Enable RTMR based measurement and measure boot for Td guest.
Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ken Lu <ken.lu@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
TdTcg2Dxe mimics the Security/Tcg/Tcg2Dxe. It does below tasks:
- Set up and install CC_EVENTLOG ACPI table
- Parse the GUIDed HOB (gCcEventEntryHobGuid) and create CC event log
- Measure handoff tables, Boot##### variables etc
- Measure Exit Boot Service failed
- Install CcMeasurement Protocol
Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ken Lu <ken.lu@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
TDVF set up an ACPI table (EFI_CC_EVENTLOG_ACPI_TABLE) to pass the
event-log information. The event log created by the TD owner contains
the hashes to reconstruct the MRTD and RTMR registers.
Please refer to Sec 4.3.3 in blow link:
https://www.intel.com/content/dam/develop/external/us/en/documents/
intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf
Please be noted, the definition of EFI_CC_EVENTLOG_ACPI_TABLE is a
little different from the above document. This difference is based on
below discussion:
- https://edk2.groups.io/g/devel/message/87396
- https://edk2.groups.io/g/devel/message/87402
This change will be reflected in the next version of the above document.
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Ken Lu <ken.lu@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
Add PCDs to records LAML/LASA field in CC EVENTLOG ACPI table.
Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ken Lu <ken.lu@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
TdHobList and Configuration FV are external data provided by Host VMM.
These are not trusted in Td guest. So they should be validated , measured
and extended to Td RTMR registers. In the meantime 2 EFI_CC_EVENT_HOB are
created. These 2 GUIDed HOBs carry the hash value of TdHobList and
Configuration FV. In DXE phase EFI_CC_EVENT can be created based on these
2 GUIDed HOBs.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
SecMeasurementLib is designed to do the measurement in SEC phase. In
current stage there are 2 functions introduced:
- MeasureHobList: Measure the Hoblist passed from the VMM.
- MeasureFvImage: Measure the FV image.
SecMeasurementLibTdx is the TDX version of the library.
Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ken Lu <ken.lu@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
EFI_CC_EVENT_HOB_GUID is the global ID of a GUIDed HOB used to pass
TDX_DIGEST_VALUE from SEC to a DXE Driver ( This DXE driver will
be introduced in the following commit in this patch-sets ). In that
DXE driver this GUIDed HOB will be parsed and the TDX_DIGEST_VALUE
then will be extracted. After that a EFI_CC_EVENT will be created
based on it.
Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
This is the Cryptographic library instance for SEC. The motivation of
this library is to support SHA384 in SEC phase for Td guest. So only
Hash/CryptSha512.c is included which supports SHA384 and SHA512. Other
cryptographics are added with the null version, such as CryptMd5Null.c.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
This library provides hash service by registered hash handler in Td
guest. Currently only SHA384 is supported. After that the hash value is
extended to Td RTMR registers which is similar to TPM PCRs.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
Sebastien Boeuf [Tue, 10 May 2022 12:50:46 +0000 (20:50 +0800)]
OvmfPkg: Don't access A20 gate register on Cloud Hypervisor
Since Cloud Hypervisor doesn't emulate an A20 gate register on I/O port
0x92, it's better to avoid accessing it when the platform is identified
as Cloud Hypervisor.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Sebastien Boeuf [Tue, 10 May 2022 12:50:45 +0000 (20:50 +0800)]
OvmfPkg: CloudHv: Rely on QemuFwCfgLibNull implementation
Since Cloud Hypervisor doesn't support the fw_cfg mechanism, it's more
appropriate to rely on QemuFwCfgLibNull implementation of QemuFwCfgLib
since it provides a null implementation that will not issue any PIO
accesses to ports 0x510 and 0x511.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Sebastien Boeuf [Tue, 10 May 2022 12:50:44 +0000 (20:50 +0800)]
OvmfPkg: Check for QemuFwCfg availability before accessing it
There are few places in the codebase assuming QemuFwCfg will be present
and supported, which can cause some issues when trying to rely on the
QemuFwCfgLibNull implementation of QemuFwCfgLib.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Sebastien Boeuf [Tue, 10 May 2022 12:50:43 +0000 (20:50 +0800)]
OvmfPkg: CloudHv: Fix FW_BASE_ADDRESS
The FW_BASE_ADDRESS value provided by OvmfPkgDefines.fdf.inc is
incorrect for the CloudHv target. We know the generated firmware
contains a PVH ELF header, meaning it will be loaded according to the
address provided through this header. And since we know this address
isn't going to change as it's part of CloudHvElfHeader.fdf.inc, we can
hardcode it through a new include file CloudHvDefines.fdf.inc, which
replaces the generic one OvmfPkgDefines.fdf.inc.
