With the help of the VirtioFsFuseOpenDir() and
VirtioFsFuseReleaseFileOrDir() functions introduced previously, we can now
open and close the root directory. So let's implement
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL.OpenVolume().
OpenVolume() creates a new EFI_FILE_PROTOCOL object -- a reference to the
root directory of the filesystem. Thus, we have to start tracking
references to EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, lest we unbind the
virtio-fs device while files are open.
There are two methods that release an EFI_FILE_PROTOCOL object: the
Close() and the Delete() member functions. In particular, they are not
allowed to fail with regard to resource management -- they must release
resources unconditionally. Thus, for rolling back the resource accounting
that we do in EFI_SIMPLE_FILE_SYSTEM_PROTOCOL.OpenVolume(), we have to
implement the first versions of EFI_FILE_PROTOCOL.Close() and
EFI_FILE_PROTOCOL.Delete() in this patch as well.
With this patch applied, the UEFI shell can enter the root directory of
the Virtio Filesystem (such as with the "FS3:" shell command), and the
"DIR" shell command exercises FUSE_OPENDIR and FUSE_RELEASEDIR, according
to the virtiofsd log. The "DIR" command reports the root directory as if
it were empty; probably because at this time, we only allow the shell to
open and to close the root directory, but not to read it.
Laszlo Ersek [Wed, 16 Dec 2020 21:10:47 +0000 (22:10 +0100)]
OvmfPkg/VirtioFsDxe: add shared wrapper for FUSE_RELEASE / FUSE_RELEASEDIR
The FUSE_RELEASE and FUSE_RELEASEDIR commands only differ in the opcode.
Add a common function called VirtioFsFuseReleaseFileOrDir() for sending
either command.
Laszlo Ersek [Wed, 16 Dec 2020 21:10:44 +0000 (22:10 +0100)]
OvmfPkg/VirtioFsDxe: map "errno" values to EFI_STATUS
The VirtioFsFuseCheckResponse() function dedicates the EFI_DEVICE_ERROR
status code to the case when the Virtio Filesystem device explicitly
returns an error via the "VIRTIO_FS_FUSE_RESPONSE.Error" field.
Said field effectively carries a Linux "errno" value. Introduce a helper
function for mapping "errno" values to (hopefully) reasonable EFI_STATUS
codes. This way we'll be able to propagate "errno" values as EFI_STATUS
return codes along the UEFI call stack -- in some detail anyway.
Laszlo Ersek [Wed, 16 Dec 2020 21:10:43 +0000 (22:10 +0100)]
OvmfPkg/VirtioFsDxe: introduce the basic FUSE request/response headers
Introduce the VIRTIO_FS_FUSE_REQUEST and VIRTIO_FS_FUSE_RESPONSE
structures, which are the common headers for the various FUSE
request/response structures.
Introduce the VirtioFsFuseNewRequest() helper function for populating
VIRTIO_FS_FUSE_REQUEST, from parameters and from a VIRTIO_FS-level request
counter.
Introduce the VirtioFsFuseCheckResponse() helper function for verifying
most FUSE response types that begin with the VIRTIO_FS_FUSE_RESPONSE
header.
Laszlo Ersek [Wed, 16 Dec 2020 21:10:42 +0000 (22:10 +0100)]
OvmfPkg/VirtioFsDxe: add a scatter-gather list data type
In preparation for the variously structured FUSE request/response
exchanges that virtio-fs uses, introduce a scatter-gather list data type.
This will let us express FUSE request-response pairs flexibly.
Add a function for validating whether a (request buffer list, response
buffer list) pair is well-formed, and supported by the Virtio Filesystem
device's queue depth.
Add another function for mapping and submitting a validated pair of
scatter-gather lists to the Virtio Filesystem device.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3097 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20201216211125.19496-6-lersek@redhat.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
[lersek@redhat.com: suppress useless VS2019 warning about signed/unsigned
comparison in VirtioFsSgListsValidate()]
Add the VirtioFsInit(), VirtioFsUninit(), and VirtioFsExitBoot()
functions.
In VirtioFsInit():
- Verify the host-side config of the virtio-fs device.
- Save the filesystem label ("tag") for later, from the configuration area
of the virtio-fs device.
- Save the virtio queue size for later as well.
- Set up the virtio ring for sending requests.
In VirtioFsUninit():
- Reset the device.
- Tear down the virtio ring.
In VirtioFsExitBoot():
- Reset the device.
With this patch, the UEFI connect / disconnect controller operations
involve virtio setup / teardown; they are visible in the virtio-fs
daemon's log file. The virtiofsd log also confirms the device reset in
VirtioFsExitBoot(), when an OS is booted while the virtio-fs device is
bound.
