From: "Zhang, Di" <di.zhang@intel.com>
To: "Gao, Liming" <gaoliming@byosoft.com.cn>,
"Chen, Lin Z" <lin.z.chen@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Huang, Long1" <long1.huang@intel.com>
Cc: "Bi, Dandan" <dandan.bi@intel.com>,
"Feng, Bob C" <bob.c.feng@intel.com>,
"Li, Zhuangzhi" <zhuangzhi.li@intel.com>
Subject: Re: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add Support for authenticated variable
Date: Thu, 20 Jan 2022 06:05:10 +0000 [thread overview]
Message-ID: <PH0PR11MB4966E951A053E59EAB85BF61965A9@PH0PR11MB4966.namprd11.prod.outlook.com> (raw)
In-Reply-To: <011701d80ce0$33d786c0$9b869440$@byosoft.com.cn>
Liming:
> -----Original Message-----
> From: gaoliming <gaoliming@byosoft.com.cn>
> Sent: Wednesday, January 19, 2022 10:57 AM
> To: Chen, Lin Z <lin.z.chen@intel.com>; devel@edk2.groups.io; Huang, Long1
> <long1.huang@intel.com>
> Cc: Bi, Dandan <dandan.bi@intel.com>; Feng, Bob C <bob.c.feng@intel.com>;
> Zhang, Di <di.zhang@intel.com>; Li, Zhuangzhi <zhuangzhi.li@intel.com>
> Subject: 回复: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add
> Support for authenticated variable
>
> Lin:
>
> > -----邮件原件-----
> > 发件人: Chen, Lin Z <lin.z.chen@intel.com>
> > 发送时间: 2022年1月18日 8:42
> > 收件人: Gao, Liming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io;
> > Huang, Long1 <long1.huang@intel.com>
> > 抄送: Bi, Dandan <dandan.bi@intel.com>; Feng, Bob C
> > <bob.c.feng@intel.com>; Zhang, Di <di.zhang@intel.com>; Li, Zhuangzhi
> > <zhuangzhi.li@intel.com>
> > 主题: RE: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add
> > Support for authenticated variable
> >
> > Hi Liming,
> >
> > Pls see my comments below.
> >
> > 1.
> > PcdNvStoreDefaultValueBuffer type is DynamicEx. Its PcdGetPtr is same to
> > PcdGetExPtr. This change is not required.
> >
> > [Lin] It'll get alignment with PEI phase reference If using PcdGetExPtr
> version.
> > Edk2/MdeModulePkg/Universal/PCD/Pei/Pcd.c#166
> > DataBuffer = (UINT8 *)PeiPcdGetPtrEx (&gEfiMdeModulePkgTokenSpaceGuid,
> > PcdToken (PcdNvStoreDefaultValueBuffer));
> >
> PcdPei is different. It is Pcd driver. It can't consume the real PcdLib.
> So, it doesn't use PcdLib PcdGetPtr() API.
> It uses the internal function PeiPcdGetPtrEx() to get PCD value and size.
>
> HiiDataBase is normal DXE driver. It can depend on the real PcdLib. So, it
> uses PcdLib PcdGetPtr() API.
> Seemly, current code brings confuse. If so, I am OK to make this change.
> And, please also update PcdGetSize (PcdNvStoreDefaultValueBuffer) with
> LibPcdGetExSize()
>
> > 2.
> > VariableStorage data buffer is from PcdNvStoreDefaultValueBuffer.
> > PcdNvStoreDefaultValueBuffer is auto generated by BaseTools.
> > By design, its data format is always normal variable storage format.
> > So, its value can't be auth variable format.
> >
> > [Lin] BaseTools can generate authenticated variable storage format now
> (see
> > https://edk2.groups.io/g/devel/message/83329),
> > since previous FCE tool generates authenticated format, we want to keep
> > variable storage format no changes after switching to StructurePcd.
> >
> Sorry, I miss the previous change in BaseTools. Normal variable storage is
> enough for Tools and Code.
> The default setting format can be always normal variable storage. The
> consumer code logic can be simple.
> I don't know what purpose to keep the alignment with FCE tool behavior. Is
> there other tool or code to use
> the generated PcdNvStoreDefaultValueBuffer?
>
We have the usage that writing the entire VPD (which has default setup value)
to variable region upon first boot. And the variable region needs to be in
authenticated format when secure boot is enabled, so we also need the VPD in
authenticated format. Hope it clarifies your question.
