**/\r
\r
#include "PiPei.h"\r
+#include "Platform.h"\r
#include <Library/DebugLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/PeiServicesLib.h>\r
VOID\r
)\r
{\r
+ BOOLEAN SecureS3Needed;\r
+\r
DEBUG ((EFI_D_INFO, "Platform PEI Firmware Volume Initialization\n"));\r
\r
//\r
// Create a memory allocation HOB for the PEI FV.\r
//\r
- // Note: This should be changed to ACPI NVS when S3 resume is enabled.\r
+ // Allocate as ACPI NVS is S3 is supported\r
//\r
BuildMemoryAllocationHob (\r
PcdGet32 (PcdOvmfPeiMemFvBase),\r
PcdGet32 (PcdOvmfPeiMemFvSize),\r
- EfiBootServicesData\r
+ mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData\r
);\r
\r
//\r
//\r
BuildFvHob (PcdGet32 (PcdOvmfDxeMemFvBase), PcdGet32 (PcdOvmfDxeMemFvSize));\r
\r
+ SecureS3Needed = mS3Supported && FeaturePcdGet (PcdSmmSmramRequire);\r
+\r
//\r
// Create a memory allocation HOB for the DXE FV.\r
//\r
+ // If "secure" S3 is needed, then SEC will decompress both PEI and DXE\r
+ // firmware volumes at S3 resume too, hence we need to keep away the OS from\r
+ // DXEFV as well. Otherwise we only need to keep away DXE itself from the\r
+ // DXEFV area.\r
+ //\r
BuildMemoryAllocationHob (\r
PcdGet32 (PcdOvmfDxeMemFvBase),\r
PcdGet32 (PcdOvmfDxeMemFvSize),\r
- EfiBootServicesData\r
+ SecureS3Needed ? EfiACPIMemoryNVS : EfiBootServicesData\r
);\r
\r
+ //\r
+ // Additionally, said decompression will use temporary memory above the end\r
+ // of DXEFV, so let's keep away the OS from there too.\r
+ //\r
+ if (SecureS3Needed) {\r
+ UINT32 DxeMemFvEnd;\r
+\r
+ DxeMemFvEnd = PcdGet32 (PcdOvmfDxeMemFvBase) +\r
+ PcdGet32 (PcdOvmfDxeMemFvSize);\r
+ BuildMemoryAllocationHob (\r
+ DxeMemFvEnd,\r
+ PcdGet32 (PcdOvmfDecompressionScratchEnd) - DxeMemFvEnd,\r
+ EfiACPIMemoryNVS\r
+ );\r
+ }\r
+\r
//\r
// Let PEI know about the DXE FV so it can find the DXE Core\r
//\r