Laszlo Ersek [Wed, 16 Dec 2020 21:10:40 +0000 (22:10 +0100)]
OvmfPkg/VirtioFsDxe: DriverBinding: open VirtioDevice, install SimpleFs
Complete the Supported, Start, and Stop member functions of
EFI_DRIVER_BINDING_PROTOCOL sufficiently for exercising the UEFI driver
model:
- bind virtio-fs devices,
- produce placeholder EFI_SIMPLE_FILE_SYSTEM_PROTOCOL instances on them.
On the "TO_START" (= Virtio) side, the VirtioFsBindingSupported() function
verifies the Virtio subsystem ID for the virtio-fs device (decimal 26 --
see
<https://github.com/oasis-tcs/virtio-spec/blob/87fa6b5d8155/virtio-fs.tex>).
Beyond that, no actual Virtio setup is performed for now. Those bits are
going to be implemented later in this series.
On the "BY_START" (= UEFI filesystem) side, the VirtioFsOpenVolume()
function -- which is the sole EFI_SIMPLE_FILE_SYSTEM_PROTOCOL member
function -- is a stub; it always returns EFI_NO_MEDIA, for now.
The "CONNECT", "DISCONNECT", and "MAP -R" UEFI Shell commands can be used
to test this patch.
Laszlo Ersek [Wed, 16 Dec 2020 21:10:38 +0000 (22:10 +0100)]
OvmfPkg: introduce VirtioFsDxe
The purpose of the driver is to ease file exchange (file sharing) between
the guest firmware and the virtualization host. The driver is supposed to
interoperate with QEMU's "virtiofsd" (Virtio Filesystem Daemon).
VirtioFsDxe will bind virtio-fs devices, and produce
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL instances on them.
In the longer term, assuming QEMU will create "bootorder" fw_cfg file
entries for virtio-fs devices, booting guest OSes from host-side
directories should become possible (dependent on the matching
QemuBootOrderLib enhancement).
Add the skeleton of the driver. Install EFI_DRIVER_BINDING_PROTOCOL with
stub member functions. Install EFI_COMPONENT_NAME2_PROTOCOL with final
member functions. This suffices for the DRIVERS command in the UEFI Shell
to list the driver with a human-readable name.
The file permission model is described immediately in the INF file as a
comment block, for future reference.
Laszlo Ersek [Mon, 21 Dec 2020 11:36:57 +0000 (12:36 +0100)]
EmbeddedPkg/TimeBaseLib: remove useless truncation to 32-bit
EfiTimeToEpoch() calls EfiGetEpochDays() internally, which (reasonably)
returns a UINTN. But then EfiTimeToEpoch() truncates the EfiGetEpochDays()
retval to UINT32 for no good reason, effectively restricting Time->Year
under 2106.
This truncation was pointed out with a valid warning (= build error) by
VS2019.
Allow EfiTimeToEpoch() to return / propagate a UINTN value.
Laszlo Ersek [Mon, 21 Dec 2020 11:36:56 +0000 (12:36 +0100)]
ArmPlatformPkg/PL031RealTimeClockLib: cast EfiTimeToEpoch() val. to UINT32
In preparation for changing EfiTimeToEpoch()'s return type to UINTN, cast
EfiTimeToEpoch()'s retval to UINT32 explicitly, in LibSetTime().
Currently, this is a no-op, and even after widening the retval, it will
make no difference, as LibSetTime() explicitly restricts Time->Year under
2106, given that "the PL031 is a 32-bit counter counting seconds". The
patch is made for preventing compiler warnings.
Bob Feng [Mon, 21 Dec 2020 03:19:30 +0000 (11:19 +0800)]
EmulatorPkg/PlatformCI: stick with "ubuntu-18.04" for now
"vm_image: 'ubuntu-latest'" now refers to Ubuntu Focal (20.04LTS), not
Ubuntu Bionic (18.04LTS), according to
<https://github.com/actions/virtual-environments/issues/1816>.