> Thanks
> Liming
> > Thanks,
> > Lin
> >
> > -----Original Message-----
> > From: gaoliming <gaoliming@byosoft.com.cn>
> > Sent: Monday, January 17, 2022 6:56 PM
> > To: devel@edk2.groups.io; Huang, Long1 <long1.huang@intel.com>
> > Cc: Chen, Lin Z <lin.z.chen@intel.com>; Bi, Dandan <dandan.bi@intel.com>;
> > Feng, Bob C <bob.c.feng@intel.com>
> > Subject: 回复: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add
> > Support for authenticated variable
> >
> > Long:
> > I add my comments below.
> >
> > > -----邮件原件-----
> > > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Long1
> > Huang
> > > 发送时间: 2022年1月11日 1:03
> > > 收件人: devel@edk2.groups.io
> > > 抄送: Huang Long <long1.huang@intel.com>; Liming Gao
> > > <gaoliming@byosoft.com.cn>; Chen Lin Z <lin.z.chen@intel.com>; Dandan
> > > Bi <dandan.bi@intel.com>
> > > 主题: [edk2-devel] [PATCH] MdeModulePkg/HiiDatabaseDxe: Add Support
> > for
> > > authenticated variable
> > >
> > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3796
> > >
> > > Database.c:
> > > 1. Replace PcdGetExPtr with PcdGetExPtr.
> > > 2. Add FindAuthVariableData function to parse authenticated variable
> > > type for getting a correct default value in
> PcdNvStoreDefaultValueBuffer.
> > >
> > > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > > Cc: Chen Lin Z <lin.z.chen@intel.com>
> > > Cc: Dandan Bi <dandan.bi@intel.com>
> > >
> > > Signed-off-by: Huang Long <long1.huang@intel.com>
> > > ---
> > > .../Universal/HiiDatabaseDxe/Database.c | 147
> > +++++++++++++-----
> > > .../HiiDatabaseDxe/HiiDatabaseDxe.inf | 3 +
> > > 2 files changed, 114 insertions(+), 36 deletions(-)
> > >
> > > diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
> > > b/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
> > > index 0b09c24d52..c055fa0f29 100644
> > > --- a/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
> > > +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/Database.c
> > > @@ -603,6 +603,45 @@ FindVariableData (
> > > return NULL;
> > >
> > > }
> > >
> > >
> > >
> > > +/**
> > >
> > > + Find the matched authenticated variable from the input variable
> > storage.
> > >
> > > +
> > >
> > > + @param[in] VariableStorage Point to the variable storage header.
> > >
> > > + @param[in] VarGuid A unique identifier for the variable.
> > >
> > > + @param[in] VarAttribute The attributes bitmask for the variable.
> > >
> > > + @param[in] VarName A Null-terminated ascii string that is
> > the
> > > name of the variable.
> > >
> > > +
> > >
> > > + @return Pointer to the matched variable header or NULL if not found.
> > >
> > > +**/
> > >
> > > +AUTHENTICATED_VARIABLE_HEADER *
> > >
> > > +FindAuthVariableData (
> > >
> > > + IN VARIABLE_STORE_HEADER *VariableStorage,
> > >
> > > + IN EFI_GUID *VarGuid,
> > >
> > > + IN UINT32 VarAttribute,
> > >
> > > + IN CHAR16 *VarName
> > >
> > > + )
> > >
> > > +{
> > >
> > > + AUTHENTICATED_VARIABLE_HEADER *AuthVariableHeader;
> > >
> > > + AUTHENTICATED_VARIABLE_HEADER *AuthVariableEnd;
> > >
> > > +
> > >
> > > + AuthVariableEnd = (AUTHENTICATED_VARIABLE_HEADER
> > *)((UINT8
> > > *)VariableStorage + VariableStorage->Size);
> > >
> > > + AuthVariableHeader = (AUTHENTICATED_VARIABLE_HEADER
