ cycle boundaries. -+ -+ If this function returns, it means that the system does not support cold reset. -+**/ -+VOID -+EFIAPI -+ResetCold ( -+ VOID -+ ) -+{ -+ // Send a PSCI 0.2 SYSTEM_RESET command -+ PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_RESET); -+} -+ -+/** -+ This function causes a system-wide initialization (warm reset), in which all processors -+ are set to their initial state. Pending cycles are not corrupted. -+ -+ If this function returns, it means that the system does not support warm reset. -+**/ -+VOID -+EFIAPI -+ResetWarm ( -+ VOID -+ ) -+{ -+ // Map a warm reset into a cold reset -+ ResetCold (); -+} -+ -+/** -+ This function causes the system to enter a power state equivalent -+ to the ACPI G2/S5 or G3 states. -+ -+ If this function returns, it means that the system does not support shutdown reset. -+**/ -+VOID -+EFIAPI -+ResetShutdown ( -+ VOID -+ ) -+{ -+ // Send a PSCI 0.2 SYSTEM_OFF command -+ PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_OFF); -+} -+ -+/** -+ This function causes a systemwide reset. The exact type of the reset is -+ defined by the EFI_GUID that follows the Null-terminated Unicode string passed -+ into ResetData. If the platform does not recognize the EFI_GUID in ResetData -+ the platform must pick a supported reset type to perform.The platform may -+ optionally log the parameters from any non-normal reset that occurs. -+ -+ @param[in] DataSize The size, in bytes, of ResetData. -+ @param[in] ResetData The data buffer starts with a Null-terminated string, -+ followed by the EFI_GUID. -+**/ -+VOID -+EFIAPI -+ResetPlatformSpecific ( -+ IN UINTN DataSize, -+ IN VOID *ResetData -+ ) -+{ -+ // Map the platform specific reset as reboot -+ ResetCold (); -+} -+ -+/** -+ The ResetSystem function resets the entire platform. -+ -+ @param[in] ResetType The type of reset to perform. -+ @param[in] ResetStatus The status code for the reset. -+ @param[in] DataSize The size, in bytes, of ResetData. -+ @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or EfiResetShutdown -+ the data buffer starts with a Null-terminated string, optionally -+ followed by additional binary data. The string is a description -+ that the caller may use to further indicate the reason for the -+ system reset. -+**/ -+VOID -+EFIAPI -+ResetSystem ( -+ IN EFI_RESET_TYPE ResetType, -+ IN EFI_STATUS ResetStatus, -+ IN UINTN DataSize, -+ IN VOID *ResetData OPTIONAL -+ ) -+{ -+ switch (ResetType) { -+ case EfiResetWarm: -+ ResetWarm (); -+ break; -+ -+ case EfiResetCold: -+ ResetCold (); -+ break; -+ -+ case EfiResetShutdown: -+ ResetShutdown (); -+ return; -+ -+ case EfiResetPlatformSpecific: -+ ResetPlatformSpecific (DataSize, ResetData); -+ return; -+ -+ default: -+ return; -+ } -+} -diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf -new file mode 100644 -index 0000000..b480cae ---- /dev/null -+++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf -@@ -0,0 +1,39 @@ -+#/** @file -+# Reset System lib using PSCI hypervisor or secure monitor calls -+# -+# Copyright (c) 2008, Apple Inc. All rights reserved.
-+# Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.
-+# -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# -+#**/ -+ -+[Defines] -+ INF_VERSION = 1.27 -+ BASE_NAME = ArmVirtPsciResetSystemPeiLib -+ FILE_GUID = 551cfb98-c185-41a3-86bf-8cdb7e2a530c -+ MODULE_TYPE = BASE -+ VERSION_STRING = 1.0 -+ LIBRARY_CLASS = ResetSystemLib|PEIM -+ -+[Sources] -+ ArmVirtPsciResetSystemPeiLib.c -+ -+[Packages] -+ ArmPkg/ArmPkg.dec -+ ArmVirtPkg/ArmVirtPkg.dec -+ EmbeddedPkg/EmbeddedPkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ MdePkg/MdePkg.dec -+ -+[LibraryClasses] -+ ArmSmcLib -+ ArmHvcLib -+ BaseLib -+ DebugLib -+ FdtLib -+ HobLib -+ -+[Pcd] -+ gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress --- -2.18.2 - diff --git a/0023-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch b/0006-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch similarity index 98% rename from 0023-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch rename to 0006-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch index 82c659e51766bb758d6e6b55b9beed31a2f11637..9197ec0c2c624f97d07d51481a44d8a2e251046e 100644 --- a/0023-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch +++ b/0006-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch @@ -36,53 +36,53 @@ index 9e192ce292..dbe3c8ef46 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -391,6 +391,7 @@ IScsiCHAPToSendReq ( - UINT32 RspLen; - CHAR8 *Challenge; - UINT32 ChallengeLen; -+ EFI_STATUS BinToHexStatus; - - ASSERT (Conn->CurrentStage == ISCSI_SECURITY_NEGOTIATION); - + UINT32 RspLen; + CHAR8 *Challenge; + UINT32 ChallengeLen; ++ EFI_STATUS BinToHexStatus; + + ASSERT (Conn->CurrentStage == ISCSI_SECURITY_NEGOTIATION); + @@ -471,12 +472,13 @@ IScsiCHAPToSendReq ( - // - // CHAP_R= - // -- IScsiBinToHex ( -- (UINT8 *) AuthData->CHAPResponse, -- ISCSI_CHAP_RSP_LEN, -- Response, -- &RspLen -- ); -+ BinToHexStatus = IScsiBinToHex ( -+ (UINT8 *) AuthData->CHAPResponse, -+ ISCSI_CHAP_RSP_LEN, -+ Response, -+ &RspLen -+ ); -+ ASSERT_EFI_ERROR (BinToHexStatus); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); - - if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { + // + // CHAP_R= + // +- IScsiBinToHex ( +- (UINT8 *) AuthData->CHAPResponse, +- ISCSI_CHAP_RSP_LEN, +- Response, +- &RspLen +- ); ++ BinToHexStatus = IScsiBinToHex ( ++ (UINT8 *) AuthData->CHAPResponse, ++ ISCSI_CHAP_RSP_LEN, ++ Response, ++ &RspLen ++ ); ++ ASSERT_EFI_ERROR (BinToHexStatus); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); + + if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { @@ -490,12 +492,13 @@ IScsiCHAPToSendReq ( - // CHAP_C= - // - IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); -- IScsiBinToHex ( -- (UINT8 *) AuthData->OutChallenge, -- ISCSI_CHAP_RSP_LEN, -- Challenge, -- &ChallengeLen -- ); -+ BinToHexStatus = IScsiBinToHex ( -+ (UINT8 *) AuthData->OutChallenge, -+ ISCSI_CHAP_RSP_LEN, -+ Challenge, -+ &ChallengeLen -+ ); -+ ASSERT_EFI_ERROR (BinToHexStatus); - IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); - - Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; + // CHAP_C= + // + IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); +- IScsiBinToHex ( +- (UINT8 *) AuthData->OutChallenge, +- ISCSI_CHAP_RSP_LEN, +- Challenge, +- &ChallengeLen +- ); ++ BinToHexStatus = IScsiBinToHex ( ++ (UINT8 *) AuthData->OutChallenge, ++ ISCSI_CHAP_RSP_LEN, ++ Challenge, ++ &ChallengeLen ++ ); ++ ASSERT_EFI_ERROR (BinToHexStatus); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); + + Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; -- 2.27.0 diff --git a/0007-ArmVirtPkg-ArmVirtQemu-add-ResetSystem-PEIM-for-upco.patch b/0007-ArmVirtPkg-ArmVirtQemu-add-ResetSystem-PEIM-for-upco.patch deleted file mode 100644 index f934745516d06daf820c312e8fe1d710c38b4e29..0000000000000000000000000000000000000000 --- a/0007-ArmVirtPkg-ArmVirtQemu-add-ResetSystem-PEIM-for-upco.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 1cb4d8d12542e95274881c7fce1c95816bd883ff Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:10 +0100 -Subject: [PATCH 07/13] ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for - upcoming TPM2 support - -As a first step in gradually adding TPM2 support to ArmVirtQemu, add -the TPM2_ENABLE configurable to the [Defines] section, and if it is -set, add the ResetSystem PEIM to the build, along with the library -class references that we will need to support it: -- wire ArmVirtPsciResetSystemPeiLib into the ResetSystem PEIM itself, - which will be in charge of performing the actual reset -- add PeiResetSystemLib as the common ResetSystemLib resolution for - PEIM class modules, so that other PEIMs will invoke the PPI - published by the ResetSystem PEIM. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirtQemu.dsc | 14 ++++++++++++++ - ArmVirtPkg/ArmVirtQemu.fdf | 4 ++++ - 2 files changed, 18 insertions(+) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 984df5c..3bbc79c 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -29,6 +29,7 @@ - # - DEFINE TTY_TERMINAL = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE -+ DEFINE TPM2_ENABLE = FALSE - - # - # Network definition -@@ -77,6 +78,10 @@ - [LibraryClasses.common.PEIM] - ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf - -+!if $(TPM2_ENABLE) == TRUE -+ ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf -+!endif -+ - [LibraryClasses.common.DXE_DRIVER] - ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf - -@@ -100,6 +105,8 @@ - - gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE - -+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) -+ - [PcdsFixedAtBuild.common] - !if $(ARCH) == AARCH64 - gArmTokenSpaceGuid.PcdVFPEnabled|1 -@@ -266,6 +273,13 @@ - - MdeModulePkg/Universal/Variable/Pei/VariablePei.inf - -+!if $(TPM2_ENABLE) == TRUE -+ MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf { -+ -+ ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf -+ } -+!endif -+ - MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { - - NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf -diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf -index 2c8936a..69fa501 100644 ---- a/ArmVirtPkg/ArmVirtQemu.fdf -+++ b/ArmVirtPkg/ArmVirtQemu.fdf -@@ -113,6 +113,10 @@ READ_LOCK_STATUS = TRUE - INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf - INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf - -+!if $(TPM2_ENABLE) == TRUE -+ INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf -+!endif -+ - FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { - SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE { - SECTION FV_IMAGE = FVMAIN --- -2.18.2 - diff --git a/0024-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch b/0007-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch similarity index 98% rename from 0024-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch rename to 0007-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch index 2a3f31058557a7d5f20fd5aa77f8b234811c3c09..2ed6e15b0c57cfd4e60bc5c10beee628248242ea 100644 --- a/0024-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch +++ b/0007-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch @@ -32,55 +32,55 @@ index 42988e15cb..014700e87a 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -370,14 +370,14 @@ IScsiBinToHex ( - /** - Convert the hexadecimal string into a binary encoded buffer. - -- @param[in, out] BinBuffer The binary buffer. -- @param[in, out] BinLength Length of the binary buffer. -- @param[in] HexStr The hexadecimal string. -- -- @retval EFI_SUCCESS The hexadecimal string is converted into a binary -- encoded buffer. -- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. -- -+ @param[in, out] BinBuffer The binary buffer. -+ @param[in, out] BinLength Length of the binary buffer. -+ @param[in] HexStr The hexadecimal string. -+ -+ @retval EFI_SUCCESS The hexadecimal string is converted into a -+ binary encoded buffer. -+ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the -+ converted data. - **/ - EFI_STATUS - IScsiHexToBin ( + /** + Convert the hexadecimal string into a binary encoded buffer. + +- @param[in, out] BinBuffer The binary buffer. +- @param[in, out] BinLength Length of the binary buffer. +- @param[in] HexStr The hexadecimal string. +- +- @retval EFI_SUCCESS The hexadecimal string is converted into a binary +- encoded buffer. +- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. +- ++ @param[in, out] BinBuffer The binary buffer. ++ @param[in, out] BinLength Length of the binary buffer. ++ @param[in] HexStr The hexadecimal string. ++ ++ @retval EFI_SUCCESS The hexadecimal string is converted into a ++ binary encoded buffer. ++ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the ++ converted data. + **/ + EFI_STATUS + IScsiHexToBin ( diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h index 231413993b..28cf408cd5 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -165,14 +165,14 @@ IScsiBinToHex ( - /** - Convert the hexadecimal string into a binary encoded buffer. - -- @param[in, out] BinBuffer The binary buffer. -- @param[in, out] BinLength Length of the binary buffer. -- @param[in] HexStr The hexadecimal string. -- -- @retval EFI_SUCCESS The hexadecimal string is converted into a binary -- encoded buffer. -- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. -- -+ @param[in, out] BinBuffer The binary buffer. -+ @param[in, out] BinLength Length of the binary buffer. -+ @param[in] HexStr The hexadecimal string. -+ -+ @retval EFI_SUCCESS The hexadecimal string is converted into a -+ binary encoded buffer. -+ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the -+ converted data. - **/ - EFI_STATUS - IScsiHexToBin ( + /** + Convert the hexadecimal string into a binary encoded buffer. + +- @param[in, out] BinBuffer The binary buffer. +- @param[in, out] BinLength Length of the binary buffer. +- @param[in] HexStr The hexadecimal string. +- +- @retval EFI_SUCCESS The hexadecimal string is converted into a binary +- encoded buffer. +- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. +- ++ @param[in, out] BinBuffer The binary buffer. ++ @param[in, out] BinLength Length of the binary buffer. ++ @param[in] HexStr The hexadecimal string. ++ ++ @retval EFI_SUCCESS The hexadecimal string is converted into a ++ binary encoded buffer. ++ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the ++ converted data. + **/ + EFI_STATUS + IScsiHexToBin ( -- 2.27.0 diff --git a/0008-ArmVirtPkg-ArmVirtQemu-enable-TPM2-support-in-the-PE.patch b/0008-ArmVirtPkg-ArmVirtQemu-enable-TPM2-support-in-the-PE.patch deleted file mode 100644 index 2d513d801c5fce7399916fa28cf76e2200681d5d..0000000000000000000000000000000000000000 --- a/0008-ArmVirtPkg-ArmVirtQemu-enable-TPM2-support-in-the-PE.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 806d668dee96ddbb81737675b9f074e04334fb13 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:11 +0100 -Subject: [PATCH 08/13] ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI - phase - -Incorporate the PEI components and the associated library class -resolutions and PCD declarations to enable TPM2 support in the -PEI phase. - -This patch ports (parts of) the following OvmfPkg commits to -ArmVirtQemu: -- 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone", - 2018-03-09) -- 4672a4892867 ("OvmfPkg: include Tcg2Pei module", 2018-03-09) -- b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei - and Tcg2Dxe", 2018-08-16) -- 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe", - 2019-07-19) - -gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask defaults to 0x0 so -that the TPM init code adopts the currently active PCR banks as -the ones that are enabled by default. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirtQemu.dsc | 20 ++++++++++++++++++++ - ArmVirtPkg/ArmVirtQemu.fdf | 2 ++ - 2 files changed, 22 insertions(+) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 3bbc79c..44138e5 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -75,11 +75,17 @@ - PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf - PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf - -+!if $(TPM2_ENABLE) == TRUE -+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf -+!endif -+ - [LibraryClasses.common.PEIM] - ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf - - !if $(TPM2_ENABLE) == TRUE -+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf -+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf - !endif - - [LibraryClasses.common.DXE_DRIVER] -@@ -248,6 +254,10 @@ - # TPM2 support - # - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 -+!if $(TPM2_ENABLE) == TRUE -+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0 -+!endif - - [PcdsDynamicHii] - gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS -@@ -278,6 +288,16 @@ - - ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf - } -+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { -+ -+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf -+ } - !endif - - MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { -diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf -index 69fa501..8488300 100644 ---- a/ArmVirtPkg/ArmVirtQemu.fdf -+++ b/ArmVirtPkg/ArmVirtQemu.fdf -@@ -115,6 +115,8 @@ READ_LOCK_STATUS = TRUE - - !if $(TPM2_ENABLE) == TRUE - INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf -+ INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -+ INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf - !endif - - FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { --- -2.18.2 - diff --git a/0025-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch b/0008-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch similarity index 99% rename from 0025-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch rename to 0008-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch index 0996638c70d6a6616f1b76d3e97d17441bb78d7b..de3a29ca3117e8764a0e3d83041b1e783b8ea012 100644 --- a/0025-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch +++ b/0008-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch @@ -49,49 +49,49 @@ index 014700e87a..f0f4992b07 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -376,6 +376,7 @@ IScsiBinToHex ( - - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. -+ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ + + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. ++ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ @@ -402,14 +403,21 @@ IScsiHexToBin ( - - Length = AsciiStrLen (HexStr); - -+ // -+ // Reject an empty hex string; reject a stray nibble. -+ // -+ if (Length == 0 || Length % 2 != 0) { -+ return EFI_INVALID_PARAMETER; -+ } -+ - for (Index = 0; Index < Length; Index ++) { - TemStr[0] = HexStr[Index]; - Digit = (UINT8) AsciiStrHexToUint64 (TemStr); - if (Digit == 0 && TemStr[0] != '0') { - // -- // Invalid Lun Char. -+ // Invalid Hex Char. - // -- break; -+ return EFI_INVALID_PARAMETER; - } - if ((Index & 1) == 0) { - BinBuffer [Index/2] = Digit; + + Length = AsciiStrLen (HexStr); + ++ // ++ // Reject an empty hex string; reject a stray nibble. ++ // ++ if (Length == 0 || Length % 2 != 0) { ++ return EFI_INVALID_PARAMETER; ++ } ++ + for (Index = 0; Index < Length; Index ++) { + TemStr[0] = HexStr[Index]; + Digit = (UINT8) AsciiStrHexToUint64 (TemStr); + if (Digit == 0 && TemStr[0] != '0') { + // +- // Invalid Lun Char. ++ // Invalid Hex Char. + // +- break; ++ return EFI_INVALID_PARAMETER; + } + if ((Index & 1) == 0) { + BinBuffer [Index/2] = Digit; diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h index 28cf408cd5..404a482e57 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -171,6 +171,7 @@ IScsiBinToHex ( - - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. -+ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ + + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. ++ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ -- 2.27.0 diff --git a/0009-ArmVirtPkg-avoid-DxeTpmMeasurementLib-in-shared-.DSC.patch b/0009-ArmVirtPkg-avoid-DxeTpmMeasurementLib-in-shared-.DSC.patch deleted file mode 100644 index 8f96125df8ff011d81a5ffc3186b294beda26e32..0000000000000000000000000000000000000000 --- a/0009-ArmVirtPkg-avoid-DxeTpmMeasurementLib-in-shared-.DSC.