In Focal, an EmulatorPkg linking step fails like this:
> INFO - "gcc" -o
> /home/vsts/work/1/s/Build/EmulatorIA32/DEBUG_GCC5/IA32/Host -m32
> -L/usr/X11R6/lib
> -Wl,--start-group,@/home/vsts/work/1/s/Build/EmulatorIA32/DEBUG_GCC5/IA32/EmulatorPkg/Unix/Host/Host/OUTPUT/static_library_files.lst,--end-group
> -lpthread -ldl -lXext -lX11
> INFO - /usr/bin/ld: skipping incompatible
> /usr/lib/gcc/x86_64-linux-gnu/9/libgcc.a when searching for -lgcc
> INFO - /usr/bin/ld: cannot find -lgcc
> INFO - /usr/bin/ld: skipping incompatible
> /usr/lib/gcc/x86_64-linux-gnu/9/libgcc.a when searching for -lgcc
> INFO - /usr/bin/ld: cannot find -lgcc
> INFO - collect2: error: ld returned 1 exit status
> INFO - make: *** [GNUmakefile:421:
> /home/vsts/work/1/s/Build/EmulatorIA32/DEBUG_GCC5/IA32/EmulatorPkg/Unix/Host/Host/DEBUG/Host]
> Error 1
So for now, stick with the previous Ubuntu environment, which continues to
be supported, per
<https://github.com/actions/virtual-environments/issues/1816>.
The following ticket has been opened about this particular issue:
<https://github.com/actions/virtual-environments/issues/2324>.
Signed-off-by: Bob Feng <bob.c.feng@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Ray Ni <ray.ni@intel.com>
Message-Id: <20201221031930.1799-1-bob.c.feng@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: update the commit message to refer to GCC rather than
to QEMU]
Add logic to flush all UART transmit buffers if there is a
config change from Reset(), SetAttributes() or SetControl().
Use a timeout in the flush operation, so the system can
continue to boot if the transmit buffers can not be
flushed for any reason.
This change prevents lost characters on serial debug logs
and serial consoles when a config change is made. It also
prevents a UART from getting into a bad state or reporting
error status due to characters being transmitted at the same
time registers are updated with new communications settings.
Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
Quan Nguyen [Wed, 16 Dec 2020 13:25:21 +0000 (20:25 +0700)]
ArmPkg/ArmGicV3Dxe: Use ArmGicSetInterruptPriority() to set priority
When Affinity Routing enabled, the GICR_IPRIORITYR<n> is used to set
priority for SGIs and PPIs instead of GICD_IPRIORITYR<n>.
This patch calls ArmGicSetInterruptPriority() helper function when
setting priority to handle the difference.
Quan Nguyen [Wed, 16 Dec 2020 13:25:20 +0000 (20:25 +0700)]
ArmPkg/ArmGicLib: Add ArmGicSetInterruptPriority() helper function
According to ARM IHI 0069F, section 11.9.18 GICD_IPRIORITYR<n>,
Interrupt Priority Registers, n = 0 - 254, when affinity routing is
enabled for the Security state of an interrupt, GICR_IPRIORITYR<n>
is used instead of GICD_IPRIORITYR<n> where n = 0 to 7 (that is, for
SGIs and PPIs).
As setting interrupt priority for SGIs and PPIs are handled using
difference registers depends on the mode, this patch instroduces
ArmGicSetInterruptPriority() helper function to handle the discrepancy.
Leif Lindholm [Fri, 18 Dec 2020 13:57:11 +0000 (13:57 +0000)]
ArmPkg/ArmLib: move ArmReadIdPfr0/1 into private header ArmV7Lib.h
ArmReadIdPfr0 () and ArmReadIdPfr1 () are now used only inside ArmLib.
Remove the prototypes from the public header to discourage new id
register accessor additions, and direct id register access in general.
Move them into local header Arm/ArmV7Lib.h.
Leif Lindholm [Fri, 18 Dec 2020 13:51:35 +0000 (13:51 +0000)]
ArmPkg/ArmLib: rename AArch64 variant of ArmReadIdPfr0
ArmReadIdPfr0 is now used only inside ArmLib. Rename the AArch64
variant ArmReadIdAA64Pfr0 and add a declaration of that only into
local header AArch64/AArch64Lib.h.
The ID register access was the only difference between them, so
after switching to the ArmHasGicSystemRegisters () helper, there
is no longer any need to have separate ARM/AArch64 source files
for ArmGicArchSecLib, so unify them and drop the subdirectories.
The ID register access was the only difference between them, so
after switching to the ArmHasGicSystemRegisters () helper, there
is no longer any need to have separate ARM/AArch64 source files
for ArmGicArchLib, so unify them and drop the subdirectories.
(more precisely, it is a pattern from (slot, pin) to (interrupt link),
but function<->pin is an identity mapping in the QEMU hardware, so we
can just use (slot, function) rather than (slot, pin) on the left hand
side. But I digress.)
The ACPI _PRT object is generated by QEMU; it describes this map.
(2) Another map is
(interrupt link) --> { set of possible interrupt numbers,
for this link }
This map is given by the LNK[A..D] ACPI objects, also given by QEMU.