> > > *)(VariableStorage + 1);
> > >
> > > + AuthVariableHeader = (AUTHENTICATED_VARIABLE_HEADER
> > > *)HEADER_ALIGN (AuthVariableHeader);
> > >
> > > + while (AuthVariableHeader < AuthVariableEnd) {
> > >
> > > + if (CompareGuid (&AuthVariableHeader->VendorGuid, VarGuid) &&
> > >
> > > + (AuthVariableHeader->Attributes == VarAttribute) &&
> > >
> > > + (StrCmp (VarName, (CHAR16 *)(AuthVariableHeader + 1)) == 0))
> > >
> > > + {
> > >
> > > + return AuthVariableHeader;
> > >
> > > + }
> > >
> > > +
> > >
> > > + AuthVariableHeader = (AUTHENTICATED_VARIABLE_HEADER
> > > *)((UINT8 *)AuthVariableHeader + sizeof
> > > (AUTHENTICATED_VARIABLE_HEADER) + AuthVariableHeader->NameSize +
> > > AuthVariableHeader->DataSize);
> > >
> > > + AuthVariableHeader = (AUTHENTICATED_VARIABLE_HEADER
> > > *)HEADER_ALIGN (AuthVariableHeader);
> > >
> > > + }
> > >
> > > +
> > >
> > > + return NULL;
> > >
> > > +}
> > >
> > > +
> > >
> > > /**
> > >
> > > Find question default value from PcdNvStoreDefaultValueBuffer
> > >
> > >
> > >
> > > @@ -626,25 +665,27 @@ FindQuestionDefaultSetting (
> > > IN BOOLEAN BitFieldQuestion
> > >
> > > )
> > >
> > > {
> > >
> > > - VARIABLE_HEADER *VariableHeader;
> > >
> > > - VARIABLE_STORE_HEADER *VariableStorage;
> > >
> > > - LIST_ENTRY *Link;
> > >
> > > - VARSTORAGE_DEFAULT_DATA *Entry;
> > >
> > > - VARIABLE_STORE_HEADER *NvStoreBuffer;
> > >
> > > - UINT8 *DataBuffer;
> > >
> > > - UINT8 *BufferEnd;
> > >
> > > - BOOLEAN IsFound;
> > >
> > > - UINTN Index;
> > >
> > > - UINT32 BufferValue;
> > >
> > > - UINT32 BitFieldVal;
> > >
> > > - UINTN BitOffset;
> > >
> > > - UINTN ByteOffset;
> > >
> > > - UINTN BitWidth;
> > >
> > > - UINTN StartBit;
> > >
> > > - UINTN EndBit;
> > >
> > > - PCD_DEFAULT_DATA *DataHeader;
> > >
> > > - PCD_DEFAULT_INFO *DefaultInfo;
> > >
> > > - PCD_DATA_DELTA *DeltaData;
> > >
> > > + VARIABLE_HEADER *VariableHeader;
> > >
> > > + AUTHENTICATED_VARIABLE_HEADER *AuthVariableHeader;
> > >
> > > + VARIABLE_STORE_HEADER *VariableStorage;
> > >
> > > + LIST_ENTRY *Link;
> > >
> > > + VARSTORAGE_DEFAULT_DATA *Entry;
> > >
> > > + VARIABLE_STORE_HEADER *NvStoreBuffer;
> > >
> > > + UINT8 *DataBuffer;
> > >
> > > + UINT8 *BufferEnd;
> > >
> > > + BOOLEAN AuthFormat;
> > >
> > > + BOOLEAN IsFound;
> > >
> > > + UINTN Index;
> > >
> > > + UINT32 BufferValue;
> > >
> > > + UINT32 BitFieldVal;
> > >
> > > + UINTN BitOffset;
> > >
> > > + UINTN ByteOffset;
> > >
> > > + UINTN BitWidth;
> > >
> > > + UINTN StartBit;
> > >
> > > + UINTN EndBit;
> > >
> > > + PCD_DEFAULT_DATA *DataHeader;
> > >
> > > + PCD_DEFAULT_INFO *DefaultInfo;
> > >
> > > + PCD_DATA_DELTA *DeltaData;
> > >
> > >
> > >
> > > if (gSkuId == 0xFFFFFFFFFFFFFFFF) {
> > >
> > > gSkuId = LibPcdGetSku ();
> > >
> > > @@ -666,7 +707,7 @@ FindQuestionDefaultSetting (
> > > }
> > >
> > >
> > >
> > > if (Link == &gVarStorageList) {
> > >
> > > - DataBuffer = (UINT8 *)PcdGetPtr
> > > (PcdNvStoreDefaultValueBuffer);
> > >
> > > + DataBuffer = (UINT8 *)PcdGetExPtr
> > > (&gEfiMdeModulePkgTokenSpaceGuid, PcdNvStoreDefaultValueBuffer);
> > >
> > PcdNvStoreDefaultValueBuffer type is DynamicEx. Its PcdGetPtr is same to
> > PcdGetExPtr. This change is not required.
