diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..77a9651 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz +SOURCES/ovmf-ee3198e672e2.tar.xz diff --git a/.ovmf.metadata b/.ovmf.metadata new file mode 100644 index 0000000..0b066a8 --- /dev/null +++ b/.ovmf.metadata @@ -0,0 +1,2 @@ +e3df430bd2ac86a819720e5a548b56b0ef144a6f SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz +ef7bc42e3e6decf2619709fd776481a30f4b4e53 SOURCES/ovmf-ee3198e672e2.tar.xz diff --git a/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch new file mode 100644 index 0000000..c108842 --- /dev/null +++ b/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch @@ -0,0 +1,600 @@ +From 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 11 Jun 2014 23:33:33 +0200 +Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only) + +Because we may include the OpenSSL library in our OVMF and AAVMF builds +now, we should advertise it as required by its license. This patch takes +the original TianoCore logo, shifts it up by 20 pixels, and adds the +horizontally centered message + + This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.openssl.org/) + +below. + +Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24 +Logo.bmp: PC bitmap, Windows 3.x format, 193 x 58 x 8 + +Downstream only because upstream edk2 does not intend to release a +secure-boot-enabled OVMF build. (However the advertising requirement in +the OpenSSL license, +"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed +nonetheless, which is why I'm changing the logo.) + +Notes about the 9ece15a -> c9e5618 rebase: +- Logo.bmp is no longer modified in-place; instead a modified copy is + created. That's because AAVMF includes the logo too, but it doesn't + include OpenSSL / Secure Boot, so we need the original copy too. + +Notes about the c9e5618 -> b9ffeab rebase: +- AAVMF gained Secure Boot support, therefore the logo is again modified + in the common location, and no FDF changes are necessary. + +Notes about the d7c0dfa -> 90bb4c5 rebase: + +- squash in the following downstream-only commits (made originally for + ): + + - eef9eb0 restore TianoCore splash logo without OpenSSL advertisment + (RHEL only) + + - 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure + Boot (RH only) + + The reason is that ideas keep changing when and where to include the + Secure Boot feature, so the logo must be controllable directly on the + build command line, from the RPM spec file. See the following + references: + + - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html + - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html + - https://bugzilla.redhat.com/show_bug.cgi?id=1323363 + +- This squashed variant should remain the final version of this patch. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- For more fun, upstream completely changed the way logo bitmaps are + embedded in the firmware binary (see for example commit ab970515d2c6, + "OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this + rebase, we reimplement the previous downstream-only commit e775fb20c999, + as described below. + +- Beyond the new bitmap file (which we preserve intact from the last + downstream branch), we introduce: + + - a new IDF (image description file) referencing the new BMP, + + - a new driver INF file, referencing the new BMP and new IDF (same C + source code though), + + - a new UNI (~description) file for the new driver INF file. + +- In the OVMF DSC and FDF files, we select the new driver INF for + inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they + both make use of OpenSSL (although different subsets of it). + +- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE, + because the ArmVirtQemu platform does not support TLS_ENABLE yet. + +- This patch is best displayed with "git show --find-copies-harder". + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- After picking previous downstream-only commit 32192c62e289, carry new + upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing + dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to + "LogoOpenSSLDxe.inf". + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove + incorrect comments.", 2018-02-28) + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b) +(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be) +--- + ArmVirtPkg/ArmVirtQemu.dsc | 4 +++ + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 4 +++ + ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 +++ + MdeModulePkg/Logo/Logo-OpenSSL.bmp | Bin 0 -> 156342 bytes + MdeModulePkg/Logo/Logo-OpenSSL.idf | 15 +++++++++ + MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 61 +++++++++++++++++++++++++++++++++++ + MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 22 +++++++++++++ + OvmfPkg/OvmfPkgIa32.dsc | 4 +++ + OvmfPkg/OvmfPkgIa32.fdf | 4 +++ + OvmfPkg/OvmfPkgIa32X64.dsc | 4 +++ + OvmfPkg/OvmfPkgIa32X64.fdf | 4 +++ + OvmfPkg/OvmfPkgX64.dsc | 4 +++ + OvmfPkg/OvmfPkgX64.fdf | 4 +++ + 13 files changed, 134 insertions(+) + create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp + create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf + create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf + create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index d74feb7..7331597 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -329,7 +329,11 @@ + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf ++!if $(SECURE_BOOT_ENABLE) == TRUE ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + MdeModulePkg/Logo/LogoDxe.inf ++!endif + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +index 89f95b2..8941b7f 100644 +--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc ++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +@@ -191,7 +191,11 @@ READ_LOCK_STATUS = TRUE + # + # TianoCore logo (splash screen) + # ++!if $(SECURE_BOOT_ENABLE) == TRUE ++ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + INF MdeModulePkg/Logo/LogoDxe.inf ++!endif + + # + # Ramdisk support +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index 1e823ae..1981aae 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -318,7 +318,11 @@ + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf ++!if $(SECURE_BOOT_ENABLE) == TRUE ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + MdeModulePkg/Logo/LogoDxe.inf ++!endif + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp +new file mode 100644 +index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29 +GIT binary patch +literal 156342 +zcmeI5d(>~$xW~&aw_M64NYZ7LkVerMIgB$pYT%5)88Oa?KguvP +zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY +zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l +zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12 +zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo* +z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t +z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw +z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8 +zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&ns#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a? +zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE +z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb +zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK +zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI +zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W) +ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN +z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5& +z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc +z(W5B_Snb5D<LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2` +zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC +z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr +zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O +ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm +zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y +z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn7Jr_# +zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT +zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL +z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7 +zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9 +zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO +zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ +zZ)HZA9HQN?fBowS=bd-nQAZucL9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT +zMP`$;+{w6 +zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts +zL;~RA-VBcb3QU(O`l6 +zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e +zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3HMf%xC9#(>mO=IFj^}NHV#Lj +z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt +zeC{#^7{VZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb +zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y +z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A +zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH +z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q +z#U5^JZ4wkHy#0}}mC!ZV}nnU^RZ+|=Y +zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg| +zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz +z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~z)>P3# +z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3 +z-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq +zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1 +zxc%ShrZ`6<0RHgQodrAoh +zSgFbiHWu-)l-PgPQu`y9%`-LB*)t +z0JfJO;vrkhX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgBgk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD +zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Qp|I9?%YE^} +zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc +z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$ +zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG +zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ +z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY +zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf +z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;4>S +zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl> +z7^rJH4OAO`j``+-dZ#@M60IS}YFFFf)W&VY +za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R) +zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y +zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp +zKFQt>Vbm=t6%*pub_){ +zCA$l<)_b;6)NnQ04>SzuFu1i70ta6~A`DdXC=j +zVqk`4D7>weC&k1#JZWL!jyLuB?XwXz%QkDF +zYqrr5PP5vlI>ta<(`lgE@N@8+3#4^wr`@sI7!sJZ +zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6 +zsm0{}`|r=14;04_w9-uBbSZj=1wN7F69NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+ +zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV +zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B +zp7K{7GJLB2)HbE_`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE +z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K% +zcXytO^3f +zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW +zvK_w54ib*s{pCdx`+U+ +zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK +zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_gaB`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g +zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5vhUWL{rld#LnSaW +zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgMChaRR3Q`NWYVa52T-<54&6jk +z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi}i57aDByd`it`*14L?zOuC7O`Zb +zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6 +zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=| +zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQfr!>mb@vk@wzKEOR +zUl^giiGN`YjEEEA6vzVN5FLCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6 +zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox +z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@ +z;@R>q?8C{=X3m9KyurT&nC9FPkxLoM|ZfkdD{z-Jwk38Gqf +zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZsiV>B`L?96ui-1pi)&}t0pQmuO +zjkyJsVOUMgmwe@7qN10I9 +zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q +z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{ +zrxeRA9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH +zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$ +zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW) +z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw +z3l@f;rKYP((H5Gr$(|rLmcp6r6t4$t%^Y9|aV;zhXpXG7(4w#v;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_ +z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C +zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk +zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y +zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA +zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr= +zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W +z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_ +zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO +z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPTzaT>uOf~q|a}+cx{*6-y +z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB +zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9 +zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^ +zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095 +zOig9PT5`Z>N@_#zD%)aez~YZ +z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{ +z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r +zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^ +zgdamB9JKZss5qfIuEVafQ{8IFHZ(DOQ1 +zL2xbpxXzOgb_Q=@TibUgI`Lgj(=e> +zMU)Nx~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo +zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh +z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{RlEdP#0v4%e#ImMtXlgq`3qxe(=XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE +zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr +zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?Dc?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7> +zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a +z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q +zf7)`qfCKTHn1cVw*|W7Di!H#8j2>&Lm&Lm +z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K +zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@ +z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33Wf`WzQnLf`< +zN(2&t(Fph~a{Oz~wUF}&Lm ++// ++// This program and the accompanying materials ++// are licensed and made available under the terms and conditions of the BSD License ++// which accompanies this distribution. The full text of the license may be found at ++// http://opensource.org/licenses/bsd-license.php ++// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++// ++// **/ ++ ++#image IMG_LOGO Logo-OpenSSL.bmp +diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf +new file mode 100644 +index 0000000..2f79d87 +--- /dev/null ++++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf +@@ -0,0 +1,61 @@ ++## @file ++# The default logo bitmap picture shown on setup screen. ++# ++# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
++# ++# This program and the accompanying materials ++# are licensed and made available under the terms and conditions of the BSD License ++# which accompanies this distribution. The full text of the license may be found at ++# http://opensource.org/licenses/bsd-license.php ++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++# ++# ++## ++ ++[Defines] ++ INF_VERSION = 0x00010005 ++ BASE_NAME = LogoOpenSSLDxe ++ MODULE_UNI_FILE = LogoOpenSSLDxe.uni ++ FILE_GUID = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF ++ MODULE_TYPE = DXE_DRIVER ++ VERSION_STRING = 1.0 ++ ++ ENTRY_POINT = InitializeLogo ++# ++# This flag specifies whether HII resource section is generated into PE image. ++# ++ UEFI_HII_RESOURCE_SECTION = TRUE ++ ++# ++# The following information is for reference only and not required by the build tools. ++# ++# VALID_ARCHITECTURES = IA32 X64 ++# ++ ++[Sources] ++ Logo-OpenSSL.bmp ++ Logo.c ++ Logo-OpenSSL.idf ++ ++[Packages] ++ MdeModulePkg/MdeModulePkg.dec ++ MdePkg/MdePkg.dec ++ ++[LibraryClasses] ++ UefiBootServicesTableLib ++ UefiDriverEntryPoint ++ DebugLib ++ ++[Protocols] ++ gEfiHiiDatabaseProtocolGuid ## CONSUMES ++ gEfiHiiImageExProtocolGuid ## CONSUMES ++ gEfiHiiPackageListProtocolGuid ## PRODUCES CONSUMES ++ gEdkiiPlatformLogoProtocolGuid ## PRODUCES ++ ++[Depex] ++ gEfiHiiDatabaseProtocolGuid AND ++ gEfiHiiImageExProtocolGuid ++ ++[UserExtensions.TianoCore."ExtraFiles"] ++ LogoDxeExtra.uni +diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni +new file mode 100644 +index 0000000..7227ac3 +--- /dev/null ++++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni +@@ -0,0 +1,22 @@ ++// /** @file ++// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen. ++// ++// This module provides the logo bitmap picture (with OpenSSL advertisment) ++// shown on setup screen, through EDKII Platform Logo protocol. ++// ++// Copyright (c) 2016, Intel Corporation. All rights reserved.
++// ++// This program and the accompanying materials ++// are licensed and made available under the terms and conditions of the BSD License ++// which accompanies this distribution. The full text of the license may be found at ++// http://opensource.org/licenses/bsd-license.php ++// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++// ++// **/ ++ ++ ++#string STR_MODULE_ABSTRACT #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen." ++ ++#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." ++ +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 2d6c4c4..a5bb2b0 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -687,7 +687,11 @@ + NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf + !endif + } ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + MdeModulePkg/Logo/LogoDxe.inf ++!endif + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf +index 0427ded..f552bc9 100644 +--- a/OvmfPkg/OvmfPkgIa32.fdf ++++ b/OvmfPkg/OvmfPkgIa32.fdf +@@ -295,7 +295,11 @@ INF ShellPkg/Application/Shell/Shell.inf + INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !endif + ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + INF MdeModulePkg/Logo/LogoDxe.inf ++!endif + + # + # Network modules +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 43158c5..be8fee9 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -696,7 +696,11 @@ + NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf + !endif + } ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + MdeModulePkg/Logo/LogoDxe.inf ++!endif + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf +index 6df47f4..ee77ae1 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.fdf ++++ b/OvmfPkg/OvmfPkgIa32X64.fdf +@@ -296,7 +296,11 @@ INF ShellPkg/Application/Shell/Shell.inf + INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf + !endif + ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + INF MdeModulePkg/Logo/LogoDxe.inf ++!endif + + # + # Network modules +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index d1fdf7c..e224b0e 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -694,7 +694,11 @@ + NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf + !endif + } ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + MdeModulePkg/Logo/LogoDxe.inf ++!endif + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf +index 2e2a174..505d25d 100644 +--- a/OvmfPkg/OvmfPkgX64.fdf ++++ b/OvmfPkg/OvmfPkgX64.fdf +@@ -296,7 +296,11 @@ INF ShellPkg/Application/Shell/Shell.inf + INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !endif + ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf ++!else + INF MdeModulePkg/Logo/LogoDxe.inf ++!endif + + # + # Network modules +-- +1.8.3.1 + diff --git a/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch new file mode 100644 index 0000000..46f35b1 --- /dev/null +++ b/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch @@ -0,0 +1,48 @@ +From 1df2c822c996ad767f2f45570ab2686458f7604a Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 20 Feb 2014 22:54:45 +0100 +Subject: OvmfPkg: increase max debug message length to 512 (RHEL only) + +Upstream prefers short debug messages (sometimes even limited to 80 +characters), but any line length under 512 characters is just unsuitable +for effective debugging. (For example, config strings in HII routing, +logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE +level, can be several hundred characters long.) 512 is an empirically good +value. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Signed-off-by: Laszlo Ersek +(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb) +(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6) +(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a) +--- + OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c +index 36cde54..c0c4eae 100644 +--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c ++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c +@@ -27,7 +27,7 @@ + // + // Define the maximum debug and assert message length that this library supports + // +-#define MAX_DEBUG_MESSAGE_LENGTH 0x100 ++#define MAX_DEBUG_MESSAGE_LENGTH 0x200 + + /** + Prints a debug message to the debug output device if the specified error level is enabled. +-- +1.8.3.1 + diff --git a/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch new file mode 100644 index 0000000..f160b4a --- /dev/null +++ b/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch @@ -0,0 +1,554 @@ +From 7046d6040181bb0f76a5ebd680e0dc701c895dba Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 12 Jun 2014 00:17:59 +0200 +Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only) + +The Int10h VBE Shim is capable of emitting short debug messages when the +win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet +version is preferred; for us debug messages are important as a default. + +For this patch, the DEBUG macro is enabled in the assembly file, and then +the header file is regenerated from the assembly, by running +"OvmfPkg/QemuVideoDxe/VbeShim.sh". + +"VbeShim.h" is not auto-generated; it is manually generated. The patch +does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the +manually re-generated) "VbeShim.h" atomically. Doing so helps with local +downstream builds, with bisection, and also keeps redhat/README a bit +simpler. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- update commit message as requested in + + +Signed-off-by: Laszlo Ersek +(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f) +(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2) +(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c) +--- + OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +- + OvmfPkg/QemuVideoDxe/VbeShim.h | 481 +++++++++++++++++++++++++-------------- + 2 files changed, 308 insertions(+), 175 deletions(-) + +diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm +index 18fa920..f87ed5c 100644 +--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm ++++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm +@@ -18,7 +18,7 @@ + ;------------------------------------------------------------------------------ + + ; enable this macro for debug messages +-;%define DEBUG ++%define DEBUG + + %macro DebugLog 1 + %ifdef DEBUG +diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h +index cc9b6e1..325d647 100644 +--- a/OvmfPkg/QemuVideoDxe/VbeShim.h ++++ b/OvmfPkg/QemuVideoDxe/VbeShim.h +@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = { + /* 000001FE nop */ 0x90, + /* 000001FF nop */ 0x90, + /* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F, +- /* 00000203 jz 0x22d */ 0x74, 0x28, ++ /* 00000203 jz 0x235 */ 0x74, 0x30, + /* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F, +- /* 00000208 jz 0x245 */ 0x74, 0x3B, ++ /* 00000208 jz 0x255 */ 0x74, 0x4B, + /* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F, +- /* 0000020D jz 0x269 */ 0x74, 0x5A, ++ /* 0000020D jz 0x289 */ 0x74, 0x7A, + /* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F, +- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01, ++ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01, + /* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F, +- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01, ++ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01, + /* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F, +- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01, ++ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01, + /* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00, +- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01, +- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE, +- /* 0000022D push es */ 0x06, +- /* 0000022E push di */ 0x57, +- /* 0000022F push ds */ 0x1E, +- /* 00000230 push si */ 0x56, +- /* 00000231 push cx */ 0x51, +- /* 00000232 push cs */ 0x0E, +- /* 00000233 pop ds */ 0x1F, +- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00, +- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01, +- /* 0000023A cld */ 0xFC, +- /* 0000023B rep movsb */ 0xF3, 0xA4, +- /* 0000023D pop cx */ 0x59, +- /* 0000023E pop si */ 0x5E, +- /* 0000023F pop ds */ 0x1F, +- /* 00000240 pop di */ 0x5F, +- /* 00000241 pop es */ 0x07, +- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01, +- /* 00000245 push es */ 0x06, +- /* 00000246 push di */ 0x57, +- /* 00000247 push ds */ 0x1E, +- /* 00000248 push si */ 0x56, +- /* 00000249 push cx */ 0x51, +- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, +- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, +- /* 00000252 jz 0x256 */ 0x74, 0x02, +- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5, +- /* 00000256 push cs */ 0x0E, +- /* 00000257 pop ds */ 0x1F, +- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01, +- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01, +- /* 0000025E cld */ 0xFC, +- /* 0000025F rep movsb */ 0xF3, 0xA4, +- /* 00000261 pop cx */ 0x59, +- /* 00000262 pop si */ 0x5E, +- /* 00000263 pop ds */ 0x1F, +- /* 00000264 pop di */ 0x5F, +- /* 00000265 pop es */ 0x07, +- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00, +- /* 00000269 push dx */ 0x52, +- /* 0000026A push ax */ 0x50, +- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, +- /* 0000026F jz 0x273 */ 0x74, 0x02, +- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8, +- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, +- /* 00000276 mov al,0x20 */ 0xB0, 0x20, +- /* 00000278 out dx,al */ 0xEE, +- /* 00000279 push dx */ 0x52, +- /* 0000027A push ax */ 0x50, +- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00, +- /* 00000281 out dx,ax */ 0xEF, +- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 00000288 out dx,ax */ 0xEF, +- /* 00000289 pop ax */ 0x58, +- /* 0000028A pop dx */ 0x5A, +- /* 0000028B push dx */ 0x52, +- /* 0000028C push ax */ 0x50, +- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00, +- /* 00000293 out dx,ax */ 0xEF, +- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 0000029A out dx,ax */ 0xEF, +- /* 0000029B pop ax */ 0x58, +- /* 0000029C pop dx */ 0x5A, +- /* 0000029D push dx */ 0x52, +- /* 0000029E push ax */ 0x50, +- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00, +- /* 000002A5 out dx,ax */ 0xEF, +- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 000002AC out dx,ax */ 0xEF, +- /* 000002AD pop ax */ 0x58, +- /* 000002AE pop dx */ 0x5A, +- /* 000002AF push dx */ 0x52, +- /* 000002B0 push ax */ 0x50, +- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00, +- /* 000002B7 out dx,ax */ 0xEF, +- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 000002BE out dx,ax */ 0xEF, +- /* 000002BF pop ax */ 0x58, +- /* 000002C0 pop dx */ 0x5A, +- /* 000002C1 push dx */ 0x52, +- /* 000002C2 push ax */ 0x50, +- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00, +- /* 000002C9 out dx,ax */ 0xEF, +- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00, +- /* 000002D0 out dx,ax */ 0xEF, +- /* 000002D1 pop ax */ 0x58, +- /* 000002D2 pop dx */ 0x5A, +- /* 000002D3 push dx */ 0x52, +- /* 000002D4 push ax */ 0x50, +- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00, +- /* 000002DB out dx,ax */ 0xEF, +- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04, +- /* 000002E2 out dx,ax */ 0xEF, +- /* 000002E3 pop ax */ 0x58, +- /* 000002E4 pop dx */ 0x5A, +- /* 000002E5 push dx */ 0x52, +- /* 000002E6 push ax */ 0x50, +- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00, +- /* 000002ED out dx,ax */ 0xEF, +- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04, +- /* 000002F4 out dx,ax */ 0xEF, +- /* 000002F5 pop ax */ 0x58, +- /* 000002F6 pop dx */ 0x5A, +- /* 000002F7 push dx */ 0x52, +- /* 000002F8 push ax */ 0x50, +- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00, +- /* 000002FF out dx,ax */ 0xEF, +- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03, +- /* 00000306 out dx,ax */ 0xEF, +- /* 00000307 pop ax */ 0x58, +- /* 00000308 pop dx */ 0x5A, +- /* 00000309 push dx */ 0x52, +- /* 0000030A push ax */ 0x50, +- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00, +- /* 00000311 out dx,ax */ 0xEF, +- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03, +- /* 00000318 out dx,ax */ 0xEF, +- /* 00000319 pop ax */ 0x58, +- /* 0000031A pop dx */ 0x5A, +- /* 0000031B push dx */ 0x52, +- /* 0000031C push ax */ 0x50, +- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00, +- /* 00000323 out dx,ax */ 0xEF, +- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00, +- /* 0000032A out dx,ax */ 0xEF, +- /* 0000032B pop ax */ 0x58, +- /* 0000032C pop dx */ 0x5A, +- /* 0000032D pop ax */ 0x58, +- /* 0000032E pop dx */ 0x5A, +- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B, +- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, +- /* 00000334 jmp short 0x34c */ 0xEB, 0x16, +- /* 00000336 jmp short 0x350 */ 0xEB, 0x18, +- /* 00000338 jmp short 0x350 */ 0xEB, 0x16, +- /* 0000033A cmp al,0x3 */ 0x3C, 0x03, +- /* 0000033C jz 0x345 */ 0x74, 0x07, +- /* 0000033E cmp al,0x12 */ 0x3C, 0x12, +- /* 00000340 jz 0x349 */ 0x74, 0x07, +- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE, +- /* 00000345 mov al,0x30 */ 0xB0, 0x30, +- /* 00000347 jmp short 0x34b */ 0xEB, 0x02, +- /* 00000349 mov al,0x20 */ 0xB0, 0x20, +- /* 0000034B iretw */ 0xCF, +- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00, +- /* 0000034F iretw */ 0xCF, +- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01, +- /* 00000353 iretw */ 0xCF, ++ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01, ++ /* 0000022B push si */ 0x56, ++ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03, ++ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01, ++ /* 00000232 pop si */ 0x5E, ++ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE, ++ /* 00000235 push es */ 0x06, ++ /* 00000236 push di */ 0x57, ++ /* 00000237 push ds */ 0x1E, ++ /* 00000238 push si */ 0x56, ++ /* 00000239 push cx */ 0x51, ++ /* 0000023A push si */ 0x56, ++ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03, ++ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01, ++ /* 00000241 pop si */ 0x5E, ++ /* 00000242 push cs */ 0x0E, ++ /* 00000243 pop ds */ 0x1F, ++ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00, ++ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01, ++ /* 0000024A cld */ 0xFC, ++ /* 0000024B rep movsb */ 0xF3, 0xA4, ++ /* 0000024D pop cx */ 0x59, ++ /* 0000024E pop si */ 0x5E, ++ /* 0000024F pop ds */ 0x1F, ++ /* 00000250 pop di */ 0x5F, ++ /* 00000251 pop es */ 0x07, ++ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01, ++ /* 00000255 push es */ 0x06, ++ /* 00000256 push di */ 0x57, ++ /* 00000257 push ds */ 0x1E, ++ /* 00000258 push si */ 0x56, ++ /* 00000259 push cx */ 0x51, ++ /* 0000025A push si */ 0x56, ++ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04, ++ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01, ++ /* 00000261 pop si */ 0x5E, ++ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, ++ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, ++ /* 0000026A jz 0x276 */ 0x74, 0x0A, ++ /* 0000026C push si */ 0x56, ++ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01, ++ /* 00000273 pop si */ 0x5E, ++ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD, ++ /* 00000276 push cs */ 0x0E, ++ /* 00000277 pop ds */ 0x1F, ++ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01, ++ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01, ++ /* 0000027E cld */ 0xFC, ++ /* 0000027F rep movsb */ 0xF3, 0xA4, ++ /* 00000281 pop cx */ 0x59, ++ /* 00000282 pop si */ 0x5E, ++ /* 00000283 pop ds */ 0x1F, ++ /* 00000284 pop di */ 0x5F, ++ /* 00000285 pop es */ 0x07, ++ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01, ++ /* 00000289 push dx */ 0x52, ++ /* 0000028A push ax */ 0x50, ++ /* 0000028B push si */ 0x56, ++ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04, ++ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01, ++ /* 00000292 pop si */ 0x5E, ++ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, ++ /* 00000297 jz 0x2a3 */ 0x74, 0x0A, ++ /* 00000299 push si */ 0x56, ++ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01, ++ /* 000002A0 pop si */ 0x5E, ++ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90, ++ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, ++ /* 000002A6 mov al,0x20 */ 0xB0, 0x20, ++ /* 000002A8 out dx,al */ 0xEE, ++ /* 000002A9 push dx */ 0x52, ++ /* 000002AA push ax */ 0x50, ++ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00, ++ /* 000002B1 out dx,ax */ 0xEF, ++ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002B8 out dx,ax */ 0xEF, ++ /* 000002B9 pop ax */ 0x58, ++ /* 000002BA pop dx */ 0x5A, ++ /* 000002BB push dx */ 0x52, ++ /* 000002BC push ax */ 0x50, ++ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00, ++ /* 000002C3 out dx,ax */ 0xEF, ++ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002CA out dx,ax */ 0xEF, ++ /* 000002CB pop ax */ 0x58, ++ /* 000002CC pop dx */ 0x5A, ++ /* 000002CD push dx */ 0x52, ++ /* 000002CE push ax */ 0x50, ++ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00, ++ /* 000002D5 out dx,ax */ 0xEF, ++ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002DC out dx,ax */ 0xEF, ++ /* 000002DD pop ax */ 0x58, ++ /* 000002DE pop dx */ 0x5A, ++ /* 000002DF push dx */ 0x52, ++ /* 000002E0 push ax */ 0x50, ++ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00, ++ /* 000002E7 out dx,ax */ 0xEF, ++ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002EE out dx,ax */ 0xEF, ++ /* 000002EF pop ax */ 0x58, ++ /* 000002F0 pop dx */ 0x5A, ++ /* 000002F1 push dx */ 0x52, ++ /* 000002F2 push ax */ 0x50, ++ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00, ++ /* 000002F9 out dx,ax */ 0xEF, ++ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00, ++ /* 00000300 out dx,ax */ 0xEF, ++ /* 00000301 pop ax */ 0x58, ++ /* 00000302 pop dx */ 0x5A, ++ /* 00000303 push dx */ 0x52, ++ /* 00000304 push ax */ 0x50, ++ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00, ++ /* 0000030B out dx,ax */ 0xEF, ++ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04, ++ /* 00000312 out dx,ax */ 0xEF, ++ /* 00000313 pop ax */ 0x58, ++ /* 00000314 pop dx */ 0x5A, ++ /* 00000315 push dx */ 0x52, ++ /* 00000316 push ax */ 0x50, ++ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00, ++ /* 0000031D out dx,ax */ 0xEF, ++ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04, ++ /* 00000324 out dx,ax */ 0xEF, ++ /* 00000325 pop ax */ 0x58, ++ /* 00000326 pop dx */ 0x5A, ++ /* 00000327 push dx */ 0x52, ++ /* 00000328 push ax */ 0x50, ++ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00, ++ /* 0000032F out dx,ax */ 0xEF, ++ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03, ++ /* 00000336 out dx,ax */ 0xEF, ++ /* 00000337 pop ax */ 0x58, ++ /* 00000338 pop dx */ 0x5A, ++ /* 00000339 push dx */ 0x52, ++ /* 0000033A push ax */ 0x50, ++ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00, ++ /* 00000341 out dx,ax */ 0xEF, ++ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03, ++ /* 00000348 out dx,ax */ 0xEF, ++ /* 00000349 pop ax */ 0x58, ++ /* 0000034A pop dx */ 0x5A, ++ /* 0000034B push dx */ 0x52, ++ /* 0000034C push ax */ 0x50, ++ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00, ++ /* 00000353 out dx,ax */ 0xEF, ++ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00, ++ /* 0000035A out dx,ax */ 0xEF, ++ /* 0000035B pop ax */ 0x58, ++ /* 0000035C pop dx */ 0x5A, ++ /* 0000035D pop ax */ 0x58, ++ /* 0000035E pop dx */ 0x5A, ++ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B, ++ /* 00000361 push si */ 0x56, ++ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04, ++ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00, ++ /* 00000368 pop si */ 0x5E, ++ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, ++ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E, ++ /* 0000036E push si */ 0x56, ++ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04, ++ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00, ++ /* 00000375 pop si */ 0x5E, ++ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40, ++ /* 00000378 push si */ 0x56, ++ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04, ++ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00, ++ /* 0000037F pop si */ 0x5E, ++ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36, ++ /* 00000382 push si */ 0x56, ++ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04, ++ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00, ++ /* 00000389 pop si */ 0x5E, ++ /* 0000038A cmp al,0x3 */ 0x3C, 0x03, ++ /* 0000038C jz 0x39d */ 0x74, 0x0F, ++ /* 0000038E cmp al,0x12 */ 0x3C, 0x12, ++ /* 00000390 jz 0x3a1 */ 0x74, 0x0F, ++ /* 00000392 push si */ 0x56, ++ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00, ++ /* 00000399 pop si */ 0x5E, ++ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE, ++ /* 0000039D mov al,0x30 */ 0xB0, 0x30, ++ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02, ++ /* 000003A1 mov al,0x20 */ 0xB0, 0x20, ++ /* 000003A3 push si */ 0x56, ++ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03, ++ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00, ++ /* 000003AA pop si */ 0x5E, ++ /* 000003AB iretw */ 0xCF, ++ /* 000003AC push si */ 0x56, ++ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03, ++ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00, ++ /* 000003B3 pop si */ 0x5E, ++ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00, ++ /* 000003B7 iretw */ 0xCF, ++ /* 000003B8 push si */ 0x56, ++ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03, ++ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00, ++ /* 000003BF pop si */ 0x5E, ++ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01, ++ /* 000003C3 iretw */ 0xCF, ++ /* 000003C4 pushaw */ 0x60, ++ /* 000003C5 push ds */ 0x1E, ++ /* 000003C6 push cs */ 0x0E, ++ /* 000003C7 pop ds */ 0x1F, ++ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04, ++ /* 000003CB lodsb */ 0xAC, ++ /* 000003CC cmp al,0x0 */ 0x3C, 0x00, ++ /* 000003CE jz 0x3d3 */ 0x74, 0x03, ++ /* 000003D0 out dx,al */ 0xEE, ++ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8, ++ /* 000003D3 pop ds */ 0x1F, ++ /* 000003D4 popaw */ 0x61, ++ /* 000003D5 ret */ 0xC3, ++ /* 000003D6 inc bp */ 0x45, ++ /* 000003D7 js 0x442 */ 0x78, 0x69, ++ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A, ++ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E, ++ /* 000003DE jnc 0x455 */ 0x73, 0x75, ++ /* 000003E0 jo 0x452 */ 0x70, 0x70, ++ /* 000003E2 outsw */ 0x6F, ++ /* 000003E3 jc 0x459 */ 0x72, 0x74, ++ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00, ++ /* 000003E9 push bp */ 0x55, ++ /* 000003EA outsb */ 0x6E, ++ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77, ++ /* 000003EF outsb */ 0x6E, ++ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75, ++ /* 000003F3 outsb */ 0x6E, ++ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69, ++ /* 000003F7 outsw */ 0x6F, ++ /* 000003F8 outsb */ 0x6E, ++ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00, ++ /* 000003FB inc di */ 0x47, ++ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49, ++ /* 000003FF outsb */ 0x6E, ++ /* 00000400 outsd */ 0x66, 0x6F, ++ /* 00000402 or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000404 inc di */ 0x47, ++ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D, ++ /* 00000408 outsw */ 0x6F, ++ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49, ++ /* 0000040C outsb */ 0x6E, ++ /* 0000040D outsd */ 0x66, 0x6F, ++ /* 0000040F or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000411 inc di */ 0x47, ++ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D, ++ /* 00000415 outsw */ 0x6F, ++ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 0000041A push bx */ 0x53, ++ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D, ++ /* 0000041E outsw */ 0x6F, ++ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 00000423 push bx */ 0x53, ++ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D, ++ /* 00000427 outsw */ 0x6F, ++ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C, ++ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61, ++ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A, ++ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E, ++ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E, ++ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F, ++ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 0000043F inc di */ 0x47, ++ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50, ++ /* 00000443 insw */ 0x6D, ++ /* 00000444 inc bx */ 0x43, ++ /* 00000445 popaw */ 0x61, ++ /* 00000446 jo 0x4a9 */ 0x70, 0x61, ++ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C, ++ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73, ++ /* 00000450 or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000452 push dx */ 0x52, ++ /* 00000453 gs popaw */ 0x65, 0x61, ++ /* 00000455 fs inc bp */ 0x64, 0x45, ++ /* 00000457 fs */ 0x64, ++ /* 00000458 db 0x69 */ 0x69, ++ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00, + }; + #endif +-- +1.8.3.1 + diff --git a/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch new file mode 100644 index 0000000..2f9687d --- /dev/null +++ b/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch @@ -0,0 +1,136 @@ +From 1facdd58e946c584a3dc1e5be8f2f837b5a7c621 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 25 Feb 2014 18:40:35 +0100 +Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only) + +When the console output is multiplexed to several devices by +ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes +supported by all console output devices. + +Two notable output devices are provided by: +(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe, +(2) MdeModulePkg/Universal/Console/TerminalDxe. + +GraphicsConsoleDxe supports four modes at most -- see +InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData": + +(1a) 80x25 (required by the UEFI spec as mode 0), +(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec + requires the driver to provide it as mode 1), +(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI + spec requires from all plug-in graphics devices), +(1d) "full screen" resolution, derived form the underlying GOP's + horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH + (8) and EFI_GLYPH_HEIGHT (19), respectively. + +The automatic "full screen resolution" makes GraphicsConsoleDxe's +character console very flexible. However, TerminalDxe (which runs on +serial ports) only provides the following fixed resolutions -- see +InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData": + +(2a) 80x25 (required by the UEFI spec as mode 0), +(2b) 80x50 (since the character resolution of a serial device cannot be + interrogated easily, this is added unconditionally as mode 1), +(2c) 100x31 (since the character resolution of a serial device cannot be + interrogated easily, this is added unconditionally as mode 2). + +When ConSplitterDxe combines (1) and (2), multiplexing console output to +both video output and serial terminal, the list of commonly supported text +modes (ie. the "intersection") comprises: + +(3a) 80x25, unconditionally, from (1a) and (2a), +(3b) 80x50, if the graphics console provides at least 640x950 pixel + resolution, from (1b) and (2b) +(3c) 100x31, if the graphics device is a plug-in one (because in that case + 800x600 is a mandated pixel resolution), from (1c) and (2c). + +Unfortunately, the "full screen resolution" (1d) of the GOP-based text +console is not available in general. + +Mitigate this problem by extending "mTerminalConsoleModeData" with a +handful of text resolutions that are derived from widespread maximal pixel +resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out +the most frequent (1d) values from the intersection, and eg. the MODE +command in the UEFI shell will offer the "best" (ie. full screen) +resolution too. + +Upstreaming efforts for this patch have been discontinued; it was clear +from the off-list thread that consensus was impossible to reach. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- adapt commit 0bc77c63de03 (code and commit message) to upstream commit + 390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine + InitializeTerminalConsoleTextMode", 2017-01-10). + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- update commit message as requested in + + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e) +(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f) +--- + .../Universal/Console/TerminalDxe/Terminal.c | 41 ++++++++++++++++++++-- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +index 66dd3ad..78a1983 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +@@ -113,9 +113,44 @@ TERMINAL_DEV mTerminalDevTemplate = { + }; + + TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = { +- {80, 25}, +- {80, 50}, +- {100, 31}, ++ { 80, 25 }, // from graphics resolution 640 x 480 ++ { 80, 50 }, // from graphics resolution 640 x 960 ++ { 100, 25 }, // from graphics resolution 800 x 480 ++ { 100, 31 }, // from graphics resolution 800 x 600 ++ { 104, 32 }, // from graphics resolution 832 x 624 ++ { 120, 33 }, // from graphics resolution 960 x 640 ++ { 128, 31 }, // from graphics resolution 1024 x 600 ++ { 128, 40 }, // from graphics resolution 1024 x 768 ++ { 144, 45 }, // from graphics resolution 1152 x 864 ++ { 144, 45 }, // from graphics resolution 1152 x 870 ++ { 160, 37 }, // from graphics resolution 1280 x 720 ++ { 160, 40 }, // from graphics resolution 1280 x 760 ++ { 160, 40 }, // from graphics resolution 1280 x 768 ++ { 160, 42 }, // from graphics resolution 1280 x 800 ++ { 160, 50 }, // from graphics resolution 1280 x 960 ++ { 160, 53 }, // from graphics resolution 1280 x 1024 ++ { 170, 40 }, // from graphics resolution 1360 x 768 ++ { 170, 40 }, // from graphics resolution 1366 x 768 ++ { 175, 55 }, // from graphics resolution 1400 x 1050 ++ { 180, 47 }, // from graphics resolution 1440 x 900 ++ { 200, 47 }, // from graphics resolution 1600 x 900 ++ { 200, 63 }, // from graphics resolution 1600 x 1200 ++ { 210, 55 }, // from graphics resolution 1680 x 1050 ++ { 240, 56 }, // from graphics resolution 1920 x 1080 ++ { 240, 63 }, // from graphics resolution 1920 x 1200 ++ { 240, 75 }, // from graphics resolution 1920 x 1440 ++ { 250, 105 }, // from graphics resolution 2000 x 2000 ++ { 256, 80 }, // from graphics resolution 2048 x 1536 ++ { 256, 107 }, // from graphics resolution 2048 x 2048 ++ { 320, 75 }, // from graphics resolution 2560 x 1440 ++ { 320, 84 }, // from graphics resolution 2560 x 1600 ++ { 320, 107 }, // from graphics resolution 2560 x 2048 ++ { 350, 110 }, // from graphics resolution 2800 x 2100 ++ { 400, 126 }, // from graphics resolution 3200 x 2400 ++ { 480, 113 }, // from graphics resolution 3840 x 2160 ++ { 512, 113 }, // from graphics resolution 4096 x 2160 ++ { 960, 227 }, // from graphics resolution 7680 x 4320 ++ { 1024, 227 }, // from graphics resolution 8192 x 4320 + // + // New modes can be added here. + // +-- +1.8.3.1 + diff --git a/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch new file mode 100644 index 0000000..0581862 --- /dev/null +++ b/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -0,0 +1,135 @@ +From b7f6115b745de8cbc5214b6ede33c9a8558beb90 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 25 Feb 2014 22:40:01 +0100 +Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH + only) + +The + + CSI Ps ; Ps ; Ps t + +escape sequence serves for window manipulation. We can use the + + CSI 8 ; ; t + +sequence to adapt eg. the xterm window size to the selected console mode. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- refresh commit 519b9751573e against various context changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec" + context change from upstream commits e043f7895b83 ("MdeModulePkg: Add + PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2 + ("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03). + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Reference: +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444) +(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574) +--- + MdeModulePkg/MdeModulePkg.dec | 4 +++ + .../Universal/Console/TerminalDxe/TerminalConOut.c | 30 ++++++++++++++++++++++ + .../Universal/Console/TerminalDxe/TerminalDxe.inf | 2 ++ + 3 files changed, 36 insertions(+) + +diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec +index cc39718..384d901 100644 +--- a/MdeModulePkg/MdeModulePkg.dec ++++ b/MdeModulePkg/MdeModulePkg.dec +@@ -1914,6 +1914,10 @@ + # @Prompt The address mask when memory encryption is enabled. + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047 + ++ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal ++ # mode change. ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080 ++ + [PcdsPatchableInModule] + ## Specify memory size with page number for PEI code when + # Loading Module at Fixed Address feature is enabled. +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +index 5a83431..fbc1e0a 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +@@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + ++#include ++ + #include "Terminal.h" + + // +@@ -87,6 +89,16 @@ CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 }; + CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 }; + + // ++// Note that this is an ASCII format string, taking two INT32 arguments: ++// rows, columns. ++// ++// A %d (INT32) format specification can expand to at most 11 characters. ++// ++CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt"; ++#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2)) ++ ++ ++// + // Body of the ConOut functions + // + +@@ -508,6 +520,24 @@ TerminalConOutSetMode ( + return EFI_DEVICE_ERROR; + } + ++ if (PcdGetBool (PcdResizeXterm)) { ++ CHAR16 ResizeSequence[RESIZE_SEQ_SIZE]; ++ ++ UnicodeSPrintAsciiFormat ( ++ ResizeSequence, ++ sizeof ResizeSequence, ++ mResizeTextAreaFormatString, ++ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows, ++ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns ++ ); ++ TerminalDevice->OutputEscChar = TRUE; ++ Status = This->OutputString (This, ResizeSequence); ++ TerminalDevice->OutputEscChar = FALSE; ++ if (EFI_ERROR (Status)) { ++ return EFI_DEVICE_ERROR; ++ } ++ } ++ + This->Mode->Mode = (INT32) ModeNumber; + + Status = This->ClearScreen (This); +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +index 0780296..bd2ba82 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +@@ -60,6 +60,7 @@ + DebugLib + PcdLib + BaseLib ++ PrintLib + + [Guids] + ## SOMETIMES_PRODUCES ## Variable:L"ConInDev" +@@ -88,6 +89,7 @@ + [Pcd] + gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## CONSUMES + + # [Event] + # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout. +-- +1.8.3.1 + diff --git a/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch new file mode 100644 index 0000000..9ac7a57 --- /dev/null +++ b/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -0,0 +1,96 @@ +From 61914fb81cf624c9028d015533b400b2794e52d3 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 15:59:06 +0200 +Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only) + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- refresh downstream-only commit 8abc2a6ddad2 against context differences + in the DSC files from upstream commit 5e167d7e784c + ("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if + SMM_REQUIRE", 2017-03-12). + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721) +(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d) +(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038) +--- + OvmfPkg/OvmfPkgIa32.dsc | 1 + + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + + OvmfPkg/OvmfPkgX64.dsc | 1 + + OvmfPkg/PlatformPei/Platform.c | 1 + + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index a5bb2b0..b577767 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -530,6 +530,7 @@ + # ($(SMM_REQUIRE) == FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index be8fee9..a6a40be 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -536,6 +536,7 @@ + # ($(SMM_REQUIRE) == FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index e224b0e..8bd3754 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -535,6 +535,7 @@ + # ($(SMM_REQUIRE) == FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 +diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c +index 5a78668..544ac54 100644 +--- a/OvmfPkg/PlatformPei/Platform.c ++++ b/OvmfPkg/PlatformPei/Platform.c +@@ -670,6 +670,7 @@ InitializePlatform ( + PeiFvInitialization (); + MemMapInitialization (); + NoexecDxeInitialization (); ++ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); + } + + AmdSevInitialize (); +diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf +index 30ceb4b..016c067 100644 +--- a/OvmfPkg/PlatformPei/PlatformPei.inf ++++ b/OvmfPkg/PlatformPei/PlatformPei.inf +@@ -94,6 +94,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack +-- +1.8.3.1 + diff --git a/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch b/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch new file mode 100644 index 0000000..5d03215 --- /dev/null +++ b/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch @@ -0,0 +1,42 @@ +From f77f1e7dd6013f918c70e089c95b8f4166085fb9 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 12 Apr 2016 20:50:25 +0200 +Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only) + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 8e2153358aa2bba2c91faa87a70beadcaae03fd8) +(cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd) +(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03) +--- + ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +index eff4a21..adf1ff6 100644 +--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf ++++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +@@ -22,7 +22,7 @@ + FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 +- LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER ++ LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER UEFI_DRIVER + + CONSTRUCTOR = QemuFwCfgInitialize + +-- +1.8.3.1 + diff --git a/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch new file mode 100644 index 0000000..0685728 --- /dev/null +++ b/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -0,0 +1,203 @@ +From 8e92730c8e1cdb642b3b3e680e643ff774a90c65 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Sun, 26 Jul 2015 08:02:50 +0000 +Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only) + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such + setter functions for dynamic PCDs that don't return a status code (such + as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds -- + there's really no circumstance in this case when it could fail. + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- Refresh downstream-only commit d4564d39dfdb against context changes in + "ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870 + ("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable + override", 2017-03-29). + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262) +(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c) +--- + ArmVirtPkg/ArmVirtQemu.dsc | 7 +- + .../TerminalPcdProducerLib.c | 87 ++++++++++++++++++++++ + .../TerminalPcdProducerLib.inf | 41 ++++++++++ + 3 files changed, 134 insertions(+), 1 deletion(-) + create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c + create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 7331597..4bf94ce 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -208,6 +208,8 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE ++ + [PcdsDynamicHii] + gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS + +@@ -284,7 +286,10 @@ + MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf + MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf + MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf +- MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf ++ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf { ++ ++ NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf ++ } + MdeModulePkg/Universal/SerialDxe/SerialDxe.inf + + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c +new file mode 100644 +index 0000000..814ad48 +--- /dev/null ++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c +@@ -0,0 +1,87 @@ ++/** @file ++* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg ++* ++* Copyright (C) 2015-2016, Red Hat, Inc. ++* Copyright (c) 2014, Linaro Ltd. All rights reserved.
