Commit 7c204d7 changed the behavior of the WiFi
Connection Manager. It no longer scans for available
networks when the driver loads, because scanning
during that time disrupts connections for other
features. To avoid blocking other processes, the
driver should initiate a scan only when appropriate.
This update introduces a one-time scan that occurs
when the user opens the network settings page in
the UI, enables WiFi, and then opens the network
list page to view available networks.
Signed-off-by: Zachary Clark-Williams <zachary.clark-williams@intel.com>
Replace timer eventclose with scan timerset in WifiConnectionManagerDxe.
This change ensures that the driver sets and manages scan timers
correctly without requiring a reload when the user enables WiFi and
initiates a scan for available networks.
By using scan timerset directly, the driver maintains consistent
behavior across WiFi sessions and avoids redundant event handling.
Signed-off-by: Zachary Clark-Williams <zachary.clark-williams@intel.com>
Add missing EAP-TLS option to HII configuration
Implemented support for EAP-TLS authentication in
the WifiConnectionManagerDxe HII interface. This
change ensures that the EAP-TLS option is available
for selection in the UI, addressing cases where it
was previously missing.
Signed-off-by: Zachary Clark-Williams <Zachary.Clark-Williams@intel.com>
Update unit tests to use GoogleTestLib.h instead
of gtest.h so the edk2 extensions for google tests
are always available.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Fix possible NULL pointer dereference in NetBuffer.c This was flagged by
CodeQl as an error.
Github Issue #11190
Signed-off-by: Brit Chesley <brit.chesley@amd.com>
Fix memory leaks by adding missing FreePool calls:
free HandleBuffer in HttpUtilitiesDxeUnload.
REF: https://uefi.org/sites/default/files/resources/UEFI_Spec_Final_2.11.pdf
Chapter 7.3.15: "Services - Boot Services.LocateHandleBuffer":
It is the caller's responsibility to call the Boot Service.FreePool when
the caller no longer requires the contents of Buffer.
Signed-off-by: Dongyan Qian <qiandongyan@loongson.cn>
Align HTTP Boot behavior with PXE by inserting a delay to wait for IPv6 Duplicate Address Detection (DAD) to complete before issuing DHCPv6 requests. This avoids EFI_NO_MAPPING errors caused by early DHCP attempts before a valid IPv6 address is ready.
Problem:
On some platforms, HTTP boot over IPv6 fails with EFI_NO_MAPPING during initial DHCPv6 attempts. The failure is due to the system trying to send Solicit messages before IPv6 DAD finishes, resulting in no usable IP address at that time.
Solution:
Insert a retry mechanism to poll DAD completion when the initial call to Dhcp6->Start() fails with EFI_NO_MAPPING. This behavior mirrors PXE's handling, where it waits for a valid IPv6 address to be assigned before retrying the DHCPv6 flow.
Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
When the Wifi network is enabled the connection
manager will trigger a network scan without a
profile to use. If there is a connected network
or attempting a connection, the scan will
interrupt and break the connection.
Fix - The Wifi Connection Manager will register
the scan on timer tick but will not set the timer.
This timer will only be set when the user enters or
selects a profile for connection in the BIOS menu.
If the user does not select a profile there is no
need to start a scan timer. Additionally the scan
on timer tick will check for a profile to connect
and if no profile found then cancel the timer and
exit. When the driver loads it will check for a
profile and if one is found then the scan timer
will be set. If no profile is found then the
driver will not set the scan timer and will
not attempt to scan. This will prevent the
driver from scanning and breaking a connection
if the user does not select a profile.
Signed-off-by: Zachary Clark-Williams <zachary.clark-williams@intel.com>
In IScsiBuildKeyValueList, check if we have any data left (Len > 0) before advancing the Data pointer and reducing Len.
Avoids wrapping Len. Also Used SafeUint32SubSafeUint32Sub call to reduce the Len .
Signed-off-by: santhosh kumar V <santhoshkumarv@ami.com>
Current HTTP transfer size have a default value of 2M.
This PCD change allows the platform code to change the transfer buffer size.
Based on the network bandwidth, the buffer size can be adjusted to improve performance.
Large buffer size provides better performance in high-bandwidth connections.
However, small buffer size helps to reduce packet loss in low-bandwidth scenarios.
Signed-off-by: Anbazhagan Baraneedharan <anbazhagan@hp.com>
Used SafeUint32Add to calculate and validate OutTransferLength with
boundary check in IScsiOnR2TRcvd to avoid integer overflow
Signed-off-by: Madhavan <madavtechy@gmail.com>
- Add HTTP CONNECT flow to connect to Proxy Server
- Provide Proxy URL to HTTP GET/HEAD Requests
Implementation based on UEFI Specification v2.11
- Section 24.7.10 to use HTTP CONNECT method to connect to Proxy
Server and use it to forward the HEAD/GET request to Endpoint Server's
BootURI.