> >
> > > gNvDefaultStoreSize =
> > ((PCD_NV_STORE_DEFAULT_BUFFER_HEADER
> > > *)DataBuffer)->Length;
> > >
> > > //
> > >
> > > // The first section data includes NV storage default setting.
> > >
> > > @@ -750,12 +791,27 @@ FindQuestionDefaultSetting (
> > > return EFI_NOT_FOUND;
> > >
> > > }
> > >
> > >
> > >
> > > + //
> > >
> > > + // Judge if the variable type is authenticated, default is false
> > >
> > > + //
> > >
> > > + AuthFormat = FALSE;
> > >
> > > + if (CompareGuid (&VariableStorage->Signature,
> > > &gEfiAuthenticatedVariableGuid)) {
> > >
> > > + AuthFormat = TRUE;
> > >
> > > + }
> > >
> > > +
> > >
> >
> >
> > > //
> > >
> > > // Find the question default value from the variable storage
> > >
> > > //
> > >
> > > - VariableHeader = FindVariableData (VariableStorage,
> > > &EfiVarStore->Guid,
> > > EfiVarStore->Attributes, (CHAR16 *)EfiVarStore->Name);
> > >
> > > - if (VariableHeader == NULL) {
> > >
> > > - return EFI_NOT_FOUND;
> > >
> > > + if(AuthFormat) {
> > >
> > > + AuthVariableHeader = FindAuthVariableData (VariableStorage,
> > > &EfiVarStore->Guid, EfiVarStore->Attributes, (CHAR16
> > > *)EfiVarStore->Name);
> > >
> > > + if (AuthVariableHeader == NULL) {
> > >
> > > + return EFI_NOT_FOUND;
> > >
> > > + }
> > >
> > > + } else {
> > >
> > > + VariableHeader = FindVariableData (VariableStorage,
> > > &EfiVarStore->Guid, EfiVarStore->Attributes, (CHAR16
> > > *)EfiVarStore->Name);
> > >
> > > + if (VariableHeader == NULL) {
> > >
> > > + return EFI_NOT_FOUND;
> > >
> > > + }
> > >
> > > }
> > >
> > VariableStorage data buffer is from PcdNvStoreDefaultValueBuffer.
> > PcdNvStoreDefaultValueBuffer is auto generated by BaseTools.
> > By design, its data format is always normal variable storage format.
> > So, its value can't be auth variable format.
> >
> > Thanks
> > Liming
> > >
> > >
> > > StartBit = 0;
> > >
> > > @@ -770,20 +826,39 @@ FindQuestionDefaultSetting (
> > > Width = EndBit / 8 + 1;
> > >
> > > }
> > >
> > >
> > >
> > > - if (VariableHeader->DataSize < ByteOffset + Width) {
> > >
> > > - return EFI_INVALID_PARAMETER;
> > >
> > > - }
> > >
> > > + if(AuthFormat) {
> > >
> > > + if (AuthVariableHeader->DataSize < ByteOffset + Width) {
> > >
> > > + return EFI_INVALID_PARAMETER;
> > >
> > > + }
> > >
> > >
> > >
> > > - //
> > >
> > > - // Copy the question value
> > >
> > > - //
> > >
> > > - if (ValueBuffer != NULL) {
> > >
> > > - if (BitFieldQuestion) {
> > >
> > > - CopyMem (&BufferValue, (UINT8 *)VariableHeader + sizeof
> > > (VARIABLE_HEADER) + VariableHeader->NameSize + ByteOffset, Width);
> > >
> > > - BitFieldVal = BitFieldRead32 (BufferValue, StartBit, EndBit);
> > >
> > > - CopyMem (ValueBuffer, &BitFieldVal, Width);
> > >
> > > - } else {
> > >
> > > - CopyMem (ValueBuffer, (UINT8 *)VariableHeader + sizeof
> > > (VARIABLE_HEADER) + VariableHeader->NameSize +
> > > IfrQuestionHdr->VarStoreInfo.VarOffset, Width);
> > >
> > > + //
> > >
> > > + // Copy the question value
> > >
> > > + //
> > >
> > > + if (ValueBuffer != NULL) {
> > >
> > > + if (BitFieldQuestion) {
> > >
> > > + CopyMem (&BufferValue, (UINT8 *)AuthVariableHeader + sizeof
> > > (AUTHENTICATED_VARIABLE_HEADER) + AuthVariableHeader->NameSize +
> > > ByteOffset, Width);
> > >
> > > + BitFieldVal = BitFieldRead32 (BufferValue, StartBit, EndBit);