++* ++* This program and the accompanying materials are licensed and made available ++* under the terms and conditions of the BSD License which accompanies this ++* distribution. The full text of the license may be found at ++* http://opensource.org/licenses/bsd-license.php ++* ++* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++* IMPLIED. ++* ++**/ ++ ++#include ++#include ++#include ++ ++STATIC ++RETURN_STATUS ++GetNamedFwCfgBoolean ( ++ IN CONST CHAR8 *FwCfgFileName, ++ OUT BOOLEAN *Setting ++ ) ++{ ++ RETURN_STATUS Status; ++ FIRMWARE_CONFIG_ITEM FwCfgItem; ++ UINTN FwCfgSize; ++ UINT8 Value[3]; ++ ++ Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize); ++ if (RETURN_ERROR (Status)) { ++ return Status; ++ } ++ if (FwCfgSize > sizeof Value) { ++ return RETURN_BAD_BUFFER_SIZE; ++ } ++ QemuFwCfgSelectItem (FwCfgItem); ++ QemuFwCfgReadBytes (FwCfgSize, Value); ++ ++ if ((FwCfgSize == 1) || ++ (FwCfgSize == 2 && Value[1] == '\n') || ++ (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) { ++ switch (Value[0]) { ++ case '0': ++ case 'n': ++ case 'N': ++ *Setting = FALSE; ++ return RETURN_SUCCESS; ++ ++ case '1': ++ case 'y': ++ case 'Y': ++ *Setting = TRUE; ++ return RETURN_SUCCESS; ++ ++ default: ++ break; ++ } ++ } ++ return RETURN_PROTOCOL_ERROR; ++} ++ ++#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \ ++ do { \ ++ BOOLEAN Setting; \ ++ RETURN_STATUS PcdStatus; \ ++ \ ++ if (!RETURN_ERROR (GetNamedFwCfgBoolean ( \ ++ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \ ++ PcdStatus = PcdSetBoolS (TokenName, Setting); \ ++ ASSERT_RETURN_ERROR (PcdStatus); \ ++ } \ ++ } while (0) ++ ++RETURN_STATUS ++EFIAPI ++TerminalPcdProducerLibConstructor ( ++ VOID ++ ) ++{ ++ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); ++ return RETURN_SUCCESS; ++} +diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf +new file mode 100644 +index 0000000..fecb37b +--- /dev/null ++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf +@@ -0,0 +1,41 @@ ++## @file ++# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg ++# ++# Copyright (C) 2015-2016, Red Hat, Inc. ++# Copyright (c) 2014, Linaro Ltd. All rights reserved.
++# ++# This program and the accompanying materials are licensed and made available ++# under the terms and conditions of the BSD License which accompanies this ++# distribution. The full text of the license may be found at ++# http://opensource.org/licenses/bsd-license.php ++# ++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++# IMPLIED. ++# ++## ++ ++[Defines] ++ INF_VERSION = 0x00010005 ++ BASE_NAME = TerminalPcdProducerLib ++ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96 ++ MODULE_TYPE = BASE ++ VERSION_STRING = 1.0 ++ LIBRARY_CLASS = TerminalPcdProducerLib|DXE_DRIVER ++ CONSTRUCTOR = TerminalPcdProducerLibConstructor ++ ++[Sources] ++ TerminalPcdProducerLib.c ++ ++[Packages] ++ MdePkg/MdePkg.dec ++ OvmfPkg/OvmfPkg.dec ++ MdeModulePkg/MdeModulePkg.dec ++ ++[LibraryClasses] ++ DebugLib ++ PcdLib ++ QemuFwCfgLib ++ ++[Pcd] ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm +-- +1.8.3.1 + diff --git a/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch new file mode 100644 index 0000000..5e58340 --- /dev/null +++ b/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch @@ -0,0 +1,130 @@ +From f0303f71d576c51b01c4ff961b429d0e0e707245 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 4 Nov 2014 23:02:53 +0100 +Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH + only) + +Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com> +Patchwork-id: 62119 +O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell + from the firmware image (RH only) +Bugzilla: 1147592 +Acked-by: Andrew Jones +Acked-by: Gerd Hoffmann +Acked-by: Vitaly Kuznetsov + +When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell +binary from the firmware image. + +Peter Jones advised us that firmware vendors for physical systems disable +the memory-mapped, firmware image-contained UEFI shell in +SecureBoot-enabled builds. The reason being that the memory-mapped shell +can always load, it may have direct access to various hardware in the +system, and it can run UEFI shell scripts (which cannot be signed at all). + +Intended use of the new build option: + +- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant + firmware image will contain a shell binary, independently of SecureBoot + enablement, which is flexible for interactive development. (Ie. no + change for in-tree builds.) + +- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and + '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide: + + - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell, + + - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd, + + - UefiShell.iso: a bootable ISO image with the shell on it as default + boot loader. The shell binary will load when SecureBoot is turned off, + and won't load when SecureBoot is turned on (because it is not + signed). + + UefiShell.iso is the reason we're not excluding the shell from the DSC + files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD' + is specified, the shell binary needs to be built the same, only it + will be included in UefiShell.iso. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd) +(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933) +(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b) +--- + OvmfPkg/OvmfPkgIa32.fdf | 2 ++ + OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ + OvmfPkg/OvmfPkgX64.fdf | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf +index f552bc9..73007dd 100644 +--- a/OvmfPkg/OvmfPkgIa32.fdf ++++ b/OvmfPkg/OvmfPkgIa32.fdf +@@ -288,12 +288,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour + INF FatPkg/EnhancedFatDxe/Fat.inf + INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !ifndef $(USE_OLD_SHELL) + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/Application/Shell/Shell.inf + !else + INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !endif ++!endif + + !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf +index ee77ae1..116b3c6 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.fdf ++++ b/OvmfPkg/OvmfPkgIa32X64.fdf +@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour + INF FatPkg/EnhancedFatDxe/Fat.inf + INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !ifndef $(USE_OLD_SHELL) + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/Application/Shell/Shell.inf + !else + INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf + !endif ++!endif + + !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf +diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf +index 505d25d..84d5845 100644 +--- a/OvmfPkg/OvmfPkgX64.fdf ++++ b/OvmfPkg/OvmfPkgX64.fdf +@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour + INF FatPkg/EnhancedFatDxe/Fat.inf + INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !ifndef $(USE_OLD_SHELL) + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/Application/Shell/Shell.inf + !else + INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !endif ++!endif + + !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf +-- +1.8.3.1 + diff --git a/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch new file mode 100644 index 0000000..d1e406f --- /dev/null +++ b/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch @@ -0,0 +1,1345 @@ +From 98c91b36997e3afc4192449263182fbdcc771a1a Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 4 Nov 2014 23:02:55 +0100 +Subject: OvmfPkg: EnrollDefaultKeys: application for enrolling default keys + (RH only) + +Message-id: <1415138578-27173-16-git-send-email-lersek@redhat.com> +Patchwork-id: 62121 +O-Subject: [RHEL-7.1 ovmf PATCH v2 15/18] OvmfPkg: EnrollDefaultKeys: + application for enrolling default keys (RH only) +Bugzilla: 1148296 +1160400 +Acked-by: Andrew Jones +Acked-by: Vitaly Kuznetsov +Acked-by: Gerd Hoffmann + +This application is meant to be invoked by the management layer, after +booting the UEFI shell and getting a shell prompt on the serial console. +The app enrolls a number of certificates (see below), and then reports +status to the serial console as well. The expected output is "info: +success": + +> Shell> EnrollDefaultKeys.efi +> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 +> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 +> info: success +> Shell> + +In case of success, the management layer can force off or reboot the VM +(for example with the "reset -s" or "reset -c" UEFI shell commands, +respectively), and start the guest installation with SecureBoot enabled. + +PK: +- A unique, static, ad-hoc certificate whose private half has been + destroyed (more precisely, never saved) and is therefore unusable for + signing. (The command for creating this certificate is saved in the + source code.) Background: + +On 09/30/14 20:00, Peter Jones wrote: +> We should generate a special key that's not in our normal signing chains +> for PK and KEK. The reason for this is that [in practice] PK gets +> treated as part of DB (*). +> +> [Shipping a key in our normal signing chains] as PK means you can run +> grub directly, in which case it won't have access to the shim protocol. +> When grub is run without the shim protocol registered, it assumes SB is +> disabled and boots without verifying the kernel. We don't want that to +> be a thing you can do, but allowing that is the inevitable result of +> shipping with any of our normal signing chain in PK or KEK. +> +> (* USRT has actually agreed that since you can escalate to this behavior +> if you have the secret half of a key in KEK or PK anyway, and many +> vendors had already shipped it this way, that it is fine and I think +> even *expected* at this point, even though it wasn't formally in the +> UEFI 2.3.1 Spec that introduced Secure Boot. I'll try and make sure the +> language reflects that in an upcoming spec revision.) +> +> So let me get SRT to issue a special key to use for PK and KEK. We can +> use it just for those operations, and make sure it's protected with the +> same processes and controls as our other signing keys. + + Until SRT generates such a key for us, this ad-hoc key should be a good + placeholder. + +KEK: +- same ad-hoc certificate as used for the PK, +- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool + package is signed (indirectly, through a chain) with this; enrolling + such a KEK should allow guests to install those updates. + +DB: +- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows + Server 2012 R2, +- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI + oproms. + +*UPDATE* + +OvmfPkg: EnrollDefaultKeys: pick up official Red Hat PK/KEK (RHEL only) + +Replace the placeholder ExampleCert with a certificate generated and +managed by the Red Hat Security Response Team. + +> Certificate: +> Data: +> Version: 3 (0x2) +> Serial Number: 18371740789028339953 (0xfef588e8f396c0f1) +> Signature Algorithm: sha256WithRSAEncryption +> Issuer: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com +> Validity +> Not Before: Oct 31 11:15:37 2014 GMT +> Not After : Oct 25 11:15:37 2037 GMT +> Subject: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com +> Subject Public Key Info: +> Public Key Algorithm: rsaEncryption +> Public-Key: (2048 bit) +> Modulus: +> 00:90:1f:84:7b:8d:bc:eb:97:26:82:6d:88:ab:8a: +> c9:8c:68:70:f9:df:4b:07:b2:37:83:0b:02:c8:67: +> 68:30:9e:e3:f0:f0:99:4a:b8:59:57:c6:41:f6:38: +> 8b:fe:66:4c:49:e9:37:37:92:2e:98:01:1e:5b:14: +> 50:e6:a8:8d:25:0d:f5:86:e6:ab:30:cb:40:16:ea: +> 8d:8b:16:86:70:43:37:f2:ce:c0:91:df:71:14:8e: +> 99:0e:89:b6:4c:6d:24:1e:8c:e4:2f:4f:25:d0:ba: +> 06:f8:c6:e8:19:18:76:73:1d:81:6d:a8:d8:05:cf: +> 3a:c8:7b:28:c8:36:a3:16:0d:29:8c:99:9a:68:dc: +> ab:c0:4d:8d:bf:5a:bb:2b:a9:39:4b:04:97:1c:f9: +> 36:bb:c5:3a:86:04:ae:af:d4:82:7b:e0:ab:de:49: +> 05:68:fc:f6:ae:68:1a:6c:90:4d:57:19:3c:64:66: +> 03:f6:c7:52:9b:f7:94:cf:93:6a:a1:68:c9:aa:cf: +> 99:6b:bc:aa:5e:08:e7:39:1c:f7:f8:0f:ba:06:7e: +> f1:cb:e8:76:dd:fe:22:da:ad:3a:5e:5b:34:ea:b3: +> c9:e0:4d:04:29:7e:b8:60:b9:05:ef:b5:d9:17:58: +> 56:16:60:b9:30:32:f0:36:4a:c3:f2:79:8d:12:40: +> 70:f3 +> Exponent: 65537 (0x10001) +> X509v3 extensions: +> X509v3 Basic Constraints: +> CA:FALSE +> Netscape Comment: +> OpenSSL Generated Certificate +> X509v3 Subject Key Identifier: +> 3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC +> X509v3 Authority Key Identifier: +> keyid:3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC +> +> Signature Algorithm: sha256WithRSAEncryption +> 5c:4d:92:88:b4:82:5f:1d:ad:8b:11:ec:df:06:a6:7a:a5:2b: +> 9f:37:55:0c:8d:6e:05:00:ad:b7:0c:41:89:69:cf:d6:65:06: +> 9b:51:78:d2:ad:c7:bf:9c:dc:05:73:7f:e7:1e:39:13:b4:ea: +> b6:30:7d:40:75:ab:9c:43:0b:df:b0:c2:1b:bf:30:e0:f4:fe: +> c0:db:62:21:98:f6:c5:af:de:3b:4f:49:0a:e6:1e:f9:86:b0: +> 3f:0d:d6:d4:46:37:db:54:74:5e:ff:11:c2:60:c6:70:58:c5: +> 1c:6f:ec:b2:d8:6e:6f:c3:bc:33:87:38:a4:f3:44:64:9c:34: +> 3b:28:94:26:78:27:9f:16:17:e8:3b:69:0a:25:a9:73:36:7e: +> 9e:37:5c:ec:e8:3f:db:91:f9:12:b3:3d:ce:e7:dd:15:c3:ae: +> 8c:05:20:61:9b:95:de:9b:af:fa:b1:5c:1c:e5:97:e7:c3:34: +> 11:85:f5:8a:27:26:a4:70:36:ec:0c:f6:83:3d:90:f7:36:f3: +> f9:f3:15:d4:90:62:be:53:b4:af:d3:49:af:ef:f4:73:e8:7b: +> 76:e4:44:2a:37:ba:81:a4:99:0c:3a:31:24:71:a0:e4:e4:b7: +> 1a:cb:47:e4:aa:22:cf:ef:75:61:80:e3:43:b7:48:57:73:11: +> 3d:78:9b:69 +> -----BEGIN CERTIFICATE----- +> MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV +> BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG +> 9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx +> MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L +> RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB +> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw +> +d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31 +> huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B +> bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr +> 3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x +> y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID +> AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +> YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww +> HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD +> ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c +> 3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N +> 1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol +> qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw +> NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL +> R+SqIs/vdWGA40O3SFdzET14m2k= +> -----END CERTIFICATE----- + +Notes about the 9ece15a -> c9e5618 rebase: +- resolved conflicts in: + OvmfPkg/OvmfPkgIa32.dsc + OvmfPkg/OvmfPkgIa32X64.dsc + OvmfPkg/OvmfPkgX64.dsc + due to OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf having + disappeared in upstream (commit 57446bb9). + +Notes about the c9e5618 -> b9ffeab rebase: +- Guid/VariableFormat.h now lives under MdeModulePkg. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- This patch now squashes the following commits: + - 014f459c197b OvmfPkg: EnrollDefaultKeys: application for enrolling + default keys (RH only) + - 18422a18d0e9 OvmfPkg/EnrollDefaultKeys: assign Status before reading + it (RH only) + - ddb90568e874 OvmfPkg/EnrollDefaultKeys: silence VS2015x86 warning (RH + only) + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- This patch now squashes the following commits: + - c0b2615a9c0b OvmfPkg: EnrollDefaultKeys: application for enrolling + default keys (RH only) + - 22f4d33d0168 OvmfPkg/EnrollDefaultKeys: update SignatureOwner GUID for + Windows HCK (RH) + - ff7f2c1d870d OvmfPkg/EnrollDefaultKeys: expose CertType parameter of + EnrollListOfCerts (RH) + - aee7b5ba60b4 OvmfPkg/EnrollDefaultKeys: blacklist empty file in dbx + for Windows HCK (RH) + +- Consequently, OvmfPkg/EnrollDefaultKeys/ is identical to the same + directory at the "RHEL-7.4" tag (49d06d386736). + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Signed-off-by: Laszlo Ersek +(cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d) +(cherry picked from commit 92424de98ffaf1fa81e6346949b1d2b5f9a637ca) +--- + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++++++++ + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 ++ + OvmfPkg/OvmfPkgIa32.dsc | 4 + + OvmfPkg/OvmfPkgIa32X64.dsc | 4 + + OvmfPkg/OvmfPkgX64.dsc | 4 + + 5 files changed, 1079 insertions(+) + create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c + create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf + +diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +new file mode 100644 +index 0000000..dd413df +--- /dev/null ++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +@@ -0,0 +1,1015 @@ ++/** @file ++ Enroll default PK, KEK, DB. ++ ++ Copyright (C) 2014, Red Hat, Inc. ++ ++ This program and the accompanying materials are licensed and made available ++ under the terms and conditions of the BSD License which accompanies this ++ distribution. The full text of the license may be found at ++ http://opensource.org/licenses/bsd-license. ++ ++ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT ++ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++**/ ++#include // gEfiCustomModeEnableGuid ++#include // EFI_SETUP_MODE_NAME ++#include // EFI_IMAGE_SECURITY_DATABASE ++#include // CopyGuid() ++#include // ASSERT() ++#include // FreePool() ++#include // ShellAppMain() ++#include // AsciiPrint() ++#include // gRT ++ ++// ++// We'll use the certificate below as both Platform Key and as first Key ++// Exchange Key. ++// ++// "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com" ++// SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97 ++// ++STATIC CONST UINT8 RedHatPkKek1[] = { ++ 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d, ++ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, ++ 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, ++ 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, ++ 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, ++ 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, ++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, ++ 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, ++ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, ++ 0x33, 0x31, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x37, ++ 0x31, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x30, 0x51, ++ 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x52, 0x65, ++ 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, ++ 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, 0x4b, 0x20, ++ 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, ++ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63, ++ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x2e, ++ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, ++ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, ++ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x90, 0x1f, 0x84, ++ 0x7b, 0x8d, 0xbc, 0xeb, 0x97, 0x26, 0x82, 0x6d, 0x88, 0xab, 0x8a, 0xc9, 0x8c, ++ 0x68, 0x70, 0xf9, 0xdf, 0x4b, 0x07, 0xb2, 0x37, 0x83, 0x0b, 0x02, 0xc8, 0x67, ++ 0x68, 0x30, 0x9e, 0xe3, 0xf0, 0xf0, 0x99, 0x4a, 0xb8, 0x59, 0x57, 0xc6, 0x41, ++ 0xf6, 0x38, 0x8b, 0xfe, 0x66, 0x4c, 0x49, 0xe9, 0x37, 0x37, 0x92, 0x2e, 0x98, ++ 0x01, 0x1e, 0x5b, 0x14, 0x50, 0xe6, 0xa8, 0x8d, 0x25, 0x0d, 0xf5, 0x86, 0xe6, ++ 0xab, 0x30, 0xcb, 0x40, 0x16, 0xea, 0x8d, 0x8b, 0x16, 0x86, 0x70, 0x43, 0x37, ++ 0xf2, 0xce, 0xc0, 0x91, 0xdf, 0x71, 0x14, 0x8e, 0x99, 0x0e, 0x89, 0xb6, 0x4c, ++ 0x6d, 0x24, 0x1e, 0x8c, 0xe4, 0x2f, 0x4f, 0x25, 0xd0, 0xba, 0x06, 0xf8, 0xc6, ++ 0xe8, 0x19, 0x18, 0x76, 0x73, 0x1d, 0x81, 0x6d, 0xa8, 0xd8, 0x05, 0xcf, 0x3a, ++ 0xc8, 0x7b, 0x28, 0xc8, 0x36, 0xa3, 0x16, 0x0d, 0x29, 0x8c, 0x99, 0x9a, 0x68, ++ 0xdc, 0xab, 0xc0, 0x4d, 0x8d, 0xbf, 0x5a, 0xbb, 0x2b, 0xa9, 0x39, 0x4b, 0x04, ++ 0x97, 0x1c, 0xf9, 0x36, 0xbb, 0xc5, 0x3a, 0x86, 0x04, 0xae, 0xaf, 0xd4, 0x82, ++ 0x7b, 0xe0, 0xab, 0xde, 0x49, 0x05, 0x68, 0xfc, 0xf6, 0xae, 0x68, 0x1a, 0x6c, ++ 0x90, 0x4d, 0x57, 0x19, 0x3c, 0x64, 0x66, 0x03, 0xf6, 0xc7, 0x52, 0x9b, 0xf7, ++ 0x94, 0xcf, 0x93, 0x6a, 0xa1, 0x68, 0xc9, 0xaa, 0xcf, 0x99, 0x6b, 0xbc, 0xaa, ++ 0x5e, 0x08, 0xe7, 0x39, 0x1c, 0xf7, 0xf8, 0x0f, 0xba, 0x06, 0x7e, 0xf1, 0xcb, ++ 0xe8, 0x76, 0xdd, 0xfe, 0x22, 0xda, 0xad, 0x3a, 0x5e, 0x5b, 0x34, 0xea, 0xb3, ++ 0xc9, 0xe0, 0x4d, 0x04, 0x29, 0x7e, 0xb8, 0x60, 0xb9, 0x05, 0xef, 0xb5, 0xd9, ++ 0x17, 0x58, 0x56, 0x16, 0x60, 0xb9, 0x30, 0x32, 0xf0, 0x36, 0x4a, 0xc3, 0xf2, ++ 0x79, 0x8d, 0x12, 0x40, 0x70, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b, ++ 0x30, 0x79, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, ++ 0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d, ++ 0x04, 0x1f, 0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, ++ 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, ++ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, ++ 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, ++ 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, ++ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x3c, ++ 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, ++ 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, ++ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, ++ 0x5c, 0x4d, 0x92, 0x88, 0xb4, 0x82, 0x5f, 0x1d, 0xad, 0x8b, 0x11, 0xec, 0xdf, ++ 0x06, 0xa6, 0x7a, 0xa5, 0x2b, 0x9f, 0x37, 0x55, 0x0c, 0x8d, 0x6e, 0x05, 0x00, ++ 0xad, 0xb7, 0x0c, 0x41, 0x89, 0x69, 0xcf, 0xd6, 0x65, 0x06, 0x9b, 0x51, 0x78, ++ 0xd2, 0xad, 0xc7, 0xbf, 0x9c, 0xdc, 0x05, 0x73, 0x7f, 0xe7, 0x1e, 0x39, 0x13, ++ 0xb4, 0xea, 0xb6, 0x30, 0x7d, 0x40, 0x75, 0xab, 0x9c, 0x43, 0x0b, 0xdf, 0xb0, ++ 0xc2, 0x1b, 0xbf, 0x30, 0xe0, 0xf4, 0xfe, 0xc0, 0xdb, 0x62, 0x21, 0x98, 0xf6, ++ 0xc5, 0xaf, 0xde, 0x3b, 0x4f, 0x49, 0x0a, 0xe6, 0x1e, 0xf9, 0x86, 0xb0, 0x3f, ++ 0x0d, 0xd6, 0xd4, 0x46, 0x37, 0xdb, 0x54, 0x74, 0x5e, 0xff, 0x11, 0xc2, 0x60, ++ 0xc6, 0x70, 0x58, 0xc5, 0x1c, 0x6f, 0xec, 0xb2, 0xd8, 0x6e, 0x6f, 0xc3, 0xbc, ++ 0x33, 0x87, 0x38, 0xa4, 0xf3, 0x44, 0x64, 0x9c, 0x34, 0x3b, 0x28, 0x94, 0x26, ++ 0x78, 0x27, 0x9f, 0x16, 0x17, 0xe8, 0x3b, 0x69, 0x0a, 0x25, 0xa9, 0x73, 0x36, ++ 0x7e, 0x9e, 0x37, 0x5c, 0xec, 0xe8, 0x3f, 0xdb, 0x91, 0xf9, 0x12, 0xb3, 0x3d, ++ 0xce, 0xe7, 0xdd, 0x15, 0xc3, 0xae, 0x8c, 0x05, 0x20, 0x61, 0x9b, 0x95, 0xde, ++ 0x9b, 0xaf, 0xfa, 0xb1, 0x5c, 0x1c, 0xe5, 0x97, 0xe7, 0xc3, 0x34, 0x11, 0x85, ++ 0xf5, 0x8a, 0x27, 0x26, 0xa4, 0x70, 0x36, 0xec, 0x0c, 0xf6, 0x83, 0x3d, 0x90, ++ 0xf7, 0x36, 0xf3, 0xf9, 0xf3, 0x15, 0xd4, 0x90, 0x62, 0xbe, 0x53, 0xb4, 0xaf, ++ 0xd3, 0x49, 0xaf, 0xef, 0xf4, 0x73, 0xe8, 0x7b, 0x76, 0xe4, 0x44, 0x2a, 0x37, ++ 0xba, 0x81, 0xa4, 0x99, 0x0c, 0x3a, 0x31, 0x24, 0x71, 0xa0, 0xe4, 0xe4, 0xb7, ++ 0x1a, 0xcb, 0x47, 0xe4, 0xaa, 0x22, 0xcf, 0xef, 0x75, 0x61, 0x80, 0xe3, 0x43, ++ 0xb7, 0x48, 0x57, 0x73, 0x11, 0x3d, 0x78, 0x9b, 0x69 ++}; ++ ++// ++// Second KEK: "Microsoft Corporation KEK CA 2011". ++// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 ++// ++// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. ++// ++STATIC CONST UINT8 MicrosoftKEK[] = { ++ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, ++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, ++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, ++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, ++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, ++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, ++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, ++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, ++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, ++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, ++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, ++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, ++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, ++ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, ++ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, ++ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, ++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, ++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, ++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, ++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, ++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, ++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, ++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, ++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, ++ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, ++ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, ++ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, ++ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, ++ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, ++ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, ++ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, ++ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, ++ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, ++ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, ++ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, ++ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, ++ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, ++ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, ++ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, ++ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, ++ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, ++ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, ++ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, ++ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, ++ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, ++ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, ++ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, ++ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, ++ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, ++ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, ++ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, ++ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, ++ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, ++ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, ++ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, ++ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, ++ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, ++ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, ++ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, ++ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, ++ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, ++ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, ++ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, ++ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, ++ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, ++ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, ++ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, ++ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, ++ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, ++ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, ++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, ++ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, ++ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, ++ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, ++ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, ++ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, ++ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, ++ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, ++ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, ++ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, ++ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, ++ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, ++ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, ++ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, ++ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, ++ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, ++ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, ++ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, ++ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, ++ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, ++ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, ++ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, ++ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, ++ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, ++ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, ++ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, ++ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, ++ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, ++ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, ++ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, ++ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, ++ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, ++ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, ++ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, ++ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, ++ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, ++ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, ++ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, ++ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, ++ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, ++ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, ++ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, ++ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, ++ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, ++ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e ++}; ++ ++// ++// First DB entry: "Microsoft Windows Production PCA 2011" ++// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d ++// ++// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain ++// rooted in this certificate. ++// ++STATIC CONST UINT8 MicrosoftPCA[] = { ++ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, ++ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, ++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, ++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, ++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, ++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, ++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, ++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, ++ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, ++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, ++ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, ++ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, ++ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, ++ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, ++ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, ++ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, ++ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, ++ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, ++ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, ++ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, ++ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, ++ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, ++ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, ++ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, ++ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, ++ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, ++ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, ++ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, ++ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, ++ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, ++ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, ++ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, ++ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, ++ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, ++ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, ++ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, ++ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, ++ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, ++ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, ++ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, ++ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, ++ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, ++ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, ++ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, ++ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, ++ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, ++ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, ++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, ++ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, ++ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, ++ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, ++ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, ++ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, ++ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, ++ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, ++ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, ++ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, ++ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, ++ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, ++ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, ++ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, ++ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, ++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, ++ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, ++ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, ++ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, ++ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, ++ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, ++ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, ++ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, ++ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, ++ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, ++ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, ++ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, ++ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, ++ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, ++ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, ++ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, ++ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, ++ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, ++ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, ++ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, ++ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, ++ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, ++ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, ++ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, ++ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, ++ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, ++ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, ++ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, ++ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, ++ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, ++ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, ++ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, ++ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, ++ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, ++ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, ++ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, ++ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, ++ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, ++ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, ++ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, ++ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, ++ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, ++ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, ++ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, ++ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, ++ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, ++ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, ++ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, ++ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, ++ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, ++ 0x62, 0x1c, 0x59, 0x7e ++}; ++ ++// ++// Second DB entry: "Microsoft Corporation UEFI CA 2011" ++// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 ++// ++// To verify the "shim" binary and PCI expansion ROMs with. ++// ++STATIC CONST UINT8 MicrosoftUefiCA[] = { ++ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, ++ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, ++ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, ++ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, ++ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, ++ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, ++ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, ++ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, ++ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, ++ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, ++ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, ++ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, ++ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, ++ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, ++ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, ++ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, ++ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, ++ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, ++ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, ++ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, ++ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, ++ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, ++ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, ++ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, ++ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, ++ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, ++ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, ++ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, ++ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, ++ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, ++ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, ++ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, ++ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, ++ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, ++ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, ++ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, ++ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, ++ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, ++ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, ++ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, ++ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, ++ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, ++ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, ++ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, ++ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, ++ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, ++ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, ++ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, ++ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, ++ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, ++ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, ++ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, ++ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, ++ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, ++ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, ++ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, ++ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, ++ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, ++ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, ++ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, ++ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, ++ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, ++ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, ++ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, ++ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, ++ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, ++ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, ++ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, ++ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, ++ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, ++ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, ++ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, ++ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, ++ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, ++ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, ++ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, ++ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, ++ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, ++ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, ++ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, ++ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, ++ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, ++ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, ++ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, ++ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, ++ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, ++ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, ++ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, ++ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, ++ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, ++ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, ++ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, ++ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, ++ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, ++ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, ++ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, ++ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, ++ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, ++ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, ++ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, ++ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, ++ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, ++ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, ++ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, ++ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, ++ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, ++ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, ++ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, ++ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, ++ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, ++ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, ++ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, ++ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, ++ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, ++ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, ++ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, ++ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, ++ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, ++ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, ++ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 ++}; ++ ++// ++// The Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmDBXisPresent test case ++// of the Secure Boot Logo Test in the Microsoft Hardware Certification Kit ++// expects that the "dbx" variable exist. ++// ++// The article at ++// writes (excerpt): ++// ++// Windows 8.1 Secure Boot Key Creation and Management Guidance ++// 1. Secure Boot, Windows 8.1 and Key Management ++// 1.4 Signature Databases (Db and Dbx) ++// 1.4.3 Forbidden Signature Database (dbx) ++// ++// The contents of EFI_IMAGE_SIGNATURE_DATABASE1 dbx must be checked when ++// verifying images before checking db and any matches must prevent the ++// image from executing. The database may contain multiple certificates, ++// keys, and hashes in order to identify forbidden images. The Windows ++// Hardware Certification Requirements state that a dbx must be present, so ++// any dummy value, such as the SHA-256 hash of 0, may be used as a safe ++// placeholder until such time as Microsoft begins delivering dbx updates. ++// ++// The byte array below captures the SHA256 checksum of the empty file, ++// blacklisting it for loading & execution. This qualifies as a dummy, since ++// the empty file is not a valid UEFI binary anyway. ++// ++// Technically speaking, we could also capture an official (although soon to be ++// obsolete) dbx update from . However, ++// the terms and conditions on distributing that binary aren't exactly light ++// reading, so let's best steer clear of it, and follow the "dummy entry" ++// practice recommended -- in natural English langauge -- in the ++// above-referenced TechNet article. ++// ++STATIC CONST UINT8 mSha256OfDevNull[] = { ++ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, ++ 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, ++ 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 ++}; ++ ++// ++// The following test cases of the Secure Boot Logo Test in the Microsoft ++// Hardware Certification Kit: ++// ++// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent ++// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB ++// ++// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be ++// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the ++// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509 ++// certificates: ++// ++// - "Microsoft Corporation KEK CA 2011" (in KEK) ++// - "Microsoft Windows Production PCA 2011" (in db) ++// - "Microsoft Corporation UEFI CA 2011" (in db) ++// ++// This is despite the fact that the UEFI specification requires ++// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS, ++// application or driver) that enrolled and therefore owns ++// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued ++// EFI_SIGNATURE_DATA.SignatureData. ++// ++STATIC CONST EFI_GUID mMicrosoftOwnerGuid = { ++ 0x77fa9abd, 0x0359, 0x4d32, ++ { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, ++}; ++ ++// ++// The most important thing about the variable payload is that it is a list of ++// lists, where the element size of any given *inner* list is constant. ++// ++// Since X509 certificates vary in size, each of our *inner* lists will contain ++// one element only (one X.509 certificate). This is explicitly mentioned in ++// the UEFI specification, in "28.4.1 Signature Database", in a Note. ++// ++// The list structure looks as follows: ++// ++// struct EFI_VARIABLE_AUTHENTICATION_2 { | ++// struct EFI_TIME { | ++// UINT16 Year; | ++// UINT8 Month; | ++// UINT8 Day; | ++// UINT8 Hour; | ++// UINT8 Minute; | ++// UINT8 Second; | ++// UINT8 Pad1; | ++// UINT32 Nanosecond; | ++// INT16 TimeZone; | ++// UINT8 Daylight; | ++// UINT8 Pad2; | ++// } TimeStamp; | ++// | ++// struct WIN_CERTIFICATE_UEFI_GUID { | | ++// struct WIN_CERTIFICATE { | | ++// UINT32 dwLength; ----------------------------------------+ | ++// UINT16 wRevision; | | ++// UINT16 wCertificateType; | | ++// } Hdr; | +- DataSize ++// | | ++// EFI_GUID CertType; | | ++// UINT8 CertData[1] = { <--- "struct hack" | | ++// struct EFI_SIGNATURE_LIST { | | | ++// EFI_GUID SignatureType; | | | ++// UINT32 SignatureListSize; -------------------------+ | | ++// UINT32 SignatureHeaderSize; | | | ++// UINT32 SignatureSize; ---------------------------+ | | | ++// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | ++// v | | | ++// struct EFI_SIGNATURE_DATA { | | | | ++// EFI_GUID SignatureOwner; | | | | ++// UINT8 SignatureData[1] = { <--- "struct hack" | | | | ++// X.509 payload | | | | ++// } | | | | ++// } Signatures[]; | | | ++// } SigLists[]; | | ++// }; | | ++// } AuthInfo; | | ++// }; | ++// ++// Given that the "struct hack" invokes undefined behavior (which is why C99 ++// introduced the flexible array member), and because subtracting those pesky ++// sizes of 1 is annoying, and because the format is fully specified in the ++// UEFI specification, we'll introduce two matching convenience structures that ++// are customized for our X.509 purposes. ++// ++#pragma pack(1) ++typedef struct { ++ EFI_TIME TimeStamp; ++ ++ // ++ // dwLength covers data below ++ // ++ UINT32 dwLength; ++ UINT16 wRevision; ++ UINT16 wCertificateType; ++ EFI_GUID CertType; ++} SINGLE_HEADER; ++ ++typedef struct { ++ // ++ // SignatureListSize covers data below ++ // ++ EFI_GUID SignatureType; ++ UINT32 SignatureListSize; ++ UINT32 SignatureHeaderSize; // constant 0 ++ UINT32 SignatureSize; ++ ++ // ++ // SignatureSize covers data below ++ // ++ EFI_GUID SignatureOwner; ++ ++ // ++ // X.509 certificate follows ++ // ++} REPEATING_HEADER; ++#pragma pack() ++ ++/** ++ Enroll a set of certificates in a global variable, overwriting it. ++ ++ The variable will be rewritten with NV+BS+RT+AT attributes. ++ ++ @param[in] VariableName The name of the variable to overwrite. ++ ++ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to ++ overwrite. ++ ++ @param[in] CertType The GUID determining the type of all the ++ certificates in the set that is passed in. For ++ example, gEfiCertX509Guid stands for DER-encoded ++ X.509 certificates, while gEfiCertSha256Guid stands ++ for SHA256 image hashes. ++ ++ @param[in] ... A list of ++ ++ IN CONST UINT8 *Cert, ++ IN UINTN CertSize, ++ IN CONST EFI_GUID *OwnerGuid ++ ++ triplets. If the first component of a triplet is ++ NULL, then the other two components are not ++ accessed, and processing is terminated. The list of ++ certificates is enrolled in the variable specified, ++ overwriting it. The OwnerGuid component identifies ++ the agent installing the certificate. ++ ++ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert ++ value is NULL), or one of the CertSize values ++ is 0, or one of the CertSize values would ++ overflow the accumulated UINT32 data size. ++ ++ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable ++ payload. ++ ++ @retval EFI_SUCCESS Enrollment successful; the variable has been ++ overwritten (or created). ++ ++ @return Error codes from gRT->GetTime() and ++ gRT->SetVariable(). ++**/ ++STATIC ++EFI_STATUS ++EFIAPI ++EnrollListOfCerts ( ++ IN CHAR16 *VariableName, ++ IN EFI_GUID *VendorGuid, ++ IN EFI_GUID *CertType, ++ ... ++ ) ++{ ++ UINTN DataSize; ++ SINGLE_HEADER *SingleHeader; ++ REPEATING_HEADER *RepeatingHeader; ++ VA_LIST Marker; ++ CONST UINT8 *Cert; ++ EFI_STATUS Status; ++ UINT8 *Data; ++ UINT8 *Position; ++ ++ Status = EFI_SUCCESS; ++ ++ // ++ // compute total size first, for UINT32 range check, and allocation ++ // ++ DataSize = sizeof *SingleHeader; ++ VA_START (Marker, CertType); ++ for (Cert = VA_ARG (Marker, CONST UINT8 *); ++ Cert != NULL; ++ Cert = VA_ARG (Marker, CONST UINT8 *)) { ++ UINTN CertSize; ++ ++ CertSize = VA_ARG (Marker, UINTN); ++ (VOID)VA_ARG (Marker, CONST EFI_GUID *); ++ ++ if (CertSize == 0 || ++ CertSize > MAX_UINT32 - sizeof *RepeatingHeader || ++ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { ++ Status = EFI_INVALID_PARAMETER; ++ break; ++ } ++ DataSize += sizeof *RepeatingHeader + CertSize; ++ } ++ VA_END (Marker); ++ ++ if (DataSize == sizeof *SingleHeader) { ++ Status = EFI_INVALID_PARAMETER; ++ } ++ if (EFI_ERROR (Status)) { ++ goto Out; ++ } ++ ++ Data = AllocatePool (DataSize); ++ if (Data == NULL) { ++ Status = EFI_OUT_OF_RESOURCES; ++ goto Out; ++ } ++ ++ Position = Data; ++ ++ SingleHeader = (SINGLE_HEADER *)Position; ++ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); ++ if (EFI_ERROR (Status)) { ++ goto FreeData; ++ } ++ SingleHeader->TimeStamp.Pad1 = 0; ++ SingleHeader->TimeStamp.Nanosecond = 0; ++ SingleHeader->TimeStamp.TimeZone = 0; ++ SingleHeader->TimeStamp.Daylight = 0; ++ SingleHeader->TimeStamp.Pad2 = 0; ++#if 0 ++ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; ++#else ++ // ++ // This looks like a bug in edk2. According to the UEFI specification, ++ // dwLength is "The length of the entire certificate, including the length of ++ // the header, in bytes". That shouldn't stop right after CertType -- it ++ // should include everything below it. ++ // ++ SingleHeader->dwLength = sizeof *SingleHeader ++ - sizeof SingleHeader->TimeStamp; ++#endif ++ SingleHeader->wRevision = 0x0200; ++ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; ++ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); ++ Position += sizeof *SingleHeader; ++ ++ VA_START (Marker, CertType); ++ for (Cert = VA_ARG (Marker, CONST UINT8 *); ++ Cert != NULL; ++ Cert = VA_ARG (Marker, CONST UINT8 *)) { ++ UINTN CertSize; ++ CONST EFI_GUID *OwnerGuid; ++ ++ CertSize = VA_ARG (Marker, UINTN); ++ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); ++ ++ RepeatingHeader = (REPEATING_HEADER *)Position; ++ CopyGuid (&RepeatingHeader->SignatureType, CertType); ++ RepeatingHeader->SignatureListSize = ++ (UINT32)(sizeof *RepeatingHeader + CertSize); ++ RepeatingHeader->SignatureHeaderSize = 0; ++ RepeatingHeader->SignatureSize = ++ (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize); ++ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); ++ Position += sizeof *RepeatingHeader; ++ ++ CopyMem (Position, Cert, CertSize); ++ Position += CertSize; ++ } ++ VA_END (Marker); ++ ++ ASSERT (Data + DataSize == Position); ++ ++ Status = gRT->SetVariable (VariableName, VendorGuid, ++ (EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ EFI_VARIABLE_RUNTIME_ACCESS | ++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), ++ DataSize, Data); ++ ++FreeData: ++ FreePool (Data); ++ ++Out: ++ if (EFI_ERROR (Status)) { ++ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, ++ VendorGuid, Status); ++ } ++ return Status; ++} ++ ++ ++STATIC ++EFI_STATUS ++EFIAPI ++GetExact ( ++ IN CHAR16 *VariableName, ++ IN EFI_GUID *VendorGuid, ++ OUT VOID *Data, ++ IN UINTN DataSize, ++ IN BOOLEAN AllowMissing ++ ) ++{ ++ UINTN Size; ++ EFI_STATUS Status; ++ ++ Size = DataSize; ++ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); ++ if (EFI_ERROR (Status)) { ++ if (Status == EFI_NOT_FOUND && AllowMissing) { ++ ZeroMem (Data, DataSize); ++ return EFI_SUCCESS; ++ } ++ ++ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, ++ VendorGuid, Status); ++ return Status; ++ } ++ ++ if (Size != DataSize) { ++ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " ++ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); ++ return EFI_PROTOCOL_ERROR; ++ } ++ ++ return EFI_SUCCESS; ++} ++ ++typedef struct { ++ UINT8 SetupMode; ++ UINT8 SecureBoot; ++ UINT8 SecureBootEnable; ++ UINT8 CustomMode; ++ UINT8 VendorKeys; ++} SETTINGS; ++ ++STATIC ++EFI_STATUS ++EFIAPI ++GetSettings ( ++ OUT SETTINGS *Settings ++ ) ++{ ++ EFI_STATUS Status; ++ ++ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, ++ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, ++ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, ++ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, ++ sizeof Settings->SecureBootEnable, TRUE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, ++ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, ++ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); ++ return Status; ++} ++ ++STATIC ++VOID ++EFIAPI ++PrintSettings ( ++ IN CONST SETTINGS *Settings ++ ) ++{ ++ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " ++ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, ++ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); ++} ++ ++ ++INTN ++EFIAPI ++ShellAppMain ( ++ IN UINTN Argc, ++ IN CHAR16 **Argv ++ ) ++{ ++ EFI_STATUS Status; ++ SETTINGS Settings; ++ ++ Status = GetSettings (&Settings); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ PrintSettings (&Settings); ++ ++ if (Settings.SetupMode != 1) { ++ AsciiPrint ("error: already in User Mode\n"); ++ return 1; ++ } ++ ++ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { ++ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; ++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, ++ (EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS), ++ sizeof Settings.CustomMode, &Settings.CustomMode); ++ if (EFI_ERROR (Status)) { ++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, ++ &gEfiCustomModeEnableGuid, Status); ++ return 1; ++ } ++ } ++ ++ Status = EnrollListOfCerts ( ++ EFI_IMAGE_SECURITY_DATABASE, ++ &gEfiImageSecurityDatabaseGuid, ++ &gEfiCertX509Guid, ++ MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid, ++ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid, ++ NULL); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ ++ Status = EnrollListOfCerts ( ++ EFI_IMAGE_SECURITY_DATABASE1, ++ &gEfiImageSecurityDatabaseGuid, ++ &gEfiCertSha256Guid, ++ mSha256OfDevNull, sizeof mSha256OfDevNull, &gEfiCallerIdGuid, ++ NULL); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ ++ Status = EnrollListOfCerts ( ++ EFI_KEY_EXCHANGE_KEY_NAME, ++ &gEfiGlobalVariableGuid, ++ &gEfiCertX509Guid, ++ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid, ++ MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid, ++ NULL); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ ++ Status = EnrollListOfCerts ( ++ EFI_PLATFORM_KEY_NAME, ++ &gEfiGlobalVariableGuid, ++ &gEfiCertX509Guid, ++ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid, ++ NULL); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ ++ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; ++ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, ++ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ sizeof Settings.CustomMode, &Settings.CustomMode); ++ if (EFI_ERROR (Status)) { ++ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, ++ &gEfiCustomModeEnableGuid, Status); ++ return 1; ++ } ++ ++ Status = GetSettings (&Settings); ++ if (EFI_ERROR (Status)) { ++ return 1; ++ } ++ PrintSettings (&Settings); ++ ++ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || ++ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || ++ Settings.VendorKeys != 0) { ++ AsciiPrint ("error: unexpected\n"); ++ return 1; ++ } ++ ++ AsciiPrint ("info: success\n"); ++ return 0; ++} +diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf +new file mode 100644 +index 0000000..0ad86a2 +--- /dev/null ++++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf +@@ -0,0 +1,52 @@ ++## @file ++# Enroll default PK, KEK, DB. ++# ++# Copyright (C) 2014, Red Hat, Inc. ++# ++# This program and the accompanying materials are licensed and made available ++# under the terms and conditions of the BSD License which accompanies this ++# distribution. The full text of the license may be found at ++# http://opensource.org/licenses/bsd-license. ++# ++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++# IMPLIED. ++## ++ ++[Defines] ++ INF_VERSION = 0x00010006 ++ BASE_NAME = EnrollDefaultKeys ++ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A ++ MODULE_TYPE = UEFI_APPLICATION ++ VERSION_STRING = 0.1 ++ ENTRY_POINT = ShellCEntryLib ++ ++# ++# VALID_ARCHITECTURES = IA32 X64 ++# ++ ++[Sources] ++ EnrollDefaultKeys.c ++ ++[Packages] ++ MdePkg/MdePkg.dec ++ MdeModulePkg/MdeModulePkg.dec ++ SecurityPkg/SecurityPkg.dec ++ ShellPkg/ShellPkg.dec ++ ++[Guids] ++ gEfiCertPkcs7Guid ++ gEfiCertSha256Guid ++ gEfiCertX509Guid ++ gEfiCustomModeEnableGuid ++ gEfiGlobalVariableGuid ++ gEfiImageSecurityDatabaseGuid ++ gEfiSecureBootEnableDisableGuid ++ ++[LibraryClasses] ++ BaseMemoryLib ++ DebugLib ++ MemoryAllocationLib ++ ShellCEntryLib ++ UefiLib ++ UefiRuntimeServicesTableLib +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index b577767..4d268c9 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -865,6 +865,10 @@ + + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf ++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { ++ ++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ++ } + !endif + + OvmfPkg/PlatformDxe/Platform.