(3) What the firmware is expected to do is:
(3a) for each interrupt link, select an *actual* interrupt from the set
that's possible for that link, yielding a deterministic map
(interrupt link) --> (actual interrupt number)
and
(3b) for each PCI device/function with an interrupt pin, resolve the
functional composition, and program the result into the Interrupt Line
register of the device.
In OVMF, we do not parse the rotating map described under (1) from
QEMU's _PRT object. Instead, we duplicate the code. This is not a
problem.
In OVMF, we also do not parse the map described under (2) from QEMU's
ACPI content. Instead, we pick a specific selection (3a) that we
"apriori" know satisfies (2). This is also not a problem. OVMF's
particular selection is the PciHostIrqs table.
and our specific pick in OVMF, in the PciHostIrqs table, is
LNKA -> 10
LNKB -> 10
LNKC -> 11
LNKD -> 11
)
In OVMF, we also cover step (3b), in the SetPciIntLine() function.
What's missing in OVMF -- and what this patch corrects -- is that we
currently fail to program our selection for table (3) into the hardware.
We pick a specific LNKx->IRQ# mapping for each interrupt link, and we
correctly program the PCI Interrupt Line registers through those
link-to-IRQ mappings -- but we don't tell the hardware about the
link-to-IRQ mappings. More precisely, we program such a link-to-IRQ
mapping table into the hardware that is then not matched by the mapping
we use for programming the PCI device/function interrupt lines. As a
result, some PCI Interrupt Line registers will have impossible values --
a given (slot, function) may use a particular link, but also report an
interrupt number that was never picked for that link.
Output of Linux PCI Interrupt Links for i440fx before the patch:
Commit cee5b0441af3 ("UefiCpuPkg/CpuDxe: Fix boot error", 2020-12-08)
breaks CpuDxe (and with it, OVMF boot) on AMD processors. AMD processors
cannot do far jumps to 64-bit targets, as documented in the AMD64
Architecture Programmer's Manual.
Revert the patch until a RETFQ-based substitute is posted.
Cc: Eric Dong <eric.dong@intel.com> Cc: Guo Dong <guo.dong@intel.com> Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Thomas Lendacky <thomas.lendacky@amd.com>
Ref: https://edk2.groups.io/g/devel/message/68597
Ref: https://www.redhat.com/archives/edk2-devel-archive/2020-December/msg00493.html Reported-by: Thomas Lendacky <thomas.lendacky@amd.com>
Ref: https://edk2.groups.io/g/devel/message/68832
Ref: https://www.redhat.com/archives/edk2-devel-archive/2020-December/msg00737.html Reported-by: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20201217085055.15131-1-lersek@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3121
[lersek@redhat.com: add BZ link]
James Bottomley [Wed, 16 Dec 2020 01:41:46 +0000 (17:41 -0800)]
OvmfPkg/AmdSev/SecretDxe: make secret location naming generic
It is anticipated that this part of the code will work for both Intel
TDX and AMD SEV, so remove the SEV specific naming and change to
ConfidentialComputing as a more architecture neutral prefix. Apart
from the symbol rename, there are no code changes.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Message-Id: <20201216014146.2229-3-jejb@linux.ibm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
James Bottomley [Wed, 16 Dec 2020 01:41:45 +0000 (17:41 -0800)]
OvmfPkg: Change SEV Launch Secret API to be UINT64 for base and size
Although the SEV secret location must always be below 4GB, the same is
not necessarily true for Intel TDX, so change the configuration table
to contain a pair of UINT64 parameters instead of UINT32 so that any X64
location can be represented.
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Message-Id: <20201216014146.2229-2-jejb@linux.ibm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Laszlo Ersek [Thu, 17 Dec 2020 20:40:49 +0000 (21:40 +0100)]
OvmfPkg/PlatformCI: stick with "ubuntu-18.04" for now
"vm_image: 'ubuntu-latest'" now refers to Ubuntu Focal (20.04LTS), not
Ubuntu Bionic (18.04LTS), according to
<https://github.com/actions/virtual-environments/issues/1816>.
In Focal, the "qemu" package is a dummy package with no dependencies, and
so the actual emulators are not pulled in. Compare:
However, while that package does make the emulators available, the
emulators crash. So for now, stick with the previous Ubuntu environment,
which continues to be supported, per
<https://github.com/actions/virtual-environments/issues/1816>.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20201217204049.26817-3-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Laszlo Ersek [Thu, 17 Dec 2020 20:40:48 +0000 (21:40 +0100)]
ArmVirtPkg/PlatformCI: stick with "ubuntu-18.04" for now
"vm_image: 'ubuntu-latest'" now refers to Ubuntu Focal (20.04LTS), not
Ubuntu Bionic (18.04LTS), according to
<https://github.com/actions/virtual-environments/issues/1816>.