With this change, we prevent the firmware from accessing MMIO addresses
from the address range 0xffc00000-0xffffffff since we know the firmware
hasn't been loaded on this address range.
Gerd Hoffmann [Thu, 2 Jun 2022 08:42:15 +0000 (10:42 +0200)]
OvmfPkg/Microvm/pcie: mPhysMemAddressWidth tweak
microvm places the 64bit mmio space at the end of the physical address
space. So mPhysMemAddressWidth must be correct, otherwise the pci host
bridge setup throws an error because it thinks the 64bit mmio window is
not addressable.
On microvm we can simply use standard cpuid to figure the address width
because the host-phys-bits option (-cpu ${name},host-phys-bits=on) is
forced to be enabled. Side note: For 'pc' and 'q35' this is not the
case for backward compatibility reasons.
Min Xu [Tue, 31 May 2022 14:31:17 +0000 (22:31 +0800)]
OvmfPkg: Search EFI_RESOURCE_MEMORY_UNACCEPTED for Fw hoblist
In current TDVF implementation all unaccepted memory passed in Hoblist
are tagged as EFI_RESOURCE_MEMORY_UNACCEPTED. They're all accepted before
they can be accessed. After accepting memory region, the Hob ResourceType
is unchanged (still be EFI_RESOURCE_MEMORY_UNACCEPTED).
TDVF Config-B skip PEI phase and it tries to find a memory region which
is the largest one below 4GB. Then this memory region will be used as the
firmware hoblist.
So we should walk thru the input hoblist and search for the memory region
with the type of EFI_RESOURCE_MEMORY_UNACCEPTED.
Because EFI_RESOURCE_MEMORY_UNACCEPTED has not been officially in PI spec.
So it cannot be defined in MdePkg/Include/Pi/PiHob.h. As a temporary
solution it is defined in Hob.c.
There is a patch-set for lazy-accept very soon. In that patch-set
EFI_RESOURCE_MEMORY_UNACCEPTED will be defined in MdeModulePkg.
Min Xu [Tue, 31 May 2022 14:31:16 +0000 (22:31 +0800)]
OvmfPkg: Fix TDVMCALL error in ApRunLoop.nasm
According to GHCI Spec Table 2-1, in TDVMCALL R10 should be cleared
to 0 in input operands, and be checked for the return result.
https://cdrdv2.intel.com/v1/dl/getContent/726790
Cc: Erdem Aktas <erdemaktas@google.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Gonda [Wed, 1 Jun 2022 12:17:45 +0000 (14:17 +0200)]
OvmfPkg/ResetVector: Removing SEV-ES CPUID bit check
The SEV-ES bit of Fn800-001F[EAX] - Bit 3 is used for a host to
determine support for running SEV-ES guests. It should not be checked by
a guest to determine if it is running under SEV-ES. The guest should use
the SEV_STATUS MSR Bit 1 to determine if SEV-ES is enabled. This check
was not part of the original SEV-ES support and was added in a91b700e38. Removing the check makes this code consistent with the
Linux kernel
Fixes: a91b700e38 ("Ovmf/ResetVector: Simplify and consolidate the SEV features checks") Signed-off-by: Peter Gonda <pgonda@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
1. Currently, SpecRevision on USF spec is 0.7. Change to align it.
2. SpecRevision is not be patched into UniversalPayloadInfo.bin due to
different structure item name. Change item name from "HeaderRevision"
to "SpecRevision" to check the correct value can be patched.
Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Signed-off-by: Gua Guo <gua.guo@intel.com>
URL: https://universalpayload.github.io/documentation/
Currently, Identifier value is "UPLD", it needs to have correct value
"PLDH" based on Universal Payload Specification spec section 2.12.2
Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Signed-off-by: Gua Guo <gua.guo@intel.com>
URL: https://universalpayload.github.io/documentation/
Currently, Identifier value is "UPLD", it needs to have correct value
"PLDH" based on Universal Payload Specification spec section 2.12.2
Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Guo Dong <guo.dong@intel.com> Signed-off-by: Gua Guo <gua.guo@intel.com>
Gerd Hoffmann [Mon, 23 May 2022 13:45:04 +0000 (21:45 +0800)]
OvmfPkg: fix PcdFSBClock
kvm FSB clock is 1GHz, not 100 MHz. Timings are off by factor 10.
Fix all affected build configurations. Not changed: Microvm and
Cloudhw (they have already have the correct value), and Xen (has
no fixed frequency, the PCD is configured at runtime by platform
initialization code).
Fixes: c37cbc030d96 ("OvmfPkg: Switch timer in build time for OvmfPkg") Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Isaku Yamahata [Tue, 24 May 2022 07:53:46 +0000 (15:53 +0800)]
OvmfPkg: TdxDxe: Fix AsmRelocateApMailBoxLoop
In TDX, Application Processor busy-loops on Mailbox for OS to issue
MpProtectedModeWakeupCommandWakeup command to UEFI. As the AP acking to
it, it clears the command member according to ACPI spec 6.4, 5.2.12.19
Multiprocessor Wakeup Structure: "The application processor need clear the
command to Noop(0) as the acknowledgement that the command is received."
However, AsmRelocateApMailBoxLoop wrongly clears WakeupVector. Correctly
clear command instead of WakeupVector.
Without this patch, TD guest kernel fails to boot APs.
Fixes: fae5c1464d ("OvmfPkg: Add TdxDxe driver") Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Min Xu <min.m.xu@intel.com>
Tom Lendacky [Mon, 16 May 2022 20:24:02 +0000 (15:24 -0500)]
OvmfPkg: Make an Ia32/X64 hybrid build work with SEV
The BaseMemEncryptSevLib functionality was updated to rely on the use of
the OVMF/SEV workarea to check for SEV guests. However, this area is only
updated when running the X64 OVMF build, not the hybrid Ia32/X64 build.
Base SEV support is allowed under the Ia32/X64 build, but it now fails
to boot as a result of the change.
Update the ResetVector code to check for SEV features when built for
32-bit mode, not just 64-bit mode (requiring updates to both the Ia32
and Ia32X64 fdf files).
Fixes: f1d1c337e7c0575da7fd248b2dd9cffc755940df Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Michael Roth <michael.roth@amd.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
CcProbeLib is designed to check the vm guest type. The OvmfPkg/CcProbeLib
reads the OvmfWorkArea (0x80B000) to get the vm guest type which is
written by each guest (SEV or TDX guest). But in SMM drivers the access
to OvmfWorkArea is illegal. PiSmmCpuDxeSmm.inf is an example. It uses
IoLib which in OvmfPkgX64 BaseIoLibIntrinsicSev.inf is included. The
IoLib probes if the working guest is td guest by calling CcProbe().
So CcProbeLibNull will be included when SMM_REQUIRE is set. Currently
only TDVF uses CcProbe to check the guest type, and TDVF doesn't
support SMM, so this fix has no side-effect.
Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <quic_llindhol@quicinc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Dann Frazier <dann.frazier@canonical.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Tested-by: dann frazier <dann.frazier@canonical.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
Adds an instance of VariableFlashInfoLib to the platform build as
it is a new library class introduced in MdeModulePkg.