- Section 29.6.6 to use EFI_HTTP_CONNECT_REQUEST_DATA structure for
HttpMethodConnect usage in EFI_HTTP_PROTOCOL.Request()
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
Update HTTP Boot Start/Stop to handle ProxyUri
Implementation based on UEFI Specification v2.11 section 24.7.10 to
use HTTP CONNECT method to connect to Proxy Server and use it to
forward the HEAD/GET request to Endpoint Server's BootURI.
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
Update device path parser to detect device path with Proxy URI
Implementation based on UEFI Specification v2.11 Section 24.7.3.1
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
Build boot option with HII provided ProxyUri by utilizing URI
validation path in HII callback for ProxyUri.
Implementation based on UEFI Specification v2.11 Section 24.7.3.1 to
use device path with ProxyURI included
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
1. In EfiHttpRequest():
a) Decision to use HTTPS in HTTP CONNECT is based on Proxy URL.
b) Support PUT/POST with no headers when connected to proxy.
2. In HttpConnectTcp4/6():
a) Add new argument to provide new TLS session establishment indication
(TlsConfigure).
a) Create HTTP connection only when not connected to proxy.
b) Do not create new HTTP connection when client is connected to proxy.
3. In HttpInitSession(), pass TlsConfigure to HttpConnectTcp4 calls.
4. In TlsConfigureSession(), when connected to proxy, use recorded
endpoint's host name for TLS VerifyHost.
Implementation based on UEFI Specification v2.11 section 24.7.10 to
use HTTP CONNECT method to connect to Proxy Server and use it to
forward the HEAD/GET request to Endpoint Server's BootURI.
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
1. Store information in HttpInstance.
a) Proxy URL from last HTTP CONNECT request (ProxyUrl) and its length
(ProxyUrlLen).
b) State of connection to proxy server (ProxyConnected) - TRUE after
HTTP CONNECT success.
c) Host name extracted from endpoint URL (EndPointHostName).
2. Modified EfiHttpRequest() flow to handle HTTP CONNECT request.
a) Treating request's URL as "endpoint URL". In case of HTTP CONNECT
request, directing it to Proxy URL with Host set to "endpoint URL".
3. Added PrintLib instance to cover AsciiSPrint() call.
Implementation based on UEFI Specification v2.11
- Section 24.7.10 to use HTTP CONNECT method to connect to Proxy
Server and use it to forward the HEAD/GET request to Endpoint
Server's BootURI.
- Section 29.6.6 to use EFI_HTTP_CONNECT_REQUEST_DATA structure
for HttpMethodConnect usage in EFI_HTTP_PROTOCOL.Request()
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
1.HttpResponseWorker(DEADCODE)
The result of pointer arithmetic "HttpHeaders+AsciiStrLen("HTTP/1.1") + 1"
is never null.
2.HttpsSupport.c (NULL_RETURNS)
NetbufAlloc might return null pointer ,so assigning "NULL" to
"PacketOut" and "DataOut" pointer.
Solution:
1.Removed the NULL Check for "StatusCodeStr"
2.Added Null Check for PacketOut and returned EFI_OUT_OF_RESOURCES
on NULL case.
Signed-off-by: santhosh kumar V <santhoshkumarv@ami.com>
SnpDxe registers for an ExitBootServices callback and runs the
PXE_OPCODE_SHUTDOWN and PXE_OPCODE_STOP commands for any network
controllers that the driver is attached to.
Register the SnpDxe callback for gEfiEventBeforeExitBootServicesGuid
instead of gEfiEventExitBootServicesGuid to ensure the correct ordering:
1. ExitBootServices event
2. Network card shutdown sequence is completed
Also, close the event to prevent rerunning the shutdown if multiple
ExitBootServices events need to be called by the OS.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Per RFC 1350, TFTP error packets include 2 byte OpCode and ErrorCode
fields in network byte order. Those need to be swapped to host order to
be interpreted correctly. Without this change, the TftpErrorReceived and
TftpError Mode fields are never set and EFI applications can't inspect
the error received from the TFTP server.
Signed-off-by: Dan Nicholson <dbn@endlessos.org>
With the driver, "Wi-Fi Configuration" Setup page is available regardless
of Wi-Fi module existence. When there is no Wi-Fi module, it is found that
entering the page causes exiting Setup browser. User would think the result
as an error. For better user experience, the update enables the page to
report the module status like a blank page. It prevents exiting Setup.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Currently, the only way to disable PXE boot options is to change the PCD
variables PcdIPv4PXESupport and PcdIPv6PXESupport in the source code or
use the "--pcd" option in the build script. Other boot options such
as HTTP or iSCSI can be disabled using the -D<option> flag.
NETWORK_PXE_BOOT_ENABLE will add a consistent way to disable PXE booting.
