Linaro-uefi March 2017

linaro-uefi@lists.linaro.org

11 participants
29 discussions

[PATCH] Platforms/ARM: enable memory protection features

by Ard Biesheuvel

This enables the recently added and/or enhanced memory protection features in upstream EDK2: - strict code/data separation PE/COFF sections so that mappings can be made either read-only or non-executable - remove exec permissions from all other (i.e., non-code) regions (as far as is feasible without breaking GRUB) - remap the DXE stack as non-executable before entering DxeCore Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> --- Platforms/ARM/VExpress/ArmVExpress.dsc.inc | 21 ++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/Platforms/ARM/VExpress/ArmVExpress.dsc.inc b/Platforms/ARM/VExpress/ArmVExpress.dsc.inc index c94001b3bcdb..431d6d0f76ce 100644 --- a/Platforms/ARM/VExpress/ArmVExpress.dsc.inc +++ b/Platforms/ARM/VExpress/ArmVExpress.dsc.inc @@ -14,6 +14,9 @@ [Defines] SECURE_BOOT_ENABLE = FALSE +[BuildOptions.common.EDKII.DXE_CORE,BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000 @@ -437,6 +440,24 @@ # GUID of the UI app gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # Enable strict image permissions for all images. (This applies + # only to images that were built with >= 4 KB section alignment.) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 + + # + # Enable NX memory protection for all non-code regions, including OEM and OS + # reserved ones, with the exception of LoaderData regions, of which OS loaders + # (i.e., GRUB) may assume that its contents are executable. + # + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 + + # + # Enable the non-executable DXE stack. (This gets set up by DxeIpl) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + [Components.common] MdeModulePkg/Universal/PCD/Dxe/Pcd.inf { <LibraryClasses> -- 2.7.4

7 years, 9 months

[PATCH 0/2] Armada 70x0 RTC support

by Marcin Wojtas

Hi, I submit two patches adding RTC support for Armada 7k SoC. It allows for proper real time clock configuration and access via EFI runtime services. The patches are also available in the github. https://github.com/MarvellEmbeddedProcessors/edk2-open-platform/commits/opp… Any comments or remarks would be very welcome. Best regards, Marcin Marcin Wojtas (2): Platforms/Marvell: Introduce RTC support Platforms/Marvell: Enable RTC library on Armada70x0 platforms Platforms/Marvell/Armada/Armada.dsc.inc | 3 +- Platforms/Marvell/Armada/Armada70x0.dsc | 3 + .../Library/RealTimeClockLib/RealTimeClockLib.c | 350 +++++++++++++++++++++ .../Library/RealTimeClockLib/RealTimeClockLib.inf | 52 +++ Platforms/Marvell/Marvell.dec | 3 + 5 files changed, 410 insertions(+), 1 deletion(-) create mode 100644 Platforms/Marvell/Armada/Library/RealTimeClockLib/RealTimeClockLib.c create mode 100644 Platforms/Marvell/Armada/Library/RealTimeClockLib/RealTimeClockLib.inf -- 1.8.3.1