Cc: Guo Dong <guo.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Maurice Ma <maurice.ma@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Guo Dong <guo.dong@intel.com>
Adds support to the UEFI variable fault tolerant write (FTW) drivers
to receive FTW base and size information dynamically via the Variable
Flash Information library.
Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Updates VariableRuntimeDxe, VariableSmm, and VariableStandaloneMm
to acquire variable flash information from the Variable Flash
Information library.
Note: This introduces a dependency on VariableFlashInfoLib in these
modules. Therefore, a platform building the variable modules must
specify an instance of VariableFlashInfoLib in their platform build.
Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Adds a new library class VariableFlashInfoLib that abstracts access
to variable flash information. The instance provided first attempts
to retrieve information from the Variable Flash Info HOB. If that
HOB is not present, it falls back to the PCDs defined in
MdeModulePkg.
This fall back behavior provides backward compatibility for platforms
that only provide PCDs but also allows platforms that need to
dynamically provide the information using the Variable Flash Info HOB
to do so at runtime.
Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Adds a new GUID that is used to identify a HOB that passes variable
flash information to UEFI variable drivers in HOB consumption phases
such as DXE, Traditional MM, and Standalone MM.
This information was previously passed directly with PCDs such
as EfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase
and gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize.
However, the Standalone MM variable driver instance does not have
direct access to the PCD database. Therefore, this HOB will first
be considered as the source for variable flash information and
if platforms do not produce the HOB, reading the information from
the PCDs directly will be a backup to provide backward
compatibility.
Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Michael Kubacki [Tue, 17 May 2022 21:54:36 +0000 (17:54 -0400)]
.azurepipelines: Fix cspell version to v5.20.0
The v5.21.0 update introduced a number of new issues that might
impact stable tag integration so this fixes the version to the
previous release.
Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
This value can be revisited in the future to update the
Liu, Zhiguang [Thu, 12 May 2022 10:54:59 +0000 (18:54 +0800)]
UefiPayloadPkg: Connect all root bridge in PlatformBootManagerBeforeConsole
Some ConIn or ConOut device may not in the first root bridge, so connect all
root bridge before detect ConIn and ConOut device.
Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Maurice Ma <maurice.ma@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Liu, Zhiguang [Thu, 12 May 2022 10:54:58 +0000 (18:54 +0800)]
UefiPayloadPkg: Add Serial IO device path according to related protocol
Current code follow some rules to check if the PCI device connected to a
serial port device, but some platform or hardware doesn't follow such rule.
By locating gEfiSerialIoProtocolGuid protocol, we can find the related
device path.
Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Maurice Ma <maurice.ma@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Liu, Zhiguang [Thu, 12 May 2022 10:54:57 +0000 (18:54 +0800)]
UefiPayloadPkg: Simplify code logic
A little overdesign about VisitAllPciInstances function, since there are
two call back functions. Simplify the code logic by combining the two call
back functions, and unused parameters.
Change the PROTOCOL_INSTANCE_CALLBACK to SIMPLE_PROTOCOL_INSTANCE_CALLBACK
because the former is also defined in OvmfPkg. Rename it to avoid confusion.
Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Maurice Ma <maurice.ma@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Current free pool routine from PiSmmCore will inspect memory guard status
for target buffer without considering pool headers. This could lead to
`IsMemoryGuarded` function to return incorrect results.
In that sense, allocating a 0 sized pool could cause an allocated buffer
directly points into a guard page, which is legal. However, trying to
free this pool will cause the routine changed in this commit to read XP
pages, which leads to page fault.
This change will inspect memory guarded with pool headers. This can avoid
errors when a pool content happens to be on a page boundary.
Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
In OvmfPkgX64 we enable 2 different CpuMpPei and CpuDxe drivers. The
difference between the drivers is the MpInitLib or MpInitLibUp. This is
acomplished by adding a MpInitLibDepLib.
