diff --git a/.abf.yml b/.abf.yml index 29be9e5..b8601c9 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,4 +1,5 @@ sources: - edk2-20171011-92d07e4.tar.xz: e6efa4211c88036f77a44914dcead69af7aed8d5 - openssl-1.1.0e-hobbled.tar.xz: 8c74b5fee6a05729f1ea9f178128cfdd5df5d88d - + edk2-stable202008.tar.gz: d3b9181e6c82895853036e7c326ad8ac6c2740cc + openssl-1.1.1g-hobbled.tar.xz: b55517bdc9aa61627a9896c1a3a156d5f6a4348f + qemu-ovmf-secureboot-20190521-gitf158f12.tar.xz: 217e3214f7e8383772e7961e714145cae7425259 + softfloat-20180726-gitb64af41.tar.xz: 17a07d9052891a86bbd0499ed9848b87312a3551 diff --git a/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch new file mode 100644 index 0000000..c806986 --- /dev/null +++ b/0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -0,0 +1,65 @@ +From 46e9cd5dd6cb731d33e79b22619b217ba1600e52 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 27 Jan 2016 03:05:18 +0100 +Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe + +NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE +level. + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +--- + OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- + OvmfPkg/OvmfPkgX64.dsc | 5 ++++- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 133a9a93c0..3ddc0c5edb 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -809,7 +809,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 338c38db29..aba4a6cc24 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -823,7 +823,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index b80710fbdc..99c0ba4465 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -819,7 +819,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch new file mode 100644 index 0000000..502a11a --- /dev/null +++ b/0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch @@ -0,0 +1,57 @@ +From f8f04bc629c0874a4e7a361a55053005f9196152 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 27 Jan 2016 03:05:18 +0100 +Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE core + +The DXE core logs a bunch of Properties Table and Memory Attributes Table +related information, on the EFI_D_VERBOSE level, that I am at the moment +not interested in. Suppress said output. + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +--- + OvmfPkg/OvmfPkgIa32.dsc | 2 ++ + OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ + OvmfPkg/OvmfPkgX64.dsc | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 3ddc0c5edb..146e429126 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -704,6 +704,8 @@ + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F + } + + MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index aba4a6cc24..cdf5abba99 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -718,6 +718,8 @@ + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F + } + + MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 99c0ba4465..7d59d768fa 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -714,6 +714,8 @@ + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F + } + + MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf diff --git a/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch new file mode 100644 index 0000000..def6e7a --- /dev/null +++ b/0003-OvmfPkg-enable-DEBUG_VERBOSE.patch @@ -0,0 +1,54 @@ +From 5b0813e1885c0234deafcb828f1747c766287c51 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Sun, 8 Jul 2012 14:26:07 +0200 +Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE + +Enable verbose debug logs. + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +--- + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 146e429126..fce6051e47 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -514,7 +514,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !if $(SOURCE_DEBUG_ENABLE) == TRUE + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index cdf5abba99..983eebfaa7 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -518,7 +518,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !if $(SOURCE_DEBUG_ENABLE) == TRUE + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 7d59d768fa..ea62b82ff7 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -518,7 +518,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !if $(SOURCE_DEBUG_ENABLE) == TRUE + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch new file mode 100644 index 0000000..8685bbe --- /dev/null +++ b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch @@ -0,0 +1,30 @@ +From 04d5e4e3e7c8444dbb52784a2d71cf284c9e05a0 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 20 Feb 2014 22:54:45 +0100 +Subject: [PATCH] OvmfPkg: increase max debug message length to 512 + +Upstream prefers short debug messages (sometimes even limited to 80 +characters), but any line length under 512 characters is just unsuitable +for effective debugging. (For example, config strings in HII routing, +logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE +level, can be several hundred characters long.) 512 is an empirically good +value. + +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c +index dffb20822d..0577c43c3d 100644 +--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c ++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c +@@ -21,7 +21,7 @@ + // + // Define the maximum debug and assert message length that this library supports + // +-#define MAX_DEBUG_MESSAGE_LENGTH 0x100 ++#define MAX_DEBUG_MESSAGE_LENGTH 0x200 + + // + // VA_LIST can not initialize to NULL for all compiler, so we use this to diff --git a/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch similarity index 98% rename from 0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch rename to 0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch index 413cc63..a922618 100644 --- a/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +++ b/0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch @@ -1,4 +1,4 @@ -From eee4229af92be4c5545590118b7b0fcfaf5982cc Mon Sep 17 00:00:00 2001 +From 0dfff83988439363624c5cbf5cf182e755307bf8 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 11 Jun 2014 23:33:33 +0200 Subject: [PATCH] advertise OpenSSL on TianoCore splash screen / boot logo @@ -72,11 +72,13 @@ Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - a new UNI (~description) file for the new driver INF file. - In the OVMF DSC and FDF files, we select the new driver INF for - inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they - both make use of OpenSSL (although different subsets of it). + inclusion if either SECURE_BOOT_ENABLE, NETWORK_IP6_ENABLE, or + TLS_ENABLE is set, as they all make use of OpenSSL (although + different subsets of it). - In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE, - because the ArmVirtQemu platform does not support TLS_ENABLE yet. + or NETWORK_IP6_ENABLE, because the ArmVirtQemu platform does not + support TLS_ENABLE yet. - This patch is best displayed with "git show --find-copies-harder". @@ -89,12 +91,13 @@ Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: Signed-off-by: Laszlo Ersek (cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b) +Signed-off-by: Paolo Bonzini --- ArmVirtPkg/ArmVirtQemu.dsc | 4 + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 4 + ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 + - MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 | 2743 ++++++++++++++++++++++++++++++++ - MdeModulePkg/Logo/Logo-OpenSSL.idf | 18 + + MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 | 2743 ++++++++++++++++++++++++ + MdeModulePkg/Logo/Logo-OpenSSL.idf | 15 + MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 61 + MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 22 + OvmfPkg/OvmfPkgIa32.dsc | 4 + @@ -103,21 +106,21 @@ Signed-off-by: Laszlo Ersek OvmfPkg/OvmfPkgIa32X64.fdf | 4 + OvmfPkg/OvmfPkgX64.dsc | 4 + OvmfPkg/OvmfPkgX64.fdf | 4 + - 13 files changed, 2880 insertions(+) + 13 files changed, 2877 insertions(+) create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 8a60b61..045333d 100644 +index 3f649c91d8..2405636af6 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -325,7 +325,11 @@ +@@ -424,7 +424,11 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -+!if $(SECURE_BOOT_ENABLE) == TRUE ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) + MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else MdeModulePkg/Logo/LogoDxe.inf @@ -126,14 +129,14 @@ index 8a60b61..045333d 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 744006d..8fc2cbc 100644 +index a2f4bd62c8..89b04cd7a4 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -190,7 +190,11 @@ READ_LOCK_STATUS = TRUE +@@ -193,7 +193,11 @@ READ_LOCK_STATUS = TRUE # # TianoCore logo (splash screen) # -+!if $(SECURE_BOOT_ENABLE) == TRUE ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else INF MdeModulePkg/Logo/LogoDxe.inf @@ -142,14 +145,14 @@ index 744006d..8fc2cbc 100644 # # Ramdisk support diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 9a31ec9..a221641 100644 +index 9449a01d6e..9fb79d30a1 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -316,7 +316,11 @@ +@@ -361,7 +361,11 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -+!if $(SECURE_BOOT_ENABLE) == TRUE ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) + MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else MdeModulePkg/Logo/LogoDxe.inf @@ -159,7 +162,7 @@ index 9a31ec9..a221641 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 b/MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 new file mode 100644 -index 0000000..567ca32 +index 0000000000..567ca32f05 --- /dev/null +++ b/MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 @@ -0,0 +1,2743 @@ @@ -2908,16 +2911,13 @@ index 0000000..567ca32 +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.idf b/MdeModulePkg/Logo/Logo-OpenSSL.idf new file mode 100644 -index 0000000..15de807 +index 0000000000..e527cff79b --- /dev/null +++ b/MdeModulePkg/Logo/Logo-OpenSSL.idf -@@ -0,0 +1,18 @@ +@@ -0,0 +1,15 @@ +// /** @file +// Platform Logo image definition file. +// -+// Console Platfrom DXE Driver that specifies whether device can be used as console -+// input/output device or error output device and update global variables accordingly. -+// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials @@ -2932,7 +2932,7 @@ index 0000000..15de807 +#image IMG_LOGO Logo-OpenSSL.bmp diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf new file mode 100644 -index 0000000..2f79d87 +index 0000000000..2f79d873e2 --- /dev/null +++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf @@ -0,0 +1,61 @@ @@ -2999,7 +2999,7 @@ index 0000000..2f79d87 + LogoDxeExtra.uni diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni new file mode 100644 -index 0000000..7227ac3 +index 0000000000..7227ac3910 --- /dev/null +++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni @@ -0,0 +1,22 @@ @@ -3026,14 +3026,14 @@ index 0000000..7227ac3 +#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." + diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 92e943d..8af11ff 100644 +index fce6051e47..2886c10b1b 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -644,7 +644,11 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf +@@ -755,7 +755,11 @@ + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else MdeModulePkg/Logo/LogoDxe.inf @@ -3042,14 +3042,14 @@ index 92e943d..8af11ff 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 7515224..a967904 100644 +index 2b9a6b5801..6e1e7f5f44 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -290,7 +290,11 @@ INF ShellPkg/Application/Shell/Shell.inf - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf +@@ -297,7 +297,11 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else INF MdeModulePkg/Logo/LogoDxe.inf @@ -3058,14 +3058,14 @@ index 7515224..a967904 100644 # # Network modules diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 7f9220c..9e09a50 100644 +index 983eebfaa7..5a9e9a707a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -653,7 +653,11 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf +@@ -769,7 +769,11 @@ + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else MdeModulePkg/Logo/LogoDxe.inf @@ -3074,14 +3074,14 @@ index 7f9220c..9e09a50 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index f1a2044..f5a1d86 100644 +index 83ff6aef2e..1fab3d5014 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -291,7 +291,11 @@ INF ShellPkg/Application/Shell/Shell.inf - INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf +@@ -298,7 +298,11 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else INF MdeModulePkg/Logo/LogoDxe.inf @@ -3090,14 +3090,14 @@ index f1a2044..f5a1d86 100644 # # Network modules diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 36c60fc..a31dbf1 100644 +index ea62b82ff7..70c2c3e3b9 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -651,7 +651,11 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf +@@ -765,7 +765,11 @@ + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else MdeModulePkg/Logo/LogoDxe.inf @@ -3106,14 +3106,14 @@ index 36c60fc..a31dbf1 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 32000a3..0bba313 100644 +index 8da59037e5..6dc48977a0 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -291,7 +291,11 @@ INF ShellPkg/Application/Shell/Shell.inf - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf +@@ -307,7 +307,11 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) ++!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf +!else INF MdeModulePkg/Logo/LogoDxe.inf @@ -3121,6 +3121,3 @@ index 32000a3..0bba313 100644 # # Network modules --- -2.14.3 - diff --git a/0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch new file mode 100644 index 0000000..7173be1 --- /dev/null +++ b/0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch @@ -0,0 +1,540 @@ +From 31dcc494a7c3ce1bbb1d35b42ba3b6359ca971cf Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 12 Jun 2014 00:17:59 +0200 +Subject: [PATCH] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim + +The Int10h VBE Shim is capable of emitting short debug messages when the +win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet +version is preferred; for us debug messages are important as a default. + +For this patch, the DEBUG macro is enabled in the assembly file, and then +the header file is regenerated from the assembly, by running +"OvmfPkg/QemuVideoDxe/VbeShim.sh". + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Signed-off-by: Laszlo Ersek +(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f) +(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2) +Signed-off-by: Paolo Bonzini +--- + OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +- + OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++----------- + 2 files changed, 308 insertions(+), 175 deletions(-) + +diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm +index 1d284b2641..0d5cfaf1e4 100644 +--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm ++++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm +@@ -12,7 +12,7 @@ + ;------------------------------------------------------------------------------ + + ; enable this macro for debug messages +-;%define DEBUG ++%define DEBUG + + %macro DebugLog 1 + %ifdef DEBUG +diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h +index cc9b6e14cd..325d6478a1 100644 +--- a/OvmfPkg/QemuVideoDxe/VbeShim.h ++++ b/OvmfPkg/QemuVideoDxe/VbeShim.h +@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = { + /* 000001FE nop */ 0x90, + /* 000001FF nop */ 0x90, + /* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F, +- /* 00000203 jz 0x22d */ 0x74, 0x28, ++ /* 00000203 jz 0x235 */ 0x74, 0x30, + /* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F, +- /* 00000208 jz 0x245 */ 0x74, 0x3B, ++ /* 00000208 jz 0x255 */ 0x74, 0x4B, + /* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F, +- /* 0000020D jz 0x269 */ 0x74, 0x5A, ++ /* 0000020D jz 0x289 */ 0x74, 0x7A, + /* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F, +- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01, ++ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01, + /* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F, +- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01, ++ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01, + /* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F, +- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01, ++ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01, + /* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00, +- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01, +- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE, +- /* 0000022D push es */ 0x06, +- /* 0000022E push di */ 0x57, +- /* 0000022F push ds */ 0x1E, +- /* 00000230 push si */ 0x56, +- /* 00000231 push cx */ 0x51, +- /* 00000232 push cs */ 0x0E, +- /* 00000233 pop ds */ 0x1F, +- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00, +- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01, +- /* 0000023A cld */ 0xFC, +- /* 0000023B rep movsb */ 0xF3, 0xA4, +- /* 0000023D pop cx */ 0x59, +- /* 0000023E pop si */ 0x5E, +- /* 0000023F pop ds */ 0x1F, +- /* 00000240 pop di */ 0x5F, +- /* 00000241 pop es */ 0x07, +- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01, +- /* 00000245 push es */ 0x06, +- /* 00000246 push di */ 0x57, +- /* 00000247 push ds */ 0x1E, +- /* 00000248 push si */ 0x56, +- /* 00000249 push cx */ 0x51, +- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, +- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, +- /* 00000252 jz 0x256 */ 0x74, 0x02, +- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5, +- /* 00000256 push cs */ 0x0E, +- /* 00000257 pop ds */ 0x1F, +- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01, +- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01, +- /* 0000025E cld */ 0xFC, +- /* 0000025F rep movsb */ 0xF3, 0xA4, +- /* 00000261 pop cx */ 0x59, +- /* 00000262 pop si */ 0x5E, +- /* 00000263 pop ds */ 0x1F, +- /* 00000264 pop di */ 0x5F, +- /* 00000265 pop es */ 0x07, +- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00, +- /* 00000269 push dx */ 0x52, +- /* 0000026A push ax */ 0x50, +- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, +- /* 0000026F jz 0x273 */ 0x74, 0x02, +- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8, +- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, +- /* 00000276 mov al,0x20 */ 0xB0, 0x20, +- /* 00000278 out dx,al */ 0xEE, +- /* 00000279 push dx */ 0x52, +- /* 0000027A push ax */ 0x50, +- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00, +- /* 00000281 out dx,ax */ 0xEF, +- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 00000288 out dx,ax */ 0xEF, +- /* 00000289 pop ax */ 0x58, +- /* 0000028A pop dx */ 0x5A, +- /* 0000028B push dx */ 0x52, +- /* 0000028C push ax */ 0x50, +- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00, +- /* 00000293 out dx,ax */ 0xEF, +- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 0000029A out dx,ax */ 0xEF, +- /* 0000029B pop ax */ 0x58, +- /* 0000029C pop dx */ 0x5A, +- /* 0000029D push dx */ 0x52, +- /* 0000029E push ax */ 0x50, +- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00, +- /* 000002A5 out dx,ax */ 0xEF, +- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 000002AC out dx,ax */ 0xEF, +- /* 000002AD pop ax */ 0x58, +- /* 000002AE pop dx */ 0x5A, +- /* 000002AF push dx */ 0x52, +- /* 000002B0 push ax */ 0x50, +- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00, +- /* 000002B7 out dx,ax */ 0xEF, +- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 000002BE out dx,ax */ 0xEF, +- /* 000002BF pop ax */ 0x58, +- /* 000002C0 pop dx */ 0x5A, +- /* 000002C1 push dx */ 0x52, +- /* 000002C2 push ax */ 0x50, +- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00, +- /* 000002C9 out dx,ax */ 0xEF, +- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00, +- /* 000002D0 out dx,ax */ 0xEF, +- /* 000002D1 pop ax */ 0x58, +- /* 000002D2 pop dx */ 0x5A, +- /* 000002D3 push dx */ 0x52, +- /* 000002D4 push ax */ 0x50, +- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00, +- /* 000002DB out dx,ax */ 0xEF, +- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04, +- /* 000002E2 out dx,ax */ 0xEF, +- /* 000002E3 pop ax */ 0x58, +- /* 000002E4 pop dx */ 0x5A, +- /* 000002E5 push dx */ 0x52, +- /* 000002E6 push ax */ 0x50, +- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00, +- /* 000002ED out dx,ax */ 0xEF, +- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04, +- /* 000002F4 out dx,ax */ 0xEF, +- /* 000002F5 pop ax */ 0x58, +- /* 000002F6 pop dx */ 0x5A, +- /* 000002F7 push dx */ 0x52, +- /* 000002F8 push ax */ 0x50, +- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00, +- /* 000002FF out dx,ax */ 0xEF, +- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03, +- /* 00000306 out dx,ax */ 0xEF, +- /* 00000307 pop ax */ 0x58, +- /* 00000308 pop dx */ 0x5A, +- /* 00000309 push dx */ 0x52, +- /* 0000030A push ax */ 0x50, +- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00, +- /* 00000311 out dx,ax */ 0xEF, +- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03, +- /* 00000318 out dx,ax */ 0xEF, +- /* 00000319 pop ax */ 0x58, +- /* 0000031A pop dx */ 0x5A, +- /* 0000031B push dx */ 0x52, +- /* 0000031C push ax */ 0x50, +- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00, +- /* 00000323 out dx,ax */ 0xEF, +- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00, +- /* 0000032A out dx,ax */ 0xEF, +- /* 0000032B pop ax */ 0x58, +- /* 0000032C pop dx */ 0x5A, +- /* 0000032D pop ax */ 0x58, +- /* 0000032E pop dx */ 0x5A, +- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B, +- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, +- /* 00000334 jmp short 0x34c */ 0xEB, 0x16, +- /* 00000336 jmp short 0x350 */ 0xEB, 0x18, +- /* 00000338 jmp short 0x350 */ 0xEB, 0x16, +- /* 0000033A cmp al,0x3 */ 0x3C, 0x03, +- /* 0000033C jz 0x345 */ 0x74, 0x07, +- /* 0000033E cmp al,0x12 */ 0x3C, 0x12, +- /* 00000340 jz 0x349 */ 0x74, 0x07, +- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE, +- /* 00000345 mov al,0x30 */ 0xB0, 0x30, +- /* 00000347 jmp short 0x34b */ 0xEB, 0x02, +- /* 00000349 mov al,0x20 */ 0xB0, 0x20, +- /* 0000034B iretw */ 0xCF, +- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00, +- /* 0000034F iretw */ 0xCF, +- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01, +- /* 00000353 iretw */ 0xCF, ++ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01, ++ /* 0000022B push si */ 0x56, ++ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03, ++ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01, ++ /* 00000232 pop si */ 0x5E, ++ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE, ++ /* 00000235 push es */ 0x06, ++ /* 00000236 push di */ 0x57, ++ /* 00000237 push ds */ 0x1E, ++ /* 00000238 push si */ 0x56, ++ /* 00000239 push cx */ 0x51, ++ /* 0000023A push si */ 0x56, ++ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03, ++ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01, ++ /* 00000241 pop si */ 0x5E, ++ /* 00000242 push cs */ 0x0E, ++ /* 00000243 pop ds */ 0x1F, ++ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00, ++ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01, ++ /* 0000024A cld */ 0xFC, ++ /* 0000024B rep movsb */ 0xF3, 0xA4, ++ /* 0000024D pop cx */ 0x59, ++ /* 0000024E pop si */ 0x5E, ++ /* 0000024F pop ds */ 0x1F, ++ /* 00000250 pop di */ 0x5F, ++ /* 00000251 pop es */ 0x07, ++ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01, ++ /* 00000255 push es */ 0x06, ++ /* 00000256 push di */ 0x57, ++ /* 00000257 push ds */ 0x1E, ++ /* 00000258 push si */ 0x56, ++ /* 00000259 push cx */ 0x51, ++ /* 0000025A push si */ 0x56, ++ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04, ++ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01, ++ /* 00000261 pop si */ 0x5E, ++ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, ++ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, ++ /* 0000026A jz 0x276 */ 0x74, 0x0A, ++ /* 0000026C push si */ 0x56, ++ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01, ++ /* 00000273 pop si */ 0x5E, ++ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD, ++ /* 00000276 push cs */ 0x0E, ++ /* 00000277 pop ds */ 0x1F, ++ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01, ++ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01, ++ /* 0000027E cld */ 0xFC, ++ /* 0000027F rep movsb */ 0xF3, 0xA4, ++ /* 00000281 pop cx */ 0x59, ++ /* 00000282 pop si */ 0x5E, ++ /* 00000283 pop ds */ 0x1F, ++ /* 00000284 pop di */ 0x5F, ++ /* 00000285 pop es */ 0x07, ++ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01, ++ /* 00000289 push dx */ 0x52, ++ /* 0000028A push ax */ 0x50, ++ /* 0000028B push si */ 0x56, ++ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04, ++ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01, ++ /* 00000292 pop si */ 0x5E, ++ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, ++ /* 00000297 jz 0x2a3 */ 0x74, 0x0A, ++ /* 00000299 push si */ 0x56, ++ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01, ++ /* 000002A0 pop si */ 0x5E, ++ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90, ++ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, ++ /* 000002A6 mov al,0x20 */ 0xB0, 0x20, ++ /* 000002A8 out dx,al */ 0xEE, ++ /* 000002A9 push dx */ 0x52, ++ /* 000002AA push ax */ 0x50, ++ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00, ++ /* 000002B1 out dx,ax */ 0xEF, ++ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002B8 out dx,ax */ 0xEF, ++ /* 000002B9 pop ax */ 0x58, ++ /* 000002BA pop dx */ 0x5A, ++ /* 000002BB push dx */ 0x52, ++ /* 000002BC push ax */ 0x50, ++ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00, ++ /* 000002C3 out dx,ax */ 0xEF, ++ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002CA out dx,ax */ 0xEF, ++ /* 000002CB pop ax */ 0x58, ++ /* 000002CC pop dx */ 0x5A, ++ /* 000002CD push dx */ 0x52, ++ /* 000002CE push ax */ 0x50, ++ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00, ++ /* 000002D5 out dx,ax */ 0xEF, ++ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002DC out dx,ax */ 0xEF, ++ /* 000002DD pop ax */ 0x58, ++ /* 000002DE pop dx */ 0x5A, ++ /* 000002DF push dx */ 0x52, ++ /* 000002E0 push ax */ 0x50, ++ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00, ++ /* 000002E7 out dx,ax */ 0xEF, ++ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002EE out dx,ax */ 0xEF, ++ /* 000002EF pop ax */ 0x58, ++ /* 000002F0 pop dx */ 0x5A, ++ /* 000002F1 push dx */ 0x52, ++ /* 000002F2 push ax */ 0x50, ++ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00, ++ /* 000002F9 out dx,ax */ 0xEF, ++ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00, ++ /* 00000300 out dx,ax */ 0xEF, ++ /* 00000301 pop ax */ 0x58, ++ /* 00000302 pop dx */ 0x5A, ++ /* 00000303 push dx */ 0x52, ++ /* 00000304 push ax */ 0x50, ++ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00, ++ /* 0000030B out dx,ax */ 0xEF, ++ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04, ++ /* 00000312 out dx,ax */ 0xEF, ++ /* 00000313 pop ax */ 0x58, ++ /* 00000314 pop dx */ 0x5A, ++ /* 00000315 push dx */ 0x52, ++ /* 00000316 push ax */ 0x50, ++ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00, ++ /* 0000031D out dx,ax */ 0xEF, ++ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04, ++ /* 00000324 out dx,ax */ 0xEF, ++ /* 00000325 pop ax */ 0x58, ++ /* 00000326 pop dx */ 0x5A, ++ /* 00000327 push dx */ 0x52, ++ /* 00000328 push ax */ 0x50, ++ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00, ++ /* 0000032F out dx,ax */ 0xEF, ++ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03, ++ /* 00000336 out dx,ax */ 0xEF, ++ /* 00000337 pop ax */ 0x58, ++ /* 00000338 pop dx */ 0x5A, ++ /* 00000339 push dx */ 0x52, ++ /* 0000033A push ax */ 0x50, ++ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00, ++ /* 00000341 out dx,ax */ 0xEF, ++ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03, ++ /* 00000348 out dx,ax */ 0xEF, ++ /* 00000349 pop ax */ 0x58, ++ /* 0000034A pop dx */ 0x5A, ++ /* 0000034B push dx */ 0x52, ++ /* 0000034C push ax */ 0x50, ++ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00, ++ /* 00000353 out dx,ax */ 0xEF, ++ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00, ++ /* 0000035A out dx,ax */ 0xEF, ++ /* 0000035B pop ax */ 0x58, ++ /* 0000035C pop dx */ 0x5A, ++ /* 0000035D pop ax */ 0x58, ++ /* 0000035E pop dx */ 0x5A, ++ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B, ++ /* 00000361 push si */ 0x56, ++ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04, ++ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00, ++ /* 00000368 pop si */ 0x5E, ++ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, ++ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E, ++ /* 0000036E push si */ 0x56, ++ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04, ++ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00, ++ /* 00000375 pop si */ 0x5E, ++ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40, ++ /* 00000378 push si */ 0x56, ++ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04, ++ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00, ++ /* 0000037F pop si */ 0x5E, ++ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36, ++ /* 00000382 push si */ 0x56, ++ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04, ++ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00, ++ /* 00000389 pop si */ 0x5E, ++ /* 0000038A cmp al,0x3 */ 0x3C, 0x03, ++ /* 0000038C jz 0x39d */ 0x74, 0x0F, ++ /* 0000038E cmp al,0x12 */ 0x3C, 0x12, ++ /* 00000390 jz 0x3a1 */ 0x74, 0x0F, ++ /* 00000392 push si */ 0x56, ++ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00, ++ /* 00000399 pop si */ 0x5E, ++ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE, ++ /* 0000039D mov al,0x30 */ 0xB0, 0x30, ++ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02, ++ /* 000003A1 mov al,0x20 */ 0xB0, 0x20, ++ /* 000003A3 push si */ 0x56, ++ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03, ++ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00, ++ /* 000003AA pop si */ 0x5E, ++ /* 000003AB iretw */ 0xCF, ++ /* 000003AC push si */ 0x56, ++ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03, ++ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00, ++ /* 000003B3 pop si */ 0x5E, ++ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00, ++ /* 000003B7 iretw */ 0xCF, ++ /* 000003B8 push si */ 0x56, ++ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03, ++ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00, ++ /* 000003BF pop si */ 0x5E, ++ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01, ++ /* 000003C3 iretw */ 0xCF, ++ /* 000003C4 pushaw */ 0x60, ++ /* 000003C5 push ds */ 0x1E, ++ /* 000003C6 push cs */ 0x0E, ++ /* 000003C7 pop ds */ 0x1F, ++ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04, ++ /* 000003CB lodsb */ 0xAC, ++ /* 000003CC cmp al,0x0 */ 0x3C, 0x00, ++ /* 000003CE jz 0x3d3 */ 0x74, 0x03, ++ /* 000003D0 out dx,al */ 0xEE, ++ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8, ++ /* 000003D3 pop ds */ 0x1F, ++ /* 000003D4 popaw */ 0x61, ++ /* 000003D5 ret */ 0xC3, ++ /* 000003D6 inc bp */ 0x45, ++ /* 000003D7 js 0x442 */ 0x78, 0x69, ++ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A, ++ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E, ++ /* 000003DE jnc 0x455 */ 0x73, 0x75, ++ /* 000003E0 jo 0x452 */ 0x70, 0x70, ++ /* 000003E2 outsw */ 0x6F, ++ /* 000003E3 jc 0x459 */ 0x72, 0x74, ++ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00, ++ /* 000003E9 push bp */ 0x55, ++ /* 000003EA outsb */ 0x6E, ++ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77, ++ /* 000003EF outsb */ 0x6E, ++ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75, ++ /* 000003F3 outsb */ 0x6E, ++ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69, ++ /* 000003F7 outsw */ 0x6F, ++ /* 000003F8 outsb */ 0x6E, ++ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00, ++ /* 000003FB inc di */ 0x47, ++ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49, ++ /* 000003FF outsb */ 0x6E, ++ /* 00000400 outsd */ 0x66, 0x6F, ++ /* 00000402 or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000404 inc di */ 0x47, ++ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D, ++ /* 00000408 outsw */ 0x6F, ++ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49, ++ /* 0000040C outsb */ 0x6E, ++ /* 0000040D outsd */ 0x66, 0x6F, ++ /* 0000040F or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000411 inc di */ 0x47, ++ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D, ++ /* 00000415 outsw */ 0x6F, ++ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 0000041A push bx */ 0x53, ++ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D, ++ /* 0000041E outsw */ 0x6F, ++ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 00000423 push bx */ 0x53, ++ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D, ++ /* 00000427 outsw */ 0x6F, ++ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C, ++ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61, ++ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A, ++ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E, ++ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E, ++ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F, ++ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 0000043F inc di */ 0x47, ++ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50, ++ /* 00000443 insw */ 0x6D, ++ /* 00000444 inc bx */ 0x43, ++ /* 00000445 popaw */ 0x61, ++ /* 00000446 jo 0x4a9 */ 0x70, 0x61, ++ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C, ++ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73, ++ /* 00000450 or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000452 push dx */ 0x52, ++ /* 00000453 gs popaw */ 0x65, 0x61, ++ /* 00000455 fs inc bp */ 0x64, 0x45, ++ /* 00000457 fs */ 0x64, ++ /* 00000458 db 0x69 */ 0x69, ++ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00, + }; + #endif diff --git a/0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch b/0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch new file mode 100644 index 0000000..b40f0a5 --- /dev/null +++ b/0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch @@ -0,0 +1,129 @@ +From 3b413c99f3a5087710f4932b4ba61c2646ae84b9 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 25 Feb 2014 18:40:35 +0100 +Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions + +When the console output is multiplexed to several devices by +ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes +supported by all console output devices. + +Two notable output devices are provided by: +(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe, +(2) MdeModulePkg/Universal/Console/TerminalDxe. + +GraphicsConsoleDxe supports four modes at most -- see +InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData": + +(1a) 80x25 (required by the UEFI spec as mode 0), +(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec + requires the driver to provide it as mode 1), +(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI + spec requires from all plug-in graphics devices), +(1d) "full screen" resolution, derived form the underlying GOP's + horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH + (8) and EFI_GLYPH_HEIGHT (19), respectively. + +The automatic "full screen resolution" makes GraphicsConsoleDxe's +character console very flexible. However, TerminalDxe (which runs on +serial ports) only provides the following fixed resolutions -- see +InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData": + +(2a) 80x25 (required by the UEFI spec as mode 0), +(2b) 80x50 (since the character resolution of a serial device cannot be + interrogated easily, this is added unconditionally as mode 1), +(2c) 100x31 (since the character resolution of a serial device cannot be + interrogated easily, this is added unconditionally as mode 2). + +When ConSplitterDxe combines (1) and (2), multiplexing console output to +both video output and serial terminal, the list of commonly supported text +modes (ie. the "intersection") comprises: + +(3a) 80x25, unconditionally, from (1a) and (2a), +(3b) 80x50, if the graphics console provides at least 640x950 pixel + resolution, from (1b) and (2b) +(3c) 100x31, if the graphics device is a plug-in one (because in that case + 800x600 is a mandated pixel resolution), from (1c) and (2c). + +Unfortunately, the "full screen resolution" (1d) of the GOP-based text +console is not available in general. + +Mitigate this problem by extending "mTerminalConsoleModeData" with a +handful of text resolutions that are derived from widespread maximal pixel +resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out +the most frequent (1d) values from the intersection, and eg. the MODE +command in the UEFI shell will offer the "best" (ie. full screen) +resolution too. + +Upstream status: three calendar months (with on-and-off discussion and +patches) have not been enough to find a solution to this problem that +would please all stakeholders. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- adapt commit 0bc77c63de03 (code and commit message) to upstream commit + 390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine + InitializeTerminalConsoleTextMode", 2017-01-10). + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e) +Signed-off-by: Paolo Bonzini +--- + .../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++-- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +index a98b690c8b..ded5513c74 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +@@ -115,9 +115,44 @@ TERMINAL_DEV mTerminalDevTemplate = { + }; + + TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = { +- {80, 25}, +- {80, 50}, +- {100, 31}, ++ { 80, 25 }, // from graphics resolution 640 x 480 ++ { 80, 50 }, // from graphics resolution 640 x 960 ++ { 100, 25 }, // from graphics resolution 800 x 480 ++ { 100, 31 }, // from graphics resolution 800 x 600 ++ { 104, 32 }, // from graphics resolution 832 x 624 ++ { 120, 33 }, // from graphics resolution 960 x 640 ++ { 128, 31 }, // from graphics resolution 1024 x 600 ++ { 128, 40 }, // from graphics resolution 1024 x 768 ++ { 144, 45 }, // from graphics resolution 1152 x 864 ++ { 144, 45 }, // from graphics resolution 1152 x 870 ++ { 160, 37 }, // from graphics resolution 1280 x 720 ++ { 160, 40 }, // from graphics resolution 1280 x 760 ++ { 160, 40 }, // from graphics resolution 1280 x 768 ++ { 160, 42 }, // from graphics resolution 1280 x 800 ++ { 160, 50 }, // from graphics resolution 1280 x 960 ++ { 160, 53 }, // from graphics resolution 1280 x 1024 ++ { 170, 40 }, // from graphics resolution 1360 x 768 ++ { 170, 40 }, // from graphics resolution 1366 x 768 ++ { 175, 55 }, // from graphics resolution 1400 x 1050 ++ { 180, 47 }, // from graphics resolution 1440 x 900 ++ { 200, 47 }, // from graphics resolution 1600 x 900 ++ { 200, 63 }, // from graphics resolution 1600 x 1200 ++ { 210, 55 }, // from graphics resolution 1680 x 1050 ++ { 240, 56 }, // from graphics resolution 1920 x 1080 ++ { 240, 63 }, // from graphics resolution 1920 x 1200 ++ { 240, 75 }, // from graphics resolution 1920 x 1440 ++ { 250, 105 }, // from graphics resolution 2000 x 2000 ++ { 256, 80 }, // from graphics resolution 2048 x 1536 ++ { 256, 107 }, // from graphics resolution 2048 x 2048 ++ { 320, 75 }, // from graphics resolution 2560 x 1440 ++ { 320, 84 }, // from graphics resolution 2560 x 1600 ++ { 320, 107 }, // from graphics resolution 2560 x 2048 ++ { 350, 110 }, // from graphics resolution 2800 x 2100 ++ { 400, 126 }, // from graphics resolution 3200 x 2400 ++ { 480, 113 }, // from graphics resolution 3840 x 2160 ++ { 512, 113 }, // from graphics resolution 4096 x 2160 ++ { 960, 227 }, // from graphics resolution 7680 x 4320 ++ { 1024, 227 }, // from graphics resolution 8192 x 4320 + // + // New modes can be added here. + // diff --git a/0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch new file mode 100644 index 0000000..78bf511 --- /dev/null +++ b/0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -0,0 +1,128 @@ +From 50b53194f7caea602e04df663358617c280f299c Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 25 Feb 2014 22:40:01 +0100 +Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode + change (RH only) + +The + + CSI Ps ; Ps ; Ps t + +escape sequence serves for window manipulation. We can use the + + CSI 8 ; ; t + +sequence to adapt eg. the xterm window size to the selected console mode. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- refresh commit 519b9751573e against various context changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec" + context change from upstream commits e043f7895b83 ("MdeModulePkg: Add + PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2 + ("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03). + +Reference: +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444) +Signed-off-by: Paolo Bonzini +--- + MdeModulePkg/MdeModulePkg.dec | 4 +++ + .../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++ + .../Console/TerminalDxe/TerminalDxe.inf | 2 ++ + 3 files changed, 36 insertions(+) + +diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec +index cb30a79758..e562bed57e 100644 +--- a/MdeModulePkg/MdeModulePkg.dec ++++ b/MdeModulePkg/MdeModulePkg.dec +@@ -2013,6 +2013,10 @@ + # @Prompt Enable StatusCode via memory. + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE|BOOLEAN|0x00010023 + ++ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal ++ # mode change. ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080 ++ + [PcdsPatchableInModule] + ## Specify memory size with page number for PEI code when + # Loading Module at Fixed Address feature is enabled. +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +index aae470e956..26156857aa 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ + ++#include ++ + #include "Terminal.h" + + // +@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0 + CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 }; + CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 }; + ++// ++// Note that this is an ASCII format string, taking two INT32 arguments: ++// rows, columns. ++// ++// A %d (INT32) format specification can expand to at most 11 characters. ++// ++CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt"; ++#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2)) ++ ++ + // + // Body of the ConOut functions + // +@@ -506,6 +518,24 @@ TerminalConOutSetMode ( + return EFI_DEVICE_ERROR; + } + ++ if (PcdGetBool (PcdResizeXterm)) { ++ CHAR16 ResizeSequence[RESIZE_SEQ_SIZE]; ++ ++ UnicodeSPrintAsciiFormat ( ++ ResizeSequence, ++ sizeof ResizeSequence, ++ mResizeTextAreaFormatString, ++ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows, ++ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns ++ ); ++ TerminalDevice->OutputEscChar = TRUE; ++ Status = This->OutputString (This, ResizeSequence); ++ TerminalDevice->OutputEscChar = FALSE; ++ if (EFI_ERROR (Status)) { ++ return EFI_DEVICE_ERROR; ++ } ++ } ++ + This->Mode->Mode = (INT32) ModeNumber; + + Status = This->ClearScreen (This); +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +index b2a8aeba85..eff6253465 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +@@ -55,6 +55,7 @@ + DebugLib + PcdLib + BaseLib ++ PrintLib + + [Guids] + ## SOMETIMES_PRODUCES ## Variable:L"ConInDev" +@@ -87,6 +88,7 @@ + [Pcd] + gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## CONSUMES + + # [Event] + # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout. diff --git a/0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch new file mode 100644 index 0000000..591a4e3 --- /dev/null +++ b/0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -0,0 +1,90 @@ +From 0616c1d69ef552bd35700992fae37263ddd8c4ce Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 15:59:06 +0200 +Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH + only) + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- refresh downstream-only commit 8abc2a6ddad2 against context differences + in the DSC files from upstream commit 5e167d7e784c + ("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if + SMM_REQUIRE", 2017-03-12). + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721) +(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d) +Signed-off-by: Paolo Bonzini +--- + OvmfPkg/OvmfPkgIa32.dsc | 1 + + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + + OvmfPkg/OvmfPkgX64.dsc | 1 + + OvmfPkg/PlatformPei/Platform.c | 1 + + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 2886c10b1b..b974740e2f 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -577,6 +577,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 + !endif ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800 + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 5a9e9a707a..65a8c6764c 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -586,6 +586,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800 + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600 ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0 +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 70c2c3e3b9..72bc289f26 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -582,6 +582,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 + !endif + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800 + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600 + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE +diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c +index 96468701e3..14efbabe39 100644 +--- a/OvmfPkg/PlatformPei/Platform.c ++++ b/OvmfPkg/PlatformPei/Platform.c +@@ -748,6 +748,7 @@ InitializePlatform ( + MemTypeInfoInitialization (); + MemMapInitialization (); + NoexecDxeInitialization (); ++ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); + } + + InstallClearCacheCallback (); +diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf +index c53be2f492..e5744ed818 100644 +--- a/OvmfPkg/PlatformPei/PlatformPei.inf ++++ b/OvmfPkg/PlatformPei/PlatformPei.inf +@@ -97,6 +97,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack diff --git a/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch new file mode 100644 index 0000000..6843988 --- /dev/null +++ b/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -0,0 +1,196 @@ +From 4de2ee915d9f3eea6d32cd010ab856ac176f3983 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Sun, 26 Jul 2015 08:02:50 +0000 +Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line + (RH only) + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such + setter functions for dynamic PCDs that don't return a status code (such + as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds -- + there's really no circumstance in this case when it could fail. + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- Refresh downstream-only commit d4564d39dfdb against context changes in + "ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870 + ("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable + override", 2017-03-29). + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262) +Signed-off-by: Paolo Bonzini +--- + ArmVirtPkg/ArmVirtQemu.dsc | 6 +- + .../TerminalPcdProducerLib.c | 87 +++++++++++++++++++ + .../TerminalPcdProducerLib.inf | 41 +++++++++ + 3 files changed, 133 insertions(+), 1 deletion(-) + create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c + create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 2405636af6..24c6ea2e64 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -249,6 +249,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600 + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640 + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|480 ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + + # + # SMBIOS entry point version +@@ -374,7 +375,10 @@ + MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf + MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf + MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf +- MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf ++ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf { ++ ++ NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf ++ } + MdeModulePkg/Universal/SerialDxe/SerialDxe.inf + + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c +new file mode 100644 +index 0000000000..814ad48199 +--- /dev/null ++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c +@@ -0,0 +1,87 @@ ++/** @file ++* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg ++* ++* Copyright (C) 2015-2016, Red Hat, Inc. ++* Copyright (c) 2014, Linaro Ltd. All rights reserved.
