2010-02-24 00:58:38 +01:00
|
|
|
## @file
|
2009-05-27 23:10:18 +02:00
|
|
|
# Open Virtual Machine Firmware: FDF
|
|
|
|
#
|
2015-07-01 05:09:30 +02:00
|
|
|
# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
|
2009-05-27 23:10:18 +02:00
|
|
|
#
|
2010-04-28 14:43:04 +02:00
|
|
|
# This program and the accompanying materials
|
2009-05-27 23:10:18 +02:00
|
|
|
# are licensed and made available under the terms and conditions of the BSD License
|
|
|
|
# which accompanies this distribution. The full text of the license may be found at
|
|
|
|
# http://opensource.org/licenses/bsd-license.php
|
|
|
|
#
|
|
|
|
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
#
|
2010-02-24 00:58:38 +01:00
|
|
|
##
|
2009-05-27 23:10:18 +02:00
|
|
|
|
|
|
|
################################################################################
|
2013-11-12 19:34:02 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# Default flash size for DEBUG build is 2MB. For RELEASE it is 1MB.
|
|
|
|
#
|
|
|
|
# Defining FD_SIZE_1MB or FD_SIZE_2MB on the build command line can
|
|
|
|
# override this.
|
|
|
|
#
|
|
|
|
[Defines]
|
|
|
|
!if $(TARGET) == RELEASE
|
2012-10-04 17:41:15 +02:00
|
|
|
!ifndef $(FD_SIZE_2MB)
|
2013-11-12 19:34:02 +01:00
|
|
|
DEFINE FD_SIZE_1MB=
|
|
|
|
!endif
|
|
|
|
!endif
|
|
|
|
|
2014-07-22 23:57:01 +02:00
|
|
|
!include OvmfPkg.fdf.inc
|
|
|
|
|
|
|
|
#
|
|
|
|
# Build the variable store and the firmware code as one unified flash device
|
|
|
|
# image.
|
|
|
|
#
|
2013-11-12 19:34:20 +01:00
|
|
|
[FD.OVMF]
|
2014-07-22 23:57:01 +02:00
|
|
|
BaseAddress = $(FW_BASE_ADDRESS)
|
|
|
|
Size = $(FW_SIZE)
|
2013-11-12 19:34:20 +01:00
|
|
|
ErasePolarity = 1
|
2014-07-22 23:57:01 +02:00
|
|
|
BlockSize = $(BLOCK_SIZE)
|
|
|
|
NumBlocks = $(FW_BLOCKS)
|
2013-11-12 19:34:20 +01:00
|
|
|
|
2014-07-22 23:56:53 +02:00
|
|
|
!include VarStore.fdf.inc
|
2013-11-12 19:34:20 +01:00
|
|
|
|
2014-07-22 23:57:01 +02:00
|
|
|
$(VARS_SIZE)|$(FVMAIN_SIZE)
|
2010-06-26 00:23:22 +02:00
|
|
|
FV = FVMAIN_COMPACT
|
|
|
|
|
2014-07-22 23:57:01 +02:00
|
|
|
$(SECFV_OFFSET)|$(SECFV_SIZE)
|
2010-01-04 17:17:59 +01:00
|
|
|
FV = SECFV
|
2012-10-04 17:41:15 +02:00
|
|
|
|
2014-07-22 23:57:01 +02:00
|
|
|
#
|
|
|
|
# Build the variable store and the firmware code as separate flash device
|
|
|
|
# images.
|
|
|
|
#
|
|
|
|
[FD.OVMF_VARS]
|
|
|
|
BaseAddress = $(FW_BASE_ADDRESS)
|
|
|
|
Size = $(VARS_SIZE)
|
|
|
|
ErasePolarity = 1
|
|
|
|
BlockSize = $(BLOCK_SIZE)
|
|
|
|
NumBlocks = $(VARS_BLOCKS)
|
|
|
|
|
|
|
|
!include VarStore.fdf.inc
|
|
|
|
|
|
|
|
[FD.OVMF_CODE]
|
|
|
|
BaseAddress = $(CODE_BASE_ADDRESS)
|
|
|
|
Size = $(CODE_SIZE)
|
|
|
|
ErasePolarity = 1
|
|
|
|
BlockSize = $(BLOCK_SIZE)
|
|
|
|
NumBlocks = $(CODE_BLOCKS)
|
|
|
|
|
|
|
|
0x00000000|$(FVMAIN_SIZE)
|
2012-10-04 17:41:15 +02:00
|
|
|
FV = FVMAIN_COMPACT
|
|
|
|
|
2014-07-22 23:57:01 +02:00
|
|
|
$(FVMAIN_SIZE)|$(SECFV_SIZE)
|
2012-10-04 17:41:15 +02:00
|
|
|
FV = SECFV
|
2010-01-04 17:17:59 +01:00
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
################################################################################
|
2010-01-04 17:17:59 +01:00
|
|
|
|
|
|
|
[FD.MEMFD]
|
OvmfPkg: Sec: assert the build-time calculated end of the scratch buffer
The DecompressMemFvs() function in "OvmfPkg/Sec/SecMain.c" uses more
memory, temporarily, than what PEIFV and DXEFV will ultimately need.
First, it uses an output buffer for decompression, second, the
decompression itself needs a scratch buffer (and this scratch buffer is
the highest area that SEC uses).