In IntelTdxX64 we enable 2 versions of CpuDxe drivers. It is because PEI
is skipped in IntelTdxX64.
Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
In Td guest CpuDxe driver uses the MpInitLibUp, the other guest type
use the MpInitLib. So we install different Protocols according to
the current working guest type.
Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
Td guest should use MpInitLibUp, other guest use the MpInitLib. So
in SecMain.c different PPI is installed according to the working
guest type.
Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
The Pei libs depend on the corresponding PPI. The Dxe libs depend on the
corresponding Protocol.
Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
MpInitLibDepLib is a set of libraries which depend on PPI/Protocol.
This patch defines the related PPI/Protocols in OvmfPkg.
Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
Yi Li [Tue, 10 May 2022 07:19:07 +0000 (15:19 +0800)]
CryptoPkg/openssl: disable codestyle checks for generated files
Files generated by process_files.pl from openssl sources should not be checked for edk2 code style.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Yi Li [Tue, 10 May 2022 07:19:06 +0000 (15:19 +0800)]
CryptoPkg/openssl: update generated files
Run process_files.pl with the current openssl submodule version.
Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Yi Li [Tue, 10 May 2022 07:19:05 +0000 (15:19 +0800)]
CryptoPkg: Update process_files.pl to automatically add PCD config option
Recommend from Gerd:
(2) Keep the EC config option, but update process_files.pl to
automatically add the PcdEcEnabled config option handling
to the files it generates.
When remove 'no-ec' from openssl configure list, will automatically remove
'OPENSSL_NO_EC', 'OPENSSL_NO_ECDH', 'OPENSSL_NO_ECDSA', 'OPENSSL_NO_TLS1_3',
form header, and add '/ec/.', '/sm2/.' files to INF files.
Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Yi Li [Tue, 10 May 2022 07:19:04 +0000 (15:19 +0800)]
CryptoPkg: Separate auto-generated openssl config and edk2 openssl config
Move auto-generated openssl config to openssl/opensslconf_generated,
And openssl/opensslconf.h will contain both edk2 conditional openssl
feature and openssl/opensslconf_generated.
Will make two part more clear.
New conditional feture code in opensslconf.h will look like:
/* Autogenerated conditional openssl feature list starts here */
[.....]
/* Autogenerated conditional openssl feature list ends here */
Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Yi Li [Tue, 10 May 2022 07:19:03 +0000 (15:19 +0800)]
CryptoPkg: Rename PCD about openssl EC configuration
PcdOpensslXXXEnabled is a more appropriate choice.
Signed-off-by: Yi Li <yi1.li@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Chao Li [Fri, 22 Apr 2022 07:44:27 +0000 (15:44 +0800)]
.pytool: Fix python command error in self introduction doc
Fix misspelling of word "Prerequisites".
In the step 5 of the Prerequisites section, the python command was missing
the "-r" option, what the command really meant was to install from the given
requirements file, so fix that.
The original flow of PcRtcInit() is like:
1. Guarantee atomic accesses to the RTC time registers and
read out the value.
2. Program RTC register B. (adopt 12h mode or 24h mode. Current
bios code sets RTC to 24h mode by default).
3. Then function ConvertRtcTimeToEfiTime converts the RTC time
value to their 24h mode by checking the hour format bit
(1:24h mode,0:12h mode).
And here lies the problem: Step3 will fail to adjust the value
if Step2 already sets RTC to 24h mode. The hour value in 12h mode
will not be converted to its 24h mode.
The solution is to program RTC register B a little later when all
the original RTC registers' value is retrieved, adjusted
and validated.
ConvertRtcTimeToEfiTime is modified to be more robust.
Reviewed-by: Ray Ni <ray.ni@intel.com> Signed-off-by: Zhuoran Chao <zhuoran.chao@intel.com>
Tan, Dun [Sat, 7 May 2022 03:57:32 +0000 (11:57 +0800)]
UefiPayloadPkg: Fix the UPL build failure
Add double quotes to LlvmObjcopyPath.