++* ++* This program and the accompanying materials are licensed and made available ++* under the terms and conditions of the BSD License which accompanies this ++* distribution. The full text of the license may be found at ++* http://opensource.org/licenses/bsd-license.php ++* ++* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++* IMPLIED. ++* ++**/ ++ ++#include ++#include ++#include ++ ++STATIC ++RETURN_STATUS ++GetNamedFwCfgBoolean ( ++ IN CONST CHAR8 *FwCfgFileName, ++ OUT BOOLEAN *Setting ++ ) ++{ ++ RETURN_STATUS Status; ++ FIRMWARE_CONFIG_ITEM FwCfgItem; ++ UINTN FwCfgSize; ++ UINT8 Value[3]; ++ ++ Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize); ++ if (RETURN_ERROR (Status)) { ++ return Status; ++ } ++ if (FwCfgSize > sizeof Value) { ++ return RETURN_BAD_BUFFER_SIZE; ++ } ++ QemuFwCfgSelectItem (FwCfgItem); ++ QemuFwCfgReadBytes (FwCfgSize, Value); ++ ++ if ((FwCfgSize == 1) || ++ (FwCfgSize == 2 && Value[1] == '\n') || ++ (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) { ++ switch (Value[0]) { ++ case '0': ++ case 'n': ++ case 'N': ++ *Setting = FALSE; ++ return RETURN_SUCCESS; ++ ++ case '1': ++ case 'y': ++ case 'Y': ++ *Setting = TRUE; ++ return RETURN_SUCCESS; ++ ++ default: ++ break; ++ } ++ } ++ return RETURN_PROTOCOL_ERROR; ++} ++ ++#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \ ++ do { \ ++ BOOLEAN Setting; \ ++ RETURN_STATUS PcdStatus; \ ++ \ ++ if (!RETURN_ERROR (GetNamedFwCfgBoolean ( \ ++ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \ ++ PcdStatus = PcdSetBoolS (TokenName, Setting); \ ++ ASSERT_RETURN_ERROR (PcdStatus); \ ++ } \ ++ } while (0) ++ ++RETURN_STATUS ++EFIAPI ++TerminalPcdProducerLibConstructor ( ++ VOID ++ ) ++{ ++ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); ++ return RETURN_SUCCESS; ++} +diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf +new file mode 100644 +index 0000000000..fecb37bcdf +--- /dev/null ++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf +@@ -0,0 +1,41 @@ ++## @file ++# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg ++# ++# Copyright (C) 2015-2016, Red Hat, Inc. ++# Copyright (c) 2014, Linaro Ltd. All rights reserved.
++# ++# This program and the accompanying materials are licensed and made available ++# under the terms and conditions of the BSD License which accompanies this ++# distribution. The full text of the license may be found at ++# http://opensource.org/licenses/bsd-license.php ++# ++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++# IMPLIED. ++# ++## ++ ++[Defines] ++ INF_VERSION = 0x00010005 ++ BASE_NAME = TerminalPcdProducerLib ++ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96 ++ MODULE_TYPE = BASE ++ VERSION_STRING = 1.0 ++ LIBRARY_CLASS = TerminalPcdProducerLib|DXE_DRIVER ++ CONSTRUCTOR = TerminalPcdProducerLibConstructor ++ ++[Sources] ++ TerminalPcdProducerLib.c ++ ++[Packages] ++ MdePkg/MdePkg.dec ++ OvmfPkg/OvmfPkg.dec ++ MdeModulePkg/MdeModulePkg.dec ++ ++[LibraryClasses] ++ DebugLib ++ PcdLib ++ QemuFwCfgLib ++ ++[Pcd] ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm diff --git a/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch similarity index 67% rename from 0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch rename to 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch index a40d6f9..21e1f26 100644 --- a/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +++ b/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch @@ -1,7 +1,7 @@ -From 23df46ebbe7b09451d3a05034acd4d3a25e7177b Mon Sep 17 00:00:00 2001 +From c1d277217b6d4115277cac4de26943fde3b7f170 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 4 Nov 2014 23:02:53 +0100 -Subject: OvmfPkg: allow exclusion of the shell from the firmware image +Subject: [PATCH] OvmfPkg: allow exclusion of the shell from the firmware image When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell binary from the firmware image. @@ -47,66 +47,66 @@ Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: Signed-off-by: Laszlo Ersek (cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd) (cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933) +Signed-off-by: Paolo Bonzini --- OvmfPkg/OvmfPkgIa32.fdf | 2 ++ - OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ - OvmfPkg/OvmfPkgX64.fdf | 2 ++ - 3 files changed, 6 insertions(+) + OvmfPkg/OvmfPkgIa32X64.fdf | 3 +++ + OvmfPkg/OvmfPkgX64.fdf | 3 +++ + 3 files changed, 8 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index a967904..366d6bf 100644 +index 6e1e7f5f44..07c1cdbe81 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -284,11 +284,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -291,11 +291,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !if $(TOOL_CHAIN_TAG) != "XCODE5" + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf +!endif - !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index f5a1d86..e4ca33e 100644 +index 1fab3d5014..b1560d6218 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -285,11 +285,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -292,11 +292,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf + !if $(TOOL_CHAIN_TAG) != "XCODE5" + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf +!endif ++ - !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 0bba313..3196b26 100644 +index 6dc48977a0..34cd97aac4 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -285,11 +285,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -301,11 +301,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf + !if $(TOOL_CHAIN_TAG) != "XCODE5" + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf +!endif ++ - !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) + !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf --- -1.8.3.1 - diff --git a/0012-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/0012-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch new file mode 100644 index 0000000..a37d5ac --- /dev/null +++ b/0012-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch @@ -0,0 +1,55 @@ +From cdd42dea1b59285def15d38feaf2093f9f1688dd Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 13:49:43 +0200 +Subject: [PATCH] ArmPlatformPkg: introduce fixed PCD for early hello message + (RH only) + +Drew has proposed that ARM|AARCH64 platform firmware (especially virtual +machine firmware) print a reasonably early, simple hello message to the +serial port, regardless of debug mask settings. This should inform +interactive users, and provide some rough help in localizing boot +problems, even with restrictive debug masks. + +If a platform doesn't want this feature, it should stick with the default +empty string. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Suggested-by: Drew Jones +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30) +(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750) +Signed-off-by: Paolo Bonzini +--- + ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec +index 696d636aac..1553e1ae92 100644 +--- a/ArmPlatformPkg/ArmPlatformPkg.dec ++++ b/ArmPlatformPkg/ArmPlatformPkg.dec +@@ -104,6 +104,13 @@ + ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers + gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045 + ++ # ++ # Early hello message (ASCII string), printed to the serial port. ++ # If set to the empty string, nothing is printed. ++ # Otherwise, a trailing CRLF should be specified explicitly. ++ # ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100 ++ + [PcdsFixedAtBuild.common,PcdsDynamic.common] + ## PL031 RealTimeClock + gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024 diff --git a/0013-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/0013-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch new file mode 100644 index 0000000..b5ecd43 --- /dev/null +++ b/0013-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch @@ -0,0 +1,103 @@ +From f9b6876cb7e14d4e863cc33c8999ece2cf399ff6 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 13:59:20 +0200 +Subject: [PATCH] ArmPlatformPkg: PrePeiCore: write early hello message to the + serial port (RH) + +The FixedPcdGetSize() macro expands to an integer constant, therefore an +optimizing compiler can eliminate the new code, if the platform DSC +doesn't override the empty string (size=1) default of +PcdEarlyHelloMessage. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e) +(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac) +Signed-off-by: Paolo Bonzini +--- + ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++ + ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++ + ArmPlatformPkg/PrePeiCore/PrePeiCore.h | 1 + + ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf | 2 ++ + ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++ + 5 files changed, 15 insertions(+) + +diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c +index d379ad8b7a..ff1672f94d 100644 +--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c ++++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c +@@ -111,6 +111,11 @@ PrimaryMain ( + UINTN TemporaryRamBase; + UINTN TemporaryRamSize; + ++ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { ++ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), ++ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); ++ } ++ + CreatePpiList (&PpiListSize, &PpiList); + + // Enable the GIC Distributor +diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c +index 1500d2bd51..5b0790beac 100644 +--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c ++++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c +@@ -29,6 +29,11 @@ PrimaryMain ( + UINTN TemporaryRamBase; + UINTN TemporaryRamSize; + ++ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { ++ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), ++ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); ++ } ++ + CreatePpiList (&PpiListSize, &PpiList); + + // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +index 7140c7f5b5..1d69a2b468 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + #include + #include +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf +index fb01dd1a11..a6681c1032 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf +@@ -69,6 +69,8 @@ + gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize + ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage ++ + gArmTokenSpaceGuid.PcdGicDistributorBase + gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase + gArmTokenSpaceGuid.PcdGicSgiIntId +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf +index e9eb092d3a..a02ff39b7a 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf +@@ -68,3 +68,5 @@ + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize + + gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack ++ ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage diff --git a/0014-ArmVirtPkg-set-early-hello-message-RH-only.patch b/0014-ArmVirtPkg-set-early-hello-message-RH-only.patch new file mode 100644 index 0000000..e9cafd2 --- /dev/null +++ b/0014-ArmVirtPkg-set-early-hello-message-RH-only.patch @@ -0,0 +1,40 @@ +From 34a88714097996e34811d27b32e77ff71ca763a6 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 14:07:17 +0200 +Subject: [PATCH] ArmVirtPkg: set early hello message (RH only) + +Print a friendly banner on QEMU, regardless of debug mask settings. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925) +(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a) +Signed-off-by: Paolo Bonzini +--- + ArmVirtPkg/ArmVirtQemu.dsc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 24c6ea2e64..ad6af7f1c6 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -125,6 +125,7 @@ + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) + + [PcdsFixedAtBuild.common] ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n" + !if $(ARCH) == AARCH64 + gArmTokenSpaceGuid.PcdVFPEnabled|1 + !endif diff --git a/0015-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/0015-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch deleted file mode 100644 index b667406..0000000 --- a/0015-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +++ /dev/null @@ -1,1329 +0,0 @@ -From 92424de98ffaf1fa81e6346949b1d2b5f9a637ca Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 4 Nov 2014 23:02:55 +0100 -Subject: OvmfPkg: EnrollDefaultKeys: application for enrolling default keys - -This application is meant to be invoked by the management layer, after -booting the UEFI shell and getting a shell prompt on the serial console. -The app enrolls a number of certificates (see below), and then reports -status to the serial console as well. The expected output is "info: -success": - -> Shell> EnrollDefaultKeys.efi -> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 -> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 -> info: success -> Shell> - -In case of success, the management layer can force off or reboot the VM -(for example with the "reset -s" or "reset -c" UEFI shell commands, -respectively), and start the guest installation with SecureBoot enabled. - -PK: -- A unique, static, ad-hoc certificate whose private half has been - destroyed (more precisely, never saved) and is therefore unusable for - signing. (The command for creating this certificate is saved in the - source code.) Background: - -On 09/30/14 20:00, Peter Jones wrote: -> We should generate a special key that's not in our normal signing chains -> for PK and KEK. The reason for this is that [in practice] PK gets -> treated as part of DB (*). -> -> [Shipping a key in our normal signing chains] as PK means you can run -> grub directly, in which case it won't have access to the shim protocol. -> When grub is run without the shim protocol registered, it assumes SB is -> disabled and boots without verifying the kernel. We don't want that to -> be a thing you can do, but allowing that is the inevitable result of -> shipping with any of our normal signing chain in PK or KEK. -> -> (* USRT has actually agreed that since you can escalate to this behavior -> if you have the secret half of a key in KEK or PK anyway, and many -> vendors had already shipped it this way, that it is fine and I think -> even *expected* at this point, even though it wasn't formally in the -> UEFI 2.3.1 Spec that introduced Secure Boot. I'll try and make sure the -> language reflects that in an upcoming spec revision.) -> -> So let me get SRT to issue a special key to use for PK and KEK. We can -> use it just for those operations, and make sure it's protected with the -> same processes and controls as our other signing keys. - - Until SRT generates such a key for us, this ad-hoc key should be a good - placeholder. - -KEK: -- same ad-hoc certificate as used for the PK, -- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool - package is signed (indirectly, through a chain) with this; enrolling - such a KEK should allow guests to install those updates. - -DB: -- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows - Server 2012 R2, -- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI - oproms. - -*UPDATE* - -OvmfPkg: EnrollDefaultKeys: pick up official Red Hat PK/KEK (RHEL only) - -Replace the placeholder ExampleCert with a certificate generated and -managed by the Red Hat Security Response Team. - -> Certificate: -> Data: -> Version: 3 (0x2) -> Serial Number: 18371740789028339953 (0xfef588e8f396c0f1) -> Signature Algorithm: sha256WithRSAEncryption -> Issuer: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com -> Validity -> Not Before: Oct 31 11:15:37 2014 GMT -> Not After : Oct 25 11:15:37 2037 GMT -> Subject: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com -> Subject Public Key Info: -> Public Key Algorithm: rsaEncryption -> Public-Key: (2048 bit) -> Modulus: -> 00:90:1f:84:7b:8d:bc:eb:97:26:82:6d:88:ab:8a: -> c9:8c:68:70:f9:df:4b:07:b2:37:83:0b:02:c8:67: -> 68:30:9e:e3:f0:f0:99:4a:b8:59:57:c6:41:f6:38: -> 8b:fe:66:4c:49:e9:37:37:92:2e:98:01:1e:5b:14: -> 50:e6:a8:8d:25:0d:f5:86:e6:ab:30:cb:40:16:ea: -> 8d:8b:16:86:70:43:37:f2:ce:c0:91:df:71:14:8e: -> 99:0e:89:b6:4c:6d:24:1e:8c:e4:2f:4f:25:d0:ba: -> 06:f8:c6:e8:19:18:76:73:1d:81:6d:a8:d8:05:cf: -> 3a:c8:7b:28:c8:36:a3:16:0d:29:8c:99:9a:68:dc: -> ab:c0:4d:8d:bf:5a:bb:2b:a9:39:4b:04:97:1c:f9: -> 36:bb:c5:3a:86:04:ae:af:d4:82:7b:e0:ab:de:49: -> 05:68:fc:f6:ae:68:1a:6c:90:4d:57:19:3c:64:66: -> 03:f6:c7:52:9b:f7:94:cf:93:6a:a1:68:c9:aa:cf: -> 99:6b:bc:aa:5e:08:e7:39:1c:f7:f8:0f:ba:06:7e: -> f1:cb:e8:76:dd:fe:22:da:ad:3a:5e:5b:34:ea:b3: -> c9:e0:4d:04:29:7e:b8:60:b9:05:ef:b5:d9:17:58: -> 56:16:60:b9:30:32:f0:36:4a:c3:f2:79:8d:12:40: -> 70:f3 -> Exponent: 65537 (0x10001) -> X509v3 extensions: -> X509v3 Basic Constraints: -> CA:FALSE -> Netscape Comment: -> OpenSSL Generated Certificate -> X509v3 Subject Key Identifier: -> 3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC -> X509v3 Authority Key Identifier: -> keyid:3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC -> -> Signature Algorithm: sha256WithRSAEncryption -> 5c:4d:92:88:b4:82:5f:1d:ad:8b:11:ec:df:06:a6:7a:a5:2b: -> 9f:37:55:0c:8d:6e:05:00:ad:b7:0c:41:89:69:cf:d6:65:06: -> 9b:51:78:d2:ad:c7:bf:9c:dc:05:73:7f:e7:1e:39:13:b4:ea: -> b6:30:7d:40:75:ab:9c:43:0b:df:b0:c2:1b:bf:30:e0:f4:fe: -> c0:db:62:21:98:f6:c5:af:de:3b:4f:49:0a:e6:1e:f9:86:b0: -> 3f:0d:d6:d4:46:37:db:54:74:5e:ff:11:c2:60:c6:70:58:c5: -> 1c:6f:ec:b2:d8:6e:6f:c3:bc:33:87:38:a4:f3:44:64:9c:34: -> 3b:28:94:26:78:27:9f:16:17:e8:3b:69:0a:25:a9:73:36:7e: -> 9e:37:5c:ec:e8:3f:db:91:f9:12:b3:3d:ce:e7:dd:15:c3:ae: -> 8c:05:20:61:9b:95:de:9b:af:fa:b1:5c:1c:e5:97:e7:c3:34: -> 11:85:f5:8a:27:26:a4:70:36:ec:0c:f6:83:3d:90:f7:36:f3: -> f9:f3:15:d4:90:62:be:53:b4:af:d3:49:af:ef:f4:73:e8:7b: -> 76:e4:44:2a:37:ba:81:a4:99:0c:3a:31:24:71:a0:e4:e4:b7: -> 1a:cb:47:e4:aa:22:cf:ef:75:61:80:e3:43:b7:48:57:73:11: -> 3d:78:9b:69 -> -----BEGIN CERTIFICATE----- -> MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV -> BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG -> 9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx -> MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L -> RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB -> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw -> +d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31 -> huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B -> bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr -> 3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x -> y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID -> AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy -> YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww -> HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD -> ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c -> 3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N -> 1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol -> qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw -> NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL -> R+SqIs/vdWGA40O3SFdzET14m2k= -> -----END CERTIFICATE----- - -Notes about the 9ece15a -> c9e5618 rebase: -- resolved conflicts in: - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - due to OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf having - disappeared in upstream (commit 57446bb9). - -Notes about the c9e5618 -> b9ffeab rebase: -- Guid/VariableFormat.h now lives under MdeModulePkg. - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- This patch now squashes the following commits: - - 014f459c197b OvmfPkg: EnrollDefaultKeys: application for enrolling - default keys (RH only) - - 18422a18d0e9 OvmfPkg/EnrollDefaultKeys: assign Status before reading - it (RH only) - - ddb90568e874 OvmfPkg/EnrollDefaultKeys: silence VS2015x86 warning (RH - only) - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- This patch now squashes the following commits: - - c0b2615a9c0b OvmfPkg: EnrollDefaultKeys: application for enrolling - default keys (RH only) - - 22f4d33d0168 OvmfPkg/EnrollDefaultKeys: update SignatureOwner GUID for - Windows HCK (RH) - - ff7f2c1d870d OvmfPkg/EnrollDefaultKeys: expose CertType parameter of - EnrollListOfCerts (RH) - - aee7b5ba60b4 OvmfPkg/EnrollDefaultKeys: blacklist empty file in dbx - for Windows HCK (RH) - -- Consequently, OvmfPkg/EnrollDefaultKeys/ is identical to the same - directory at the "RHEL-7.4" tag (49d06d386736). - -Signed-off-by: Laszlo Ersek -(cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d) ---- - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++++++++ - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 ++ - OvmfPkg/OvmfPkgIa32.dsc | 4 + - OvmfPkg/OvmfPkgIa32X64.dsc | 4 + - OvmfPkg/OvmfPkgX64.dsc | 4 + - 5 files changed, 1079 insertions(+) - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf - -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -new file mode 100644 -index 0000000..dd413df ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -@@ -0,0 +1,1015 @@ -+/** @file -+ Enroll default PK, KEK, DB. -+ -+ Copyright (C) 2014, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+#include // gEfiCustomModeEnableGuid -+#include // EFI_SETUP_MODE_NAME -+#include // EFI_IMAGE_SECURITY_DATABASE -+#include // CopyGuid() -+#include // ASSERT() -+#include // FreePool() -+#include // ShellAppMain() -+#include // AsciiPrint() -+#include // gRT -+ -+// -+// We'll use the certificate below as both Platform Key and as first Key -+// Exchange Key. -+// -+// "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com" -+// SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97 -+// -+STATIC CONST UINT8 RedHatPkKek1[] = { -+ 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, -+ 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, -+ 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, -+ 