DecompressMemFvs() used to be called on normal boots only (ie. not on S3
resume), which is why the decompression output buffer and the scratch
buffer were allowed to scribble over RAM. However, we'll soon start to
worry during S3 resume that the runtime OS might tamper with the
pre-decompressed PEIFV, and we'll decompress the firmware volumes on S3
resume too, from pristine flash. For this we'll need to know the end of
the scratch buffer in advance, so we can prepare a non-malicious OS for
it.
Calculate the end of the scratch buffer statically in the FDF files, and
assert in DecompressMemFvs() that the runtime decompression will match it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19036 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-30 19:41:20 +01:00
|
|
|
BaseAddress = $(MEMFD_BASE_ADDRESS)
|
2015-10-07 13:53:07 +02:00
|
|
|
Size = 0xA00000
|
2009-05-27 23:10:18 +02:00
|
|
|
ErasePolarity = 1
|
|
|
|
BlockSize = 0x10000
|
2015-10-07 13:53:07 +02:00
|
|
|
NumBlocks = 0xA0
|
2009-05-27 23:10:18 +02:00
|
|
|
|
2014-01-21 20:38:34 +01:00
|
|
|
0x000000|0x006000
|
|
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
|
|
|
|
|
2014-03-04 09:03:23 +01:00
|
|
|
0x006000|0x001000
|
|
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
|
|
|
|
|
OvmfPkg: PlatformPei: protect SEC's GUIDed section handler table thru S3
OVMF's SecMain is unique in the sense that it links against the following
two libraries *in combination*:
- IntelFrameworkModulePkg/Library/LzmaCustomDecompressLib/
LzmaCustomDecompressLib.inf
- MdePkg/Library/BaseExtractGuidedSectionLib/
BaseExtractGuidedSectionLib.inf
The ExtractGuidedSectionLib library class allows decompressor modules to
register themselves (keyed by GUID) with it, and it allows clients to
decompress file sections with a registered decompressor module that
matches the section's GUID.
BaseExtractGuidedSectionLib is a library instance (of type BASE) for this
library class. It has no constructor function.
LzmaCustomDecompressLib is a compatible decompressor module (of type
BASE). Its section type GUID is
gLzmaCustomDecompressGuid == EE4E5898-3914-4259-9D6E-DC7BD79403CF
When OVMF's SecMain module starts, the LzmaCustomDecompressLib constructor
function is executed, which registers its LZMA decompressor with the above
GUID, by calling into BaseExtractGuidedSectionLib:
LzmaDecompressLibConstructor() [GuidedSectionExtraction.c]
ExtractGuidedSectionRegisterHandlers() [BaseExtractGuidedSectionLib.c]
GetExtractGuidedSectionHandlerInfo()
PcdGet64 (PcdGuidedExtractHandlerTableAddress) -- NOTE THIS
Later, during a normal (non-S3) boot, SecMain utilizes this decompressor
to get information about, and to decompress, sections of the OVMF firmware
image:
SecCoreStartupWithStack() [OvmfPkg/Sec/SecMain.c]
SecStartupPhase2()
FindAndReportEntryPoints()
FindPeiCoreImageBase()
DecompressMemFvs()
ExtractGuidedSectionGetInfo() [BaseExtractGuidedSectionLib.c]
ExtractGuidedSectionDecode() [BaseExtractGuidedSectionLib.c]
Notably, only the extraction depends on full-config-boot; the registration
of LzmaCustomDecompressLib occurs unconditionally in the SecMain EFI
binary, triggered by the library constructor function.
This is where the bug happens. BaseExtractGuidedSectionLib maintains the
table of GUIDed decompressors (section handlers) at a fixed memory
location; selected by PcdGuidedExtractHandlerTableAddress (declared in
MdePkg.dec). The default value of this PCD is 0x1000000 (16 MB).
This causes SecMain to corrupt guest OS memory during S3, leading to
random crashes. Compare the following two memory dumps, the first taken
right before suspending, the second taken right after resuming a RHEL-7
guest:
crash> rd -8 -p 1000000 0x50
1000000: c0 00 08 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
1000010: d0 33 0c 00 00 c9 ff ff c0 10 00 01 00 88 ff ff .3..............
1000020: 0a 6d 57 32 0f 00 00 00 38 00 00 01 00 88 ff ff .mW2....8.......
1000030: 00 00 00 00 00 00 00 00 73 69 67 6e 61 6c 6d 6f ........signalmo
1000040: 64 75 6c 65 2e 73 6f 00 00 00 00 00 00 00 00 00 dule.so.........
vs.
crash> rd -8 -p 1000000 0x50
1000000: 45 47 53 49 01 00 00 00 20 00 00 01 00 00 00 00 EGSI.... .......
1000010: 20 01 00 01 00 00 00 00 a0 01 00 01 00 00 00 00 ...............
1000020: 98 58 4e ee 14 39 59 42 9d 6e dc 7b d7 94 03 cf .XN..9YB.n.{....
1000030: 00 00 00 00 00 00 00 00 73 69 67 6e 61 6c 6d 6f ........signalmo
1000040: 64 75 6c 65 2e 73 6f 00 00 00 00 00 00 00 00 00 dule.so.........
The "EGSI" signature corresponds to EXTRACT_HANDLER_INFO_SIGNATURE
declared in
MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.c.
Additionally, the gLzmaCustomDecompressGuid (quoted above) is visible at
guest-phys offset 0x1000020.
Fix the problem as follows:
- Carve out 4KB from the 36KB gap that we currently have between
PcdOvmfLockBoxStorageBase + PcdOvmfLockBoxStorageSize == 8220 KB
and
PcdOvmfSecPeiTempRamBase == 8256 KB.
- Point PcdGuidedExtractHandlerTableAddress to 8220 KB (0x00807000).
- Cover the area with an EfiACPIMemoryNVS type memalloc HOB, if S3 is
supported and we're not currently resuming.
The 4KB size that we pick is an upper estimate for
BaseExtractGuidedSectionLib's internal storage size. The latter is
calculated as follows (see GetExtractGuidedSectionHandlerInfo()):
sizeof(EXTRACT_GUIDED_SECTION_HANDLER_INFO) + // 32
PcdMaximumGuidedExtractHandler * (
sizeof(GUID) + // 16
sizeof(EXTRACT_GUIDED_SECTION_DECODE_HANDLER) + // 8
sizeof(EXTRACT_GUIDED_SECTION_GET_INFO_HANDLER) // 8
)
OVMF sets PcdMaximumGuidedExtractHandler to 16 decimal (which is the
MdePkg default too), yielding 32 + 16 * (16 + 8 + 8) == 544 bytes.
Regarding the lifecycle of the new area:
(a) when and how it is initialized after first boot of the VM
The library linked into SecMain finds that the area lacks the signature.
It initializes the signature, plus the rest of the structure. This is
independent of S3 support.
Consumption of the area is also limited to SEC (but consumption does
depend on full-config-boot).
(b) how it is protected from memory allocations during DXE
It is not, in the general case; and we don't need to. Nothing else links
against BaseExtractGuidedSectionLib; it's OK if DXE overwrites the area.
(c) how it is protected from the OS
When S3 is enabled, we cover it with AcpiNVS in InitializeRamRegions().
When S3 is not supported, the range is not protected.
(d) how it is accessed on the S3 resume path
Examined by the library linked into SecMain. Registrations update the
table in-place (based on GUID matches).
(e) how it is accessed on the warm reset path
If S3 is enabled, then the OS won't damage the table (due to (c)), hence
see (d).
If S3 is unsupported, then the OS may or may not overwrite the
signature. (It likely will.) This is identical to the pre-patch status.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15433 6f19259b-4bc3-4df7-8a09-765794883524
2014-04-05 23:26:09 +02:00
|
|
|
0x007000|0x001000
|
|
|
|
gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
|
|
|
|
|
2014-01-21 20:38:43 +01:00
|
|
|
0x010000|0x008000
|
|
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
|
|
|
|
|
2014-03-04 09:02:16 +01:00
|
|
|
0x018000|0x008000
|
|
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdS3AcpiReservedMemoryBase|gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdS3AcpiReservedMemorySize
|
|
|
|
|
2014-01-21 20:39:13 +01:00
|
|
|
0x020000|0x0E0000
|
|
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize
|
|
|
|
FV = PEIFV
|
|
|
|
|
2015-10-07 13:53:07 +02:00
|
|
|
0x100000|0x900000
|
2014-01-21 20:39:13 +01:00
|
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
|
|
|
|
FV = DXEFV
|
2009-05-27 23:10:18 +02:00
|
|
|
|
|
|
|
################################################################################
|
2010-01-04 17:17:59 +01:00
|
|
|
|
|
|
|
[FV.SECFV]