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index a6a40be..6836622 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -874,6 +874,10 @@ + + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf ++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { ++ ++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ++ } + !endif + + OvmfPkg/PlatformDxe/Platform.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 8bd3754..0b3008f 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -872,6 +872,10 @@ + + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf ++ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { ++ ++ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf ++ } + !endif + + OvmfPkg/PlatformDxe/Platform.inf +-- +1.8.3.1 + diff --git a/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch new file mode 100644 index 0000000..8d44730 --- /dev/null +++ b/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch @@ -0,0 +1,61 @@ +From ef77da632559e9baa1c69869e4cbea377068ef27 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 13:49:43 +0200 +Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only) + +Drew has proposed that ARM|AARCH64 platform firmware (especially virtual +machine firmware) print a reasonably early, simple hello message to the +serial port, regardless of debug mask settings. This should inform +interactive users, and provide some rough help in localizing boot +problems, even with restrictive debug masks. + +If a platform doesn't want this feature, it should stick with the default +empty string. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Suggested-by: Drew Jones +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30) +(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750) +(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16) +--- + ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec +index dff4598..3c5c6c7 100644 +--- a/ArmPlatformPkg/ArmPlatformPkg.dec ++++ b/ArmPlatformPkg/ArmPlatformPkg.dec +@@ -112,6 +112,13 @@ + ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers + gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045 + ++ # ++ # Early hello message (ASCII string), printed to the serial port. ++ # If set to the empty string, nothing is printed. ++ # Otherwise, a trailing CRLF should be specified explicitly. ++ # ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100 ++ + [PcdsFixedAtBuild.common,PcdsDynamic.common] + ## PL031 RealTimeClock + gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024 +-- +1.8.3.1 + diff --git a/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch new file mode 100644 index 0000000..22ee806 --- /dev/null +++ b/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch @@ -0,0 +1,113 @@ +From 638594083b191f84f5d9333eb6147a31570f5a5a Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 13:59:20 +0200 +Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial + port (RH) + +The FixedPcdGetSize() macro expands to an integer constant, therefore an +optimizing compiler can eliminate the new code, if the platform DSC +doesn't override the empty string (size=1) default of +PcdEarlyHelloMessage. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed + temporary stack before entering PEI core", 2017-11-09) -- conflict + resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf" + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e) +(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac) +(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd) +--- + ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++ + ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++ + ArmPlatformPkg/PrePeiCore/PrePeiCore.h | 1 + + ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf | 2 ++ + ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++ + 5 files changed, 15 insertions(+) + +diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c +index dc47adb..cbd7223 100644 +--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c ++++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c +@@ -117,6 +117,11 @@ PrimaryMain ( + UINTN TemporaryRamBase; + UINTN TemporaryRamSize; + ++ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { ++ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), ++ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); ++ } ++ + CreatePpiList (&PpiListSize, &PpiList); + + // Enable the GIC Distributor +diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c +index 134a469..af39fc0 100644 +--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c ++++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c +@@ -35,6 +35,11 @@ PrimaryMain ( + UINTN TemporaryRamBase; + UINTN TemporaryRamSize; + ++ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { ++ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), ++ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); ++ } ++ + CreatePpiList (&PpiListSize, &PpiList); + + // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +index 1608946..bf843d7 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + + #include + #include +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf +index e3a31fa..1bc0c45 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf +@@ -72,6 +72,8 @@ + gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize + ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage ++ + gArmTokenSpaceGuid.PcdGicDistributorBase + gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase + gArmTokenSpaceGuid.PcdGicSgiIntId +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf +index ec83cec..b100820 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf +@@ -70,4 +70,6 @@ + gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize + ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage ++ + gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack +-- +1.8.3.1 + diff --git a/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch new file mode 100644 index 0000000..0db0032 --- /dev/null +++ b/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch @@ -0,0 +1,47 @@ +From c201a8e6ae28d75f7ba581828b533c3b26fa7f18 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 14:07:17 +0200 +Subject: ArmVirtPkg: set early hello message (RH only) + +Print a friendly banner on QEMU, regardless of debug mask settings. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925) +(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a) +(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c) +--- + ArmVirtPkg/ArmVirtQemu.dsc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 4bf94ce..035b729 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -89,6 +89,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE + + [PcdsFixedAtBuild.common] ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n" + gArmPlatformTokenSpaceGuid.PcdCoreCount|1 + !if $(ARCH) == AARCH64 + gArmTokenSpaceGuid.PcdVFPEnabled|1 +-- +1.8.3.1 + diff --git a/SOURCES/0017-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0017-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch new file mode 100644 index 0000000..1443a0b --- /dev/null +++ b/SOURCES/0017-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -0,0 +1,74 @@ +From a0617a6be1a80966099ddceb010f89202a79ee76 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:45 +0100 +Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only) + +Message-id: <20171120235748.29669-5-pbonzini@redhat.com> +Patchwork-id: 77760 +O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed +debug messages, and code in OvmfPkg logs many messages on the +DEBUG_VERBOSE level. + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117) +(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9) +--- + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 4d268c9..57bf021 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -481,7 +481,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 6836622..0e87c8f 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -486,7 +486,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 0b3008f..38ba204 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -486,7 +486,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +-- +1.8.3.1 + diff --git a/SOURCES/0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch new file mode 100644 index 0000000..2008bb9 --- /dev/null +++ b/SOURCES/0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch @@ -0,0 +1,93 @@ +From 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:46 +0100 +Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in QemuVideoDxe (RH only) + +Message-id: <20171120235748.29669-6-pbonzini@redhat.com> +Patchwork-id: 77761 +O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in + QemuVideoDxe (RH only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses +MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to +FrameBufferBltLib. + +The FrameBufferBltLib instance added in commit b1ca386074bd +("MdeModulePkg: Add FrameBufferBltLib library instance") logs many +messages on the VERBOSE level; for example, a normal boot with OVMF can +produce 500+ "VideoFill" messages, dependent on the progress bar, when the +VERBOSE bit is set in PcdDebugPrintErrorLevel. + +QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose +none of its messages this way. + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52) +(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3) +--- + OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- + OvmfPkg/OvmfPkgX64.dsc | 5 ++++- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 57bf021..2b2e874 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -744,7 +744,10 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 0e87c8f..892cc5e 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -753,7 +753,10 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 38ba204..e7cb582 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -751,7 +751,10 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +-- +1.8.3.1 + diff --git a/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch new file mode 100644 index 0000000..a203747 --- /dev/null +++ b/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -0,0 +1,84 @@ +From bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:47 +0100 +Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH + only) + +Message-id: <20171120235748.29669-7-pbonzini@redhat.com> +Patchwork-id: 77759 +O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in + NvmExpressDxe (RH only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE +level. + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f) +(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4) +--- + OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- + OvmfPkg/OvmfPkgX64.dsc | 5 ++++- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 2b2e874..f6d7833 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -738,7 +738,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 892cc5e..d6e628b 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -747,7 +747,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index e7cb582..a9fe89c 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -745,7 +745,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +-- +1.8.3.1 + diff --git a/SOURCES/LICENSE.qosb b/SOURCES/LICENSE.qosb new file mode 100644 index 0000000..9849381 --- /dev/null +++ b/SOURCES/LICENSE.qosb @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 Patrick Uiterwijk + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/SOURCES/ovmf-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch b/SOURCES/ovmf-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch new file mode 100644 index 0000000..5797dcf --- /dev/null +++ b/SOURCES/ovmf-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch @@ -0,0 +1,208 @@ +From 1d33f4bb28e1aa2c4d62979596140c22677a2e9f Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 18 May 2018 21:40:23 +0200 +Subject: [PATCH 4/5] ArmVirtPkg/PlatformBootManagerLib: connect Virtio RNG + devices again + +Message-id: <20180518194024.30614-2-lersek@redhat.com> +Patchwork-id: 80426 +O-Subject: [RHEL-7.6 ovmf PATCH 1/2] ArmVirtPkg/PlatformBootManagerLib: connect + Virtio RNG devices again +Bugzilla: 1579518 +Acked-by: Thomas Huth +Acked-by: Stefan Hajnoczi + +Virtio RNG devices are never boot devices, so in commit ff1d0fbfbaec we +stopped connecting them. This is a problem because an OS boot loader may +depend on EFI_RNG_PROTOCOL to seed the OS's RNG. + +Connect Virtio RNG devices again. And, while commit ff1d0fbfbaec removed +that from PlatformBootManagerAfterConsole(), reintroduce it now to +PlatformBootManagerBeforeConsole() -- this way Driver#### options launched +between both functions may access EFI_RNG_PROTOCOL too. + +Cc: Ard Biesheuvel +Fixes: ff1d0fbfbaec55038ccf888759588fa4e21516f4 +Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1579518 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek +Reviewed-by: Ard Biesheuvel +(cherry picked from commit c4add6b6e971e0bb3f276ed3636a083e782e96cc) +--- + .../Library/PlatformBootManagerLib/PlatformBm.c | 129 +++++++++++++++++++++ + .../PlatformBootManagerLib.inf | 1 + + 2 files changed, 130 insertions(+) + +diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c +index 5d5e51d..62cce6a 100644 +--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c ++++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c +@@ -16,6 +16,7 @@ + **/ + + #include ++#include + #include + #include + #include +@@ -27,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -261,6 +263,121 @@ IsPciDisplay ( + + + /** ++ This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at ++ the VIRTIO_DEVICE_PROTOCOL level. ++**/ ++STATIC ++BOOLEAN ++EFIAPI ++IsVirtioRng ( ++ IN EFI_HANDLE Handle, ++ IN CONST CHAR16 *ReportText ++ ) ++{ ++ EFI_STATUS Status; ++ VIRTIO_DEVICE_PROTOCOL *VirtIo; ++ ++ Status = gBS->HandleProtocol (Handle, &gVirtioDeviceProtocolGuid, ++ (VOID**)&VirtIo); ++ if (EFI_ERROR (Status)) { ++ return FALSE; ++ } ++ return (BOOLEAN)(VirtIo->SubSystemDeviceId == ++ VIRTIO_SUBSYSTEM_ENTROPY_SOURCE); ++} ++ ++ ++/** ++ This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at ++ the EFI_PCI_IO_PROTOCOL level. ++**/ ++STATIC ++BOOLEAN ++EFIAPI ++IsVirtioPciRng ( ++ IN EFI_HANDLE Handle, ++ IN CONST CHAR16 *ReportText ++ ) ++{ ++ EFI_STATUS Status; ++ EFI_PCI_IO_PROTOCOL *PciIo; ++ UINT16 VendorId; ++ UINT16 DeviceId; ++ UINT8 RevisionId; ++ BOOLEAN Virtio10; ++ UINT16 SubsystemId; ++ ++ Status = gBS->HandleProtocol (Handle, &gEfiPciIoProtocolGuid, ++ (VOID**)&PciIo); ++ if (EFI_ERROR (Status)) { ++ return FALSE; ++ } ++ ++ // ++ // Read and check VendorId. ++ // ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, ++ 1, &VendorId); ++ if (EFI_ERROR (Status)) { ++ goto PciError; ++ } ++ if (VendorId != VIRTIO_VENDOR_ID) { ++ return FALSE; ++ } ++ ++ // ++ // Read DeviceId and RevisionId. ++ // ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, ++ 1, &DeviceId); ++ if (EFI_ERROR (Status)) { ++ goto PciError; ++ } ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, PCI_REVISION_ID_OFFSET, ++ 1, &RevisionId); ++ if (EFI_ERROR (Status)) { ++ goto PciError; ++ } ++ ++ // ++ // From DeviceId and RevisionId, determine whether the device is a ++ // modern-only Virtio 1.0 device. In case of Virtio 1.0, DeviceId can ++ // immediately be restricted to VIRTIO_SUBSYSTEM_ENTROPY_SOURCE, and ++ // SubsystemId will only play a sanity-check role. Otherwise, DeviceId can ++ // only be sanity-checked, and SubsystemId will decide. ++ // ++ if (DeviceId == 0x1040 + VIRTIO_SUBSYSTEM_ENTROPY_SOURCE && ++ RevisionId >= 0x01) { ++ Virtio10 = TRUE; ++ } else if (DeviceId >= 0x1000 && DeviceId <= 0x103F && RevisionId == 0x00) { ++ Virtio10 = FALSE; ++ } else { ++ return FALSE; ++ } ++ ++ // ++ // Read and check SubsystemId as dictated by Virtio10. ++ // ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, ++ PCI_SUBSYSTEM_ID_OFFSET, 1, &SubsystemId); ++ if (EFI_ERROR (Status)) { ++ goto PciError; ++ } ++ if (Virtio10 && SubsystemId >= 0x40) { ++ return TRUE; ++ } ++ if (!Virtio10 && SubsystemId == VIRTIO_SUBSYSTEM_ENTROPY_SOURCE) { ++ return TRUE; ++ } ++ return FALSE; ++ ++PciError: ++ DEBUG ((DEBUG_ERROR, "%a: %s: %r\n", __FUNCTION__, ReportText, Status)); ++ return FALSE; ++} ++ ++ ++/** + This CALLBACK_FUNCTION attempts to connect a handle non-recursively, asking + the matching driver to produce all first-level child handles. + **/ +@@ -644,6 +761,18 @@ PlatformBootManagerBeforeConsole ( + // Register platform-specific boot options and keyboard shortcuts. + // + PlatformRegisterOptionsAndKeys (); ++ ++ // ++ // At this point, VIRTIO_DEVICE_PROTOCOL instances exist only for Virtio MMIO ++ // transports. Install EFI_RNG_PROTOCOL instances on Virtio MMIO RNG devices. ++ // ++ FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioRng, Connect); ++ ++ // ++ // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL ++ // instances on Virtio PCI RNG devices. ++ // ++ FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciRng, Connect); + } + + /** +diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +index 1e22f8b..d6c1ef9 100644 +--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf ++++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +@@ -83,3 +83,4 @@ + gEfiLoadedImageProtocolGuid + gEfiPciRootBridgeIoProtocolGuid + gEfiSimpleFileSystemProtocolGuid ++ gVirtioDeviceProtocolGuid +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch b/SOURCES/ovmf-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch new file mode 100644 index 0000000..1c4145c --- /dev/null +++ b/SOURCES/ovmf-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch @@ -0,0 +1,270 @@ +From 87af8da054900fd05701c6d60a496b83fb8dbb63 Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Wed, 13 Feb 2019 09:50:47 +0100 +Subject: [PATCH 04/13] BaseTools: Add more checker in Decompress algorithm to + access the valid buffer (CVE FIX) + +Message-id: <20190213085050.20766-5-philmd@redhat.com> +Patchwork-id: 84481 +O-Subject: [RHEL-7.7 ovmf PATCH v3 4/7] BaseTools: Add more checker in + Decompress algorithm to access the valid buffer (CVE FIX) +Bugzilla: 1666586 +Acked-by: Laszlo Ersek +Acked-by: Vitaly Kuznetsov + +From: Laszlo Ersek + +From: Liming Gao + +--v-- RHEL7 note start --v-- + +Unfortunately, the upstream patch series was not structured according to +the CVE reports. This patch contributes to fixing: + +- CVE-2017-5731 +- CVE-2017-5733 +- CVE-2017-5734 +- CVE-2017-5735 + +but not CVE-2017-5732 (contrarily to the upstream commit message). The +best I could achieve up-stream was to get the "CVE FIX" expression into +the subject, and a whole-sale dump of the CVEs into the body. I had not +been invited to the original (off-list, embargoed) analysis and review. + +The differences that "git-backport-diff" reports as "functional" for this +backport aren't actually functional differences. They are due to +downstream lacking two upstream commits: + +- f7496d717357 ("BaseTools: Clean up source files", 2018-07-09), with the + "usual" diffstat "289 files changed, 10645 insertions(+), 10645 + deletions(-)"; + +- more importantly, 472eb3b89682 ("BaseTools: Add --uefi option to enable + UefiCompress method", 2018-10-13). + +(Side note: in upstream, commit 472eb3b89682 was incorrectly reverted as +part of 1ccc4d895dd8 ("Revert BaseTools: PYTHON3 migration", 2018-10-15), +but then it was re-applied in f1400101a732.) + +In commit 472eb3b89682, the "UEFI" compression/decompression method was +added to BaseTools, beyond the original "Tiano" method. This caused the +Tiano method to be indented more deeply, in the main() function of +"TianoCompress.c". (Also the original Decompress() function was renamed to +TDecompress().) The CVE fix applies to the "Tiano" method, which RHEL8 +does have, but at a different nesting level. Therefore the changes have +been backported manually, and the difference in indentation is also why +"git-backport-diff" thinks the changes are functional. + +This backport, once applied, can be diffed against the upstream tree more +easily as follows: + + git diff -b HEAD..041d89bc0f01 -- \ + BaseTools/Source/C/Common/Decompress.c \ + BaseTools/Source/C/TianoCompress/TianoCompress.c + +--^-- RHEL7 note end --^-- + +Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735 +https://bugzilla.tianocore.org/show_bug.cgi?id=686 + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Holtsclaw Brent +Signed-off-by: Liming Gao +Reviewed-by: Star Zeng +Acked-by: Laszlo Ersek +(cherry picked from commit 041d89bc0f0119df37a5fce1d0f16495ff905089) +Signed-off-by: Laszlo Ersek +(cherry picked from commit 29c394f110b1f769e629e8775874261e33d4abd9) +Signed-off-by: Philippe Mathieu-Daude +--- + BaseTools/Source/C/Common/Decompress.c | 23 +++++++++++++++++++-- + BaseTools/Source/C/TianoCompress/TianoCompress.c | 26 +++++++++++++++++++++++- + 2 files changed, 46 insertions(+), 3 deletions(-) + +diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c +index 8f1afb4..bdc10f5 100644 +--- a/BaseTools/Source/C/Common/Decompress.c ++++ b/BaseTools/Source/C/Common/Decompress.c +@@ -194,12 +194,16 @@ Returns: + UINT16 Avail; + UINT16 NextCode; + UINT16 Mask; ++ UINT16 MaxTableLength; + + for (Index = 1; Index <= 16; Index++) { + Count[Index] = 0; + } + + for (Index = 0; Index < NumOfChar; Index++) { ++ if (BitLen[Index] > 16) { ++ return (UINT16) BAD_TABLE; ++ } + Count[BitLen[Index]]++; + } + +@@ -237,6 +241,7 @@ Returns: + + Avail = NumOfChar; + Mask = (UINT16) (1U << (15 - TableBits)); ++ MaxTableLength = (UINT16) (1U << TableBits); + + for (Char = 0; Char < NumOfChar; Char++) { + +@@ -250,6 +255,9 @@ Returns: + if (Len <= TableBits) { + + for (Index = Start[Len]; Index < NextCode; Index++) { ++ if (Index >= MaxTableLength) { ++ return (UINT16) BAD_TABLE; ++ } + Table[Index] = Char; + } + +@@ -643,10 +651,14 @@ Returns: (VOID) + + BytesRemain--; + while ((INT16) (BytesRemain) >= 0) { +- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + if (Sd->mOutBuf >= Sd->mOrigSize) { + return ; + } ++ if (DataIdx >= Sd->mOrigSize) { ++ Sd->mBadTableFlag = (UINT16) BAD_TABLE; ++ return ; ++ } ++ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + + BytesRemain--; + } +@@ -684,6 +696,7 @@ Returns: + --*/ + { + UINT8 *Src; ++ UINT32 CompSize; + + *ScratchSize = sizeof (SCRATCH_DATA); + +@@ -692,7 +705,13 @@ Returns: + return EFI_INVALID_PARAMETER; + } + ++ CompSize = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24); + *DstSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24); ++ ++ if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) { ++ return EFI_INVALID_PARAMETER; ++ } ++ + return EFI_SUCCESS; + } + +@@ -752,7 +771,7 @@ Returns: + CompSize = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24); + OrigSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24); + +- if (SrcSize < CompSize + 8) { ++ if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) { + return EFI_INVALID_PARAMETER; + } + +diff --git a/BaseTools/Source/C/TianoCompress/TianoCompress.c b/BaseTools/Source/C/TianoCompress/TianoCompress.c +index 046fb36..d07fd9e 100644 +--- a/BaseTools/Source/C/TianoCompress/TianoCompress.c ++++ b/BaseTools/Source/C/TianoCompress/TianoCompress.c +@@ -1753,6 +1753,7 @@ Returns: + SCRATCH_DATA *Scratch; + UINT8 *Src; + UINT32 OrigSize; ++ UINT32 CompSize; + + SetUtilityName(UTILITY_NAME); + +@@ -1761,6 +1762,7 @@ Returns: + OutBuffer = NULL; + Scratch = NULL; + OrigSize = 0; ++ CompSize = 0; + InputLength = 0; + InputFileName = NULL; + OutputFileName = NULL; +@@ -1979,15 +1981,24 @@ Returns: + if (DebugMode) { + DebugMsg(UTILITY_NAME, 0, DebugLevel, "Decoding\n", NULL); + } ++ if (InputLength < 8){ ++ Error (NULL, 0, 3000, "Invalid", "The input file %s is too small.", InputFileName); ++ goto ERROR; ++ } + // + // Get Compressed file original size + // + Src = (UINT8 *)FileBuffer; + OrigSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24); ++ CompSize = Src[0] + (Src[1] << 8) + (Src[2] <<16) + (Src[3] <<24); + + // + // Allocate OutputBuffer + // ++ if (InputLength < CompSize + 8 || (CompSize + 8) < 8) { ++ Error (NULL, 0, 3000, "Invalid", "The input file %s data is invalid.", InputFileName); ++ goto ERROR; ++ } + OutBuffer = (UINT8 *)malloc(OrigSize); + if (OutBuffer == NULL) { + Error (NULL, 0, 4001, "Resource:", "Memory cannot be allocated!"); +@@ -2171,12 +2182,16 @@ Returns: + UINT16 Mask; + UINT16 WordOfStart; + UINT16 WordOfCount; ++ UINT16 MaxTableLength; + + for (Index = 0; Index <= 16; Index++) { + Count[Index] = 0; + } + + for (Index = 0; Index < NumOfChar; Index++) { ++ if (BitLen[Index] > 16) { ++ return (UINT16) BAD_TABLE; ++ } + Count[BitLen[Index]]++; + } + +@@ -2220,6 +2235,7 @@ Returns: + + Avail = NumOfChar; + Mask = (UINT16) (1U << (15 - TableBits)); ++ MaxTableLength = (UINT16) (1U << TableBits); + + for (Char = 0; Char < NumOfChar; Char++) { + +@@ -2233,6 +2249,9 @@ Returns: + if (Len <= TableBits) { + + for (Index = Start[Len]; Index < NextCode; Index++) { ++ if (Index >= MaxTableLength) { ++ return (UINT16) BAD_TABLE; ++ } + Table[Index] = Char; + } + +@@ -2617,11 +2636,16 @@ Returns: (VOID) + DataIdx = Sd->mOutBuf - DecodeP (Sd) - 1; + + BytesRemain--; ++ + while ((INT16) (BytesRemain) >= 0) { +- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + if (Sd->mOutBuf >= Sd->mOrigSize) { + goto Done ; + } ++ if (DataIdx >= Sd->mOrigSize) { ++ Sd->mBadTableFlag = (UINT16) BAD_TABLE; ++ goto Done ; ++ } ++ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + + BytesRemain--; + } +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch b/SOURCES/ovmf-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch new file mode 100644 index 0000000..470e911 --- /dev/null +++ b/SOURCES/ovmf-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch @@ -0,0 +1,94 @@ +From 461390a9ced1986f752b2e64f36f3deee982eb6d Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Wed, 13 Feb 2019 09:50:48 +0100 +Subject: [PATCH 05/13] BaseTools: Fix UEFI and Tiano Decompression logic issue +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190213085050.20766-6-philmd@redhat.com> +Patchwork-id: 84484 +O-Subject: [RHEL-7.7 ovmf PATCH v3 5/7] BaseTools: Fix UEFI and Tiano + Decompression logic issue +Bugzilla: 1666586 +Acked-by: Laszlo Ersek +Acked-by: Vitaly Kuznetsov + +From: Philippe Mathieu-Daudé + +From: Liming Gao + +--v-- RHEL7 note start --v-- + +While reviewing the RHEL8 original of this backport, Laszlo had to look +at the "BaseTools/Source/C/TianoCompress/TianoCompress.c" hunk for a +while longer, due to commit 472eb3b89682 missing down-stream, which he +remembered from downstream commit 29c394f110b1. + +However, this hunk affects the Decode() function, which is not affected +by the upstream-only "UefiCompress method", and also not affected by the +related upstream-only Decompress()->TDecompress() rename. Decode() -- +i.e. the function being patched -- is called from Decompress() / +TDecompress(). + +Therefore, the "git backport-diff" report in the blurb which marks this +backport patch "identical", is credible. + +--^-- RHEL7 note end --^-- + +https://bugzilla.tianocore.org/show_bug.cgi?id=1317 + +This is a regression issue caused by 041d89bc0f0119df37a5fce1d0f16495ff905089. +In Decode() function, once mOutBuf is fully filled, Decode() should return. +Current logic misses the checker of mOutBuf after while() loop. + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Liming Gao +Cc: Yonghong Zhu +Reviewed-by: Yonghong Zhu +(cherry picked from commit 5e45a1fdcfbf9b2b389122eb97475148594625f8) +Signed-off-by: Philippe Mathieu-Daudé +(cherry picked from commit 115cf260ac54a6793a184227d6ae6bfe3da74a56) +Signed-off-by: Philippe Mathieu-Daude +--- + BaseTools/Source/C/Common/Decompress.c | 6 ++++++ + BaseTools/Source/C/TianoCompress/TianoCompress.c | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c +index bdc10f5..af76f67 100644 +--- a/BaseTools/Source/C/Common/Decompress.c ++++ b/BaseTools/Source/C/Common/Decompress.c +@@ -662,6 +662,12 @@ Returns: (VOID) + + BytesRemain--; + } ++ // ++ // Once mOutBuf is fully filled, directly return ++ // ++ if (Sd->mOutBuf >= Sd->mOrigSize) { ++ return ; ++ } + } + } + +diff --git a/BaseTools/Source/C/TianoCompress/TianoCompress.c b/BaseTools/Source/C/TianoCompress/TianoCompress.c +index d07fd9e..369f7b3 100644 +--- a/BaseTools/Source/C/TianoCompress/TianoCompress.c ++++ b/BaseTools/Source/C/TianoCompress/TianoCompress.c +@@ -2649,6 +2649,12 @@ Returns: (VOID) + + BytesRemain--; + } ++ // ++ // Once mOutBuf is fully filled, directly return ++ // ++ if (Sd->mOutBuf >= Sd->mOrigSize) { ++ goto Done ; ++ } + } + } + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch b/SOURCES/ovmf-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch new file mode 100644 index 0000000..4e37d43 --- /dev/null +++ b/SOURCES/ovmf-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch @@ -0,0 +1,128 @@ +From c48d7ac53b4b387fc70a3803e38d30b50513f90b Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Wed, 13 Feb 2019 09:50:46 +0100 +Subject: [PATCH 03/13] IntelFrameworkModulePkg: Add more checker in + UefiTianoDecompressLib (CVE FIX) + +Message-id: <20190213085050.20766-4-philmd@redhat.com> +Patchwork-id: 84483 +O-Subject: [RHEL-7.7 ovmf PATCH v3 3/7] IntelFrameworkModulePkg: Add more + checker in UefiTianoDecompressLib (CVE FIX) +Bugzilla: 1666586 +Acked-by: Laszlo Ersek +Acked-by: Vitaly Kuznetsov + +From: Laszlo Ersek + +From: Liming Gao + +--v-- RHEL7 note start --v-- + +Unfortunately, the upstream patch series was not structured according to +the CVE reports. This patch contributes to fixing: + +- CVE-2017-5733 +- CVE-2017-5734 +- CVE-2017-5735 + +but not CVE-2017-5731 or CVE-2017-5732 (contrarily to the upstream commit +message). The best I could achieve up-stream was to get the "CVE FIX" +expression into the subject, and a whole-sale dump of the CVEs into the +body. I had not been invited to the original (off-list, embargoed) +analysis and review. + +The trivial context difference (whitespace) is due to RHEL8 lacking +upstream commit 0a6f48249a60 ("IntelFrameworkModulePkg: Clean up source +files", 2018-06-28). I've considered backporting that (since it only +cleans up whitespace). However, the diffstat on that commit convinced me +otherwise: "246 files changed, 4067 insertions(+), 4067 deletions(-)". +I've decided not to do a partial backport of that (i.e. just for +"BaseUefiTianoCustomDecompressLib.c"). + +--^-- RHEL7 note end --^-- + +Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735 +https://bugzilla.tianocore.org/show_bug.cgi?id=686 +To make sure the valid buffer be accessed only. + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Holtsclaw Brent +Signed-off-by: Liming Gao +Reviewed-by: Star Zeng +Acked-by: Laszlo Ersek +(cherry picked from commit 684db6da64bc7b5faee4e1174e801c245f563b5c) +Signed-off-by: Laszlo Ersek +(cherry picked from commit 8358e53013fc62c9556598ad842d233906de00ef) +Signed-off-by: Philippe Mathieu-Daude +--- + .../BaseUefiTianoCustomDecompressLib.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c +index cb009e7..9b00166 100644 +--- a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c ++++ b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c +@@ -143,6 +143,7 @@ MakeTable ( + UINT16 Mask; + UINT16 WordOfStart; + UINT16 WordOfCount; ++ UINT16 MaxTableLength; + + // + // The maximum mapping table width supported by this internal +@@ -155,6 +156,9 @@ MakeTable ( + } + + for (Index = 0; Index < NumOfChar; Index++) { ++ if (BitLen[Index] > 16) { ++ return (UINT16) BAD_TABLE; ++ } + Count[BitLen[Index]]++; + } + +@@ -196,6 +200,7 @@ MakeTable ( + + Avail = NumOfChar; + Mask = (UINT16) (1U << (15 - TableBits)); ++ MaxTableLength = (UINT16) (1U << TableBits); + + for (Char = 0; Char < NumOfChar; Char++) { + +@@ -209,6 +214,9 @@ MakeTable ( + if (Len <= TableBits) { + + for (Index = Start[Len]; Index < NextCode; Index++) { ++ if (Index >= MaxTableLength) { ++ return (UINT16) BAD_TABLE; ++ } + Table[Index] = Char; + } + +@@ -615,10 +623,14 @@ Decode ( + // + BytesRemain--; + while ((INT16) (BytesRemain) >= 0) { +- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + if (Sd->mOutBuf >= Sd->mOrigSize) { + goto Done ; + } ++ if (DataIdx >= Sd->mOrigSize) { ++ Sd->mBadTableFlag = (UINT16) BAD_TABLE; ++ goto Done ; ++ } ++ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + + BytesRemain--; + } +@@ -688,7 +700,7 @@ UefiDecompressGetInfo ( + } + + CompressedSize = ReadUnaligned32 ((UINT32 *)Source); +- if (SourceSize < (CompressedSize + 8)) { ++ if (SourceSize < (CompressedSize + 8) || (CompressedSize + 8) < 8) { + return RETURN_INVALID_PARAMETER; + } + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch b/SOURCES/ovmf-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch new file mode 100644 index 0000000..34e3254 --- /dev/null +++ b/SOURCES/ovmf-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch @@ -0,0 +1,58 @@ +From e63a98333b858e287b0e88ff0e06bef5d46c635f Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Wed, 13 Feb 2019 09:50:50 +0100 +Subject: [PATCH 07/13] IntelFrameworkModulePkg: Fix UEFI and Tiano + Decompression logic issue +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190213085050.20766-8-philmd@redhat.com> +Patchwork-id: 84482 +O-Subject: [RHEL-7.7 ovmf PATCH v3 7/7] IntelFrameworkModulePkg: Fix UEFI and + Tiano Decompression logic issue +Bugzilla: 1666586 +Acked-by: Laszlo Ersek +Acked-by: Vitaly Kuznetsov + +From: Philippe Mathieu-Daudé + +From: Liming Gao + +https://bugzilla.tianocore.org/show_bug.cgi?id=1317 + +This is a regression issue caused by 684db6da64bc7b5faee4e1174e801c245f563b5c. +In Decode() function, once mOutBuf is fully filled, Decode() should return. +Current logic misses the checker of mOutBuf after while() loop. + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Liming Gao +Reviewed-by: Yonghong Zhu +(cherry picked from commit ade71c52a49d659b20c0b433fb11ddb4f4f543c4) +Signed-off-by: Philippe Mathieu-Daudé +(cherry picked from commit 601458a0a87bf4169d1f0c81c0bb454d22abe8f0) +Signed-off-by: Philippe Mathieu-Daude +--- + .../BaseUefiTianoCustomDecompressLib.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c +index 9b00166..e34bf4b 100644 +--- a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c ++++ b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c +@@ -634,6 +634,12 @@ Decode ( + + BytesRemain--; + } ++ // ++ // Once mOutBuf is fully filled, directly return ++ // ++ if (Sd->mOutBuf >= Sd->mOrigSize) { ++ goto Done ; ++ } + } + } + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch b/SOURCES/ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch new file mode 100644 index 0000000..2b48653 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch @@ -0,0 +1,278 @@ +From 9e68568e34bef0037bb16b3cbe361e559b8da369 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 22 Mar 2019 17:39:35 +0100 +Subject: [PATCH 1/8] MdeModulePkg/HiiDatabase: Fix potential integer overflow + (CVE-2018-12181) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190322163936.10835-2-lersek@redhat.com> +Patchwork-id: 85124 +O-Subject: [RHEL-7.7 ovmf PATCH 1/2] MdeModulePkg/HiiDatabase: Fix potential + integer overflow (CVE-2018-12181) +Bugzilla: 1691479 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Ray Ni + +--v-- RHEL7 note --v-- + +A contextual conflict had to be resolved manually because we don't have +upstream commit 979b7d802c31 ("MdeModulePkg/HiiDB: Make sure database +update behaviors are atomic", 2018-10-26), which was written for upstream +BZ . More +specifically, the context to which upstream ffe5f7a6b4e9 (i.e. the patch +being backported) applies includes EfiAcquireLock() added in 979b7d802c31, +and our downstream context lacks that. + +While reviewing this, I noticed that some of the new error paths +introduced by the more rigorous checking in upstream ffe5f7a6b4e9 fail to +release the lock. For upstream I reported a new BZ about this +, but down-stream, we +don't have the EfiAcquireLock() in the first place, so there is no leak. + +--^-- RHEL7 note --^-- + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135 + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Ray Ni +Cc: Dandan Bi +Cc: Hao A Wu +Reviewed-by: Hao Wu +Reviewed-by: Jian J Wang +(cherry picked from commit ffe5f7a6b4e978dffbe1df228963adc914451106) +--- + MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 126 +++++++++++++++++++++----- + 1 file changed, 103 insertions(+), 23 deletions(-) + +diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +index 431a5b8..dc9566b 100644 +--- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c ++++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +@@ -16,6 +16,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + #include "HiiDatabase.h" + ++#define MAX_UINT24 0xFFFFFF + + /** + Get the imageid of last image block: EFI_HII_IIBT_END_BLOCK when input +@@ -649,8 +650,16 @@ HiiNewImage ( + return EFI_NOT_FOUND; + } + +- NewBlockSize = sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL) + +- BITMAP_LEN_24_BIT ((UINT32) Image->Width, Image->Height); ++ // ++ // Calcuate the size of new image. ++ // Make sure the size doesn't overflow UINT32. ++ // Note: 24Bit BMP occpuies 3 bytes per pixel. ++ // ++ NewBlockSize = (UINT32)Image->Width * Image->Height; ++ if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL))) / 3) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ NewBlockSize = NewBlockSize * 3 + (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL)); + + // + // Get the image package in the package list, +@@ -669,6 +678,18 @@ HiiNewImage ( + // + // Update the package's image block by appending the new block to the end. + // ++ ++ // ++ // Make sure the final package length doesn't overflow. ++ // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24. ++ // ++ if (NewBlockSize > MAX_UINT24 - ImagePackage->ImagePkgHdr.Header.Length) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ // ++ // Because ImagePackage->ImageBlockSize < ImagePackage->ImagePkgHdr.Header.Length, ++ // So (ImagePackage->ImageBlockSize + NewBlockSize) <= MAX_UINT24 ++ // + ImageBlocks = AllocatePool (ImagePackage->ImageBlockSize + NewBlockSize); + if (ImageBlocks == NULL) { + return EFI_OUT_OF_RESOURCES; +@@ -699,6 +720,13 @@ HiiNewImage ( + + } else { + // ++ // Make sure the final package length doesn't overflow. ++ // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24. ++ // ++ if (NewBlockSize > MAX_UINT24 - (sizeof (EFI_HII_IMAGE_PACKAGE_HDR) + sizeof (EFI_HII_IIBT_END_BLOCK))) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ // + // The specified package list does not contain image package. + // Create one to add this image block. + // +@@ -895,8 +923,11 @@ IGetImage ( + // Use the common block code since the definition of these structures is the same. + // + CopyMem (&Iibt1bit, CurrentImageBlock, sizeof (EFI_HII_IIBT_IMAGE_1BIT_BLOCK)); +- ImageLength = sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) * +- ((UINT32) Iibt1bit.Bitmap.Width * Iibt1bit.Bitmap.Height); ++ ImageLength = (UINTN) Iibt1bit.Bitmap.Width * Iibt1bit.Bitmap.Height; ++ if (ImageLength > MAX_UINTN / sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ImageLength *= sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); + Image->Bitmap = AllocateZeroPool (ImageLength); + if (Image->Bitmap == NULL) { + return EFI_OUT_OF_RESOURCES; +@@ -945,9 +976,13 @@ IGetImage ( + // fall through + // + case EFI_HII_IIBT_IMAGE_24BIT: +- Width = ReadUnaligned16 ((VOID *) &((EFI_HII_IIBT_IMAGE_24BIT_BLOCK *) CurrentImageBlock)->Bitmap.Width); ++ Width = ReadUnaligned16 ((VOID *) &((EFI_HII_IIBT_IMAGE_24BIT_BLOCK *) CurrentImageBlock)->Bitmap.Width); + Height = ReadUnaligned16 ((VOID *) &((EFI_HII_IIBT_IMAGE_24BIT_BLOCK *) CurrentImageBlock)->Bitmap.Height); +- ImageLength = sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL) * ((UINT32) Width * Height); ++ ImageLength = (UINTN)Width * Height; ++ if (ImageLength > MAX_UINTN / sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ImageLength *= sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); + Image->Bitmap = AllocateZeroPool (ImageLength); + if (Image->Bitmap == NULL) { + return EFI_OUT_OF_RESOURCES; +@@ -1114,8 +1149,23 @@ HiiSetImage ( + // + // Create the new image block according to input image. + // +- NewBlockSize = sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL) + +- BITMAP_LEN_24_BIT ((UINT32) Image->Width, Image->Height); ++ ++ // ++ // Make sure the final package length doesn't overflow. ++ // Length of the package header is represented using 24 bits. So MAX length is MAX_UINT24. ++ // 24Bit BMP occpuies 3 bytes per pixel. ++ // ++ NewBlockSize = (UINT32)Image->Width * Image->Height; ++ if (NewBlockSize > (MAX_UINT32 - (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL))) / 3) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ NewBlockSize = NewBlockSize * 3 + (sizeof (EFI_HII_IIBT_IMAGE_24BIT_BLOCK) - sizeof (EFI_HII_RGB_PIXEL)); ++ if ((NewBlockSize > OldBlockSize) && ++ (NewBlockSize - OldBlockSize > MAX_UINT24 - ImagePackage->ImagePkgHdr.Header.Length) ++ ) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ + // + // Adjust the image package to remove the original block firstly then add the new block. + // +@@ -1207,8 +1257,8 @@ HiiDrawImage ( + EFI_IMAGE_OUTPUT *ImageOut; + EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer; + UINTN BufferLen; +- UINTN Width; +- UINTN Height; ++ UINT16 Width; ++ UINT16 Height; + UINTN Xpos; + UINTN Ypos; + UINTN OffsetY1; +@@ -1269,21 +1319,36 @@ HiiDrawImage ( + // + if (*Blt != NULL) { + // ++ // Make sure the BltX and BltY is inside the Blt area. ++ // ++ if ((BltX >= (*Blt)->Width) || (BltY >= (*Blt)->Height)) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ // + // Clip the image by (Width, Height) + // + + Width = Image->Width; + Height = Image->Height; + +- if (Width > (*Blt)->Width - BltX) { +- Width = (*Blt)->Width - BltX; ++ if (Width > (*Blt)->Width - (UINT16)BltX) { ++ Width = (*Blt)->Width - (UINT16)BltX; + } +- if (Height > (*Blt)->Height - BltY) { +- Height = (*Blt)->Height - BltY; ++ if (Height > (*Blt)->Height - (UINT16)BltY) { ++ Height = (*Blt)->Height - (UINT16)BltY; + } + +- BufferLen = Width * Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); +- BltBuffer = (EFI_GRAPHICS_OUTPUT_BLT_PIXEL *) AllocateZeroPool (BufferLen); ++ // ++ // Prepare the buffer for the temporary image. ++ // Make sure the buffer size doesn't overflow UINTN. ++ // ++ BufferLen = Width * Height; ++ if (BufferLen > MAX_UINTN / sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ BufferLen *= sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); ++ BltBuffer = AllocateZeroPool (BufferLen); + if (BltBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } +@@ -1346,11 +1411,26 @@ HiiDrawImage ( + // + // Allocate a new bitmap to hold the incoming image. + // +- Width = Image->Width + BltX; +- Height = Image->Height + BltY; + +- BufferLen = Width * Height * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); +- BltBuffer = (EFI_GRAPHICS_OUTPUT_BLT_PIXEL *) AllocateZeroPool (BufferLen); ++ // ++ // Make sure the final width and height doesn't overflow UINT16. ++ // ++ if ((BltX > (UINTN)MAX_UINT16 - Image->Width) || (BltY > (UINTN)MAX_UINT16 - Image->Height)) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ Width = Image->Width + (UINT16)BltX; ++ Height = Image->Height + (UINT16)BltY; ++ ++ // ++ // Make sure the output image size doesn't overflow UINTN. ++ // ++ BufferLen = Width * Height; ++ if (BufferLen > MAX_UINTN / sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL)) { ++ return EFI_OUT_OF_RESOURCES; ++ } ++ BufferLen *= sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); ++ BltBuffer = AllocateZeroPool (BufferLen); + if (BltBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } +@@ -1360,8 +1440,8 @@ HiiDrawImage ( + FreePool (BltBuffer); + return EFI_OUT_OF_RESOURCES; + } +- ImageOut->Width = (UINT16) Width; +- ImageOut->Height = (UINT16) Height; ++ ImageOut->Width = Width; ++ ImageOut->Height = Height; + ImageOut->Image.Bitmap = BltBuffer; + + // +@@ -1375,7 +1455,7 @@ HiiDrawImage ( + return Status; + } + ASSERT (FontInfo != NULL); +- for (Index = 0; Index < Width * Height; Index++) { ++ for (Index = 0; Index < (UINTN)Width * Height; Index++) { + BltBuffer[Index] = FontInfo->BackgroundColor; + } + FreePool (FontInfo); +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch b/SOURCES/ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch new file mode 100644 index 0000000..aff5831 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch @@ -0,0 +1,66 @@ +From 44941e738b975e52a6494cfd9f71db5ad3f411b8 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 22 Mar 2019 17:39:36 +0100 +Subject: [PATCH 2/8] MdeModulePkg/HiiImage: Fix stack overflow when corrupted + BMP is parsed (CVE-2018-12181) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190322163936.10835-3-lersek@redhat.com> +Patchwork-id: 85123 +O-Subject: [RHEL-7.7 ovmf PATCH 2/2] MdeModulePkg/HiiImage: Fix stack overflow + when corrupted BMP is parsed (CVE-2018-12181) +Bugzilla: 1691479 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Ray Ni + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1135 + +For 4bit BMP, there are only 2^4 = 16 colors in the palette. +But when a corrupted BMP contains more than 16 colors in the palette, +today's implementation wrongly copies all colors to the local +PaletteValue[16] array which causes stack overflow. + +The similar issue also exists in the logic to handle 8bit BMP. + +The patch fixes the issue by only copies the first 16 or 256 colors +in the palette depending on the BMP type. + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Ray Ni +Cc: Liming Gao +Cc: Jiewen Yao +Reviewed-by: Jian J Wang +(cherry picked from commit 89910a39dcfd788057caa5d88b7e76e112d187b5) +--- + MdeModulePkg/Universal/HiiDatabaseDxe/Image.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +index dc9566b..9829bdd 100644 +--- a/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c ++++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Image.c +@@ -370,7 +370,7 @@ Output4bitPixel ( + PaletteNum = (UINT16)(Palette->PaletteSize / sizeof (EFI_HII_RGB_PIXEL)); + + ZeroMem (PaletteValue, sizeof (PaletteValue)); +- CopyRgbToGopPixel (PaletteValue, Palette->PaletteValue, PaletteNum); ++ CopyRgbToGopPixel (PaletteValue, Palette->PaletteValue, MIN (PaletteNum, ARRAY_SIZE (PaletteValue))); + FreePool (Palette); + + // +@@ -447,7 +447,7 @@ Output8bitPixel ( + CopyMem (Palette, PaletteInfo, PaletteSize); + PaletteNum = (UINT16)(Palette->PaletteSize / sizeof (EFI_HII_RGB_PIXEL)); + ZeroMem (PaletteValue, sizeof (PaletteValue)); +- CopyRgbToGopPixel (PaletteValue, Palette->PaletteValue, PaletteNum); ++ CopyRgbToGopPixel (PaletteValue, Palette->PaletteValue, MIN (PaletteNum, ARRAY_SIZE (PaletteValue))); + FreePool (Palette); + + // +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch b/SOURCES/ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch new file mode 100644 index 0000000..3aeb39d --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch @@ -0,0 +1,97 @@ +From 5c43edaf8f41ad18bc66c29fea9b039488d858c8 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 22 Mar 2019 21:53:19 +0100 +Subject: [PATCH 3/8] MdeModulePkg/PartitionDxe: Add check for underlying + device block size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190322205323.17693-2-lersek@redhat.com> +Patchwork-id: 85131 +O-Subject: [RHEL-7.7 ovmf PATCH 1/5] MdeModulePkg/PartitionDxe: Add check for + underlying device block size +Bugzilla: 1691647 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Hao Wu + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828 + +Within FindAnchorVolumeDescriptorPointer(): + +Add a check for the underlying device block size to ensure it is greater +than the size of an Anchor Volume Descriptor Pointer. + +Cc: Ruiyu Ni +Cc: Jiewen Yao +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Hao Wu +Reviewed-by: Paulo Alcantara +Acked-by: Star Zeng +(cherry picked from commit 4df8f5bfa28b8b881e506437e8f08d92c1a00370) +Signed-off-by: Laszlo Ersek +--- + MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c | 29 ++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c +index 83bd174..49c56f6 100644 +--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c ++++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Udf.c +@@ -1,8 +1,17 @@ + /** @file + Scan for an UDF file system on a formatted media. + ++ Caution: This file requires additional review when modified. ++ This driver will have external input - CD/DVD media. ++ This external input must be validated carefully to avoid security issue like ++ buffer overflow, integer overflow. ++ ++ FindUdfFileSystem() routine will consume the media properties and do basic ++ validation. ++ + Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc. + Copyright (C) 2014-2017 Paulo Alcantara ++ Copyright (c) 2018, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this +@@ -102,6 +111,20 @@ FindAnchorVolumeDescriptorPointer ( + AvdpsCount = 0; + + // ++ // Check if the block size of the underlying media can hold the data of an ++ // Anchor Volume Descriptor Pointer ++ // ++ if (BlockSize < sizeof (UDF_ANCHOR_VOLUME_DESCRIPTOR_POINTER)) { ++ DEBUG (( ++ DEBUG_ERROR, ++ "%a: Media block size 0x%x unable to hold an AVDP.\n", ++ __FUNCTION__, ++ BlockSize ++ )); ++ return EFI_UNSUPPORTED; ++ } ++ ++ // + // Find AVDP at block 256 + // + Status = DiskIo->ReadDisk ( +@@ -598,6 +621,12 @@ Out_Free: + /** + Find a supported UDF file system in block device. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from Partition. ++ ++ The CD/DVD media is the external input, so this routine will do basic ++ validation for the media. ++ + @param[in] BlockIo BlockIo interface. + @param[in] DiskIo DiskIo interface. + @param[out] StartingLBA UDF file system starting LBA. +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch b/SOURCES/ovmf-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch new file mode 100644 index 0000000..f925de0 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch @@ -0,0 +1,101 @@ +From 29d5545ca1b9cefb7e813b65e36eb9efc192fbc0 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 1 Mar 2019 13:16:46 +0100 +Subject: [PATCH 08/13] MdeModulePkg/PartitionDxe: Ensure blocksize holds MBR + (CVE-2018-12180) + +Message-id: <20190301121647.16026-2-lersek@redhat.com> +Patchwork-id: 84756 +O-Subject: [RHEL-7.7 ovmf PATCH 1/2] MdeModulePkg/PartitionDxe: Ensure blocksize + holds MBR (CVE-2018-12180) +Bugzilla: 1684007 +Acked-by: Thomas Huth +Acked-by: Vitaly Kuznetsov + +From: Hao Wu + +--v-- RHEL-7.7 note --v-- + +Trivial conflicts resolved in "Gpt.c" and "Mbr.c": up-stream, the Intel +copyright notice got meanwhile extended to 2018, in commit d1102dba7210 +("MdeModulePkg: Clean up source files", 2018-06-28). + +--^-- RHEL-7.7 note --^-- + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1134 + +The commit adds checks for detecting GPT and MBR partitions. + +These checks will ensure that the device block size is big enough to hold +an MBR (512 bytes). + +Cc: Jian J Wang +Cc: Star Zeng +Cc: Laszlo Ersek +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Hao Wu +Reviewed-by: Ray Ni +(cherry picked from commit fccdb88022c1f6d85c773fce506b10c879063f1d) +Signed-off-by: Laszlo Ersek +--- + MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 9 ++++++++- + MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c | 9 ++++++++- + 2 files changed, 16 insertions(+), 2 deletions(-) + +diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c +index fe26a64..141dca0 100644 +--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c ++++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c +@@ -14,7 +14,7 @@ + partition content and validate the GPT table and GPT entry. + + Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc. +-Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -237,6 +237,13 @@ PartitionInstallGptChildHandles ( + GptValidStatus = EFI_NOT_FOUND; + + // ++ // Ensure the block size can hold the MBR ++ // ++ if (BlockSize < sizeof (MASTER_BOOT_RECORD)) { ++ return EFI_NOT_FOUND; ++ } ++ ++ // + // Allocate a buffer for the Protective MBR + // + ProtectiveMbr = AllocatePool (BlockSize); +diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c +index 479745b..d7a15b4 100644 +--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c ++++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c +@@ -13,7 +13,7 @@ + + Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc. + Copyright (c) 2014, Hewlett-Packard Development Company, L.P.