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 785f0c94c6fa7bfbf307d2e5faa90964dca155a9 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Thu, 27 Feb 2020 15:12:32 +0100 -Subject: [PATCH 09/13] ArmVirtPkg; avoid DxeTpmMeasurementLib in shared .DSC - -DxeTpmMeasurementLib should only be used on platforms that implement -measured boot, which we will do in a future patch, but only for -ArmVirtQemu, as the remaining ones are fundamentally incompatible, -given that they do not implement a PEI phase. - -So use TpmMeasurementLibNull as the default resolution for all -ArmVirtPkg platforms, regardless of how they are built. - -This mirrors commit 1ec05b81e59f ("OvmfPkg: use DxeTpmMeasurementLib -if and only if TPM2_ENABLE", 2019-07-04). - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirt.dsc.inc | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 10037c9..398aa7b 100644 ---- a/ArmVirtPkg/ArmVirt.dsc.inc -+++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -165,15 +165,14 @@ - # Secure Boot dependencies - # - !if $(SECURE_BOOT_ENABLE) == TRUE -- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf - - # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree - PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf - !else -- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf - !endif -+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf - UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf - --- -2.18.2 - diff --git a/0026-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch b/0009-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch similarity index 98% rename from 0026-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch rename to 0009-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch index 6c2861e5d3452fd8f16f8ed47d138111a27ff7bf..bb521b17e7c4624fffd114b9477ba546d382a343 100644 --- a/0026-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch +++ b/0009-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch @@ -40,67 +40,67 @@ index f0f4992b07..4069547867 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.c +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c @@ -377,6 +377,9 @@ IScsiBinToHex ( - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. - @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. -+ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: -+ the decoded size cannot be expressed in -+ BinLength on output. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. + @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. ++ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: ++ the decoded size cannot be expressed in ++ BinLength on output. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ @@ -387,6 +390,8 @@ IScsiHexToBin ( - IN CHAR8 *HexStr - ) - { -+ UINTN BinLengthMin; -+ UINT32 BinLengthProvided; - UINTN Index; - UINTN Length; - UINT8 Digit; + IN CHAR8 *HexStr + ) + { ++ UINTN BinLengthMin; ++ UINT32 BinLengthProvided; + UINTN Index; + UINTN Length; + UINT8 Digit; @@ -409,6 +414,18 @@ IScsiHexToBin ( - if (Length == 0 || Length % 2 != 0) { - return EFI_INVALID_PARAMETER; - } -+ // -+ // Check if the caller provides enough room for the decoded blob. -+ // -+ BinLengthMin = Length / 2; -+ if (BinLengthMin > MAX_UINT32) { -+ return EFI_BAD_BUFFER_SIZE; -+ } -+ BinLengthProvided = *BinLength; -+ *BinLength = (UINT32)BinLengthMin; -+ if (BinLengthProvided < BinLengthMin) { -+ return EFI_BUFFER_TOO_SMALL; -+ } - - for (Index = 0; Index < Length; Index ++) { - TemStr[0] = HexStr[Index]; + if (Length == 0 || Length % 2 != 0) { + return EFI_INVALID_PARAMETER; + } ++ // ++ // Check if the caller provides enough room for the decoded blob. ++ // ++ BinLengthMin = Length / 2; ++ if (BinLengthMin > MAX_UINT32) { ++ return EFI_BAD_BUFFER_SIZE; ++ } ++ BinLengthProvided = *BinLength; ++ *BinLength = (UINT32)BinLengthMin; ++ if (BinLengthProvided < BinLengthMin) { ++ return EFI_BUFFER_TOO_SMALL; ++ } + + for (Index = 0; Index < Length; Index ++) { + TemStr[0] = HexStr[Index]; @@ -425,9 +442,6 @@ IScsiHexToBin ( - BinBuffer [Index/2] = (UINT8) ((BinBuffer [Index/2] << 4) + Digit); - } - } -- -- *BinLength = (UINT32) ((Index + 1)/2); -- - return EFI_SUCCESS; - } - + BinBuffer [Index/2] = (UINT8) ((BinBuffer [Index/2] << 4) + Digit); + } + } +- +- *BinLength = (UINT32) ((Index + 1)/2); +- + return EFI_SUCCESS; + } + diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h index 404a482e57..fddef4f466 100644 --- a/NetworkPkg/IScsiDxe/IScsiMisc.h +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h @@ -172,6 +172,9 @@ IScsiBinToHex ( - @retval EFI_SUCCESS The hexadecimal string is converted into a - binary encoded buffer. - @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. -+ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: -+ the decoded size cannot be expressed in -+ BinLength on output. - @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the - converted data. - **/ + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. + @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. ++ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: ++ the decoded size cannot be expressed in ++ BinLength on output. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ -- 2.27.0 diff --git a/0010-ArmVirtPkg-unshare-TpmMeasurementLib-resolution-betw.patch b/0010-ArmVirtPkg-unshare-TpmMeasurementLib-resolution-betw.patch deleted file mode 100644 index 65affb292a3ac73b851164dae1711b7a64b42f4c..0000000000000000000000000000000000000000 --- a/0010-ArmVirtPkg-unshare-TpmMeasurementLib-resolution-betw.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 454595840418dce7e227a70ff297b1d11593e768 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Thu, 27 Feb 2020 15:24:21 +0100 -Subject: [PATCH 10/13] ArmVirtPkg: unshare TpmMeasurementLib resolution - between platforms - -In preparation of conditializing the choice of resolution based on -TPM2_ENABLE for ArmVirtQemu, move the TpmMeasurementLib out of the -shared .DSC include and into the individual DSCs. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirt.dsc.inc | 1 - - ArmVirtPkg/ArmVirtQemu.dsc | 1 + - ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + - ArmVirtPkg/ArmVirtXen.dsc | 1 + - 4 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 398aa7b..0a28d3a 100644 ---- a/ArmVirtPkg/ArmVirt.dsc.inc -+++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -172,7 +172,6 @@ - !else - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf - !endif -- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf - UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 44138e5..83c4dea 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -74,6 +74,7 @@ - PciPcdProducerLib|ArmVirtPkg/Library/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf - PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf - PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf -+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - - !if $(TPM2_ENABLE) == TRUE - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 8243876..7bd50e4 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -73,6 +73,7 @@ - PciPcdProducerLib|ArmVirtPkg/Library/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf - PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf - PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf -+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - - [LibraryClasses.common.DXE_DRIVER] - ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf -diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc -index 8a6ace2..2a4ef8d 100644 ---- a/ArmVirtPkg/ArmVirtXen.dsc -+++ b/ArmVirtPkg/ArmVirtXen.dsc -@@ -47,6 +47,7 @@ - BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf - PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf - CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf -+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - - [LibraryClasses.common.UEFI_DRIVER] - UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf --- -2.18.2 - diff --git a/0027-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch b/0010-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch similarity index 98% rename from 0027-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch rename to 0010-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch index 426abb92367155d7d7211f2a526d49a24fa183e3..5482fb4b3f33f37082e1d8a9192523d784bb9b02 100644 --- a/0027-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch +++ b/0010-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch @@ -46,39 +46,39 @@ index dbe3c8ef46..7e930c0d1e 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -290,11 +290,15 @@ IScsiCHAPOnRspReceived ( - - AuthData->InIdentifier = (UINT32) Result; - AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); -- IScsiHexToBin ( -- (UINT8 *) AuthData->InChallenge, -- &AuthData->InChallengeLength, -- Challenge -- ); -+ Status = IScsiHexToBin ( -+ (UINT8 *) AuthData->InChallenge, -+ &AuthData->InChallengeLength, -+ Challenge -+ ); -+ if (EFI_ERROR (Status)) { -+ Status = EFI_PROTOCOL_ERROR; -+ goto ON_EXIT; -+ } - Status = IScsiCHAPCalculateResponse ( - AuthData->InIdentifier, - AuthData->AuthConfig->CHAPSecret, + + AuthData->InIdentifier = (UINT32) Result; + AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); +- IScsiHexToBin ( +- (UINT8 *) AuthData->InChallenge, +- &AuthData->InChallengeLength, +- Challenge +- ); ++ Status = IScsiHexToBin ( ++ (UINT8 *) AuthData->InChallenge, ++ &AuthData->InChallengeLength, ++ Challenge ++ ); ++ if (EFI_ERROR (Status)) { ++ Status = EFI_PROTOCOL_ERROR; ++ goto ON_EXIT; ++ } + Status = IScsiCHAPCalculateResponse ( + AuthData->InIdentifier, + AuthData->AuthConfig->CHAPSecret, @@ -337,7 +341,11 @@ IScsiCHAPOnRspReceived ( - } - - RspLen = ISCSI_CHAP_RSP_LEN; -- IScsiHexToBin (TargetRsp, &RspLen, Response); -+ Status = IScsiHexToBin (TargetRsp, &RspLen, Response); -+ if (EFI_ERROR (Status) || RspLen != ISCSI_CHAP_RSP_LEN) { -+ Status = EFI_PROTOCOL_ERROR; -+ goto ON_EXIT; -+ } - - // - // Check the CHAP Name and Response replied by Target. + } + + RspLen = ISCSI_CHAP_RSP_LEN; +- IScsiHexToBin (TargetRsp, &RspLen, Response); ++ Status = IScsiHexToBin (TargetRsp, &RspLen, Response); ++ if (EFI_ERROR (Status) || RspLen != ISCSI_CHAP_RSP_LEN) { ++ Status = EFI_PROTOCOL_ERROR; ++ goto ON_EXIT; ++ } + + // + // Check the CHAP Name and Response replied by Target. -- 2.27.0 diff --git a/0011-ArmVirtPkg-ArmVirtQemu-enable-the-DXE-phase-TPM2-sup.patch b/0011-ArmVirtPkg-ArmVirtQemu-enable-the-DXE-phase-TPM2-sup.patch deleted file mode 100644 index ae03320f750bf1beb51296e71b619de62af58106..0000000000000000000000000000000000000000 --- a/0011-ArmVirtPkg-ArmVirtQemu-enable-the-DXE-phase-TPM2-sup.patch +++ /dev/null @@ -1,115 +0,0 @@ -From d77e86c43972cd56b37d8f4b34c253f82aa65f54 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:12 +0100 -Subject: [PATCH 11/13] ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2 - support module - -Enable the TPM2 support module in the DXE phase, and the associated -libraries and PCDs that it requires. This will be wired into the -measured boot support code in a subsequent patch. - -Note that Tcg2Dxe.inf is added to ArmVirtQemuFvMain.fdf.inc, which -is shared with other platforms in ArmVirtPkg, but as those will not -set the TPM2_ENABLE define, this change does not affect them. - -This patch ports (parts of) the following OvmfPkg commits to -ArmVirtQemu: - -- 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe module", 2018-03-09) - -- b9777bb42e4f ("OvmfPkg: add Tcg2PhysicalPresenceLibQemu", 2018-05-22) - -- only to match OVMF's current lib class resolutions - -- 1ec05b81e59f ("OvmfPkg: use DxeTpmMeasurementLib if and only if - TPM2_ENABLE", 2019-07-04) - -- b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei - and Tcg2Dxe", 2018-08-16) - -- 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe", - 2019-07-19) - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirtQemu.dsc | 26 +++++++++++++++++++++++++- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 7 +++++++ - 2 files changed, 32 insertions(+), 1 deletion(-) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 83c4dea..291210a 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -74,10 +74,13 @@ - PciPcdProducerLib|ArmVirtPkg/Library/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf - PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf - PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf -- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - - !if $(TPM2_ENABLE) == TRUE - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf -+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf -+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf -+!else -+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf - !endif - - [LibraryClasses.common.PEIM] -@@ -92,6 +95,10 @@ - [LibraryClasses.common.DXE_DRIVER] - ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf - -+!if $(TPM2_ENABLE) == TRUE -+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -+!endif -+ - [LibraryClasses.common.UEFI_DRIVER] - UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf - -@@ -470,6 +477,23 @@ - MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - -+ # -+ # TPM2 support -+ # -+!if $(TPM2_ENABLE) == TRUE -+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { -+ -+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf -+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf -+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf -+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf -+ } -+!endif -+ - # - # ACPI Support - # -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 31f615a..047e99c 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -173,6 +173,13 @@ READ_LOCK_STATUS = TRUE - INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf - INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - -+ # -+ # TPM2 support -+ # -+!if $(TPM2_ENABLE) == TRUE -+ INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -+!endif -+ - # - # TianoCore logo (splash screen) - # --- -2.18.2 - diff --git a/0012-ArmVirtPkg-ArmVirtQemu-enable-the-TPM2-configuration.patch b/0012-ArmVirtPkg-ArmVirtQemu-enable-the-TPM2-configuration.patch deleted file mode 100644 index bf95bc0c5f1232c9b271e9482f775e06ae6daa4a..0000000000000000000000000000000000000000 --- a/0012-ArmVirtPkg-ArmVirtQemu-enable-the-TPM2-configuration.patch +++ /dev/null @@ -1,81 +0,0 @@ -From c3b182fe9189137280a5397426cc08b1110aac39 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:13 +0100 -Subject: [PATCH 12/13] ArmVirtPkg/ArmVirtQemu: enable the TPM2 configuration - module - -Enable the DXE phase component that publishes the HII pages and -associated logic to enable TPM2 parameters to be configured by -the user via the setup menu. - -This patch ports (parts of) the following commits to ArmVirtQemu: - -- 3103389043bd ("OvmfPkg: Add TCG2 Configuration menu to the Device - Manager menu", 2019-02-11) - -- cf3ad972a210 ("OvmfPkg: reorganize TPM2 support in DSC/FDF files", - 2020-01-09) - -- f55477fe2d62 ("OvmfPkg: use HII type PCDs for TPM2 config related - variables", 2020-01-09) - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirtQemu.dsc | 9 +++++++++ - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 3 +++ - 2 files changed, 12 insertions(+) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 291210a..93b982a 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -30,6 +30,7 @@ - DEFINE TTY_TERMINAL = FALSE - DEFINE SECURE_BOOT_ENABLE = FALSE - DEFINE TPM2_ENABLE = FALSE -+ DEFINE TPM2_CONFIG_ENABLE = FALSE - - # - # Network definition -@@ -270,6 +271,11 @@ - [PcdsDynamicHii] - gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS - -+!if $(TPM2_CONFIG_ENABLE) == TRUE -+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS -+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS -+!endif -+ - ################################################################################ - # - # Components Section - list of all EDK II Modules needed by this Platform -@@ -492,6 +498,9 @@ - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -+!if $(TPM2_CONFIG_ENABLE) == TRUE -+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -+!endif - !endif - - # -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 047e99c..2fa69ce 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -178,6 +178,9 @@ READ_LOCK_STATUS = TRUE - # - !if $(TPM2_ENABLE) == TRUE - INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -+!if $(TPM2_CONFIG_ENABLE) == TRUE -+ INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -+!endif - !endif - - # --- -2.18.2 - diff --git a/0013-ArmVirtPkg-ArmVirtQemu-enable-TPM2-based-measured-bo.patch b/0013-ArmVirtPkg-ArmVirtQemu-enable-TPM2-based-measured-bo.patch deleted file mode 100644 index da79bcfa5d33bb6135cd4e1e0f78e3f479c8f11b..0000000000000000000000000000000000000000 --- a/0013-ArmVirtPkg-ArmVirtQemu-enable-TPM2-based-measured-bo.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d9c8dd64dd827cea4a533d012f344d0db6569127 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 26 Feb 2020 20:05:14 +0100 -Subject: [PATCH 13/13] ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot - -Now that all the TPM2 related plumbing is in place, we can add the -final piece that performs the measurements of loaded images into -the appropriate PCRs. - -This patch ports commit d5a002aba0aa ("OvmfPkg: plug -DxeTpm2MeasureBootLib into SecurityStubDxe", 2018-03-09) to ArmVirtQemu. - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 -Signed-off-by: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -Signed-off-by: jiangfangjie ---- - ArmVirtPkg/ArmVirtQemu.dsc | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 93b982a..a07d546 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -348,6 +348,9 @@ - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { - - NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf -+!if $(TPM2_ENABLE) == TRUE -+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf -+!endif - } - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf --- -2.18.2 - diff --git a/0014-MdeModulePkg-Core-Dxe-assert-SectionInstance-invariant-in-FindChildNode.patch b/0014-MdeModulePkg-Core-Dxe-assert-SectionInstance-invariant-in-FindChildNode.patch deleted file mode 100755 index 84987252924eedadcb9e77c5112c8eddfbab4151..0000000000000000000000000000000000000000 --- a/0014-MdeModulePkg-Core-Dxe-assert-SectionInstance-invariant-in-FindChildNode.patch +++ /dev/null @@ -1,106 +0,0 @@ -From 4ea70df0973caf3763aa306e8d6571fc37aa35e5 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Mon, 28 Sep 2020 16:29:01 +0200 -Subject: [PATCH v2 1/2] MdeModulePkg/Core/Dxe: assert SectionInstance - invariant in FindChildNode() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -FindChildNode() has two callers: GetSection(), and FindChildNode() itself. - -- At the GetSection() call site, a positive (i.e., nonzero) - SectionInstance is passed. This is because GetSection() takes a - zero-based (UINTN) SectionInstance, and then passes - Instance=(SectionInstance+1) to FindChildNode(). - -- For reaching the recursive FindChildNode() call site, a section type - mismatch, or a section instance mismatch, is necessary. This means, - respectively, that SectionInstance will either not have been decreased, - or not to zero anyway, at the recursive FindChildNode() call site. - -Add two ASSERT()s to FindChildNode(), for expressing the (SectionSize>0) -invariant. - -In turn, the invariant provides the explanation why, after the recursive -call, a zero SectionInstance implies success. Capture it in a comment. - -Cc: Dandan Bi -Cc: Hao A Wu -Cc: Jian J Wang -Cc: Liming Gao -Cc: Philippe Mathieu-Daudé -Signed-off-by: Laszlo Ersek ---- - -Notes: - v2: - - no change - - MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 23 +++++++++++++++----- - 1 file changed, 17 insertions(+), 6 deletions(-) - -diff --git a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c -index d678166db475..d7f7ef427422 100644 ---- a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c -+++ b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c -@@ -952,8 +952,8 @@ CreateChildNode ( - search. - @param SearchType Indicates the type of section to search for. - @param SectionInstance Indicates which instance of section to find. -- This is an in/out parameter to deal with -- recursions. -+ This is an in/out parameter and it is 1-based, -+ to deal with recursions. - @param SectionDefinitionGuid Guid of section definition - @param FoundChild Output indicating the child node that is found. - @param FoundStream Output indicating which section stream the child -@@ -988,6 +988,8 @@ FindChildNode ( - EFI_STATUS ErrorStatus; - EFI_STATUS Status; - -+ ASSERT (*SectionInstance > 0); -+ - CurrentChildNode = NULL; - ErrorStatus = EFI_NOT_FOUND; - -@@ -1037,6 +1039,11 @@ FindChildNode ( - } - } - -+ // -+ // Type mismatch, or we haven't found the desired instance yet. -+ // -+ ASSERT (*SectionInstance > 0); -+ - if (CurrentChildNode->EncapsulatedStreamHandle != NULL_STREAM_HANDLE) { - // - // If the current node is an encapsulating node, recurse into it... -@@ -1050,16 +1057,20 @@ FindChildNode ( - &RecursedFoundStream, - AuthenticationStatus - ); -- // -- // If the status is not EFI_SUCCESS, just save the error code and continue -- // to find the request child node in the rest stream. -- // - if (*SectionInstance == 0) { -+ // -+ // The recursive FindChildNode() call decreased (*SectionInstance) to -+ // zero. -+ // - ASSERT_EFI_ERROR (Status); - *FoundChild = RecursedChildNode; - *FoundStream = RecursedFoundStream; - return EFI_SUCCESS; - } else { -+ // -+ // If the status is not EFI_SUCCESS, just save the error code and -+ // continue to find the request child node in the rest stream. -+ // - ErrorStatus = Status; - } - } else if ((CurrentChildNode->Type == EFI_SECTION_GUID_DEFINED) && (SearchType != EFI_SECTION_GUID_DEFINED)) { --- -2.19.1.3.g30247aa5d201 - diff --git a/0015-MdeModulePkg-Core-Dxe-limit-FwVol-encapsulation-section-recursion.patch b/0015-MdeModulePkg-Core-Dxe-limit-FwVol-encapsulation-section-recursion.patch deleted file mode 100755 index 5960c3de43333dfb956ee784ec6eb5b01d287cb7..0000000000000000000000000000000000000000 --- a/0015-MdeModulePkg-Core-Dxe-limit-FwVol-encapsulation-section-recursion.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 5d02b0176fb8584e44c1b8f2bc1f934e23b017ed Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Mon, 28 Sep 2020 15:02:02 +0200 -Subject: [PATCH v2 2/2] MdeModulePkg/Core/Dxe: limit FwVol encapsulation - section recursion -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The DXE Core sets up a protocol notify function in its entry point, for -instances of the Firmware Volume Block2 Protocol: - - DxeMain() [DxeMain/DxeMain.c] - FwVolDriverInit() [FwVol/FwVol.c] - -Assume that a 3rd party UEFI driver or application installs an FVB -instance, with crafted contents. The notification function runs: - - NotifyFwVolBlock() [FwVol/FwVol.c] - -installing an instance of the Firmware Volume 2 Protocol on the handle. - -(Alternatively, assume that a 3rd party application calls -gDS->ProcessFirmwareVolume(), which may also produce a Firmware Volume 2 -Protocol instance.) - -The EFI_FIRMWARE_VOLUME2_PROTOCOL.ReadSection() member performs "a -depth-first, left-to-right search algorithm through all sections found in -the specified file" (quoting the PI spec), as follows: - - FvReadFileSection() [FwVol/FwVolRead.c] - GetSection() [SectionExtraction/CoreSectionExtraction.c] - FindChildNode() [SectionExtraction/CoreSectionExtraction.c] - FindChildNode() // recursive call - -FindChildNode() is called recursively for encapsulation sections. - -Currently this recursion is not limited. Introduce a new PCD -(fixed-at-build, or patchable-in-module), and make FindChildNode() track -the section nesting depth against that PCD. - -Cc: Dandan Bi -Cc: Hao A Wu -Cc: Jian J Wang -Cc: Liming Gao -Cc: Philippe Mathieu-Daudé -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 -Signed-off-by: Laszlo Ersek ---- - -Notes: - v2: - - change the DEC default of the new PCD - (PcdFwVolDxeMaxEncapsulationDepth) from 8 to 16 (0x10) [Liming] - - MdeModulePkg/MdeModulePkg.dec | 6 ++++ - MdeModulePkg/MdeModulePkg.uni | 6 ++++ - MdeModulePkg/Core/Dxe/DxeMain.inf | 1 + - MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 33 ++++++++++++++++++-- - 4 files changed, 44 insertions(+), 2 deletions(-) - -diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index cb30a7975849..eac19a6edcc5 100644 ---- a/MdeModulePkg/MdeModulePkg.dec -+++ b/MdeModulePkg/MdeModulePkg.dec -@@ -1505,6 +1505,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] - # @Prompt Enable Capsule On Disk support. - gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleOnDiskSupport|FALSE|BOOLEAN|0x0000002d - -+ ## Maximum permitted encapsulation levels of sections in a firmware volume, -+ # in the DXE phase. Minimum value is 1. Sections nested more deeply are -+ # rejected. -+ # @Prompt Maximum permitted FwVol section nesting depth (exclusive). -+ gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth|0x10|UINT32|0x00000030 -+ - [PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] - ## This PCD defines the Console output row. The default value is 25 according to UEFI spec. - # This PCD could be set to 0 then console output would be at max column and max row. -diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni -index b8c867379a86..9b1be3220fad 100644 ---- a/MdeModulePkg/MdeModulePkg.uni -+++ b/MdeModulePkg/MdeModulePkg.uni -@@ -1153,6 +1153,12 @@ - "Note:
" - "If Both Capsule In Ram and Capsule On Disk are provisioned at the same time, the Capsule On Disk will be bypassed." - -+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdFwVolDxeMaxEncapsulationDepth_PROMPT #language en-US "Maximum permitted FwVol section nesting depth (exclusive)." -+ -+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdFwVolDxeMaxEncapsulationDepth_HELP #language en-US "Maximum permitted encapsulation levels of sections in a firmware volume,
" -+ "in the DXE phase. Minimum value is 1. Sections nested more deeply are
" -+ "rejected." -+ - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCapsuleInRamSupport_PROMPT #language en-US "Enable Capsule In Ram support" - - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCapsuleInRamSupport_HELP #language en-US "Capsule In Ram is to use memory to deliver the capsules that will be processed after system reset.