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, -+ 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, -+ 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, -+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, -+ 0x33, 0x31, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x37, -+ 0x31, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x30, 0x51, -+ 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x52, 0x65, -+ 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, -+ 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, 0x4b, 0x20, -+ 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, -+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63, -+ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, -+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, -+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x90, 0x1f, 0x84, -+ 0x7b, 0x8d, 0xbc, 0xeb, 0x97, 0x26, 0x82, 0x6d, 0x88, 0xab, 0x8a, 0xc9, 0x8c, -+ 0x68, 0x70, 0xf9, 0xdf, 0x4b, 0x07, 0xb2, 0x37, 0x83, 0x0b, 0x02, 0xc8, 0x67, -+ 0x68, 0x30, 0x9e, 0xe3, 0xf0, 0xf0, 0x99, 0x4a, 0xb8, 0x59, 0x57, 0xc6, 0x41, -+ 0xf6, 0x38, 0x8b, 0xfe, 0x66, 0x4c, 0x49, 0xe9, 0x37, 0x37, 0x92, 0x2e, 0x98, -+ 0x01, 0x1e, 0x5b, 0x14, 0x50, 0xe6, 0xa8, 0x8d, 0x25, 0x0d, 0xf5, 0x86, 0xe6, -+ 0xab, 0x30, 0xcb, 0x40, 0x16, 0xea, 0x8d, 0x8b, 0x16, 0x86, 0x70, 0x43, 0x37, -+ 0xf2, 0xce, 0xc0, 0x91, 0xdf, 0x71, 0x14, 0x8e, 0x99, 0x0e, 0x89, 0xb6, 0x4c, -+ 0x6d, 0x24, 0x1e, 0x8c, 0xe4, 0x2f, 0x4f, 0x25, 0xd0, 0xba, 0x06, 0xf8, 0xc6, -+ 0xe8, 0x19, 0x18, 0x76, 0x73, 0x1d, 0x81, 0x6d, 0xa8, 0xd8, 0x05, 0xcf, 0x3a, -+ 0xc8, 0x7b, 0x28, 0xc8, 0x36, 0xa3, 0x16, 0x0d, 0x29, 0x8c, 0x99, 0x9a, 0x68, -+ 0xdc, 0xab, 0xc0, 0x4d, 0x8d, 0xbf, 0x5a, 0xbb, 0x2b, 0xa9, 0x39, 0x4b, 0x04, -+ 0x97, 0x1c, 0xf9, 0x36, 0xbb, 0xc5, 0x3a, 0x86, 0x04, 0xae, 0xaf, 0xd4, 0x82, -+ 0x7b, 0xe0, 0xab, 0xde, 0x49, 0x05, 0x68, 0xfc, 0xf6, 0xae, 0x68, 0x1a, 0x6c, -+ 0x90, 0x4d, 0x57, 0x19, 0x3c, 0x64, 0x66, 0x03, 0xf6, 0xc7, 0x52, 0x9b, 0xf7, -+ 0x94, 0xcf, 0x93, 0x6a, 0xa1, 0x68, 0xc9, 0xaa, 0xcf, 0x99, 0x6b, 0xbc, 0xaa, -+ 0x5e, 0x08, 0xe7, 0x39, 0x1c, 0xf7, 0xf8, 0x0f, 0xba, 0x06, 0x7e, 0xf1, 0xcb, -+ 0xe8, 0x76, 0xdd, 0xfe, 0x22, 0xda, 0xad, 0x3a, 0x5e, 0x5b, 0x34, 0xea, 0xb3, -+ 0xc9, 0xe0, 0x4d, 0x04, 0x29, 0x7e, 0xb8, 0x60, 0xb9, 0x05, 0xef, 0xb5, 0xd9, -+ 0x17, 0x58, 0x56, 0x16, 0x60, 0xb9, 0x30, 0x32, 0xf0, 0x36, 0x4a, 0xc3, 0xf2, -+ 0x79, 0x8d, 0x12, 0x40, 0x70, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b, -+ 0x30, 0x79, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, -+ 0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d, -+ 0x04, 0x1f, 0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, -+ 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, -+ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, -+ 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, -+ 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, -+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x3c, -+ 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, -+ 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, -+ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, -+ 0x5c, 0x4d, 0x92, 0x88, 0xb4, 0x82, 0x5f, 0x1d, 0xad, 0x8b, 0x11, 0xec, 0xdf, -+ 0x06, 0xa6, 0x7a, 0xa5, 0x2b, 0x9f, 0x37, 0x55, 0x0c, 0x8d, 0x6e, 0x05, 0x00, -+ 0xad, 0xb7, 0x0c, 0x41, 0x89, 0x69, 0xcf, 0xd6, 0x65, 0x06, 0x9b, 0x51, 0x78, -+ 0xd2, 0xad, 0xc7, 0xbf, 0x9c, 0xdc, 0x05, 0x73, 0x7f, 0xe7, 0x1e, 0x39, 0x13, -+ 0xb4, 0xea, 0xb6, 0x30, 0x7d, 0x40, 0x75, 0xab, 0x9c, 0x43, 0x0b, 0xdf, 0xb0, -+ 0xc2, 0x1b, 0xbf, 0x30, 0xe0, 0xf4, 0xfe, 0xc0, 0xdb, 0x62, 0x21, 0x98, 0xf6, -+ 0xc5, 0xaf, 0xde, 0x3b, 0x4f, 0x49, 0x0a, 0xe6, 0x1e, 0xf9, 0x86, 0xb0, 0x3f, -+ 0x0d, 0xd6, 0xd4, 0x46, 0x37, 0xdb, 0x54, 0x74, 0x5e, 0xff, 0x11, 0xc2, 0x60, -+ 0xc6, 0x70, 0x58, 0xc5, 0x1c, 0x6f, 0xec, 0xb2, 0xd8, 0x6e, 0x6f, 0xc3, 0xbc, -+ 0x33, 0x87, 0x38, 0xa4, 0xf3, 0x44, 0x64, 0x9c, 0x34, 0x3b, 0x28, 0x94, 0x26, -+ 0x78, 0x27, 0x9f, 0x16, 0x17, 0xe8, 0x3b, 0x69, 0x0a, 0x25, 0xa9, 0x73, 0x36, -+ 0x7e, 0x9e, 0x37, 0x5c, 0xec, 0xe8, 0x3f, 0xdb, 0x91, 0xf9, 0x12, 0xb3, 0x3d, -+ 0xce, 0xe7, 0xdd, 0x15, 0xc3, 0xae, 0x8c, 0x05, 0x20, 0x61, 0x9b, 0x95, 0xde, -+ 0x9b, 0xaf, 0xfa, 0xb1, 0x5c, 0x1c, 0xe5, 0x97, 0xe7, 0xc3, 0x34, 0x11, 0x85, -+ 0xf5, 0x8a, 0x27, 0x26, 0xa4, 0x70, 0x36, 0xec, 0x0c, 0xf6, 0x83, 0x3d, 0x90, -+ 0xf7, 0x36, 0xf3, 0xf9, 0xf3, 0x15, 0xd4, 0x90, 0x62, 0xbe, 0x53, 0xb4, 0xaf, -+ 0xd3, 0x49, 0xaf, 0xef, 0xf4, 0x73, 0xe8, 0x7b, 0x76, 0xe4, 0x44, 0x2a, 0x37, -+ 0xba, 0x81, 0xa4, 0x99, 0x0c, 0x3a, 0x31, 0x24, 0x71, 0xa0, 0xe4, 0xe4, 0xb7, -+ 0x1a, 0xcb, 0x47, 0xe4, 0xaa, 0x22, 0xcf, 0xef, 0x75, 0x61, 0x80, 0xe3, 0x43, -+ 0xb7, 0x48, 0x57, 0x73, 0x11, 0x3d, 0x78, 0x9b, 0x69 -+}; -+ -+// -+// Second KEK: "Microsoft Corporation KEK CA 2011". -+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 -+// -+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. -+// -+STATIC CONST UINT8 MicrosoftKEK[] = { -+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, -+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, -+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, -+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, -+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, -+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, -+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, -+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, -+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, -+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, -+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, -+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, -+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, -+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, -+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, -+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, -+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, -+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, -+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, -+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, -+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, -+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, -+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, -+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, -+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, -+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, -+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, -+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, -+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, -+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, -+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, -+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, -+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, -+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, -+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, -+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, -+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, -+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, -+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, -+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, -+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, -+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, -+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, -+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, -+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, -+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, -+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, -+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, -+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, -+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, -+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, -+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, -+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, -+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, -+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, -+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, -+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, -+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, -+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, -+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, -+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, -+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, -+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, -+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, -+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, -+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, -+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, -+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, -+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, -+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, -+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, -+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, -+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, -+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, -+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, -+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, -+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, -+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, -+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, -+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, -+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, -+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, -+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, -+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, -+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, -+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, -+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, -+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e -+}; -+ -+// -+// First DB entry: "Microsoft Windows Production PCA 2011" -+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d -+// -+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain -+// rooted in this certificate. -+// -+STATIC CONST UINT8 MicrosoftPCA[] = { -+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, -+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, -+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, -+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, -+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, -+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, -+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, -+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, -+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, -+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, -+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, -+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, -+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, -+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, -+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, -+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, -+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, -+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, -+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, -+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, -+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, -+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, -+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, -+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, -+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, -+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, -+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, -+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, -+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, -+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, -+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, -+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, -+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, -+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, -+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, -+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, -+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, -+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, -+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, -+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, -+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, -+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, -+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, -+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, -+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, -+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, -+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, -+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, -+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, -+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, -+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, -+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, -+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, -+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, -+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, -+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, -+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, -+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, -+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, -+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, -+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, -+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, -+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, -+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, -+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, -+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, -+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, -+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, -+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, -+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, -+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, -+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, -+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, -+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, -+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, -+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, -+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, -+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, -+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, -+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, -+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, -+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, -+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, -+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, -+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, -+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, -+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, -+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, -+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, -+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, -+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, -+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, -+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, -+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, -+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, -+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, -+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, -+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, -+ 0x62, 0x1c, 0x59, 0x7e -+}; -+ -+// -+// Second DB entry: "Microsoft Corporation UEFI CA 2011" -+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 -+// -+// To verify the "shim" binary and PCI expansion ROMs with. -+// -+STATIC CONST UINT8 MicrosoftUefiCA[] = { -+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, -+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, -+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, -+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, -+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, -+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, -+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, -+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, -+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, -+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, -+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, -+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, -+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, -+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, -+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, -+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, -+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, -+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, -+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, -+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, -+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, -+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, -+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, -+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, -+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, -+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, -+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, -+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, -+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, -+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, -+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, -+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, -+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, -+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, -+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, -+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, -+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, -+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, -+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, -+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, -+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, -+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, -+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, -+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, -+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, -+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, -+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, -+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, -+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, -+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, -+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, -+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, -+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, -+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, -+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, -+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, -+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, -+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, -+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, -+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, -+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, -+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, -+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, -+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, -+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, -+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, -+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, -+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, -+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, -+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, -+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, -+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, -+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, -+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, -+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, -+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, -+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, -+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, -+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, -+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, -+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, -+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, -+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, -+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, -+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, -+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, -+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, -+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, -+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 -+}; -+ -+// -+// The Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmDBXisPresent test case -+// of the Secure Boot Logo Test in the Microsoft Hardware Certification Kit -+// expects that the "dbx" variable exist. -+// -+// The article at -+// writes (excerpt): -+// -+// Windows 8.1 Secure Boot Key Creation and Management Guidance -+// 1. Secure Boot, Windows 8.1 and Key Management -+// 1.4 Signature Databases (Db and Dbx) -+// 1.4.3 Forbidden Signature Database (dbx) -+// -+// The contents of EFI_IMAGE_SIGNATURE_DATABASE1 dbx must be checked when -+// verifying images before checking db and any matches must prevent the -+// image from executing. The database may contain multiple certificates, -+// keys, and hashes in order to identify forbidden images. The Windows -+// Hardware Certification Requirements state that a dbx must be present, so -+// any dummy value, such as the SHA-256 hash of 0, may be used as a safe -+// placeholder until such time as Microsoft begins delivering dbx updates. -+// -+// The byte array below captures the SHA256 checksum of the empty file, -+// blacklisting it for loading & execution. This qualifies as a dummy, since -+// the empty file is not a valid UEFI binary anyway. -+// -+// Technically speaking, we could also capture an official (although soon to be -+// obsolete) dbx update from . However, -+// the terms and conditions on distributing that binary aren't exactly light -+// reading, so let's best steer clear of it, and follow the "dummy entry" -+// practice recommended -- in natural English langauge -- in the -+// above-referenced TechNet article. -+// -+STATIC CONST UINT8 mSha256OfDevNull[] = { -+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, -+ 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, -+ 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 -+}; -+ -+// -+// The following test cases of the Secure Boot Logo Test in the Microsoft -+// Hardware Certification Kit: -+// -+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent -+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB -+// -+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be -+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the -+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509 -+// certificates: -+// -+// - "Microsoft Corporation KEK CA 2011" (in KEK) -+// - "Microsoft Windows Production PCA 2011" (in db) -+// - "Microsoft Corporation UEFI CA 2011" (in db) -+// -+// This is despite the fact that the UEFI specification requires -+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS, -+// application or driver) that enrolled and therefore owns -+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued -+// EFI_SIGNATURE_DATA.SignatureData. -+// -+STATIC CONST EFI_GUID mMicrosoftOwnerGuid = { -+ 0x77fa9abd, 0x0359, 0x4d32, -+ { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, -+}; -+ -+// -+// The most important thing about the variable payload is that it is a list of -+// lists, where the element size of any given *inner* list is constant. -+// -+// Since X509 certificates vary in size, each of our *inner* lists will contain -+// one element only (one X.509 certificate). This is explicitly mentioned in -+// the UEFI specification, in "28.4.1 Signature Database", in a Note. -+// -+// The list structure looks as follows: -+// -+// struct EFI_VARIABLE_AUTHENTICATION_2 { | -+// struct EFI_TIME { | -+// UINT16 Year; | -+// UINT8 Month; | -+// UINT8 Day; | -+// UINT8 Hour; | -+// UINT8 Minute; | -+// UINT8 Second; | -+// UINT8 Pad1; | -+// UINT32 Nanosecond; | -+// INT16 TimeZone; | -+// UINT8 Daylight; | -+// UINT8 Pad2; | -+// } TimeStamp; | -+// | -+// struct WIN_CERTIFICATE_UEFI_GUID { | | -+// struct WIN_CERTIFICATE { | | -+// UINT32 dwLength; ----------------------------------------+ | -+// UINT16 wRevision; | | -+// UINT16 wCertificateType; | | -+// } Hdr; | +- DataSize -+// | | -+// EFI_GUID CertType; | | -+// UINT8 CertData[1] = { <--- "struct hack" | | -+// struct EFI_SIGNATURE_LIST { | | | -+// EFI_GUID SignatureType; | | | -+// UINT32 SignatureListSize; -------------------------+ | | -+// UINT32 SignatureHeaderSize; | | | -+// UINT32 SignatureSize; ---------------------------+ | | | -+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | -+// v | | | -+// struct EFI_SIGNATURE_DATA { | | | | -+// EFI_GUID SignatureOwner; | | | | -+// UINT8 SignatureData[1] = { <--- "struct hack" | | | | -+// X.509 payload | | | | -+// } | | | | -+// } Signatures[]; | | | -+// } SigLists[]; | | -+// }; | | -+// } AuthInfo; | | -+// }; | -+// -+// Given that the "struct hack" invokes undefined behavior (which is why C99 -+// introduced the flexible array member), and because subtracting those pesky -+// sizes of 1 is annoying, and because the format is fully specified in the -+// UEFI specification, we'll introduce two matching convenience structures that -+// are customized for our X.509 purposes. -+// -+#pragma pack(1) -+typedef struct { -+ EFI_TIME TimeStamp; -+ -+ // -+ // dwLength covers data below -+ // -+ UINT32 dwLength; -+ UINT16 wRevision; -+ UINT16 wCertificateType; -+ EFI_GUID CertType; -+} SINGLE_HEADER; -+ -+typedef struct { -+ // -+ // SignatureListSize covers data below -+ // -+ EFI_GUID SignatureType; -+ UINT32 SignatureListSize; -+ UINT32 SignatureHeaderSize; // constant 0 -+ UINT32 SignatureSize; -+ -+ // -+ // SignatureSize covers data below -+ // -+ EFI_GUID SignatureOwner; -+ -+ // -+ // X.509 certificate follows -+ // -+} REPEATING_HEADER; -+#pragma pack() -+ -+/** -+ Enroll a set of certificates in a global variable, overwriting it. -+ -+ The variable will be rewritten with NV+BS+RT+AT attributes. -+ -+ @param[in] VariableName The name of the variable to overwrite. -+ -+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to -+ overwrite. -+ -+ @param[in] CertType The GUID determining the type of all the -+ certificates in the set that is passed in. For -+ example, gEfiCertX509Guid stands for DER-encoded -+ X.509 certificates, while gEfiCertSha256Guid stands -+ for SHA256 image hashes. -+ -+ @param[in] ... A list of -+ -+ IN CONST UINT8 *Cert, -+ IN UINTN CertSize, -+ IN CONST EFI_GUID *OwnerGuid -+ -+ triplets. If the first component of a triplet is -+ NULL, then the other two components are not -+ accessed, and processing is terminated. The list of -+ certificates is enrolled in the variable specified, -+ overwriting it. The OwnerGuid component identifies -+ the agent installing the certificate. -+ -+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert -+ value is NULL), or one of the CertSize values -+ is 0, or one of the CertSize values would -+ overflow the accumulated UINT32 data size. -+ -+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable -+ payload. -+ -+ @retval EFI_SUCCESS Enrollment successful; the variable has been -+ overwritten (or created). -+ -+ @return Error codes from gRT->GetTime() and -+ gRT->SetVariable(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+EnrollListOfCerts ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ IN EFI_GUID *CertType, -+ ... -+ ) -+{ -+ UINTN DataSize; -+ SINGLE_HEADER *SingleHeader; -+ REPEATING_HEADER *RepeatingHeader; -+ VA_LIST Marker; -+ CONST UINT8 *Cert; -+ EFI_STATUS Status; -+ UINT8 *Data; -+ UINT8 *Position; -+ -+ Status = EFI_SUCCESS; -+ -+ // -+ // compute total size first, for UINT32 range check, and allocation -+ // -+ DataSize = sizeof *SingleHeader; -+ VA_START (Marker, CertType); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ (VOID)VA_ARG (Marker, CONST EFI_GUID *); -+ -+ if (CertSize == 0 || -+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader || -+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { -+ Status = EFI_INVALID_PARAMETER; -+ break; -+ } -+ DataSize += sizeof *RepeatingHeader + CertSize; -+ } -+ VA_END (Marker); -+ -+ if (DataSize == sizeof *SingleHeader) { -+ Status = EFI_INVALID_PARAMETER; -+ } -+ if (EFI_ERROR (Status)) { -+ goto Out; -+ } -+ -+ Data = AllocatePool (DataSize); -+ if (Data == NULL) { -+ Status = EFI_OUT_OF_RESOURCES; -+ goto Out; -+ } -+ -+ Position = Data; -+ -+ SingleHeader = (SINGLE_HEADER *)Position; -+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); -+ if (EFI_ERROR (Status)) { -+ goto FreeData; -+ } -+ SingleHeader->TimeStamp.Pad1 = 0; -+ SingleHeader->TimeStamp.Nanosecond = 0; -+ SingleHeader->TimeStamp.TimeZone = 0; -+ SingleHeader->TimeStamp.Daylight = 0; -+ SingleHeader->TimeStamp.Pad2 = 0; -+#if 0 -+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; -+#else -+ // -+ // This looks like a bug in edk2. According to the UEFI specification, -+ // dwLength is "The length of the entire certificate, including the length of -+ // the header, in bytes". That shouldn't stop right after CertType -- it -+ // should include everything below it. -+ // -+ SingleHeader->dwLength = sizeof *SingleHeader -+ - sizeof SingleHeader->TimeStamp; -+#endif -+ SingleHeader->wRevision = 0x0200; -+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; -+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); -+ Position += sizeof *SingleHeader; -+ -+ VA_START (Marker, CertType); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ CONST EFI_GUID *OwnerGuid; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); -+ -+ RepeatingHeader = (REPEATING_HEADER *)Position; -+ CopyGuid (&RepeatingHeader->SignatureType, CertType); -+ RepeatingHeader->SignatureListSize = -+ (UINT32)(sizeof *RepeatingHeader + CertSize); -+ RepeatingHeader->SignatureHeaderSize = 0; -+ RepeatingHeader->SignatureSize = -+ (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize); -+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); -+ Position += sizeof *RepeatingHeader; -+ -+ CopyMem (Position, Cert, CertSize); -+ Position += CertSize; -+ } -+ VA_END (Marker); -+ -+ ASSERT (Data + DataSize == Position); -+ -+ Status = gRT->SetVariable (VariableName, VendorGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_RUNTIME_ACCESS | -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), -+ DataSize, Data); -+ -+FreeData: -+ FreePool (Data); -+ -+Out: -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, -+ VendorGuid, Status); -+ } -+ return Status; -+} -+ -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetExact ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ OUT VOID *Data, -+ IN UINTN DataSize, -+ IN BOOLEAN AllowMissing -+ ) -+{ -+ UINTN Size; -+ EFI_STATUS Status; -+ -+ Size = DataSize; -+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); -+ if (EFI_ERROR (Status)) { -+ if (Status == EFI_NOT_FOUND && AllowMissing) { -+ ZeroMem (Data, DataSize); -+ return EFI_SUCCESS; -+ } -+ -+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, -+ VendorGuid, Status); -+ return Status; -+ } -+ -+ if (Size != DataSize) { -+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " -+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); -+ return EFI_PROTOCOL_ERROR; -+ } -+ -+ return EFI_SUCCESS; -+} -+ -+typedef struct { -+ UINT8 SetupMode; -+ UINT8 SecureBoot; -+ UINT8 SecureBootEnable; -+ UINT8 CustomMode; -+ UINT8 VendorKeys; -+} SETTINGS; -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetSettings ( -+ OUT SETTINGS *Settings -+ ) -+{ -+ EFI_STATUS Status; -+ -+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, -+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, -+ sizeof Settings->SecureBootEnable, TRUE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); -+ return Status; -+} -+ -+STATIC -+VOID -+EFIAPI -+PrintSettings ( -+ IN CONST SETTINGS *Settings -+ ) -+{ -+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " -+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, -+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); -+} -+ -+ -+INTN -+EFIAPI -+ShellAppMain ( -+ IN UINTN Argc, -+ IN CHAR16 **Argv -+ ) -+{ -+ EFI_STATUS Status; -+ SETTINGS Settings; -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 1) { -+ AsciiPrint ("error: already in User Mode\n"); -+ return 1; -+ } -+ -+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { -+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS), -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_IMAGE_SECURITY_DATABASE, -+ &gEfiImageSecurityDatabaseGuid, -+ &gEfiCertX509Guid, -+ MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid, -+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_IMAGE_SECURITY_DATABASE1, -+ &gEfiImageSecurityDatabaseGuid, -+ &gEfiCertSha256Guid, -+ mSha256OfDevNull, sizeof mSha256OfDevNull, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_KEY_EXCHANGE_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ &gEfiCertX509Guid, -+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid, -+ MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_PLATFORM_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ &gEfiCertX509Guid, -+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || -+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || -+ Settings.VendorKeys != 0) { -+ AsciiPrint ("error: unexpected\n"); -+ return 1; -+ } -+ -+ AsciiPrint ("info: success\n"); -+ return 0; -+} -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -new file mode 100644 -index 0000000..0ad86a2 ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -@@ -0,0 +1,52 @@ -+## @file -+# Enroll default PK, KEK, DB. -+# -+# Copyright (C) 2014, Red Hat, Inc. -+# -+# This program and the accompanying materials are licensed and made available -+# under the terms and conditions of the BSD License which accompanies this -+# distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license. -+# -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR -+# IMPLIED. -+## -+ -+[Defines] -+ INF_VERSION = 0x00010006 -+ BASE_NAME = EnrollDefaultKeys -+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A -+ MODULE_TYPE = UEFI_APPLICATION -+ VERSION_STRING = 0.1 -+ ENTRY_POINT = ShellCEntryLib -+ -+# -+# VALID_ARCHITECTURES = IA32 X64 -+# -+ -+[Sources] -+ EnrollDefaultKeys.c -+ -+[Packages] -+ MdePkg/MdePkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ SecurityPkg/SecurityPkg.dec -+ ShellPkg/ShellPkg.dec -+ -+[Guids] -+ gEfiCertPkcs7Guid -+ gEfiCertSha256Guid -+ gEfiCertX509Guid -+ gEfiCustomModeEnableGuid -+ gEfiGlobalVariableGuid -+ gEfiImageSecurityDatabaseGuid -+ gEfiSecureBootEnableDisableGuid -+ -+[LibraryClasses] -+ BaseMemoryLib -+ DebugLib -+ MemoryAllocationLib -+ ShellCEntryLib -+ UefiLib -+ UefiRuntimeServicesTableLib -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 61e606a..b0ad6e9 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -821,6 +821,10 @@ - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index bfe3baf..bf749d7 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -830,6 +830,10 @@ - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 4365a7b..b677d15 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -828,6 +828,10 @@ - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf --- -1.8.3.1 - diff --git a/0015-Tweak-the-tools_def-to-support-cross-compiling.patch b/0015-Tweak-the-tools_def-to-support-cross-compiling.patch new file mode 100644 index 0000000..b36f1e4 --- /dev/null +++ b/0015-Tweak-the-tools_def-to-support-cross-compiling.patch @@ -0,0 +1,75 @@ +From d8b75ad1013b21c089a1af579b510f32c49c5b14 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 16 Aug 2018 15:45:47 -0400 +Subject: [PATCH] Tweak the tools_def to support cross-compiling. + +These files are meant for customization, so this is not upstream. + +Signed-off-by: Paolo Bonzini +Signed-off-by: Cole Robinson +--- + BaseTools/Conf/tools_def.template | 44 +++++++++++++++---------------- + 1 file changed, 22 insertions(+), 22 deletions(-) + +diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template +index 933b3160fd..e62ccc322d 100755 +--- a/BaseTools/Conf/tools_def.template ++++ b/BaseTools/Conf/tools_def.template +@@ -2350,17 +2350,17 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20 + ################## + # GCC5 IA32 definitions + ################## +-*_GCC5_IA32_OBJCOPY_PATH = DEF(GCC5_IA32_PREFIX)objcopy +-*_GCC5_IA32_CC_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_SLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc-ar +-*_GCC5_IA32_DLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_ASLDLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_ASM_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_PP_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_VFRPP_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_ASLCC_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_ASLPP_PATH = DEF(GCC5_IA32_PREFIX)gcc +-*_GCC5_IA32_RC_PATH = DEF(GCC5_IA32_PREFIX)objcopy ++*_GCC5_IA32_OBJCOPY_PATH = ENV(GCC5_IA32_PREFIX)objcopy ++*_GCC5_IA32_CC_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_SLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc-ar ++*_GCC5_IA32_DLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_ASLDLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_ASM_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_PP_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_VFRPP_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_ASLCC_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_ASLPP_PATH = ENV(GCC5_IA32_PREFIX)gcc ++*_GCC5_IA32_RC_PATH = ENV(GCC5_IA32_PREFIX)objcopy + + *_GCC5_IA32_ASLCC_FLAGS = DEF(GCC5_ASLCC_FLAGS) -m32 + *_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie +@@ -2382,17 +2382,17 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl, + ################## + # GCC5 X64 definitions + ################## +-*_GCC5_X64_OBJCOPY_PATH = DEF(GCC5_X64_PREFIX)objcopy +-*_GCC5_X64_CC_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_SLINK_PATH = DEF(GCC5_X64_PREFIX)gcc-ar +-*_GCC5_X64_DLINK_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_ASLDLINK_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_ASM_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_PP_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_VFRPP_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_ASLCC_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_ASLPP_PATH = DEF(GCC5_X64_PREFIX)gcc +-*_GCC5_X64_RC_PATH = DEF(GCC5_X64_PREFIX)objcopy ++*_GCC5_X64_OBJCOPY_PATH = ENV(GCC5_X64_PREFIX)objcopy ++*_GCC5_X64_CC_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_SLINK_PATH = ENV(GCC5_X64_PREFIX)gcc-ar ++*_GCC5_X64_DLINK_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_ASLDLINK_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_ASM_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_PP_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_VFRPP_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_ASLCC_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_ASLPP_PATH = ENV(GCC5_X64_PREFIX)gcc ++*_GCC5_X64_RC_PATH = ENV(GCC5_X64_PREFIX)objcopy + + *_GCC5_X64_ASLCC_FLAGS = DEF(GCC5_ASLCC_FLAGS) -m64 + *_GCC5_X64_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64 diff --git a/0016-BaseTools-do-not-build-BrotliCompress-RH-only.patch b/0016-BaseTools-do-not-build-BrotliCompress-RH-only.patch new file mode 100644 index 0000000..8c7eb44 --- /dev/null +++ b/0016-BaseTools-do-not-build-BrotliCompress-RH-only.patch @@ -0,0 +1,47 @@ +From cab35d13e43ef37e746befaa1f3c8200edf4e420 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 4 Jun 2020 13:34:12 +0200 +Subject: [PATCH] BaseTools: do not build BrotliCompress (RH only) + +Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> +RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: + +- New patch. + +BrotliCompress is not used for building ArmVirtPkg or OvmfPkg platforms. +It depends on one of the upstream Brotli git submodules that we removed +earlier in this rebase series. (See patch "remove upstream edk2's Brotli +submodules (RH only"). + +Do not attempt to build BrotliCompress. + +Signed-off-by: Laszlo Ersek +--- + BaseTools/Source/C/GNUmakefile | 1 - + MdeModulePkg/MdeModulePkg.dec | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile +index df4eb64ea9..52777eaff1 100644 +--- a/BaseTools/Source/C/GNUmakefile ++++ b/BaseTools/Source/C/GNUmakefile +@@ -45,7 +45,6 @@ all: makerootdir subdirs + LIBRARIES = Common + VFRAUTOGEN = VfrCompile/VfrLexer.h + APPLICATIONS = \ +- BrotliCompress \ + VfrCompile \ + EfiRom \ + GenFfs \ +diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec +index e562bed57e..7367adbaa3 100644 +--- a/MdeModulePkg/MdeModulePkg.dec ++++ b/MdeModulePkg/MdeModulePkg.dec +@@ -25,7 +25,6 @@ + Include + + [Includes.Common.Private] +- Library/BrotliCustomDecompressLib/brotli/c/include + + [LibraryClasses] + ## @libraryclass Defines a set of methods to reset whole system. diff --git a/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch b/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch deleted file mode 100644 index 308fddb..0000000 --- a/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Ruiyu Ni -Subject: [PATCH] MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource -Date: Thu, 16 Nov 2017 18:15:14 +0100 - -The bug was caused by 728d74973c9262b6c7b7ef4be213223d55affec3 -"MdeModulePkg/PciBus: Count multiple hotplug resource paddings". - -The patch firstly updated the Bridge->Alignment to the maximum -alignment of all devices under the bridge, then aligned the -Bridge->Length to Bridge->Alignment. -It caused too much resources were claimed. - -The new patch firstly aligns Bridge->Length to Bridge->Alignment, -then updates the Bridge->Alignment to the maximum alignment of all -devices under the bridge. -Because the step to update the Bridge->Alignment is to make sure -the resource allocated to the bus under the Bridge meets all -devices alignment. But the Bridge->Length doesn't have to align -to the maximum alignment. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Ruiyu Ni -Reviewed-by: Eric Dong -(cherry picked from commit 6e3287442774c1a4bc83f127694700eeb07c18dc) ---- - MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c | 24 ++++++++++---------- - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c -index 8dbe9a00380f..2f713fcee95e 100644 ---- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c -+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c -@@ -389,18 +389,7 @@ CalculateResourceAperture ( - } - - // -- // Adjust the bridge's alignment to the MAX (first) alignment of all children. -- // -- CurrentLink = Bridge->ChildList.ForwardLink; -- if (CurrentLink != &Bridge->ChildList) { -- Node = RESOURCE_NODE_FROM_LINK (CurrentLink); -- if (Node->Alignment > Bridge->Alignment) { -- Bridge->Alignment = Node->Alignment; -- } -- } -- -- // -- // At last, adjust the aperture with the bridge's alignment -+ // Adjust the aperture with the bridge's alignment - // - Aperture[PciResUsageTypical] = ALIGN_VALUE (Aperture[PciResUsageTypical], Bridge->Alignment + 1); - Aperture[PciResUsagePadding] = ALIGN_VALUE (Aperture[PciResUsagePadding], Bridge->Alignment + 1); -@@ -410,6 +399,17 @@ CalculateResourceAperture ( - // Use the larger one between the padding resource and actual occupied resource. - // - Bridge->Length = MAX (Aperture[PciResUsageTypical], Aperture[PciResUsagePadding]); -+ -+ // -+ // Adjust the bridge's alignment to the MAX (first) alignment of all children. -+ // -+ CurrentLink = Bridge->ChildList.ForwardLink; -+ if (CurrentLink != &Bridge->ChildList) { -+ Node = RESOURCE_NODE_FROM_LINK (CurrentLink); -+ if (Node->Alignment > Bridge->Alignment) { -+ Bridge->Alignment = Node->Alignment; -+ } -+ } - } - - /** --- -2.14.1.3.gb7cf6e02401b - diff --git a/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch b/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch deleted file mode 100644 index 0a9a1ba..0000000 --- a/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Ruiyu Ni -Subject: [PATCH] MdeModulePkg/Bds: Remove assertion in BmCharToUint -Date: Thu, 16 Nov 2017 18:04:42 +0100 - -BmCharToUint() could be called using external data and it -already contains logic to return -1 when data is invalid, -so removing unnecessary assertion to avoid system hang. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Ruiyu Ni -Reviewed-by: Laszlo Ersek -Reviewed-by: Star Zeng -Acked-by: Ard Biesheuvel -(cherry picked from commit 618ef6f9bae14e1543d61993ab7ab8992063e4cc) ---- - MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c -index 11ab86792a52..a3fa25424592 100644 ---- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c -+++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c -@@ -420,7 +420,6 @@ BmCharToUint ( - return (Char - L'A' + 0xA); - } - -- ASSERT (FALSE); - return (UINTN) -1; - } - --- -2.14.1.3.gb7cf6e02401b - - diff --git a/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch b/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch deleted file mode 100644 index 231a96e..0000000 --- a/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch +++ /dev/null @@ -1,105 +0,0 @@ -From: Ruiyu Ni -Subject: [PATCH] MdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL -Date: Thu, 16 Nov 2017 18:04:43 +0100 - -Current implementation skips to check whether the last four -characters are digits when the OptionNumber is NULL. -Even worse, it may incorrectly return FALSE when OptionNumber is -NULL. - -The patch fixes it to always check the variable name even -OptionNumber is NULL. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Ruiyu Ni -Cc: Ard Biesheuvel -Reviewed-by: Laszlo Ersek -(cherry picked from commit 5e6e2dcc380dcd841f6f979fea8c302c80a87ec3) ---- - MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c | 45 +++++++++++++------- - 1 file changed, 30 insertions(+), 15 deletions(-) - -diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c -index b0a35058d02b..32918caf324c 100644 ---- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c -+++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c -@@ -785,6 +785,8 @@ EfiBootManagerIsValidLoadOptionVariableName ( - UINTN VariableNameLen; - UINTN Index; - UINTN Uint; -+ EFI_BOOT_MANAGER_LOAD_OPTION_TYPE LocalOptionType; -+ UINT16 LocalOptionNumber; - - if (VariableName == NULL) { - return FALSE; -@@ -792,39 +794,52 @@ EfiBootManagerIsValidLoadOptionVariableName ( - - VariableNameLen = StrLen (VariableName); - -+ // -+ // Return FALSE when the variable name length is too small. -+ // - if (VariableNameLen <= 4) { - return FALSE; - } - -- for (Index = 0; Index < ARRAY_SIZE (mBmLoadOptionName); Index++) { -- if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[Index])) && -- (StrnCmp (VariableName, mBmLoadOptionName[Index], VariableNameLen - 4) == 0) -+ // -+ // Return FALSE when the variable name doesn't start with Driver/SysPrep/Boot/PlatformRecovery. -+ // -+ for (LocalOptionType = 0; LocalOptionType < ARRAY_SIZE (mBmLoadOptionName); LocalOptionType++) { -+ if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[LocalOptionType])) && -+ (StrnCmp (VariableName, mBmLoadOptionName[LocalOptionType], VariableNameLen - 4) == 0) - ) { - break; - } - } -+ if (LocalOptionType == ARRAY_SIZE (mBmLoadOptionName)) { -+ return FALSE; -+ } - -- if (Index == ARRAY_SIZE (mBmLoadOptionName)) { -+ // -+ // Return FALSE when the last four characters are not hex digits. -+ // -+ LocalOptionNumber = 0; -+ for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) { -+ Uint = BmCharToUint (VariableName[Index]); -+ if (Uint == -1) { -+ break; -+ } else { -+ LocalOptionNumber = (UINT16) Uint + LocalOptionNumber * 0x10; -+ } -+ } -+ if (Index != VariableNameLen) { - return FALSE; - } - - if (OptionType != NULL) { -- *OptionType = (EFI_BOOT_MANAGER_LOAD_OPTION_TYPE) Index; -+ *OptionType = LocalOptionType; - } - - if (OptionNumber != NULL) { -- *OptionNumber = 0; -- for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) { -- Uint = BmCharToUint (VariableName[Index]); -- if (Uint == -1) { -- break; -- } else { -- *OptionNumber = (UINT16) Uint + *OptionNumber * 0x10; -- } -- } -+ *OptionNumber = LocalOptionNumber; - } - -- return (BOOLEAN) (Index == VariableNameLen); -+ return TRUE; - } - - /** --- -2.14.1.3.gb7cf6e02401b - diff --git a/0022-OvmfPkg-make-it-a-proper-BASE-library.patch b/0022-OvmfPkg-make-it-a-proper-BASE-library.patch deleted file mode 100644 index 79f6284..0000000 --- a/0022-OvmfPkg-make-it-a-proper-BASE-library.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d9edd0b560db7d32b8b93e82d7051d5cf58e9744 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Thu, 16 Nov 2017 20:52:57 +0100 -Subject: [PATCH 1/3] OvmfPkg: make it a proper BASE library - -Remove Uefi.h, which includes UefiSpec.h, and change the -return value to match RETURN_STATUS. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Cc: Laszlo Ersek -Cc: Ard Biesheuvel -Cc: Jordan Justen (Intel address) -Signed-off-by: Paolo Bonzini ---- - OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -index 5435767c1c..74f4d9c2d6 100644 ---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -@@ -15,7 +15,6 @@ - **/ - - #include --#include - #include - #include - #include -@@ -32,7 +31,7 @@ - /** - This constructor function does not have to do anything. - -- @retval EFI_SUCCESS The constructor always returns RETURN_SUCCESS. -+ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS. - - **/ - RETURN_STATUS -@@ -41,7 +40,7 @@ PlatformDebugLibIoPortConstructor ( - VOID - ) - { -- return EFI_SUCCESS; -+ return RETURN_SUCCESS; - } - - /** --- -2.14.3 - diff --git a/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch b/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch deleted file mode 100644 index e2d0a0c..0000000 --- a/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch +++ /dev/null @@ -1,254 +0,0 @@ -From ba774b89b5a206c71a2ce0db8184747fac0f6af7 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Thu, 16 Nov 2017 10:33:29 +0100 -Subject: [PATCH 2/3] OvmfPkg: create a separate PlatformDebugLibIoPort - instance for SEC - -The next patch will want to add a global variable to -PlatformDebugLibIoPort, but this is not suitable for the SEC -phase, because SEC runs from read-only flash. The solution is -to have two library instances, one for SEC and another -for all other firmware phases. This patch adds the "plumbing" -for the SEC library instance, separating the INF files and -moving the constructor to a separate C source file. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Cc: Laszlo Ersek -Cc: Ard Biesheuvel -Cc: Jordan Justen (Intel address) -Signed-off-by: Paolo Bonzini ---- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - .../PlatformDebugLibIoPort.inf | 3 +- - .../PlatformRomDebugLibIoPort.inf | 52 ++++++++++++++++++++++ - OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 15 ------- - .../PlatformDebugLibIoPort/DebugLibDetect.c | 31 +++++++++++++ - .../PlatformDebugLibIoPort/DebugLibDetectRom.c | 31 +++++++++++++ - 8 files changed, 119 insertions(+), 19 deletions(-) - create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf - create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c - create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index c2f534fdbf..7ccb61147f 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -207,7 +207,7 @@ [LibraryClasses.common.SEC] - !ifdef $(DEBUG_ON_SERIAL_PORT) - DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf - !else -- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf -+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf - !endif - ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf - ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 9f300a2e6f..237ec71b5e 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -212,7 +212,7 @@ [LibraryClasses.common.SEC] - !ifdef $(DEBUG_ON_SERIAL_PORT) - DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf - !else -- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf -+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf - !endif - ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf - ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 1ffcf37f8b..a5047fa38e 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -212,7 +212,7 @@ [LibraryClasses.common.SEC] - !ifdef $(DEBUG_ON_SERIAL_PORT) - DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf - !else -- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf -+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf - !endif - ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf - ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf -index 0e74fe94cb..de3c2f542b 100644 ---- a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf -@@ -21,7 +21,7 @@ [Defines] - FILE_GUID = DF934DA3-CD31-49FE-AF50-B3C87C79325F - MODULE_TYPE = BASE - VERSION_STRING = 1.0 -- LIBRARY_CLASS = DebugLib -+ LIBRARY_CLASS = DebugLib|PEI_CORE PEIM DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER SMM_CORE DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION - CONSTRUCTOR = PlatformDebugLibIoPortConstructor - - # -@@ -30,6 +30,7 @@ [Defines] - - [Sources] - DebugLib.c -+ DebugLibDetect.c - - [Packages] - MdePkg/MdePkg.dec -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf -new file mode 100644 -index 0000000000..491c0318de ---- /dev/null -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf -@@ -0,0 +1,52 @@ -+## @file -+# Instance of Debug Library for the QEMU debug console port. -+# It uses Print Library to produce formatted output strings. -+# -+# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
-+# Copyright (c) 2017, Red Hat, Inc.
-+# -+# This program and the accompanying materials -+# are licensed and made available under the terms and conditions of the BSD License -+# which accompanies this distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license.php. -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+# -+# -+## -+ -+[Defines] -+ INF_VERSION = 0x00010005 -+ BASE_NAME = PlatformRomDebugLibIoPort -+ FILE_GUID = CEB0D9D3-328F-4C24-8C02-28FA1986AE1B -+ MODULE_TYPE = BASE -+ VERSION_STRING = 1.0 -+ LIBRARY_CLASS = DebugLib|SEC -+ CONSTRUCTOR = PlatformRomDebugLibIoPortConstructor -+ -+# -+# VALID_ARCHITECTURES = IA32 X64 IPF EBC -+# -+ -+[Sources] -+ DebugLib.c -+ DebugLibDetectRom.c -+ -+[Packages] -+ MdePkg/MdePkg.dec -+ OvmfPkg/OvmfPkg.dec -+ -+[LibraryClasses] -+ BaseMemoryLib -+ IoLib -+ PcdLib -+ PrintLib -+ BaseLib -+ DebugPrintErrorLevelLib -+ -+[Pcd] -+ gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort ## CONSUMES -+ gEfiMdePkgTokenSpaceGuid.PcdDebugClearMemoryValue ## CONSUMES -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask ## CONSUMES -+ gEfiMdePkgTokenSpaceGuid.PcdFixedDebugPrintErrorLevel ## CONSUMES -+ -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -index 74f4d9c2d6..5a1c86f2c3 100644 ---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -@@ -28,21 +28,6 @@ - // - #define MAX_DEBUG_MESSAGE_LENGTH 0x100 - --/** -- This constructor function does not have to do anything. -- -- @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS. -- --**/ --RETURN_STATUS --EFIAPI --PlatformDebugLibIoPortConstructor ( -- VOID -- ) --{ -- return RETURN_SUCCESS; --} -- - /** - Prints a debug message to the debug output device if the specified error level is enabled. - -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c -new file mode 100644 -index 0000000000..bad054f286 ---- /dev/null -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c -@@ -0,0 +1,31 @@ -+/** @file -+ Constructor code for QEMU debug port library. -+ Non-SEC instance. -+ -+ Copyright (c) 2017, Red Hat, Inc.
-+ This program and the accompanying materials -+ are licensed and made available under the terms and conditions of the BSD License -+ which accompanies this distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include -+ -+/** -+ This constructor function does not have anything to do. -+ -+ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS. -+ -+**/ -+RETURN_STATUS -+EFIAPI -+PlatformDebugLibIoPortConstructor ( -+ VOID -+ ) -+{ -+ return RETURN_SUCCESS; -+} -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c -new file mode 100644 -index 0000000000..83a118a0f7 ---- /dev/null -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c -@@ -0,0 +1,31 @@ -+/** @file -+ Constructor code for QEMU debug port library. -+ SEC instance. -+ -+ Copyright (c) 2017, Red Hat, Inc.
-+ This program and the accompanying materials -+ are licensed and made available under the terms and conditions of the BSD License -+ which accompanies this distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#include -+ -+/** -+ This constructor function does not have anything to do. -+ -+ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS. -+ -+**/ -+RETURN_STATUS -+EFIAPI -+PlatformRomDebugLibIoPortConstructor ( -+ VOID -+ ) -+{ -+ return RETURN_SUCCESS; -+} --- -2.14.3 - diff --git a/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch b/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch deleted file mode 100644 index 3833c10..0000000 --- a/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch +++ /dev/null @@ -1,270 +0,0 @@ -From b23853af6eb71e4c9b2e2d235b1db80541d33116 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Wed, 15 Nov 2017 18:01:00 +0100 -Subject: [PATCH 3/3] OvmfPkg: save on I/O port accesses when the debug port is - not in use - -When SEV is enabled, every debug message printed by OVMF to the -QEMU debug port traps from the guest to QEMU character by character -because "REP OUTSB" cannot be used by IoWriteFifo8. Furthermore, -when OVMF is built with the DEBUG_VERBOSE bit (value 0x00400000) -enabled in "gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel", then the -OvmfPkg/IoMmuDxe driver, and the OvmfPkg/Library/BaseMemEncryptSevLib -library instance that is built into it, produce a huge amount of -log messages. Therefore, in SEV guests, the boot time impact is huge -(about 45 seconds _additional_ time spent writing to the debug port). - -While these messages are very useful for analyzing guest behavior, -most of the time the user won't be capturing the OVMF debug log. -In fact libvirt does not provide a method for configuring log capture; -users that wish to do this (or are instructed to do this) have to resort -to . - -The debug console device provides a handy detection mechanism; when read, -it returns 0xE9 (which is very much unlike the 0xFF that is returned by -an unused port). Use it to skip the possibly expensive OUT instructions -when the debug I/O port isn't plugged anywhere. - -For SEC, the debug port has to be read before each full message. -However: - -- if the debug port is available, then reading one byte before writing -a full message isn't tragic, especially because SEC doesn't print many -messages - -- if the debug port is not available, then reading one byte instead of -writing a full message is still a win. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Cc: Laszlo Ersek -Cc: Ard Biesheuvel -Cc: Jordan Justen (Intel address) -Signed-off-by: Paolo Bonzini ---- - .../PlatformDebugLibIoPort/DebugLibDetect.h | 57 ++++++++++++++++++++++ - OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 28 +++++++++-- - .../PlatformDebugLibIoPort/DebugLibDetect.c | 30 ++++++++++-- - .../PlatformDebugLibIoPort/DebugLibDetectRom.c | 21 +++++++- - 4 files changed, 127 insertions(+), 9 deletions(-) - create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h - -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h -new file mode 100644 -index 0000000000..1f739b55d8 ---- /dev/null -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h -@@ -0,0 +1,57 @@ -+/** @file -+ Base Debug library instance for QEMU debug port. -+ It uses PrintLib to send debug messages to a fixed I/O port. -+ -+ Copyright (c) 2017, Red Hat, Inc.
-+ This program and the accompanying materials -+ are licensed and made available under the terms and conditions of the BSD License -+ which accompanies this distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license.php. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+ -+**/ -+ -+#ifndef __DEBUG_IO_PORT_DETECT_H__ -+#define __DEBUG_IO_PORT_DETECT_H__ -+ -+#include -+ -+// -+// The constant value that is read from the debug I/O port -+// -+#define BOCHS_DEBUG_PORT_MAGIC 0xE9 -+ -+ -+/** -+ Helper function to return whether the virtual machine has a debug I/O port. -+ PlatformDebugLibIoPortFound can call this function directly or cache the -+ result. -+ -+ @retval TRUE if the debug I/O port device was detected. -+ @retval FALSE otherwise -+ -+**/ -+BOOLEAN -+EFIAPI -+PlatformDebugLibIoPortDetect ( -+ VOID -+ ); -+ -+/** -+ Return whether the virtual machine has a debug I/O port. DebugLib.c -+ calls this function instead of PlatformDebugLibIoPortDetect, to allow -+ caching if possible. -+ -+ @retval TRUE if the debug I/O port device was detected. -+ @retval FALSE otherwise -+ -+**/ -+BOOLEAN -+EFIAPI -+PlatformDebugLibIoPortFound ( -+ VOID -+ ); -+ -+#endif -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -index 5a1c86f2c3..36cde54976 100644 ---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include "DebugLibDetect.h" - - // - // Define the maximum debug and assert message length that this library supports -@@ -61,9 +62,10 @@ DebugPrint ( - ASSERT (Format != NULL); - - // -- // Check driver debug mask value and global mask -+ // Check if the global mask disables this message or the device is inactive - // -- if ((ErrorLevel & GetDebugPrintErrorLevel ()) == 0) { -+ if ((ErrorLevel & GetDebugPrintErrorLevel ()) == 0 || -+ !PlatformDebugLibIoPortFound ()) { - return; - } - -@@ -120,9 +122,11 @@ DebugAssert ( - FileName, (UINT64)LineNumber, Description); - - // -- // Send the print string to the debug I/O port -+ // Send the print string to the debug I/O port, if present - // -- IoWriteFifo8 (PcdGet16 (PcdDebugIoPort), Length, Buffer); -+ if (PlatformDebugLibIoPortFound ()) { -+ IoWriteFifo8 (PcdGet16 (PcdDebugIoPort), Length, Buffer); -+ } - - // - // Generate a Breakpoint, DeadLoop, or NOP based on PCD settings -@@ -265,3 +269,19 @@ DebugPrintLevelEnabled ( - { - return (BOOLEAN) ((ErrorLevel & PcdGet32(PcdFixedDebugPrintErrorLevel)) != 0); - } -+ -+/** -+ Return the result of detecting the debug I/O port device. -+ -+ @retval TRUE if the debug I/O port device was detected. -+ @retval FALSE otherwise -+ -+**/ -+BOOLEAN -+EFIAPI -+PlatformDebugLibIoPortDetect ( -+ VOID -+ ) -+{ -+ return IoRead8 (PcdGet16 (PcdDebugIoPort)) == BOCHS_DEBUG_PORT_MAGIC; -+} -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c -index bad054f286..81c44eece9 100644 ---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c -@@ -1,6 +1,6 @@ - /** @file -- Constructor code for QEMU debug port library. -- Non-SEC instance. -+ Detection code for QEMU debug port. -+ Non-SEC instance, caches the result of detection. - - Copyright (c) 2017, Red Hat, Inc.
- This program and the accompanying materials -@@ -14,9 +14,16 @@ - **/ - - #include -+#include "DebugLibDetect.h" -+ -+// -+// Set to TRUE if the debug I/O port is enabled -+// -+STATIC BOOLEAN mDebugIoPortFound = FALSE; - - /** -- This constructor function does not have anything to do. -+ This constructor function checks if the debug I/O port device is present, -+ caching the result for later use. - - @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS. - -@@ -27,5 +34,22 @@ PlatformDebugLibIoPortConstructor ( - VOID - ) - { -+ mDebugIoPortFound = PlatformDebugLibIoPortDetect(); - return RETURN_SUCCESS; - } -+ -+/** -+ Return the cached result of detecting the debug I/O port device. -+ -+ @retval TRUE if the debug I/O port device was detected. -+ @retval FALSE otherwise -+ -+**/ -+BOOLEAN -+EFIAPI -+PlatformDebugLibIoPortFound ( -+ VOID -+ ) -+{ -+ return mDebugIoPortFound; -+} -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c -index 83a118a0f7..b950919675 100644 ---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c -@@ -1,6 +1,6 @@ - /** @file -- Constructor code for QEMU debug port library. -- SEC instance. -+ Detection code for QEMU debug port. -+ SEC instance, cannot cache the result of detection. - - Copyright (c) 2017, Red Hat, Inc.