|
|
|
|
BlockSize = 0x1000
|
|
|
|
FvAlignment = 16
|
|
|
|
ERASE_POLARITY = 1
|
|
|
|
MEMORY_MAPPED = TRUE
|
|
|
|
STICKY_WRITE = TRUE
|
|
|
|
LOCK_CAP = TRUE
|
|
|
|
LOCK_STATUS = TRUE
|
|
|
|
WRITE_DISABLED_CAP = TRUE
|
|
|
|
WRITE_ENABLED_CAP = TRUE
|
|
|
|
WRITE_STATUS = TRUE
|
|
|
|
WRITE_LOCK_CAP = TRUE
|
|
|
|
WRITE_LOCK_STATUS = TRUE
|
|
|
|
READ_DISABLED_CAP = TRUE
|
|
|
|
READ_ENABLED_CAP = TRUE
|
|
|
|
READ_STATUS = TRUE
|
|
|
|
READ_LOCK_CAP = TRUE
|
|
|
|
READ_LOCK_STATUS = TRUE
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
#
|
2010-01-04 17:17:59 +01:00
|
|
|
# SEC Phase modules
|
2009-05-27 23:10:18 +02:00
|
|
|
#
|
2010-01-04 17:17:59 +01:00
|
|
|
# The code in this FV handles the initial firmware startup, and
|
2014-01-21 20:39:13 +01:00
|
|
|
# decompresses the PEI and DXE FVs which handles the rest of the boot sequence.
|
2009-05-27 23:10:18 +02:00
|
|
|
#
|
2010-01-04 17:17:59 +01:00
|
|
|
INF OvmfPkg/Sec/SecMain.inf
|
|
|
|
|
2014-08-19 01:04:00 +02:00
|
|
|
INF RuleOverride=RESET_VECTOR OvmfPkg/ResetVector/ResetVector.inf
|
2010-01-04 17:17:59 +01:00
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
################################################################################
|
2014-01-21 20:39:13 +01:00
|
|
|
[FV.PEIFV]
|
2010-01-04 17:17:59 +01:00
|
|
|
BlockSize = 0x10000
|
|
|
|
FvAlignment = 16
|
2009-05-27 23:10:18 +02:00
|
|
|
ERASE_POLARITY = 1
|
|
|
|
MEMORY_MAPPED = TRUE
|
|
|
|
STICKY_WRITE = TRUE
|
|
|
|
LOCK_CAP = TRUE
|
|
|
|
LOCK_STATUS = TRUE
|
|
|
|
WRITE_DISABLED_CAP = TRUE
|
|
|
|
WRITE_ENABLED_CAP = TRUE
|
|
|
|
WRITE_STATUS = TRUE
|
|
|
|
WRITE_LOCK_CAP = TRUE
|
|
|
|
WRITE_LOCK_STATUS = TRUE
|
|
|
|
READ_DISABLED_CAP = TRUE
|
|
|
|
READ_ENABLED_CAP = TRUE
|
|
|
|
READ_STATUS = TRUE
|
|
|
|
READ_LOCK_CAP = TRUE
|
|
|
|
READ_LOCK_STATUS = TRUE
|
|
|
|
|
2010-01-04 17:17:59 +01:00
|
|
|
APRIORI PEI {
|
|
|
|
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
# PEI Phase modules
|
|
|
|
#
|
|
|
|
INF MdeModulePkg/Core/Pei/PeiMain.inf
|
|
|
|
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
|
|
|
|
INF IntelFrameworkModulePkg/Universal/StatusCode/Pei/StatusCodePei.inf
|
|
|
|
INF OvmfPkg/PlatformPei/PlatformPei.inf
|
|
|
|
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
|
2014-03-04 09:03:06 +01:00
|
|
|
INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
|
OvmfPkg: add PEIM for providing TSEG-as-SMRAM during PEI
"MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf" is the
LockBoxLib instance with SMRAM access for the PEI phase.
Said library instance must, and can, access the LockBox data in SMRAM
directly if it is invoked before SMBASE relocation / SMI handler
installation. In that case, it only needs PEI_SMM_ACCESS_PPI from the
platform, and it doesn't depend on EFI_PEI_SMM_COMMUNICATION_PPI.
OVMF satisfies the description in SVN r18823 ("MdeModulePkg:
SmmLockBoxPeiLib: work without EFI_PEI_SMM_COMMUNICATION_PPI"): in OVMF,
only S3Resume2Pei links against SmmLockBoxPeiLib.
Therefore, introduce a PEIM that produces the PEI_SMM_ACCESS_PPI
interface, enabling SmmLockBoxPeiLib to work; we can omit including
"UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf".
The load / installation order of S3Resume2Pei and SmmAccessPei is
indifferent. SmmAccessPei produces the gEfiAcpiVariableGuid HOB during its
installation (which happens during PEI), but S3Resume2Pei accesses the HOB
only when the DXE IPL calls its S3RestoreConfig2 PPI member, as last act
of PEI.
MCH_SMRAM_D_LCK and MCH_ESMRAMC_T_EN are masked out the way they are, in
SmmAccessPeiEntryPoint() and SmramAccessOpen() respectively, in order to
prevent VS20xx from warning about the (otherwise fully intentional)
truncation in the UINT8 casts. (Warnings reported by Michael Kinney.)
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19040 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-30 19:41:38 +01:00
|
|
|
!if $(SMM_REQUIRE) == TRUE
|
|
|
|
INF OvmfPkg/SmmAccess/SmmAccessPei.inf
|
|
|
|
!endif
|
2010-01-04 17:17:59 +01:00
|
|
|
|
2010-02-25 22:53:06 +01:00
|
|
|
################################################################################
|
|
|
|
|
|
|
|
[FV.DXEFV]
|
|
|
|
BlockSize = 0x10000
|
|
|
|
FvAlignment = 16
|
|
|
|
ERASE_POLARITY = 1
|
|
|
|
MEMORY_MAPPED = TRUE
|
|
|
|
STICKY_WRITE = TRUE
|
|
|
|
LOCK_CAP = TRUE
|
|
|
|
LOCK_STATUS = TRUE
|
|
|
|
WRITE_DISABLED_CAP = TRUE
|
|
|
|
WRITE_ENABLED_CAP = TRUE
|
|
|
|
WRITE_STATUS = TRUE
|
|
|
|
WRITE_LOCK_CAP = TRUE
|
|
|
|
WRITE_LOCK_STATUS = TRUE
|
|
|
|
READ_DISABLED_CAP = TRUE
|
|
|
|
READ_ENABLED_CAP = TRUE
|
|
|
|
READ_STATUS = TRUE
|
|
|
|
READ_LOCK_CAP = TRUE
|
|
|
|
READ_LOCK_STATUS = TRUE
|
|
|
|
|
|
|
|
APRIORI DXE {
|
2013-08-19 06:15:36 +02:00
|
|
|
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
|
2010-02-25 22:53:06 +01:00
|
|
|
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
|
2013-11-12 19:35:01 +01:00
|
|
|
INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
|
2010-02-25 22:53:06 +01:00
|
|
|
}
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
#
|
|
|
|
# DXE Phase modules
|
|
|
|
#
|
|
|
|
INF MdeModulePkg/Core/Dxe/DxeMain.inf
|
|
|
|
|
|
|
|
INF IntelFrameworkModulePkg/Universal/StatusCode/RuntimeDxe/StatusCodeRuntimeDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
|
|
|
|
|
|
|
|
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
2010-01-04 17:17:59 +01:00
|
|
|
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
