tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg/VirtHstiDxe: add code flash check 

Detects qemu config issue: code pflash is writable.
Checked for both PC and Q35.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
Gerd Hoffmann 2024-04-22 12:47:28 +02:00 committed by mergify[bot]
parent ddc43e7a41
commit 506740982b
4 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
OvmfPkg/VirtHstiDxe/QemuCommon.c Normal file
View File

@ -0,0 +1,36 @@
/** @file
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include "VirtHstiDxe.h"
VOID
VirtHstiQemuCommonInit (
VIRT_ADAPTER_INFO_PLATFORM_SECURITY *VirtHsti
)
{
VirtHstiSetSupported (VirtHsti, 0, VIRT_HSTI_BYTE0_READONLY_CODE_FLASH);
}
VOID
VirtHstiQemuCommonVerify (
VOID
)
{
CHAR16 *ErrorMsg;
switch (VirtHstiQemuFirmwareFlashCheck (PcdGet32 (PcdBfvBase))) {
case QEMU_FIRMWARE_FLASH_WRITABLE:
ErrorMsg = L"qemu code pflash is writable";
break;
default:
ErrorMsg = NULL;
}
VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_READONLY_CODE_FLASH);
}

4
OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
View File

@ -104,9 +104,11 @@ VirtHstiOnReadyToBoot (
switch (VirtHstiGetHostBridgeDevId ()) { switch (VirtHstiGetHostBridgeDevId ()) {
case INTEL_82441_DEVICE_ID: case INTEL_82441_DEVICE_ID:
VirtHstiQemuPCVerify (); VirtHstiQemuPCVerify ();
VirtHstiQemuCommonVerify ();
break; break;
case INTEL_Q35_MCH_DEVICE_ID: case INTEL_Q35_MCH_DEVICE_ID:
VirtHstiQemuQ35Verify (); VirtHstiQemuQ35Verify ();
VirtHstiQemuCommonVerify ();
break; break;
default: default:
ASSERT (FALSE); ASSERT (FALSE);
@ -142,9 +144,11 @@ VirtHstiDxeEntrypoint (
switch (DevId) { switch (DevId) {
case INTEL_82441_DEVICE_ID: case INTEL_82441_DEVICE_ID:
VirtHsti = VirtHstiQemuPCInit (); VirtHsti = VirtHstiQemuPCInit ();
VirtHstiQemuCommonInit (VirtHsti);
break; break;
case INTEL_Q35_MCH_DEVICE_ID: case INTEL_Q35_MCH_DEVICE_ID:
VirtHsti = VirtHstiQemuQ35Init (); VirtHsti = VirtHstiQemuQ35Init ();
VirtHstiQemuCommonInit (VirtHsti);
break; break;
default: default:
DEBUG ((DEBUG_INFO, "%a: unknown platform (0x%x)\n", __func__, DevId)); DEBUG ((DEBUG_INFO, "%a: unknown platform (0x%x)\n", __func__, DevId));

13
OvmfPkg/VirtHstiDxe/VirtHstiDxe.h
View File

@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK BIT0 #define VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK BIT0
#define VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH BIT1 #define VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH BIT1
#define VIRT_HSTI_BYTE0_READONLY_CODE_FLASH BIT2
typedef struct { typedef struct {
// ADAPTER_INFO_PLATFORM_SECURITY // ADAPTER_INFO_PLATFORM_SECURITY
@ -67,6 +68,18 @@ VirtHstiQemuPCVerify (
VOID VOID
); );
/* QemuCommon.c */
VOID
VirtHstiQemuCommonInit (
VIRT_ADAPTER_INFO_PLATFORM_SECURITY *VirtHsti
);
VOID
VirtHstiQemuCommonVerify (
VOID
);
/* Flash.c */ /* Flash.c */
#define QEMU_FIRMWARE_FLASH_UNKNOWN 0 #define QEMU_FIRMWARE_FLASH_UNKNOWN 0

2
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
View File

@ -22,6 +22,7 @@
VirtHstiDxe.c VirtHstiDxe.c
QemuPC.c QemuPC.c
QemuQ35.c QemuQ35.c
QemuCommon.c
Flash.c Flash.c
[Packages] [Packages]
@ -48,6 +49,7 @@
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Pcd] [Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
[Depex] [Depex]