" -diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf -index 1d4b11dc7318..e4bca895773d 100644 ---- a/MdeModulePkg/Core/Dxe/DxeMain.inf -+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf -@@ -185,6 +185,7 @@ [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES -+ gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES - - # [Hob] - # RESOURCE_DESCRIPTOR ## CONSUMES -diff --git a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c -index d7f7ef427422..908617d1ca5c 100644 ---- a/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c -+++ b/MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c -@@ -955,6 +955,9 @@ CreateChildNode ( - This is an in/out parameter and it is 1-based, - to deal with recursions. - @param SectionDefinitionGuid Guid of section definition -+ @param Depth Nesting depth of encapsulation sections. -+ Callers different from FindChildNode() are -+ responsible for passing in a zero Depth. - @param FoundChild Output indicating the child node that is found. - @param FoundStream Output indicating which section stream the child - was found in. If this stream was generated as a -@@ -968,6 +971,9 @@ CreateChildNode ( - @retval EFI_NOT_FOUND Requested child node does not exist. - @retval EFI_PROTOCOL_ERROR a required GUIDED section extraction protocol - does not exist -+ @retval EFI_ABORTED Recursion aborted because Depth has been -+ greater than or equal to -+ PcdFwVolDxeMaxEncapsulationDepth. - - **/ - EFI_STATUS -@@ -976,6 +982,7 @@ FindChildNode ( - IN EFI_SECTION_TYPE SearchType, - IN OUT UINTN *SectionInstance, - IN EFI_GUID *SectionDefinitionGuid, -+ IN UINT32 Depth, - OUT CORE_SECTION_CHILD_NODE **FoundChild, - OUT CORE_SECTION_STREAM_NODE **FoundStream, - OUT UINT32 *AuthenticationStatus -@@ -990,6 +997,10 @@ FindChildNode ( - - ASSERT (*SectionInstance > 0); - -+ if (Depth >= PcdGet32 (PcdFwVolDxeMaxEncapsulationDepth)) { -+ return EFI_ABORTED; -+ } -+ - CurrentChildNode = NULL; - ErrorStatus = EFI_NOT_FOUND; - -@@ -1053,6 +1064,7 @@ FindChildNode ( - SearchType, - SectionInstance, - SectionDefinitionGuid, -+ Depth + 1, - &RecursedChildNode, - &RecursedFoundStream, - AuthenticationStatus -@@ -1067,9 +1079,17 @@ FindChildNode ( - *FoundStream = RecursedFoundStream; - return EFI_SUCCESS; - } else { -+ if (Status == EFI_ABORTED) { -+ // -+ // If the recursive call was aborted due to nesting depth, stop -+ // looking for the requested child node. The skipped subtree could -+ // throw off the instance counting. -+ // -+ return Status; -+ } - // -- // If the status is not EFI_SUCCESS, just save the error code and -- // continue to find the request child node in the rest stream. -+ // Save the error code and continue to find the requested child node in -+ // the rest of the stream. - // - ErrorStatus = Status; - } -@@ -1272,11 +1292,20 @@ GetSection ( - *SectionType, - &Instance, - SectionDefinitionGuid, -+ 0, // encapsulation depth - &ChildNode, - &ChildStreamNode, - &ExtractedAuthenticationStatus - ); - if (EFI_ERROR (Status)) { -+ if (Status == EFI_ABORTED) { -+ DEBUG ((DEBUG_ERROR, "%a: recursion aborted due to nesting depth\n", -+ __FUNCTION__)); -+ // -+ // Map "aborted" to "not found". -+ // -+ Status = EFI_NOT_FOUND; -+ } - goto GetSection_Done; - } - --- -2.19.1.3.g30247aa5d201 - diff --git a/0016-ArmPkg-CompilerIntrinsicsLib-provide-atomics-intrins.patch b/0016-ArmPkg-CompilerIntrinsicsLib-provide-atomics-intrins.patch deleted file mode 100644 index f8fbca19193aeef7137bb848c1641217dfeaf092..0000000000000000000000000000000000000000 --- a/0016-ArmPkg-CompilerIntrinsicsLib-provide-atomics-intrins.patch +++ /dev/null @@ -1,190 +0,0 @@ -From ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9 Mon Sep 17 00:00:00 2001 -From: Ard Biesheuvel -Date: Wed, 20 May 2020 13:44:48 +0200 -Subject: [PATCH] ArmPkg/CompilerIntrinsicsLib: provide atomics intrinsics - -Gary reports the GCC 10 will emit calls to atomics intrinsics routines -unless -mno-outline-atomics is specified. This means GCC-10 introduces -new intrinsics, and even though it would be possible to work around this -by specifying the command line option, this would require a new GCC10 -toolchain profile to be created, which we prefer to avoid. - -So instead, add the new intrinsics to our library so they are provided -when necessary. - -Signed-off-by: Ard Biesheuvel -Tested-by: Gary Lin -Acked-by: Laszlo Ersek -Reviewed-by: Leif Lindholm -Reviewed-by: Philippe Mathieu-Daude ---- - .../CompilerIntrinsicsLib/AArch64/Atomics.S | 142 ++++++++++++++++++ - .../CompilerIntrinsicsLib.inf | 3 + - 2 files changed, 145 insertions(+) - create mode 100644 ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S - -diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S b/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S -new file mode 100644 -index 0000000000..3792020ab8 ---- /dev/null -+++ b/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S -@@ -0,0 +1,142 @@ -+#------------------------------------------------------------------------------ -+# -+# Copyright (c) 2020, Arm, Limited. All rights reserved.
-+# -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+#------------------------------------------------------------------------------ -+ -+ /* -+ * Provide the GCC intrinsics that are required when using GCC 9 or -+ * later with the -moutline-atomics options (which became the default -+ * in GCC 10) -+ */ -+ .arch armv8-a -+ -+ .macro reg_alias, pfx, sz -+ r0_\sz .req \pfx\()0 -+ r1_\sz .req \pfx\()1 -+ tmp0_\sz .req \pfx\()16 -+ tmp1_\sz .req \pfx\()17 -+ .endm -+ -+ /* -+ * Define register aliases of the right type for each size -+ * (xN for 8 bytes, wN for everything smaller) -+ */ -+ reg_alias w, 1 -+ reg_alias w, 2 -+ reg_alias w, 4 -+ reg_alias x, 8 -+ -+ .macro fn_start, name:req -+ .section .text.\name -+ .globl \name -+ .type \name, %function -+\name\(): -+ .endm -+ -+ .macro fn_end, name:req -+ .size \name, . - \name -+ .endm -+ -+ /* -+ * Emit an atomic helper for \model with operands of size \sz, using -+ * the operation specified by \insn (which is the LSE name), and which -+ * can be implemented using the generic load-locked/store-conditional -+ * (LL/SC) sequence below, using the arithmetic operation given by -+ * \opc. -+ */ -+ .macro emit_ld_sz, sz:req, insn:req, opc:req, model:req, s, a, l -+ fn_start __aarch64_\insn\()\sz\()\model -+ mov tmp0_\sz, r0_\sz -+0: ld\a\()xr\s r0_\sz, [x1] -+ .ifnc \insn, swp -+ \opc tmp1_\sz, r0_\sz, tmp0_\sz -+ st\l\()xr\s w15, tmp1_\sz, [x1] -+ .else -+ st\l\()xr\s w15, tmp0_\sz, [x1] -+ .endif -+ cbnz w15, 0b -+ ret -+ fn_end __aarch64_\insn\()\sz\()\model -+ .endm -+ -+ /* -+ * Emit atomic helpers for \model for operand sizes in the -+ * set {1, 2, 4, 8}, for the instruction pattern given by -+ * \insn. (This is the LSE name, but this implementation uses -+ * the generic LL/SC sequence using \opc as the arithmetic -+ * operation on the target.) -+ */ -+ .macro emit_ld, insn:req, opc:req, model:req, a, l -+ emit_ld_sz 1, \insn, \opc, \model, b, \a, \l -+ emit_ld_sz 2, \insn, \opc, \model, h, \a, \l -+ emit_ld_sz 4, \insn, \opc, \model, , \a, \l -+ emit_ld_sz 8, \insn, \opc, \model, , \a, \l -+ .endm -+ -+ /* -+ * Emit the compare and swap helper for \model and size \sz -+ * using LL/SC instructions. -+ */ -+ .macro emit_cas_sz, sz:req, model:req, uxt:req, s, a, l -+ fn_start __aarch64_cas\sz\()\model -+ \uxt tmp0_\sz, r0_\sz -+0: ld\a\()xr\s r0_\sz, [x2] -+ cmp r0_\sz, tmp0_\sz -+ bne 1f -+ st\l\()xr\s w15, r1_\sz, [x2] -+ cbnz w15, 0b -+1: ret -+ fn_end __aarch64_cas\sz\()\model -+ .endm -+ -+ /* -+ * Emit compare-and-swap helpers for \model for operand sizes in the -+ * set {1, 2, 4, 8, 16}. -+ */ -+ .macro emit_cas, model:req, a, l -+ emit_cas_sz 1, \model, uxtb, b, \a, \l -+ emit_cas_sz 2, \model, uxth, h, \a, \l -+ emit_cas_sz 4, \model, mov , , \a, \l -+ emit_cas_sz 8, \model, mov , , \a, \l -+ -+ /* -+ * We cannot use the parameterized sequence for 16 byte CAS, so we -+ * need to define it explicitly. -+ */ -+ fn_start __aarch64_cas16\model -+ mov x16, x0 -+ mov x17, x1 -+0: ld\a\()xp x0, x1, [x4] -+ cmp x0, x16 -+ ccmp x1, x17, #0, eq -+ bne 1f -+ st\l\()xp w15, x16, x17, [x4] -+ cbnz w15, 0b -+1: ret -+ fn_end __aarch64_cas16\model -+ .endm -+ -+ /* -+ * Emit the set of GCC outline atomic helper functions for -+ * the memory ordering model given by \model: -+ * - relax unordered loads and stores -+ * - acq load-acquire, unordered store -+ * - rel unordered load, store-release -+ * - acq_rel load-acquire, store-release -+ */ -+ .macro emit_model, model:req, a, l -+ emit_ld ldadd, add, \model, \a, \l -+ emit_ld ldclr, bic, \model, \a, \l -+ emit_ld ldeor, eor, \model, \a, \l -+ emit_ld ldset, orr, \model, \a, \l -+ emit_ld swp, mov, \model, \a, \l -+ emit_cas \model, \a, \l -+ .endm -+ -+ emit_model _relax -+ emit_model _acq, a -+ emit_model _rel,, l -+ emit_model _acq_rel, a, l -diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf b/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf -index d5bad94677..fcf48c6781 100644 ---- a/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf -+++ b/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf -@@ -79,6 +79,9 @@ - Arm/ldivmod.asm | MSFT - Arm/llsr.asm | MSFT - -+[Sources.AARCH64] -+ AArch64/Atomics.S | GCC -+ - [Packages] - MdePkg/MdePkg.dec - ArmPkg/ArmPkg.dec --- -2.27.0 - diff --git a/0017-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch b/0017-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch deleted file mode 100644 index 4888c63ce6f33133445e8bea04231ca42d8a13d5..0000000000000000000000000000000000000000 --- a/0017-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch +++ /dev/null @@ -1,93 +0,0 @@ -From e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 19 Nov 2020 12:50:34 +0100 -Subject: [PATCH] MdeModulePkg/LzmaCustomDecompressLib: catch 4GB+ uncompressed - buffer sizes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The LzmaUefiDecompressGetInfo() function -[MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c] currently -silently truncates the UINT64 "DecodedSize" property of the compressed -blob to the UINT32 "DestinationSize" output parameter. - -If "DecodedSize" is 0x1_0000_0100, for example, then the subsequent memory -allocation (for decompression) will likely succeed (allocating 0x100 bytes -only), but then the LzmaUefiDecompress() function (which re-fetches the -uncompressed buffer size from the same LZMA header into a "SizeT" -variable) will overwrite the buffer. - -Catch (DecodedSize > MAX_UINT32) in LzmaUefiDecompressGetInfo() at once. -This should not be a practical limitation. (The issue cannot be fixed for -32-bit systems without spec modifications anyway, given that the -"OutputSize" output parameter of -EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL.ExtractSection() has type UINTN, -not UINT64.) - -Cc: Dandan Bi -Cc: Hao A Wu -Cc: Jian J Wang -Cc: Liming Gao -Cc: Philippe Mathieu-Daudé -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1816 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20201119115034.12897-2-lersek@redhat.com> ---- - .../Library/LzmaCustomDecompressLib/LzmaDecompress.c | 7 +++++++ - .../LzmaCustomDecompressLib/LzmaDecompressLibInternal.h | 5 +++++ - 2 files changed, 12 insertions(+) - -diff --git a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c -index c58912eb6a..8f7c242dca 100644 ---- a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c -+++ b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c -@@ -127,6 +127,10 @@ GetDecodedSizeOfBuf( - in DestinationSize and the size of the scratch - buffer was returned in ScratchSize. - -+ @retval RETURN_UNSUPPORTED DestinationSize cannot be output because the -+ uncompressed buffer size (in bytes) does not fit -+ in a UINT32. Output parameters have not been -+ modified. - **/ - RETURN_STATUS - EFIAPI -@@ -142,6 +146,9 @@ LzmaUefiDecompressGetInfo ( - ASSERT(SourceSize >= LZMA_HEADER_SIZE); - - DecodedSize = GetDecodedSizeOfBuf((UINT8*)Source); -+ if (DecodedSize > MAX_UINT32) { -+ return RETURN_UNSUPPORTED; -+ } - - *DestinationSize = (UINT32)DecodedSize; - *ScratchSize = SCRATCH_BUFFER_REQUEST_SIZE; -diff --git a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h -index 26f110ba2a..fbafd5f100 100644 ---- a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h -+++ b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h -@@ -9,6 +9,7 @@ - #ifndef __LZMADECOMPRESSLIB_INTERNAL_H__ - #define __LZMADECOMPRESSLIB_INTERNAL_H__ - -+#include - #include - #include - #include -@@ -45,6 +46,10 @@ - in DestinationSize and the size of the scratch - buffer was returned in ScratchSize. - -+ @retval RETURN_UNSUPPORTED DestinationSize cannot be output because the -+ uncompressed buffer size (in bytes) does not fit -+ in a UINT32. Output parameters have not been -+ modified. - **/ - RETURN_STATUS - EFIAPI --- -2.27.0 - diff --git a/0029-BaseTools-fix-ucs-2-lookup-on-python-3.9.patch b/0029-BaseTools-fix-ucs-2-lookup-on-python-3.9.patch deleted file mode 100644 index a643451ad98757dcc9e16799627cc3de5662ec28..0000000000000000000000000000000000000000 --- a/0029-BaseTools-fix-ucs-2-lookup-on-python-3.9.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 5df044496a30e4fa62b71513f3ae87400ceff4c4 Mon Sep 17 00:00:00 2001 -From: Cole Robinson -Date: Wed, 12 Aug 2020 01:28:17 +0800 -Subject: [PATCH] BaseTools: fix ucs-2 lookup on python 3.9 - -python3.9 changed/fixed codec.register behavior to always replace -hyphen with underscore for passed in codec names: - - https://bugs.python.org/issue37751 - -So the custom Ucs2Search needs to be adapted to handle 'ucs_2' in -addition to existing 'ucs-2' for back compat. - -This fixes test failures on python3.9, example: - -====================================================================== -FAIL: testUtf16InUniFile (CheckUnicodeSourceFiles.Tests) ----------------------------------------------------------------------- -Traceback (most recent call last): - File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 375, in PreProcess - FileIn = UniFileClassObject.OpenUniFile(LongFilePath(File.Path)) - File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 303, in OpenUniFile - UniFileClassObject.VerifyUcs2Data(FileIn, FileName, Encoding) - File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 312, in VerifyUcs2Data - Ucs2Info = codecs.lookup('ucs-2') -LookupError: unknown encoding: ucs-2 - -Signed-off-by: Cole Robinson -Reviewed-by: Yuwei Chen -Reviewed-by: Bob Feng -Signed-off-by: Jinhua Cao ---- - BaseTools/Source/Python/AutoGen/UniClassObject.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/BaseTools/Source/Python/AutoGen/UniClassObject.py b/BaseTools/Source/Python/AutoGen/UniClassObject.py -index b2895f7e5c..883c2356e0 100644 ---- a/BaseTools/Source/Python/AutoGen/UniClassObject.py -+++ b/BaseTools/Source/Python/AutoGen/UniClassObject.py -@@ -152,7 +152,7 @@ class Ucs2Codec(codecs.Codec): - - TheUcs2Codec = Ucs2Codec() - def Ucs2Search(name): -- if name == 'ucs-2': -+ if name in ['ucs-2', 'ucs_2']: - return codecs.CodecInfo( - name=name, - encode=TheUcs2Codec.encode, --- -2.27.0 - diff --git a/0030-BaseTools-Work-around-array.array.tostring-removal-i.patch b/0030-BaseTools-Work-around-array.array.tostring-removal-i.patch deleted file mode 100644 index aaff9cf24e72b8a5175853ded8aaf8831f9fdf1f..0000000000000000000000000000000000000000 --- a/0030-BaseTools-Work-around-array.array.tostring-removal-i.patch +++ /dev/null @@ -1,51 +0,0 @@ -From d935684f89d972f3b9ff8fabe18fffefe75b2ed6 Mon Sep 17 00:00:00 2001 -From: Cole Robinson -Date: Wed, 12 Aug 2020 01:28:18 +0800 -Subject: [PATCH] BaseTools: Work around array.array.tostring() removal in - python 3.9 - -In python3, array.array.tostring() was a compat alias for tobytes(). -tostring() was removed in python 3.9. - -Convert this to use tolist() which should be valid for all python -versions. - -This fixes this build error on python3.9: - -(Python 3.9.0b5 on linux) Traceback (most recent call last): - File "/root/edk2/edk2-edk2-stable202002/BaseTools/BinWrappers/PosixLike/../../Source/Python/Trim/Trim.py", line 593, in Main - GenerateVfrBinSec(CommandOptions.ModuleName, CommandOptions.DebugDir, CommandOptions.OutputFile) - File "/root/edk2/edk2-edk2-stable202002/BaseTools/BinWrappers/PosixLike/../../Source/Python/Trim/Trim.py", line 449, in GenerateVfrBinSec - VfrUniOffsetList = GetVariableOffset(MapFileName, EfiFileName, VfrNameList) - File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 88, in GetVariableOffset - return _parseForGCC(lines, efifilepath, varnames) - File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 151, in _parseForGCC - efisecs = PeImageClass(efifilepath).SectionHeaderList - File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 1638, in __init__ - if ByteArray.tostring() != b'PE\0\0': -AttributeError: 'array.array' object has no attribute 'tostring' - -Signed-off-by: Cole Robinson -Reviewed-by: Yuwei Chen -Reviewed-by: Bob Feng -Signed-off-by: Jinhua Cao ---- - BaseTools/Source/Python/Common/Misc.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/BaseTools/Source/Python/Common/Misc.py b/BaseTools/Source/Python/Common/Misc.py -index da5fb380f0..751b2c24f0 100755 ---- a/BaseTools/Source/Python/Common/Misc.py -+++ b/BaseTools/Source/Python/Common/Misc.py -@@ -1635,7 +1635,7 @@ class PeImageClass(): - ByteArray = array.array('B') - ByteArray.fromfile(PeObject, 4) - # PE signature should be 'PE\0\0' -- if ByteArray.tostring() != b'PE\0\0': -+ if ByteArray.tolist() != [ord('P'), ord('E'), 0, 0]: - self.ErrorInfo = self.FileName + ' has no valid PE signature PE00' - return - --- -2.27.0 - diff --git a/brotli.tar.gz b/brotli.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..a70a886e5b4bfc3da7bc35160d8188df4867749d Binary files /dev/null and b/brotli.tar.gz differ diff --git a/edk2-stable202002.tar.gz b/edk2-stable202011.tar.gz similarity index 60% rename from edk2-stable202002.tar.gz rename to edk2-stable202011.tar.gz index fd9db10fc1b4a05e53edad1323cc3002dfb0b840..0c2cd385cf55d5e336be5ee55ec9fc4cff2ec8ec 100644 Binary files a/edk2-stable202002.tar.gz and b/edk2-stable202011.tar.gz differ diff --git a/edk2.spec b/edk2.spec index 30110864ddb6a6e06f86d094bebb6b11f564263d..c2ec0b58cddb32686bc0e04bec313d63b36e183c 100644 --- a/edk2.spec +++ b/edk2.spec @@ -1,47 +1,32 @@ -%global stable_date 202002 +%global stable_date 202011 %global release_tag edk2-stable%{stable_date} %global openssl_version 1.1.1f %global _python_bytecompile_extra 0 Name: edk2 Version: %{stable_date} -Release: 11 +Release: 1 Summary: EFI Development Kit II License: BSD-2-Clause-Patent URL: https://github.com/tianocore/edk2 Source0: https://github.com/tianocore/edk2/archive/%{release_tag}.tar.gz Source1: openssl-%{openssl_version}.tar.gz - -Patch0001: 0001-CryptoPkg-OpensslLib-Modify-process_files.pl-for-Ope.patch -Patch0002: 0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1f.patch -Patch0003: 0003-OvmfPkg-Tcg2ConfigPei-introduce-a-signalling-PPI-to-.patch -Patch0004: 0004-ArmVirtPkg-PlatformPeiLib-make-PcdLib-dependency-exp.patch -Patch0005: 0005-ArmVirtPkg-PlatformPeiLib-discover-the-TPM-base-addr.patch -Patch0006: 0006-ArmVirtPkg-implement-ArmVirtPsciResetSystemPeiLib.patch -Patch0007: 0007-ArmVirtPkg-ArmVirtQemu-add-ResetSystem-PEIM-for-upco.patch -Patch0008: 0008-ArmVirtPkg-ArmVirtQemu-enable-TPM2-support-in-the-PE.patch -Patch0009: 0009-ArmVirtPkg-avoid-DxeTpmMeasurementLib-in-shared-.DSC.patch -Patch0010: 0010-ArmVirtPkg-unshare-TpmMeasurementLib-resolution-betw.patch -Patch0011: 0011-ArmVirtPkg-ArmVirtQemu-enable-the-DXE-phase-TPM2-sup.patch -Patch0012: 0012-ArmVirtPkg-ArmVirtQemu-enable-the-TPM2-configuration.patch -Patch0013: 0013-ArmVirtPkg-ArmVirtQemu-enable-TPM2-based-measured-bo.patch -Patch0014: 0014-MdeModulePkg-Core-Dxe-assert-SectionInstance-invariant-in-FindChildNode.patch -Patch0015: 0015-MdeModulePkg-Core-Dxe-limit-FwVol-encapsulation-section-recursion.patch -Patch0016: 0016-ArmPkg-CompilerIntrinsicsLib-provide-atomics-intrins.patch -Patch0017: 0017-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch -Patch0018: 0018-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch -Patch0019: 0019-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch -Patch0020: 0020-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch -Patch0021: 0021-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch -Patch0022: 0022-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch -Patch0023: 0023-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch -Patch0024: 0024-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch -Patch0025: 0025-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch -Patch0026: 0026-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch -Patch0027: 0027-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch -Patch0028: 0028-MdeModulePkg-FPDT-Lock-boot-performance-table-addres.patch -Patch0029: 0029-BaseTools-fix-ucs-2-lookup-on-python-3.9.patch -Patch0030: 0030-BaseTools-Work-around-array.array.tostring-removal-i.patch +Source2: brotli.tar.gz + +# for CVE-2021-38575 +Patch0001: 0001-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch +Patch0002: 0002-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch +Patch0003: 0003-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch +Patch0004: 0004-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch +Patch0005: 0005-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch +Patch0006: 0006-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch +Patch0007: 0007-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch +Patch0008: 0008-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch +Patch0009: 0009-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch +Patch0010: 0010-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch + +# for CVE-2021-28216 +# Patch0028: 0028-MdeModulePkg-FPDT-Lock-boot-performance-table-addres.patch BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command @@ -93,6 +78,8 @@ EFI Development Kit II Open Virtual Machine Firmware (ia32) %prep %setup -n edk2-%{release_tag} tar -xf %{SOURCE1} -C CryptoPkg/Library/OpensslLib/openssl --strip-components=1 +tar -xf %{SOURCE2} -C MdeModulePkg/Library/BrotliCustomDecompressLib/brotli --strip-components=1 +tar -xf %{SOURCE2} -C BaseTools/Source/C/BrotliCompress/brotli --strip-components=1 %autopatch -p1 %build @@ -175,7 +162,7 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %files devel %license License.txt %license LICENSE.openssl -%{_bindir}/Brotli +%{_bindir}/BrotliCompress %{_bindir}/DevicePath %{_bindir}/EfiRom %{_bindir}/GenCrc32 @@ -239,6 +226,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %endif %changelog +* Mon Feb 7 2022 Jinhua Cao - 202011-1 +- update edk2 to stable 202011 + * Wed Jan 12 2022 Jinhua Cao - 202002-11 - BaseTools: fix ucs-2 lookup on python3.9 - BaseTools: Work around array.array.tostring() removal in python3.9