INF PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf
|
2009-12-09 03:18:21 +01:00
|
|
|
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
|
|
|
|
INF PcAtChipsetPkg/8254TimerDxe/8254Timer.inf
|
2015-07-14 14:01:36 +02:00
|
|
|
INF OvmfPkg/PciHostBridgeDxe/PciHostBridgeDxe.inf
|
2009-10-20 05:44:25 +02:00
|
|
|
INF MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
INF PcAtChipsetPkg/KbcResetDxe/Reset.inf
|
|
|
|
INF MdeModulePkg/Universal/Metronome/Metronome.inf
|
2009-07-07 06:52:44 +02:00
|
|
|
INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
|
2010-03-21 01:34:15 +01:00
|
|
|
INF OvmfPkg/BlockMmioToBlockIoDxe/BlockIo.inf
|
2013-12-11 17:58:22 +01:00
|
|
|
INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
2012-10-08 09:32:59 +02:00
|
|
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
2012-10-18 19:07:48 +02:00
|
|
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
2013-11-12 19:35:01 +01:00
|
|
|
INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
|
2009-09-26 09:15:51 +02:00
|
|
|
INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
|
|
|
|
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
2015-02-28 21:33:11 +01:00
|
|
|
INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf
|
2014-10-29 07:48:50 +01:00
|
|
|
INF OvmfPkg/XenBusDxe/XenBusDxe.inf
|
2014-10-29 07:51:42 +01:00
|
|
|
INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf
|
2012-03-09 18:38:53 +01:00
|
|
|
|
2015-07-01 05:09:30 +02:00
|
|
|
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
2012-03-09 18:38:53 +01:00
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
OvmfPkg: disable stale fork of SecureBootConfigDxe
OvmfPkg forked SecureBootConfigDxe from SecurityPkg in SVN r13635 (git
commit 8c71ec8f). Since then, the original (in
"SecurityPkg/VariableAuthenticated/SecureBootConfigDxe") has diverged
significantly.
The initial diff between the original and the fork, when the fork was made
(ie. at SVN r13635), reads as follows:
> diff -ur SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr
> --- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr 2014-09-30 23:35:28.598067147 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfig.vfr 2014-08-09 02:40:35.824851626 +0200
> @@ -51,7 +51,7 @@
> questionid = KEY_SECURE_BOOT_ENABLE,
> prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
> help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
> - flags = INTERACTIVE | RESET_REQUIRED,
> + flags = INTERACTIVE,
> endcheckbox;
> endif;
>
> @@ -158,7 +158,7 @@
> questionid = KEY_SECURE_BOOT_DELETE_PK,
> prompt = STRING_TOKEN(STR_DELETE_PK),
> help = STRING_TOKEN(STR_DELETE_PK_HELP),
> - flags = INTERACTIVE | RESET_REQUIRED,
> + flags = INTERACTIVE,
> endcheckbox;
> endif;
> endform;
> diff -ur SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf
> --- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf 2014-09-30 23:35:28.598067147 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf 2014-09-30 23:35:28.577067027 +0200
> @@ -1,5 +1,8 @@
> ## @file
> -# Component name for SecureBoot configuration module.
> +# Component name for SecureBoot configuration module for OVMF.
> +#
> +# Need custom SecureBootConfigDxe for OVMF that does not force
> +# resets after PK changes since OVMF doesn't have persistent variables
> #
> # Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
> # This program and the accompanying materials
> diff -ur SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c
> --- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c 2014-09-30 23:35:28.599067153 +0200
> +++ OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.c 2014-09-30 23:35:28.578067033 +0200
> @@ -2559,7 +2559,7 @@
> NULL
> );
> } else {
> - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET;
> + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
> }
> break;
The commit message is not overly verbose:
OvmfPkg: Add custom SecureBootConfigDxe that doesn't reset
We don't force a platform reset for OVMF when PK is changed in custom
mode setup.
But the INF file hunk is telling:
Need custom SecureBootConfigDxe for OVMF that does not force resets
after PK changes since OVMF doesn't have persistent variables
We do have persistent variables now. Let's disable the (now obsolete)
OvmfPkg fork, and revert to the (well maintained) SecurityPkg-provided
config driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Tested-by: Gary Lin <glin@suse.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16191 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-02 10:08:05 +02:00
|
|
|
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
2012-03-09 18:38:53 +01:00
|
|
|
!endif
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
|
|
|
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
|
|
|
INF IntelFrameworkModulePkg/Universal/BdsDxe/BdsDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
|
2009-06-30 17:57:29 +02:00
|
|
|
INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
|
|
|
INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
|
|
|
INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
OvmfPkg: enable SATA controller
In this patch, we replace the traditional IDE driver stack that comes from
PcAtChipsetPkg and IntelFrameworkModulePkg with more featureful drivers
from OvmfPkg and MdeModulePkg. The resultant driver stack is compatible
with the previous one, but provides more protocols, on more kinds of
virtual hardware.
Remove:
- PcAtChipsetPkg/Bus/Pci/IdeControllerDxe/IdeControllerDxe.inf
(removing EFI_IDE_CONTROLLER_INIT_PROTOCOL [1])
Remove the dependent:
- IntelFrameworkModulePkg/Bus/Pci/IdeBusDxe/IdeBusDxe.inf
(removing EFI_DISK_INFO_PROTOCOL [2],
EFI_BLOCK_IO_PROTOCOL [3])
As replacement, add:
- OvmfPkg/SataControllerDxe/SataControllerDxe.inf
(supplying EFI_IDE_CONTROLLER_INIT_PROTOCOL [1])
On top of which, add the dependent:
- MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
(providing EFI_ATA_PASS_THRU_PROTOCOL,
EFI_EXT_SCSI_PASS_THRU_PROTOCOL)
On top of which, add the dependent:
- MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
(supplying EFI_DISK_INFO_PROTOCOL [2],
EFI_BLOCK_IO_PROTOCOL [3],
providing EFI_BLOCK_IO2PROTOCOL,
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL)
Cc: Alexander Graf <agraf@suse.de>
Cc: Reza Jelveh <reza.jelveh@tuhh.de>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Gabriel L. Somlo <somlo@cmu.edu>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Reza Jelveh <reza.jelveh@tuhh.de>
[lersek@redhat.com: rewrote commit message]
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Gabriel Somlo <somlo@cmu.edu>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18532 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-22 13:18:45 +02:00
|
|
|
INF OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
|
|
|
INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
|
|
|
INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
2013-08-12 04:24:32 +02:00
|
|
|
INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
2011-01-21 17:50:47 +01:00
|
|
|
INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
|
|
|
|
INF PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf
|
|
|
|
INF IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf
|
2011-10-26 09:08:32 +02:00
|
|
|
|
|
|
|
!ifndef $(SOURCE_DEBUG_ENABLE)
|
2009-05-27 23:10:18 +02:00
|
|
|
INF IntelFrameworkModulePkg/Bus/Isa/IsaSerialDxe/IsaSerialDxe.inf
|
2011-10-26 09:08:32 +02:00
|
|
|
!endif
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
INF IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf
|
|
|
|
INF IntelFrameworkModulePkg/Bus/Isa/IsaFloppyDxe/IsaFloppyDxe.inf
|
|
|
|
|
2011-08-14 00:54:37 +02:00
|
|
|
INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
|
|
|
|
INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
|
2012-05-31 01:15:00 +02:00
|
|
|
INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
INF RuleOverride=ACPITABLE OvmfPkg/AcpiTables/AcpiTables.inf
|
2014-03-04 09:03:38 +01:00
|
|
|
INF OvmfPkg/AcpiS3SaveDxe/AcpiS3SaveDxe.inf
|
2014-03-04 09:03:50 +01:00
|
|
|
INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
|
2014-03-04 09:04:13 +01:00
|
|
|
INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
|
2009-05-27 23:10:18 +02:00
|
|
|
|
2010-06-29 06:55:13 +02:00
|
|
|
INF RuleOverride = BINARY FatBinPkg/EnhancedFatDxe/Fat.inf
|
2011-06-26 20:58:41 +02:00
|
|
|
|
2013-08-23 20:45:47 +02:00
|
|
|
!ifndef $(USE_OLD_SHELL)
|
2011-06-26 20:58:41 +02:00
|
|
|
INF ShellPkg/Application/Shell/Shell.inf
|
|
|
|
!else
|
2010-06-29 06:55:13 +02:00
|
|
|
INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf
|
2011-06-26 20:58:41 +02:00
|
|
|
!endif
|
2009-05-27 23:10:18 +02:00
|
|
|
|
2009-07-09 07:48:35 +02:00
|
|
|
FILE FREEFORM = PCD(gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdLogoFile) {
|
2010-06-26 00:23:22 +02:00
|
|
|
SECTION RAW = MdeModulePkg/Logo/Logo.bmp
|
|
|
|
}
|
2009-05-27 23:10:18 +02:00
|
|
|
|
2010-07-26 20:07:19 +02:00
|
|
|
#
|
|
|
|
# Network modules
|
|
|
|
#
|
2013-05-15 20:20:39 +02:00
|
|
|
!if $(E1000_ENABLE)
|
2011-04-12 17:08:51 +02:00
|
|
|
FILE DRIVER = 5D695E11-9B3F-4b83-B25F-4A8D5D69BE07 {
|
2010-07-26 20:07:19 +02:00
|
|
|
SECTION PE32 = Intel3.5/EFIX64/E3507X2.EFI
|
|
|
|
}
|
2013-05-15 20:20:39 +02:00
|
|
|
!endif
|
2010-07-26 20:07:19 +02:00
|
|
|
INF MdeModulePkg/Universal/Network/SnpDxe/SnpDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/DpcDxe/DpcDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/ArpDxe/ArpDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/Dhcp4Dxe/Dhcp4Dxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Dxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf
|
2014-12-19 20:13:44 +01:00
|
|
|
!if $(NETWORK_IP6_ENABLE) == TRUE
|
|
|
|
INF NetworkPkg/Ip6Dxe/Ip6Dxe.inf
|
|
|
|
INF NetworkPkg/TcpDxe/TcpDxe.inf
|
|
|
|
INF NetworkPkg/Udp6Dxe/Udp6Dxe.inf
|
|
|
|
INF NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf
|
|
|
|
INF NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf
|
|
|
|
INF NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
|
|
INF NetworkPkg/IScsiDxe/IScsiDxe.inf
|
|
|
|
!else
|
|
|
|
INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
|
|
|
|
!endif
|
|
|
|
!else
|
|
|
|
INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf
|
2010-07-26 20:07:19 +02:00
|
|
|
INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf
|
|
|
|
INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf
|
2015-08-23 03:44:15 +02:00
|
|
|
!endif
|
|
|
|
!if $(HTTP_BOOT_ENABLE) == TRUE
|
|
|
|
INF NetworkPkg/DnsDxe/DnsDxe.inf
|
2015-08-28 10:12:42 +02:00
|
|
|
INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
|
2015-08-23 03:44:15 +02:00
|
|
|
INF NetworkPkg/HttpDxe/HttpDxe.inf
|
|
|
|
INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
|
2014-12-19 20:13:44 +01:00
|
|
|
!endif
|
2013-06-14 09:41:13 +02:00
|
|
|
INF OvmfPkg/VirtioNetDxe/VirtioNet.inf
|
2010-07-26 20:07:19 +02:00
|
|
|
|
2010-12-31 08:55:38 +01:00
|
|
|
#
|
|
|
|
# Usb Support
|
|
|
|
#
|
|
|
|
INF MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf
|
|
|
|
INF MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf
|
2015-03-16 20:57:34 +01:00
|
|
|
INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf
|
2010-12-31 08:55:38 +01:00
|
|
|
INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf
|
|
|
|
INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
|
|
|
|
INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
|
|
|
|
|
2011-11-10 23:04:49 +01:00
|
|
|
!ifdef $(CSM_ENABLE)
|
|
|
|
INF IntelFrameworkModulePkg/Csm/BiosThunk/VideoDxe/VideoDxe.inf
|
|
|
|
INF IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf
|
|
|
|
INF RuleOverride=CSM OvmfPkg/Csm/Csm16/Csm16.inf
|
|
|
|
!endif
|
|
|
|
|
2012-07-11 00:43:19 +02:00
|
|
|
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
2014-03-22 08:12:55 +01:00
|
|
|
INF OvmfPkg/PlatformDxe/Platform.inf
|
2012-07-11 00:43:19 +02:00
|
|
|
|
2015-11-30 19:41:43 +01:00
|
|
|
!if $(SMM_REQUIRE) == TRUE
|
|
|
|
INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf
|
|
|
|
!endif
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
################################################################################
|
|
|
|
|
2010-06-26 00:23:22 +02:00
|
|
|
[FV.FVMAIN_COMPACT]
|
2009-05-27 23:10:18 +02:00
|
|
|
FvAlignment = 16
|
|
|
|
ERASE_POLARITY = 1
|
|
|
|
MEMORY_MAPPED = TRUE
|
|
|
|
STICKY_WRITE = TRUE
|
|
|
|
LOCK_CAP = TRUE
|
|
|
|
LOCK_STATUS = TRUE
|
|
|
|
WRITE_DISABLED_CAP = TRUE
|
|
|
|
WRITE_ENABLED_CAP = TRUE
|
|
|
|
WRITE_STATUS = TRUE
|
|
|
|
WRITE_LOCK_CAP = TRUE
|
|
|
|
WRITE_LOCK_STATUS = TRUE
|
|
|
|
READ_DISABLED_CAP = TRUE
|
|
|
|
READ_ENABLED_CAP = TRUE
|
|
|
|
READ_STATUS = TRUE
|
|
|
|
READ_LOCK_CAP = TRUE
|
|
|
|
READ_LOCK_STATUS = TRUE
|
|
|
|
|
2010-06-26 00:23:22 +02:00
|
|
|
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
|
|
|
|
SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
|
2014-01-21 20:39:13 +01:00
|
|
|
#
|
|
|
|
# These firmware volumes will have files placed in them uncompressed,
|
|
|
|
# and then both firmware volumes will be compressed in a single
|
|
|
|
# compression operation in order to achieve better overall compression.
|
|
|
|
#
|
|
|
|
SECTION FV_IMAGE = PEIFV
|
|
|
|
SECTION FV_IMAGE = DXEFV
|
2009-05-27 23:10:18 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
OvmfPkg: Sec: assert the build-time calculated end of the scratch buffer
The DecompressMemFvs() function in "OvmfPkg/Sec/SecMain.c" uses more
memory, temporarily, than what PEIFV and DXEFV will ultimately need.
First, it uses an output buffer for decompression, second, the
decompression itself needs a scratch buffer (and this scratch buffer is
the highest area that SEC uses).
DecompressMemFvs() used to be called on normal boots only (ie. not on S3
resume), which is why the decompression output buffer and the scratch
buffer were allowed to scribble over RAM. However, we'll soon start to
worry during S3 resume that the runtime OS might tamper with the
pre-decompressed PEIFV, and we'll decompress the firmware volumes on S3
resume too, from pristine flash. For this we'll need to know the end of
the scratch buffer in advance, so we can prepare a non-malicious OS for
it.
Calculate the end of the scratch buffer statically in the FDF files, and
assert in DecompressMemFvs() that the runtime decompression will match it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19036 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-30 19:41:20 +01:00
|
|
|
!include DecomprScratchEnd.fdf.inc
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
################################################################################
|
|
|
|
|
|
|
|
[Rule.Common.SEC]
|
|
|
|
FILE SEC = $(NAMED_GUID) {
|
2010-03-01 07:47:58 +01:00
|
|
|
PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2009-05-27 23:10:18 +02:00
|
|
|
UI STRING ="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING ="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
|
|
|
|
2010-06-26 00:23:22 +02:00
|
|
|
[Rule.Common.PEI_CORE]
|
|
|
|
FILE PEI_CORE = $(NAMED_GUID) {
|
2015-07-09 10:55:23 +02:00
|
|
|
PE32 PE32 Align=Auto $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2010-06-26 00:23:22 +02:00
|
|
|
UI STRING ="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING ="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
2009-10-07 18:01:09 +02:00
|
|
|
}
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
[Rule.Common.PEIM]
|
|
|
|
FILE PEIM = $(NAMED_GUID) {
|
2010-03-01 07:47:58 +01:00
|
|
|
PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
|
2015-07-09 10:55:23 +02:00
|
|
|
PE32 PE32 Align=Auto $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2009-05-27 23:10:18 +02:00
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
|
|
|
|
|
|
|
[Rule.Common.DXE_CORE]
|
|
|
|
FILE DXE_CORE = $(NAMED_GUID) {
|
2010-03-01 07:47:58 +01:00
|
|
|
PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2009-05-27 23:10:18 +02:00
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
|
|
|
|
2010-06-26 00:23:22 +02:00
|
|
|
[Rule.Common.DXE_DRIVER]
|
2009-05-27 23:10:18 +02:00
|
|
|
FILE DRIVER = $(NAMED_GUID) {
|
2010-03-01 07:47:58 +01:00
|
|
|
DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
|
|
|
|
PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2009-05-27 23:10:18 +02:00
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
|
|
|
|
2010-06-26 00:23:22 +02:00
|
|
|
[Rule.Common.DXE_RUNTIME_DRIVER]
|
2009-05-27 23:10:18 +02:00
|
|
|
FILE DRIVER = $(NAMED_GUID) {
|
2010-03-01 07:47:58 +01:00
|
|
|
DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
|
|
|
|
PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2009-05-27 23:10:18 +02:00
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
2010-07-26 20:07:19 +02:00
|
|
|
|
2010-06-26 00:23:22 +02:00
|
|
|
[Rule.Common.UEFI_DRIVER]
|
2009-05-27 23:10:18 +02:00
|
|
|
FILE DRIVER = $(NAMED_GUID) {
|
2010-03-01 07:47:58 +01:00
|
|
|
DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
|
|
|
|
PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2009-05-27 23:10:18 +02:00
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
|
|
|
|
2010-06-29 06:55:13 +02:00
|
|
|
[Rule.Common.UEFI_DRIVER.BINARY]
|
2010-06-29 20:34:32 +02:00
|
|
|
FILE DRIVER = $(NAMED_GUID) {
|
2010-06-29 06:55:13 +02:00
|
|
|
DXE_DEPEX DXE_DEPEX Optional |.depex
|
|
|
|
PE32 PE32 |.efi
|
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
2012-08-15 02:03:59 +02:00
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
[Rule.Common.UEFI_APPLICATION]
|
|
|
|
FILE APPLICATION = $(NAMED_GUID) {
|
2010-03-01 07:47:58 +01:00
|
|
|
PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
|
2009-05-27 23:10:18 +02:00
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
|
|
|
|
2010-06-29 06:55:13 +02:00
|
|
|
[Rule.Common.UEFI_APPLICATION.BINARY]
|
|
|
|
FILE APPLICATION = $(NAMED_GUID) {
|
|
|
|
PE32 PE32 |.efi
|
|
|
|
UI STRING="$(MODULE_NAME)" Optional
|
|
|
|
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
|
|
|
|
}
|
2012-08-15 02:03:59 +02:00
|
|
|
|
2009-08-11 07:30:52 +02:00
|
|
|
[Rule.Common.USER_DEFINED.ACPITABLE]
|
2009-05-27 23:10:18 +02:00
|
|
|
FILE FREEFORM = $(NAMED_GUID) {
|
|
|
|
RAW ACPI |.acpi
|
|
|
|
RAW ASL |.aml
|
|
|
|
}
|
|
|
|
|
2011-11-10 23:04:49 +01:00
|
|
|
[Rule.Common.USER_DEFINED.CSM]
|
|
|
|
FILE FREEFORM = $(NAMED_GUID) {
|
|
|
|
RAW BIN |.bin
|
|
|
|
}
|
|
|
|
|
2009-05-27 23:10:18 +02:00
|
|
|
[Rule.Common.SEC.RESET_VECTOR]
|
|
|
|
FILE RAW = $(NAMED_GUID) {
|
2014-08-19 01:04:00 +02:00
|
|
|
RAW BIN Align = 16 |.bin
|
2009-05-27 23:10:18 +02:00
|
|
|
}
|