REF:https://github.com/tianocore/edk2/issues/11040
Since the below mentioned ciphers has a security risks,
Disable
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
MBEDTLS_SSL_RENEGOTIATION
MBEDTLS_DHM_C
Enable
MBEDTLS_SSL_DTLS_ANTI_REPLAY
MBEDTLS_SSL_DTLS_HELLO_VERIFY.
Signed-off-by: Kanagavel S <kanagavels@ami.com>
Commit b55530ad44
("BaseTools/PatchCheck.py: verify commit message lists package(s)")
introduced a check for the requirement to enumerate all modified packages
in the commit subject line. But it did leave the maximum line length at
75 characters (for non-CVE commits), which can get a bit cramped for
changes to several packages.
Introduce a new arbitrary "at least 20 characters after the :" limit.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
Use a temporary variable for max subject line length and log
result of test in one location.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
Before doing the subject line length check, the script checks that the
number of lines in the commit message (including subject) is not less
than or equal to zero - and returns if it is.
However, then the test for whether the subject line starts with a CVE
tag inexplicably also checks for whether the number of lines are
greater than or equal to one. This is just clutter, so drop it.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
CC_MR_INDEX_0_MRTD indicates the MRTD register. This register is NOT
extendable in TDVF. So the return value of TdxMeasurementMapPcrToMrIndex
must be checked.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
This patch introduces a synchronization point between the BSP and APs to
ensure all APs have entered their SMM wait-loop (while (TRUE) in APHandler
()) before the BSP calls into the SMI handler logic via gSmmCpuPrivate
->SmmCoreEntry().
Previously, the BSP would invoke ReleaseAllAPs() and immediately proceed
to SmmCoreEntry() without confirming whether APs had reached the stable
waiting state. If SmmStartupThisAp() was called inside the SMI handler
shortly after ReleaseAllAPs(), it might lead to a race condition:
APs are issued two consecutive wait signals (SmmCpuSyncWaitForBsp()).
BSP sends two consecutive releases (ReleaseAllAPs() + SmmStartupThisAp())
If an AP has not yet responded to the first release, the second release may
overwrite the semaphore state, and the AP might miss the notification,
causing it to hang or behave unpredictably.
To address this:
A SmmCpuSyncWaitForAPs() is added in BSP after
mmCpuPlatformHookBeforeMmiHandler() and before entering SmmCoreEntry().
A matching SmmCpuSyncReleaseBsp() is added in AP immediately after its own
SmmCpuPlatformHookBeforeMmiHandler()
This ensures that BSP does not enter SMI handler logic or dispatch any
AP-related requests before all APs are confirmed to be idle and ready.
Debug sync point markers (e.g., /// #6, #7) are updated accordingly.
This change eliminates a subtle but critical race condition in
multi-processor/multi-socket systems during SMM entry and improves overall
synchronization safety.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Running the vulture tool on the UPT/Xml folder gave the following
report. Remove the unnecessary code.
- UPT/Xml/CommonXml.py:585:
unused attribute 'LangDefsList' (60% confidence)
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Running the vulture tool on the UPT/PomAdapter folder gave the following
report. Remove the unnecessary code.
- UPT/PomAdapter/DecPomAlignment.py:898:
unused method 'ShowPackage' (60% confidence)
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Running the vulture tool on the Capsule folder gave the following
report. Remove the unnecessary code.
- Capsule/WindowsCapsuleSupportHelper.py:26:
unused method 'RegisterHelpers' (60% confidence)
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Running the vulture tool gave the following report.
Remove the unreachable code.
- TargetTool/TargetTool.py:49:
unreachable code after 'raise' (100% confidence)
- UPT/Library/UniClassObject.py:137:
unreachable code after 'return' (100% confidence)
- UPT/Object/Parser/InfDefineObject.py:795:
unreachable code after 'if' (100% confidence)
- Ecc/Check.py:1504:
unreachable code after 'return' (100% confidence)
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Add validation for FtwWorkSpaceHeader within the
WorkSpaceRefresh() function to address an issue where the
variable store cannot recover from the FTW spare block if the
variable store is erased or corrupted during an FTW write or
reclaim operation.
Signed-off-by: Wenbo Hou <wenbo.hou@microsoft.com>
As the MM cores begin to support MM Communicate v3, this update moves the
driver to communicate to MM agent through MM Communicate v3 PPI.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
As MM cores start to support MM communciate v3. This change moves the
variable driver to use MM communicate v3 if it is available, otherwise the
driver will fallback to v2 to keep the same functionality.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a check to ensure the incoming buffer is correctly using
MM communicate v3 header before dereferencing the content.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
As the standalone MM core begins supporting MM Communicate v3, this
update extends its functionality to incorporate MM Communicate v3 headers
format, enabling compatibility with the new protocol.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
As the standalone MM core begins supporting MM Communicate v3, this
update extends its functionality to incorporate MM Communicate v3
headers, enabling compatibility with the new protocol.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
As MM cores start to support MM communciate v3. This change moves the
MM communicate driver to produce MM communicate v3 PPI.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
As MM cores start to support MM communciate v3. This change moves the
MM communicate driver to produce MM communicate v3 protocol.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
According to the UEFI Specification version 2.11, the valid range for the
Year field in the EFI_TIME structure is from 1900 to 9999.
Currently IsTimeValid() checks a restricted range 2000 - 2099.
Update range in TimeBaseLib.c to match UEFI specification.
Signed-off-by: Pankaj Singh <pansing@qti.qualcomm.com>
- Updated Maintainers.txt to include Sami Mujawar as a maintainer for the
ARM-FFA sections in MdePkg and MdeModulePkg.
- Updated Maintainers.txt to include Yeo Reum Yun as a reviewer for the
ARM-FFA sections in MdePkg and MdeModulePkg.
- Updated Maintainers.txt to include Kun Qin as a reviewer for the ARM-
FFA sections in MdePkg and MdeModulePkg.
- Added their contact information: email and GitHub username.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
FFA is a framework that supports various protocols built on top. i.e.
memory protocol, which is nothing that can be done through existing
interfaces.
Instead of requiring protocol authors to check conduit PCD in every
implementation, exposing the ArmCallFfa is a unified way to allow other
protocols to leverage FFA interfaces.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds the support for mapping Rx/Tx buffer through the library
constructor. The first mapper will produce an MM protocol instance with
Rx/Tx information, which allows subsequent consumers to query the
information.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Disable write strings warning for host-based unit test
builds when building modules of type HOST_APPLICATION.
Modules of type HOST_APPLICATION may compile and link code
under test into the host-based unit test. When building
GoogleTest based unit tests, the G++ compiler is used. The
G++ compiler is stricter than GCC for passing a const string
into a function parameter that is not const. This is not a
warning for GCC build of firmware code. But GoogleTest builds
that use g++ detect as a warning and that breaks the build.
The firmware code under test can not be changed, so the warning
-Wno-write-strings is added to CC_FLAGS to ignore this warning.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Now that the use of 18 registers for FF-A is supported. Registers
from x0-x17 can be used by FF-A to return call results. StMM also uses
registers x19-x23 to store SPMC boot information.
Use the x24 register to store the stack address instead of x12
to avoid it being clobbered by FF-A calls.
Signed-off-by: Mohamed Gamal Morsy <mohamed.morsy@arm.com>
Verify that the subject line matches the basic
{Package}[,Package]:
format _or_ the
Revert "<subject of commit to revert>"
format.
Non-package top-level directories are treated as packages.
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
In order to enable subject line format compliance checking in following
patches, pass through a list of modified packages to CommitMessageCheck.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
The get_parent_packages function in CheckGitCommits returns the path of
non-package directories, but in fact returns the path of the .dec file
for actual packages.
Align the handling to be more consistent and return only directory names,
regarding of how it was found.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