7 years, 9 months

Re: [Linaro-uefi] Fwd: Re: [Linaro-uefi v1] Hisilicon/D02: update FVMAIN_SEC.fv

by Chenhui Sun

hi Leif, Sorry for replying late. I have modified the commit message according your comments. Please find the patch at: ssh://git@git.linaro.org/people/heyi.guo/OpenPlatformPkg.git branch: rp-17.04-01 thanks. Regards, Chenhui 在 2017/3/14 19:45, Heyi Guo 写道: > > > > > -------- 转发的消息 -------- > 主题: Re: [Linaro-uefi v1] Hisilicon/D02: update FVMAIN_SEC.fv > 日期: Wed, 1 Mar 2017 15:19:22 +0000 > 发件人: Leif Lindholm <leif.lindholm(a)linaro.org> > 收件人: Heyi Guo <heyi.guo(a)linaro.org> > 抄送: linaro-uefi(a)lists.linaro.org, ard.biesheuvel(a)linaro.org, > graeme.gregory(a)linaro.org, sunchenhui(a)huawei.com, wanghuiqiang(a)huawei.com > > > > Hi Heyi, Chenhui, > > Apologies for slow reaction time. > > OK, this makes sense. > Can you update this patch and: > 1) Add the statement > "Resolves incompatibility introduced by 0df0c147"? > to the commit message. > 2) Add the Contributed-under: tag > 3) Ensure that a Signed-off-by: from the patch Author is > present. (I don't really care if you do that by changing > the Author such that the patch contains a From: tag or > by adding Signed-off-by: from both of you.) > > Regards, > > Leif > > On Wed, Feb 15, 2017 at 08:52:22AM +0800, Heyi Guo wrote: > > Hi Leif, > > > > Yes, the FVMAIN_SEC.fv need to be rebuilt after enlarging FVMAIN_COMPACT. > > > > Regards > > > > 在 2017/2/13 22:03, Leif Lindholm 写道: > > >Are you saying that this resolves a bug introduced by 0df0c147? > > > > > >Regards, > > > > > >Leif > > > > > >On Mon, Feb 13, 2017 at 04:48:51PM +0800, Heyi Guo wrote: > > >>Hi Leif, > > >> > > >>Could you help to review this patch? > > >> > > >>The FVMAIN_SEC.fv also could be found in my branch: hisi-wip-08, thanks. > > >> > > >> > > >>Regards, > > >> > > >>Heyi > > >> > > >>在 2017/2/13 16:37, Chenhui Sun 写道: > > >>>From: Heyi Guo<heyi.guo(a)linaro.org> > > >>> > > >>>We need to rebuild FVMAIN_SEC.fv after enlarging FVMAIN_COMPACT, > > >>>because the fv size and trustfirmware located base address changed. > > >>> > > >>>Signed-off-by: Chenhui Sun<sunchenhui(a)huawei.com> > > >>>--- > > >>> Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv | Bin 262144 -> 262144 bytes > > >>> 1 file changed, 0 insertions(+), 0 deletions(-) > > >>> > > >>>diff --git a/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv b/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv > > >>>index bac8767..49b61aa 100644 > > >>>Binary files a/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv and b/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv differ > >

7 years, 9 months

[PATCH 1/1] Platforms/Marvell: Add resolution for UefiBootManagerLib

by Marcin Wojtas

Recent changes to ShellPkg require a resolution for UefiBootManagerLib. Resolve the dependencies and increase FV size to accommodate new additions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marcin Wojtas <mw(a)semihalf.com> --- Platforms/Marvell/Armada/Armada.dsc.inc | 3 +++ Platforms/Marvell/Armada/Armada70x0.fdf | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Platforms/Marvell/Armada/Armada.dsc.inc b/Platforms/Marvell/Armada/Armada.dsc.inc index da48ea6..85abb81 100644 --- a/Platforms/Marvell/Armada/Armada.dsc.inc +++ b/Platforms/Marvell/Armada/Armada.dsc.inc @@ -59,10 +59,13 @@ UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf + DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf + UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf diff --git a/Platforms/Marvell/Armada/Armada70x0.fdf b/Platforms/Marvell/Armada/Armada70x0.fdf index 10ad9f9..280b40b 100644 --- a/Platforms/Marvell/Armada/Armada70x0.fdf +++ b/Platforms/Marvell/Armada/Armada70x0.fdf @@ -49,7 +49,7 @@ NumBlocks = 0x400 # ################################################################################ -0x00000000|0x000E6000 +0x00000000|0x00100000 gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize FV = FVMAIN_COMPACT -- 1.8.3.1

7 years, 9 months

[PATCH v2 0/4] AMD/Styx: enable strict memory permissions

by Ard Biesheuvel

This cleans up some dodgy code in the SMBIOS driver, after which it is possible to enable the shiny new memory protection controls. Changes since v1: - enable on Cello as well as Overdrive, I will leave it up to Alan whether this gets enabled on the Overdrive 1000 as well - simplify patch #1 Note that the prerequisite EDK2 changes have now been merged. Ard Biesheuvel (4): Platforms/AMD/Styx/PlatformSmbiosDxe: don't write to string literals Platforms/AMD/Styx: constify/staticize all local functions and variables Platforms/AMD/Overdrive: enable strict memory permission policy Platforms/AMD/Cello: enable strict memory permission policy Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc | 16 ++++ Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c | 79 +++++++++++--------- Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc | 16 ++++ 3 files changed, 74 insertions(+), 37 deletions(-) -- 2.7.4