Blank space in LlvmObjcopyPath will cause build failure.
This build failure is introduced by 2306555bf908 (
"UefiPayloadPkg: Fix IA32 entry build failure").
Signed-off-by: Dun Tan <dun.tan@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Sean Rhodes <sean@starlabs.systems>
UefiCpuPkg define a new Protocol with the new services
SmmWaitForAllProcessor(), which can be used by SMI handler
to optionally wait for other APs to complete SMM rendezvous in
relaxed AP mode.
VariableSmm and VariableStandaloneMM driver in MdeModulePkg need
to use this services but MdeModulePkg can't depend on UefiCpuPkg.
Thus, the solution is moving SmmCpuRendezvouslib.h from UefiCpuPkg
to MdePkg and creating SmmCpuRendezvousLib NullLib version
implementation in MdePkg as dependency for the pkg that can't
depend on UefiCpuPkg.
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Michael Kubacki <mikuback@linux.microsoft.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Zhihao Li <zhihao.li@intel.com> Acked-by: Liming Gao <gaoliming@byosoft.com.cn>
Yu Pu [Mon, 28 Mar 2022 15:33:22 +0000 (23:33 +0800)]
UefiPayloadPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
There are two libraries: MdePkg/CpuLib and UefiCpuPkg/UefiCpuLib and
UefiCpuPkg/UefiCpuLib will be merged to MdePkg/CpuLib. To avoid build
failure, add CpuLib dependency to all modules that depend on UefiCpuLib.
Cc: Guo Dong <guo.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Maurice Ma <maurice.ma@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Signed-off-by: Yu Pu <yu.pu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
Yu Pu [Mon, 28 Mar 2022 15:29:18 +0000 (23:29 +0800)]
UefiCpuPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
There are two libraries: MdePkg/CpuLib and UefiCpuPkg/UefiCpuLib and
UefiCpuPkg/UefiCpuLib will be merged to MdePkg/CpuLib. To avoid build
failure, add CpuLib dependency to all modules that depend on UefiCpuLib.
Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Yu Pu <yu.pu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
Yu Pu [Mon, 28 Mar 2022 15:16:27 +0000 (23:16 +0800)]
OvmfPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
There are two libraries: MdePkg/CpuLib and UefiCpuPkg/UefiCpuLib and
UefiCpuPkg/UefiCpuLib will be merged to MdePkg/CpuLib. To avoid build
failure, add CpuLib dependency to all modules that depend on UefiCpuLib.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Yu Pu <yu.pu@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Yu Pu [Mon, 28 Mar 2022 15:05:57 +0000 (23:05 +0800)]
IntelFsp2WrapperPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
There are two libraries: MdePkg/CpuLib and UefiCpuPkg/UefiCpuLib and
UefiCpuPkg/UefiCpuLib will be merged to MdePkg/CpuLib. To avoid build
failure, add CpuLib dependency to all modules that depend on UefiCpuLib.
Cc: Chasel Chiu <chasel.chiu@intel.com> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> Cc: Star Zeng <star.zeng@intel.com> Signed-off-by: Yu Pu <yu.pu@intel.com> Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Yu Pu [Mon, 28 Mar 2022 14:44:47 +0000 (22:44 +0800)]
IntelFsp2Pkg: Add CpuLib to module INFs that depend on UefiCpuLib
There are two libraries: MdePkg/CpuLib and UefiCpuPkg/UefiCpuLib and
UefiCpuPkg/UefiCpuLib will be merged to MdePkg/CpuLib. To avoid build
failure, add CpuLib dependency to all modules that depend on UefiCpuLib.
Cc: Chasel Chiu <chasel.chiu@intel.com> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> Cc: Star Zeng <star.zeng@intel.com> Signed-off-by: Yu Pu <yu.pu@intel.com> Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Yu Pu [Mon, 28 Mar 2022 15:12:08 +0000 (23:12 +0800)]
MdePkg: Add CpuLib to module INFs that depend on UefiCpuLib.