- This program and the accompanying materials -@@ -14,6 +14,7 @@ - **/ - - #include -+#include "DebugLibDetect.h" - - /** - This constructor function does not have anything to do. -@@ -29,3 +30,19 @@ PlatformRomDebugLibIoPortConstructor ( - { - return RETURN_SUCCESS; - } -+ -+/** -+ Return the result of detecting the debug I/O port device. -+ -+ @retval TRUE if the debug I/O port device was detected. -+ @retval FALSE otherwise -+ -+**/ -+BOOLEAN -+EFIAPI -+PlatformDebugLibIoPortFound ( -+ VOID -+ ) -+{ -+ return PlatformDebugLibIoPortDetect (); -+} --- -2.14.3 - diff --git a/40-edk2-ovmf-ia32-sb-enrolled.json b/40-edk2-ovmf-ia32-sb-enrolled.json new file mode 100644 index 0000000..08b95ee --- /dev/null +++ b/40-edk2-ovmf-ia32-sb-enrolled.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF for i386, with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf-ia32/OVMF_VARS.secboot.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "i386", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/40-edk2-ovmf-x64-sb-enrolled.json b/40-edk2-ovmf-x64-sb-enrolled.json new file mode 100644 index 0000000..6c2225c --- /dev/null +++ b/40-edk2-ovmf-x64-sb-enrolled.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/50-edk2-ovmf-ia32-sb.json b/50-edk2-ovmf-ia32-sb.json new file mode 100644 index 0000000..df80f1e --- /dev/null +++ b/50-edk2-ovmf-ia32-sb.json @@ -0,0 +1,34 @@ +{ + "description": "OVMF for i386, with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "i386", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/50-edk2-ovmf-x64-sb.json b/50-edk2-ovmf-x64-sb.json new file mode 100644 index 0000000..99345ca --- /dev/null +++ b/50-edk2-ovmf-x64-sb.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF for x86_64, with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/60-edk2-ovmf-ia32.json b/60-edk2-ovmf-ia32.json new file mode 100644 index 0000000..d804b2e --- /dev/null +++ b/60-edk2-ovmf-ia32.json @@ -0,0 +1,33 @@ +{ + "description": "OVMF for i386, without SB, without SMM, with empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "i386", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/60-edk2-ovmf-x64.json b/60-edk2-ovmf-x64.json new file mode 100644 index 0000000..355691b --- /dev/null +++ b/60-edk2-ovmf-x64.json @@ -0,0 +1,34 @@ +{ + "description": "OVMF for x86_64, without SB, without SMM, with empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-i440fx-*", + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/70-edk2-aarch64-verbose.json b/70-edk2-aarch64-verbose.json new file mode 100644 index 0000000..a553dc1 --- /dev/null +++ b/70-edk2-aarch64-verbose.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for aarch64, verbose logs", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff --git a/70-edk2-arm-verbose.json b/70-edk2-arm-verbose.json new file mode 100644 index 0000000..9e2cb0d --- /dev/null +++ b/70-edk2-arm-verbose.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for arm, verbose logs", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/arm/QEMU_EFI-pflash.raw", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/arm/vars-template-pflash.raw", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "arm", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff --git a/RedHatSecureBootPkKek1.pem b/RedHatSecureBootPkKek1.pem new file mode 100644 index 0000000..d302362 --- /dev/null +++ b/RedHatSecureBootPkKek1.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV +BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG +9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx +MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L +RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw ++d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31 +huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B +bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr +3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x +y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID +AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww +HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD +ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c +3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N +1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol +qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw +NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL +R+SqIs/vdWGA40O3SFdzET14m2k= +-----END CERTIFICATE----- diff --git a/build-iso.sh b/build-iso.sh index 04032ef..413c119 100644 --- a/build-iso.sh +++ b/build-iso.sh @@ -6,25 +6,21 @@ dir="$1" # cfg shell="$dir/Shell.efi" enroll="$dir/EnrollDefaultKeys.efi" +root="$dir/image" vfat="$dir/shell.img" iso="$dir/UefiShell.iso" -export MTOOLS_SKIP_CHECK=1 -# calc size -s1=$(stat --format=%s -- $shell) -s2=$(stat --format=%s -- $enroll) -size=$(( ($s1 + $s2) * 11 / 10 )) -set -x - -# create non-partitioned FAT image -/sbin/mkdosfs -C "$vfat" -n UEFI_SHELL -- "$(( $size / 1024 ))" -mmd -i "$vfat" ::efi -mmd -i "$vfat" ::efi/boot -mcopy -i "$vfat" "$shell" ::efi/boot/bootx64.efi -mcopy -i "$vfat" "$enroll" :: -#mdir -i "$vfat" -/ :: +# create non-partitioned (1.44 MB floppy disk) FAT image +mkdir "$root" +mkdir "$root"/efi +mkdir "$root"/efi/boot +cp "$shell" "$root"/efi/boot/bootx64.efi +cp "$enroll" "$root" +qemu-img convert --image-opts \ + driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir="$root/" \ + $vfat # build ISO with FAT image file as El Torito EFI boot image genisoimage -input-charset ASCII -J -rational-rock \ -efi-boot "${vfat##*/}" -no-emul-boot -o "$iso" -- "$vfat" -rm -f "$vfat" +rm -rf "$root/" "$vfat" diff --git a/edk2.spec b/edk2.spec index 999d03c..859c356 100644 --- a/edk2.spec +++ b/edk2.spec @@ -1,114 +1,129 @@ -%global edk2_date 20171011 -%global edk2_githash 92d07e4 -%global openssl_version 1.1.0e +# RPM doesn't detect that code in /usr/share is python3, this forces it +# https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build#Python_bytecompilation +%global __python %{__python3} -%bcond_without build_ovmf_ia32 -%ifarch x86_64 -%bcond_without build_ovmf_x64 -%else -%bcond_with build_ovmf_x64 +%global edk2_stable_date 202008 +%global edk2_stable_str edk2-stable%{edk2_stable_date} +%global openssl_version 1.1.1g +%global qosb_version 20190521-gitf158f12 +%global softfloat_version 20180726-gitb64af41 + +# Enable this to skip secureboot enrollment, if problems pop up +%global skip_enroll 0 + +%define qosb_testing 0 + +%ifarch %{x86_64} +%define qosb_testing 1 %endif -# Disable ARM firmware until its build process is fixed. -%bcond_with build_aavmf_aarch64 -%bcond_with build_aavmf_arm +%ifarch %{ix86} %{x86_64} +%if 0%{?fedora:1} +%define build_ovmf_ia32 1 +%endif +%ifarch %{x86_64} +%define build_ovmf_x64 1 +%endif +%endif +%ifarch aarch64 +%define build_aavmf_aarch64 1 +%endif +%ifarch %{arm} +%define build_aavmf_arm 1 +%endif - -Name: edk2 -Version: %{edk2_date} -Release: 1.git%{edk2_githash}.1 -Summary: EFI Development Kit II -License: BSD +Name: edk2 +# Even though edk2 stable releases are YYYYMM, we need +# to use YYYMMDD to avoid needing to bump package epoch +# due to previous 'git' Version: +Version: %{edk2_stable_date}01stable +Release: 1 +Summary: EFI Development Kit II Group: Emulators -URL: http://www.tianocore.org/edk2/ +License: BSD-2-Clause-Patent +URL: http://www.tianocore.org/edk2/ -Source0: edk2-%{edk2_date}-%{edk2_githash}.tar.xz -Source1: openssl-%{openssl_version}-hobbled.tar.xz -Source2: ovmf-whitepaper-c770f8c.txt -Source10: hobble-openssl -Source11: build-iso.sh -Source12: update-tarball.sh -Source13: openssl-patch-to-tarball.sh +Source0: https://github.com/tianocore/edk2/archive/%{edk2_stable_str}.tar.gz#/%{edk2_stable_str}.tar.gz +Source1: openssl-%{openssl_version}-hobbled.tar.xz +Source2: ovmf-whitepaper-c770f8c.txt +#Source3: https://github.com/puiterwijk/qemu-ovmf-secureboot/archive/v{qosb_version}/qemu-ovmf-secureboot-{qosb_version}.tar.gz +Source3: qemu-ovmf-secureboot-%{qosb_version}.tar.xz +Source4: softfloat-%{softfloat_version}.tar.xz +Source5: RedHatSecureBootPkKek1.pem +Source10: hobble-openssl +Source11: build-iso.sh +Source12: update-tarball.sh +Source13: openssl-patch-to-tarball.sh + +# Fedora-specific JSON "descriptor files" +Source14: 40-edk2-ovmf-x64-sb-enrolled.json +Source15: 50-edk2-ovmf-x64-sb.json +Source16: 60-edk2-ovmf-x64.json +Source17: 40-edk2-ovmf-ia32-sb-enrolled.json +Source18: 50-edk2-ovmf-ia32-sb.json +Source19: 60-edk2-ovmf-ia32.json +Source20: 70-edk2-aarch64-verbose.json +Source21: 70-edk2-arm-verbose.json # non-upstream patches -Patch0006: 0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch -Patch0014: 0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch -# TODO: Enroll ROSA certs, if possible, instead of the RedHat's. -Patch0015: 0015-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch +Patch0003: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch +Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512.patch +Patch0005: 0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +Patch0006: 0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +Patch0007: 0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch +Patch0008: 0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +Patch0009: 0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +Patch0010: 0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +Patch0011: 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +Patch0012: 0012-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +Patch0013: 0013-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +Patch0014: 0014-ArmVirtPkg-set-early-hello-message-RH-only.patch +Patch0015: 0015-Tweak-the-tools_def-to-support-cross-compiling.patch +Patch0016: 0016-BaseTools-do-not-build-BrotliCompress-RH-only.patch -# upstream backports -Patch0019: 0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch -Patch0020: 0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch -Patch0021: 0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch +ExclusiveArch: %{ix86} %{x86_64} %{arm} aarch64 -# submitted upstream by Fedora -Patch0022: 0022-OvmfPkg-make-it-a-proper-BASE-library.patch -Patch0023: 0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch -Patch0024: 0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch +BuildRequires: gcc gcc-c++ +BuildRequires: python3-devel +BuildRequires: pkgconfig(uuid) +BuildRequires: iasl +BuildRequires: nasm +BuildRequires: qemu-img +BuildRequires: genisoimage +BuildRequires: bc +BuildRequires: sed -# openssl patches from Fedora -Patch1021: openssl-1.1.0-issuer-hash.patch -Patch1039: openssl-1.1.0-cc-reqs.patch -Patch1040: openssl-1.1.0-disable-ssl3.patch -Patch1044: openssl-1.1.0-bio-fd-preserve-nl.patch - -BuildRequires: pkgconfig(python2) -BuildRequires: pkgconfig(uuid) -BuildRequires: iasl -BuildRequires: nasm -BuildRequires: dosfstools -BuildRequires: mtools -BuildRequires: genisoimage - -Requires: edk2-tools = %{EVRD} -Requires: edk2-tools-doc = %{EVRD} +# These are for QOSB +BuildRequires: python3-requests +BuildRequires: qemu-system-x86 +%if %{?qosb_testing} +# This is used for testing the enrollment: builds are run in a chroot, lacking +# a kernel. The testing is only performed on x86_64 for now, but we can't make +# the BuildRequires only on a specific arch, as that'd come through in the SRPM +# NOTE: The actual enrollment needs to happen in all builds for all architectures, +# because OVMF is built as noarch, which means that koji enforces that the build +# results don't actually differ per arch, and then it picks a random arches' build +# for the actual RPM. +BuildRequires: kernel +%endif %description EDK II is a development code base for creating UEFI drivers, applications and firmware images. -#--------------------------------------------------------------------------- - %package tools -Summary: EFI Development Kit II Tools +Summary: EFI Development Kit II Tools Group: Development/Tools -Requires: edk2-tools-python = %{EVRD} %description tools This package provides tools that are needed to build EFI executables and ROMs using the GNU tools. -%files tools -%doc License.txt -%{_bindir}/BootSectImage -%{_bindir}/Brotli -%{_bindir}/EfiLdrImage -%{_bindir}/EfiRom -%{_bindir}/GenCrc32 -%{_bindir}/GenFfs -%{_bindir}/GenFv -%{_bindir}/GenFw -%{_bindir}/GenPage -%{_bindir}/GenSec -%{_bindir}/GenVtf -%{_bindir}/GnuGenBootSector -%{_bindir}/LzmaCompress -%{_bindir}/LzmaF86Compress -%{_bindir}/Split -%{_bindir}/TianoCompress -%{_bindir}/VfrCompile -%{_bindir}/VolInfo -%dir %{_datadir}/%{name} -%{_datadir}/%{name}/BuildEnv -%{_datadir}/%{name}/Conf -%{_datadir}/%{name}/Scripts - -#--------------------------------------------------------------------------- - %package tools-python -Summary: EFI Development Kit II Tools -Group: Development/Tools -Requires: python2 +Summary: EFI Development Kit II Tools +Requires: python3 BuildArch: noarch %description tools-python @@ -116,135 +131,82 @@ This package provides tools that are needed to build EFI executables and ROMs using the GNU tools. You do not need to install this package; you probably want to install edk2-tools only. -%files tools-python -%{_bindir}/build -%{_bindir}/BPDG -%{_bindir}/Ecc -%{_bindir}/GenDepex -%{_bindir}/GenFds -%{_bindir}/GenPatchPcdTable -%{_bindir}/PatchPcdValue -%{_bindir}/TargetTool -%{_bindir}/Trim -%{_bindir}/UPT -%dir %{_datadir}/%{name} -%{_datadir}/%{name}/Python - -#--------------------------------------------------------------------------- - %package tools-doc -Summary: Documentation for EFI Development Kit II Tools -Group: Development/Tools - +Summary: Documentation for EFI Development Kit II Tools +BuildArch: noarch %description tools-doc This package documents the tools that are needed to build EFI executables and ROMs using the GNU tools. -%files tools-doc -%doc BaseTools/UserManuals/*.rtf +%package qosb +Summary: Tool to enroll secureboot +Requires: python3 +Group: Development/Tools +Buildarch: noarch +%description qosb +This package contains QOSB (QEMU OVMF Secure Boot), which can enroll OVMF +variable files to enforce Secure Boot. -#--------------------------------------------------------------------------- -%if %{with build_ovmf_x64} +%if 0%{?build_ovmf_x64:1} %package ovmf -Summary: Open Virtual Machine Firmware -License: BSD and OpenSSL -Provides: OVMF = %{version}-%{release} -Obsoletes: OVMF < %{version}-%{release} -BuildArch: noarch - +Summary: Open Virtual Machine Firmware +# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL +# library. +License: BSD-2-Clause-Patent and OpenSSL +Provides: bundled(openssl) +Group: Emulators +Provides: OVMF = %{version}-%{release} +Obsoletes: OVMF < %{version}-%{release} +BuildArch: noarch %description ovmf -EFI Development Kit II. -Open Virtual Machine Firmware (x64). - -%files ovmf -%doc OvmfPkg/License.txt -%doc LICENSE.openssl -%doc OvmfPkg/README -%doc ovmf-whitepaper-c770f8c.txt -%dir %{_datadir}/%{name} -%dir %{_datadir}/%{name}/ovmf -%{_datadir}/%{name}/ovmf/OVMF*.fd -%{_datadir}/%{name}/ovmf/*.efi -%{_datadir}/%{name}/ovmf/*.iso -%{_datadir}/OVMF +EFI Development Kit II +Open Virtual Machine Firmware (x64) %endif -#--------------------------------------------------------------------------- - -%if %{with build_ovmf_ia32} +%if 0%{?build_ovmf_ia32:1} %package ovmf-ia32 -Summary: Open Virtual Machine Firmware -License: BSD and OpenSSL -Provides: OVMF = %{version}-%{release} -Obsoletes: OVMF < %{version}-%{release} -BuildArch: noarch - +Summary: Open Virtual Machine Firmware +# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL +# library. +License: BSD-2-Clause-Patent and OpenSSL +Provides: bundled(openssl) +BuildArch: noarch %description ovmf-ia32 -EFI Development Kit II. -Open Virtual Machine Firmware (ia32). - -%files ovmf-ia32 -%doc OvmfPkg/License.txt -%doc LICENSE.openssl -%doc OvmfPkg/README -%doc ovmf-whitepaper-c770f8c.txt -%dir %{_datadir}/%{name} -%dir %{_datadir}/%{name}/ovmf-ia32 -%{_datadir}/%{name}/ovmf-ia32/OVMF*.fd -%{_datadir}/%{name}/ovmf-ia32/*.efi -%{_datadir}/%{name}/ovmf-ia32/*.iso +EFI Development Kit II +Open Virtual Machine Firmware (ia32) %endif -#--------------------------------------------------------------------------- - -%if %{with build_aavmf_aarch64} +%if 0%{?build_aavmf_aarch64:1} %package aarch64 -Summary: AARCH64 Virtual Machine Firmware -Provides: AAVMF = %{version}-%{release} -Obsoletes: AAVMF < %{version}-%{release} -BuildArch: noarch - +Summary: AARCH64 Virtual Machine Firmware +Group: Emulators +Provides: AAVMF = %{version}-%{release} +Obsoletes: AAVMF < %{version}-%{release} +BuildArch: noarch +# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6/HTTP boot stack. +License: BSD-2-Clause-Patent and OpenSSL +Provides: bundled(openssl) %description aarch64 -EFI Development Kit II. -AARCH64 UEFI Firmware. - -%files aarch64 -%doc OvmfPkg/License.txt -%doc LICENSE.openssl -%dir %{_datadir}/%{name} -%dir %{_datadir}/%{name}/aarch64 -%{_datadir}/%{name}/aarch64/QEMU*.fd -%{_datadir}/%{name}/aarch64/*.raw -%{_datadir}/AAVMF/AAVMF_* +EFI Development Kit II +AARCH64 UEFI Firmware %endif -#--------------------------------------------------------------------------- - -%if %{with build_aavmf_arm} +%if 0%{?build_aavmf_arm:1} %package arm -Summary: ARM Virtual Machine Firmware -BuildArch: noarch - +Summary: ARM Virtual Machine Firmware +BuildArch: noarch +Group: Emulators +# No Secure Boot for ARMv7, but we include OpenSSL for the IPv6/HTTP boot stack. +License: BSD-2-Clause-Patent and OpenSSL %description arm -EFI Development Kit II. -armv7 UEFI Firmware. - -%files arm -%doc OvmfPkg/License.txt -%doc LICENSE.openssl -%dir %{_datadir}/%{name} -%dir %{_datadir}/%{name}/arm -%{_datadir}/%{name}/arm/QEMU*.fd -%{_datadir}/%{name}/arm/*.raw -%{_datadir}/AAVMF/AAVMF32_* +EFI Development Kit II +ARMv7 UEFI Firmware %endif -#--------------------------------------------------------------------------- %prep -%setup -q -n tianocore-%{name}-%{edk2_githash} - +%setup -q -n edk2-%{edk2_stable_str} # Ensure old shell and binary packages are not used rm -rf EdkShellBinPkg @@ -252,23 +214,37 @@ rm -rf EdkShellPkg rm -rf FatBinPkg rm -rf ShellBinPkg +# copy whitepaper into place cp -a -- %{SOURCE2} . +# extract openssl into place +tar -xf %{SOURCE1} --strip-components=1 --directory CryptoPkg/Library/OpensslLib/openssl +# extract softfloat into place +tar -xf %{SOURCE4} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/ -# add openssl -(cd .. && tar -xvf %{SOURCE1}) -cp CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl - -%apply_patches +# Extract QOSB +tar -xf %{SOURCE3} +mv qemu-ovmf-secureboot-%{qosb_version}/README.md README.qosb +mv qemu-ovmf-secureboot-%{qosb_version}/LICENSE LICENSE.qosb +%autopatch -p1 base64 --decode < MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 > MdeModulePkg/Logo/Logo-OpenSSL.bmp -find . -type f -exec sed -i 's,-Werror ,,g' {} \; +# Extract OEM string from the RH cert, as described here +# https://bugzilla.tianocore.org/show_bug.cgi?id=1747#c2 +sed \ + -e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \ + -e '/^-----END CERTIFICATE-----$/d' \ + %{_sourcedir}/RedHatSecureBootPkKek1.pem \ +| tr -d '\n' \ +> PkKek1.oemstr + %build +export PYTHON_COMMAND=%{__python3} source ./edksetup.sh # compiler -CC_FLAGS="-t GCC49" +CC_FLAGS="-t GCC5" # parallel builds JOBS="%{?