During normal boot, when EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is installed
by platform BDS, the SMM IPL locks SMRAM (TSEG) through
EFI_SMM_ACCESS2_PROTOCOL.Lock(). See SmmIplReadyToLockEventNotify() in
"MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c".
During S3 resume, S3Resume2Pei locks SMRAM (TSEG) through
PEI_SMM_ACCESS_PPI.Lock(), before executing the boot script. See
S3ResumeExecuteBootScript() in
"UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c".
Those are precisely the places where the SMRAM at the default SMBASE
should be locked too. Add such an action to SmramAccessLock().
Notes:
- The SMRAM at the default SMBASE doesn't support the "closed and
unlocked" state (and so it can't be closed without locking it, and it
cannot be opened after closing it).
- The SMRAM at the default SMBASE isn't (and shouldn't) be exposed with
another EFI_SMRAM_DESCRIPTOR in the GetCapabilities() members of
EFI_SMM_ACCESS2_PROTOCOL / PEI_SMM_ACCESS_PPI. That's because the SMRAM
in question is not "general purpose"; it's only QEMU's solution to
protect the initial SMI handler from the OS, when a VCPU is hot-plugged.
Consequently, the state of the SMRAM at the default SMBASE is not
reflected in the "OpenState" / "LockState" fields of the protocol and
PPI.
- An alternative to extending SmramAccessLock() would be to register an
EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL notify in SmmAccess2Dxe (for locking
at normal boot), and an EDKII_S3_SMM_INIT_DONE_GUID PPI notify in
SmmAccessPei (for locking at S3 resume).
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1512
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Message-Id: <
20200129214412.2361-10-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
\r
InitQ35TsegMbytes ();\r
GetStates (&mAccess2.LockState, &mAccess2.OpenState);\r
+\r
+ //\r
+ // SmramAccessLock() depends on "mQ35SmramAtDefaultSmbase"; init the latter\r
+ // just before exposing the former via EFI_SMM_ACCESS2_PROTOCOL.Lock().\r
+ //\r
+ InitQ35SmramAtDefaultSmbase ();\r
+\r
return gBS->InstallMultipleProtocolInterfaces (&ImageHandle,\r
&gEfiSmmAccess2ProtocolGuid, &mAccess2,\r
NULL);\r
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire\r
\r
[Pcd]\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase\r
gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes\r
\r
[Depex]\r
CopyMem (GuidHob, &SmramMap[DescIdxSmmS3ResumeState],\r
sizeof SmramMap[DescIdxSmmS3ResumeState]);\r
\r
+ //\r
+ // SmramAccessLock() depends on "mQ35SmramAtDefaultSmbase"; init the latter\r
+ // just before exposing the former via PEI_SMM_ACCESS_PPI.Lock().\r
+ //\r
+ InitQ35SmramAtDefaultSmbase ();\r
+\r
//\r
// We're done. The next step should succeed, but even if it fails, we can't\r
// roll back the above BuildGuidHob() allocation, because PEI doesn't support\r
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire\r
\r
[Pcd]\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase\r
gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes\r
\r
[Ppis]\r
//\r
UINT16 mQ35TsegMbytes;\r
\r
+//\r
+// The value of PcdQ35SmramAtDefaultSmbase is saved into this variable at\r
+// module startup.\r
+//\r
+STATIC BOOLEAN mQ35SmramAtDefaultSmbase;\r
+\r
/**\r
Save PcdQ35TsegMbytes into mQ35TsegMbytes.\r
**/\r
mQ35TsegMbytes = PcdGet16 (PcdQ35TsegMbytes);\r
}\r
\r
+/**\r
+ Save PcdQ35SmramAtDefaultSmbase into mQ35SmramAtDefaultSmbase.\r
+**/\r
+VOID\r
+InitQ35SmramAtDefaultSmbase (\r
+ VOID\r
+ )\r
+{\r
+ mQ35SmramAtDefaultSmbase = PcdGetBool (PcdQ35SmramAtDefaultSmbase);\r
+}\r
+\r
/**\r
Read the MCH_SMRAM and ESMRAMC registers, and update the LockState and\r
OpenState fields in the PEI_SMM_ACCESS_PPI / EFI_SMM_ACCESS2_PROTOCOL object,\r
PciOr8 (DRAMC_REGISTER_Q35 (MCH_ESMRAMC), MCH_ESMRAMC_T_EN);\r
PciOr8 (DRAMC_REGISTER_Q35 (MCH_SMRAM), MCH_SMRAM_D_LCK);\r
\r
+ //\r
+ // Close & lock the SMRAM at the default SMBASE, if it exists.\r
+ //\r
+ if (mQ35SmramAtDefaultSmbase) {\r
+ PciWrite8 (DRAMC_REGISTER_Q35 (MCH_DEFAULT_SMBASE_CTL),\r
+ MCH_DEFAULT_SMBASE_LCK);\r
+ }\r
+\r
GetStates (LockState, OpenState);\r
if (*OpenState || !*LockState) {\r
return EFI_DEVICE_ERROR;\r
VOID\r
);\r
\r
+/**\r
+ Save PcdQ35SmramAtDefaultSmbase into mQ35SmramAtDefaultSmbase.\r
+**/\r
+VOID\r
+InitQ35SmramAtDefaultSmbase (\r
+ VOID\r
+ );\r
+\r
/**\r
Read the MCH_SMRAM and ESMRAMC registers, and update the LockState and\r
OpenState fields in the PEI_SMM_ACCESS_PPI / EFI_SMM_ACCESS2_PROTOCOL object,\r
projects / mirror_edk2.git / commitdiff