+-Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -150,6 +150,13 @@ PartitionInstallMbrChildHandles ( + MediaId = BlockIo->Media->MediaId; + LastBlock = BlockIo->Media->LastBlock; + ++ // ++ // Ensure the block size can hold the MBR ++ // ++ if (BlockSize < sizeof (MASTER_BOOT_RECORD)) { ++ return EFI_NOT_FOUND; ++ } ++ + Mbr = AllocatePool (BlockSize); + if (Mbr == NULL) { + return Found; +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch b/SOURCES/ovmf-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch new file mode 100644 index 0000000..6e3cf06 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch @@ -0,0 +1,136 @@ +From 8104f654744067eca1cc96d2156742dc1155b5b7 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 1 Mar 2019 13:16:47 +0100 +Subject: [PATCH 09/13] MdeModulePkg/RamDiskDxe: Restrict on RAM disk size + (CVE-2018-12180) + +Message-id: <20190301121647.16026-3-lersek@redhat.com> +Patchwork-id: 84757 +O-Subject: [RHEL-7.7 ovmf PATCH 2/2] MdeModulePkg/RamDiskDxe: Restrict on RAM + disk size (CVE-2018-12180) +Bugzilla: 1684007 +Acked-by: Thomas Huth +Acked-by: Vitaly Kuznetsov + +From: Hao Wu + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1134 + +Originally, the block size of created Ram disks is hard-coded to 512 +bytes. However, if the total size of the Ram disk is not a multiple of 512 +bytes, there will be potential memory access issues when dealing with the +last block of the Ram disk. + +This commit will adjust the block size of the Ram disks to ensure that the +total size is a multiple of the block size. + +Cc: Jian J Wang +Cc: Star Zeng +Cc: Laszlo Ersek +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Hao Wu +Reviewed-by: Ray Ni +(cherry picked from commit 38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f) +Signed-off-by: Laszlo Ersek +--- + .../Universal/Disk/RamDiskDxe/RamDiskBlockIo.c | 20 ++++++++++++++------ + MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h | 6 +++--- + .../Universal/Disk/RamDiskDxe/RamDiskProtocol.c | 5 +++-- + 3 files changed, 20 insertions(+), 11 deletions(-) + +diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c +index 4f74b5e..8926ad7 100644 +--- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c ++++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c +@@ -1,7 +1,7 @@ + /** @file + Produce EFI_BLOCK_IO_PROTOCOL on a RAM disk device. + +- Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
++ Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -54,6 +54,7 @@ RamDiskInitBlockIo ( + EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_BLOCK_IO2_PROTOCOL *BlockIo2; + EFI_BLOCK_IO_MEDIA *Media; ++ UINT32 Remainder; + + BlockIo = &PrivateData->BlockIo; + BlockIo2 = &PrivateData->BlockIo2; +@@ -69,11 +70,18 @@ RamDiskInitBlockIo ( + Media->LogicalPartition = FALSE; + Media->ReadOnly = FALSE; + Media->WriteCaching = FALSE; +- Media->BlockSize = RAM_DISK_BLOCK_SIZE; +- Media->LastBlock = DivU64x32 ( +- PrivateData->Size + RAM_DISK_BLOCK_SIZE - 1, +- RAM_DISK_BLOCK_SIZE +- ) - 1; ++ ++ for (Media->BlockSize = RAM_DISK_DEFAULT_BLOCK_SIZE; ++ Media->BlockSize >= 1; ++ Media->BlockSize = Media->BlockSize >> 1) { ++ Media->LastBlock = DivU64x32Remainder (PrivateData->Size, Media->BlockSize, &Remainder) - 1; ++ if (Remainder == 0) { ++ break; ++ } ++ } ++ ASSERT (Media->BlockSize != 0); ++ ++ return; + } + + +diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h +index 077bb77..18c7bb2 100644 +--- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h ++++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h +@@ -1,7 +1,7 @@ + /** @file + The header file of RamDiskDxe driver. + +- Copyright (c) 2016, Intel Corporation. All rights reserved.
++ Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -49,9 +49,9 @@ + /// + + // +-// Block size for RAM disk ++// Default block size for RAM disk + // +-#define RAM_DISK_BLOCK_SIZE 512 ++#define RAM_DISK_DEFAULT_BLOCK_SIZE 512 + + // + // Iterate through the double linked list. NOT delete safe +diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c +index 6784e2b..e8250d5 100644 +--- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c ++++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c +@@ -1,7 +1,7 @@ + /** @file + The realization of EFI_RAM_DISK_PROTOCOL. + +- Copyright (c) 2016, Intel Corporation. All rights reserved.
++ Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
+ (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License +@@ -613,7 +613,8 @@ RamDiskRegister ( + // + // Add check to prevent data read across the memory boundary + // +- if (RamDiskBase + RamDiskSize > ((UINTN) -1) - RAM_DISK_BLOCK_SIZE + 1) { ++ if ((RamDiskSize > MAX_UINTN) || ++ (RamDiskBase > MAX_UINTN - RamDiskSize + 1)) { + return EFI_INVALID_PARAMETER; + } + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-Component.patch b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-Component.patch new file mode 100644 index 0000000..704ef2d --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-Component.patch @@ -0,0 +1,57 @@ +From adfd3101494f52d71cbd8d15be9146e7570e6397 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 22 Mar 2019 21:53:22 +0100 +Subject: [PATCH 6/8] MdeModulePkg/UdfDxe: Add boundary check for + ComponentIdentifier decode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190322205323.17693-5-lersek@redhat.com> +Patchwork-id: 85133 +O-Subject: [RHEL-7.7 ovmf PATCH 4/5] MdeModulePkg/UdfDxe: Add boundary check for + ComponentIdentifier decode +Bugzilla: 1691647 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Hao Wu + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828 + +Within ResolveSymlink(): + +The boundary check will validate the 'LengthofComponentIdentifier' field +of a Path Component matches the data within the relating (Extended) File +Entry. + +Cc: Ruiyu Ni +Cc: Jiewen Yao +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Hao Wu +Reviewed-by: Paulo Alcantara +Acked-by: Star Zeng +(cherry picked from commit 89f75aa04a97293a8ed9db2a90851a5053730cf5) +Signed-off-by: Laszlo Ersek +--- + MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +index 0012075..1aefed8 100644 +--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c ++++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +@@ -2137,6 +2137,10 @@ ResolveSymlink ( + return EFI_VOLUME_CORRUPTED; + } + ++ if ((UINTN)PathComp->ComponentIdentifier + PathCompLength > (UINTN)EndData) { ++ return EFI_VOLUME_CORRUPTED; ++ } ++ + Char = FileName; + for (Index = 1; Index < PathCompLength; Index++) { + if (CompressionId == 16) { +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-getting-v.patch b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-getting-v.patch new file mode 100644 index 0000000..a7758b6 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-getting-v.patch @@ -0,0 +1,103 @@ +From 288997968e9c6352b09930c23fc05f53e3bc0dad Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 22 Mar 2019 21:53:23 +0100 +Subject: [PATCH 7/8] MdeModulePkg/UdfDxe: Add boundary check for getting + volume (free) size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190322205323.17693-6-lersek@redhat.com> +Patchwork-id: 85134 +O-Subject: [RHEL-7.7 ovmf PATCH 5/5] MdeModulePkg/UdfDxe: Add boundary check for + getting volume (free) size +Bugzilla: 1691647 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Hao Wu + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828 + +Within GetVolumeSize(): + +The boundary check will validate the 'NumberOfPartitions' field of a +Logical Volume Integrity Descriptor matches the data within the relating +Logical Volume Descriptor. + +Cc: Ruiyu Ni +Cc: Jiewen Yao +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Hao Wu +Reviewed-by: Paulo Alcantara +Acked-by: Star Zeng +(cherry picked from commit 3b30351b75d70ea65701ac999875fbb81a89a5ca) +Signed-off-by: Laszlo Ersek +--- + .../Universal/Disk/UdfDxe/FileSystemOperations.c | 17 ++++++++++++++++- + MdeModulePkg/Universal/Disk/UdfDxe/Udf.h | 7 +++++++ + 2 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +index 1aefed8..ae19a42 100644 +--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c ++++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +@@ -2451,6 +2451,13 @@ SetFileInfo ( + /** + Get volume and free space size information of an UDF volume. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The Logical Volume Descriptor and the Logical Volume Integrity Descriptor are ++ external inputs, so this routine will do basic validation for both descriptors ++ and report status. ++ + @param[in] BlockIo BlockIo interface. + @param[in] DiskIo DiskIo interface. + @param[in] Volume UDF volume information structure. +@@ -2489,7 +2496,8 @@ GetVolumeSize ( + + ExtentAd = &LogicalVolDesc->IntegritySequenceExtent; + +- if (ExtentAd->ExtentLength == 0) { ++ if ((ExtentAd->ExtentLength == 0) || ++ (ExtentAd->ExtentLength < sizeof (UDF_LOGICAL_VOLUME_INTEGRITY))) { + return EFI_VOLUME_CORRUPTED; + } + +@@ -2529,6 +2537,13 @@ GetVolumeSize ( + goto Out_Free; + } + ++ if ((LogicalVolInt->NumberOfPartitions > MAX_UINT32 / sizeof (UINT32) / 2) || ++ (LogicalVolInt->NumberOfPartitions * sizeof (UINT32) * 2 > ++ ExtentAd->ExtentLength - sizeof (UDF_LOGICAL_VOLUME_INTEGRITY))) { ++ Status = EFI_VOLUME_CORRUPTED; ++ goto Out_Free; ++ } ++ + *VolumeSize = 0; + *FreeSpaceSize = 0; + +diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h b/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h +index 9b82441..b054c62 100644 +--- a/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h ++++ b/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h +@@ -903,6 +903,13 @@ SetFileInfo ( + /** + Get volume and free space size information of an UDF volume. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The Logical Volume Descriptor and the Logical Volume Integrity Descriptor are ++ external inputs, so this routine will do basic validation for both descriptors ++ and report status. ++ + @param[in] BlockIo BlockIo interface. + @param[in] DiskIo DiskIo interface. + @param[in] Volume UDF volume information structure. +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-the-read-of-F.patch b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-the-read-of-F.patch new file mode 100644 index 0000000..539ce62 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-the-read-of-F.patch @@ -0,0 +1,156 @@ +From 8a7cd4ba31848171f596a1eb1df0bc06633d3276 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 22 Mar 2019 21:53:21 +0100 +Subject: [PATCH 5/8] MdeModulePkg/UdfDxe: Add boundary check the read of + FE/EFE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190322205323.17693-4-lersek@redhat.com> +Patchwork-id: 85130 +O-Subject: [RHEL-7.7 ovmf PATCH 3/5] MdeModulePkg/UdfDxe: Add boundary check the + read of FE/EFE +Bugzilla: 1691647 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Hao Wu + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828 + +Within ReadFile(): + +Add checks to ensure that when getting the raw data or the Allocation +Descriptors' data from a FE/EFE, it will not consume data beyond the +size of a FE/EFE. + +Cc: Ruiyu Ni +Cc: Jiewen Yao +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Hao Wu +Reviewed-by: Paulo Alcantara +Acked-by: Star Zeng +(cherry picked from commit 5c0748f43f4e1cc15fdd0be64a764eacd7df92f6) +Signed-off-by: Laszlo Ersek +--- + .../Universal/Disk/UdfDxe/FileSystemOperations.c | 54 ++++++++++++++++++++-- + 1 file changed, 50 insertions(+), 4 deletions(-) + +diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +index 424f41c..0012075 100644 +--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c ++++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +@@ -504,15 +504,27 @@ DuplicateFe ( + + NOTE: The FE/EFE can be thought it was an inode. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The (Extended) File Entry is external input, so this routine will do basic ++ validation for (Extended) File Entry and report status. ++ + @param[in] FileEntryData (Extended) File Entry pointer. ++ @param[in] FileEntrySize Size of the (Extended) File Entry specified ++ by FileEntryData. + @param[out] Data Buffer contains the raw data of a given + (Extended) File Entry. + @param[out] Length Length of the data in Buffer. + ++ @retval EFI_SUCCESS Raw data and size of the FE/EFE was read. ++ @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted. ++ + **/ +-VOID ++EFI_STATUS + GetFileEntryData ( + IN VOID *FileEntryData, ++ IN UINTN FileEntrySize, + OUT VOID **Data, + OUT UINT64 *Length + ) +@@ -536,20 +548,40 @@ GetFileEntryData ( + *Data = (VOID *)((UINT8 *)FileEntry->Data + + FileEntry->LengthOfExtendedAttributes); + } ++ ++ if ((*Length > FileEntrySize) || ++ ((UINTN)FileEntryData > (UINTN)(*Data)) || ++ ((UINTN)(*Data) - (UINTN)FileEntryData > FileEntrySize - *Length)) { ++ return EFI_VOLUME_CORRUPTED; ++ } ++ return EFI_SUCCESS; + } + + /** + Get Allocation Descriptors' data information from a given FE/EFE. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The (Extended) File Entry is external input, so this routine will do basic ++ validation for (Extended) File Entry and report status. ++ + @param[in] FileEntryData (Extended) File Entry pointer. ++ @param[in] FileEntrySize Size of the (Extended) File Entry specified ++ by FileEntryData. + @param[out] AdsData Buffer contains the Allocation Descriptors' + data from a given FE/EFE. + @param[out] Length Length of the data in AdsData. + ++ @retval EFI_SUCCESS The data and size of Allocation Descriptors ++ were read from the FE/EFE. ++ @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted. ++ + **/ +-VOID ++EFI_STATUS + GetAdsInformation ( + IN VOID *FileEntryData, ++ IN UINTN FileEntrySize, + OUT VOID **AdsData, + OUT UINT64 *Length + ) +@@ -573,6 +605,13 @@ GetAdsInformation ( + *AdsData = (VOID *)((UINT8 *)FileEntry->Data + + FileEntry->LengthOfExtendedAttributes); + } ++ ++ if ((*Length > FileEntrySize) || ++ ((UINTN)FileEntryData > (UINTN)(*AdsData)) || ++ ((UINTN)(*AdsData) - (UINTN)FileEntryData > FileEntrySize - *Length)) { ++ return EFI_VOLUME_CORRUPTED; ++ } ++ return EFI_SUCCESS; + } + + /** +@@ -1066,7 +1105,10 @@ ReadFile ( + // + // There are no extents for this FE/EFE. All data is inline. + // +- GetFileEntryData (FileEntryData, &Data, &Length); ++ Status = GetFileEntryData (FileEntryData, Volume->FileEntrySize, &Data, &Length); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } + + if (ReadFileInfo->Flags == ReadFileGetFileSize) { + ReadFileInfo->ReadLength = Length; +@@ -1110,7 +1152,11 @@ ReadFile ( + // This FE/EFE contains a run of Allocation Descriptors. Get data + size + // for start reading them out. + // +- GetAdsInformation (FileEntryData, &Data, &Length); ++ Status = GetAdsInformation (FileEntryData, Volume->FileEntrySize, &Data, &Length); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ + AdOffset = 0; + + for (;;) { +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-UdfDxe-Refine-boundary-checks-for-file-.patch b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Refine-boundary-checks-for-file-.patch new file mode 100644 index 0000000..75f4fb9 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-UdfDxe-Refine-boundary-checks-for-file-.patch @@ -0,0 +1,358 @@ +From 070a96e19dc08a87906035a1b0a67e8a3973a900 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 22 Mar 2019 21:53:20 +0100 +Subject: [PATCH 4/8] MdeModulePkg/UdfDxe: Refine boundary checks for file/path + name string +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190322205323.17693-3-lersek@redhat.com> +Patchwork-id: 85132 +O-Subject: [RHEL-7.7 ovmf PATCH 2/5] MdeModulePkg/UdfDxe: Refine boundary checks + for file/path name string +Bugzilla: 1691647 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Hao Wu + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=828 + +The commit refines the boundary checks for file/path name string to +prevent possible buffer overrun. + +Cc: Ruiyu Ni +Cc: Jiewen Yao +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Hao Wu +Reviewed-by: Paulo Alcantara +Acked-by: Star Zeng +(cherry picked from commit b9ae1705adfdd43668027a25a2b03c2e81960219) +Signed-off-by: Laszlo Ersek +--- + MdeModulePkg/Universal/Disk/UdfDxe/File.c | 30 ++++++++-- + .../Universal/Disk/UdfDxe/FileSystemOperations.c | 65 +++++++++++++++++++--- + MdeModulePkg/Universal/Disk/UdfDxe/Udf.h | 30 +++++++++- + 3 files changed, 110 insertions(+), 15 deletions(-) + +diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/File.c b/MdeModulePkg/Universal/Disk/UdfDxe/File.c +index 6f07bf2..bd723d0 100644 +--- a/MdeModulePkg/Universal/Disk/UdfDxe/File.c ++++ b/MdeModulePkg/Universal/Disk/UdfDxe/File.c +@@ -2,6 +2,7 @@ + Handle operations in files and directories from UDF/ECMA-167 file systems. + + Copyright (C) 2014-2017 Paulo Alcantara ++ Copyright (c) 2018, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this +@@ -248,7 +249,7 @@ UdfOpen ( + FileName = TempFileName + 1; + } + +- StrCpyS (NewPrivFileData->FileName, UDF_PATH_LENGTH, FileName); ++ StrCpyS (NewPrivFileData->FileName, UDF_FILENAME_LENGTH, FileName); + + Status = GetFileSize ( + PrivFsData->BlockIo, +@@ -444,7 +445,7 @@ UdfRead ( + FreePool ((VOID *)NewFileEntryData); + NewFileEntryData = FoundFile.FileEntry; + +- Status = GetFileNameFromFid (NewFileIdentifierDesc, FileName); ++ Status = GetFileNameFromFid (NewFileIdentifierDesc, ARRAY_SIZE (FileName), FileName); + if (EFI_ERROR (Status)) { + FreePool ((VOID *)FoundFile.FileIdentifierDesc); + goto Error_Get_FileName; +@@ -456,7 +457,7 @@ UdfRead ( + FoundFile.FileIdentifierDesc = NewFileIdentifierDesc; + FoundFile.FileEntry = NewFileEntryData; + +- Status = GetFileNameFromFid (FoundFile.FileIdentifierDesc, FileName); ++ Status = GetFileNameFromFid (FoundFile.FileIdentifierDesc, ARRAY_SIZE (FileName), FileName); + if (EFI_ERROR (Status)) { + goto Error_Get_FileName; + } +@@ -718,6 +719,12 @@ UdfSetPosition ( + /** + Get information about a file. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The File Set Descriptor is external input, so this routine will do basic ++ validation for File Set Descriptor and report status. ++ + @param This Protocol instance pointer. + @param InformationType Type of information to return in Buffer. + @param BufferSize On input size of buffer, on output amount of data in +@@ -794,6 +801,10 @@ UdfGetInfo ( + *String = *(UINT8 *)(OstaCompressed + Index) << 8; + Index++; + } else { ++ if (Index > ARRAY_SIZE (VolumeLabel)) { ++ return EFI_VOLUME_CORRUPTED; ++ } ++ + *String = 0; + } + +@@ -813,7 +824,11 @@ UdfGetInfo ( + String++; + } + +- *String = L'\0'; ++ Index = ((UINTN)String - (UINTN)VolumeLabel) / sizeof (CHAR16); ++ if (Index > ARRAY_SIZE (VolumeLabel) - 1) { ++ Index = ARRAY_SIZE (VolumeLabel) - 1; ++ } ++ VolumeLabel[Index] = L'\0'; + + FileSystemInfoLength = StrSize (VolumeLabel) + + sizeof (EFI_FILE_SYSTEM_INFO); +@@ -823,8 +838,11 @@ UdfGetInfo ( + } + + FileSystemInfo = (EFI_FILE_SYSTEM_INFO *)Buffer; +- StrCpyS (FileSystemInfo->VolumeLabel, ARRAY_SIZE (VolumeLabel), +- VolumeLabel); ++ StrCpyS ( ++ FileSystemInfo->VolumeLabel, ++ (*BufferSize - OFFSET_OF (EFI_FILE_SYSTEM_INFO, VolumeLabel)) / sizeof (CHAR16), ++ VolumeLabel ++ ); + Status = GetVolumeSize ( + PrivFsData->BlockIo, + PrivFsData->DiskIo, +diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +index ecc1723..424f41c 100644 +--- a/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c ++++ b/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c +@@ -2,6 +2,7 @@ + Handle on-disk format and volume structures in UDF/ECMA-167 file systems. + + Copyright (C) 2014-2017 Paulo Alcantara ++ Copyright (c) 2018, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this +@@ -1412,7 +1413,7 @@ InternalFindFile ( + break; + } + } else { +- Status = GetFileNameFromFid (FileIdentifierDesc, FoundFileName); ++ Status = GetFileNameFromFid (FileIdentifierDesc, ARRAY_SIZE (FoundFileName), FoundFileName); + if (EFI_ERROR (Status)) { + break; + } +@@ -1705,6 +1706,11 @@ FindFile ( + while (*FilePath != L'\0') { + FileNamePointer = FileName; + while (*FilePath != L'\0' && *FilePath != L'\\') { ++ if ((((UINTN)FileNamePointer - (UINTN)FileName) / sizeof (CHAR16)) >= ++ (ARRAY_SIZE (FileName) - 1)) { ++ return EFI_NOT_FOUND; ++ } ++ + *FileNamePointer++ = *FilePath++; + } + +@@ -1882,22 +1888,38 @@ ReadDirectoryEntry ( + Get a filename (encoded in OSTA-compressed format) from a File Identifier + Descriptor on an UDF volume. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The File Identifier Descriptor is external input, so this routine will do ++ basic validation for File Identifier Descriptor and report status. ++ + @param[in] FileIdentifierDesc File Identifier Descriptor pointer. ++ @param[in] CharMax The maximum number of FileName Unicode char, ++ including terminating null char. + @param[out] FileName Decoded filename. + + @retval EFI_SUCCESS Filename decoded and read. + @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted. ++ @retval EFI_BUFFER_TOO_SMALL The string buffer FileName cannot hold the ++ decoded filename. + **/ + EFI_STATUS + GetFileNameFromFid ( + IN UDF_FILE_IDENTIFIER_DESCRIPTOR *FileIdentifierDesc, ++ IN UINTN CharMax, + OUT CHAR16 *FileName + ) + { +- UINT8 *OstaCompressed; +- UINT8 CompressionId; +- UINT8 Length; +- UINTN Index; ++ UINT8 *OstaCompressed; ++ UINT8 CompressionId; ++ UINT8 Length; ++ UINTN Index; ++ CHAR16 *FileNameBak; ++ ++ if (CharMax == 0) { ++ return EFI_BUFFER_TOO_SMALL; ++ } + + OstaCompressed = + (UINT8 *)( +@@ -1910,10 +1932,22 @@ GetFileNameFromFid ( + return EFI_VOLUME_CORRUPTED; + } + ++ FileNameBak = FileName; ++ + // + // Decode filename. + // + Length = FileIdentifierDesc->LengthOfFileIdentifier; ++ if (CompressionId == 16) { ++ if (((UINTN)Length >> 1) > CharMax) { ++ return EFI_BUFFER_TOO_SMALL; ++ } ++ } else { ++ if ((Length != 0) && ((UINTN)Length - 1 > CharMax)) { ++ return EFI_BUFFER_TOO_SMALL; ++ } ++ } ++ + for (Index = 1; Index < Length; Index++) { + if (CompressionId == 16) { + *FileName = OstaCompressed[Index++] << 8; +@@ -1928,7 +1962,11 @@ GetFileNameFromFid ( + FileName++; + } + +- *FileName = L'\0'; ++ Index = ((UINTN)FileName - (UINTN)FileNameBak) / sizeof (CHAR16); ++ if (Index > CharMax - 1) { ++ Index = CharMax - 1; ++ } ++ FileNameBak[Index] = L'\0'; + + return EFI_SUCCESS; + } +@@ -1936,6 +1974,12 @@ GetFileNameFromFid ( + /** + Resolve a symlink file on an UDF volume. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The Path Component is external input, so this routine will do basic ++ validation for Path Component and report status. ++ + @param[in] BlockIo BlockIo interface. + @param[in] DiskIo DiskIo interface. + @param[in] Volume UDF volume information structure. +@@ -2054,6 +2098,9 @@ ResolveSymlink ( + Index) << 8; + Index++; + } else { ++ if (Index > ARRAY_SIZE (FileName)) { ++ return EFI_UNSUPPORTED; ++ } + *Char = 0; + } + +@@ -2064,7 +2111,11 @@ ResolveSymlink ( + Char++; + } + +- *Char = L'\0'; ++ Index = ((UINTN)Char - (UINTN)FileName) / sizeof (CHAR16); ++ if (Index > ARRAY_SIZE (FileName) - 1) { ++ Index = ARRAY_SIZE (FileName) - 1; ++ } ++ FileName[Index] = L'\0'; + break; + } + +diff --git a/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h b/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h +index d441539..9b82441 100644 +--- a/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h ++++ b/MdeModulePkg/Universal/Disk/UdfDxe/Udf.h +@@ -2,6 +2,7 @@ + UDF/ECMA-167 file system driver. + + Copyright (C) 2014-2017 Paulo Alcantara ++ Copyright (c) 2018, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this +@@ -559,9 +560,16 @@ UdfSetPosition ( + /** + Get information about a file. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The File Set Descriptor is external input, so this routine will do basic ++ validation for File Set Descriptor and report status. ++ + @param This Protocol instance pointer. + @param InformationType Type of information to return in Buffer. +- @param BufferSize On input size of buffer, on output amount of data in buffer. ++ @param BufferSize On input size of buffer, on output amount of data in ++ buffer. + @param Buffer The buffer to return data. + + @retval EFI_SUCCESS Data was returned. +@@ -571,7 +579,8 @@ UdfSetPosition ( + @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted. + @retval EFI_WRITE_PROTECTED The device is write protected. + @retval EFI_ACCESS_DENIED The file was open for read only. +- @retval EFI_BUFFER_TOO_SMALL Buffer was too small; required size returned in BufferSize. ++ @retval EFI_BUFFER_TOO_SMALL Buffer was too small; required size returned in ++ BufferSize. + + **/ + EFI_STATUS +@@ -769,21 +778,38 @@ ReadDirectoryEntry ( + Get a filename (encoded in OSTA-compressed format) from a File Identifier + Descriptor on an UDF volume. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The File Identifier Descriptor is external input, so this routine will do ++ basic validation for File Identifier Descriptor and report status. ++ + @param[in] FileIdentifierDesc File Identifier Descriptor pointer. ++ @param[in] CharMax The maximum number of FileName Unicode char, ++ including terminating null char. + @param[out] FileName Decoded filename. + + @retval EFI_SUCCESS Filename decoded and read. + @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted. ++ @retval EFI_BUFFER_TOO_SMALL The string buffer FileName cannot hold the ++ decoded filename. + **/ + EFI_STATUS + GetFileNameFromFid ( + IN UDF_FILE_IDENTIFIER_DESCRIPTOR *FileIdentifierDesc, ++ IN UINTN CharMax, + OUT CHAR16 *FileName + ); + + /** + Resolve a symlink file on an UDF volume. + ++ @attention This is boundary function that may receive untrusted input. ++ @attention The input is from FileSystem. ++ ++ The Path Component is external input, so this routine will do basic ++ validation for Path Component and report status. ++ + @param[in] BlockIo BlockIo interface. + @param[in] DiskIo DiskIo interface. + @param[in] Volume UDF volume information structure. +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-UsbBusDxe-Fix-wrong-buffer-length-used-.patch b/SOURCES/ovmf-MdeModulePkg-UsbBusDxe-Fix-wrong-buffer-length-used-.patch new file mode 100644 index 0000000..d093043 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-UsbBusDxe-Fix-wrong-buffer-length-used-.patch @@ -0,0 +1,264 @@ +From 665567cda914855b29632120174ab28be8c6df58 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 9 Apr 2019 16:11:36 +0200 +Subject: [PATCH 8/8] MdeModulePkg UsbBusDxe: Fix wrong buffer length used to + read hub desc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190409141136.27390-2-lersek@redhat.com> +Patchwork-id: 85539 +O-Subject: [RHEL-7.7 ovmf PATCH 1/1] MdeModulePkg UsbBusDxe: Fix wrong buffer + length used to read hub desc +Bugzilla: 1697534 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +From: Star Zeng + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=973 + +HUB descriptor has variable length. +But the code uses stack (HubDesc in UsbHubInit) with fixed length +sizeof(EFI_USB_HUB_DESCRIPTOR) to hold HUB descriptor data. +It uses hard code length value (32 that is greater than +sizeof(EFI_USB_HUB_DESCRIPTOR)) for SuperSpeed path, then there will +be stack overflow when IOMMU is enabled because the Unmap operation +will copy the data from device buffer to host buffer. +And it uses HubDesc->Length for none SuperSpeed path, then there will +be stack overflow when HubDesc->Length is greater than +sizeof(EFI_USB_HUB_DESCRIPTOR). + +The patch updates the code to use a big enough buffer to hold the +descriptor data. +The definition EFI_USB_SUPER_SPEED_HUB_DESCRIPTOR is wrong (HubDelay +field should be UINT16 type) and no code is using it, the patch +removes it. + +Cc: Jiewen Yao +Cc: Ruiyu Ni +Cc: Bret Barkelew +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Star Zeng +Reviewed-by: Bret Barkelew +(cherry picked from commit acebdf14c985c5c9f50b37ece0b15ada87767359) +Signed-off-by: Laszlo Ersek +--- + MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.c | 96 +++++++++++---------------------- + MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.h | 14 +---- + 2 files changed, 32 insertions(+), 78 deletions(-) + +diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.c b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.c +index fabb441..a962f76 100644 +--- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.c ++++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.c +@@ -2,7 +2,7 @@ + + Unified interface for RootHub and Hub. + +-Copyright (c) 2007 - 2016, Intel Corporation. All rights reserved.
++Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -201,42 +201,7 @@ UsbHubCtrlClearTTBuffer ( + } + + /** +- Usb hub control transfer to get the super speed hub descriptor. +- +- @param HubDev The hub device. +- @param Buf The buffer to hold the descriptor. +- +- @retval EFI_SUCCESS The hub descriptor is retrieved. +- @retval Others Failed to retrieve the hub descriptor. +- +-**/ +-EFI_STATUS +-UsbHubCtrlGetSuperSpeedHubDesc ( +- IN USB_DEVICE *HubDev, +- OUT VOID *Buf +- ) +-{ +- EFI_STATUS Status; +- +- Status = EFI_INVALID_PARAMETER; +- +- Status = UsbCtrlRequest ( +- HubDev, +- EfiUsbDataIn, +- USB_REQ_TYPE_CLASS, +- USB_HUB_TARGET_HUB, +- USB_HUB_REQ_GET_DESC, +- (UINT16) (USB_DESC_TYPE_HUB_SUPER_SPEED << 8), +- 0, +- Buf, +- 32 +- ); +- +- return Status; +-} +- +-/** +- Usb hub control transfer to get the hub descriptor. ++ Usb hub control transfer to get the (super speed) hub descriptor. + + @param HubDev The hub device. + @param Buf The buffer to hold the descriptor. +@@ -254,6 +219,11 @@ UsbHubCtrlGetHubDesc ( + ) + { + EFI_STATUS Status; ++ UINT8 DescType; ++ ++ DescType = (HubDev->Speed == EFI_USB_SPEED_SUPER) ? ++ USB_DESC_TYPE_HUB_SUPER_SPEED : ++ USB_DESC_TYPE_HUB; + + Status = UsbCtrlRequest ( + HubDev, +@@ -261,7 +231,7 @@ UsbHubCtrlGetHubDesc ( + USB_REQ_TYPE_CLASS, + USB_HUB_TARGET_HUB, + USB_HUB_REQ_GET_DESC, +- (UINT16) (USB_DESC_TYPE_HUB << 8), ++ (UINT16) (DescType << 8), + 0, + Buf, + Len +@@ -475,29 +445,19 @@ UsbHubReadDesc ( + { + EFI_STATUS Status; + +- if (HubDev->Speed == EFI_USB_SPEED_SUPER) { +- // +- // Get the super speed hub descriptor +- // +- Status = UsbHubCtrlGetSuperSpeedHubDesc (HubDev, HubDesc); +- } else { +- +- // +- // First get the hub descriptor length +- // +- Status = UsbHubCtrlGetHubDesc (HubDev, HubDesc, 2); +- +- if (EFI_ERROR (Status)) { +- return Status; +- } ++ // ++ // First get the hub descriptor length ++ // ++ Status = UsbHubCtrlGetHubDesc (HubDev, HubDesc, 2); + +- // +- // Get the whole hub descriptor +- // +- Status = UsbHubCtrlGetHubDesc (HubDev, HubDesc, HubDesc->Length); ++ if (EFI_ERROR (Status)) { ++ return Status; + } + +- return Status; ++ // ++ // Get the whole hub descriptor ++ // ++ return UsbHubCtrlGetHubDesc (HubDev, HubDesc, HubDesc->Length); + } + + +@@ -690,7 +650,8 @@ UsbHubInit ( + IN USB_INTERFACE *HubIf + ) + { +- EFI_USB_HUB_DESCRIPTOR HubDesc; ++ UINT8 HubDescBuffer[256]; ++ EFI_USB_HUB_DESCRIPTOR *HubDesc; + USB_ENDPOINT_DESC *EpDesc; + USB_INTERFACE_SETTING *Setting; + EFI_USB_IO_PROTOCOL *UsbIo; +@@ -725,14 +686,19 @@ UsbHubInit ( + return EFI_DEVICE_ERROR; + } + +- Status = UsbHubReadDesc (HubDev, &HubDesc); ++ // ++ // The length field of descriptor is UINT8 type, so the buffer ++ // with 256 bytes is enough to hold the descriptor data. ++ // ++ HubDesc = (EFI_USB_HUB_DESCRIPTOR *) HubDescBuffer; ++ Status = UsbHubReadDesc (HubDev, HubDesc); + + if (EFI_ERROR (Status)) { + DEBUG (( EFI_D_ERROR, "UsbHubInit: failed to read HUB descriptor %r\n", Status)); + return Status; + } + +- HubIf->NumOfPort = HubDesc.NumPorts; ++ HubIf->NumOfPort = HubDesc->NumPorts; + + DEBUG (( EFI_D_INFO, "UsbHubInit: hub %d has %d ports\n", HubDev->Address,HubIf->NumOfPort)); + +@@ -751,7 +717,7 @@ UsbHubInit ( + DEBUG ((EFI_D_INFO, "UsbHubInit: Set Hub Depth as 0x%x\n", Depth)); + UsbHubCtrlSetHubDepth (HubIf->Device, Depth); + +- for (Index = 0; Index < HubDesc.NumPorts; Index++) { ++ for (Index = 0; Index < HubDesc->NumPorts; Index++) { + UsbHubCtrlSetPortFeature (HubIf->Device, Index, USB_HUB_PORT_REMOTE_WAKE_MASK); + } + } else { +@@ -759,15 +725,15 @@ UsbHubInit ( + // Feed power to all the hub ports. It should be ok + // for both gang/individual powered hubs. + // +- for (Index = 0; Index < HubDesc.NumPorts; Index++) { ++ for (Index = 0; Index < HubDesc->NumPorts; Index++) { + UsbHubCtrlSetPortFeature (HubIf->Device, Index, (EFI_USB_PORT_FEATURE) USB_HUB_PORT_POWER); + } + + // + // Update for the usb hub has no power on delay requirement + // +- if (HubDesc.PwrOn2PwrGood > 0) { +- gBS->Stall (HubDesc.PwrOn2PwrGood * USB_SET_PORT_POWER_STALL); ++ if (HubDesc->PwrOn2PwrGood > 0) { ++ gBS->Stall (HubDesc->PwrOn2PwrGood * USB_SET_PORT_POWER_STALL); + } + UsbHubAckHubStatus (HubIf->Device); + } +diff --git a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.h b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.h +index 4e5fcd8..fe9f1f7 100644 +--- a/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.h ++++ b/MdeModulePkg/Bus/Usb/UsbBusDxe/UsbHub.h +@@ -2,7 +2,7 @@ + + The definition for USB hub. + +-Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.
++Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -115,18 +115,6 @@ typedef struct { + UINT8 Filler[16]; + } EFI_USB_HUB_DESCRIPTOR; + +-typedef struct { +- UINT8 Length; +- UINT8 DescType; +- UINT8 NumPorts; +- UINT16 HubCharacter; +- UINT8 PwrOn2PwrGood; +- UINT8 HubContrCurrent; +- UINT8 HubHdrDecLat; +- UINT8 HubDelay; +- UINT8 DeviceRemovable; +-} EFI_USB_SUPER_SPEED_HUB_DESCRIPTOR; +- + #pragma pack() + + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch b/SOURCES/ovmf-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch new file mode 100644 index 0000000..e77f913 --- /dev/null +++ b/SOURCES/ovmf-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch @@ -0,0 +1,80 @@ +From 0afba771bf42a9793e86bc565f23a8ca99d53dbb Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Wed, 13 Feb 2019 09:50:44 +0100 +Subject: [PATCH 01/13] MdeModulePkg Variable: Fix Timestamp zeroing issue on + APPEND_WRITE + +Message-id: <20190213085050.20766-2-philmd@redhat.com> +Patchwork-id: 84478 +O-Subject: [RHEL-7.7 ovmf PATCH v3 1/7] MdeModulePkg Variable: Fix Timestamp + zeroing issue on APPEND_WRITE +Bugzilla: 1666586 +Acked-by: Laszlo Ersek +Acked-by: Vitaly Kuznetsov + +From: Laszlo Ersek + +From: Star Zeng + +--v-- RHEL7 note start --v-- + +This patch fixes CVE-2018-3613. Unfortunately, the upstream subject line +does not include the CVE number. I've decided to stick with the upstream +subject verbatim in the backport, so we can more easily drop this patch at +the next rebase. On the upstream list, I did complain loudly, so there's +hope the next CVE fix will advertise the CVE number in the subject. + +In practice, the vulnerability is difficult to exploit. Please refer to +the following messages in the upstream discussion: + + https://lists.01.org/pipermail/edk2-devel/2018-October/031103.html + https://lists.01.org/pipermail/edk2-devel/2018-October/031140.html + +--^-- RHEL7 note end --^-- + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415 + +When SetVariable() to a time based auth variable with APPEND_WRITE +attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in +the input Data is earlier than current value, it will cause timestamp +zeroing. + +This issue may bring time based auth variable downgrade problem. +For example: +A vendor released three certs at 2014, 2015, and 2016, and system +integrated the 2016 cert. User can SetVariable() with 2015 cert and +APPEND_WRITE attribute to cause timestamp zeroing first, then +SetVariable() with 2014 cert to downgrade the cert. + +This patch fixes this issue. + +Cc: Jiewen Yao +Cc: Chao Zhang +Cc: Jian J Wang +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Star Zeng +Reviewed-by: Jiewen Yao +(cherry picked from commit b7dc8888f31402f410c53242839271ba3b94b619) +Signed-off-by: Laszlo Ersek +(cherry picked from commit 3b8ff18ad4ac1af740a979ad27fb83dbbdca70ef) +Signed-off-by: Philippe Mathieu-Daude +--- + MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +index 6caf603..60439b5 100644 +--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c ++++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +@@ -2460,6 +2460,8 @@ UpdateVariable ( + if (Variable->CurrPtr != NULL) { + if (VariableCompareTimeStampInternal (&(((AUTHENTICATED_VARIABLE_HEADER *) CacheVariable->CurrPtr)->TimeStamp), TimeStamp)) { + CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof (EFI_TIME)); ++ } else { ++ CopyMem (&AuthVariable->TimeStamp, &(((AUTHENTICATED_VARIABLE_HEADER *) CacheVariable->CurrPtr)->TimeStamp), sizeof (EFI_TIME)); + } + } + } +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch b/SOURCES/ovmf-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch new file mode 100644 index 0000000..5a90543 --- /dev/null +++ b/SOURCES/ovmf-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch @@ -0,0 +1,128 @@ +From 6e3079460fa075f4b44c1031b1e20709979d9424 Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Wed, 13 Feb 2019 09:50:45 +0100 +Subject: [PATCH 02/13] MdePkg: Add more checker in UefiDecompressLib to access + the valid buffer only (CVE FIX) + +Message-id: <20190213085050.20766-3-philmd@redhat.com> +Patchwork-id: 84480 +O-Subject: [RHEL-7.7 ovmf PATCH v3 2/7] MdePkg: Add more checker in + UefiDecompressLib to access the valid buffer only (CVE FIX) +Bugzilla: 1666586 +Acked-by: Laszlo Ersek +Acked-by: Vitaly Kuznetsov + +From: Laszlo Ersek + +From: Liming Gao + +--v-- RHEL7 note start --v-- +Unfortunately, the upstream patch series was not structured according to +the CVE reports. This patch contributes to fixing: + +- CVE-2017-5732 +- CVE-2017-5733 +- CVE-2017-5734 +- CVE-2017-5735 + +but not CVE-2017-5731 (contrarily to the upstream commit message). The +best I could achieve up-stream was to get the "CVE FIX" expression into +the subject, and a whole-sale dump of the CVEs into the body. I had not +been invited to the original (off-list, embargoed) analysis and review. + +The trivial context difference (whitespace) is due to RHEL8 lacking +upstream commit 9095d37b8fe5 ("MdePkg: Clean up source files", +2018-06-28). I've considered backporting that (since it only cleans up +whitespace). However, the diffstat on that commit convinced me otherwise: +"729 files changed, 15667 insertions(+), 15667 deletions(-)". I've decided +not to do a partial backport of that (i.e. just for +"BaseUefiDecompressLib.c"). + +--^-- RHEL7 note end --^-- + +Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735 +https://bugzilla.tianocore.org/show_bug.cgi?id=686 + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Holtsclaw Brent +Signed-off-by: Liming Gao +Reviewed-by: Star Zeng +Acked-by: Laszlo Ersek +(cherry picked from commit 2ec7953d49677142c5f7552e9e3d96fb406ba0c4) +Signed-off-by: Laszlo Ersek +(cherry picked from commit 41129e136b621728eb5cb1c81aafcc5fedc53a12) +Signed-off-by: Philippe Mathieu-Daude +--- + .../BaseUefiDecompressLib/BaseUefiDecompressLib.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c +index e818543..0c6b1fe 100644 +--- a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c ++++ b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c +@@ -152,6 +152,7 @@ MakeTable ( + UINT16 Mask; + UINT16 WordOfStart; + UINT16 WordOfCount; ++ UINT16 MaxTableLength; + + // + // The maximum mapping table width supported by this internal +@@ -164,6 +165,9 @@ MakeTable ( + } + + for (Index = 0; Index < NumOfChar; Index++) { ++ if (BitLen[Index] > 16) { ++ return (UINT16) BAD_TABLE; ++ } + Count[BitLen[Index]]++; + } + +@@ -205,6 +209,7 @@ MakeTable ( + + Avail = NumOfChar; + Mask = (UINT16) (1U << (15 - TableBits)); ++ MaxTableLength = (UINT16) (1U << TableBits); + + for (Char = 0; Char < NumOfChar; Char++) { + +@@ -218,6 +223,9 @@ MakeTable ( + if (Len <= TableBits) { + + for (Index = Start[Len]; Index < NextCode; Index++) { ++ if (Index >= MaxTableLength) { ++ return (UINT16) BAD_TABLE; ++ } + Table[Index] = Char; + } + +@@ -620,11 +628,16 @@ Decode ( + // Write BytesRemain of bytes into mDstBase + // + BytesRemain--; ++ + while ((INT16) (BytesRemain) >= 0) { +- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + if (Sd->mOutBuf >= Sd->mOrigSize) { + goto Done; + } ++ if (DataIdx >= Sd->mOrigSize) { ++ Sd->mBadTableFlag = (UINT16) BAD_TABLE; ++ goto Done; ++ } ++ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; + + BytesRemain--; + } +@@ -694,7 +707,7 @@ UefiDecompressGetInfo ( + } + + CompressedSize = ReadUnaligned32 ((UINT32 *)Source); +- if (SourceSize < (CompressedSize + 8)) { ++ if (SourceSize < (CompressedSize + 8) || (CompressedSize + 8) < 8) { + return RETURN_INVALID_PARAMETER; + } + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch b/SOURCES/ovmf-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch new file mode 100644 index 0000000..13ce299 --- /dev/null +++ b/SOURCES/ovmf-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch @@ -0,0 +1,59 @@ +From c3915e0546924db36fd1cd85bf77318302168ee6 Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Wed, 13 Feb 2019 09:50:49 +0100 +Subject: [PATCH 06/13] MdePkg BaseUefiDecompressLib: Fix UEFI Decompression + logic issue +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190213085050.20766-7-philmd@redhat.com> +Patchwork-id: 84485 +O-Subject: [RHEL-7.7 ovmf PATCH v3 6/7] MdePkg BaseUefiDecompressLib: Fix UEFI + Decompression logic issue +Bugzilla: 1666586 +Acked-by: Laszlo Ersek +Acked-by: Vitaly Kuznetsov + +From: Philippe Mathieu-Daudé + +From: Liming Gao + +https://bugzilla.tianocore.org/show_bug.cgi?id=1317 + +This is a regression issue caused by 2ec7953d49677142c5f7552e9e3d96fb406ba0c4. +In Decode() function, once mOutBuf is fully filled, Decode() should return. +Current logic misses the checker of mOutBuf after while() loop. + +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Liming Gao +Cc: Michael Kinney +Reviewed-by: Yonghong Zhu +(cherry picked from commit 1c4cecc9fd314de0dce8125b0d4b45967637a401) +Signed-off-by: Philippe Mathieu-Daudé +(cherry picked from commit c46469847b68f6a1a5b42feaf0de7a83fd0bed85) +Signed-off-by: Philippe Mathieu-Daude +--- + MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c +index 0c6b1fe..8c30e97 100644 +--- a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c ++++ b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c +@@ -641,6 +641,12 @@ Decode ( + + BytesRemain--; + } ++ // ++ // Once mOutBuf is fully filled, directly return ++ // ++ if (Sd->mOutBuf >= Sd->mOrigSize) { ++ goto Done; ++ } + } + } + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch b/SOURCES/ovmf-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch new file mode 100644 index 0000000..22ef2de --- /dev/null +++ b/SOURCES/ovmf-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch @@ -0,0 +1,181 @@ +From 4c7e315ccb97dd7c3dc7f38e22b84ffbc4df90e3 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 18 May 2018 21:40:24 +0200 +Subject: [PATCH 5/5] OvmfPkg/PlatformBootManagerLib: connect Virtio RNG + devices again + +Message-id: <20180518194024.30614-3-lersek@redhat.com> +Patchwork-id: 80427 +O-Subject: [RHEL-7.6 ovmf PATCH 2/2] OvmfPkg/PlatformBootManagerLib: connect + Virtio RNG devices again +Bugzilla: 1579518 +Acked-by: Thomas Huth +Acked-by: Stefan Hajnoczi + +Virtio RNG devices are never boot devices, so in commit 245c643cc8b7 we +stopped connecting them. This is a problem because an OS boot loader may +depend on EFI_RNG_PROTOCOL to seed the OS's RNG. + +Connect Virtio RNG devices again. And, while commit 245c643cc8b7 removed +that from PlatformBootManagerAfterConsole(), reintroduce it now to +PlatformBootManagerBeforeConsole() -- this way Driver#### options launched +between both functions may access EFI_RNG_PROTOCOL too. + +Cc: Ard Biesheuvel +Cc: Jordan Justen +Fixes: 245c643cc8b73240c3b88cb55b2911b285a8c10d +Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1579518 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek +Reviewed-by: Ard Biesheuvel +(cherry picked from commit 7ebad830d6ab61f0395f6f4bae4156664bbd8086) +--- + .../Library/PlatformBootManagerLib/BdsPlatform.c | 105 +++++++++++++++++++++ + .../Library/PlatformBootManagerLib/BdsPlatform.h | 1 + + 2 files changed, 106 insertions(+) + +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +index 004b753..5d4d323 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c ++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +@@ -319,6 +319,15 @@ ConnectRootBridge ( + ); + + STATIC ++EFI_STATUS ++EFIAPI ++ConnectVirtioPciRng ( ++ IN EFI_HANDLE Handle, ++ IN VOID *Instance, ++ IN VOID *Context ++ ); ++ ++STATIC + VOID + SaveS3BootScript ( + VOID +@@ -399,6 +408,13 @@ PlatformBootManagerBeforeConsole ( + ASSERT_RETURN_ERROR (PcdStatus); + + PlatformRegisterOptionsAndKeys (); ++ ++ // ++ // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL ++ // instances on Virtio PCI RNG devices. ++ // ++ VisitAllInstancesOfProtocol (&gEfiPciIoProtocolGuid, ConnectVirtioPciRng, ++ NULL); + } + + +@@ -427,6 +443,95 @@ ConnectRootBridge ( + } + + ++STATIC ++EFI_STATUS ++EFIAPI ++ConnectVirtioPciRng ( ++ IN EFI_HANDLE Handle, ++ IN VOID *Instance, ++ IN VOID *Context ++ ) ++{ ++ EFI_PCI_IO_PROTOCOL *PciIo; ++ EFI_STATUS Status; ++ UINT16 VendorId; ++ UINT16 DeviceId; ++ UINT8 RevisionId; ++ BOOLEAN Virtio10; ++ UINT16 SubsystemId; ++ ++ PciIo = Instance; ++ ++ // ++ // Read and check VendorId. ++ // ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, ++ 1, &VendorId); ++ if (EFI_ERROR (Status)) { ++ goto Error; ++ } ++ if (VendorId != VIRTIO_VENDOR_ID) { ++ return EFI_SUCCESS; ++ } ++ ++ // ++ // Read DeviceId and RevisionId. ++ // ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, ++ 1, &DeviceId); ++ if (EFI_ERROR (Status)) { ++ goto Error; ++ } ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, PCI_REVISION_ID_OFFSET, ++ 1, &RevisionId); ++ if (EFI_ERROR (Status)) { ++ goto Error; ++ } ++ ++ // ++ // From DeviceId and RevisionId, determine whether the device is a ++ // modern-only Virtio 1.0 device. In case of Virtio 1.0, DeviceId can ++ // immediately be restricted to VIRTIO_SUBSYSTEM_ENTROPY_SOURCE, and ++ // SubsystemId will only play a sanity-check role. Otherwise, DeviceId can ++ // only be sanity-checked, and SubsystemId will decide. ++ // ++ if (DeviceId == 0x1040 + VIRTIO_SUBSYSTEM_ENTROPY_SOURCE && ++ RevisionId >= 0x01) { ++ Virtio10 = TRUE; ++ } else if (DeviceId >= 0x1000 && DeviceId <= 0x103F && RevisionId == 0x00) { ++ Virtio10 = FALSE; ++ } else { ++ return EFI_SUCCESS; ++ } ++ ++ // ++ // Read and check SubsystemId as dictated by Virtio10. ++ // ++ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, ++ PCI_SUBSYSTEM_ID_OFFSET, 1, &SubsystemId); ++ if (EFI_ERROR (Status)) { ++ goto Error; ++ } ++ if ((Virtio10 && SubsystemId >= 0x40) || ++ (!Virtio10 && SubsystemId == VIRTIO_SUBSYSTEM_ENTROPY_SOURCE)) { ++ Status = gBS->ConnectController ( ++ Handle, // ControllerHandle ++ NULL, // DriverImageHandle -- connect all drivers ++ NULL, // RemainingDevicePath -- produce all child handles ++ FALSE // Recursive -- don't follow child handles ++ ); ++ if (EFI_ERROR (Status)) { ++ goto Error; ++ } ++ } ++ return EFI_SUCCESS; ++ ++Error: ++ DEBUG ((DEBUG_ERROR, "%a: %r\n", __FUNCTION__, Status)); ++ return Status; ++} ++ ++ + /** + Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut. + +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h +index 97ffbb5..4948ca6 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h ++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h +@@ -30,6 +30,7 @@ Abstract: + #include + #include + #include ++#include + + #include + #include +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch b/SOURCES/ovmf-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch new file mode 100644 index 0000000..178873e --- /dev/null +++ b/SOURCES/ovmf-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch @@ -0,0 +1,215 @@ +From 3e05bfc48cd7b2cf4c1cbfc1d0cd2572338fad1e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 15 May 2018 12:40:05 +0200 +Subject: [PATCH 1/5] OvmfPkg/PlatformBootManagerLib: connect consoles + unconditionally + +Message-id: <20180515104005.12265-2-lersek@redhat.com> +Patchwork-id: 80268 +O-Subject: [RHEL-7.6 ovmf PATCH 1/1] OvmfPkg/PlatformBootManagerLib: connect + consoles unconditionally +Bugzilla: 1577546 +Acked-by: Stefan Hajnoczi +Acked-by: Vitaly Kuznetsov + +If both ConIn and ConOut exist, but ConIn references none of the PS/2 +keyboard, the USB wild-card keyboard, and any serial ports, then +PlatformInitializeConsole() currently allows the boot to proceed without +any input devices at all. This makes for a bad user experience -- the +firmware menu could only be entered through OsIndications, set by a guest +OS. + +Do what ArmVirtQemu does already, namely connect the consoles, and add +them to ConIn / ConOut / ErrOut, unconditionally. (The underlying +EfiBootManagerUpdateConsoleVariable() function checks for duplicates.) + +The issue used to be masked by the EfiBootManagerConnectAll() call that +got conditionalized in commit 245c643cc8b7. + +This patch is best viewed with "git show -b -W". + +Cc: Ard Biesheuvel +Cc: Jordan Justen +Fixes: 245c643cc8b73240c3b88cb55b2911b285a8c10d +Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1577546 +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Laszlo Ersek +Reviewed-by: Ard Biesheuvel +(cherry picked from commit f803c03cc2e0b6b0b0bed447a97ea2c61b04ed82) +--- + .../Library/PlatformBootManagerLib/BdsPlatform.c | 127 +++++++-------------- + 1 file changed, 44 insertions(+), 83 deletions(-) + +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +index 862fa6e..004b753 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c ++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +@@ -26,7 +26,6 @@ VOID *mEfiDevPathNotifyReg; + EFI_EVENT mEfiDevPathEvent; + VOID *mEmuVariableEventReg; + EFI_EVENT mEmuVariableEvent; +-BOOLEAN mDetectVgaOnly; + UINT16 mHostBridgeDevId; + + // +@@ -830,35 +829,33 @@ DetectAndPreparePlatformPciDevicePath ( + ); + ASSERT_EFI_ERROR (Status); + +- if (!mDetectVgaOnly) { ++ // ++ // Here we decide whether it is LPC Bridge ++ // ++ if ((IS_PCI_LPC (Pci)) || ++ ((IS_PCI_ISA_PDECODE (Pci)) && ++ (Pci->Hdr.VendorId == 0x8086) && ++ (Pci->Hdr.DeviceId == 0x7000) ++ ) ++ ) { + // +- // Here we decide whether it is LPC Bridge ++ // Add IsaKeyboard to ConIn, ++ // add IsaSerial to ConOut, ConIn, ErrOut + // +- if ((IS_PCI_LPC (Pci)) || +- ((IS_PCI_ISA_PDECODE (Pci)) && +- (Pci->Hdr.VendorId == 0x8086) && +- (Pci->Hdr.DeviceId == 0x7000) +- ) +- ) { +- // +- // Add IsaKeyboard to ConIn, +- // add IsaSerial to ConOut, ConIn, ErrOut +- // +- DEBUG ((EFI_D_INFO, "Found LPC Bridge device\n")); +- PrepareLpcBridgeDevicePath (Handle); +- return EFI_SUCCESS; +- } ++ DEBUG ((EFI_D_INFO, "Found LPC Bridge device\n")); ++ PrepareLpcBridgeDevicePath (Handle); ++ return EFI_SUCCESS; ++ } ++ // ++ // Here we decide which Serial device to enable in PCI bus ++ // ++ if (IS_PCI_16550SERIAL (Pci)) { + // +- // Here we decide which Serial device to enable in PCI bus ++ // Add them to ConOut, ConIn, ErrOut. + // +- if (IS_PCI_16550SERIAL (Pci)) { +- // +- // Add them to ConOut, ConIn, ErrOut. +- // +- DEBUG ((EFI_D_INFO, "Found PCI 16550 SERIAL device\n")); +- PreparePciSerialDevicePath (Handle); +- return EFI_SUCCESS; +- } ++ DEBUG ((EFI_D_INFO, "Found PCI 16550 SERIAL device\n")); ++ PreparePciSerialDevicePath (Handle); ++ return EFI_SUCCESS; + } + + // +@@ -878,26 +875,6 @@ DetectAndPreparePlatformPciDevicePath ( + + + /** +- Do platform specific PCI Device check and add them to ConOut, ConIn, ErrOut +- +- @param[in] DetectVgaOnly - Only detect VGA device if it's TRUE. +- +- @retval EFI_SUCCESS - PCI Device check and Console variable update +- successfully. +- @retval EFI_STATUS - PCI Device check or Console variable update fail. +- +-**/ +-EFI_STATUS +-DetectAndPreparePlatformPciDevicePaths ( +- BOOLEAN DetectVgaOnly +- ) +-{ +- mDetectVgaOnly = DetectVgaOnly; +- return VisitAllPciInstances (DetectAndPreparePlatformPciDevicePath); +-} +- +- +-/** + Connect the predefined platform default console device. + + Always try to find and enable PCI display devices. +@@ -910,50 +887,34 @@ PlatformInitializeConsole ( + ) + { + UINTN Index; +- EFI_DEVICE_PATH_PROTOCOL *VarConout; +- EFI_DEVICE_PATH_PROTOCOL *VarConin; + + // +- // Connect RootBridge ++ // Do platform specific PCI Device check and add them to ConOut, ConIn, ++ // ErrOut + // +- GetEfiGlobalVariable2 (EFI_CON_OUT_VARIABLE_NAME, (VOID **) &VarConout, +- NULL); +- GetEfiGlobalVariable2 (EFI_CON_IN_VARIABLE_NAME, (VOID **) &VarConin, NULL); +- +- if (VarConout == NULL || VarConin == NULL) { +- // +- // Do platform specific PCI Device check and add them to ConOut, ConIn, +- // ErrOut +- // +- DetectAndPreparePlatformPciDevicePaths (FALSE); ++ VisitAllPciInstances (DetectAndPreparePlatformPciDevicePath); + ++ // ++ // Have chance to connect the platform default console, ++ // the platform default console is the minimum device group ++ // the platform should support ++ // ++ for (Index = 0; PlatformConsole[Index].DevicePath != NULL; ++Index) { + // +- // Have chance to connect the platform default console, +- // the platform default console is the minimum device group +- // the platform should support ++ // Update the console variable with the connect type + // +- for (Index = 0; PlatformConsole[Index].DevicePath != NULL; ++Index) { +- // +- // Update the console variable with the connect type +- // +- if ((PlatformConsole[Index].ConnectType & CONSOLE_IN) == CONSOLE_IN) { +- EfiBootManagerUpdateConsoleVariable (ConIn, +- PlatformConsole[Index].DevicePath, NULL); +- } +- if ((PlatformConsole[Index].ConnectType & CONSOLE_OUT) == CONSOLE_OUT) { +- EfiBootManagerUpdateConsoleVariable (ConOut, +- PlatformConsole[Index].DevicePath, NULL); +- } +- if ((PlatformConsole[Index].ConnectType & STD_ERROR) == STD_ERROR) { +- EfiBootManagerUpdateConsoleVariable (ErrOut, +- PlatformConsole[Index].DevicePath, NULL); +- } ++ if ((PlatformConsole[Index].ConnectType & CONSOLE_IN) == CONSOLE_IN) { ++ EfiBootManagerUpdateConsoleVariable (ConIn, ++ PlatformConsole[Index].DevicePath, NULL); ++ } ++ if ((PlatformConsole[Index].ConnectType & CONSOLE_OUT) == CONSOLE_OUT) { ++ EfiBootManagerUpdateConsoleVariable (ConOut, ++ PlatformConsole[Index].DevicePath, NULL); ++ } ++ if ((PlatformConsole[Index].ConnectType & STD_ERROR) == STD_ERROR) { ++ EfiBootManagerUpdateConsoleVariable (ErrOut, ++ PlatformConsole[Index].DevicePath, NULL); + } +- } else { +- // +- // Only detect VGA device and add them to ConOut +- // +- DetectAndPreparePlatformPciDevicePaths (TRUE); + } + } + +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-Upgrade-OpenSSL-to-1.1.0j.patch b/SOURCES/ovmf-Upgrade-OpenSSL-to-1.1.0j.patch new file mode 100644 index 0000000..aa47c88 --- /dev/null +++ b/SOURCES/ovmf-Upgrade-OpenSSL-to-1.1.0j.patch @@ -0,0 +1,192 @@ +From 05565be8fdd79d641aa22b7b7a686dd68f158ce8 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 13 Feb 2019 22:06:28 +0100 +Subject: [PATCH 13/13] Upgrade OpenSSL to 1.1.0j + +RH-Author: Laszlo Ersek +Message-id: <20190213225928.17791-5-lersek@redhat.com> +Patchwork-id: 84502 +O-Subject: [RHEL-7.7 ovmf PATCH 4/4] Upgrade OpenSSL to 1.1.0j +Bugzilla: 1650390 +RH-Acked-by: Thomas Huth +RH-Acked-by: Miroslav Rezanina + +--v-- RHEL7 note start --v-- + +(1) NOTE: this is a partial cherry-pick. We're only advancing to 1.1.0i. + + The upstream commit advanced the OpenSSL git submodule from upstream + OpenSSL commit d4e4bd2a8163 ("Prepare for 1.1.0h release", 2018-03-27) + to upstream OpenSSL commit 74f2d9c1ec5f ("Prepare for 1.1.0j release", + 2018-11-20). Meaning, upstream edk2 skipped 1.1.0i. + + However, Fedora 28 only offers 1.1.0i at this point (and it will not + be rebased again until 1.1.0k is released). Therefore hunks in the + upstream CryptoPkg commit that relate specifically to 1.1.0j have to + be dropped from the backport. + + The only such hunks are the "crypto/getenv.c" additions to the INF + files. The related upstream OpenSSL change was commit 1abdf08284af + ("Use secure_getenv(3) when available.", 2018-09-24), part of tag + "OpenSSL_1_1_0j". + + The other hunks all relate to OpenSSL commits present in tag + "OpenSSL_1_1_0i" -- hence we keep those hunks: + + * 23dec58b9c2e ("Move the loading of the ssl_conf module to + libcrypto", 2018-04-05) + + This justifies the addition of "crypto/conf/conf_ssl.c" to the INF + files. + + * 6912debb881e ("Add APIs for custom X509_LOOKUP_METHOD creation", + 2018-05-30) + + This justifies the addition of "crypto/x509/x509_meth.c" to the INF + files. + + * dcb8333087d5 ("Avoid __GNUC__ warnings when defining + DECLARE_DEPRECATED", 2018-07-11) + + This justifies the ifdeffery update in "opensslconf.h". + +(2) After this downstream patch, the affected files almost match their + upstream counterparts at commit a18f784cfdbe (i.e., at the commit + being cherry-picked). What's missing (beyond the above 1.1.0j-specific + hunks) belong to the following upstream commits, which we don't need: + + * 630f67ddfea2 ("CryptoPkg: Clean up source files", 2018-06-28), + + * 94d67262d891 ("CryptoPkg: Removing ipf which is no longer supported + from edk2.", 2018-09-25) + + (IPF stands for Itanium.) + +--^-- RHEL7 note end --^-- + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1393 + +BZ#1089 (https://bugzilla.tianocore.org/show_bug.cgi?id=1089) requests +to upgrade the OpenSSL to the latest 1.1.1 release. Since OpenSSL-1.1.1 +has many changes, more porting efforts and feature evaluation are needed. +This might lead to a situation that it cannot catch the Q1'19 stable tag. + +One of the solution is upgrade current version (1.1.0h) to 1.1.0j. +According to following web page in openssl.org, all security issues +solved in 1.1.1 have been also back-ported to 1.1.0.j. This can make +sure that no security vulnerabilities left in edk2 master before 1.1.1. + +https://www.openssl.org/news/vulnerabilities-1.1.1.html + +Cc: Ting Ye +Cc: Gang Wei +Contributed-under: TianoCore Contribution Agreement 1.1 +Signed-off-by: Jian J Wang +Reviewed-by: Gang Wei +Reviewed-by: Ting Ye +(cherry picked from commit a18f784cfdbe17855ec4376e80db927e1a81aaca) +--- + CryptoPkg/CryptoPkg.dsc | 1 + + CryptoPkg/Library/Include/openssl/opensslconf.h | 20 +++++++++++++------- + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 2 ++ + CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 2 ++ + CryptoPkg/Library/OpensslLib/process_files.pl | 0 + 5 files changed, 18 insertions(+), 7 deletions(-) + mode change 100644 => 100755 CryptoPkg/Library/OpensslLib/process_files.pl + +diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc +index b49e587..f305f95 100644 +--- a/CryptoPkg/CryptoPkg.dsc ++++ b/CryptoPkg/CryptoPkg.dsc +@@ -124,6 +124,7 @@ + CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + CryptoPkg/Library/TlsLib/TlsLib.inf ++ CryptoPkg/Library/OpensslLib/OpensslLib.inf + + CryptoPkg/CryptRuntimeDxe/CryptRuntimeDxe.inf + +diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h +index 1917d7a..28dd9ab 100644 +--- a/CryptoPkg/Library/Include/openssl/opensslconf.h ++++ b/CryptoPkg/Library/Include/openssl/opensslconf.h +@@ -2,7 +2,7 @@ + * WARNING: do not edit! + * Generated from include/openssl/opensslconf.h.in + * +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -235,12 +235,18 @@ extern "C" { + * still won't see them if the library has been built to disable deprecated + * functions. + */ +-#if defined(OPENSSL_NO_DEPRECATED) +-# define DECLARE_DEPRECATED(f) +-#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +-#else +-# define DECLARE_DEPRECATED(f) f; ++#ifndef DECLARE_DEPRECATED ++# if defined(OPENSSL_NO_DEPRECATED) ++# define DECLARE_DEPRECATED(f) ++# else ++# define DECLARE_DEPRECATED(f) f; ++# ifdef __GNUC__ ++# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) ++# undef DECLARE_DEPRECATED ++# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); ++# endif ++# endif ++# endif + #endif + + #ifndef OPENSSL_FILE +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +index 55a6fa3..b44510d 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +@@ -175,6 +175,7 @@ + $(OPENSSL_PATH)/crypto/conf/conf_mall.c + $(OPENSSL_PATH)/crypto/conf/conf_mod.c + $(OPENSSL_PATH)/crypto/conf/conf_sap.c ++ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c + $(OPENSSL_PATH)/crypto/cpt_err.c + $(OPENSSL_PATH)/crypto/cryptlib.c + $(OPENSSL_PATH)/crypto/cversion.c +@@ -418,6 +419,7 @@ + $(OPENSSL_PATH)/crypto/x509/x509_err.c + $(OPENSSL_PATH)/crypto/x509/x509_ext.c + $(OPENSSL_PATH)/crypto/x509/x509_lu.c ++ $(OPENSSL_PATH)/crypto/x509/x509_meth.c + $(OPENSSL_PATH)/crypto/x509/x509_obj.c + $(OPENSSL_PATH)/crypto/x509/x509_r2x.c + $(OPENSSL_PATH)/crypto/x509/x509_req.c +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +index f542998..46217cc 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +@@ -175,6 +175,7 @@ + $(OPENSSL_PATH)/crypto/conf/conf_mall.c + $(OPENSSL_PATH)/crypto/conf/conf_mod.c + $(OPENSSL_PATH)/crypto/conf/conf_sap.c ++ $(OPENSSL_PATH)/crypto/conf/conf_ssl.c + $(OPENSSL_PATH)/crypto/cpt_err.c + $(OPENSSL_PATH)/crypto/cryptlib.c + $(OPENSSL_PATH)/crypto/cversion.c +@@ -418,6 +419,7 @@ + $(OPENSSL_PATH)/crypto/x509/x509_err.c + $(OPENSSL_PATH)/crypto/x509/x509_ext.c + $(OPENSSL_PATH)/crypto/x509/x509_lu.c ++ $(OPENSSL_PATH)/crypto/x509/x509_meth.c + $(OPENSSL_PATH)/crypto/x509/x509_obj.c + $(OPENSSL_PATH)/crypto/x509/x509_r2x.c + $(OPENSSL_PATH)/crypto/x509/x509_req.c +diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl +old mode 100644 +new mode 100755 +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-sb.json b/SOURCES/ovmf-sb.json new file mode 100644 index 0000000..c804ac1 --- /dev/null +++ b/SOURCES/ovmf-sb.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/OVMF/OVMF_VARS.secboot.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/SOURCES/ovmf-vars-generator b/SOURCES/ovmf-vars-generator new file mode 100755 index 0000000..06d0396 --- /dev/null +++ b/SOURCES/ovmf-vars-generator @@ -0,0 +1,273 @@ +#!/bin/python +# Copyright (C) 2017 Red Hat +# Authors: +# - Patrick Uiterwijk +# - Kashyap Chamarthy +# +# Licensed under MIT License, for full text see LICENSE +# +# Purpose: Launch a QEMU guest and enroll ithe UEFI keys into an OVMF +# variables ("VARS") file. Then boot a Linux kernel with QEMU. +# Finally, perform a check to verify if Secure Boot +# is enabled. + +from __future__ import print_function + +import argparse +import os +import logging +import tempfile +import shutil +import string +import subprocess + + +def strip_special(line): + return ''.join([c for c in str(line) if c in string.printable]) + + +def generate_qemu_cmd(args, readonly, *extra_args): + if args.disable_smm: + machinetype = 'pc' + else: + machinetype = 'q35,smm=on' + machinetype += ',accel=%s' % ('kvm' if args.enable_kvm else 'tcg') + return [ + args.qemu_binary, + '-machine', machinetype, + '-display', 'none', + '-no-user-config', + '-nodefaults', + '-m', '256', + '-smp', '2,sockets=2,cores=1,threads=1', + '-chardev', 'pty,id=charserial1', + '-device', 'isa-serial,chardev=charserial1,id=serial1', + '-global', 'driver=cfi.pflash01,property=secure,value=%s' % ( + 'off' if args.disable_smm else 'on'), + '-drive', + 'file=%s,if=pflash,format=raw,unit=0,readonly=on' % ( + args.ovmf_binary), + '-drive', + 'file=%s,if=pflash,format=raw,unit=1,readonly=%s' % ( + args.out_temp, 'on' if readonly else 'off'), + '-serial', 'stdio'] + list(extra_args) + + +def download(url, target, suffix, no_download): + istemp = False + if target and os.path.exists(target): + return target, istemp + if not target: + temped = tempfile.mkstemp(prefix='qosb.', suffix='.%s' % suffix) + os.close(temped[0]) + target = temped[1] + istemp = True + if no_download: + raise Exception('%s did not exist, but downloading was disabled' % + target) + import requests + logging.debug('Downloading %s to %s', url, target) + r = requests.get(url, stream=True) + with open(target, 'wb') as f: + for chunk in r.iter_content(chunk_size=1024): + if chunk: + f.write(chunk) + return target, istemp + + +def enroll_keys(args): + shutil.copy(args.ovmf_template_vars, args.out_temp) + + logging.info('Starting enrollment') + + cmd = generate_qemu_cmd( + args, + False, + '-drive', + 'file=%s,format=raw,if=none,media=cdrom,id=drive-cd1,' + 'readonly=on' % args.uefi_shell_iso, + '-device', + 'ide-cd,drive=drive-cd1,id=cd1,' + 'bootindex=1') + p = subprocess.Popen(cmd, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + logging.info('Performing enrollment') + # Wait until the UEFI shell starts (first line is printed) + read = p.stdout.readline() + if b'char device redirected' in read: + read = p.stdout.readline() + if args.print_output: + print(strip_special(read), end='') + print() + # Send the escape char to enter the UEFI shell early + p.stdin.write(b'\x1b') + p.stdin.flush() + # And then run the following three commands from the UEFI shell: + # change into the first file system device; install the default + # keys and certificates, and reboot + p.stdin.write(b'fs0:\r\n') + p.stdin.write(b'EnrollDefaultKeys.efi\r\n') + p.stdin.write(b'reset -s\r\n') + p.stdin.flush() + while True: + read = p.stdout.readline() + if args.print_output: + print('OUT: %s' % strip_special(read), end='') + print() + if b'info: success' in read: + break + p.wait() + if args.print_output: + print(strip_special(p.stdout.read()), end='') + logging.info('Finished enrollment') + + +def test_keys(args): + logging.info('Grabbing test kernel') + kernel, kerneltemp = download(args.kernel_url, args.kernel_path, + 'kernel', args.no_download) + + logging.info('Starting verification') + try: + cmd = generate_qemu_cmd( + args, + True, + '-append', 'console=tty0 console=ttyS0,115200n8', + '-kernel', kernel) + p = subprocess.Popen(cmd, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT) + logging.info('Performing verification') + while True: + read = p.stdout.readline() + if args.print_output: + print('OUT: %s' % strip_special(read), end='') + print() + if b'Secure boot disabled' in read: + raise Exception('Secure Boot was disabled') + elif b'Secure boot enabled' in read: + logging.info('Confirmed: Secure Boot is enabled') + break + elif b'Kernel is locked down from EFI secure boot' in read: + logging.info('Confirmed: Secure Boot is enabled') + break + p.kill() + if args.print_output: + print(strip_special(p.stdout.read()), end='') + logging.info('Finished verification') + finally: + if kerneltemp: + os.remove(kernel) + + +def parse_args(): + parser = argparse.ArgumentParser() + parser.add_argument('output', help='Filename for output vars file') + parser.add_argument('--out-temp', help=argparse.SUPPRESS) + parser.add_argument('--force', help='Overwrite existing output file', + action='store_true') + parser.add_argument('--print-output', help='Print the QEMU guest output', + action='store_true') + parser.add_argument('--verbose', '-v', help='Increase verbosity', + action='count') + parser.add_argument('--quiet', '-q', help='Decrease verbosity', + action='count') + parser.add_argument('--qemu-binary', help='QEMU binary path', + default='/usr/bin/qemu-system-x86_64') + parser.add_argument('--enable-kvm', help='Enable KVM acceleration', + action='store_true') + parser.add_argument('--ovmf-binary', help='OVMF secureboot code file', + default='/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd') + parser.add_argument('--ovmf-template-vars', help='OVMF empty vars file', + default='/usr/share/edk2/ovmf/OVMF_VARS.fd') + parser.add_argument('--uefi-shell-iso', help='Path to uefi shell iso', + default='/usr/share/edk2/ovmf/UefiShell.iso') + parser.add_argument('--skip-enrollment', + help='Skip enrollment, only test', action='store_true') + parser.add_argument('--skip-testing', + help='Skip testing generated "VARS" file', + action='store_true') + parser.add_argument('--kernel-path', + help='Specify a consistent path for kernel') + parser.add_argument('--no-download', action='store_true', + help='Never download a kernel') + parser.add_argument('--fedora-version', + help='Fedora version to get kernel for checking', + default='27') + parser.add_argument('--kernel-url', help='Kernel URL', + default='https://download.fedoraproject.org/pub/fedora' + '/linux/releases/%(version)s/Everything/x86_64' + '/os/images/pxeboot/vmlinuz') + parser.add_argument('--disable-smm', + help=('Don\'t restrict varstore pflash writes to ' + 'guest code that executes in SMM. Use this ' + 'option only if your OVMF binary doesn\'t have ' + 'the edk2 SMM driver stack built into it ' + '(possibly because your QEMU binary lacks SMM ' + 'emulation). Note that without restricting ' + 'varstore pflash writes to guest code that ' + 'executes in SMM, a malicious guest kernel, ' + 'used for testing, could undermine Secure ' + 'Boot.'), + action='store_true') + args = parser.parse_args() + args.kernel_url = args.kernel_url % {'version': args.fedora_version} + + validate_args(args) + return args + + +def validate_args(args): + if (os.path.exists(args.output) + and not args.force + and not args.skip_enrollment): + raise Exception('%s already exists' % args.output) + + if args.skip_enrollment and not os.path.exists(args.output): + raise Exception('%s does not yet exist' % args.output) + + verbosity = (args.verbose or 1) - (args.quiet or 0) + if verbosity >= 2: + logging.basicConfig(level=logging.DEBUG) + elif verbosity == 1: + logging.basicConfig(level=logging.INFO) + elif verbosity < 0: + logging.basicConfig(level=logging.ERROR) + else: + logging.basicConfig(level=logging.WARN) + + if args.skip_enrollment: + args.out_temp = args.output + else: + temped = tempfile.mkstemp(prefix='qosb.', suffix='.vars') + os.close(temped[0]) + args.out_temp = temped[1] + logging.debug('Temp output: %s', args.out_temp) + + +def move_to_dest(args): + shutil.copy(args.out_temp, args.output) + os.remove(args.out_temp) + + +def main(): + args = parse_args() + if not args.skip_enrollment: + enroll_keys(args) + if not args.skip_testing: + test_keys(args) + if not args.skip_enrollment: + move_to_dest(args) + if args.skip_testing: + logging.info('Created %s' % args.output) + else: + logging.info('Created and verified %s' % args.output) + else: + logging.info('Verified %s', args.output) + + +if __name__ == '__main__': + main() diff --git a/SOURCES/ovmf-whitepaper-c770f8c.txt b/SOURCES/ovmf-whitepaper-c770f8c.txt new file mode 100644 index 0000000..ba727b4 --- /dev/null +++ b/SOURCES/ovmf-whitepaper-c770f8c.txt @@ -0,0 +1,2422 @@ +Open Virtual Machine Firmware (OVMF) Status Report +July 2014 (with updates in August 2014 - January 2015) + +Author: Laszlo Ersek +Copyright (C) 2014-2015, Red Hat, Inc. +CC BY-SA 4.0 + +Abstract +-------- + +The Unified Extensible Firmware Interface (UEFI) is a specification that +defines a software interface between an operating system and platform firmware. +UEFI is designed to replace the Basic Input/Output System (BIOS) firmware +interface. + +Hardware platform vendors have been increasingly adopting the UEFI +Specification to govern their boot firmware developments. OVMF (Open Virtual +Machine Firmware), a sub-project of Intel's EFI Development Kit II (edk2), +enables UEFI support for Ia32 and X64 Virtual Machines. + +This paper reports on the status of the OVMF project, treats features and +limitations, gives end-user hints, and examines some areas in-depth. + +Keywords: ACPI, boot options, CSM, edk2, firmware, flash, fw_cfg, KVM, memory +map, non-volatile variables, OVMF, PCD, QEMU, reset vector, S3, Secure Boot, +Smbios, SMM, TianoCore, UEFI, VBE shim, Virtio + +Table of Contents +----------------- + +- Motivation +- Scope +- Example qemu invocation +- Installation of OVMF guests with virt-manager and virt-install +- Supported guest operating systems +- Compatibility Support Module (CSM) +- Phases of the boot process +- Project structure +- Platform Configuration Database (PCD) +- Firmware image structure +- S3 (suspend to RAM and resume) +- A comprehensive memory map of OVMF +- Known Secure Boot limitations +- Variable store and LockBox in SMRAM +- Select features + - X64-specific reset vector for OVMF + - Client library for QEMU's firmware configuration interface + - Guest ACPI tables + - Guest SMBIOS tables + - Platform-specific boot policy + - Virtio drivers + - Platform Driver + - Video driver +- Afterword + +Motivation +---------- + +OVMF extends the usual benefits of virtualization to UEFI. Reasons to use OVMF +include: + +- Legacy-free guests. A UEFI-based environment eliminates dependencies on + legacy address spaces and devices. This is especially beneficial when used + with physically assigned devices where the legacy operating mode is + troublesome to support, ex. assigned graphics cards operating in legacy-free, + non-VGA mode in the guest. + +- Future proof guests. The x86 market is steadily moving towards a legacy-free + platform and guest operating systems may eventually require a UEFI + environment. OVMF provides that next generation firmware support for such + applications. + +- GUID partition tables (GPTs). MBR partition tables represent partition + offsets and sizes with 32-bit integers, in units of 512 byte sectors. This + limits the addressable portion of the disk to 2 TB. GPT represents logical + block addresses with 64 bits. + +- Liberating boot loader binaries from residing in contested and poorly defined + space between the partition table and the partitions. + +- Support for booting off disks (eg. pass-through physical SCSI devices) with a + 4kB physical and logical sector size, i.e. which don't have 512-byte block + emulation. + +- Development and testing of Secure Boot-related features in guest operating + systems. Although OVMF's Secure Boot implementation is currently not secure + against malicious UEFI drivers, UEFI applications, and guest kernels, + trusted guest code that only uses standard UEFI interfaces will find a valid + Secure Boot environment under OVMF, with working key enrollment and signature + validation. This enables development and testing of portable, Secure + Boot-related guest code. + +- Presence of non-volatile UEFI variables. This furthers development and + testing of OS installers, UEFI boot loaders, and unique, dependent guest OS + features. For example, an efivars-backed pstore (persistent storage) + file system works under Linux. + +- Altogether, a near production-level UEFI environment for virtual machines + when Secure Boot is not required. + +Scope +----- + +UEFI and especially Secure Boot have been topics fraught with controversy and +political activism. This paper sidesteps these aspects and strives to focus on +use cases, hands-on information for end users, and technical details. + +Unless stated otherwise, the expression "X supports Y" means "X is technically +compatible with interfaces provided or required by Y". It does not imply +support as an activity performed by natural persons or companies. + +We discuss the status of OVMF at a state no earlier than edk2 SVN revision +16158. The paper concentrates on upstream projects and communities, but +occasionally it pans out about OVMF as it is planned to be shipped (as +Technical Preview) in Red Hat Enterprise Linux 7.1. Such digressions are marked +with the [RHEL] margin notation. + +Although other VMMs and accelerators are known to support (or plan to support) +OVMF to various degrees -- for example, VirtualBox, Xen, BHyVe --, we'll +emphasize OVMF on qemu/KVM, because QEMU and KVM have always been Red Hat's +focus wrt. OVMF. + +The recommended upstream QEMU version is 2.1+. The recommended host Linux +kernel (KVM) version is 3.10+. The recommended QEMU machine type is +"qemu-system-x86_64 -M pc-i440fx-2.1" or later. + +The term "TianoCore" is used interchangeably with "edk2" in this paper. + +Example qemu invocation +----------------------- + +The following commands give a quick foretaste of installing a UEFI operating +system on OVMF, relying only on upstream edk2 and qemu. + +- Clone and build OVMF: + + git clone https://github.com/tianocore/edk2.git + cd edk2 + nice OvmfPkg/build.sh -a X64 -n $(getconf _NPROCESSORS_ONLN) + + (Note that this ad-hoc build will not include the Secure Boot feature.) + +- The build output file, "OVMF.fd", includes not only the executable firmware + code, but the non-volatile variable store as well. For this reason, make a + VM-specific copy of the build output (the variable store should be private to + the virtual machine): + + cp Build/OvmfX64/DEBUG_GCC4?/FV/OVMF.fd fedora.flash + + (The variable store and the firmware executable are also available in the + build output as separate files: "OVMF_VARS.fd" and "OVMF_CODE.fd". This + enables central management and updates of the firmware executable, while each + virtual machine can retain its own variable store.) + +- Download a Fedora LiveCD: + + wget https://dl.fedoraproject.org/pub/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Xfce-x86_64-20-1.iso + +- Create a virtual disk (qcow2 format, 20 GB in size): + + qemu-img create -f qcow2 fedora.img 20G + +- Create the following qemu wrapper script under the name "fedora.sh": + + # Basic virtual machine properties: a recent i440fx machine type, KVM + # acceleration, 2048 MB RAM, two VCPUs. + OPTS="-M pc-i440fx-2.1 -enable-kvm -m 2048 -smp 2" + + # The OVMF binary, including the non-volatile variable store, appears as a + # "normal" qemu drive on the host side, and it is exposed to the guest as a + # persistent flash device. + OPTS="$OPTS -drive if=pflash,format=raw,file=fedora.flash" + + # The hard disk is exposed to the guest as a virtio-block device. OVMF has a + # driver stack that supports such a disk. We specify this disk as first boot + # option. OVMF recognizes the boot order specification. + OPTS="$OPTS -drive id=disk0,if=none,format=qcow2,file=fedora.img" + OPTS="$OPTS -device virtio-blk-pci,drive=disk0,bootindex=0" + + # The Fedora installer disk appears as an IDE CD-ROM in the guest. This is + # the 2nd boot option. + OPTS="$OPTS -drive id=cd0,if=none,format=raw,readonly" + OPTS="$OPTS,file=Fedora-Live-Xfce-x86_64-20-1.iso" + OPTS="$OPTS -device ide-cd,bus=ide.1,drive=cd0,bootindex=1" + + # The following setting enables S3 (suspend to RAM). OVMF supports S3 + # suspend/resume. + OPTS="$OPTS -global PIIX4_PM.disable_s3=0" + + # OVMF emits a number of info / debug messages to the QEMU debug console, at + # ioport 0x402. We configure qemu so that the debug console is indeed + # available at that ioport. We redirect the host side of the debug console to + # a file. + OPTS="$OPTS -global isa-debugcon.iobase=0x402 -debugcon file:fedora.ovmf.log" + + # QEMU accepts various commands and queries from the user on the monitor + # interface. Connect the monitor with the qemu process's standard input and + # output. + OPTS="$OPTS -monitor stdio" + + # A USB tablet device in the guest allows for accurate pointer tracking + # between the host and the guest. + OPTS="$OPTS -device piix3-usb-uhci -device usb-tablet" + + # Provide the guest with a virtual network card (virtio-net). + # + # Normally, qemu provides the guest with a UEFI-conformant network driver + # from the iPXE project, in the form of a PCI expansion ROM. For this test, + # we disable the expansion ROM and allow OVMF's built-in virtio-net driver to + # take effect. + # + # On the host side, we use the SLIRP ("user") network backend, which has + # relatively low performance, but it doesn't require extra privileges from + # the user executing qemu. + OPTS="$OPTS -netdev id=net0,type=user" + OPTS="$OPTS -device virtio-net-pci,netdev=net0,romfile=" + + # A Spice QXL GPU is recommended as the primary VGA-compatible display + # device. It is a full-featured virtual video card, with great operating + # system driver support. OVMF supports it too. + OPTS="$OPTS -device qxl-vga" + + qemu-system-x86_64 $OPTS + +- Start the Fedora guest: + + sh fedora.sh + +- The above command can be used for both installation and later boots of the + Fedora guest. + +- In order to verify basic OVMF network connectivity: + + - Assuming that the non-privileged user running qemu belongs to group G + (where G is a numeric identifier), ensure as root on the host that the + group range in file "/proc/sys/net/ipv4/ping_group_range" includes G. + + - As the non-privileged user, boot the guest as usual. + + - On the TianoCore splash screen, press ESC. + + - Navigate to Boot Manager | EFI Internal Shell + + - In the UEFI Shell, issue the following commands: + + ifconfig -s eth0 dhcp + ping A.B.C.D + + where A.B.C.D is a public IPv4 address in dotted decimal notation that your + host can reach. + + - Type "quit" at the (qemu) monitor prompt. + +Installation of OVMF guests with virt-manager and virt-install +-------------------------------------------------------------- + +(1) Assuming OVMF has been installed on the host with the following files: + - /usr/share/OVMF/OVMF_CODE.fd + - /usr/share/OVMF/OVMF_VARS.fd + + locate the "nvram" stanza in "/etc/libvirt/qemu.conf", and edit it as + follows: + + nvram = [ "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" ] + +(2) Restart libvirtd with your Linux distribution's service management tool; + for example, + + systemctl restart libvirtd + +(3) In virt-manager, proceed with the guest installation as usual: + - select File | New Virtual Machine, + - advance to Step 5 of 5, + - in Step 5, check "Customize configuration before install", + - click Finish; + - in the customization dialog, select Overview | Firmware, and choose UEFI, + - click Apply and Begin Installation. + +(4) With virt-install: + + LDR="loader=/usr/share/OVMF/OVMF_CODE.fd,loader_ro=yes,loader_type=pflash" + virt-install \ + --name fedora20 \ + --memory 2048 \ + --vcpus 2 \ + --os-variant fedora20 \ + --boot hd,cdrom,$LDR \ + --disk size=20 \ + --disk path=Fedora-Live-Xfce-x86_64-20-1.iso,device=cdrom,bus=scsi + +(5) A popular, distribution-independent, bleeding-edge OVMF package is + available under , courtesy of Gerd Hoffmann. + + The "edk2.git-ovmf-x64" package provides the following files, among others: + - /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd + - /usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd + + When using this package, adapt steps (1) and (4) accordingly. + +(6) Additionally, the "edk2.git-ovmf-x64" package seeks to simplify the + enablement of Secure Boot in a virtual machine (strictly for development + and testing purposes). + + - Boot the virtual machine off the CD-ROM image called + "/usr/share/edk2.git/ovmf-x64/UefiShell.iso"; before or after installing + the main guest operating system. + + - When the UEFI shell appears, issue the following commands: + + EnrollDefaultKeys.efi + reset -s + + - The EnrollDefaultKeys.efi utility enrolls the following keys: + + - A static example X.509 certificate (CN=TestCommonName) as Platform Key + and first Key Exchange Key. + + The private key matching this certificate has been destroyed (but you + shouldn't trust this statement). + + - "Microsoft Corporation KEK CA 2011" as second Key Exchange Key + (SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30). + + - "Microsoft Windows Production PCA 2011" as first DB entry + (SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d). + + - "Microsoft Corporation UEFI CA 2011" as second DB entry + (SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3). + + These keys suffice to boot released versions of popular Linux + distributions (through the shim.efi utility), and Windows 8 and Windows + Server 2012 R2, in Secure Boot mode. + +Supported guest operating systems +--------------------------------- + +Upstream OVMF does not favor some guest operating systems over others for +political or ideological reasons. However, some operating systems are harder to +obtain and/or technically more difficult to support. The general expectation is +that recent UEFI OSes should just work. Please consult the "OvmfPkg/README" +file. + +The following guest OSes were tested with OVMF: +- Red Hat Enterprise Linux 6 +- Red Hat Enterprise Linux 7 +- Fedora 18 +- Fedora 19 +- Fedora 20 +- Windows Server 2008 R2 SP1 +- Windows Server 2012 +- Windows 8 + +Notes about Windows Server 2008 R2 (paraphrasing the "OvmfPkg/README" file): + +- QEMU should be started with one of the "-device qxl-vga" and "-device VGA" + options. + +- Only one video mode, 1024x768x32, is supported at OS runtime. + + Please refer to the section about QemuVideoDxe (OVMF's built-in video driver) + for more details on this limitation. + +- The qxl-vga video card is recommended ("-device qxl-vga"). After booting the + installed guest OS, select the video card in Device Manager, and upgrade the + video driver to the QXL XDDM one. + + The QXL XDDM driver can be downloaded from + , under Guest | Windows binaries. + + This driver enables additional graphics resolutions at OS runtime, and + provides S3 (suspend/resume) capability. + +Notes about Windows Server 2012 and Windows 8: + +- QEMU should be started with the "-device qxl-vga,revision=4" option (or a + later revision, if available). + +- The guest OS's builtin video driver inherits the video mode / frame buffer + from OVMF. There's no way to change the resolution at OS runtime. + + For this reason, a platform driver has been developed for OVMF, which allows + users to change the preferred video mode in the firmware. Please refer to the + section about PlatformDxe for details. + +- It is recommended to upgrade the guest OS's video driver to the QXL WDDM one, + via Device Manager. + + Binaries for the QXL WDDM driver can be found at + (pick a version greater than or + equal to 0.6), while the source code resides at + . + + This driver enables additional graphics resolutions at OS runtime, and + provides S3 (suspend/resume) capability. + +Compatibility Support Module (CSM) +---------------------------------- + +Collaboration between SeaBIOS and OVMF developers has enabled SeaBIOS to be +built as a Compatibility Support Module, and OVMF to embed and use it. + +Benefits of a SeaBIOS CSM include: + +- The ability to boot legacy (non-UEFI) operating systems, such as legacy Linux + systems, Windows 7, OpenBSD 5.2, FreeBSD 8/9, NetBSD, DragonflyBSD, Solaris + 10/11. + +- Legacy (non-UEFI-compliant) PCI expansion ROMs, such as a VGA BIOS, mapped by + QEMU in emulated devices' ROM BARs, are loaded and executed by OVMF. + + For example, this grants the Windows Server 2008 R2 SP1 guest's native, + legacy video driver access to all modes of all QEMU video cards. + +Building the CSM target of the SeaBIOS source tree is out of scope for this +report. Additionally, upstream OVMF does not enable the CSM by default. + +Interested users and developers should look for OVMF's "-D CSM_ENABLE" +build-time option, and check out the continuous +integration repository, which provides CSM-enabled OVMF builds. + +[RHEL] The "OVMF_CODE.fd" firmware image made available on the Red Hat + Enterprise Linux 7.1 host does not include a Compatibility Support + Module, for the following reasons: + + - Virtual machines running officially supported, legacy guest operating + systems should just use the standalone SeaBIOS firmware. Firmware + selection is flexible in virtualization, see eg. "Installation of OVMF + guests with virt-manager and virt-install" above. + + - The 16-bit thunking interface between OVMF and SeaBIOS is very complex + and presents a large debugging and support burden, based on past + experience. + + - Secure Boot is incompatible with CSM. + + - Inter-project dependencies should be minimized whenever possible. + + - Using the default QXL video card, the Windows 2008 R2 SP1 guest can be + installed with its built-in, legacy video driver. Said driver will + select the only available video mode, 1024x768x32. After installation, + the video driver can be upgraded to the full-featured QXL XDDM driver. + +Phases of the boot process +-------------------------- + +The PI and UEFI specifications, and Intel's UEFI and EDK II Learning and +Development materials provide ample information on PI and UEFI concepts. The +following is an absolutely minimal, rough glossary that is included only to +help readers new to PI and UEFI understand references in later, OVMF-specific +sections. We defer heavily to the official specifications and the training +materials, and frequently quote them below. + +A central concept to mention early is the GUID -- globally unique identifier. A +GUID is a 128-bit number, written as XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX, +where each X stands for a hexadecimal nibble. GUIDs are used to name everything +in PI and in UEFI. Programmers introduce new GUIDs with the "uuidgen" utility, +and standards bodies standardize well-known services by positing their GUIDs. + +The boot process is roughly divided in the following phases: + +- Reset vector code. + +- SEC: Security phase. This phase is the root of firmware integrity. + +- PEI: Pre-EFI Initialization. This phase performs "minimal processor, chipset + and platform configuration for the purpose of discovering memory". Modules in + PEI collectively save their findings about the platform in a list of HOBs + (hand-off blocks). + + When developing PEI code, the Platform Initialization (PI) specification + should be consulted. + +- DXE: Driver eXecution Environment, pronounced as "Dixie". This "is the phase + where the bulk of the booting occurs: devices are enumerated and initialized, + UEFI services are supported, and protocols and drivers are implemented. Also, + the tables that create the UEFI interface are produced". + + On the PEI/DXE boundary, the HOBs produced by PEI are consumed. For example, + this is how the memory space map is configured initially. + +- BDS: Boot Device Selection. It is "responsible for determining how and where + you want to boot the operating system". + + When developing DXE and BDS code, it is mainly the UEFI specification that + should be consulted. When speaking about DXE, BDS is frequently considered to + be a part of it. + +The following concepts are tied to specific boot process phases: + +- PEIM: a PEI Module (pronounced "PIM"). A binary module running in the PEI + phase, consuming some PPIs and producing other PPIs, and producing HOBs. + +- PPI: PEIM-to-PEIM interface. A structure of function pointers and related + data members that establishes a PEI service, or an instance of a PEI service. + PPIs are identified by GUID. + + An example is EFI_PEI_S3_RESUME2_PPI (6D582DBC-DB85-4514-8FCC-5ADF6227B147). + +- DXE driver: a binary module running in the DXE and BDS phases, consuming some + protocols and producing other protocols. + +- Protocol: A structure of function pointers and related data members that + establishes a DXE service, or an instance of a DXE service. Protocols are + identified by GUID. + + An example is EFI_BLOCK_IO_PROTOCOL (964E5B21-6459-11D2-8E39-00A0C969723B). + +- Architectural protocols: a set of standard protocols that are foundational to + the working of a UEFI system. Each architectural protocol has at most one + instance. Architectural protocols are implemented by a subset of DXE drivers. + DXE drivers explicitly list the set of protocols (including architectural + protocols) that they need to work. UEFI drivers can only be loaded once all + architectural protocols have become available during the DXE phase. + + An example is EFI_VARIABLE_WRITE_ARCH_PROTOCOL + (6441F818-6362-4E44-B570-7DBA31DD2453). + +Project structure +----------------- + +The term "OVMF" usually denotes the project (community and development effort) +that provide and maintain the subject matter UEFI firmware for virtual +machines. However the term is also frequently applied to the firmware binary +proper that a virtual machine executes. + +OVMF emerges as a compilation of several modules from the edk2 source +repository. "edk2" stands for EFI Development Kit II; it is a "modern, +feature-rich, cross-platform firmware development environment for the UEFI and +PI specifications". + +The composition of OVMF is dictated by the following build control files: + + OvmfPkg/OvmfPkgIa32.dsc + OvmfPkg/OvmfPkgIa32.fdf + + OvmfPkg/OvmfPkgIa32X64.dsc + OvmfPkg/OvmfPkgIa32X64.fdf + + OvmfPkg/OvmfPkgX64.dsc + OvmfPkg/OvmfPkgX64.fdf + +The format of these files is described in the edk2 DSC and FDF specifications. +Roughly, the DSC file determines: +- library instance resolutions for library class requirements presented by the + modules to be compiled, +- the set of modules to compile. + +The FDF file roughly determines: +- what binary modules (compilation output files, precompiled binaries, graphics + image files, verbatim binary sections) to include in the firmware image, +- how to lay out the firmware image. + +The Ia32 flavor of these files builds a firmware where both PEI and DXE phases +are 32-bit. The Ia32X64 flavor builds a firmware where the PEI phase consists +of 32-bit modules, and the DXE phase is 64-bit. The X64 flavor builds a purely +64-bit firmware. + +The word size of the DXE phase must match the word size of the runtime OS -- a +32-bit DXE can't cooperate with a 64-bit OS, and a 64-bit DXE can't work a +32-bit OS. + +OVMF pulls together modules from across the edk2 tree. For example: + +- common drivers and libraries that are platform independent are usually + located under MdeModulePkg and MdePkg, + +- common but hardware-specific drivers and libraries that match QEMU's + pc-i440fx-* machine type are pulled in from IntelFrameworkModulePkg, + PcAtChipsetPkg and UefiCpuPkg, + +- the platform independent UEFI Shell is built from ShellPkg, + +- OvmfPkg includes drivers and libraries that are useful for virtual machines + and may or may not be specific to QEMU's pc-i440fx-* machine type. + +Platform Configuration Database (PCD) +------------------------------------- + +Like the "Phases of the boot process" section, this one introduces a concept in +very raw form. We defer to the PCD related edk2 specifications, and we won't +discuss implementation details here. Our purpose is only to offer the reader a +usable (albeit possibly inaccurate) definition, so that we can refer to PCDs +later on. + +Colloquially, when we say "PCD", we actually mean "PCD entry"; that is, an +entry stored in the Platform Configuration Database. + +The Platform Configuration Database is +- a firmware-wide +- name-value store +- of scalars and buffers +- where each entry may be + - build-time constant, or + - run-time dynamic, or + - theoretically, a middle option: patchable in the firmware file itself, + using a dedicated tool. (OVMF does not utilize externally patchable + entries.) + +A PCD entry is declared in the DEC file of the edk2 top-level Package directory +whose modules (drivers and libraries) are the primary consumers of the PCD +entry. (See for example OvmfPkg/OvmfPkg.dec). Basically, a PCD in a DEC file +exposes a simple customization point. + +Interest in a PCD entry is communicated to the build system by naming the PCD +entry in the INF file of the interested module (application, driver or +library). The module may read and -- dependent on the PCD entry's category -- +write the PCD entry. + +Let's investigate the characteristics of the Database and the PCD entries. + +- Firmware-wide: technically, all modules may access all entries they are + interested in, assuming they advertise their interest in their INF files. + With careful design, PCDs enable inter-driver propagation of (simple) system + configuration. PCDs are available in both PEI and DXE. + + (UEFI drivers meant to be portable (ie. from third party vendors) are not + supposed to use PCDs, since PCDs qualify internal to the specific edk2 + firmware in question.) + +- Name-value store of scalars and buffers: each PCD has a symbolic name, and a + fixed scalar type (UINT16, UINT32 etc), or VOID* for buffers. Each PCD entry + belongs to a namespace, where a namespace is (obviously) a GUID, defined in + the DEC file. + +- A DEC file can permit several categories for a PCD: + - build-time constant ("FixedAtBuild"), + - patchable in the firmware image ("PatchableInModule", unused in OVMF), + - runtime modifiable ("Dynamic"). + +The platform description file (DSC) of a top-level Package directory may choose +the exact category for a given PCD entry that its modules wish to use, and +assign a default (or constant) initial value to it. + +In addition, the edk2 build system too can initialize PCD entries to values +that it calculates while laying out the flash device image. Such PCD +assignments are described in the FDF control file. + +Firmware image structure +------------------------ + +(We assume the common X64 choice for both PEI and DXE, and the default DEBUG +build target.) + +The OvmfPkg/OvmfPkgX64.fdf file defines the following layout for the flash +device image "OVMF.fd": + + Description Compression type Size + ------------------------------ ---------------------- ------- + Non-volatile data storage open-coded binary data 128 KB + Variable store 56 KB + Event log 4 KB + Working block 4 KB + Spare area 64 KB + + FVMAIN_COMPACT uncompressed 1712 KB + FV Firmware File System file LZMA compressed + PEIFV uncompressed 896 KB + individual PEI modules uncompressed + DXEFV uncompressed 8192 KB + individual DXE modules uncompressed + + SECFV uncompressed 208 KB + SEC driver + reset vector code + +The top-level image consists of three regions (three firmware volumes): +- non-volatile data store (128 KB), +- main firmware volume (FVMAIN_COMPACT, 1712 KB), +- firmware volume containing the reset vector code and the SEC phase code (208 + KB). + +In total, the OVMF.fd file has size 128 KB + 1712 KB + 208 KB == 2 MB. + +(1) The firmware volume with non-volatile data store (128 KB) has the following + internal structure, in blocks of 4 KB: + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L: event log + LIVE | varstore |L|W| W: working block + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + SPARE | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The first half of this firmware volume is "live", while the second half is + "spare". The spare half is important when the variable driver reclaims + unused storage and reorganizes the variable store. + + The live half dedicates 14 blocks (56 KB) to the variable store itself. On + top of those, one block is set aside for an event log, and one block is + used as the working block of the fault tolerant write protocol. Fault + tolerant writes are used to recover from an occasional (virtual) power loss + during variable updates. + + The blocks in this firmware volume are accessed, in stacking order from + least abstract to most abstract, by: + + - EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL (provided by + OvmfPkg/QemuFlashFvbServicesRuntimeDxe), + + - EFI_FAULT_TOLERANT_WRITE_PROTOCOL (provided by + MdeModulePkg/Universal/FaultTolerantWriteDxe), + + - architectural protocols instrumental to the runtime UEFI variable + services: + - EFI_VARIABLE_ARCH_PROTOCOL, + - EFI_VARIABLE_WRITE_ARCH_PROTOCOL. + + In a non-secure boot build, the DXE driver providing these architectural + protocols is MdeModulePkg/Universal/Variable/RuntimeDxe. In a secure boot + build, where authenticated variables are available, the DXE driver + offering these protocols is SecurityPkg/VariableAuthenticated/RuntimeDxe. + +(2) The main firmware volume (FVMAIN_COMPACT, 1712 KB) embeds further firmware + volumes. The outermost layer is a Firmware File System (FFS), carrying a + single file. This file holds an LZMA-compressed section, which embeds two + firmware volumes: PEIFV (896 KB) with PEIMs, and DXEFV (8192 KB) with DXE + and UEFI drivers. + + This scheme enables us to build 896 KB worth of PEI drivers and 8192 KB + worth of DXE and UEFI drivers, compress them all with LZMA in one go, and + store the compressed result in 1712 KB, saving room in the flash device. + +(3) The SECFV firmware volume (208 KB) is not compressed. It carries the + "volume top file" with the reset vector code, to end at 4 GB in + guest-physical address space, and the SEC phase driver (OvmfPkg/Sec). + + The last 16 bytes of the volume top file (mapped directly under 4 GB) + contain a NOP slide and a jump instruction. This is where QEMU starts + executing the firmware, at address 0xFFFF_FFF0. The reset vector and the + SEC driver run from flash directly. + + The SEC driver locates FVMAIN_COMPACT in the flash, and decompresses the + main firmware image to RAM. The rest of OVMF (PEI, DXE, BDS phases) run + from RAM. + +As already mentioned, the OVMF.fd file is mapped by qemu's +"hw/block/pflash_cfi01.c" device just under 4 GB in guest-physical address +space, according to the command line option + + -drive if=pflash,format=raw,file=fedora.flash + +(refer to the Example qemu invocation). This is a "ROMD device", which can +switch out of "ROMD mode" and back into it. + +Namely, in the default ROMD mode, the guest-physical address range backed by +the flash device reads and executes as ROM (it does not trap from KVM to QEMU). +The first write access in this mode traps to QEMU, and flips the device out of +ROMD mode. + +In non-ROMD mode, the flash chip is programmed by storing CFI (Common Flash +Interface) command values at the flash-covered addresses; both reads and writes +trap to QEMU, and the flash contents are modified and synchronized to the +host-side file. A special CFI command flips the flash device back to ROMD mode. + +Qemu implements the above based on the KVM_CAP_READONLY_MEM / KVM_MEM_READONLY +KVM features, and OVMF puts it to use in its EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL +implementation, under "OvmfPkg/QemuFlashFvbServicesRuntimeDxe". + +IMPORTANT: Never pass OVMF.fd to qemu with the -bios option. That option maps +the firmware image as ROM into the guest's address space, and forces OVMF to +emulate non-volatile variables with a fallback driver that is bound to have +insufficient and confusing semantics. + +The 128 KB firmware volume with the variable store, discussed under (1), is +also built as a separate host-side file, named "OVMF_VARS.fd". The "rest" is +built into a third file, "OVMF_CODE.fd", which is only 1920 KB in size. The +variable store is mapped into its usual location, at 4 GB - 2 MB = 0xFFE0_0000, +through the following qemu options: + + -drive if=pflash,format=raw,readonly,file=OVMF_CODE.fd \ + -drive if=pflash,format=raw,file=fedora.varstore.fd + +This way qemu configures two flash chips consecutively, with start addresses +growing downwards, which is transparent to OVMF. + +[RHEL] Red Hat Enterprise Linux 7.1 ships a Secure Boot-enabled, X64, DEBUG + firmware only. Furthermore, only the split files ("OVMF_VARS.fd" and + "OVMF_CODE.fd") are available. + +S3 (suspend to RAM and resume) +------------------------------ + +As noted in Example qemu invocation, the + + -global PIIX4_PM.disable_s3=0 + +command line option tells qemu and OVMF if the user would like to enable S3 +support. (This is corresponds to the /domain/pm/suspend-to-mem/@enabled libvirt +domain XML attribute.) + +Implementing / orchestrating S3 was a considerable community effort in OVMF. A +detailed description exceeds the scope of this report; we only make a few +statements. + +(1) S3-related PPIs and protocols are well documented in the PI specification. + +(2) Edk2 contains most modules that are needed to implement S3 on a given + platform. One abstraction that is central to the porting / extending of the + S3-related modules to a new platform is the LockBox library interface, + which a specific platform can fill in by implementing its own LockBox + library instance. + + The LockBox library provides a privileged name-value store (to be addressed + by GUIDs). The privilege separation stretches between the firmware and the + operating system. That is, the S3-related machinery of the firmware saves + some items in the LockBox securely, under well-known GUIDs, before booting + the operating system. During resume (which is a form of warm reset), the + firmware is activated again, and retrieves items from the LockBox. Before + jumping to the OS's resume vector, the LockBox is secured again. + + We'll return to this later when we separately discuss SMRAM and SMM. + +(3) During resume, the DXE and later phases are never reached; only the reset + vector, and the SEC and PEI phases of the firmware run. The platform is + supposed to detect a resume in progress during PEI, and to store that fact + in the BootMode field of the Phase Handoff Information Table (PHIT) HOB. + OVMF keys this off the CMOS, see OvmfPkg/PlatformPei. + + At the end of PEI, the DXE IPL PEIM (Initial Program Load PEI Module, see + MdeModulePkg/Core/DxeIplPeim) examines the Boot Mode, and if it says "S3 + resume in progress", then the IPL branches to the PEIM that exports + EFI_PEI_S3_RESUME2_PPI (provided by UefiCpuPkg/Universal/Acpi/S3Resume2Pei) + rather than loading the DXE core. + + S3Resume2Pei executes the technical steps of the resumption, relying on the + contents of the LockBox. + +(4) During first boot (or after a normal platform reset), when DXE does run, + hardware drivers in the DXE phase are encouraged to "stash" their hardware + configuration steps (eg. accesses to PCI config space, I/O ports, memory + mapped addresses, and so on) in a centrally maintained, so called "S3 boot + script". Hardware accesses are represented with opcodes of a special binary + script language. + + This boot script is to be replayed during resume, by S3Resume2Pei. The + general goal is to bring back hardware devices -- which have been powered + off during suspend -- to their original after-first-boot state, and in + particular, to do so quickly. + + At the moment, OVMF saves only one opcode in the S3 resume boot script: an + INFORMATION opcode, with contents 0xDEADBEEF (in network byte order). The + consensus between Linux developers seems to be that boot firmware is only + responsible for restoring basic chipset state, which OVMF does during PEI + anyway, independently of S3 vs. normal reset. (One example is the power + management registers of the i440fx chipset.) Device and peripheral state is + the responsibility of the runtime operating system. + + Although an experimental OVMF S3 boot script was at one point captured for + the virtual Cirrus VGA card, such a boot script cannot follow eg. video + mode changes effected by the OS. Hence the operating system can never avoid + restoring device state, and most Linux display drivers (eg. stdvga, QXL) + already cover S3 resume fully. + + The XDDM and WDDM driver models used under Windows OSes seem to recognize + this notion of runtime OS responsibility as well. (See the list of OSes + supported by OVMF in a separate section.) + +(5) The S3 suspend/resume data flow in OVMF is included here tersely, for + interested developers. + + (a) BdsLibBootViaBootOption() + EFI_ACPI_S3_SAVE_PROTOCOL [AcpiS3SaveDxe] + - saves ACPI S3 Context to LockBox ---------------------+ + (including FACS address -- FACS ACPI table | + contains OS waking vector) | + | + - prepares boot script: | + EFI_S3_SAVE_STATE_PROTOCOL.Write() [S3SaveStateDxe] | + S3BootScriptLib [PiDxeS3BootScriptLib] | + - opcodes & arguments are saved in NVS. --+ | + | | + - issues a notification by installing | | + EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL | | + | | + (b) EFI_S3_SAVE_STATE_PROTOCOL [S3SaveStateDxe] | | + S3BootScriptLib [PiDxeS3BootScriptLib] | | + - closes script with special opcode <---------+ | + - script is available in non-volatile memory | + via PcdS3BootScriptTablePrivateDataPtr --+ | + | | + BootScriptExecutorDxe | | + S3BootScriptLib [PiDxeS3BootScriptLib] | | + - Knows about boot script location by <----+ | + synchronizing with the other library | + instance via | + PcdS3BootScriptTablePrivateDataPtr. | + - Copies relocated image of itself to | + reserved memory. --------------------------------+ | + - Saved image contains pointer to boot script. ---|--+ | + | | | + Runtime: | | | + | | | + (c) OS is booted, writes OS waking vector to FACS, | | | + suspends machine | | | + | | | + S3 Resume (PEI): | | | + | | | + (d) PlatformPei sets S3 Boot Mode based on CMOS | | | + | | | + (e) DXE core is skipped and EFI_PEI_S3_RESUME2 is | | | + called as last step of PEI | | | + | | | + (f) S3Resume2Pei retrieves from LockBox: | | | + - ACPI S3 Context (path to FACS) <------------------|--|--+ + | | | + +------------------|--|--+ + - Boot Script Executor Image <----------------------+ | | + | | + (g) BootScriptExecutorDxe | | + S3BootScriptLib [PiDxeS3BootScriptLib] | | + - executes boot script <-----------------------------+ | + | + (h) OS waking vector available from ACPI S3 Context / FACS <--+ + is called + +A comprehensive memory map of OVMF +---------------------------------- + +The following section gives a detailed analysis of memory ranges below 4 GB +that OVMF statically uses. + +In the rightmost column, the PCD entry is identified by which the source refers +to the address or size in question. + +The flash-covered range has been discussed previously in "Firmware image +structure", therefore we include it only for completeness. Due to the fact that +this range is always backed by a memory mapped device (and never RAM), it is +unaffected by S3 (suspend to RAM and resume). + ++--------------------------+ 4194304 KB +| | +| SECFV | size: 208 KB +| | ++--------------------------+ 4194096 KB +| | +| FVMAIN_COMPACT | size: 1712 KB +| | ++--------------------------+ 4192384 KB +| | +| variable store | size: 64 KB PcdFlashNvStorageFtwSpareSize +| spare area | +| | ++--------------------------+ 4192320 KB PcdOvmfFlashNvStorageFtwSpareBase +| | +| FTW working block | size: 4 KB PcdFlashNvStorageFtwWorkingSize +| | ++--------------------------+ 4192316 KB PcdOvmfFlashNvStorageFtwWorkingBase +| | +| Event log of | size: 4 KB PcdOvmfFlashNvStorageEventLogSize +| non-volatile storage | +| | ++--------------------------+ 4192312 KB PcdOvmfFlashNvStorageEventLogBase +| | +| variable store | size: 56 KB PcdFlashNvStorageVariableSize +| | ++--------------------------+ 4192256 KB PcdOvmfFlashNvStorageVariableBase + +The flash-mapped image of OVMF.fd covers the entire structure above (2048 KB). + +When using the split files, the address 4192384 KB +(PcdOvmfFlashNvStorageFtwSpareBase + PcdFlashNvStorageFtwSpareSize) is the +boundary between the mapped images of OVMF_VARS.fd (56 KB + 4 KB + 4 KB + 64 KB += 128 KB) and OVMF_CODE.fd (1712 KB + 208 KB = 1920 KB). + +With regard to RAM that is statically used by OVMF, S3 (suspend to RAM and +resume) complicates matters. Many ranges have been introduced only to support +S3, hence for all ranges below, the following questions will be audited: + +(a) when and how a given range is initialized after first boot of the VM, +(b) how it is protected from memory allocations during DXE, +(c) how it is protected from the OS, +(d) how it is accessed on the S3 resume path, +(e) how it is accessed on the warm reset path. + +Importantly, the term "protected" is meant as protection against inadvertent +reallocations and overwrites by co-operating DXE and OS modules. It does not +imply security against malicious code. + ++--------------------------+ 17408 KB +| | +|DXEFV from FVMAIN_COMPACT | size: 8192 KB PcdOvmfDxeMemFvSize +| decompressed firmware | +| volume with DXE modules | +| | ++--------------------------+ 9216 KB PcdOvmfDxeMemFvBase +| | +|PEIFV from FVMAIN_COMPACT | size: 896 KB PcdOvmfPeiMemFvSize +| decompressed firmware | +| volume with PEI modules | +| | ++--------------------------+ 8320 KB PcdOvmfPeiMemFvBase +| | +| permanent PEI memory for | size: 32 KB PcdS3AcpiReservedMemorySize +| the S3 resume path | +| | ++--------------------------+ 8288 KB PcdS3AcpiReservedMemoryBase +| | +| temporary SEC/PEI heap | size: 32 KB PcdOvmfSecPeiTempRamSize +| and stack | +| | ++--------------------------+ 8256 KB PcdOvmfSecPeiTempRamBase +| | +| unused | size: 32 KB +| | ++--------------------------+ 8224 KB +| | +| SEC's table of | size: 4 KB PcdGuidedExtractHandlerTableSize +| GUIDed section handlers | +| | ++--------------------------+ 8220 KB PcdGuidedExtractHandlerTableAddress +| | +| LockBox storage | size: 4 KB PcdOvmfLockBoxStorageSize +| | ++--------------------------+ 8216 KB PcdOvmfLockBoxStorageBase +| | +| early page tables on X64 | size: 24 KB PcdOvmfSecPageTablesSize +| | ++--------------------------+ 8192 KB PcdOvmfSecPageTablesBase + +(1) Early page tables on X64: + + (a) when and how it is initialized after first boot of the VM + + The range is filled in during the SEC phase + [OvmfPkg/ResetVector/Ia32/PageTables64.asm]. The CR3 register is verified + against the base address in SecCoreStartupWithStack() + [OvmfPkg/Sec/SecMain.c]. + + (b) how it is protected from memory allocations during DXE + + If S3 was enabled on the QEMU command line (see "-global + PIIX4_PM.disable_s3=0" earlier), then InitializeRamRegions() + [OvmfPkg/PlatformPei/MemDetect.c] protects the range with an AcpiNVS memory + allocation HOB, in PEI. + + If S3 was disabled, then this range is not protected. DXE's own page tables + are first built while still in PEI (see HandOffToDxeCore() + [MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c]). Those tables are located + in permanent PEI memory. After CR3 is switched over to them (which occurs + before jumping to the DXE core entry point), we don't have to preserve the + initial tables. + + (c) how it is protected from the OS + + If S3 is enabled, then (1b) reserves it from the OS too. + + If S3 is disabled, then the range needs no protection. + + (d) how it is accessed on the S3 resume path + + It is rewritten same as in (1a), which is fine because (1c) reserved it. + + (e) how it is accessed on the warm reset path + + It is rewritten same as in (1a). + +(2) LockBox storage: + + (a) when and how it is initialized after first boot of the VM + + InitializeRamRegions() [OvmfPkg/PlatformPei/MemDetect.c] zeroes out the + area during PEI. This is correct but not strictly necessary, since on first + boot the area is zero-filled anyway. + + The LockBox signature of the area is filled in by the PEI module or DXE + driver that has been linked against OVMF's LockBoxLib and is run first. The + signature is written in LockBoxLibInitialize() + [OvmfPkg/Library/LockBoxLib/LockBoxLib.c]. + + Any module calling SaveLockBox() [OvmfPkg/Library/LockBoxLib/LockBoxLib.c] + will co-populate this area. + + (b) how it is protected from memory allocations during DXE + + If S3 is enabled, then InitializeRamRegions() + [OvmfPkg/PlatformPei/MemDetect.c] protects the range as AcpiNVS. + + Otherwise, the range is covered with a BootServicesData memory allocation + HOB. + + (c) how it is protected from the OS + + If S3 is enabled, then (2b) protects it sufficiently. + + Otherwise the range requires no runtime protection, and the + BootServicesData allocation type from (2b) ensures that the range will be + released to the OS. + + (d) how it is accessed on the S3 resume path + + The S3 Resume PEIM restores data from the LockBox, which has been correctly + protected in (2c). + + (e) how it is accessed on the warm reset path + + InitializeRamRegions() [OvmfPkg/PlatformPei/MemDetect.c] zeroes out the + range during PEI, effectively emptying the LockBox. Modules will + re-populate the LockBox as described in (2a). + +(3) SEC's table of GUIDed section handlers + + (a) when and how it is initialized after first boot of the VM + + The following two library instances are linked into SecMain: + - IntelFrameworkModulePkg/Library/LzmaCustomDecompressLib, + - MdePkg/Library/BaseExtractGuidedSectionLib. + + The first library registers its LZMA decompressor plugin (which is a called + a "section handler") by calling the second library: + + LzmaDecompressLibConstructor() [GuidedSectionExtraction.c] + ExtractGuidedSectionRegisterHandlers() [BaseExtractGuidedSectionLib.c] + + The second library maintains its table of registered "section handlers", to + be indexed by GUID, in this fixed memory area, independently of S3 + enablement. + + (The decompression of FVMAIN_COMPACT's FFS file section that contains the + PEIFV and DXEFV firmware volumes occurs with the LZMA decompressor + registered above. See (6) and (7) below.) + + (b) how it is protected from memory allocations during DXE + + There is no need to protect this area from DXE: because nothing else in + OVMF links against BaseExtractGuidedSectionLib, the area loses its + significance as soon as OVMF progresses from SEC to PEI, therefore DXE is + allowed to overwrite the region. + + (c) how it is protected from the OS + + When S3 is enabled, we cover the range with an AcpiNVS memory allocation + HOB in InitializeRamRegions(). + + When S3 is disabled, the range is not protected. + + (d) how it is accessed on the S3 resume path + + The table of registered section handlers is again managed by + BaseExtractGuidedSectionLib linked into SecMain exclusively. Section + handler registrations update the table in-place (based on GUID matches). + + (e) how it is accessed on the warm reset path + + If S3 is enabled, then the OS won't damage the table (due to (3c)), thus + see (3d). + + If S3 is disabled, then the OS has most probably overwritten the range with + its own data, hence (3a) -- complete reinitialization -- will come into + effect, based on the table signature check in BaseExtractGuidedSectionLib. + +(4) temporary SEC/PEI heap and stack + + (a) when and how it is initialized after first boot of the VM + + The range is configured in [OvmfPkg/Sec/X64/SecEntry.S] and + SecCoreStartupWithStack() [OvmfPkg/Sec/SecMain.c]. The stack half is read & + written by the CPU transparently. The heap half is used for memory + allocations during PEI. + + Data is migrated out (to permanent PEI stack & memory) in (or soon after) + PublishPeiMemory() [OvmfPkg/PlatformPei/MemDetect.c]. + + (b) how it is protected from memory allocations during DXE + + It is not necessary to protect this range during DXE because its use ends + still in PEI. + + (c) how it is protected from the OS + + If S3 is enabled, then InitializeRamRegions() + [OvmfPkg/PlatformPei/MemDetect.c] reserves it as AcpiNVS. + + If S3 is disabled, then the range doesn't require protection. + + (d) how it is accessed on the S3 resume path + + Same as in (4a), except the target area of the migration triggered by + PublishPeiMemory() [OvmfPkg/PlatformPei/MemDetect.c] is different -- see + (5). + + (e) how it is accessed on the warm reset path + + Same as in (4a). The stack and heap halves both may contain garbage, but it + doesn't matter. + +(5) permanent PEI memory for the S3 resume path + + (a) when and how it is initialized after first boot of the VM + + No particular initialization or use. + + (b) how it is protected from memory allocations during DXE + + We don't need to protect this area during DXE. + + (c) how it is protected from the OS + + When S3 is enabled, InitializeRamRegions() + [OvmfPkg/PlatformPei/MemDetect.c] makes sure the OS stays away by covering + the range with an AcpiNVS memory allocation HOB. + + When S3 is disabled, the range needs no protection. + + (d) how it is accessed on the S3 resume path + + PublishPeiMemory() installs the range as permanent RAM for PEI. The range + will serve as stack and will satisfy allocation requests during the rest of + PEI. OS data won't overlap due to (5c). + + (e) how it is accessed on the warm reset path + + Same as (5a). + +(6) PEIFV -- decompressed firmware volume with PEI modules + + (a) when and how it is initialized after first boot of the VM + + DecompressMemFvs() [OvmfPkg/Sec/SecMain.c] populates the area, by + decompressing the flash-mapped FVMAIN_COMPACT volume's contents. (Refer to + "Firmware image structure".) + + (b) how it is protected from memory allocations during DXE + + When S3 is disabled, PeiFvInitialization() [OvmfPkg/PlatformPei/Fv.c] + covers the range with a BootServicesData memory allocation HOB. + + When S3 is enabled, the same is coverage is ensured, just with the stronger + AcpiNVS memory allocation type. + + (c) how it is protected from the OS + + When S3 is disabled, it is not necessary to keep the range from the OS. + + Otherwise the AcpiNVS type allocation from (6b) provides coverage. + + (d) how it is accessed on the S3 resume path + + Rather than decompressing it again from FVMAIN_COMPACT, GetS3ResumePeiFv() + [OvmfPkg/Sec/SecMain.c] reuses the protected area for parsing / execution + from (6c). + + (e) how it is accessed on the warm reset path + + Same as (6a). + +(7) DXEFV -- decompressed firmware volume with DXE modules + + (a) when and how it is initialized after first boot of the VM + + Same as (6a). + + (b) how it is protected from memory allocations during DXE + + PeiFvInitialization() [OvmfPkg/PlatformPei/Fv.c] covers the range with a + BootServicesData memory allocation HOB. + + (c) how it is protected from the OS + + The OS is allowed to release and reuse this range. + + (d) how it is accessed on the S3 resume path + + It's not; DXE never runs during S3 resume. + + (e) how it is accessed on the warm reset path + + Same as in (7a). + +Known Secure Boot limitations +----------------------------- + +Under "Motivation" we've mentioned that OVMF's Secure Boot implementation is +not suitable for production use yet -- it's only good for development and +testing of standards-conformant, non-malicious guest code (UEFI and operating +system alike). + +Now that we've examined the persistent flash device, the workings of S3, and +the memory map, we can discuss two currently known shortcomings of OVMF's +Secure Boot that in fact make it insecure. (Clearly problems other than these +two might exist; the set of issues considered here is not meant to be +exhaustive.) + +One trait of Secure Boot is tamper-evidence. Secure Boot may not prevent +malicious modification of software components (for example, operating system +drivers), but by being the root of integrity on a platform, it can catch (or +indirectly contribute to catching) unauthorized changes, by way of signature +and certificate checks at the earliest phases of boot. + +If an attacker can tamper with key material stored in authenticated and/or +boot-time only persistent variables (for example, PK, KEK, db, dbt, dbx), then +the intended security of this scheme is compromised. The UEFI 2.4A +specification says + +- in section 28.3.4: + + Platform Keys: + + The public key must be stored in non-volatile storage which is tamper and + delete resistant. + + Key Exchange Keys: + + The public key must be stored in non-volatile storage which is tamper + resistant. + +- in section 28.6.1: + + The signature database variables db, dbt, and dbx must be stored in + tamper-resistant non-volatile storage. + +(1) The combination of QEMU, KVM, and OVMF does not provide this kind of + resistance. The variable store in the emulated flash chip is directly + accessible to, and reprogrammable by, UEFI drivers, applications, and + operating systems. + +(2) Under "S3 (suspend to RAM and resume)" we pointed out that the LockBox + storage must be similarly secure and tamper-resistant. + + On the S3 resume path, the PEIM providing EFI_PEI_S3_RESUME2_PPI + (UefiCpuPkg/Universal/Acpi/S3Resume2Pei) restores and interprets data from + the LockBox that has been saved there during boot. This PEIM, being part of + the firmware, has full access to the platform. If an operating system can + tamper with the contents of the LockBox, then at the next resume the + platform's integrity might be subverted. + + OVMF stores the LockBox in normal guest RAM (refer to the memory map + section above). Operating systems and third party UEFI drivers and UEFI + applications that respect the UEFI memory map will not inadvertently + overwrite the LockBox storage, but there's nothing to prevent eg. a + malicious kernel from modifying the LockBox. + +One means to address these issues is SMM and SMRAM (System Management Mode and +System Management RAM). + +During boot and resume, the firmware can enter and leave SMM and access SMRAM. +Before the DXE phase is left, and control is transferred to the BDS phase (when +third party UEFI drivers and applications can be loaded, and an operating +system can be loaded), SMRAM is locked in hardware, and subsequent modules +cannot access it directly. (See EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL.) + +Once SMRAM has been locked, UEFI drivers and the operating system can enter SMM +by raising a System Management Interrupt (SMI), at which point trusted code +(part of the platform firmware) takes control. SMRAM is also unlocked by +platform reset, at which point the boot firmware takes control again. + +Variable store and LockBox in SMRAM +----------------------------------- + +Edk2 provides almost all components to implement the variable store and the +LockBox in SMRAM. In this section we summarize ideas for utilizing those +facilities. + +The SMRAM and SMM infrastructure in edk2 is built up as follows: + +(1) The platform hardware provides SMM / SMI / SMRAM. + + Qemu/KVM doesn't support these features currently and should implement them + in the longer term. + +(2) The platform vendor (in this case, OVMF developers) implement device + drivers for the platform's System Management Mode: + + - EFI_SMM_CONTROL2_PROTOCOL: for raising a synchronous (and/or) periodic + SMI(s); that is, for entering SMM. + + - EFI_SMM_ACCESS2_PROTOCOL: for describing and accessing SMRAM. + + These protocols are documented in the PI Specification, Volume 4. + +(3) The platform DSC file is to include the following platform-independent + modules: + + - MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf: SMM Initial Program Load + - MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf: SMM Core + +(4) At this point, modules of type DXE_SMM_DRIVER can be loaded. + + Such drivers are privileged. They run in SMM, have access to SMRAM, and are + separated and switched from other drivers through SMIs. Secure + communication between unprivileged (non-SMM) and privileged (SMM) drivers + happens through EFI_SMM_COMMUNICATION_PROTOCOL (implemented by the SMM + Core, see (3)). + + DXE_SMM_DRIVER modules must sanitize their input (coming from unprivileged + drivers) carefully. + +(5) The authenticated runtime variable services driver (for Secure Boot builds) + is located under "SecurityPkg/VariableAuthenticated/RuntimeDxe". OVMF + currently builds the driver (a DXE_RUNTIME_DRIVER module) with the + "VariableRuntimeDxe.inf" control file (refer to "OvmfPkg/OvmfPkgX64.dsc"), + which does not use SMM. + + The directory includes two more INF files: + + - VariableSmm.inf -- module type: DXE_SMM_DRIVER. A privileged driver that + runs in SMM and has access to SMRAM. + + - VariableSmmRuntimeDxe.inf -- module type: DXE_RUNTIME_DRIVER. A + non-privileged driver that implements the variable runtime services + (replacing the current "VariableRuntimeDxe.inf" file) by communicating + with the above privileged SMM half via EFI_SMM_COMMUNICATION_PROTOCOL. + +(6) An SMRAM-based LockBox implementation needs to be discussed in two parts, + because the LockBox is accessed in both PEI and DXE. + + (a) During DXE, drivers save data in the LockBox. A save operation is + layered as follows: + + - The unprivileged driver wishing to store data in the LockBox links + against the "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf" + library instance. + + The library allows the unprivileged driver to format requests for the + privileged SMM LockBox driver (see below), and to parse responses. + + - The privileged SMM LockBox driver is built from + "MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf". This + driver has module type DXE_SMM_DRIVER and can access SMRAM. + + The driver delegates command parsing and response formatting to + "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf". + + - The above two halves (unprivileged and privileged) mirror what we've + seen in case of the variable service drivers, under (5). + + (b) In PEI, the S3 Resume PEIM (UefiCpuPkg/Universal/Acpi/S3Resume2Pei) + retrieves data from the LockBox. + + Presumably, S3Resume2Pei should be considered an "unprivileged PEIM", + and the SMRAM access should be layered as seen in DXE. Unfortunately, + edk2 does not implement all of the layers in PEI -- the code either + doesn't exist, or it is not open source: + + role | DXE: protocol/module | PEI: PPI/module + -------------+--------------------------------+------------------------------ + unprivileged | any | S3Resume2Pei.inf + driver | | + -------------+--------------------------------+------------------------------ + command | LIBRARY_CLASS = LockBoxLib | LIBRARY_CLASS = LockBoxLib + formatting | | + and response | SmmLockBoxDxeLib.inf | SmmLockBoxPeiLib.inf + parsing | | + -------------+--------------------------------+------------------------------ + privilege | EFI_SMM_COMMUNICATION_PROTOCOL | EFI_PEI_SMM_COMMUNICATION_PPI + separation | | + | PiSmmCore.inf | missing! + -------------+--------------------------------+------------------------------ + platform SMM | EFI_SMM_CONTROL2_PROTOCOL | PEI_SMM_CONTROL_PPI + and SMRAM | EFI_SMM_ACCESS2_PROTOCOL | PEI_SMM_ACCESS_PPI + access | | + | to be done in OVMF | to be done in OVMF + -------------+--------------------------------+------------------------------ + command | LIBRARY_CLASS = LockBoxLib | LIBRARY_CLASS = LockBoxLib + parsing and | | + response | SmmLockBoxSmmLib.inf | missing! + formatting | | + -------------+--------------------------------+------------------------------ + privileged | SmmLockBox.inf | missing! + LockBox | | + driver | | + + Alternatively, in the future OVMF might be able to provide a LockBoxLib + instance (an SmmLockBoxPeiLib substitute) for S3Resume2Pei that + accesses SMRAM directly, eliminating the need for deeper layers in the + stack (that is, EFI_PEI_SMM_COMMUNICATION_PPI and deeper). + + In fact, a "thin" EFI_PEI_SMM_COMMUNICATION_PPI implementation whose + sole Communicate() member invariably returns EFI_NOT_STARTED would + cause the current SmmLockBoxPeiLib library instance to directly perform + full-depth SMRAM access and LockBox search, obviating the "missing" + cells. (With reference to A Tour Beyond BIOS: Implementing S3 Resume + with EDK2, by Jiewen Yao and Vincent Zimmer, October 2014.) + +Select features +--------------- + +In this section we'll browse the top-level "OvmfPkg" package directory, and +discuss the more interesting drivers and libraries that have not been mentioned +thus far. + +X64-specific reset vector for OVMF +.................................. + +The "OvmfPkg/ResetVector" directory customizes the reset vector (found in +"UefiCpuPkg/ResetVector/Vtf0") for "OvmfPkgX64.fdf", that is, when the SEC/PEI +phases run in 64-bit (ie. long) mode. + +The reset vector's control flow looks roughly like: + + resetVector [Ia16/ResetVectorVtf0.asm] + EarlyBspInitReal16 [Ia16/Init16.asm] + Main16 [Main.asm] + EarlyInit16 [Ia16/Init16.asm] + + ; Transition the processor from + ; 16-bit real mode to 32-bit flat mode + TransitionFromReal16To32BitFlat [Ia16/Real16ToFlat32.asm] + + ; Search for the + ; Boot Firmware Volume (BFV) + Flat32SearchForBfvBase [Ia32/SearchForBfvBase.asm] + + ; Search for the SEC entry point + Flat32SearchForSecEntryPoint [Ia32/SearchForSecEntry.asm] + + %ifdef ARCH_IA32 + ; Jump to the 32-bit SEC entry point + %else + ; Transition the processor + ; from 32-bit flat mode + ; to 64-bit flat mode + Transition32FlatTo64Flat [Ia32/Flat32ToFlat64.asm] + + SetCr3ForPageTables64 [Ia32/PageTables64.asm] + ; set CR3 to page tables + ; built into the ROM image + + ; enable PAE + ; set LME + ; enable paging + + ; Jump to the 64-bit SEC entry point + %endif + +On physical platforms, the initial page tables referenced by +SetCr3ForPageTables64 are built statically into the flash device image, and are +present in ROM at runtime. This is fine on physical platforms because the +pre-built page table entries have the Accessed and Dirty bits set from the +start. + +Accordingly, for OVMF running in long mode on qemu/KVM, the initial page tables +were mapped as a KVM_MEM_READONLY slot, as part of QEMU's pflash device (refer +to "Firmware image structure" above). + +In spite of the Accessed and Dirty bits being pre-set in the read-only, +in-flash PTEs, in a virtual machine attempts are made to update said PTE bits, +differently from physical hardware. The component attempting to update the +read-only PTEs can be one of the following: + +- The processor itself, if it supports nested paging, and the user enables that + processor feature, + +- KVM code implementing shadow paging, otherwise. + +The first case presents no user-visible symptoms, but the second case (KVM, +shadow paging) used to cause a triple fault, prior to Linux commit ba6a354 +("KVM: mmu: allow page tables to be in read-only slots"). + +For compatibility with earlier KVM versions, the OvmfPkg/ResetVector directory +adapts the generic reset vector code as follows: + + Transition32FlatTo64Flat [UefiCpuPkg/.../Ia32/Flat32ToFlat64.asm] + + SetCr3ForPageTables64 [OvmfPkg/ResetVector/Ia32/PageTables64.asm] + + ; dynamically build the initial page tables in RAM, at address + ; PcdOvmfSecPageTablesBase (refer to the memory map above), + ; identity-mapping the first 4 GB of address space + + ; set CR3 to PcdOvmfSecPageTablesBase + + ; enable PAE + ; set LME + ; enable paging + +This way the PTEs that earlier KVM versions try to update (during shadow +paging) are located in a read-write memory slot, and the write attempts +succeed. + +Client library for QEMU's firmware configuration interface +.......................................................... + +QEMU provides a write-only, 16-bit wide control port, and a read-write, 8-bit +wide data port for exchanging configuration elements with the firmware. + +The firmware writes a selector (a key) to the control port (0x510), and then +reads the corresponding configuration data (produced by QEMU) from the data +port (0x511). + +If the selected entry is writable, the firmware may overwrite it. If QEMU has +associated a callback with the entry, then when the entry is completely +rewritten, QEMU runs the callback. (OVMF does not rewrite any entries at the +moment.) + +A number of selector values (keys) are predefined. In particular, key 0x19 +selects (returns) a directory of { name, selector, size } triplets, roughly +speaking. + +The firmware can request configuration elements by well-known name as well, by +looking up the selector value first in the directory, by name, and then writing +the selector to the control port. The number of bytes to read subsequently from +the data port is known from the directory entry's "size" field. + +By convention, directory entries (well-known symbolic names of configuration +elements) are formatted as POSIX pathnames. For example, the array selected by +the "etc/system-states" name indicates (among other things) whether the user +enabled S3 support in QEMU. + +The above interface is called "fw_cfg". + +The binary data associated with a symbolic name is called an "fw_cfg file". + +OVMF's fw_cfg client library is found in "OvmfPkg/Library/QemuFwCfgLib". OVMF +discovers many aspects of the virtual system with it; we refer to a few +examples below. + +Guest ACPI tables +................. + +An operating system discovers a good amount of its hardware by parsing ACPI +tables, and by interpreting ACPI objects and methods. On physical hardware, the +platform vendor's firmware installs ACPI tables in memory that match both the +hardware present in the system and the user's firmware configuration ("BIOS +setup"). + +Under qemu/KVM, the owner of the (virtual) hardware configuration is QEMU. +Hardware can easily be reconfigured on the command line. Furthermore, features +like CPU hotplug, PCI hotplug, memory hotplug are continuously developed for +QEMU, and operating systems need direct ACPI support to exploit these features. + +For this reason, QEMU builds its own ACPI tables dynamically, in a +self-descriptive manner, and exports them to the firmware through a complex, +multi-file fw_cfg interface. It is rooted in the "etc/table-loader" fw_cfg +file. (Further details of this interface are out of scope for this report.) + +OVMF's AcpiPlatformDxe driver fetches the ACPI tables, and installs them for +the guest OS with the EFI_ACPI_TABLE_PROTOCOL (which is in turn provided by the +generic "MdeModulePkg/Universal/Acpi/AcpiTableDxe" driver). + +For earlier QEMU versions and machine types (which we generally don't recommend +for OVMF; see "Scope"), the "OvmfPkg/AcpiTables" directory contains a few +static ACPI table templates. When the "etc/table-loader" fw_cfg file is +unavailable, AcpiPlatformDxe installs these default tables (with a little bit +of dynamic patching). + +When OVMF runs in a Xen domU, AcpiTableDxe also installs ACPI tables that +originate from the hypervisor's environment. + +Guest SMBIOS tables +................... + +Quoting the SMBIOS Reference Specification, + + [...] the System Management BIOS Reference Specification addresses how + motherboard and system vendors present management information about their + products in a standard format [...] + +In practice SMBIOS tables are just another set of tables that the platform +vendor's firmware installs in RAM for the operating system, and, importantly, +for management applications running on the OS. Without rehashing the "Guest +ACPI tables" section in full, let's map the OVMF roles seen there from ACPI to +SMBIOS: + + role | ACPI | SMBIOS + -------------------------+-------------------------+------------------------- + fw_cfg file | etc/table-loader | etc/smbios/smbios-tables + -------------------------+-------------------------+------------------------- + OVMF driver | AcpiPlatformDxe | SmbiosPlatformDxe + under "OvmfPkg" | | + -------------------------+-------------------------+------------------------- + Underlying protocol, | EFI_ACPI_TABLE_PROTOCOL | EFI_SMBIOS_PROTOCOL + implemented by generic | | + driver under | Acpi/AcpiTableDxe | SmbiosDxe + "MdeModulePkg/Universal" | | + -------------------------+-------------------------+------------------------- + default tables available | yes | [RHEL] yes, Type0 and + for earlier QEMU machine | | Type1 tables + types, with hot-patching | | + -------------------------+-------------------------+------------------------- + tables fetched in Xen | yes | yes + domUs | | + +Platform-specific boot policy +............................. + +OVMF's BDS (Boot Device Selection) phase is implemented by +IntelFrameworkModulePkg/Universal/BdsDxe. Roughly speaking, this large driver: + +- provides the EFI BDS architectural protocol (which DXE transfers control to + after dispatching all DXE drivers), + +- connects drivers to devices, + +- enumerates boot devices, + +- auto-generates boot options, + +- provides "BIOS setup" screens, such as: + + - Boot Manager, for booting an option, + + - Boot Maintenance Manager, for adding, deleting, and reordering boot + options, changing console properties etc, + + - Device Manager, where devices can register configuration forms, including + + - Secure Boot configuration forms, + + - OVMF's Platform Driver form (see under PlatformDxe). + +Firmware that includes the "IntelFrameworkModulePkg/Universal/BdsDxe" driver +can customize its behavior by providing an instance of the PlatformBdsLib +library class. The driver links against this platform library, and the +platform library can call Intel's BDS utility functions from +"IntelFrameworkModulePkg/Library/GenericBdsLib". + +OVMF's PlatformBdsLib instance can be found in +"OvmfPkg/Library/PlatformBdsLib". The main function where the BdsDxe driver +enters the library is PlatformBdsPolicyBehavior(). We mention two OVMF +particulars here. + +(1) OVMF is capable of loading kernel images directly from fw_cfg, matching + QEMU's -kernel, -initrd, and -append command line options. This feature is + useful for rapid, repeated Linux kernel testing, and is implemented in the + following call tree: + + PlatformBdsPolicyBehavior() [OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c] + TryRunningQemuKernel() [OvmfPkg/Library/PlatformBdsLib/QemuKernel.c] + LoadLinux*() [OvmfPkg/Library/LoadLinuxLib/Linux.c] + + OvmfPkg/Library/LoadLinuxLib ports the efilinux bootloader project into + OvmfPkg. + +(2) OVMF seeks to comply with the boot order specification passed down by QEMU + over fw_cfg. + + (a) About Boot Modes + + During the PEI phase, OVMF determines and stores the Boot Mode in the + PHIT HOB (already mentioned in "S3 (suspend to RAM and resume)"). The + boot mode is supposed to influence the rest of the system, for example it + distinguishes S3 resume (BOOT_ON_S3_RESUME) from a "normal" boot. + + In general, "normal" boots can be further differentiated from each other; + for example for speed reasons. When the firmware can tell during PEI that + the chassis has not been opened since last power-up, then it might want + to save time by not connecting all devices and not enumerating all boot + options from scratch; it could just rely on the stored results of the + last enumeration. The matching BootMode value, to be set during PEI, + would be BOOT_ASSUMING_NO_CONFIGURATION_CHANGES. + + OVMF only sets one of the following two boot modes, based on CMOS + contents: + - BOOT_ON_S3_RESUME, + - BOOT_WITH_FULL_CONFIGURATION. + + For BOOT_ON_S3_RESUME, please refer to "S3 (suspend to RAM and resume)". + The other boot mode supported by OVMF, BOOT_WITH_FULL_CONFIGURATION, is + an appropriate "catch-all" for a virtual machine, where hardware can + easily change from boot to boot. + + (b) Auto-generation of boot options + + Accordingly, when not resuming from S3 sleep (*), OVMF always connects + all devices, and enumerates all bootable devices as new boot options + (non-volatile variables called Boot####). + + (*) During S3 resume, DXE is not reached, hence BDS isn't either. + + The auto-enumerated boot options are stored in the BootOrder non-volatile + variable after any preexistent options. (Boot options may exist before + auto-enumeration eg. because the user added them manually with the Boot + Maintenance Manager or the efibootmgr utility. They could also originate + from an earlier auto-enumeration.) + + PlatformBdsPolicyBehavior() [OvmfPkg/.../BdsPlatform.c] + TryRunningQemuKernel() [OvmfPkg/.../QemuKernel.c] + BdsLibConnectAll() [IntelFrameworkModulePkg/.../BdsConnect.c] + BdsLibEnumerateAllBootOption() [IntelFrameworkModulePkg/.../BdsBoot.c] + BdsLibBuildOptionFromHandle() [IntelFrameworkModulePkg/.../BdsBoot.c] + BdsLibRegisterNewOption() [IntelFrameworkModulePkg/.../BdsMisc.c] + // + // Append the new option number to the original option order + // + + (c) Relative UEFI device paths in boot options + + The handling of relative ("short-form") UEFI device paths is best + demonstrated through an example, and by quoting the UEFI 2.4A + specification. + + A short-form hard drive UEFI device path could be (displaying each device + path node on a separate line for readability): + + HD(1,GPT,14DD1CC5-D576-4BBF-8858-BAF877C8DF61,0x800,0x64000)/ + \EFI\fedora\shim.efi + + This device path lacks prefix nodes (eg. hardware or messaging type + nodes) that would lead to the hard drive. During load option processing, + the above short-form or relative device path could be matched against the + following absolute device path: + + PciRoot(0x0)/ + Pci(0x4,0x0)/ + HD(1,GPT,14DD1CC5-D576-4BBF-8858-BAF877C8DF61,0x800,0x64000)/ + \EFI\fedora\shim.efi + + The motivation for this type of device path matching / completion is to + allow the user to move around the hard drive (for example, to plug a + controller in a different PCI slot, or to expose the block device on a + different iSCSI path) and still enable the firmware to find the hard + drive. + + The UEFI specification says, + + 9.3.6 Media Device Path + 9.3.6.1 Hard Drive + + [...] Section 3.1.2 defines special rules for processing the Hard + Drive Media Device Path. These special rules enable a disk's location + to change and still have the system boot from the disk. [...] + + 3.1.2 Load Option Processing + + [...] The boot manager must [...] support booting from a short-form + device path that starts with the first element being a hard drive + media device path [...]. The boot manager must use the GUID or + signature and partition number in the hard drive device path to match + it to a device in the system. If the drive supports the GPT + partitioning scheme the GUID in the hard drive media device path is + compared with the UniquePartitionGuid field of the GUID Partition + Entry [...]. If the drive supports the PC-AT MBR scheme the signature + in the hard drive media device path is compared with the + UniqueMBRSignature in the Legacy Master Boot Record [...]. If a + signature match is made, then the partition number must also be + matched. The hard drive device path can be appended to the matching + hardware device path and normal boot behavior can then be used. If + more than one device matches the hard drive device path, the boot + manager will pick one arbitrarily. Thus the operating system must + ensure the uniqueness of the signatures on hard drives to guarantee + deterministic boot behavior. + + Edk2 implements and exposes the device path completion logic in the + already referenced "IntelFrameworkModulePkg/Library/GenericBdsLib" + library, in the BdsExpandPartitionPartialDevicePathToFull() function. + + (d) Filtering and reordering the boot options based on fw_cfg + + Once we have an "all-inclusive", partly preexistent, partly freshly + auto-generated boot option list from bullet (b), OVMF loads QEMU's + requested boot order from fw_cfg, and filters and reorders the list from + (b) with it: + + PlatformBdsPolicyBehavior() [OvmfPkg/.../BdsPlatform.c] + TryRunningQemuKernel() [OvmfPkg/.../QemuKernel.c] + BdsLibConnectAll() [IntelFrameworkModulePkg/.../BdsConnect.c] + BdsLibEnumerateAllBootOption() [IntelFrameworkModulePkg/.../BdsBoot.c] + SetBootOrderFromQemu() [OvmfPkg/.../QemuBootOrder.c] + + According to the (preferred) "-device ...,bootindex=N" and the (legacy) + '-boot order=drives' command line options, QEMU requests a boot order + from the firmware through the "bootorder" fw_cfg file. (For a bootindex + example, refer to the "Example qemu invocation" section.) + + This fw_cfg file consists of OpenFirmware (OFW) device paths -- note: not + UEFI device paths! --, one per line. An example list is: + + /pci@i0cf8/scsi@4/disk@0,0 + /pci@i0cf8/ide@1,1/drive@1/disk@0 + /pci@i0cf8/ethernet@3/ethernet-phy@0 + + OVMF filters and reorders the boot option list from bullet (b) with the + following nested loops algorithm: + + new_uefi_order := + for each qemu_ofw_path in QEMU's OpenFirmware device path list: + qemu_uefi_path_prefix := translate(qemu_ofw_path) + + for each boot_option in current_uefi_order: + full_boot_option := complete(boot_option) + + if match(qemu_uefi_path_prefix, full_boot_option): + append(new_uefi_order, boot_option) + break + + for each unmatched boot_option in current_uefi_order: + if survives(boot_option): + append(new_uefi_order, boot_option) + + current_uefi_order := new_uefi_order + + OVMF iterates over QEMU's OFW device paths in order, translates each to a + UEFI device path prefix, tries to match the translated prefix against the + UEFI boot options (which are completed from relative form to absolute + form for the purpose of prefix matching), and if there's a match, the + matching boot option is appended to the new boot order (which starts out + empty). + + (We elaborate on the translate() function under bullet (e). The + complete() function has been explained in bullet (c).) + + In addition, UEFI boot options that remain unmatched after filtering and + reordering are post-processed, and some of them "survive". Due to the + fact that OpenFirmware device paths have less expressive power than their + UEFI counterparts, some UEFI boot options are simply inexpressible (hence + unmatchable) by the nested loops algorithm. + + An important example is the memory-mapped UEFI shell, whose UEFI device + path is inexpressible by QEMU's OFW device paths: + + MemoryMapped(0xB,0x900000,0x10FFFFF)/ + FvFile(7C04A583-9E3E-4F1C-AD65-E05268D0B4D1) + + (Side remark: notice that the address range visible in the MemoryMapped() + node corresponds to DXEFV under "comprehensive memory map of OVMF"! In + addition, the FvFile() node's GUID originates from the FILE_GUID entry of + "ShellPkg/Application/Shell/Shell.inf".) + + The UEFI shell can be booted by pressing ESC in OVMF on the TianoCore + splash screen, and navigating to Boot Manager | EFI Internal Shell. If + the "survival policy" was not implemented, the UEFI shell's boot option + would always be filtered out. + + The current "survival policy" preserves all boot options that start with + neither PciRoot() nor HD(). + + (e) Translating QEMU's OpenFirmware device paths to UEFI device path + prefixes + + In this section we list the (strictly heuristical) mappings currently + performed by OVMF. + + The "prefix only" nature of the translation output is rooted minimally in + the fact that QEMU's OpenFirmware device paths cannot carry pathnames + within filesystems. There's no way to specify eg. + + \EFI\fedora\shim.efi + + in an OFW device path, therefore a UEFI device path translated from an + OFW device path can at best be a prefix (not a full match) of a UEFI + device path that ends with "\EFI\fedora\shim.efi". + + - IDE disk, IDE CD-ROM: + + OpenFirmware device path: + + /pci@i0cf8/ide@1,1/drive@0/disk@0 + ^ ^ ^ ^ ^ + | | | | master or slave + | | | primary or secondary + | PCI slot & function holding IDE controller + PCI root at system bus port, PIO + + UEFI device path prefix: + + PciRoot(0x0)/Pci(0x1,0x1)/Ata(Primary,Master,0x0) + ^ + fixed LUN + + - Floppy disk: + + OpenFirmware device path: + + /pci@i0cf8/isa@1/fdc@03f0/floppy@0 + ^ ^ ^ ^ + | | | A: or B: + | | ISA controller io-port (hex) + | PCI slot holding ISA controller + PCI root at system bus port, PIO + + UEFI device path prefix: + + PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0) + ^ + ACPI UID (A: or B:) + + - Virtio-block disk: + + OpenFirmware device path: + + /pci@i0cf8/scsi@6[,3]/disk@0,0 + ^ ^ ^ ^ ^ + | | | fixed + | | PCI function corresponding to disk (optional) + | PCI slot holding disk + PCI root at system bus port, PIO + + UEFI device path prefixes (dependent on the presence of a nonzero PCI + function in the OFW device path): + + PciRoot(0x0)/Pci(0x6,0x0)/HD( + PciRoot(0x0)/Pci(0x6,0x3)/HD( + + - Virtio-scsi disk and virtio-scsi passthrough: + + OpenFirmware device path: + + /pci@i0cf8/scsi@7[,3]/channel@0/disk@2,3 + ^ ^ ^ ^ ^ + | | | | LUN + | | | target + | | channel (unused, fixed 0) + | PCI slot[, function] holding SCSI controller + PCI root at system bus port, PIO + + UEFI device path prefixes (dependent on the presence of a nonzero PCI + function in the OFW device path): + + PciRoot(0x0)/Pci(0x7,0x0)/Scsi(0x2,0x3) + PciRoot(0x0)/Pci(0x7,0x3)/Scsi(0x2,0x3) + + - Emulated and passed-through (physical) network cards: + + OpenFirmware device path: + + /pci@i0cf8/ethernet@3[,2] + ^ ^ + | PCI slot[, function] holding Ethernet card + PCI root at system bus port, PIO + + UEFI device path prefixes (dependent on the presence of a nonzero PCI + function in the OFW device path): + + PciRoot(0x0)/Pci(0x3,0x0) + PciRoot(0x0)/Pci(0x3,0x2) + +Virtio drivers +.............. + +UEFI abstracts various types of hardware resources into protocols, and allows +firmware developers to implement those protocols in device drivers. The Virtio +Specification defines various types of virtual hardware for virtual machines. +Connecting the two specifications, OVMF provides UEFI drivers for QEMU's +virtio-block, virtio-scsi, and virtio-net devices. + +The following diagram presents the protocol and driver stack related to Virtio +devices in edk2 and OVMF. Each node in the graph identifies a protocol and/or +the edk2 driver that produces it. Nodes on the top are more abstract. + + EFI_BLOCK_IO_PROTOCOL EFI_SIMPLE_NETWORK_PROTOCOL + [OvmfPkg/VirtioBlkDxe] [OvmfPkg/VirtioNetDxe] + | | + | EFI_EXT_SCSI_PASS_THRU_PROTOCOL | + | [OvmfPkg/VirtioScsiDxe] | + | | | + +------------------------+--------------------------+ + | + VIRTIO_DEVICE_PROTOCOL + | + +---------------------+---------------------+ + | | + [OvmfPkg/VirtioPciDeviceDxe] [custom platform drivers] + | | + | | + EFI_PCI_IO_PROTOCOL [OvmfPkg/Library/VirtioMmioDeviceLib] + [MdeModulePkg/Bus/Pci/PciBusDxe] direct MMIO register access + +The top three drivers produce standard UEFI abstractions: the Block IO +Protocol, the Extended SCSI Pass Thru Protocol, and the Simple Network +Protocol, for virtio-block, virtio-scsi, and virtio-net devices, respectively. + +Comparing these device-specific virtio drivers to each other, we can determine: + +- They all conform to the UEFI Driver Model. This means that their entry point + functions don't immediately start to search for devices and to drive them, + they only register instances of the EFI_DRIVER_BINDING_PROTOCOL. The UEFI + Driver Model then enumerates devices and chains matching drivers + automatically. + +- They are as minimal as possible, while remaining correct (refer to source + code comments for details). For example, VirtioBlkDxe and VirtioScsiDxe both + support only one request in flight. + + In theory, VirtioBlkDxe could implement EFI_BLOCK_IO2_PROTOCOL, which allows + queueing. Similarly, VirtioScsiDxe does not support the non-blocking mode of + EFI_EXT_SCSI_PASS_THRU_PROTOCOL.PassThru(). (Which is permitted by the UEFI + specification.) Both VirtioBlkDxe and VirtioScsiDxe delegate synchronous + request handling to "OvmfPkg/Library/VirtioLib". This limitation helps keep + the implementation simple, and testing thus far seems to imply satisfactory + performance, for a virtual boot firmware. + + VirtioNetDxe cannot avoid queueing, because EFI_SIMPLE_NETWORK_PROTOCOL + requires it on the interface level. Consequently, VirtioNetDxe is + significantly more complex than VirtioBlkDxe and VirtioScsiDxe. Technical + notes are provided in "OvmfPkg/VirtioNetDxe/TechNotes.txt". + +- None of these drivers access hardware directly. Instead, the Virtio Device + Protocol (OvmfPkg/Include/Protocol/VirtioDevice.h) collects / extracts virtio + operations defined in the Virtio Specification, and these backend-independent + virtio device drivers go through the abstract VIRTIO_DEVICE_PROTOCOL. + + IMPORTANT: the VIRTIO_DEVICE_PROTOCOL is not a standard UEFI protocol. It is + internal to edk2 and not described in the UEFI specification. It should only + be used by drivers and applications that live inside the edk2 source tree. + +Currently two providers exist for VIRTIO_DEVICE_PROTOCOL: + +- The first one is the "more traditional" virtio-pci backend, implemented by + OvmfPkg/VirtioPciDeviceDxe. This driver also complies with the UEFI Driver + Model. It consumes an instance of the EFI_PCI_IO_PROTOCOL, and, if the PCI + device/function under probing appears to be a virtio device, it produces a + Virtio Device Protocol instance for it. The driver translates abstract virtio + operations to PCI accesses. + +- The second provider, the virtio-mmio backend, is a library, not a driver, + living in OvmfPkg/Library/VirtioMmioDeviceLib. This library translates + abstract virtio operations to MMIO accesses. + + The virtio-mmio backend is only a library -- rather than a standalone, UEFI + Driver Model-compliant driver -- because the type of resource it consumes, an + MMIO register block base address, is not enumerable. + + In other words, while the PCI root bridge driver and the PCI bus driver + produce instances of EFI_PCI_IO_PROTOCOL automatically, thereby enabling the + UEFI Driver Model to probe devices and stack up drivers automatically, no + such enumeration exists for MMIO register blocks. + + For this reason, VirtioMmioDeviceLib needs to be linked into thin, custom + platform drivers that dispose over this kind of information. As soon as a + driver knows about the MMIO register block base addresses, it can pass each + to the library, and then the VIRTIO_DEVICE_PROTOCOL will be instantiated + (assuming a valid virtio-mmio register block of course). From that point on + the UEFI Driver Model again takes care of the chaining. + + Typically, such a custom driver does not conform to the UEFI Driver Model + (because that would presuppose auto-enumeration for MMIO register blocks). + Hence it has the following responsibilities: + + - it shall behave as a "wrapper" UEFI driver around the library, + + - it shall know virtio-mmio base addresses, + + - in its entry point function, it shall create a new UEFI handle with an + instance of the EFI_DEVICE_PATH_PROTOCOL for each virtio-mmio device it + knows the base address for, + + - it shall call VirtioMmioInstallDevice() on those handles, with the + corresponding base addresses. + + OVMF itself does not employ VirtioMmioDeviceLib. However, the library is used + (or has been tested as Proof-of-Concept) in the following 64-bit and 32-bit + ARM emulator setups: + + - in "RTSM_VE_FOUNDATIONV8_EFI.fd" and "FVP_AARCH64_EFI.fd", on ARM Holdings' + ARM(R) v8-A Foundation Model and ARM(R) AEMv8-A Base Platform FVP + emulators, respectively: + + EFI_BLOCK_IO_PROTOCOL + [OvmfPkg/VirtioBlkDxe] + | + VIRTIO_DEVICE_PROTOCOL + [ArmPlatformPkg/ArmVExpressPkg/ArmVExpressDxe/ArmFvpDxe.inf] + | + [OvmfPkg/Library/VirtioMmioDeviceLib] + direct MMIO register access + + - in "RTSM_VE_CORTEX-A15_EFI.fd" and "RTSM_VE_CORTEX-A15_MPCORE_EFI.fd", on + "qemu-system-arm -M vexpress-a15": + + EFI_BLOCK_IO_PROTOCOL EFI_SIMPLE_NETWORK_PROTOCOL + [OvmfPkg/VirtioBlkDxe] [OvmfPkg/VirtioNetDxe] + | | + +------------------+---------------+ + | + VIRTIO_DEVICE_PROTOCOL + [ArmPlatformPkg/ArmVExpressPkg/ArmVExpressDxe/ArmFvpDxe.inf] + | + [OvmfPkg/Library/VirtioMmioDeviceLib] + direct MMIO register access + + In the above ARM / VirtioMmioDeviceLib configurations, VirtioBlkDxe was + tested with booting Linux distributions, while VirtioNetDxe was tested with + pinging public IPv4 addresses from the UEFI shell. + +Platform Driver +............... + +Sometimes, elements of persistent firmware configuration are best exposed to +the user in a friendly way. OVMF's platform driver (OvmfPkg/PlatformDxe) +presents such settings on the "OVMF Platform Configuration" dialog: + +- Press ESC on the TianoCore splash screen, +- Navigate to Device Manager | OVMF Platform Configuration. + +At the moment, OVMF's platform driver handles only one setting: the preferred +graphics resolution. This is useful for two purposes: + +- Some UEFI shell commands, like DRIVERS and DEVICES, benefit from a wide + display. Using the MODE shell command, the user can switch to a larger text + resolution (limited by the graphics resolution), and see the command output + in a more easily consumable way. + + [RHEL] The list of text modes available to the MODE command is also limited + by ConSplitterDxe (found under MdeModulePkg/Universal/Console). + ConSplitterDxe builds an intersection of text modes that are + simultaneously supported by all consoles that ConSplitterDxe + multiplexes console output to. + + In practice, the strongest text mode restriction comes from + TerminalDxe, which provides console I/O on serial ports. TerminalDxe + has a very limited built-in list of text modes, heavily pruning the + intersection built by ConSplitterDxe, and made available to the MODE + command. + + On the Red Hat Enterprise Linux 7.1 host, TerminalDxe's list of modes + has been extended with text resolutions that match the Spice QXL GPU's + common graphics resolutions. This way a "full screen" text mode should + always be available in the MODE command. + +- The other advantage of controlling the graphics resolution lies with UEFI + operating systems that don't (yet) have a native driver for QEMU's virtual + video cards -- eg. the Spice QXL GPU. Such OSes may choose to inherit the + properties of OVMF's EFI_GRAPHICS_OUTPUT_PROTOCOL (provided by + OvmfPkg/QemuVideoDxe, see later). + + Although the display can be used at runtime in such cases, by direct + framebuffer access, its properties, for example, the resolution, cannot be + modified. The platform driver allows the user to select the preferred GOP + resolution, reboot, and let the guest OS inherit that preferred resolution. + +The platform driver has three access points: the "normal" driver entry point, a +set of HII callbacks, and a GOP installation callback. + +(1) Driver entry point: the PlatformInit() function. + + (a) First, this function loads any available settings, and makes them take + effect. For the preferred graphics resolution in particular, this means + setting the following PCDs: + + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution + + These PCDs influence the GraphicsConsoleDxe driver (located under + MdeModulePkg/Universal/Console), which switches to the preferred + graphics mode, and produces EFI_SIMPLE_TEXT_OUTPUT_PROTOCOLs on GOPs: + + EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL + [MdeModulePkg/Universal/Console/GraphicsConsoleDxe] + | + EFI_GRAPHICS_OUTPUT_PROTOCOL + [OvmfPkg/QemuVideoDxe] + | + EFI_PCI_IO_PROTOCOL + [MdeModulePkg/Bus/Pci/PciBusDxe] + + (b) Second, the driver entry point registers the user interface, including + HII callbacks. + + (c) Third, the driver entry point registers a GOP installation callback. + +(2) HII callbacks and the user interface. + + The Human Interface Infrastructure (HII) "is a set of protocols that allow + a UEFI driver to provide the ability to register user interface and + configuration content with the platform firmware". + + OVMF's platform driver: + + - provides a static, basic, visual form (PlatformForms.vfr), written in the + Visual Forms Representation language, + + - includes a UCS-16 encoded message catalog (Platform.uni), + + - includes source code that dynamically populates parts of the form, with + the help of MdeModulePkg/Library/UefiHiiLib -- this library simplifies + the handling of IFR (Internal Forms Representation) opcodes, + + - processes form actions that the user takes (Callback() function), + + - loads and saves platform configuration in a private, non-volatile + variable (ExtractConfig() and RouteConfig() functions). + + The ExtractConfig() HII callback implements the following stack of + conversions, for loading configuration and presenting it to the user: + + MultiConfigAltResp -- form engine / HII communication + ^ + | + [BlockToConfig] + | + MAIN_FORM_STATE -- binary representation of form/widget + ^ state + | + [PlatformConfigToFormState] + | + PLATFORM_CONFIG -- accessible to DXE and UEFI drivers + ^ + | + [PlatformConfigLoad] + | + UEFI non-volatile variable -- accessible to external utilities + + The layers are very similar for the reverse direction, ie. when taking + input from the user, and saving the configuration (RouteConfig() HII + callback): + + ConfigResp -- form engine / HII communication + | + [ConfigToBlock] + | + v + MAIN_FORM_STATE -- binary representation of form/widget + | state + [FormStateToPlatformConfig] + | + v + PLATFORM_CONFIG -- accessible to DXE and UEFI drivers + | + [PlatformConfigSave] + | + v + UEFI non-volatile variable -- accessible to external utilities + +(3) When the platform driver starts, a GOP may not be available yet. Thus the + driver entry point registers a callback (the GopInstalled() function) for + GOP installations. + + When the first GOP is produced (usually by QemuVideoDxe, or potentially by + a third party video driver), PlatformDxe retrieves the list of graphics + modes the GOP supports, and dynamically populates the drop-down list of + available resolutions on the form. The GOP installation callback is then + removed. + +Video driver +............ + +OvmfPkg/QemuVideoDxe is OVMF's built-in video driver. We can divide its +services in two parts: graphics output protocol (primary), and Int10h (VBE) +shim (secondary). + +(1) QemuVideoDxe conforms to the UEFI Driver Model; it produces an instance of + the EFI_GRAPHICS_OUTPUT_PROTOCOL (GOP) on each PCI display that it supports + and is connected to: + + EFI_GRAPHICS_OUTPUT_PROTOCOL + [OvmfPkg/QemuVideoDxe] + | + EFI_PCI_IO_PROTOCOL + [MdeModulePkg/Bus/Pci/PciBusDxe] + + It supports the following QEMU video cards: + + - Cirrus 5430 ("-device cirrus-vga"), + - Standard VGA ("-device VGA"), + - QXL VGA ("-device qxl-vga", "-device qxl"). + + For Cirrus the following resolutions and color depths are available: + 640x480x32, 800x600x32, 1024x768x24. On stdvga and QXL a long list of + resolutions is available. The list is filtered against the frame buffer + size during initialization. + + The size of the QXL VGA compatibility framebuffer can be changed with the + + -device qxl-vga,vgamem_mb=$NUM_MB + + QEMU option. If $NUM_MB exceeds 32, then the following is necessary + instead: + + -device qxl-vga,vgamem_mb=$NUM_MB,ram_size_mb=$((NUM_MB*2)) + + because the compatibility framebuffer can't cover more than half of PCI BAR + #0. The latter defaults to 64MB in size, and is controlled by the + "ram_size_mb" property. + +(2) When QemuVideoDxe binds the first Standard VGA or QXL VGA device, and there + is no real VGA BIOS present in the C to F segments (which could originate + from a legacy PCI option ROM -- refer to "Compatibility Support Module + (CSM)"), then QemuVideoDxe installs a minimal, "fake" VGA BIOS -- an Int10h + (VBE) "shim". + + The shim is implemented in 16-bit assembly in + "OvmfPkg/QemuVideoDxe/VbeShim.asm". The "VbeShim.sh" shell script assembles + it and formats it as a C array ("VbeShim.h") with the help of the "nasm" + utility. The driver's InstallVbeShim() function copies the shim in place + (the C segment), and fills in the VBE Info and VBE Mode Info structures. + The real-mode 10h interrupt vector is pointed to the shim's handler. + + The shim is (correctly) irrelevant and invisible for all UEFI operating + systems we know about -- except Windows Server 2008 R2 and other Windows + operating systems in that family. + + Namely, the Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video + driver dereferences the real mode Int10h vector, loads the pointed-to + handler code, and executes what it thinks to be VGA BIOS services in an + internal real-mode emulator. Consequently, video mode switching used not to + work in Windows 2008 R2 SP1 when it ran on the "pure UEFI" build of OVMF, + making the guest uninstallable. Hence the (otherwise optional, non-default) + Compatibility Support Module (CSM) ended up a requirement for running such + guests. + + The hard dependency on the sophisticated SeaBIOS CSM and the complex + supporting edk2 infrastructure, for enabling this family of guests, was + considered suboptimal by some members of the upstream community, + + [RHEL] and was certainly considered a serious maintenance disadvantage for + Red Hat Enterprise Linux 7.1 hosts. + + Thus, the shim has been collaboratively developed for the Windows 7 / + Windows Server 2008 R2 family. The shim provides a real stdvga / QXL + implementation for the few services that are in fact necessary for the + Windows 2008 R2 SP1 (and Windows 7) UEFI guest, plus some "fakes" that the + guest invokes but whose effect is not important. The only supported mode is + 1024x768x32, which is enough to install the guest and then upgrade its + video driver to the full-featured QXL XDDM one. + + The C segment is not present in the UEFI memory map prepared by OVMF. + Memory space that would cover it is never added (either in PEI, in the form + of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). + This way the handler body is invisible to all other UEFI guests, and the + rest of edk2. + + The Int10h real-mode IVT entry is covered with a Boot Services Code page, + making that too inaccessible to the rest of edk2. Due to the allocation + type, UEFI guest OSes different from the Windows Server 2008 family can + reclaim the page at zero. (The Windows 2008 family accesses that page + regardless of the allocation type.) + +Afterword +--------- + +After the bulk of this document was written in July 2014, OVMF development has +not stopped. To name two significant code contributions from the community: in +January 2015, OVMF runs on the "q35" machine type of QEMU, and it features a +driver for Xen paravirtual block devices (and another for the underlying Xen +bus). + +Furthermore, a dedicated virtualization platform has been contributed to +ArmPlatformPkg that plays a role parallel to OvmfPkg's. It targets the "virt" +machine type of qemu-system-arm and qemu-system-aarch64. Parts of OvmfPkg are +being refactored and modularized so they can be reused in +"ArmPlatformPkg/ArmVirtualizationPkg/ArmVirtualizationQemu.dsc". diff --git a/SOURCES/ovmf.json b/SOURCES/ovmf.json new file mode 100644 index 0000000..5e8a94a --- /dev/null +++ b/SOURCES/ovmf.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/OVMF/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/SPECS/ovmf.spec b/SPECS/ovmf.spec new file mode 100644 index 0000000..88f0aa7 --- /dev/null +++ b/SPECS/ovmf.spec @@ -0,0 +1,934 @@ +ExclusiveArch: x86_64 aarch64 + +%define GITDATE 20180508 +%define GITCOMMIT ee3198e672e2 + +%global debug_package %{nil} + +Name: ovmf +Version: %{GITDATE} +Release: 6.git%{GITCOMMIT}%{?dist} +Summary: UEFI firmware for 64-bit virtual machines +Group: Applications/Emulators +License: BSD and OpenSSL and MIT +URL: http://www.tianocore.org + +# The source tarball is created using following commands: +# COMMIT=%{GITCOMMIT} +# git archive --format=tar --prefix=ovmf-$COMMIT/ $COMMIT \ +# | xz -9ev >/tmp/ovmf-$COMMIT.tar.xz +Source0: http://batcave.lab.eng.brq.redhat.com/www/ovmf-%{GITCOMMIT}.tar.xz +Source1: ovmf-whitepaper-c770f8c.txt +Source2: openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz +Source3: ovmf-vars-generator +Source4: LICENSE.qosb + +Source10: ovmf-sb.json +Source11: ovmf.json + +Patch0003: 0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +Patch0006: 0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +Patch0007: 0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +Patch0008: 0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +Patch0009: 0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch +Patch0010: 0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +Patch0011: 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +Patch0012: 0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +Patch0013: 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +Patch0014: 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +Patch0015: 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch +Patch0017: 0017-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +Patch0018: 0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch +Patch0019: 0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +Patch20: ovmf-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch +Patch21: ovmf-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch +Patch22: ovmf-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch +# For bz#1666586 - CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7] +Patch23: ovmf-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch +# For bz#1666586 - CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7] +Patch24: ovmf-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch +# For bz#1666586 - CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7] +Patch25: ovmf-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch +# For bz#1666586 - CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7] +Patch26: ovmf-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch +# For bz#1666586 - CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7] +Patch27: ovmf-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch +# For bz#1666586 - CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7] +Patch28: ovmf-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch +# For bz#1666586 - CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7] +Patch29: ovmf-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch +# For bz#1684007 - CVE-2018-12180 OVMF: edk2: Buffer Overflow in BlockIo service for RAM disk [rhel-7.7] +Patch30: ovmf-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch +# For bz#1684007 - CVE-2018-12180 OVMF: edk2: Buffer Overflow in BlockIo service for RAM disk [rhel-7.7] +Patch31: ovmf-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch +# For bz#1650390 - CVE-2018-5407 OVMF: openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) [rhel-7] +Patch33: ovmf-Upgrade-OpenSSL-to-1.1.0j.patch +# For bz#1691479 - CVE-2018-12181 OVMF: edk2: Stack buffer overflow with corrupted BMP [rhel-7] +Patch34: ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch +# For bz#1691479 - CVE-2018-12181 OVMF: edk2: Stack buffer overflow with corrupted BMP [rhel-7] +Patch35: ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch +# For bz#1691647 - CVE-2019-0160 OVMF: edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media [rhel-7] +Patch36: ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch +# For bz#1691647 - CVE-2019-0160 OVMF: edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media [rhel-7] +Patch37: ovmf-MdeModulePkg-UdfDxe-Refine-boundary-checks-for-file-.patch +# For bz#1691647 - CVE-2019-0160 OVMF: edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media [rhel-7] +Patch38: ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-the-read-of-F.patch +# For bz#1691647 - CVE-2019-0160 OVMF: edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media [rhel-7] +Patch39: ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-Component.patch +# For bz#1691647 - CVE-2019-0160 OVMF: edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media [rhel-7] +Patch40: ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-getting-v.patch +# For bz#1697534 - CVE-2019-0161 ovmf: edk2: stack overflow in XHCI causing denial of service [rhel-7] +Patch41: ovmf-MdeModulePkg-UsbBusDxe-Fix-wrong-buffer-length-used-.patch + + +# python2-devel and libuuid-devel are required for building tools +BuildRequires: python2-devel +BuildRequires: libuuid-devel +BuildRequires: /usr/bin/iasl +BuildRequires: binutils gcc git + +%ifarch x86_64 +%global subpkgname OVMF + +# Only OVMF includes 80x86 assembly files (*.nasm*). +BuildRequires: nasm + +# Only OVMF includes the Secure Boot feature, for which we need to separate out +# the UEFI shell. +BuildRequires: dosfstools +BuildRequires: mtools +BuildRequires: genisoimage + +# For generating the variable store template with the default certificates +# enrolled, we need qemu-kvm (from base RHEL7) such that it includes basic OVMF +# support (split pflash) -- see RHBZ#1032346. +BuildRequires: qemu-kvm >= 1.5.3-44 + +# For verifying SB enablement in the above variable store template, we need a +# trusted guest kernel that prints "Secure boot enabled". See RHBZ#903815. +BuildRequires: kernel >= 3.10.0-52 +BuildRequires: rpmdevtools + +%package -n OVMF +Summary: UEFI firmware for x86_64 virtual machines +BuildArch: noarch + +# OVMF includes the Secure Boot feature; it has a builtin OpenSSL library. +Provides: bundled(openssl) = 1.1.0i +License: BSD and OpenSSL + +# URL taken from the Maintainers.txt file. +URL: http://www.tianocore.org/ovmf/ + +%description -n OVMF +OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for +Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU +and KVM. + +%else +%global subpkgname AAVMF + +%package -n AAVMF +Summary: UEFI firmware for aarch64 virtual machines +BuildArch: noarch + +# No Secure Boot for AAVMF yet -- no builtin OpenSSL library. +License: BSD + +# URL taken from the Maintainers.txt file. +URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg + +%description -n AAVMF +AAVMF (ARM Architecture Virtual Machine Firmware) is an EFI Development Kit II +platform that enables UEFI support for QEMU/KVM ARM Virtual Machines. This +package contains a 64-bit build. +%endif + +%description +EDK II is a modern, feature-rich, cross-platform firmware development +environment for the UEFI and PI specifications. This package contains sample +64-bit UEFI firmware builds for QEMU and KVM. + +%prep +%setup -q -n ovmf-%{GITCOMMIT} + +# Ensure old shell and binary packages are not used +rm -rf EdkShellBinPkg +rm -rf EdkShellPkg +rm -rf FatBinPkg +rm -rf ShellBinPkg + +%{lua: + tmp = os.tmpname(); + f = io.open(tmp, "w+"); + count = 0; + for i, p in ipairs(patches) do + f:write(p.."\n"); + count = count + 1; + end; + f:close(); + print("PATCHCOUNT="..count.."\n") + print("PATCHLIST="..tmp.."\n") +} + +git init -q +git config user.name rpm-build +git config user.email rpm-build +git config core.whitespace cr-at-eol +git config am.keepcr true +git add -A . +git commit -q -a --author 'rpm-build ' \ + -m '%{name}-%{GITCOMMIT} base' + +COUNT=$(grep '\.patch$' $PATCHLIST | wc -l) +if [ $COUNT -ne $PATCHCOUNT ]; then + echo "Found $COUNT patches in $PATCHLIST, expected $PATCHCOUNT" + exit 1 +fi +if [ $COUNT -gt 0 ]; then + for pf in `cat $PATCHLIST`; do + git am $pf + done +fi +echo "Applied $COUNT patches" +rm -f $PATCHLIST + +cp -a -- %{SOURCE1} %{SOURCE3} . +cp -a -- %{SOURCE10} %{SOURCE11} . +tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x + +# Done by %setup, but we do not use it for the auxiliary tarballs +chmod -Rf a+rX,u+w,g-w,o-w . + +%build +source ./edksetup.sh +make -C "$EDK_TOOLS_PATH" + +SMP_MFLAGS="%{?_smp_mflags}" +if [[ x"$SMP_MFLAGS" = x-j* ]]; then + CC_FLAGS="$CC_FLAGS -n ${SMP_MFLAGS#-j}" +elif [ -n "%{?jobs}" ]; then + CC_FLAGS="$CC_FLAGS -n %{?jobs}" +fi + +CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t GCC48 -b DEBUG --hash" + +%ifarch x86_64 +# Build with SB but without SMM; include UEFI shell. +build ${CC_FLAGS} -D FD_SIZE_4MB -a X64 -p OvmfPkg/OvmfPkgX64.dsc \ + -D SECURE_BOOT_ENABLE + +# Build with SB and SMM; exclude UEFI shell. +build -D SECURE_BOOT_ENABLE -D EXCLUDE_SHELL_FROM_FD ${CC_FLAGS} \ + -a IA32 -a X64 -p OvmfPkg/OvmfPkgIa32X64.dsc -D SMM_REQUIRE \ + -D FD_SIZE_4MB + +# Sanity check: the varstore templates must be identical. +cmp Build/OvmfX64/DEBUG_GCC4?/FV/OVMF_VARS.fd \ + Build/Ovmf3264/DEBUG_GCC4?/FV/OVMF_VARS.fd + +# Prepare an ISO image that boots the UEFI shell. +( + UEFI_SHELL_BINARY=Build/Ovmf3264/DEBUG_GCC48/X64/Shell.efi + ENROLLER_BINARY=Build/Ovmf3264/DEBUG_GCC48/X64/EnrollDefaultKeys.efi + UEFI_SHELL_IMAGE=uefi_shell.img + ISO_IMAGE=UefiShell.iso + + UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY") + UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY") + ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY") + + # add 1MB then 10% for metadata + UEFI_SHELL_IMAGE_KB=$(( + (UEFI_SHELL_SIZE + ENROLLER_SIZE + 1 * 1024 * 1024) * 11 / 10 / 1024 + )) + + # create non-partitioned FAT image + rm -f -- "$UEFI_SHELL_IMAGE" + mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB" + + # copy the shell binary into the FAT image + export MTOOLS_SKIP_CHECK=1 + mmd -i "$UEFI_SHELL_IMAGE" ::efi + mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot + mcopy -i "$UEFI_SHELL_IMAGE" "$UEFI_SHELL_BINARY" ::efi/boot/bootx64.efi + mcopy -i "$UEFI_SHELL_IMAGE" "$ENROLLER_BINARY" :: + mdir -i "$UEFI_SHELL_IMAGE" -/ :: + + # build ISO with FAT image file as El Torito EFI boot image + genisoimage -input-charset ASCII -J -rational-rock \ + -efi-boot "$UEFI_SHELL_IMAGE" -no-emul-boot \ + -o "$ISO_IMAGE" -- "$UEFI_SHELL_IMAGE" +) + +# Enroll the default certificates in a separate variable store template. Base +# RHEL7 qemu-kvm does not emulate SMM, but we don't need SMM for the enrollment +# here. +./ovmf-vars-generator --verbose --verbose \ + --qemu-binary /usr/libexec/qemu-kvm \ + --ovmf-binary Build/OvmfX64/DEBUG_GCC4?/FV/OVMF_CODE.fd \ + --ovmf-template-vars Build/OvmfX64/DEBUG_GCC4?/FV/OVMF_VARS.fd \ + --uefi-shell-iso UefiShell.iso \ + --skip-testing \ + --disable-smm \ + OVMF_VARS.secboot.fd + +%else +# Build with a verbose debug mask first, and stash the binary. +build ${CC_FLAGS} -a AARCH64 \ + -p ArmVirtPkg/ArmVirtQemu.dsc \ + -D DEBUG_PRINT_ERROR_LEVEL=0x8040004F +cp -a Build/ArmVirtQemu-AARCH64/DEBUG_GCC48/FV/QEMU_EFI.fd \ + QEMU_EFI.verbose.fd + +# Rebuild with a silent (errors only) debug mask. +build ${CC_FLAGS} -a AARCH64 \ + -p ArmVirtPkg/ArmVirtQemu.dsc \ + -D DEBUG_PRINT_ERROR_LEVEL=0x80000000 +%endif + +%install + +copy_license() { + install -m 0644 $1 $RPM_BUILD_ROOT%{_docdir}/%{subpkgname}/Licenses/$2-License.txt +} + +mkdir -p $RPM_BUILD_ROOT%{_docdir}/%{subpkgname}/Licenses +copy_license License.txt edk2 +copy_license OvmfPkg/License.txt OvmfPkg + +%ifarch x86_64 +mkdir -p $RPM_BUILD_ROOT%{_datadir}/OVMF + +# We don't ship the SB-ful, SMM-less binary. +%if 0 +install -m 0644 Build/OvmfX64/DEBUG_GCC4?/FV/OVMF_CODE.fd $RPM_BUILD_ROOT%{_datadir}/OVMF/OVMF_CODE.fd +%endif +install -m 0644 Build/Ovmf3264/DEBUG_GCC4?/FV/OVMF_CODE.fd $RPM_BUILD_ROOT%{_datadir}/OVMF/OVMF_CODE.secboot.fd + +install -m 0644 Build/OvmfX64/DEBUG_GCC4?/FV/OVMF_VARS.fd $RPM_BUILD_ROOT%{_datadir}/OVMF/OVMF_VARS.fd +install -m 0644 OVMF_VARS.secboot.fd $RPM_BUILD_ROOT%{_datadir}/OVMF/OVMF_VARS.secboot.fd +install -m 0644 UefiShell.iso $RPM_BUILD_ROOT%{_datadir}/OVMF/UefiShell.iso +install -m 0644 OvmfPkg/README $RPM_BUILD_ROOT%{_docdir}/%{subpkgname}/README +install -m 0644 ovmf-whitepaper-c770f8c.txt $RPM_BUILD_ROOT%{_docdir}/%{subpkgname}/ovmf-whitepaper-c770f8c.txt + +mkdir -p $RPM_BUILD_ROOT%{_datadir}/qemu/firmware +install -m 0644 ovmf-sb.json $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-ovmf-sb.json +install -m 0644 ovmf.json $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/60-ovmf.json + +copy_license CryptoPkg/Library/OpensslLib/openssl/LICENSE OpensslLib + +%else +mkdir -p $RPM_BUILD_ROOT%{_datadir}/AAVMF + +# Pad and install the verbose binary. +cat QEMU_EFI.verbose.fd \ + /dev/zero \ +| head -c 64m \ + > $RPM_BUILD_ROOT%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd + +# Pad and install the silent (default) binary. +cat Build/ArmVirtQemu-AARCH64/DEBUG_GCC48/FV/QEMU_EFI.fd \ + /dev/zero \ +| head -c 64m \ + > $RPM_BUILD_ROOT%{_datadir}/AAVMF/AAVMF_CODE.fd + +# Create varstore template. +cat Build/ArmVirtQemu-AARCH64/DEBUG_GCC48/FV/QEMU_VARS.fd \ + /dev/zero \ +| head -c 64m \ + > $RPM_BUILD_ROOT%{_datadir}/AAVMF/AAVMF_VARS.fd + +chmod 0644 -- $RPM_BUILD_ROOT%{_datadir}/AAVMF/AAVMF_*.fd +%endif + +%ifarch x86_64 +%files -n OVMF +%else +%files -n AAVMF +%endif + +%defattr(-,root,root,-) +%dir %{_docdir}/%{subpkgname}/Licenses +%doc %{_docdir}/%{subpkgname}/Licenses/edk2-License.txt +%doc %{_docdir}/%{subpkgname}/Licenses/OvmfPkg-License.txt + +%ifarch x86_64 +%doc %{_docdir}/%{subpkgname}/Licenses/OpensslLib-License.txt +%doc %{_docdir}/%{subpkgname}/README +%doc %{_docdir}/%{subpkgname}/ovmf-whitepaper-c770f8c.txt +%dir %{_datadir}/OVMF/ +%if 0 +%{_datadir}/OVMF/OVMF_CODE.fd +%endif +%{_datadir}/OVMF/OVMF_CODE.secboot.fd +%{_datadir}/OVMF/OVMF_VARS.fd +%{_datadir}/OVMF/OVMF_VARS.secboot.fd +%{_datadir}/OVMF/UefiShell.iso + +%dir %{_datadir}/qemu +%dir %{_datadir}/qemu/firmware +%{_datadir}/qemu/firmware/50-ovmf-sb.json +%{_datadir}/qemu/firmware/60-ovmf.json + +%else +%dir %{_datadir}/AAVMF/ +%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd +%{_datadir}/AAVMF/AAVMF_CODE.fd +%{_datadir}/AAVMF/AAVMF_VARS.fd +%endif + +%check + +%ifarch x86_64 +# Of the installed host kernels, boot the one with the highest Version-Release +# under OVMF, and check if it prints "Secure boot enabled". +KERNEL_PKG=$(rpm -q kernel | rpmdev-sort | tail -n 1) +KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | grep '^/boot/vmlinuz-') + +./ovmf-vars-generator --verbose --verbose \ + --qemu-binary /usr/libexec/qemu-kvm \ + --ovmf-binary Build/OvmfX64/DEBUG_GCC4?/FV/OVMF_CODE.fd \ + --ovmf-template-vars Build/OvmfX64/DEBUG_GCC4?/FV/OVMF_VARS.fd \ + --uefi-shell-iso UefiShell.iso \ + --kernel-path $KERNEL_IMG \ + --skip-enrollment \ + --no-download \ + --disable-smm \ + OVMF_VARS.secboot.fd + +%else +true + +%endif + +%changelog +* Mon Apr 15 2019 Miroslav Rezanina - 20180508-6.gitee3198e672e2.el7 +- ovmf-MdeModulePkg-HiiDatabase-Fix-potential-integer-overf.patch [bz#1691479] +- ovmf-MdeModulePkg-HiiImage-Fix-stack-overflow-when-corrup.patch [bz#1691479] +- ovmf-MdeModulePkg-PartitionDxe-Add-check-for-underlying-d.patch [bz#1691647] +- ovmf-MdeModulePkg-UdfDxe-Refine-boundary-checks-for-file-.patch [bz#1691647] +- ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-the-read-of-F.patch [bz#1691647] +- ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-Component.patch [bz#1691647] +- ovmf-MdeModulePkg-UdfDxe-Add-boundary-check-for-getting-v.patch [bz#1691647] +- ovmf-MdeModulePkg-UsbBusDxe-Fix-wrong-buffer-length-used-.patch [bz#1697534] +- Resolves: bz#1691479 + (CVE-2018-12181 OVMF: edk2: Stack buffer overflow with corrupted BMP [rhel-7]) +- Resolves: bz#1691647 + (CVE-2019-0160 OVMF: edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media [rhel-7]) +- Resolves: bz#1697534 + (CVE-2019-0161 ovmf: edk2: stack overflow in XHCI causing denial of service [rhel-7]) + +* Thu Mar 07 2019 Miroslav Rezanina - 20180508-5.gitee3198e672e2.el7 +- ovmf-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch [bz#1666586] +- ovmf-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch [bz#1666586] +- ovmf-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch [bz#1666586] +- ovmf-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch [bz#1666586] +- ovmf-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch [bz#1666586] +- ovmf-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch [bz#1666586] +- ovmf-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch [bz#1666586] +- ovmf-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch [bz#1684007] +- ovmf-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch [bz#1684007] +- ovmf-redhat-openssl-update-introduce-MOCK-shorthand-for-m.patch [bz#1650390] +- ovmf-redhat-openssl-update-enable-the-bootstrap-container.patch [bz#1650390] +- ovmf-redhat-consume-OpenSSL-1.1.0i-from-Fedora-28.patch [bz#1650390] +- ovmf-Upgrade-OpenSSL-to-1.1.0j.patch [bz#1650390] +- Resolves: bz#1650390 + (CVE-2018-5407 OVMF: openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) [rhel-7]) +- Resolves: bz#1666586 + (CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 OVMF: various flaws [rhel-7]) +- Resolves: bz#1684007 + (CVE-2018-12180 OVMF: edk2: Buffer Overflow in BlockIo service for RAM disk [rhel-7.7]) + +* Thu Nov 29 2018 Miroslav Rezanina - 20180508-4.gitee3198e672e2.el7 +- ovmf-redhat-provide-firmware-descriptor-meta-files.patch [bz#1608599] +- Resolves: bz#1608599 + ([RHEL 7.7] RFE: provide firmware descriptor meta-files for OVMF) + +* Fri Jul 27 2018 Miroslav Rezanina - 20180508-3.gitee3198e672e2.el7 +- ovmf-redhat-provide-virtual-bundled-OpenSSL-in-OVMF.patch [bz#1607792] +- Resolves: bz#1607792 + (add 'Provides: bundled(openssl) = 1.1.0h' to the spec file) + +* Fri Jun 08 2018 Miroslav Rezanina - 20180508-2.gitee3198e672e2 +- OvmfPkg/PlatformBootManagerLib: connect consoles unconditionally [bz#1577546] +- build OVMF varstore template with SB enabled / certs enrolled [bz#1561128] +- connect Virtio RNG devices again [bz#1579518] +- Resolves: bz#1577546 + (no input consoles connected under certain circumstances) +- Resolves: bz#1561128 + (OVMF Secure boot enablement (enrollment of default keys)) +- Resolves: bz#1579518 + (EFI_RNG_PROTOCOL no longer produced for virtio-rng) + +* Thu May 10 2018 Miroslav Rezanina - 20180508-1.gitee3198e672e2 +- Rebase to [bz#1559542] +- Resolves: bz#1559542 + (Rebase OVMF for RHEL-7.6) + +* Wed Dec 06 2017 Miroslav Rezanina - 20171011-4.git92d07e48907f.el7 +- ovmf-MdeModulePkg-Core-Dxe-log-informative-memprotect-msg.patch [bz#1520485] +- ovmf-MdeModulePkg-BdsDxe-fall-back-to-a-Boot-Manager-Menu.patch [bz#1515418] +- Resolves: bz#1515418 + (RFE: Provide diagnostics for failed boot) +- Resolves: bz#1520485 + (AAVMF: two new messages with silent build) + +* Fri Dec 01 2017 Miroslav Rezanina - 20171011-3.git92d07e48907f.el7 +- ovmf-UefiCpuPkg-CpuDxe-Fix-multiple-entries-of-RT_CODE-in.patch [bz#1518308] +- ovmf-MdeModulePkg-DxeCore-Filter-out-all-paging-capabilit.patch [bz#1518308] +- ovmf-MdeModulePkg-Core-Merge-memory-map-after-filtering-p.patch [bz#1518308] +- Resolves: bz#1518308 + (UEFI memory map regression (runtime code entry splitting) introduced by c1cab54ce57c) + +* Mon Nov 27 2017 Miroslav Rezanina - 20171011-2.git92d07e48907f.el7 +- ovmf-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch [bz#1513632] +- ovmf-MdeModulePkg-Bds-Check-variable-name-even-if-OptionN.patch [bz#1513632] +- ovmf-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-.patch [bz#1514105] +- ovmf-OvmfPkg-make-it-a-proper-BASE-library.patch [bz#1488247] +- ovmf-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch [bz#1488247] +- ovmf-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch [bz#1488247] +- ovmf-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch [bz#1488247] +- ovmf-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch [bz#1488247] +- ovmf-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch [bz#1488247] +- ovmf-Revert-redhat-introduce-separate-silent-and-verbose-.patch [bz#1488247] +- Resolves: bz#1488247 + (make debug logging no-op unless a debug console is active) +- Resolves: bz#1513632 + ([RHEL-ALT 7.5] AAVMF fails to boot after setting BootNext) +- Resolves: bz#1514105 + (backport edk2 commit 6e3287442774 so that PciBusDxe not over-claim resources) + +* Wed Oct 18 2017 Miroslav Rezanina - 20171011-1.git92d07e48907f.el7 +- Rebase to 92d07e48907f [bz#1469787] +- Resolves: bz#1469787 + ((ovmf-rebase-rhel-7.5) Rebase OVMF for RHEL-7.5) +- Resolves: bz#1434740 + (OvmfPkg/PciHotPlugInitDxe: don't reserve IO space when IO support is disabled) +- Resolves: bz#1434747 + ([Q35] code12 error when hotplug x710 device in win2016) +- Resolves: bz#1447027 + (Guest cannot boot with 240 or above vcpus when using ovmf) +- Resolves: bz#1458192 + ([Q35] recognize "usb-storage" devices in XHCI ports) +- Resolves: bz#1468526 + (>1TB RAM support) +- Resolves: bz#1488247 + (provide "OVMF_CODE.secboot.verbose.fd" for log capturing; silence "OVMF_CODE.secboot.fd") +- Resolves: bz#1496170 + (Inconsistent MOR control variables exposed by OVMF, breaks Windows Device Guard) + +* Fri May 12 2017 Miroslav Rezanina - 20170228-5.gitc325e41585e3.el7 +- ovmf-OvmfPkg-EnrollDefaultKeys-update-SignatureOwner-GUID.patch [bz#1443351] +- ovmf-OvmfPkg-EnrollDefaultKeys-expose-CertType-parameter-.patch [bz#1443351] +- ovmf-OvmfPkg-EnrollDefaultKeys-blacklist-empty-file-in-db.patch [bz#1443351] +- ovmf-OvmfPkg-introduce-the-FD_SIZE_IN_KB-macro-build-flag.patch [bz#1443351] +- ovmf-OvmfPkg-OvmfPkg.fdf.inc-extract-VARS_LIVE_SIZE-and-V.patch [bz#1443351] +- ovmf-OvmfPkg-introduce-4MB-flash-image-mainly-for-Windows.patch [bz#1443351] +- ovmf-OvmfPkg-raise-max-variable-size-auth-non-auth-to-33K.patch [bz#1443351] +- ovmf-OvmfPkg-PlatformPei-handle-non-power-of-two-spare-si.patch [bz#1443351] +- ovmf-redhat-update-local-build-instructions-with-D-FD_SIZ.patch [bz#1443351] +- ovmf-redhat-update-OVMF-build-commands-with-D-FD_SIZE_4MB.patch [bz#1443351] +- Resolves: bz#1443351 + ([svvp][ovmf] job "Secure Boot Logo Test" failed with q35&ovmf) + +* Fri Apr 28 2017 Miroslav Rezanina - 20170228-4.gitc325e41585e3.el7 +- ovmf-ShellPkg-Shell-clean-up-bogus-member-types-in-SPLIT_.patch [bz#1442908] +- ovmf-ShellPkg-Shell-eliminate-double-free-in-RunSplitComm.patch [bz#1442908] +- Resolves: bz#1442908 + (Guest hang when running a wrong command in Uefishell) + +* Tue Apr 04 2017 Miroslav Rezanina - 20170228-3.gitc325e41585e3.el7 +- ovmf-ArmVirtPkg-FdtClientDxe-supplement-missing-EFIAPI-ca.patch [bz#1430262] +- ovmf-ArmVirtPkg-ArmVirtPL031FdtClientLib-unconditionally-.patch [bz#1430262] +- ovmf-MdeModulePkg-RamDiskDxe-fix-C-string-literal-catenat.patch [bz#1430262] +- ovmf-EmbeddedPkg-introduce-EDKII-Platform-Has-ACPI-GUID.patch [bz#1430262] +- ovmf-EmbeddedPkg-introduce-PlatformHasAcpiLib.patch [bz#1430262] +- ovmf-EmbeddedPkg-introduce-EDKII-Platform-Has-Device-Tree.patch [bz#1430262] +- ovmf-ArmVirtPkg-add-PlatformHasAcpiDtDxe.patch [bz#1430262] +- ovmf-ArmVirtPkg-enable-AcpiTableDxe-and-EFI_ACPI_TABLE_PR.patch [bz#1430262] +- ovmf-ArmVirtPkg-FdtClientDxe-install-DT-as-sysconfig-tabl.patch [bz#1430262] +- ovmf-ArmVirtPkg-PlatformHasAcpiDtDxe-don-t-expose-DT-if-Q.patch [bz#1430262] +- ovmf-ArmVirtPkg-remove-PURE_ACPI_BOOT_ENABLE-and-PcdPureA.patch [bz#1430262] +- Resolves: bz#1430262 + (AAVMF: forward QEMU's DT to the guest OS only if ACPI payload is unavailable) + +* Mon Mar 27 2017 Miroslav Rezanina - 20170228-2.gitc325e41585e3.el7 +- ovmf-MdeModulePkg-Core-Dxe-downgrade-CodeSegmentCount-is-.patch [bz#1433428] +- Resolves: bz#1433428 + (AAVMF: Fix error message during ARM guest VM installation) + +* Wed Mar 08 2017 Laszlo Ersek - ovmf-20170228-1.gitc325e41585e3.el7 +- Rebase to upstream c325e41585e3 [bz#1416919] +- Resolves: bz#1373812 + (guest boot from network even set 'boot order=1' for virtio disk with OVMF) +- Resolves: bz#1380282 + (Update OVMF to openssl-1.0.2k-hobbled) +- Resolves: bz#1412313 + (select broadcast SMI if available) +- Resolves: bz#1416919 + (Rebase OVMF for RHEL-7.4) +- Resolves: bz#1426330 + (disable libssl in CryptoPkg) + +* Mon Sep 12 2016 Laszlo Ersek - ovmf-20160608b-1.git988715a.el7 +- rework downstream-only commit dde83a75b566 "setup the tree for the secure + boot feature (RHEL only)", excluding patent-encumbered files from the + upstream OpenSSL 1.0.2g tarball [bz#1374710] +- rework downstream-only commit dfc3ca1ee509 "CryptoPkg/OpensslLib: Upgrade + OpenSSL version to 1.0.2h", excluding patent-encumbered files from the + upstream OpenSSL 1.0.2h tarball [bz#1374710] + +* Thu Aug 04 2016 Miroslav Rezanina - OVMF-20160608-3.git988715a.el7 +- ovmf-MdePkg-PCI-Add-missing-PCI-PCIE-definitions.patch [bz#1332408] +- ovmf-ArmPlatformPkg-NorFlashDxe-accept-both-non-secure-an.patch [bz#1353494] +- ovmf-ArmVirtPkg-ArmVirtQemu-switch-secure-boot-build-to-N.patch [bz#1353494] +- ovmf-ArmPlatformPkg-NorFlashAuthenticatedDxe-remove-this-.patch [bz#1353494] +- ovmf-ArmVirtPkg-add-FDF-definition-for-empty-varstore.patch [bz#1353494] +- ovmf-redhat-package-the-varstore-template-produced-by-the.patch [bz#1353494] +- ovmf-ArmVirtPkg-Re-add-the-Driver-Health-Manager.patch [bz#1353494] +- ovmf-ArmVirtPkg-HighMemDxe-allow-patchable-PCD-for-PcdSys.patch [bz#1353494] +- ovmf-ArmVirtPkg-ArmVirtQemuKernel-make-ACPI-support-AARCH.patch [bz#1353494] +- ovmf-ArmVirtPkg-align-ArmVirtQemuKernel-with-ArmVirtQemu.patch [bz#1353494] +- ovmf-ArmVirtPkg-ArmVirtQemu-factor-out-shared-FV.FvMain-d.patch [bz#1353494] +- ovmf-ArmVirtPkg-factor-out-Rules-FDF-section.patch [bz#1353494] +- ovmf-ArmVirtPkg-add-name-GUIDs-to-FvMain-instances.patch [bz#1353494] +- ovmf-OvmfPkg-add-a-Name-GUID-to-each-Firmware-Volume.patch [bz#1353494] +- ovmf-OvmfPkg-PlatformBootManagerLib-remove-stale-FvFile-b.patch [bz#1353494] +- ovmf-MdePkg-IndustryStandard-introduce-EFI_PCI_CAPABILITY.patch [bz#1332408] +- ovmf-MdeModulePkg-PciBusDxe-look-for-the-right-capability.patch [bz#1332408] +- ovmf-MdeModulePkg-PciBusDxe-recognize-hotplug-capable-PCI.patch [bz#1332408] +- ovmf-OvmfPkg-add-PciHotPlugInitDxe.patch [bz#1332408] +- ovmf-ArmPkg-ArmGicLib-manage-GICv3-SPI-state-at-the-distr.patch [bz#1356655] +- ovmf-ArmVirtPkg-PlatformBootManagerLib-remove-stale-FvFil.patch [bz#1353494] +- ovmf-OvmfPkg-EnrollDefaultKeys-assign-Status-before-readi.patch [bz#1356913] +- ovmf-OvmfPkg-EnrollDefaultKeys-silence-VS2015x86-warning-.patch [bz#1356913] +- ovmf-CryptoPkg-update-openssl-to-ignore-RVCT-3079.patch [bz#1356184] +- ovmf-CryptoPkg-Fix-typos-in-comments.patch [bz#1356184] +- ovmf-CryptoPkg-BaseCryptLib-Avoid-passing-NULL-ptr-to-fun.patch [bz#1356184] +- ovmf-CryptoPkg-BaseCryptLib-Init-the-content-of-struct-Ce.patch [bz#1356184] +- ovmf-CryptoPkg-OpensslLib-Upgrade-OpenSSL-version-to-1.0..patch [bz#1356184] +- Resolves: bz#1332408 + (Q35 machine can not hot-plug scsi controller under switch) +- Resolves: bz#1353494 + ([OVMF] "EFI Internal Shell" should be removed from "Boot Manager") +- Resolves: bz#1356184 + (refresh embedded OpenSSL to 1.0.2h) +- Resolves: bz#1356655 + (AAVMF: stop accessing unmapped gicv3 registers) +- Resolves: bz#1356913 + (fix use-without-initialization in EnrollDefaultKeys.efi) + +* Tue Jul 12 2016 Miroslav Rezanina - OVMF-20160608-2.git988715a.el7 +- ovmf-ArmPkg-ArmGicV3Dxe-configure-all-interrupts-as-non-s.patch [bz#1349407] +- ovmf-ArmVirtPkg-PlatformBootManagerLib-Postpone-the-shell.patch [bz#1353689] +- Resolves: bz#1349407 + (AArch64: backport fix to run over gicv3 emulation) +- Resolves: bz#1353689 + (AAVMF: Drops to shell with uninitialized NVRAM file) + +* Thu Jun 9 2016 Laszlo Ersek - ovmf-20160608-1.git988715a.el7 +- Resolves: bz#1341733 + (prevent SMM stack overflow in OVMF while enrolling certificates in "db") +- Resolves: bz#1257882 + (FEAT: support to boot from virtio 1.0 modern devices) +- Resolves: bz#1333238 + (Q35 machine can not boot up successfully with more than 3 virtio-scsi + storage controller under switch) +- Resolves: bz#1330955 + (VM can not be booted up from hard disk successfully when with a passthrough + USB stick) + +* Thu May 19 2016 Laszlo Ersek - ovmf-20160419-2.git90bb4c5.el7 +- Submit scratch builds from the exploded tree again to + supp-rhel-7.3-candidate, despite FatPkg being OSS at this point; see + bz#1329559. + +* Wed Apr 20 2016 Laszlo Ersek - ovmf-20160419-1.git90bb4c5.el7 +- FatPkg is under the 2-clause BSDL now; "ovmf" has become OSS +- upgrade to openssl-1.0.2g +- Resolves: bz#1323363 + (remove "-D SECURE_BOOT_ENABLE" from AAVMF) +- Resolves: bz#1257882 + (FEAT: support to boot from virtio 1.0 modern devices) +- Resolves: bz#1308678 + (clearly separate SB-less, SMM-less OVMF binary from SB+SMM OVMF binary) + +* Fri Feb 19 2016 Miroslav Rezanina - OVMF-20160202-2.gitd7c0dfa.el7 +- ovmf-restore-TianoCore-splash-logo-without-OpenSSL-advert.patch [bz#1308678] +- ovmf-OvmfPkg-ArmVirtPkg-show-OpenSSL-less-logo-without-Se.patch [bz#1308678] +- ovmf-OvmfPkg-simplify-VARIABLE_STORE_HEADER-generation.patch [bz#1308678] +- ovmf-redhat-bring-back-OVMF_CODE.fd-but-without-SB-and-wi.patch [bz#1308678] +- ovmf-redhat-rename-OVMF_CODE.smm.fd-to-OVMF_CODE.secboot..patch [bz#1308678] + +* Tue Feb 2 2016 Laszlo Ersek - ovmf-20160202-1.gitd7c0dfa.el7 +- rebase to upstream d7c0dfa +- update OpenSSL to 1.0.2e (upstream) +- update FatPkg to SVN r97 (upstream) +- drive NVMe devices (upstream) +- resize xterm on serial console mode change, when requested with + -fw_cfg name=opt/(ovmf|aavmf)/PcdResizeXterm,string=y + (downstream) +- Resolves: bz#1259395 + (revert / roll back AAVMF fix for BZ 1188054) +- Resolves: bz#1202819 + (OVMF: secure boot limitations) +- Resolves: bz#1182495 + (OVMF rejects iPXE oprom when Secure Boot is enabled) + +* Thu Nov 5 2015 Laszlo Ersek - ovmf-20151104-1.gitb9ffeab.el7 +- rebase to upstream b9ffeab +- Resolves: bz#1207554 + ([AAVMF] AArch64: populate SMBIOS) +- Resolves: bz#1270279 + (AAVMF: output improvements) + +* Thu Jun 25 2015 Miroslav Rezanina - OVMF-20150414-2.gitc9e5618.el7 +- ovmf-OvmfPkg-PlatformPei-set-SMBIOS-entry-point-version-d.patch [bz#1232876] +- Resolves: bz#1232876 + (OVMF should install a version 2.8 SMBIOS entry point) + +* Sat Apr 18 2015 Laszlo Ersek - 20150414-1.gitc9e5618.el7 +- rebase from upstream 9ece15a to c9e5618 +- adapt .gitignore files +- update to openssl-0.9.8zf +- create Logo-OpenSSL.bmp rather than modifying Logo.bmp in-place +- update to FatPkg SVN r93 (git 8ff136aa) +- drop the following downstream-only patches (obviated by upstream + counterparts): + "tools_def.template: use forward slash with --add-gnu-debuglink (RHEL only)" + "tools_def.template: take GCC48 prefixes from environment (RHEL only)" + "OvmfPkg: set video resolution of text setup to 640x480 (RHEL only)" + "OvmfPkg: resolve OrderedCollectionLib with base red-black tree instance" + "OvmfPkg: AcpiPlatformDxe: actualize QemuLoader.h comments" + "OvmfPkg: AcpiPlatformDxe: remove current ACPI table loader" + "OvmfPkg: AcpiPlatformDxe: implement QEMU's full ACPI table loader interface" + "OvmfPkg: QemuVideoDxe: fix querying of QXL's drawable buffer size" + "OvmfPkg: disable stale fork of SecureBootConfigDxe" + "OvmfPkg: SecureBootConfigDxe: remove stale fork" + "Try to read key strike even when ..." + "OvmfPkg: BDS: remove dead call to PlatformBdsEnterFrontPage()" + "OvmfPkg: BDS: drop useless return statement" + "OvmfPkg: BDS: don't overwrite the BDS Front Page timeout" + "OvmfPkg: BDS: optimize second argument in PlatformBdsEnterFrontPage() call" + 'OvmfPkg: BDS: drop superfluous "connect first boot option" logic' + "OvmfPkg: BDS: drop custom boot timeout, revert to IntelFrameworkModulePkg's" + "Add comments to clarify mPubKeyStore buffer MemCopy. ..." + "MdeModulePkg/SecurityPkg Variable: Add boundary check..." + "OvmfPkg: AcpiPlatformDxe: make dependency on PCI enumeration explicit" + "MdePkg: UefiScsiLib: do not encode LUN in CDB for READ and WRITE" + "MdePkg: UefiScsiLib: do not encode LUN in CDB for other SCSI commands" +- merge downstream AAVMF patch "adapt packaging to Arm64", which forces us to + rename the main package from "OVMF" to "ovmf" +- drop the following ARM BDS specific tweaks (we'll only build the Intel BDS): + "ArmPlatformPkg/Bds: generate ESP Image boot option if user pref is unset + (Acadia)" + "ArmPlatformPkg/Bds: check for other defaults too if user pref is unset + (Acadia)" + "ArmPlatformPkg/ArmVirtualizationPkg: auto-detect boot path (Acadia)" + "ArmPlatformPkg/Bds: initialize ConIn/ConOut/ErrOut before connecting + terminals" + "ArmPlatformPkg/Bds: let FindCandidate() search all filesystems" + "ArmPlatformPkg/Bds: FindCandidateOnHandle(): log full device path" + "ArmPlatformPkg/Bds: fall back to Boot Menu when no default option was found" + "ArmPlatformPkg/Bds: always connect drivers before looking at boot options" +- drop patch "ArmPlatformPkg/ArmVirtualizationPkg: enable DEBUG_VERBOSE (Acadia + only)", obsoleted by fixed bug 1197141 +- tweak patch "write up build instructions (for interactive, local development) + (RHELSA)". The defaults in "BaseTools/Conf/target.template", ie. + ACTIVE_PLATFORM and TARGET_ARCH, are set for OVMF / X64. The AAVMF build + instructions now spell out the necessary override options (-p and -a, + respectively). +- extend patch "build FAT driver from source (RHELSA)" to the Xen build as well + (only for consistency; we don't build for Xen). +- drop the following downstream-only AAVMF patches, due to the 77d5dac -> + c9e5618 AAVMF rebase & join: + "redhat/process-rh-specific.sh: fix check for hunk-less filtered patches" + "redhat/process-rh-specific.sh: suppress missing files in final 'rm'" + "ArmVirtualizationQemu: build UEFI shell from source (Acadia only)" + "MdePkg: UefiScsiLib: do not encode LUN in CDB for READ and WRITE" + "MdePkg: UefiScsiLib: do not encode LUN in CDB for other SCSI commands" + "ArmVirtualizationPkg: work around cache incoherence on KVM affecting DTB" + "Changed build target to supp-rhel-7.1-candidate" + "ArmVirtualizationPkg: VirtFdtDxe: forward FwCfg addresses from DTB to PCDs" + "ArmVirtualizationPkg: introduce QemuFwCfgLib instance for DXE drivers" + "ArmVirtualizationPkg: clone PlatformIntelBdsLib from ArmPlatformPkg" + "ArmVirtualizationPkg: PlatformIntelBdsLib: add basic policy" + "OvmfPkg: extract QemuBootOrderLib" + "OvmfPkg: QemuBootOrderLib: featurize PCI-like device path translation" + "OvmfPkg: introduce VIRTIO_MMIO_TRANSPORT_GUID" + "ArmVirtualizationPkg: VirtFdtDxe: use dedicated VIRTIO_MMIO_TRANSPORT_GUID" + "OvmfPkg: QemuBootOrderLib: widen ParseUnitAddressHexList() to UINT64" + "OvmfPkg: QemuBootOrderLib: OFW-to-UEFI translation for virtio-mmio" + "ArmVirtualizationPkg: PlatformIntelBdsLib: adhere to QEMU's boot order" + "ArmVirtualizationPkg: identify "new shell" as builtin shell for Intel BDS" + "ArmVirtualizationPkg: Intel BDS: load EFI-stubbed Linux kernel from fw_cfg" + 'Revert "ArmVirtualizationPkg: work around cache incoherence on KVM affecting + DTB"' + "OvmfPkg: QemuBootOrderLib: expose QEMU's "-boot menu=on[, splash-time=N]"" + "OvmfPkg: PlatformBdsLib: get front page timeout from QEMU" + "ArmVirtualizationPkg: PlatformIntelBdsLib: get front page timeout from QEMU" + "ArmPkg: ArmArchTimerLib: clean up comments" + "ArmPkg: ArmArchTimerLib: use edk2-conformant (UINT64 * UINT32) / UINT32" + "ArmPkg: ArmArchTimerLib: conditionally rebase to actual timer frequency" + "ArmVirtualizationQemu: ask the hardware for the timer frequency" + "ArmPkg: DebugPeCoffExtraActionLib: debugger commands are not errors" + "ArmPlatformPkg: PEIM startup is not an error" + "ArmVirtualizationPkg: PlatformIntelBdsLib: lack of QEMU kernel is no error" + "ArmVirtualizationPkg: expose debug message bitmask on build command line" +- tweak patch "rebase to upstream 77d5dac (Acadia only)": update spec changelog + only +- tweak patch "spec: build AAVMF with the Intel BDS driver (RHELSA only)": + apply "-D INTEL_BDS" to manual build instructions in redhat/README too +- tweak patch "spec: build and install verbose and silent (default) AAVMF + binaries": apply DEBUG_PRINT_ERROR_LEVEL setting to interactive build + instructions in redhat/README too +- install OVMF whitepaper as part of the OVMF build's documentation +- Resolves: bz#1211337 + (merge AAVMF into OVMF) +- Resolves: bz#1206523 + ([AAVMF] fix missing cache maintenance) + +* Fri Mar 06 2015 Miroslav Rezanina - AAVMF-20141113-5.git77d5dac.el7_1 +- aavmf-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch [bz#1197141] +- aavmf-ArmPlatformPkg-PEIM-startup-is-not-an-error.patch [bz#1197141] +- aavmf-ArmVirtualizationPkg-PlatformIntelBdsLib-lack-of-QEM.patch [bz#1197141] +- aavmf-ArmVirtualizationPkg-expose-debug-message-bitmask-on.patch [bz#1197141] +- aavmf-spec-build-and-install-verbose-and-silent-default-AA.patch [bz#1197141] +- Resolves: bz#1197141 + (create silent & verbose builds) + +* Tue Feb 10 2015 Miroslav Rezanina - AAVMF-20141113-4.git77d5dac.el7 +- aavmf-ArmPkg-ArmArchTimerLib-clean-up-comments.patch [bz#1188247] +- aavmf-ArmPkg-ArmArchTimerLib-use-edk2-conformant-UINT64-UI.patch [bz#1188247] +- aavmf-ArmPkg-ArmArchTimerLib-conditionally-rebase-to-actua.patch [bz#1188247] +- aavmf-ArmVirtualizationQemu-ask-the-hardware-for-the-timer.patch [bz#1188247] +- aavmf-ArmPkg-TimerDxe-smack-down-spurious-timer-interrupt-.patch [bz#1188054] +- Resolves: bz#1188054 + (guest reboot (asked from within AAVMF) regressed in 3.19.0-0.rc5.58.aa7a host kernel) +- Resolves: bz#1188247 + (backport "fix gBS->Stall()" series) + +* Mon Jan 19 2015 Miroslav Rezanina - AAVMF-20141113-3.git77d5dac.el7 +- aavmf-OvmfPkg-QemuBootOrderLib-expose-QEMU-s-boot-menu-on-.patch [bz#1172756] +- aavmf-OvmfPkg-PlatformBdsLib-get-front-page-timeout-from-Q.patch [bz#1172756] +- aavmf-ArmVirtualizationPkg-PlatformIntelBdsLib-get-front-p.patch [bz#1172756] +- Resolves: bz#1172756 + ([RFE]Expose boot-menu shortcut to domain via AAVMF) + +* Wed Jan 14 2015 Miroslav Rezanina - AAVMF-20141113-2.git77d5dac.el7 +- aavmf-ArmVirtualizationPkg-VirtFdtDxe-forward-FwCfg-addres.patch [bz#1172749] +- aavmf-ArmVirtualizationPkg-introduce-QemuFwCfgLib-instance.patch [bz#1172749] +- aavmf-ArmVirtualizationPkg-clone-PlatformIntelBdsLib-from-.patch [bz#1172749] +- aavmf-ArmVirtualizationPkg-PlatformIntelBdsLib-add-basic-p.patch [bz#1172749] +- aavmf-OvmfPkg-extract-QemuBootOrderLib.patch [bz#1172749] +- aavmf-OvmfPkg-QemuBootOrderLib-featurize-PCI-like-device-p.patch [bz#1172749] +- aavmf-OvmfPkg-introduce-VIRTIO_MMIO_TRANSPORT_GUID.patch [bz#1172749] +- aavmf-ArmVirtualizationPkg-VirtFdtDxe-use-dedicated-VIRTIO.patch [bz#1172749] +- aavmf-OvmfPkg-QemuBootOrderLib-widen-ParseUnitAddressHexLi.patch [bz#1172749] +- aavmf-OvmfPkg-QemuBootOrderLib-OFW-to-UEFI-translation-for.patch [bz#1172749] +- aavmf-ArmVirtualizationPkg-PlatformIntelBdsLib-adhere-to-Q.patch [bz#1172749] +- aavmf-ArmVirtualizationPkg-identify-new-shell-as-builtin-s.patch [bz#1172749] +- aavmf-ArmVirtualizationPkg-Intel-BDS-load-EFI-stubbed-Linu.patch [bz#1172749] +- aavmf-spec-build-AAVMF-with-the-Intel-BDS-driver-RHELSA-on.patch [bz#1172749] +- aavmf-Revert-ArmVirtualizationPkg-work-around-cache-incohe.patch [bz#1172910] +- Resolves: bz#1172749 + (implement fw_cfg, boot order handling, and -kernel booting in ArmVirtualizationQemu) +- Resolves: bz#1172910 + (revert Acadia-only workaround (commit df7bca4e) once Acadia host kernel (KVM) is fixed) + +* Fri Dec 05 2014 Miroslav Rezanina - OVMF-20140822-7.git9ece15a.el7 +- ovmf-MdePkg-UefiScsiLib-do-not-encode-LUN-in-CDB-for-READ.patch [bz#1166971] +- ovmf-MdePkg-UefiScsiLib-do-not-encode-LUN-in-CDB-for-othe.patch [bz#1166971] +- Resolves: bz#1166971 + (virtio-scsi disks and cd-roms with nonzero LUN are rejected with errors) + +* Tue Nov 25 2014 Miroslav Rezanina - OVMF-20140822-6.git9ece15a.el7 +- ovmf-OvmfPkg-AcpiPlatformDxe-make-dependency-on-PCI-enume.patch [bz#1166027] +- Resolves: bz#1166027 + (backport "OvmfPkg: AcpiPlatformDxe: make dependency on PCI enumeration explicit") + +* Tue Nov 18 2014 Miroslav Rezanina - OVMF-20140822-4.git9ece15a.el7 +- ovmf-Add-comments-to-clarify-mPubKeyStore-buffer-MemCopy.patch [bz#1162314] +- ovmf-MdeModulePkg-SecurityPkg-Variable-Add-boundary-check.patch [bz#1162314] +- Resolves: bz#1162314 + (EMBARGOED OVMF: uefi: INTEL-TA-201410-001 && INTEL-TA-201410-002 [rhel-7.1]) + +* Thu Nov 13 2014 Laszlo Ersek - AAVMF-20141113-1.git77d5dac +- rebased to upstream 77d5dac + +- patch "ArmVirtualizationPkg: FdtPL011SerialPortLib: support UEFI_APPLICATION" + is now upstream (SVN r16219, git edb5073) + +* Thu Nov 13 2014 Miroslav Rezanina - OVMF-20140822-3.git9ece15a.el7 +- ovmf-Revert-OvmfPkg-set-video-resolution-of-text-setup-to.patch [bz#1153927] +- ovmf-Try-to-read-key-strike-even-when-the-TimeOuts-value-.patch [bz#1153927] +- ovmf-OvmfPkg-BDS-remove-dead-call-to-PlatformBdsEnterFron.patch [bz#1153927] +- ovmf-OvmfPkg-BDS-drop-useless-return-statement.patch [bz#1153927] +- ovmf-OvmfPkg-BDS-don-t-overwrite-the-BDS-Front-Page-timeo.patch [bz#1153927] +- ovmf-OvmfPkg-BDS-optimize-second-argument-in-PlatformBdsE.patch [bz#1153927] +- ovmf-OvmfPkg-BDS-drop-superfluous-connect-first-boot-opti.patch [bz#1153927] +- ovmf-OvmfPkg-BDS-drop-custom-boot-timeout-revert-to-Intel.patch [bz#1153927] +- ovmf-OvmfPkg-set-video-resolution-of-text-setup-to-640x48.patch [bz#1153927] +- Resolves: bz#1153927 + (set NEXTBOOT to uefi setting failed from Windows Recovery console) + +* Tue Nov 11 2014 Miroslav Rezanina - OVMF-20140822-2.git9ece15a +- ovmf-redhat-process-rh-specific.sh-suppress-missing-files.patch [bz#1145784] +- ovmf-Revert-RH-only-OvmfPkg-QemuVideoDxe-fix-querying-of-.patch [bz#1145784] +- ovmf-Revert-RH-only-OvmfPkg-AcpiPlatformDxe-implement-QEM.patch [bz#1145784] +- ovmf-Revert-RH-only-OvmfPkg-AcpiPlatformDxe-remove-curren.patch [bz#1145784] +- ovmf-Revert-RH-only-OvmfPkg-AcpiPlatformDxe-actualize-Qem.patch [bz#1145784] +- ovmf-Revert-RH-only-OvmfPkg-resolve-OrderedCollectionLib-.patch [bz#1145784] +- ovmf-OvmfPkg-QemuVideoDxe-work-around-misreported-QXL-fra.patch [bz#1145784] +- ovmf-OvmfPkg-resolve-OrderedCollectionLib-with-base-red-b.patch [bz#1145784] +- ovmf-OvmfPkg-AcpiPlatformDxe-actualize-QemuLoader.h-comme.patch [bz#1145784] +- ovmf-OvmfPkg-AcpiPlatformDxe-remove-current-ACPI-table-lo.patch [bz#1145784] +- ovmf-OvmfPkg-AcpiPlatformDxe-implement-QEMU-s-full-ACPI-t.patch [bz#1145784] +- ovmf-spec-build-small-bootable-ISO-with-standalone-UEFI-s.patch [bz#1147592] +- ovmf-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch [bz#1147592] +- ovmf-spec-exclude-the-UEFI-shell-from-the-SecureBoot-enab.patch [bz#1147592] +- ovmf-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch [bz#1148296] +- ovmf-spec-package-EnrollDefaultKeys.efi-on-UefiShell.iso-.patch [bz#1148296] +- ovmf-OvmfPkg-disable-stale-fork-of-SecureBootConfigDxe.patch [bz#1148294] +- ovmf-OvmfPkg-SecureBootConfigDxe-remove-stale-fork.patch [bz#1148294] +- Resolves: bz#1145784 + (OVMF sync with QXL and ACPI patches up to edk2 7a9612ce) +- Resolves: bz#1147592 + (the binary RPM should include a small ISO file with a directly bootable UEFI shell binary) +- Resolves: bz#1148294 + (drop OvmfPkg's stale fork of SecureBootConfigDxe) +- Resolves: bz#1148296 + (provide a non-interactive way to auto-enroll important SecureBoot certificates) + +* Wed Oct 15 2014 Laszlo Ersek - AAVMF-20141015-1.gitc373687 +- ported packaging to aarch64 / AAVMF + +* Fri Aug 22 2014 Laszlo Ersek - 20140822-1.git9ece15a.el7 +- rebase from upstream 3facc08 to 9ece15a +- update to openssl-0.9.8zb +- update to FatPkg SVN r86 (git 2355ea2c) +- the following patches of Paolo Bonzini have been merged in upstream; drop the + downstream-only copies: + 7bc1421 edksetup.sh: Look for BuildEnv under EDK_TOOLS_PATH + d549344 edksetup.sh: Ensure that WORKSPACE points to the top of an edk2 + checkout + 1c023eb BuildEnv: remove useless check before setting $WORKSPACE +- include the following patches that have been pending review on the upstream + list for a long time: + [PATCH 0/4] OvmfPkg: complete client for QEMU's ACPI loader interface + http://thread.gmane.org/gmane.comp.bios.tianocore.devel/8369 + [PATCH] OvmfPkg: QemuVideoDxe: fix querying of QXL's drawable buffer size + http://thread.gmane.org/gmane.comp.bios.tianocore.devel/8515 +- nasm is a build-time dependency now because upstream BuildTools has started + to call it directly + +* Wed Jul 23 2014 Laszlo Ersek - 20140723-1.git3facc08.el7 +- rebase from upstream a618eaa to 3facc08 +- update to openssl-0.9.8za +- drop downstream-only split varstore patch, rely on upstream's + +* Tue Jun 24 2014 Miroslav Rezanina - 20140619-1.gita618eaa.el7 +- Initial version