From: Laszlo Ersek Date: Tue, 4 Mar 2014 08:03:23 +0000 (+0000) Subject: OvmfPkg: implement LockBoxLib X-Git-Tag: edk2-stable201903~11663 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=6a7cba79b7b6d58f79a01bf29c900cb3ca6b5187 OvmfPkg: implement LockBoxLib The S3 suspend/resume infrastructure depends on the LockBox library class. The edk2 tree currently contains Null and SMM instances. The Null instance is useless, and the SMM instance would require SMM emulation by including the SMM core and adding several new drivers, which is deemed too complex. Hence add a simple LockBoxLib instance for OVMF. jordan.l.justen@intel.com: * use PCDs instead of EmuNvramLib - clear memory in PlatformPei on non S3 boots * allocate NVS memory and store a pointer to that memory - reduces memory use at fixed locations Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Jordan Justen Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen Reviewed-by: Laszlo Ersek git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15301 6f19259b-4bc3-4df7-8a09-765794883524 --- diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxBase.c b/OvmfPkg/Library/LockBoxLib/LockBoxBase.c new file mode 100644 index 0000000000..8f367701f3 --- /dev/null +++ b/OvmfPkg/Library/LockBoxLib/LockBoxBase.c @@ -0,0 +1,42 @@ +/** @file + + Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include + +/** + Allocates a buffer of type EfiACPIMemoryNVS. + + Allocates the number bytes specified by AllocationSize of type + EfiACPIMemoryNVS and returns a pointer to the allocated buffer. + If AllocationSize is 0, then a valid buffer of 0 size is + returned. If there is not enough memory remaining to satisfy + the request, then NULL is returned. + + @param AllocationSize The number of bytes to allocate. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +EFIAPI +AllocateAcpiNvsPool ( + IN UINTN AllocationSize + ) +{ + ASSERT_EFI_ERROR (RETURN_UNSUPPORTED); + return NULL; +} diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf new file mode 100644 index 0000000000..7203d0777d --- /dev/null +++ b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf @@ -0,0 +1,44 @@ +## @file +# +# Library implementing the LockBox interface for OVMF +# +# Copyright (C) 2013, Red Hat, Inc. +# Copyright (c) 2014, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR +# IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = LockBoxBaseLib + FILE_GUID = 17CA9B37-5BAB-492C-A09C-7121FBE34CE6 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib + + CONSTRUCTOR = LockBoxLibInitialize + +[Sources] + LockBoxBase.c + LockBoxLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxDxe.c b/OvmfPkg/Library/LockBoxLib/LockBoxDxe.c new file mode 100644 index 0000000000..c8f2ec8a4e --- /dev/null +++ b/OvmfPkg/Library/LockBoxLib/LockBoxDxe.c @@ -0,0 +1,119 @@ +/** @file + + Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include +#include +#include + +/** + Allocate memory below 4G memory address. + + This function allocates memory below 4G memory address. + + @param MemoryType Memory type of memory to allocate. + @param Size Size of memory to allocate. + + @return Allocated address for output. + +**/ +STATIC +VOID * +AllocateMemoryBelow4G ( + IN EFI_MEMORY_TYPE MemoryType, + IN UINTN Size + ) +{ + UINTN Pages; + EFI_PHYSICAL_ADDRESS Address; + EFI_STATUS Status; + VOID* Buffer; + UINTN AllocRemaining; + + Pages = EFI_SIZE_TO_PAGES (Size); + Address = 0xffffffff; + + // + // Since we need to use gBS->AllocatePages to get a buffer below + // 4GB, there is a good chance that space will be wasted for very + // small allocation. We keep track of unused portions of the page + // allocations, and use these to allocate memory for small buffers. + // + ASSERT (mLockBoxGlobal->Signature == LOCK_BOX_GLOBAL_SIGNATURE); + if ((UINTN) mLockBoxGlobal->SubPageRemaining >= Size) { + Buffer = (VOID*)(UINTN) mLockBoxGlobal->SubPageBuffer; + mLockBoxGlobal->SubPageBuffer += (UINT32) Size; + mLockBoxGlobal->SubPageRemaining -= (UINT32) Size; + return Buffer; + } + + Status = gBS->AllocatePages ( + AllocateMaxAddress, + MemoryType, + Pages, + &Address + ); + if (EFI_ERROR (Status)) { + return NULL; + } + + Buffer = (VOID *) (UINTN) Address; + ZeroMem (Buffer, EFI_PAGES_TO_SIZE (Pages)); + + AllocRemaining = EFI_PAGES_TO_SIZE (Pages) - Size; + if (AllocRemaining > (UINTN) mLockBoxGlobal->SubPageRemaining) { + mLockBoxGlobal->SubPageBuffer = (UINT32) (Address + Size); + mLockBoxGlobal->SubPageRemaining = (UINT32) AllocRemaining; + } + + return Buffer; +} + + +/** + Allocates a buffer of type EfiACPIMemoryNVS. + + Allocates the number bytes specified by AllocationSize of type + EfiACPIMemoryNVS and returns a pointer to the allocated buffer. + If AllocationSize is 0, then a valid buffer of 0 size is + returned. If there is not enough memory remaining to satisfy + the request, then NULL is returned. + + @param AllocationSize The number of bytes to allocate. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +EFIAPI +AllocateAcpiNvsPool ( + IN UINTN AllocationSize + ) +{ + return AllocateMemoryBelow4G (EfiACPIMemoryNVS, AllocationSize); +} + + +EFI_STATUS +EFIAPI +LockBoxDxeLibInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return LockBoxLibInitialize (); +} diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf new file mode 100644 index 0000000000..a4d27a598d --- /dev/null +++ b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf @@ -0,0 +1,45 @@ +## @file +# +# Library implementing the LockBox interface for OVMF +# +# Copyright (C) 2013, Red Hat, Inc. +# Copyright (c) 2014, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR +# IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = LockBoxDxeLib + FILE_GUID = f61c9a34-2e18-44ce-af2f-21a998e64fda + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib + + CONSTRUCTOR = LockBoxDxeLibInitialize + +[Sources] + LockBoxDxe.c + LockBoxLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + UefiBootServicesTableLib + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c new file mode 100644 index 0000000000..af3bb7f46d --- /dev/null +++ b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c @@ -0,0 +1,376 @@ +/** @file + + Library implementing the LockBox interface for OVMF + + Copyright (C) 2013, Red Hat, Inc. + Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include +#include +#include + +#pragma pack(1) +typedef struct { + EFI_GUID Guid; + EFI_PHYSICAL_ADDRESS OrigAddress; + EFI_PHYSICAL_ADDRESS CopyAddress; + UINT32 Size; + UINT64 Attributes; +} LOCK_BOX_ENTRY; +#pragma pack() + +LOCK_BOX_GLOBAL *mLockBoxGlobal = NULL; +STATIC LOCK_BOX_ENTRY *StartOfEntries = NULL; +STATIC LOCK_BOX_ENTRY *EndOfEntries = NULL; + +RETURN_STATUS +EFIAPI +LockBoxLibInitialize ( + VOID + ) +{ + UINTN NumEntries; + + if (PcdGet32 (PcdOvmfLockBoxStorageSize) < sizeof (LOCK_BOX_GLOBAL)) { + return RETURN_UNSUPPORTED; + } + + mLockBoxGlobal = (LOCK_BOX_GLOBAL *)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase); + StartOfEntries = ((LOCK_BOX_ENTRY *) (mLockBoxGlobal + 1)); + NumEntries = ((PcdGet32 (PcdOvmfLockBoxStorageSize) - sizeof (LOCK_BOX_GLOBAL)) / + sizeof (LOCK_BOX_ENTRY)); + EndOfEntries = StartOfEntries + NumEntries; + if (mLockBoxGlobal->Signature != LOCK_BOX_GLOBAL_SIGNATURE) { + // + // Note: This code depends on the lock box being cleared in early + // PEI before usage, so the SubPageBuffer and SubPageRemaining + // fields don't need to be set to 0. + // + mLockBoxGlobal->Signature = LOCK_BOX_GLOBAL_SIGNATURE; + } + return RETURN_SUCCESS; +} + + +/** + Find LockBox entry based on GUID. + + @param[in] Guid The GUID to search for. + + @return Address of the LOCK_BOX_ENTRY found. + + If NULL, then the item was not found, and there is no space + left to store a new item. + + If non-NULL and LOCK_BOX_ENTRY.Size == 0, then the item was not + found, but a new item can be inserted at the returned location. + + If non-NULL and LOCK_BOX_ENTRY.Size > 0, then the item was found. +**/ +STATIC +LOCK_BOX_ENTRY * +EFIAPI +FindHeaderByGuid ( + IN CONST EFI_GUID *Guid + ) +{ + LOCK_BOX_ENTRY *Header; + + for (Header = StartOfEntries; Header < EndOfEntries; Header++) { + if (Header->Size == 0 || CompareGuid (Guid, &Header->Guid)) { + return Header; + } + } + + return NULL; +} + + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or + Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by + implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ) +{ + LOCK_BOX_ENTRY *Header; + VOID *CopyBuffer; + + DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Buffer=%p Length=0x%x\n", __FUNCTION__, + Guid, Buffer, (UINT32) Length)); + + if (Guid == NULL || Buffer == NULL || Length == 0) { + return RETURN_INVALID_PARAMETER; + } + + if (Length > 0xFFFFFFFF) { + return RETURN_OUT_OF_RESOURCES; + } + + Header = FindHeaderByGuid (Guid); + if (Header == NULL) { + return RETURN_OUT_OF_RESOURCES; + } + + if (Header->Size > 0) { + return RETURN_ALREADY_STARTED; + } + + CopyBuffer = AllocateAcpiNvsPool (Length); + if (CopyBuffer == NULL) { + return RETURN_OUT_OF_RESOURCES; + } + + // + // overwrite the current terminator header with new metadata + // + CopyGuid (&Header->Guid, Guid); + Header->OrigAddress = (UINTN) Buffer; + Header->CopyAddress = (UINTN) CopyBuffer; + Header->Size = (UINT32) Length; + Header->Attributes = 0; + + // + // copy contents + // + CopyMem (CopyBuffer, Buffer, Length); + + return RETURN_SUCCESS; +} + + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by + implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ) +{ + LOCK_BOX_ENTRY *Header; + + DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Attributes=0x%Lx\n", __FUNCTION__, Guid, + Attributes)); + + if (Guid == NULL) { + return RETURN_INVALID_PARAMETER; + } + + Header = FindHeaderByGuid (Guid); + if (!Header || Header->Size == 0) { + return RETURN_NOT_FOUND; + } + Header->Attributes = Attributes; + + return RETURN_SUCCESS; +} + + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or + Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold + new information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by + implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ) +{ + LOCK_BOX_ENTRY *Header; + + DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Offset=0x%x Length=0x%x\n", __FUNCTION__, + Guid, (UINT32) Offset, (UINT32) Length)); + + if (Guid == NULL || Buffer == NULL || Length == 0) { + return RETURN_INVALID_PARAMETER; + } + + Header = FindHeaderByGuid (Guid); + if (!Header || Header->Size == 0) { + return RETURN_NOT_FOUND; + } + + if (Header->Size < Offset || + Length > Header->Size - Offset) { + return RETURN_BUFFER_TOO_SMALL; + } + + CopyMem ((UINT8 *)(UINTN) (Header->CopyAddress) + Offset, Buffer, Length); + + return RETURN_SUCCESS; +} + + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at + same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and + Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox + has no LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE + attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the + confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by + implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + LOCK_BOX_ENTRY *Header; + + DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Buffer=%p\n", __FUNCTION__, Guid, + Buffer)); + + if ((Guid == NULL) || + ((Buffer == NULL) && (Length != NULL)) || + ((Buffer != NULL) && (Length == NULL))) { + return EFI_INVALID_PARAMETER; + } + + Header = FindHeaderByGuid (Guid); + if (!Header || Header->Size == 0) { + return RETURN_NOT_FOUND; + } + + if (Buffer == NULL) { + if (!(Header->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE)) { + return RETURN_WRITE_PROTECTED; + } + if (Header->OrigAddress + (Header->Size - 1) > MAX_ADDRESS) { + return RETURN_UNSUPPORTED; + } + Buffer = (VOID *)(UINTN) Header->OrigAddress; + } + + // + // Set RestoreLength + // + if (Length != NULL) { + if (Header->Size > *Length) { + // + // Input buffer is too small to hold all data. + // + *Length = Header->Size; + return EFI_BUFFER_TOO_SMALL; + } + *Length = Header->Size; + } + + CopyMem (Buffer, (VOID*)(UINTN) Header->CopyAddress, Header->Size); + + return RETURN_SUCCESS; +} + + +/** + This function will restore confidential information from all lockbox which + have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by + implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ) +{ + LOCK_BOX_ENTRY *Header; + + for (Header = StartOfEntries; + Header < EndOfEntries && Header->Size > 0; + Header++) { + if (Header->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) { + VOID *Buffer; + + if (Header->OrigAddress + (Header->Size - 1) > MAX_ADDRESS) { + return RETURN_UNSUPPORTED; + } + Buffer = (VOID *)(UINTN) Header->OrigAddress; + CopyMem (Buffer, (VOID*)(UINTN)Header->CopyAddress, Header->Size); + DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Buffer=%p\n", __FUNCTION__, + Header->Guid, Buffer)); + } + } + return RETURN_SUCCESS; +} diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxLib.h b/OvmfPkg/Library/LockBoxLib/LockBoxLib.h new file mode 100644 index 0000000000..5adb65fef2 --- /dev/null +++ b/OvmfPkg/Library/LockBoxLib/LockBoxLib.h @@ -0,0 +1,60 @@ +/** @file + + Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __LOCK_BOX_LIB_IMPL_H__ +#define __LOCK_BOX_LIB_IMPL_H__ + +#pragma pack(1) + +typedef struct { + UINT32 Signature; + UINT32 SubPageBuffer; + UINT32 SubPageRemaining; +} LOCK_BOX_GLOBAL; + +#define LOCK_BOX_GLOBAL_SIGNATURE SIGNATURE_32('L', 'B', 'G', 'S') + +extern LOCK_BOX_GLOBAL *mLockBoxGlobal; + +#pragma pack() + +/** + Allocates a buffer of type EfiACPIMemoryNVS. + + Allocates the number bytes specified by AllocationSize of type + EfiACPIMemoryNVS and returns a pointer to the allocated buffer. + If AllocationSize is 0, then a valid buffer of 0 size is + returned. If there is not enough memory remaining to satisfy + the request, then NULL is returned. + + @param AllocationSize The number of bytes to allocate. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +EFIAPI +AllocateAcpiNvsPool ( + IN UINTN AllocationSize + ); + + +RETURN_STATUS +EFIAPI +LockBoxLibInitialize ( + VOID + ); + + +#endif diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 8a52bb143b..b8a4cd5840 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -85,6 +85,8 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|0x0|UINT32|0x13 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize|0x0|UINT32|0x14 gUefiOvmfPkgTokenSpaceGuid.PcdS3AcpiReservedMemoryBase|0x0|UINT32|0x17 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|0x0|UINT32|0x18 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize|0x0|UINT32|0x19 [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index cbb97d8f22..d4bfbfa816 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -99,7 +99,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf - LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf !ifdef $(SOURCE_DEBUG_ENABLE) @@ -244,6 +244,7 @@ DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf [LibraryClasses.common.UEFI_APPLICATION] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index d935d97985..a03c52a4c1 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -138,6 +138,9 @@ NumBlocks = 0x80 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize +0x006000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize + 0x010000|0x008000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 8e5baa260c..90a73e0f6a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -104,7 +104,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf - LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf !ifdef $(SOURCE_DEBUG_ENABLE) @@ -249,6 +249,7 @@ DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf [LibraryClasses.common.UEFI_APPLICATION] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 29f365f63f..93fece0dc1 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -138,6 +138,9 @@ NumBlocks = 0x80 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize +0x006000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize + 0x010000|0x008000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index c934ddc2db..d9384f9153 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -104,7 +104,7 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf - LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf !ifdef $(SOURCE_DEBUG_ENABLE) @@ -249,6 +249,7 @@ DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf [LibraryClasses.common.UEFI_APPLICATION] HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index c08024e8ea..b1444d9e8f 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -138,6 +138,9 @@ NumBlocks = 0x80 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize +0x006000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize + 0x010000|0x008000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c index 37030e6898..c1350b931f 100644 --- a/OvmfPkg/PlatformPei/MemDetect.c +++ b/OvmfPkg/PlatformPei/MemDetect.c @@ -24,6 +24,7 @@ Module Name: // // The Library classes this module consumes // +#include #include #include #include @@ -217,5 +218,21 @@ InitializeRamRegions ( EfiACPIMemoryNVS ); #endif + + // + // Reserve the lock box storage area + // + // Since this memory range will be used on S3 resume, it must be + // reserved as ACPI NVS. + // + ZeroMem ( + (VOID*)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase), + (UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize) + ); + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase), + (UINT64)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize), + EfiACPIMemoryNVS + ); } } diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index c91513882a..3b47bb70dd 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -70,6 +70,8 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdS3AcpiReservedMemorySize gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize