Rebase on edk2-stable202505 #50

crawfxrd · 2025-07-08T20:49:18Z

Update from edk2-stable202108 to edk2-stable202505.

Cherry-pick some commits that were done by others or affects core code
Creates a new System76PayloadPkg as a copy of UefiPayloadPkg
- Imports copies of most modules that require modifications
Applies our changes on top

Resolves: #45

Notes

If testing from an existing checkout of edk2, or otherwise swapping between system76/system76-stable202108 and rebase-stable202508 then you have to do something like:

git clean -dffx
git submodule foreach git clean -dffx
git submodule update --init --recursive --checkout --force --progress
git submodule foreach git clean -dffx

TODO

Add Secure Boot key management
Add external FS drivers
Test on real hardware with NVIDIA dGPU

Add and install a protocol notification handler for gEfiDxeMmReadyToLockProtocolGuid, in order to to trigger MMI handler to install gEfiMmReadyToLockProtocolGuid protocol in Mm. Signed-off-by: Crystal Lee <CrystalLee@ami.com>

The doxygen comment for VarCheckHiiLibReceiveHiiBinHandler says that EFI_INVALID_PARAMETER should be returned if either of CommBuffer or CommBufferSize is NULL, but the test results in an early return of EFI_SUCCESS. Update the code to match the documentation. Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>

Building VarCheckHiiLib fails on my clang 19.1.6 setup with the error variable 'Status' is used uninitialized whenever 'if' condition is false due to the DispatchHandle != NULL test. Calling this function with a NULL handle makes no sense, so move the test to the function entry and return failure if appropriate. Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>

UefiPayloadPkg is used by non-UEFI bootloaders, e.g. coreboot. Shuo works on Xeon-SP coreboot and will contribute to the reviewing activity for UefiPayloadPkg. Signed-off-by: Shuo Liu <shuo.liu@intel.com>

Add the SecTpmMeasurementLib to support TpmMeasurementAndLogData in Sec phase. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Since TDVF has to measure FwCfg data from QEMU, it is required to cache the data with measurement in early phase. This can avoid changing the measurement order when reading the FwCfg process, which depends on multiple factors(depex, order in the firmware volume). Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Add QEMU_FW_CFG_CACHE_WORK_AREA in EFI_HOB_PLATFORM_INFO to support reading from cache in QemuFwCfgLib. Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

…tform Since the QEMU_FW_CFG_WORK_AREA is saved in EFI_HOB_PLATFORM_INFO and InitializePlatform would read by QemuFwCfg, TDVF should build the PlatformInfoHob before InitializePlatform. Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Since TDVF needs to cache and measure FwCfg, it is required to add an API to support cache with optional measurement and add some internal interfaces to support cache in QemuFwCfgLib. The new API is listed below: QemuFwCfgInitCache() The new Internal interfaces are listed below: InternalQemuFwCfgCacheReadBytes() InternalQemuFwCfgCacheSelectItem() InternalQemuFwCfgCacheGetWorkArea() InternalQemuFwCfgCacheResetWorkArea() InternalQemuFwCfgItemCached() InternalQemuFwCfgCacheReading() InternalQemuFwCfgInitCache() InternalQemuFwCfgCheckOvmfWorkArea() Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

OVMF uses FW_CFG_SELECTOR(0x510) and FW_CFG_IO_DATA(0x511) to get configuration information from QEMU. From the security perspective these information shall be measured before they're consumed. This patch reads the FwCfg items and caches them in a GuidHob. In the meanwhile these FwCfg items are measured as well. This is to avoid changing the order when reading the FwCfg process, which depends on multiple factors(depex, order in the Firmware volume). Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Move QemuFwCfgSupported and QemuFwCfgDmaSupported to the struct since they will be used as global variables in the DXE phase along with QEMU_FW_CFG_CACHE_WORK_AREA. Additionally, change its name to QEMU_FW_CFG_WORK_AREA. Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Since OVMF would initialize the platform info with FwCfg, TDVF needs to cache and measure the FwCfg at first. Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>

Add SweeAun as StandaloneMmPkg reviewer. Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>

The structure for the SPCR revision 4 table was originally named EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE. This prefix suggests it is an ACPI 4.0 structure, which it is not. This could cause confusion with genuine ACPI 4.0 structures and defines (eg EFI_ACPI_4_0_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_SIGNATURE, which is unrelated to SPCR revision 4). Rename the structure to EFI_ACPI_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_4. Signed-off-by: Sarah Walker <Sarah.Walker2@arm.com>