_smp_mflags}" @@ -278,14 +254,14 @@ if test "$JOBS" != ""; then fi # common features -CC_FLAGS="${CC_FLAGS} -b DEBUG" -CC_FLAGS="${CC_FLAGS} --cmd-len=65536" +CC_FLAGS="$CC_FLAGS --cmd-len=65536 -b DEBUG --hash" +CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE" +CC_FLAGS="$CC_FLAGS -D NETWORK_TLS_ENABLE" +CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE" +CC_FLAGS="$CC_FLAGS -D TPM2_ENABLE" # ovmf features OVMF_FLAGS="${CC_FLAGS}" -OVMF_FLAGS="${OVMF_FLAGS} -D TLS_ENABLE" -OVMF_FLAGS="${OVMF_FLAGS} -D HTTP_BOOT_ENABLE" -OVMF_FLAGS="${OVMF_FLAGS} -D NETWORK_IP6_ENABLE" OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_2MB" # ovmf + secure boot features @@ -298,11 +274,21 @@ OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D EXCLUDE_SHELL_FROM_FD" ARM_FLAGS="${CC_FLAGS}" unset MAKEFLAGS -make -C BaseTools #%{?_smp_mflags} +%make_build -C BaseTools \ + EXTRA_OPTFLAGS="%{optflags}" \ + EXTRA_LDFLAGS="%{__global_ldflags}" sed -i -e 's/-Werror//' Conf/tools_def.txt + +%if 0%{?cross:1} +export GCC5_IA32_PREFIX="x86_64-linux-gnu-" +export GCC5_X64_PREFIX="x86_64-linux-gnu-" +export GCC5_AARCH64_PREFIX="aarch64-linux-gnu-" +export GCC5_ARM_PREFIX="arm-linux-gnu-" +%endif + # build ovmf (x64) -%if %{with build_ovmf_x64} +%if 0%{?build_ovmf_x64:1} mkdir -p ovmf build ${OVMF_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ @@ -315,15 +301,32 @@ cp Build/Ovmf3264/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd # build ovmf (x64) shell iso with EnrollDefaultKeys cp Build/Ovmf3264/*/X64/Shell.efi ovmf/ cp Build/Ovmf3264/*/X64/EnrollDefaultKeys.efi ovmf -sh %{SOURCE11} ovmf/ +sh %{_sourcedir}/build-iso.sh ovmf/ + +%if !%{skip_enroll} +python3 qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator \ + --qemu-binary /usr/bin/qemu-system-x86_64 \ + --ovmf-binary ovmf/OVMF_CODE.secboot.fd \ + --ovmf-template-vars ovmf/OVMF_VARS.fd \ + --uefi-shell-iso ovmf/UefiShell.iso \ + --oem-string "$(< PkKek1.oemstr)" \ + --skip-testing \ + ovmf/OVMF_VARS.secboot.fd +%else +# This isn't going to actually give secureboot, but makes json files happy +# if we need to test disabling ovmf-vars-generator +cp ovmf/OVMF_VARS.fd ovmf/OVMF_VARS.secboot.fd +%endif %endif # build ovmf-ia32 -%if %{with build_ovmf_ia32} +%if 0%{?build_ovmf_ia32:1} mkdir -p ovmf-ia32 build ${OVMF_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/ +cp Build/OvmfIa32/*/FV/OVMF_CODE*.fd ovmf-ia32/ +# cp VARS files from from ovmf/, which are all we need +cp ovmf/OVMF_VARS*.fd ovmf-ia32/ rm -rf Build/OvmfIa32 # build ovmf-ia32 with secure boot @@ -333,12 +336,12 @@ cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/OVMF_CODE.secboot.fd # build ovmf-ia32 shell iso with EnrollDefaultKeys cp Build/OvmfIa32/*/IA32/Shell.efi ovmf-ia32/Shell.efi cp Build/OvmfIa32/*/IA32/EnrollDefaultKeys.efi ovmf-ia32/EnrollDefaultKeys.efi -sh %{SOURCE11} ovmf-ia32/ +sh %{_sourcedir}/build-iso.sh ovmf-ia32/ %endif # build aarch64 firmware -%if %{with build_aavmf_aarch64} +%if 0%{?build_aavmf_aarch64:1} mkdir -p aarch64 build $ARM_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc cp Build/ArmVirtQemu-AARCH64/DEBUG_*/FV/*.fd aarch64 @@ -348,8 +351,8 @@ dd of="aarch64/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64 %endif -# build aarch64 firmware -%if %{with build_aavmf_arm} +# build ARMv7 firmware +%if 0%{?build_aavmf_arm:1} mkdir -p arm build $ARM_FLAGS -a ARM -p ArmVirtPkg/ArmVirtQemu.dsc cp Build/ArmVirtQemu-ARM/DEBUG_*/FV/*.fd arm @@ -358,7 +361,9 @@ dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc dd of="arm/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64 %endif + %install +cp CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl mkdir -p %{buildroot}%{_bindir} \ %{buildroot}%{_datadir}/%{name}/Conf \ %{buildroot}%{_datadir}/%{name}/Scripts @@ -377,35 +382,169 @@ cp -R BaseTools/Source/Python %{buildroot}%{_datadir}/%{name}/Python for i in build BPDG Ecc GenDepex GenFds GenPatchPcdTable PatchPcdValue TargetTool Trim UPT; do echo '#!/bin/sh export PYTHONPATH=%{_datadir}/%{name}/Python -exec python '%{_datadir}/%{name}/Python/$i/$i.py' "$@"' > %{buildroot}%{_bindir}/$i +exec python3 '%{_datadir}/%{name}/Python/$i/$i.py' "$@"' > %{buildroot}%{_bindir}/$i chmod +x %{buildroot}%{_bindir}/$i done -mkdir -p %{buildroot}/usr/share/%{name} +# For distro-provided firmware packages, the specification +# (https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json) +# says the JSON "descriptor files" to be searched in this directory: +# `/usr/share/firmware/`. Create it. +mkdir -p %{buildroot}/%{_datadir}/qemu/firmware -%if %{with build_ovmf_x64} +mkdir -p %{buildroot}/usr/share/%{name} +%if 0%{?build_ovmf_x64:1} cp -a ovmf %{buildroot}/usr/share/%{name} # Libvirt hardcodes this directory name mkdir %{buildroot}/usr/share/OVMF ln -sf ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}/usr/share/OVMF ln -sf ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}/usr/share/OVMF ln -sf ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}/usr/share/OVMF +ln -sf ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}/usr/share/OVMF ln -sf ../%{name}/ovmf/UefiShell.iso %{buildroot}/usr/share/OVMF + +for f in %{_sourcedir}/*edk2-ovmf-x64*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done %endif -%if %{with build_ovmf_ia32} + +%if 0%{?build_ovmf_ia32:1} cp -a ovmf-ia32 %{buildroot}/usr/share/%{name} + +for f in %{_sourcedir}/*edk2-ovmf-ia32*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done %endif -%if %{with build_aavmf_aarch64} + +%if 0%{?build_aavmf_aarch64:1} cp -a aarch64 %{buildroot}/usr/share/%{name} # Libvirt hardcodes this directory name mkdir %{buildroot}/usr/share/AAVMF ln -sf ../%{name}/aarch64/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_CODE.fd ln -sf ../%{name}/aarch64/vars-template-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_VARS.fd + +for f in %{_sourcedir}/*edk2-aarch64*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done %endif -%if %{with build_aavmf_arm} + +%if 0%{?build_aavmf_arm:1} cp -a arm %{buildroot}/usr/share/%{name} ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF32_CODE.fd + +for f in %{_sourcedir}/*edk2-arm*.json; do + install -pm 644 $f %{buildroot}/%{_datadir}/qemu/firmware +done +%endif + +%if 0%{?py_byte_compile:1} +# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/#manual-bytecompilation +%py_byte_compile %{__python3} %{buildroot}%{_datadir}/edk2/Python +%endif + + +install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_bindir} + + +%files tools +%license License.txt +%license LICENSE.openssl +%{_bindir}/DevicePath +%{_bindir}/EfiRom +%{_bindir}/GenCrc32 +%{_bindir}/GenFfs +%{_bindir}/GenFv +%{_bindir}/GenFw +%{_bindir}/GenSec +%{_bindir}/LzmaCompress +%{_bindir}/LzmaF86Compress +%{_bindir}/Split +%{_bindir}/TianoCompress +%{_bindir}/VfrCompile +%{_bindir}/VolInfo +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/BuildEnv +%{_datadir}/%{name}/Conf +%{_datadir}/%{name}/Scripts + +%files tools-python +%{_bindir}/build +%{_bindir}/BPDG +%{_bindir}/Ecc +%{_bindir}/GenDepex +%{_bindir}/GenFds +%{_bindir}/GenPatchPcdTable +%{_bindir}/PatchPcdValue +%{_bindir}/TargetTool +%{_bindir}/Trim +%{_bindir}/UPT +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/Python + +%files tools-doc +%doc BaseTools/UserManuals/*.rtf + +%files qosb +%license LICENSE.qosb +%doc README.qosb +%{_bindir}/ovmf-vars-generator + +%if 0%{?build_ovmf_x64:1} +%files ovmf +%license OvmfPkg/License.txt +%license LICENSE.openssl +%doc OvmfPkg/README +%doc ovmf-whitepaper-c770f8c.txt +%dir /usr/share/%{name} +%dir /usr/share/%{name}/ovmf +%dir /usr/share/qemu/firmware +/usr/share/%{name}/ovmf/OVMF*.fd +/usr/share/%{name}/ovmf/*.efi +/usr/share/%{name}/ovmf/*.iso +/usr/share/qemu/firmware/*edk2-ovmf-x64*.json +/usr/share/OVMF +%endif + +%if 0%{?build_ovmf_ia32:1} +%files ovmf-ia32 +%license OvmfPkg/License.txt +%license LICENSE.openssl +%doc OvmfPkg/README +%doc ovmf-whitepaper-c770f8c.txt +%dir /usr/share/%{name} +%dir /usr/share/%{name}/ovmf-ia32 +%dir /usr/share/qemu/firmware +/usr/share/%{name}/ovmf-ia32/OVMF*.fd +/usr/share/%{name}/ovmf-ia32/*.efi +/usr/share/%{name}/ovmf-ia32/*.iso +/usr/share/qemu/firmware/*edk2-ovmf-ia32*.json +%endif + +%if 0%{?build_aavmf_aarch64:1} +%files aarch64 +%license OvmfPkg/License.txt +%license LICENSE.openssl +%dir /usr/share/%{name} +%dir /usr/share/%{name}/aarch64 +%dir /usr/share/qemu/firmware +/usr/share/%{name}/aarch64/QEMU*.fd +/usr/share/%{name}/aarch64/*.raw +/usr/share/qemu/firmware/*edk2-aarch64*.json +/usr/share/AAVMF/AAVMF_* +%endif + +%if 0%{?build_aavmf_arm:1} +%files arm +%license OvmfPkg/License.txt +%license LICENSE.openssl +%dir /usr/share/%{name} +%dir /usr/share/%{name}/arm +%dir /usr/share/qemu/firmware +/usr/share/%{name}/arm/QEMU*.fd +/usr/share/%{name}/arm/*.raw +/usr/share/qemu/firmware/*edk2-arm*.json +/usr/share/AAVMF/AAVMF32_* %endif diff --git a/hobble-openssl b/hobble-openssl old mode 100644 new mode 100755 index 8750ad6..9a23ca6 --- a/hobble-openssl +++ b/hobble-openssl @@ -8,40 +8,33 @@ set -e # IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore # RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore # EC: ????????? ??/??/2020 -# SRP: ????????? ??/??/20?? +# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore # Remove assembler portions of IDEA, MDC2, and RC5. # (find crypto/rc5/asm -type f | xargs -r rm -fv) -# SRP. -for a in srp; do - for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do - echo Destroying $c - > $c - done -done - for c in `find crypto/bn -name "*gf2m.c"`; do echo Destroying $c > $c done -for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp22?.c" -o -name "ectest.c"`; do +for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do + echo Destroying $c + > $c +done + +for c in `find test -name "ectest.c"`; do echo Destroying $c > $c done for h in `find crypto ssl apps test -name "*.h"` ; do - echo Removing SRP and EC2M references from $h + echo Removing EC2M references from $h cat $h | \ awk 'BEGIN {ech=1;} \ - /^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ /^#[ \t]*if/ {if(ech < 1) ech--;} \ {if(ech>0) {;print $0};} \ /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ mv $h.hobbled $h done - -# Make the makefiles happy. -# touch crypto/rc5/asm/rc5-586.pl diff --git a/openssl-1.1.0-bio-fd-preserve-nl.patch b/openssl-1.1.0-bio-fd-preserve-nl.patch deleted file mode 100644 index fd032a1..0000000 --- a/openssl-1.1.0-bio-fd-preserve-nl.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -up a/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c.preserve-nl a/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c ---- a/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c.preserve-nl 2016-11-10 15:03:44.000000000 +0100 -+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/bio/bss_fd.c 2016-12-22 14:36:16.730740423 +0100 -@@ -202,8 +202,10 @@ static int fd_gets(BIO *bp, char *buf, i - char *ptr = buf; - char *end = buf + size - 1; - -- while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n')) -- ptr++; -+ while (ptr < end && fd_read(bp, ptr, 1) > 0) { -+ if (*ptr++ == '\n') -+ break; -+ } - - ptr[0] = '\0'; - -diff -up a/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod.preserve-nl a/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod ---- a/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod.preserve-nl 2016-11-10 15:03:45.000000000 +0100 -+++ b/CryptoPkg/Library/OpensslLib/openssl/doc/crypto/BIO_read.pod 2016-12-22 14:37:22.731245197 +0100 -@@ -23,7 +23,8 @@ in B. Usually this operation will a - from the BIO of maximum length B. There are exceptions to this, - however; for example, BIO_gets() on a digest BIO will calculate and - return the digest and other BIOs may not support BIO_gets() at all. --The returned string is always NUL-terminated. -+The returned string is always NUL-terminated and the '\n' is preserved -+if present in the input data. - - BIO_write() attempts to write B bytes from B to BIO B. - diff --git a/openssl-1.1.0-cc-reqs.patch b/openssl-1.1.0-cc-reqs.patch deleted file mode 100644 index 74521c6..0000000 --- a/openssl-1.1.0-cc-reqs.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up a/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c.cc-reqs b/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c ---- a/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c.cc-reqs 2017-01-26 14:10:23.000000000 +0100 -+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c 2017-01-26 16:01:52.622308528 +0100 -@@ -75,6 +75,12 @@ static int rsa_builtin_keygen(RSA *rsa, - if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) - goto err; - -+ /* prepare minimum p and q difference */ -+ if (!BN_one(r3)) -+ goto err; -+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100)) -+ goto err; -+ - if (BN_copy(rsa->e, e_value) == NULL) - goto err; - -@@ -103,7 +109,9 @@ static int rsa_builtin_keygen(RSA *rsa, - do { - if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) - goto err; -- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); -+ if (!BN_sub(r2, rsa->q, rsa->p)) -+ goto err; -+ } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3)); - if (degenerate == 3) { - ok = 0; /* we set our own err */ - RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); diff --git a/openssl-1.1.0-disable-ssl3.patch b/openssl-1.1.0-disable-ssl3.patch deleted file mode 100644 index b0906fe..0000000 --- a/openssl-1.1.0-disable-ssl3.patch +++ /dev/null @@ -1,59 +0,0 @@ -diff -up a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.disable-ssl3 b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c ---- a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.disable-ssl3 2016-08-25 17:29:22.000000000 +0200 -+++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c 2016-09-08 11:08:05.252082263 +0200 -@@ -2470,6 +2470,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - * or by using the SSL_CONF library. - */ - ret->options |= SSL_OP_NO_COMPRESSION; -+ /* -+ * Disable SSLv3 by default. Applications can -+ * re-enable it by configuring -+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); -+ * or by using the SSL_CONF library. -+ */ -+ ret->options |= SSL_OP_NO_SSLv3; - - ret->tlsext_status_type = -1; - -diff -up a/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c.disable-ssl3 b/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c ---- a/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c.disable-ssl3 2016-09-08 11:08:05.252082263 +0200 -+++ b/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c 2016-09-08 11:11:44.802005886 +0200 -@@ -258,6 +258,7 @@ static int execute_test(SSL_TEST_FIXTURE - SSL_TEST_SERVERNAME_CB_NONE) { - server2_ctx = SSL_CTX_new(TLS_server_method()); - TEST_check(server2_ctx != NULL); -+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); - } - client_ctx = SSL_CTX_new(TLS_client_method()); - -@@ -266,11 +267,15 @@ static int execute_test(SSL_TEST_FIXTURE - resume_client_ctx = SSL_CTX_new(TLS_client_method()); - TEST_check(resume_server_ctx != NULL); - TEST_check(resume_client_ctx != NULL); -+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); - } - } - - TEST_check(server_ctx != NULL); - TEST_check(client_ctx != NULL); -+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); - - TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0); - -diff -up a/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c.disable-ssl3 b/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c ---- a/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c.disable-ssl3 2016-08-25 17:29:23.000000000 +0200 -+++ b/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c 2016-09-08 11:08:05.253082286 +0200 -@@ -1456,6 +1456,11 @@ int main(int argc, char *argv[]) - ERR_print_errors(bio_err); - goto end; - } -+ -+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); -+ - /* - * Since we will use low security ciphersuites and keys for testing set - * security level to zero by default. Tests can override this by adding diff --git a/openssl-1.1.0-issuer-hash.patch b/openssl-1.1.0-issuer-hash.patch deleted file mode 100644 index 791a62d..0000000 --- a/openssl-1.1.0-issuer-hash.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c.issuer-hash b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c ---- a/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200 -+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200 -@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has - - if (ctx == NULL) - goto err; -+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); - if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) - goto err; diff --git a/openssl-patch-to-tarball.sh b/openssl-patch-to-tarball.sh index f13382a..5b327ca 100644 --- a/openssl-patch-to-tarball.sh +++ b/openssl-patch-to-tarball.sh @@ -12,9 +12,9 @@ fedpkg switch-branch master gitk -- sources - # the commit that added the 1.1.0e hobbled tarball is c676ac32d544, - # subject "update to upstream version 1.1.0e" - git checkout c676ac32d544 + # the commit that added the 1.1.0h hobbled tarball is 6eb8f620273 + # subject "update to upstream version 1.1.0h" + git checkout 6eb8f620273 # fetch the hobbled tarball and verify the checksum ( @@ -32,15 +32,16 @@ # unpack the hobbled tarball into edk2, according to # "OpenSSL-HOWTO.txt"; WORKSPACE stands for the root of the edk2 project # tree - tar -x --xz -f openssl-1.1.0e-hobbled.tar.xz - mv -- openssl-1.1.0e "$WORKSPACE"/CryptoPkg/Library/OpensslLib/openssl + tar -x --xz -f openssl-1.1.0h-hobbled.tar.xz + mv -- openssl-1.1.0h "$WORKSPACE"/CryptoPkg/Library/OpensslLib/openssl # update the INF files as described in "OpenSSL-HOWTO.txt", then save # the results as a single commit - cd "$WORKSPACE"/CryptoPkg/Library/OpensslLib - perl process_files.pl - git add -A - git commit + (cd "$WORKSPACE"/CryptoPkg/Library/OpensslLib && perl process_files.pl) + git rm --cached CryptoPkg/Library/OpensslLib/openssl + git commit -m'remove openssl submodule' + git add -A CryptoPkg/Library/OpensslLib/openssl + git commit -m'add openssl 1.1.0h' git format-patch -1 Then run the patch through this script which will build a new tar file.