In Focal, the "qemu" package is a dummy package with no dependencies, and
so the actual emulators are not pulled in. Compare:
However, while that package does make the emulators available, the
emulators crash. So for now, stick with the previous Ubuntu environment,
which continues to be supported, per
<https://github.com/actions/virtual-environments/issues/1816>.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20201217204049.26817-2-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Signed-off-by: Ting Ye <ting.ye@intel.com> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Fan Wang <fan.wang@intel.com> Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Reviewed-by: Nickle Wang <nickle.wang@hpe.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Signed-off-by: Ting Ye <ting.ye@intel.com> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Fan Wang <fan.wang@intel.com> Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Reviewed-by: Nickle Wang <nickle.wang@hpe.com>
Sheng Wei [Mon, 7 Dec 2020 08:34:44 +0000 (16:34 +0800)]
MdePkg/include: Add DMAR SATC Table Definition
SoC Integrated Address Translation Cache (SATC) reporting structure is one
of the Remapping Structure, which is imported since Intel(R) Virtualization
Technology for Directed I/O (VT-D) Architecture Specification v3.2.
Chen, Christine [Mon, 7 Dec 2020 07:57:54 +0000 (15:57 +0800)]
BaseTools: Add comments in StructurePcd DSC file.
Currently VFR files have variables comments which will not be
added into StructurePcd.dsc file. Thus, it is not convenient for
developer to Modify Pcds. To solve this problem, The comments will
be modified to user friendly format and added after the corresponding
Pcd values in StructurePcd.dsc file.
Cc: Bob Feng <bob.c.feng@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Yuwei Chen <yuwei.chen@intel.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Add host based unit tests for the multiple lock case using Variable Lock
Protocol, Variable Policy Protocol, and mixes of Variable Lock Protocol
and Variable Policy Protocol.
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Bret Barkelew <Bret.Barkelew@microsoft.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
The VariableLock shim currently fails if called twice because the
underlying Variable Policy engine returns an error if a policy is set
on an existing variable.
This breaks existing code which expect it to silently pass if a variable
is locked multiple times (because it should "be locked").
Refactor the shim to confirm that the variable is indeed locked and then
change the error to EFI_SUCCESS and generate a DEBUG_ERROR message so
the duplicate lock can be reported in a debug log and removed.
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Bret Barkelew <Bret.Barkelew@microsoft.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
James Bottomley [Mon, 30 Nov 2020 20:28:19 +0000 (12:28 -0800)]
OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table
Now that the secret area is protected by a boot time HOB, extract its
location details into a configuration table referenced by
gSevLaunchSecretGuid so the boot loader or OS can locate it before a
call to ExitBootServices().
James Bottomley [Mon, 30 Nov 2020 20:28:17 +0000 (12:28 -0800)]
OvmfPkg: create a SEV secret area in the AmdSev memfd
SEV needs an area to place an injected secret where OVMF can find it
and pass it up as a ConfigurationTable. This patch implements the
area itself as an addition to the SEV enhanced reset vector table using
an additional guid (4c2eb361-7d9b-4cc3-8081-127c90d3d294).
James Bottomley [Mon, 30 Nov 2020 20:28:16 +0000 (12:28 -0800)]
OvmfPkg/AmdSev: add Grub Firmware Volume Package
This is used to package up the grub bootloader into a firmware volume
where it can be executed as a shell like the UEFI Shell. Grub itself
is built as a minimal entity into a Fv and then added as a boot
option. By default the UEFI shell isn't built but for debugging
purposes it can be enabled and will then be presented as a boot option
(This should never be allowed for secure boot in an external data
centre but may be useful for local debugging). Finally all other boot
options except grub and possibly the shell are stripped and the boot
timeout forced to 0 so the system will not enter a setup menu and will
only boot to grub. This is done by copying the
Library/PlatformBootManagerLib into Library/PlatformBootManagerLibGrub
and then customizing it.
Boot failure is fatal to try to prevent secret theft.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3077 Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Message-Id: <20201130202819.3910-4-jejb@linux.ibm.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
[lersek@redhat.com: replace local variable initialization with assignment] Reviewed-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: squash 'OvmfPkg: add "gGrubFileGuid=Grub" to
GuidCheck.IgnoreDuplicates', reviewed stand-alone by Phil (msgid
<e6eae551-8563-ccfb-5547-7a97da6d46e5@redhat.com>) and Ard (msgid
<10aeda37-def6-d9a4-6e02-4c66c1492f57@arm.com>)]
James Bottomley [Mon, 30 Nov 2020 20:28:15 +0000 (12:28 -0800)]
OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF
This commit represents the file copied from OvmfPkgX64 with minor
changes to change the build name.
This package will form the basis for adding Sev specific features.
Since everything must go into a single rom file for attestation, the
separated build of code and variables is eliminated.
James Bottomley [Mon, 30 Nov 2020 20:28:14 +0000 (12:28 -0800)]
OvmfPkg/ResetVector: convert SEV-ES Reset Block structure to be GUIDed
Convert the current ES reset block structure to an extensible guid
based structure by appending a header and length, which allow for
multiple guid based data packets to be inserted.
Ray Ni [Fri, 11 Dec 2020 10:46:26 +0000 (18:46 +0800)]
UefiCpuPkg/CpuFeature: reduce time complexty to calc CpuInfo.First
CpuInfo.First stores whether the current thread belongs to the first
package in the platform, first core in a package, first thread in a
core.
But the time complexity of original algorithm to calculate the
CpuInfo.First is O (n) * O (p) * O (c).
n: number of processors
p: number of packages
c: number of cores per package
The patch trades time with space by storing the first package, first
core per package, first thread per core in an array.
The time complexity becomes O (n).
Signed-off-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Cc: Yun Lou <yun.lou@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
Star Zeng [Tue, 8 Dec 2020 10:38:44 +0000 (18:38 +0800)]
UefiCpuPkg RegisterCpuFeaturesLib: Use AllocatePages() for InitOrder
The required buffer size for InitOrder will be 96K when NumberOfCpus=1024.
sizeof (CPU_FEATURES_INIT_ORDER) = 96
NumberOfCpus = 1024 = 1K
sizeof (CPU_FEATURES_INIT_ORDER) * NumberOfCpus = 96K
AllocateZeroPool() will call to PeiServicesAllocatePool() which will use
EFI_HOB_MEMORY_POOL to management memory pool.
EFI_HOB_MEMORY_POOL.Header.HobLength is UINT16 type, so there is no way
for AllocateZeroPool() to allocate > 64K memory.
So AllocateZeroPool() could not be used anymore for the case above or
even bigger required buffer size.
This patch updates the code to use AllocatePages() instead of
AllocateZeroPool() to allocate buffer for InitOrder.
Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Laszlo Ersek <lersek@redhat.com>
The PCCT Table is used to describe how the OSPM can
communicate with entities outside the platform. It
describes which memory spaces correspond to which
entity as well as a few of the needed information
to handle the communications.
This new PCCT parser dumps the values and names of
the table fields. It also performs some validation
on the table's fields.
Signed-off-by: Marc Moisson-Franckhauser <marc.moisson-franckhauser@arm.com> Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
The field validator function provides means to validate fields
in the ACPI table structures. To print complex field types a
print formatter function is provided.
The field validator was being invoked for simple data fields
for which the default print format is used. However, the field
validator function was not invoked if a print formatter function
was provided.
This problem is noticed when a Generic Address Structure (GAS)
is printed using DumpGas() and a field validator is present
to validate the GAS structure.
To fix this move the invocation of the field validator after
the field is printed such that the validation function is
called even when a print formatter function is present.
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>
Implementation of EFI EX Protocol according to UEFI spec
2.8 Section 29.7.2 EFI REST EX Protocol.
This is the network stack based EFI REST EX protocol instance.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Fan Wang <fan.wang@intel.com> Signed-off-by: Ting Ye <ting.ye@intel.com> Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Fan Wang <fan.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Reviewed-by: Nickle Wang <nickle.wang@hpe.com>
The edk2 CI runs the "cspell" spell checker tool. Some words
are not recognized by the tool, triggering errors.
This patch modifies some spelling/wording detected by cspell.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Pierre Gondois [Fri, 6 Nov 2020 09:47:47 +0000 (09:47 +0000)]
ArmPlatformPkg: Fix Ecc error 10006 in ArmPlatformPkg.dsc
This patch fixes the following Ecc reported error:
There should be no unnecessary inclusion of library
classes in the INF file
This comes with the additional information:
"The Library Class [TimeBaseLib] is not used
in any platform"
"The Library Class [PL011UartClockLib] is not used
in any platform"
"The Library Class [PL011UartLib] is not used
in any platform"
Indeed, the PL011SerialPortLib module requires the
PL011UartClockLib and PL011UartLib libraries.
The PL031RealTimeClockLib module requires the TimeBaseLib
library.
ArmPlatformPkg/ArmPlatformPkg.dsc builds the two modules,
but doesn't build the required libraries. This patch adds
the missing libraries to the [LibraryClasses.common] section.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Pierre Gondois [Fri, 23 Oct 2020 14:32:26 +0000 (15:32 +0100)]
ArmPlatformPkg: Fix Ecc error 10014 in LcdGraphicsOutputDxe
This patch fixes the following Ecc reported error:
No used module files found
The source file
[ArmPlatformPkg/Drivers/LcdGraphicsOutputDxe/LcdGraphicsOutputDxe.h]
is existing in module directory but it is not described
in INF file.
Files in [Sources.common] are also alphabetically re-ordered.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Pierre Gondois [Fri, 23 Oct 2020 14:18:04 +0000 (15:18 +0100)]
ArmPlatformPkg: Fix Ecc error 10016 in LcdPlatformNullLib
This patch fixes the following Ecc reported error:
Module file has FILE_GUID collision with other
module file
The two .inf files with clashing GUID are:
edk2\ArmPlatformPkg\PrePeiCore\PrePeiCoreMPCore.inf
edk2\ArmPlatformPkg\Library\LcdPlatformNullLib\LcdPlatformNullLib.inf
The PrePeiCoreMPCore module has been imported in 2011 and the
LcdPlatformNullLib module has been created in 2017. The
PrePeiCoreMPCore has the precedence.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Current script only compares main DSC and output file datetime
to determine if re-generation required or not.
When UPD defined in sub DSC and was modified current script cannot
detect and will not re-generate output files which caused incremental
build issue.
Since UPD can be defined in any sub DSC the script has been updated
to compare all DSC datetime with output files to determine re-generation
is needed or not.
Cc: Maurice Ma <maurice.ma@intel.com> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> Cc: Star Zeng <star.zeng@intel.com> Signed-off-by: Chasel Chiu <chasel.chiu@intel.com> Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com> Reviewed-by: Yuwei Chen <yuwei.chen@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Tested-by: Yuwei Chen <yuwei.chen@intel.com>
When DXE drivers are dispatched above 4GB memory and
the system is already in 64bit mode, the address
setCodeSelectorLongJump in stack will be override
by parameter. so change to use 64bit address and
jump to qword address.
Signed-off-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
As shift = (OpCode >> 5) & 0x3, shift will never be larger than 0x3,
so the comparison between shift and 0x12 will always be false. The right
shift type of ASR is 0x2.
Abner Chang [Fri, 4 Dec 2020 01:41:33 +0000 (09:41 +0800)]
EmulatorPkg: Define default value of NETWORK_HTTP_ENABLE
BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=3104
Incorporate with commit 126115a9, set default NETWORK_HTTP_ENABLE
to FALSE.
Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Acked-by: Ray Ni <ray.ni@intel.com>
UnitTestFrameworkPg: Fix build failure of MdeModulePkg with UnitTestLib
o LIBRARY_CLASS for UnitTestLib has been extended to support the classes
required in building of MdeModulePkg
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com> Signed-off-by: Divneil Rai Wadhawan <divneil.r.wadhawan@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
If "Info" is a valid pointer to an EFI_FILE_SYSTEM_VOLUME_LABEL
structure, then "Info->VolumeLabel" denotes a valid array object.
When the "Info->VolumeLabel" expression is evaluated, as seen in
the LibFindFileSystem(), it is implicitly converted to
(&Info->VolumeLabel[0]). Because the object described by the
expression (Info->VolumeLabel[0]) is a valid CHAR16 object, its
address can never compare equal to NULL. Therefore, the condition
(Info->VolumeLabel == NULL) will always evaluate to FALSE.
Substitute the constant FALSE into the "if" statement, and
simplify the resultant code (eliminate the dead branch).
Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Dandan Bi <dandan.bi@intel.com> Cc: Eric Dong <eric.dong@intel.com> Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Ray Ni [Wed, 2 Dec 2020 01:51:31 +0000 (09:51 +0800)]
UefiCpuPkg/Feature: Support different thread count per core
Today's code assumes every core contains the same number of threads.
It's not always TRUE for certain model.
Such assumption causes system hang when thread count per core
is different and there is core or package dependency between CPU
features (using CPU_FEATURE_CORE_BEFORE/AFTER,
CPU_FEATURE_PACKAGE_BEFORE/AFTER).
The change removes such assumption by calculating the actual thread
count per package and per core.
Signed-off-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Cc: Yun Lou <yun.lou@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com>
Add NETWORK_HTTP_ENABLE macro and separate HttpDxe
and HttpUtilitiesDxe drivers from
HTTP_NETWORK_HTTP_BOOT_ENABLE macro.
Current NETWORK_HTTP_BOOT_ENABLE macro is defined to enable HTTP
boot feature in POST, this macro is not only enabling HTTP Boot
related modules but also enabling other generic HTTP modules
such as HttpDxe, HttpUtilitiesDxe and DnsDxe.
These HTTP base drivers would not be only used by HTTP boot
when we introduce the use case of Redfish implementation over
HTTP to edk2.
We should have a dedicate macro to enable generic HTTP functions
on Network stack and additionally provide NETWORK_HTTP_BOOT_ENABLE
for HTTP boot functionality for the use case that platform doesn't
require HTTP boot.
Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
- REDFISH_ENABLE definition to control EFI Redfish support
- Add Redfish platform host interface library to
EmulatorPkg build.
- Set RestExServiceDevicePath PCD value.
- Add Redfish host interface config EFI application
to EmulatorPkg build.
- Use Redfish DSC/FDF include file.
Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Acked-by: Ray Ni <ray.ni@intel.com>
Add RedfishPkg to DependencyCheck section in
yaml file.
Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Acked-by: Ray Ni <ray.ni@intel.com>
The EFI application to configure the network information of
Redfish service.
The configurations are stored in EFI variables.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Signed-off-by: Ting Ye <ting.ye@intel.com> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Fan Wang <fan.wang@intel.com> Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Acked-by: Ray Ni <ray.ni@intel.com>
Platform specific implementation of providing
Redfish host interface information.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Signed-off-by: Ting Ye <ting.ye@intel.com> Signed-off-by: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Fan Wang <fan.wang@intel.com> Signed-off-by: Abner Chang <abner.chang@hpe.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Nickle Wang <nickle.wang@hpe.com> Cc: Peter O'Hanley <peter.ohanley@hpe.com> Acked-by: Ray Ni <ray.ni@intel.com>
It is not necessary to have a PEI phase in the UEFI payload since no
specific PEI task is required. This patch adds a UefiPayloadEntry
driver to get UEFI Payload required information from the bootloaders,
convert them into a HOB list, load DXE core and transfer control to it.
Here is the change details:
1) Removed PEI phase, including Peicore, BlSupportPei, SecCore, etc.
2) Added UefiPayloadEntry driver. this is the only driver before DXE core.
3) Added Pure X64 support, dropped Pure IA32 (Could add later if required)
64bit payload with 32bit entry point is still supported.
4) Use one DSC file UefiPayloadPkg.dsc to support X64 and IA32X64 build.
Removed UefiPayloadIa32.dsc and UefiPayloadIa32X64.dsc
Tested with SBL and coreboot on QEMU.
Signed-off-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Maurice Ma <maurice.ma@intel.com> Reviewed-by: Benjamin You <benjamin.you@intel.com>
Rebecca Cran [Mon, 30 Nov 2020 05:34:12 +0000 (22:34 -0700)]
OvmfPkg/Bhyve: Fix various style issues
Fix ordering of includes, sources, libraries etc.
Remove leading/trailing underscores from include guards.
Change INF and DSC version numbers to be decimal.
Rebecca Cran [Mon, 30 Nov 2020 05:34:09 +0000 (22:34 -0700)]
OvmfPkg: Improve code style/formatting in BhyveFwCtlLib.c
The code style in Library/BhyveFwCtlLib/BhyveFwCtlLib.c was very
inconsistent. Fix it to pass the ECC tool checks by typedef'ing
structs, and improve indentation.
Chen, Christine [Tue, 24 Nov 2020 08:40:23 +0000 (16:40 +0800)]
BaseTools: Collect full Header files for struct finding.
Currently, only parts of the Header files can be collected which
caused some struct definition can not be found. To solve this issue,
Header files full collection has been added in this file to support
the struct finding.
Cc: Bob Feng <bob.c.feng@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Yuwei Chen <yuwei.chen@intel.com> Reviewed-by: Bob Feng <bob.c.feng@intel.com>
Rebecca Cran [Tue, 24 Nov 2020 00:57:33 +0000 (17:57 -0700)]
OvmfPkg/Bhyve: Copy Real16ToFlat32.asm and enable cache in CR0
Copy UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm to
OvmfPkg/Bhyve/ResetVector/Ia16, with one change, as has also been
made in XenResetVector:
- SEC_DEFAULT_CR0: enable cache (bit 30 or CD set to 0)
With the CD bit set to 1, this has the downside on AMD systems of
actually running with the cache disabled, which slows the entire system
to a crawl.
There's no need for this bit to be set in virtualized
environments.