7 years, 9 months

[PATCH v3 0/7] ATAPI support on SiI SATA adapter

by Jeremy Linton

The SiI isn't an AHCI compatible adapter so it implements the EFI ATA pass-through protocol directly. This works for fixed hard drives, but not ATAPI attached devices (CDROM, DVDROM, TAPE, etc). This patch adds read only ATAPI support via the EFI SCSI pass-through protocol, allowing boot from attached CD/DVD. This patch also cleans up, and tweaks recovery paths/etc in the original driver. When combined with the ARM/PCI dma lib changes this allows us to relax the IO alignment requirement that caused grub failures. Finally, the OpenPlatformPkg/Juno must be updated, with another patch to avoid build breaks now that the SiI has a dependency on the SCSI libraries. V2->V3: Send the correct patch, rather than the one I was running the patch checker against. V1->V2: Formatting corrections per Ard's comments and Daniil's updated patch checker. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeremy Linton <jeremy.linton(a)arm.com> Jeremy Linton (7): EmbeddedPkg: SiI3132: Note that ARM is using this Dxe MdePkg IndustryStandard/Scsi.h: Add sense code macro EmbeddedPkg: SiI3132: Add ScsiProtocol callbacks EmbeddedPkg: SiI3132: Add SCSI protocol support to header EmbeddedPkg: SiI3132: Break out FIS command submission EmbeddedPkg: SiI3132: Cleanup device node creation EmbeddedPkg: SiI3132: Enable SCSI pass-through protocol EmbeddedPkg/Drivers/SataSiI3132Dxe/SataSiI3132.c | 49 ++- EmbeddedPkg/Drivers/SataSiI3132Dxe/SataSiI3132.h | 93 ++++- .../Drivers/SataSiI3132Dxe/SataSiI3132Dxe.inf | 2 + .../Drivers/SataSiI3132Dxe/SiI3132AtaPassThru.c | 268 ++++++++----- .../Drivers/SataSiI3132Dxe/SiI3132ScsiPassThru.c | 431 +++++++++++++++++++++ MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf | 2 +- MdePkg/Include/IndustryStandard/Scsi.h | 2 + OpenPlatformPkg | 2 +- 8 files changed, 721 insertions(+), 128 deletions(-) create mode 100644 EmbeddedPkg/Drivers/SataSiI3132Dxe/SiI3132ScsiPassThru.c -- 2.9.3

7 years, 9 months

[PATCH v2 0/9] enable Android Fastboot App on Hikey

by Haojian Zhuang

v2: * Fix the register offset sequence in Hi6220 head file. * Remove the unnecessary dependency. Set them in DSC & FDF file instead. v1: * Enable Android Fastboot App on HiKey platform. Haojian Zhuang (9): Platforms/Hisilicon/HiKey: append more register definitions Platforms/Hisilicon/HiKey: add HiKey variable space Drivers/Usb/DwUsb: support designware usb Platforms/Hisilicon/HiKey: append GUID in dec Platforms/Hisilicon/HiKey: support GPIO controller Platforms/Hisilicon/HiKey: support designware USB controller Platforms/Hisilicon/HiKey: support fastboot driver Platforms/Hisilicon/HiKey: add platform boot manager Platforms/Hisilicon/HiKey: enable Android Fastboot Chips/Hisilicon/Hi6220/Include/Hi6220.h | 29 + Drivers/Usb/DwUsbDxe/DwUsbDxe.c | 796 +++++++++++++++++++++ Drivers/Usb/DwUsbDxe/DwUsbDxe.dec | 46 ++ Drivers/Usb/DwUsbDxe/DwUsbDxe.h | 627 ++++++++++++++++ Drivers/Usb/DwUsbDxe/DwUsbDxe.inf | 52 ++ Include/Protocol/DwUsb.h | 81 +++ OpenPlatformPkg.dec | 1 + Platforms/Hisilicon/HiKey/HiKey.dec | 1 + Platforms/Hisilicon/HiKey/HiKey.dsc | 17 +- Platforms/Hisilicon/HiKey/HiKey.fdf | 6 +- .../HiKey/HiKeyFastbootDxe/HiKeyFastbootDxe.c | 705 ++++++++++++++++++ .../HiKey/HiKeyFastbootDxe/HiKeyFastbootDxe.inf | 61 ++ .../Hisilicon/HiKey/HiKeyGpioDxe/HiKeyGpioDxe.c | 68 ++ .../Hisilicon/HiKey/HiKeyGpioDxe/HiKeyGpioDxe.inf | 37 + .../Hisilicon/HiKey/HiKeyUsbDxe/HiKeyUsbDxe.c | 266 +++++++ .../Hisilicon/HiKey/HiKeyUsbDxe/HiKeyUsbDxe.inf | 46 ++ .../Hisilicon/HiKey/Include/Guid/HiKeyVariable.h | 24 + .../Library/PlatformBootManagerLib/PlatformBm.c | 485 +++++++++++++ .../Library/PlatformBootManagerLib/PlatformBm.h | 59 ++ .../PlatformBootManagerLib.inf | 88 +++ .../Library/PlatformBootManagerLib/QuietBoot.c | 680 ++++++++++++++++++ 21 files changed, 4172 insertions(+), 3 deletions(-) create mode 100644 Drivers/Usb/DwUsbDxe/DwUsbDxe.c create mode 100644 Drivers/Usb/DwUsbDxe/DwUsbDxe.dec create mode 100644 Drivers/Usb/DwUsbDxe/DwUsbDxe.h create mode 100644 Drivers/Usb/DwUsbDxe/DwUsbDxe.inf create mode 100644 Include/Protocol/DwUsb.h create mode 100644 Platforms/Hisilicon/HiKey/HiKeyFastbootDxe/HiKeyFastbootDxe.c create mode 100644 Platforms/Hisilicon/HiKey/HiKeyFastbootDxe/HiKeyFastbootDxe.inf create mode 100644 Platforms/Hisilicon/HiKey/HiKeyGpioDxe/HiKeyGpioDxe.c create mode 100644 Platforms/Hisilicon/HiKey/HiKeyGpioDxe/HiKeyGpioDxe.inf create mode 100644 Platforms/Hisilicon/HiKey/HiKeyUsbDxe/HiKeyUsbDxe.c create mode 100644 Platforms/Hisilicon/HiKey/HiKeyUsbDxe/HiKeyUsbDxe.inf create mode 100644 Platforms/Hisilicon/HiKey/Include/Guid/HiKeyVariable.h create mode 100644 Platforms/Hisilicon/Library/PlatformBootManagerLib/PlatformBm.c create mode 100644 Platforms/Hisilicon/Library/PlatformBootManagerLib/PlatformBm.h create mode 100644 Platforms/Hisilicon/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf create mode 100644 Platforms/Hisilicon/Library/PlatformBootManagerLib/QuietBoot.c -- 2.7.4

7 years, 9 months

[Linaro-uefi v1] Hisilicon/D02: update FVMAIN_SEC.fv

by Chenhui Sun

From: Heyi Guo <heyi.guo(a)linaro.org> We need to rebuild FVMAIN_SEC.fv after enlarging FVMAIN_COMPACT, because the fv size and trustfirmware located base address changed. Signed-off-by: Chenhui Sun <sunchenhui(a)huawei.com> --- Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv | Bin 262144 -> 262144 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv b/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv index bac8767..49b61aa 100644 Binary files a/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv and b/Platforms/Hisilicon/Binary/D02/Sec/FVMAIN_SEC.Fv differ -- 1.9.1

7 years, 9 months

[PATCH 0/4] enhance to support android kernel

by Haojian Zhuang

v1: * Fix the issue of booting kernel in AndroidFastboot. The issue was caused by broken LinuxLoader. * Add a new App to boot android kernel from storage device. Haojian Zhuang (4): EmbeddedPkg/AndroidFastboot: add the GetKernelArgs interface EmbeddedPkg/AndroidFastboot: fix to boot android kernel EmbeddedPkg: add Android boot device path EmbeddedPkg/AndroidBoot: boot android kernel from storage .../Application/AndroidBoot/AndroidBootApp.c | 118 +++++++++ .../Application/AndroidBoot/AndroidBootApp.h | 44 ++++ .../Application/AndroidBoot/AndroidBootApp.inf | 67 ++++++ .../Application/AndroidBoot/AndroidBootImg.c | 91 +++++++ .../AndroidBoot/Arm/BootAndroidBootImg.c | 268 +++++++++++++++++++++ .../AndroidFastboot/AndroidFastbootApp.c | 2 +- .../AndroidFastboot/AndroidFastbootApp.h | 21 +- .../AndroidFastboot/AndroidFastbootApp.inf | 4 + .../AndroidFastboot/Arm/BootAndroidBootImg.c | 230 +++++++++++++----- EmbeddedPkg/EmbeddedPkg.dec | 2 + .../Include/Protocol/AndroidFastbootPlatform.h | 13 + 11 files changed, 795 insertions(+), 65 deletions(-) create mode 100644 EmbeddedPkg/Application/AndroidBoot/AndroidBootApp.c create mode 100644 EmbeddedPkg/Application/AndroidBoot/AndroidBootApp.h create mode 100644 EmbeddedPkg/Application/AndroidBoot/AndroidBootApp.inf create mode 100644 EmbeddedPkg/Application/AndroidBoot/AndroidBootImg.c create mode 100644 EmbeddedPkg/Application/AndroidBoot/Arm/BootAndroidBootImg.c -- 2.7.4

7 years, 9 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Linaro-uefi March 2017