There are two libraries: MdePkg/CpuLib and UefiCpuPkg/UefiCpuLib and
UefiCpuPkg/UefiCpuLib will be merged to MdePkg/CpuLib. To avoid build
failure, add CpuLib dependency to all modules that depend on UefiCpuLib.
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Signed-off-by: Yu Pu <yu.pu@intel.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
UefiPayloadPkg: Add definition for PayloadCommandLine HOB
Add definition for UNIVERSAL_PAYLOAD_COMMAND_LINE Hob.
This Hob is used to pass command Line to Payload.
Signed-off-by: Dun Tan <dun.tan@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Cc: Benjamin You <benjamin.you@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
The FMMT python tool is used for firmware files operation, which has
the Fv/FFs-based 'View'&'Add'&'Delete'&'Replace' operation function:
1.Parse a FD(Firmware Device) / FV(Firmware Volume) / FFS(Firmware Files)
2.Add a new FFS into a FV file (both included in a FD file or not)
3.Replace an FFS in a FV file with a new FFS file
4.Delete an FFS in a FV file (both included in a FD file or not)
5.Extract the FFS from a FV file (both included in a FD file or not)
This version of FMMT Python tool does not support PEIM rebase feature,
this feature will be added in future update.
Currently the FMMT C tool is saved in edk2-staging repo, but its
quality and coding style can't meet the Edk2 quality, which is hard to
maintain (Hard/Duplicate Code; Regression bugs; Restrict usage).
The new Python version keeps same functions with origin C version. It
has higher quality and better coding style, and it is much easier to
extend new functions and to maintain.
ArmPlatformPkg: Fix target initialisation in cmd_load_symbols.py
The debugger in Arm Development Studio 2021.2 doesn't work with
"ec = debugger.getExecutionContext(0)" because it's subsequently unable
to access memory. Fix it by switching to
"ec = debugger.getCurrentExecutionContext()".
The documentation for waitForStop() says:
"It is not needed after a call to stop() because stop() is blocking."
Corvin Köhne [Wed, 13 Oct 2021 09:19:36 +0000 (11:19 +0200)]
OvmfPkg/Bhyve: add support for QemuFwCfg
QemuFwCfg is much more powerful than BhyveFwCtl. Sadly, BhyveFwCtl
decided to use the same IO ports as QemuFwCfg. It's not possible to use
both interfaces simultaneously. So, prefer QemuFwCfg over BhyveFwCtl.
Signed-off-by: Corvin Köhne <c.koehne@beckhoff.com> Reviewed-by: Rebecca Cran <rebecca@bsdio.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Peter Grehan <grehan@freebsd.org> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
In the Dynamic-Library-File template, add missing output file
declarations. These files are generated by the template and other rules
explicitly depend on them.
This change resolves missing dependency issues we encountered while
running a recursive make with job control.
Signed-off-by: Jake Garver <jake@nvidia.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
OvmfPkg/VirtioGpuDxe: query native display resolution from host
Try query native display resolution from the host. When successful,
setup PcdVideoHorizontalResolution and PcdVideoVerticalResolution
accordingly and add the video mode to the GOP mode list if needed.
Add new function to initialize the GOP, move over setup code. Handle
initialization first, specifically before calling GopQueryMode(), so
GopQueryMode is never called before GopInitialize() did complete.
OvmfPkg/VirtioGpuDxe: use GopQueryMode in GopSetMode
Call GopQueryMode() in GopSetMode(), use the ModeInfo returned when
setting the mode. This is needed to properly handle modes which are
not on the static mGopResolutions list.
Extend VirtioGpuSendCommand() to support commands which return data,
rename the function to VirtioGpuSendCommandWithReply() to indicate that.
Add a new VirtioGpuSendCommand() function which is just a thin wrapper
around VirtioGpuSendCommandWithReply() so existing code continues to
work without changes.
Signed-off-by: Bo Chang Ke <bo-changx.ke@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>