This is the third and final part of a series of patches to enable the
NETWORK_PXE_BOOT_ENABLE build flag. At this point, the flag will be able
to disable PXE functionality.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
With mSecureHashAlgorithms being static this should not be
needed any more.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
ArmSoftFloatLib is going away, so remove all residual references to it.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This patch fixes a few instances of error cases in NetworkPkg
returning after a RaiseTPL call without restoring the TPL
first.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Rename `NetworkPcds` to `NetworkFixedPcds` to avoid confusion with
dynamic PCDs. The next patches in the chain will update all references
across the codebase to use the new name.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Aleksandr Goncharov <chat@joursoir.net>
Introduce an include file with dynamic PCDs to simplify the usage of
the network stage. This allows us to stop manually adding
`PcdIPv4PXESupport` and `PcdIPv6PXESupport` to the DSC file.
`NETWORK_IP4_ENABLE` and `NETWORK_IP6_ENABLE` are not used because
PXEv4 and PXEv6 boot support can be controlled from the QEMU command
line.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Aleksandr Goncharov <chat@joursoir.net>
* EFI_DHCP6_DUID structure declares Duid[1], so the size
of that structure is not large enough to hold an entire
Duid. Instead, compute the correct size to allocate an
EFI_DHCP6_DUID structure.
* Dhcp6AppendOption() takes a length parameter that in
network order. Update test cases to make sure a network
order length is passed in. A value of 0x0004 was being
passed in and was then converted to 0x0400 length and
buffer overflow was detected.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
When all resume attempts to continue an interrupted NBP file
download have failed, report the failure status to the caller.
Original implementation was returning success when number of
retries reaches the limit defined by PcdMaxHttpResumeRetries.
Signed-off-by: Leandro Gustavo Biss Becker <lbecker@positivo.com.br>
Without this change we get:
error: equality comparison with extraneous parentheses
when building with -D NETWORK_IP6_ENABLE on XCODE5.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
The existing HttpBootUninstallCallback was passing the wrong handle (the
PrivateData root controller handle, not the correct child IPv4 or IPv6
NIC controller handle; cf HttpBootInstallCallback for matching logic) and
was also passing the address of a pointer to the interface to be removed
rather than the pointer itself, so always failed with EFI_NOT_FOUND.
This resulted in the prior behaviour that if multiple HTTP boot attempts
were made, on the second and subsequent attempts the instance of this
protocol installed by the first attempt would be re-used. As long as only
one driver using the protocol is installed, this ends up producing the
same results as if the protocol had been uninstalled then reinstalled
correctly.
After this commit, the protocol is installed at the start of an HTTP boot
attempt and uninstalled it at the end of it (assuming nothing else has
accessed the protocol in a way which blocks the uninstall).
It might seem attractive to add an ASSERT to confirm when debugging
that the uninstall succeeds as expected, but this is recommended against
because uninstallation of protocol interfaces is allowed to fail under
the UEFI model:
https://edk2.groups.io/g/devel/message/117469.
An ASSERT could therefore arise from a sequence of events which is
perfectly valid - or at least is out of the control of this driver.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
The PcdEnforceSecureRngAlgorithms Pcd enforces the use of RNG
algorithms defined by the UEFI spec. To re-use the Pcd in other
packages and have a generic mean to control the usage of unsecure
algorithms, move the Pcd to the MdePkg.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
When the boot file download operation is interrupted for some reason,
HttpBootDxe will use HTTP Range header to try resume the download
operation reusing the bytes downloaded so far.
Signed-off-by: Leandro Gustavo Biss Becker <lbecker@positivo.com.br>
PxeBcDhcp6GoogleTest's MultipleDnsEntries test started to fail
with stack cookies added for host applications. Debugging this
showed that the test was attempting to copy two UINT16s to a
UINT8 Data[1] array allocated on the stack. This was moved to
a heap based allocation for a UINT32 to accommodate the proper
size. After this fix, the unit test passed with stack cookies
enabled.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=48297f17a15 (2024/02/22)
"OvmfPkg: Shell*.inc: allow building without network support"
breaks building OVMF with `-D NETWORK_ENABLE=0`.
Before this commit we could build OVMF e.g. with the following
command in the OvmfPkg directory:
./build.sh -D NETWORK_ENABLE=0
After the commit the same command fails early with:
/home/user/OpenSource/edk2/OvmfPkg/OvmfPkgX64.dsc(15):
error F001: Pcd (gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections)
defined in DSC is not declared in DEC files referenced in INF files in
FDF. Arch: ['X64']
This commit conditionally removes the undefined Pcd reference in
NetworkPkg which is part of this issue.
Similar changes are needed in separate commits for
OvmfPkg (and for ArmVirtPkg, since the issue also
exists there, although masked by another issue).
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Under normal operation, some 30 or so of these lines logged as DEBUG_INFO
on first transmit.
This is not relevant information for users of the driver, so convert these
messages to VERBOSE.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Report PXE error status via Status Code, with this design,
it will be flexible to register a status code handler
via gEfiRscHandlerProtocolGuid to output the customized error code
to other telemetry service.
The subclass code is `EFI_IO_BUS_IP_NETWORK`
Signed-off-by: Ethan Hsu <Eathonhsu@gmail.com>