There will be build failure because of EFI_AP_PROCEDURE definition not found if MpInformation2.h is included by base type library. MpInformation2.h depends on MpService.h because of EFI_PROCESSOR_INFORMATION definition, and then MpService.h depends on PiMultiPhase.h because of EFI_AP_PROCEDURE definition. This patch updates MpInformation2.h to include PiMultiPhase.h instead of PiPei.h and also removes SecPlatformInformation.h including. It also does minor refinement to file header description. Signed-off-by: Star Zeng <star.zeng@intel.com>

Refactor the file to use the new type name EFI_MM_COMMUNICATE_HEADER. This is the same type but follows the new name and is more clear with upcoming Standalone MM support being added. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Adds a new library instance to support MM core functionality for performance in Standalone MM. - Add StandaloneMmCorePerformanceLib instance - Move common MM logic to a new file `MmCorePerformanceLib.c` - Define interfaces with implementation specific to MM environment type in `SmmCorePerformanceLibInternal.h` and implement those functions in the Standalone MM and Traditional MM specific C files Note: StandaloneMmCorePerformanceLib supports both `MM_CORE_STANDALONE` and `MM_STANDALONE` as some Standalone MM environments have privilege separation and need to link this functionality in a ring 3 Standalone MM driver that is outside the ring 0 Standalone MM core driver. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Adds a new library instance to support logging performance data in Standalone MM. - Add StandaloneMmPerformanceLib instance - Move common MM logic to a new file `SmmPerformanceLibInternal.c` - Since the library largely defers most logic to the performance measurement protocol a large degree of code can be shared between Standalone MM and Traditional MM. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

In case of the FV with VTF, the left size should be enough to add the minimum pad file size (EFI_FFS_FILE_HEADER, 0x18). It prevents the build error, "GenFv: ERROR 0006: invalid FFS file header checksum" caused by the pad file overwriting some header data in VTF. This includes these updates for CalculateFvSize() function. 1. If NumBlocks is not defined, ensure the minimum pad file size for the left size (if the pad file is required as VTF is not bottom aligned at end of block, insert EFI_FFS_FILE_HEADER to ensure the pad file size) 2. If NumBlocks is defined, report more clear error message (the required fv image size = 0x%x. the set fv image size = 0x%x. Free space left is not enough to add a pad file (0x18)) 3. Remove MaxPadFileSize, which is reported when the taken size is same as the total size. It can not be the actual left size to add an FFS file. It causes confusion when referring to the build log (FV Space Information) Signed-off-by: Phil Noh <Phil.Noh@amd.com>

Module PCD in compile information is missed in module_report.json Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>

The values of BootRecordDataPayloadSize and CommSize are incorrect. BootRecordDataPayloadSize should equal to SmmBootRecordDataSize - SmmBootRecordDataRetrieved CommSize should equal to OFFSET_OF (EFI_MM_COMMUNICATE_HEADER,Data) \ + (UINTN)MmCommBufferHeader->MessageLength SmmCommData->BootRecordSize should be set to BootRecordDataPayloadSize, instead of the total size of entire Smm boot record data. Signed-off-by: Wei6 Xu <wei6.xu@intel.com>

- FMMT tool would use the "PATH" environment variable for locating the required GUID tool. - On Windows-like system, batch file not found in the "PATH" environment variable when "shell=False". - This issue required commands to include program extensions or absolute paths. - This patch sets "shell=True" to extend the support for batch files, including scripts in BinWrappers under BaseTools. - Converted input commands from lists to strings to ensure proper argument interpretation in POSIX-like shell scripts. Signed-off-by: Jason1 Lin <jason1.lin@intel.com>

PcdStatusCodeUseSerial can be the dynamic PCD, which can't be used in MM drivers. So, defines gMmStatusCodeUseSerialHobGuid HOB to indicate StatusCode is reported via serial port or not. The value shall match with the PcdStatusCodeUseSerial. Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>

Produce gMmStatusCodeUseSerialHobGuid as MM Foundation HOB to describe the status code use serial port or not. Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>

…n MM This patch is to replace dynamic PcdStatusCodeUseSerial by the gMmStatusCodeUseSerialHobGuid. Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>

Correct the GCC GenFw and ld flag to build PRM run time modules. These changes are made for X64 GCC compiler, current present for AARCH64 only. Adds addition _X64_OBJCOPY_STRIPFLAG for X64 to retain required symbol during objcopy. Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>

Use AsciiStrLen function instead of AsciiStrSize to determine the length of Basic Auth string. Signed-off-by: Abner Chang <abner.chang@amd.com>

Hot Pluggable resource attribute was introduced in UEFI 2.11 and PI 1.9 specifications. This type should have an entry in the Attribute Conversion Table. Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>

AArch64 has no SVC mode, this was clearly copied from the AArch32 version, so drop it. Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>