Commit 411a373ed642 ("ArmPkg/TimerDxe: remove workaround for KVM timer
handling") removed the virtual timer handling quirk that cleared the
mask bit in the control register when enabling the timer, under the
assumption that only ancient KVM host implementations required it.
However, Julien reports that Xen also masks the timer interrupt in the
guest view of the timer control register, and therefore needs the same
quirk.
So let's reinstate it, but using a Xen specific implementation of the
timer support library, so that other virt platforms remain unchanged.
ArmPkg: add reenable hook to ArmGenericTimerCounterLib
In preparation of selectively reinstating the timer enable quirk for Xen
that we removed in commit 411a373ed642 ("ArmPkg/TimerDxe: remove workaround
for KVM timer handling"), add a ArmGenericTimerReenableTimer() library
function to ArmGenericTimerCounterLib that we will populate for Xen only.
In NvmeExpressPassthru.c near line 659:
Prp = NvmeCreatePrpList (
PciIo,
PhyAddr,
EFI_SIZE_TO_PAGES(Offset + Bytes) - 1,
&PrpListHost,
&PrpListNo,
&MapPrpList
);
if (Prp == NULL) {
goto EXIT;
}
Status is not set to an error code - Status is initialized to
EFI_SUCCESS, or set by a PciIo->Map to EFI_SUCCESS above this
code. This error path should set Status to an error code before
goto EXIT.
Change-Id: I8a5cdf981aa609534c205d3676395805ac60a003 Cc: Hao Wu <hao.a.wu@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael Turner <Michael.Turner@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com>
We see UEFI spec is saying to use EfiBootServicesData for ESRT table.
UEFI 2.7 chapter 23.3:
The ESRT shall be stored in memory of type EfiBootServicesData.
And we see EsrtDxe is using AllocatePool for ESRT table, but
EsrtFmpDxe is using AllocateRuntimeZeroPool for ESRT table.
This patch updates code to use EfiBootServicesData for ESRT table
in EsrtFmpDxe.
Change-Id: I72a73e0cc0a37e429cc262d68eb284fb268cb5ef Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Star Zeng [Mon, 9 Apr 2018 02:10:40 +0000 (10:10 +0800)]
UefiCpuPkg MpInitLib: Fix typo "sCPUID" to "CPUID"
Cc: Eric Dong <eric.dong@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
Gary Lin [Tue, 24 Apr 2018 08:35:44 +0000 (16:35 +0800)]
OvmfPkg/README: add HTTPS Boot
Add the new section for HTTPS Boot.
Changes in v2:
- Fixed the typos
- Added the command for p11-kit based on Laszlo's suggestion
- Also added the efisiglist command
- Elaborated how to create the customized cipher suite list
- Mentioned the changes in QEMU in the future based on Laszlo's
suggestion
Cc: Andrew Fish <afish@apple.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Andrew J. Fish <afish@apple.com>
Girish Pathak [Mon, 15 Jan 2018 14:53:26 +0000 (14:53 +0000)]
ArmPkg: Introduce SCMI protocol
This change introduces a new SCMI protocol driver for
Arm systems. The driver currently supports only clock
and performance management protocols. Other protocols
will be added as and when needed.
Clock management protocol is used to configure various clocks
available on the platform e.g. HDLCD clock on the Juno platforms.
Whereas performance management protocol allows adjustment
of various performance domains. Currently this is used to evaluate
performance of the Juno platform.
Girish Pathak [Mon, 15 Jan 2018 14:41:51 +0000 (14:41 +0000)]
ArmPkg: MTL Library interface and Null library implementation
Upcoming new component ArmPkg/Drivers/ArmScmiDxe is dependent on
platform specific ArmMtlLib library implementation, however in order
to be able to build the ArmScmiDxe component outside of the context of a
particular platform, this change adds Null implementation of the
ArmMtlLib along with ARM MTL library header.
This change adds support for the ARM Mali DP500/DP500/DP650 display
processors using the GOP protocol. It has been tested on FVP base
models + DP550 support. This change adds platform independant LcdHwLib
library. A corresponding platform specific library will be submitted
to edk-platforms/Platform/ARM/VExpressPkg.
This change does not modify functionality provided by PL111 or
HDLCD. This LcdHwLib implementation should be suitable for those
platforms that implement ARM Mali DP500/DP550/DP650 replacing
PL111/HDLCD.
Only graphics layer of the ARM Mali DP is configured for rendering
the RGB/BGR format frame buffer to satisfy the UEFI GOP requirements
Other layers e.g. video layers are not configured.
Currently framebuffer memory is either reserved in special VRAM or
dynamically allocated using boot services memory allocation functions.
When allocated using boot services calls the memory has to be allocated
as EfiBootServicesData. Unfortunately failures have been seen with this
case. There is also an unfortunate lack of control on the placement of
the framebuffer.
This change introduces two PCDs, PcdArmLcdFrameBufferBase and
PcdArmLcdFrameBufferSize which enable build time reservation of the
framebuffer, avoiding the need to allocate dynamically. This allows
the framebuffer to appear as "I/O memory" outside of the normal RAM
map, which is similar to the "VRAM" case.
This change has no impact on current code, only enables the option
of build time reservation of framebuffers.
ArmPlatformPkg: PCD to swap red/blue format for HDLCD
This change adds a new PCD PcdArmHdlcdSwapBlueRedSelect
to swap values for HDLCD RED_SELECT and BLUE_SELECT registers
on platforms where blue and red hardware lines are swapped.
If set to TRUE in the platform dsc, HDLCD library will swap the values
while setting RED_SELECT and BLUE_SELECT registers. The default
value of the PCD is FALSE.
NOTE: The motive for this is that a discrepancy in the Red/Blue lines
exists between some VersatileExpress platforms. Rather than have
divergent code, this build switch allows a simple, pragmatic solution.
Current HDLCD and PL111 platform libraries do not support display modes
with PixelBlueGreenRedReserved8BitPerColor format, i.e. because of
historical confusion, they do not support the UEFI default
PixelBlueGreenRedReserved8BitPerColor format
In LcdPlatformLib for PL111, LcdPlatformQueryMode returns the pixel
format as PixelRedGreenBlueReserved8BitPerColor which is wrong, because
that does not match the display controller's pixel format which is set
to BGR in PL111Lcd LcdHwLib.
Also it is not possible to configure pixel format as RGB/BGR for the
display modes for a platform at build time.
This change adds PcdGopPixelFormat to configure pixel format as
PixelRedGreenBlueReserved8BitPerColor or
PixelBlueGreenRedReserved8BitPerColor or
PixelBitMask.
With this change, pixel format can be selected in the platform specific
.dsc file for all supported display modes.
Support for PixelBitMask is not implemented in PL111 or HDLCD LcdHwLib
libraries, hence HDLCD and PL111 platform libraries will return error
EFI_UNSUPPORTED if PcdGopPixelFormat is set to PixelBitMask. Indeed,
it is not clear what selecting PixelBitMask might mean, but the option
is allowed as it might suit a custom platform.
ArmPlatformPkg: Redefine LcdPlatformGetTimings function
The LcdPlatformGetTimings interface function takes similar sets of
multiple parameters for horizontal and vertical timings which can be
aggregated in a common data type. This change defines a structure
SCAN_TIMINGS for this which can be used to describe both horizontal and
vertical scan timings, and accordingly redefines the
LcdPlatformGetTiming interface, greatly reducing the amount of data
passed about.
Girish Pathak [Wed, 14 Feb 2018 11:52:46 +0000 (11:52 +0000)]
ArmPlatformPkg: PL111Lcd: Combine two writes to LCDControl
Currenty bit LcdPwr of the LCDControl register is enabled immediately
after setting other bits of the LCDControl register. This two write
sequence is unnecessary. This change removes this extra write by setting
LcdPwr bit along with other bits of the LcdControl register.
There is no functional modification in this change
some comments are modified and a few new comments are added.
This is to prevent mixing formatting changes with functional
changes.
There is no functional modification in this change
As preparation for further work, the formatting is corrected to meet
the EDKII coding standard.
Of specific note, some invalid include guards were fixed.
Girish Pathak [Mon, 15 Jan 2018 18:13:10 +0000 (18:13 +0000)]
ArmPlatformPkg: Rectify line endings of LcdHwNullLib
This fix changes line endings of LcdHwNullLib.c to DOS
style line endings from UNIX style line endings to meet the
EDK2 coding standard. Note it also fixes an end of line
whitespace.
Ruiyu Ni [Fri, 20 Apr 2018 08:08:22 +0000 (16:08 +0800)]
ShellPkg: Add acpiview tool to dump ACPI tables
This program is provided to allow examination of ACPI table contents
from the UEFI Shell. This can help with investigations, especially at
that stage where the tables are not enabling an OS to boot.
The program is not exhaustive, and only encapsulates detailed knowledge
of a limited number of table types.
Default behaviour is to display the content of all tables installed.
'Known' table types will be parsed and displayed with descriptions and
field values. Where appropriate a degree of consistency checking is
done and errors may be reported in the output.
Other table types will be displayed as an array of Hexadecimal bytes.
To facilitate debugging, the -s and -d options can be used to generate a
binary file image of a table that can be copied elsewhere for
investigation using tools such as those provided by acpica.org. This is
especially relevant for AML type tables like DSDT and SSDT.
The inspiration for this is the existing smbiosview Debug1 Shell
command.
Many tables are not explicitly handled, in part because no examples are
available for our testing.
The program is designed to be extended to new tables with minimal
effort, and contributions are invited.
PcdRsa2048Sha256PublicKeyBuffer is referenced but not used in the
library, that makes me a little confusing.
Actually, the PublicKeyData should be from the caller of
AuthenticateFmpImage() as input parameter, for example
EdkiiSystemCapsuleLib.
This patch is to remove the PCD reference in this library instance
to be aligned with FmpAuthenticationLibPkcs7 that does not reference
PcdPkcs7CertBuffer.
Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Ard Biesheuvel [Thu, 15 Mar 2018 10:13:01 +0000 (10:13 +0000)]
ArmPkg/TimerDxe: remove workaround for KVM timer handling
When we first ported EDK2 to KVM/arm, we implemented a workaround for
the quirky timer handling on the KVM side. This has been fixed in
Linux commit f120cd6533d2 ("KVM: arm/arm64: timer: Allow the timer to
control the active state") dated 23 June 2014, which was incorporated
into Linux release 4.3.
So almost 4 years later, it should be safe to drop this workaround on
the EDK2 side.
IntelFrameworkModulePkg IsaSerialDxe: Update algorithm to calculate Divisor
To align the way in MdeModulePkg SerialPortLib and PciSioSerialDxe driver,
Divisor is added by one when the reminder is more than half (16 * BaudRate).
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
OvmfPkg/PlatformBootManagerLib: add USB keyboard to ConIn
PlatformInitializeConsole() (called by PlatformBootManagerBeforeConsole())
adds elements of "gPlatformConsole" to ConIn / ConOut / ErrOut (as
requested per element) if at boot at least one of ConIn and ConOut doesn't
exist. This typically applies to new VMs, and VMs with freshly recreated
varstores.
Add a USB keyboard wildcard to ConIn via "gPlatformConsole", so that we
not only bind the PS/2 keyboard. (The PS/2 keyboard is added in
PrepareLpcBridgeDevicePath()). Explicitly connecting the USB keyboard is
necessary after commit 245c643cc8b7.
Dandan Bi [Tue, 10 Apr 2018 05:51:08 +0000 (13:51 +0800)]
MdeModulePkg/FPDT: Add error message for unsupported case
We have updated performance infrastructure in previous commits:
between
https://github.com/tianocore/edk2/commit/73fef64f14d1b97ae9bd4705df3becc022391eba
and
https://github.com/tianocore/edk2/commit/115eae650bfd2be2c2bc37360f4a755065e774c4
Update FPDT drivers to collect the performance data reported by
gEdkiiFpdtExtendedFirmwarePerformanceGuid.
The old implementation which collected performance data through
gEfiFirmwarePerformanceGuid is not supported now.
We should add error message to remind user for this unsupported
case in case anyone use it by mistake.
Star Zeng [Fri, 13 Apr 2018 09:55:14 +0000 (17:55 +0800)]
SignedCapsulePkg SystemFirmwareUpdateDxe: Fix failure caused by d69d922
d69d9227d046211265de1fab5580c50a65944614 caused system firmware update
failure. It is because FindMatchingFmpHandles() is expected to return
handles matched, but the function returns all handles found.
This patch is to fix the issue.
This patch also assigns mSystemFmpPrivate->Handle for "case 1:" path
in case the Handle is needed by other place in future.
Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
(V2 Update:
Removing the wrong "--remote" option from git submodule update
command in this commit message. Thanks Laszlo's clarification
to correct this)
Update OpenSSL version to 1.1.0h release (27-Mar-2018) to include the
fix for CVE-2018-0739 issue (Handling of crafted recursive ASN.1
structures can cause a stack overflow and resulting denial of service,
Refer to https://www.openssl.org/news/secadv/20180327.txt for more
information).
Please note "git pull" will not update the submodule repository.
use the following commend to make your existing submodule track this
update:
$ git submodule update --recursive
Long Qin [Thu, 12 Apr 2018 02:50:30 +0000 (10:50 +0800)]
CryptoPkg/OpensslLib: Fix the documentation about submodule update
This patch is to drop "--remote" option from the original suggested
submodule update command ("$ git submodule update --recursive
--remote") in HOWTO document.
"--remote" option will integrate changes from the upstream subproject
with the submodules's "current HEAD", instead of using the edk2
superproject's "recorded SHA-1".
It is important here for the edk2 consumers to updating the working
tree of the submodules to match the commit / release tag that the
superproject expects. So removing "--remote" option to fix this
documentation issue here.
Laszlo Ersek [Sat, 31 Mar 2018 15:33:14 +0000 (17:33 +0200)]
CryptoPkg/TlsLib: rewrite TlsSetCipherList()
Rewrite the TlsSetCipherList() function in order to fix the following
issues:
- Any cipher identifier in CipherId that is not recognized by
TlsGetCipherMapping() will cause the function to return EFI_UNSUPPORTED.
This is a problem because CipherId is an ordered preference list, and a
caller should not get EFI_UNSUPPORTED just because it has an elaborate
CipherId preference list. Instead, we can filter out cipher identifiers
that we don't recognize, as long as we keep the relative order intact.
- CipherString is allocated on the stack, with 500 bytes.
While processing a large CipherId preference list, this room may not be
enough. Although no buffer overflow is possible, CipherString exhaustion
can lead to a failed TLS connection, because any cipher names that don't
fit on CipherString cannot be negotiated.
Compute CipherStringSize first, and allocate CipherString dynamically.
- Finally, the "@STRENGTH" pseudo cipher name is appended to CipherString.
(Assuming there is enough room left in CipherString.) This causes
OpenSSL to sort the cipher list "in order of encryption algorithm key
length".
This is a bad idea. The caller specifically passes an ordered preference
list in CipherId. Therefore TlsSetCipherList() must not ask OpenSSL to
reorder the list, for any reason. Drop "@STRENGTH".
While at it, fix and unify the documentation of the CipherId parameter.
Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Laszlo Ersek [Sat, 31 Mar 2018 20:25:15 +0000 (22:25 +0200)]
CryptoPkg/TlsLib: sanitize lib classes in internal header and INF
"InternalTlsLib.h" includes "BaseCryptLib.h", but the lib class is not
listed in the INF file.
The INF file lists a good number of lib classes, but none of the lib class
headers are included by "InternalTlsLib.h".
Synchronize & sort both lists, while removing those library classes that
aren't actually needed. (IntrinsicLib and OpensslLib have no edk2 class
headers.)
Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
CryptoPkg/TlsLib: pre-compute OpensslCipherLength in TlsCipherMappingTable
In the next patches, we'll need the lengths of the
TLS_CIPHER_MAPPING.OpensslCipher string fields. These lengths can be
computed at build time; add the new field "OpensslCipherLength", and
introduce the MAP() macro for populating it.
While at it, add some horizontal whitespace to "TlsCipherMappingTable",
and add a comma after the last element. This will come handy in a later
patch.
(The patch does not change the first two columns of
"TlsCipherMappingTable", which can be easily verified with "git show
--word-diff".)
Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Laszlo Ersek [Sat, 31 Mar 2018 15:06:39 +0000 (17:06 +0200)]
CryptoPkg/TlsLib: use binary search in the TlsGetCipherMapping() function
Improve the performance of the TlsGetCipherMapping() function by adopting
the binary search from DhcpFindOptionFormat()
[MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Option.c].
Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
CryptoPkg/TlsLib: replace TlsGetCipherString() with TlsGetCipherMapping()
In the following patches it will be useful if the IANA CipherId lookup
returns a pointer to the whole matching IANA-to-OpenSSL mapping structure,
not just the OpenSSL cipher suite name. Rename TLS_CIPHER_PAIR and
TlsGetCipherString() to TLS_CIPHER_MAPPING and TlsGetCipherMapping()
respectively, and make the function return a pointer to
TLS_CIPHER_MAPPING.
Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Qin Long <qin.long@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Ting Ye <ting.ye@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=915
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Laszlo Ersek [Sat, 31 Mar 2018 14:36:39 +0000 (16:36 +0200)]
NetworkPkg/TlsDxe: clean up byte order conversion for EfiTlsCipherList
Fix the following style issues:
- "Data" is accessed through a pointer to UINT16 rather than to a pointer
to EFI_TLS_CIPHER. While technically correct, UINT16 is harder to
interpret against the UEFI spec.
- Array subscripting is written with weird *(Pointer + Offset)
expressions, rather than with Pointer[Offset].
- The byte order is converted with HTONS(), while it should be NTOHS().
Either way, use the Data1 and Data2 fields of EFI_TLS_CIPHER instead.
Laszlo Ersek [Sat, 31 Mar 2018 14:04:10 +0000 (16:04 +0200)]
NetworkPkg/TlsDxe: verify DataSize for EfiTlsCipherList
TlsSetSessionData() shouldn't just ignore an incomplete EFI_TLS_CIPHER
element at the end of "Data":
- Generally speaking, malformed input for a security API is best rejected
explicitly.
- Specifically speaking, the size of EFI_TLS_CIPHER is 2 bytes. If
DataSize is 1 on input, then the initial check for (DataSize == 0) will
fail, but then TlsSetCipherList() will be called with CipherNum=0.
Return EFI_INVALID_PARAMETER from TlsSetSessionData() if "Data" doesn't
contain a whole number of EFI_TLS_CIPHER elements. While at it, introduce
the dedicated variable CipherCount.
Laszlo Ersek [Sat, 31 Mar 2018 23:27:43 +0000 (01:27 +0200)]
OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot
Read the list of trusted cipher suites from fw_cfg and to store it to
EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE.
The fw_cfg file will be formatted by the "update-crypto-policies" utility
on the host side, so that the host settings take effect in guest HTTPS
boot as well. QEMU forwards the file intact to the firmware. The contents
are forwarded by NetworkPkg/HttpDxe (in TlsConfigCipherList()) to
NetworkPkg/TlsDxe (TlsSetSessionData()) and TlsLib (TlsSetCipherList()).
Note: the development of the "update-crypto-policies" feature is underway
at this time. Meanwhile the following script can be used to generate the
binary file for fw_cfg:
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Gary Ching-Pang Lin <glin@suse.com> Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Gary Lin <glin@suse.com> Tested-by: Gary Lin <glin@suse.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
[lersek@redhat.com: update commit msg and add script as requested by Gary]
[lersek@redhat.com: update commit msg as requested by Jiaxin]
This issue will only happen if PcdDxeNxMemoryProtectionPolicy is
enabled for reserved memory, which will mark SMM RAM as NX (non-
executable) during DXE core initialization. SMM IPL driver will
unset the NX attribute for SMM RAM to allow loading and running
SMM core/drivers.
But above commit will fail the unset operation of the NX attribute
due to a fact that SMM RAM has zero cache attribute (MRC code always
sets 0 attribute to reserved memory), which will cause GCD internal
method ConverToCpuArchAttributes() to return 0 attribute, which is
taken as invalid CPU paging attribute and skip the calling of
gCpu->SetMemoryAttributes().
The solution is to make use of existing functionality in PiSmmIpl
to make sure one cache attribute is set for SMM RAM. For performance
consideration, PiSmmIpl will always try to set SMM RAM to write-back.
But there's a hole in the code which will fail the setting write-back
attribute because of no corresponding cache capabilities. This patch
will add necessary cache capabilities before setting corresponding
attributes.
Cc: Star Zeng <star.zeng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>