> > >
> > > + CopyMem (ValueBuffer, &BitFieldVal, Width);
> > >
> > > + } else {
> > >
> > > + CopyMem (ValueBuffer, (UINT8 *)AuthVariableHeader + sizeof
> > > (AUTHENTICATED_VARIABLE_HEADER) + AuthVariableHeader->NameSize +
> > > IfrQuestionHdr->VarStoreInfo.VarOffset, Width);
> > >
> > > + }
> > >
> > > + }
> > >
> > > + } else {
> > >
> > > + if (VariableHeader->DataSize < ByteOffset + Width) {
> > >
> > > + return EFI_INVALID_PARAMETER;
> > >
> > > + }
> > >
> > > +
> > >
> > > + //
> > >
> > > + // Copy the question value
> > >
> > > + //
> > >
> > > + if (ValueBuffer != NULL) {
> > >
> > > + if (BitFieldQuestion) {
> > >
> > > + CopyMem (&BufferValue, (UINT8 *)VariableHeader + sizeof
> > > (VARIABLE_HEADER) + VariableHeader->NameSize + ByteOffset, Width);
> > >
> > > + BitFieldVal = BitFieldRead32 (BufferValue, StartBit, EndBit);
> > >
> > > + CopyMem (ValueBuffer, &BitFieldVal, Width);
> > >
> > > + } else {
> > >
> > > + CopyMem (ValueBuffer, (UINT8 *)VariableHeader + sizeof
> > > (VARIABLE_HEADER) + VariableHeader->NameSize +
> > > IfrQuestionHdr->VarStoreInfo.VarOffset, Width);
> > >
> > > + }
> > >
> > > }
> > >
> > > }
> > >
> > >
> > >
> > > diff --git a/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
> > > b/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
> > > index 0116fb6ecb..dac4d614a8 100644
> > > --- a/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
> > > +++ b/MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
> > > @@ -86,6 +86,9 @@
> > > gEfiHiiImageDecoderNameJpegGuid
> > > |gEfiMdeModulePkgTokenSpaceGuid.PcdSupportHiiImageProtocol ##
> > > SOMETIMES_CONSUMES ## GUID
> > >
> > > gEfiHiiImageDecoderNamePngGuid
> > > |gEfiMdeModulePkgTokenSpaceGuid.PcdSupportHiiImageProtocol ##
> > > SOMETIMES_CONSUMES ## GUID
> > >
> > > gEdkiiIfrBitVarstoreGuid
> > > ## SOMETIMES_CONSUMES ## GUID
> > >
> > > + gEfiAuthenticatedVariableGuid
> > >
> > > + gEfiVariableGuid
> > >
> > > + gEfiMdeModulePkgTokenSpaceGuid
> > >
> > >
> > >
> > > [Depex]
> > >
> > > TRUE
> > >
> > > --
> > > 2.25.1
> > >
> > >
> > >
> > > -=-=-=-=-=-=
> > > Groups.io Links: You receive all messages sent to this group.
> > > View/Reply Online (#85447):
> > > https://edk2.groups.io/g/devel/message/85447
> > > Mute This Topic: https://groups.io/mt/88319448/4905953
> > > Group Owner: devel+owner@edk2.groups.io
> > > Unsubscribe: https://edk2.groups.io/g/devel/unsub
> > > [gaoliming@byosoft.com.cn]
> > > -=-=-=-=-=-=
> > >
> >
> >
>
>
next prev parent reply other threads:[~2022-01-20 6:05 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-10 17:02 [PATCH] MdeModulePkg/HiiDatabaseDxe: Add Support for authenticated variable Long1 Huang
2022-01-17 10:55 ` 回复: [edk2-devel] " gaoliming
2022-01-18 0:42 ` Chen Lin Z
2022-01-19 2:56 ` 回复: " gaoliming
2022-01-20 6:05 ` Zhang, Di [this message]
2022-01-21 5:15 ` gaoliming
2022-01-24 2:13 ` Zhang, Di
-- strict thread matches above, loose matches on Subject: below --
2022-01-12 17:06 Long1 Huang
2022-01-13 5:34 ` Dandan Bi
2022-01-17 1:13 ` Dandan Bi
2022-01-17 3:11 ` 回复: [edk2-devel] " gaoliming
2022-01-17 3:48 ` Dandan Bi
2022-01-19 1:59 ` Ni, Ray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB4966E951A053E59EAB85BF61965A9@PH0PR11MB4966.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox