diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxBase.c b/OvmfPkg/Library/LockBoxLib/LockBoxBase.c
new file mode 100644
index 0000000000..8f367701f3
--- /dev/null
+++ b/OvmfPkg/Library/LockBoxLib/LockBoxBase.c
@@ -0,0 +1,42 @@
+/** @file
+
+ Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include
+
+#include
+#include
+
+/**
+ Allocates a buffer of type EfiACPIMemoryNVS.
+
+ Allocates the number bytes specified by AllocationSize of type
+ EfiACPIMemoryNVS and returns a pointer to the allocated buffer.
+ If AllocationSize is 0, then a valid buffer of 0 size is
+ returned. If there is not enough memory remaining to satisfy
+ the request, then NULL is returned.
+
+ @param AllocationSize The number of bytes to allocate.
+
+ @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+EFIAPI
+AllocateAcpiNvsPool (
+ IN UINTN AllocationSize
+ )
+{
+ ASSERT_EFI_ERROR (RETURN_UNSUPPORTED);
+ return NULL;
+}
diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
new file mode 100644
index 0000000000..7203d0777d
--- /dev/null
+++ b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
@@ -0,0 +1,44 @@
+## @file
+#
+# Library implementing the LockBox interface for OVMF
+#
+# Copyright (C) 2013, Red Hat, Inc.
+# Copyright (c) 2014, Intel Corporation. All rights reserved.
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = LockBoxBaseLib
+ FILE_GUID = 17CA9B37-5BAB-492C-A09C-7121FBE34CE6
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = LockBoxLib
+
+ CONSTRUCTOR = LockBoxLibInitialize
+
+[Sources]
+ LockBoxBase.c
+ LockBoxLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ BaseMemoryLib
+ DebugLib
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxDxe.c b/OvmfPkg/Library/LockBoxLib/LockBoxDxe.c
new file mode 100644
index 0000000000..c8f2ec8a4e
--- /dev/null
+++ b/OvmfPkg/Library/LockBoxLib/LockBoxDxe.c
@@ -0,0 +1,119 @@
+/** @file
+
+ Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include
+
+#include
+#include
+#include
+#include
+#include
+
+/**
+ Allocate memory below 4G memory address.
+
+ This function allocates memory below 4G memory address.
+
+ @param MemoryType Memory type of memory to allocate.
+ @param Size Size of memory to allocate.
+
+ @return Allocated address for output.
+
+**/
+STATIC
+VOID *
+AllocateMemoryBelow4G (
+ IN EFI_MEMORY_TYPE MemoryType,
+ IN UINTN Size
+ )
+{
+ UINTN Pages;
+ EFI_PHYSICAL_ADDRESS Address;
+ EFI_STATUS Status;
+ VOID* Buffer;
+ UINTN AllocRemaining;
+
+ Pages = EFI_SIZE_TO_PAGES (Size);
+ Address = 0xffffffff;
+
+ //
+ // Since we need to use gBS->AllocatePages to get a buffer below
+ // 4GB, there is a good chance that space will be wasted for very
+ // small allocation. We keep track of unused portions of the page
+ // allocations, and use these to allocate memory for small buffers.
+ //
+ ASSERT (mLockBoxGlobal->Signature == LOCK_BOX_GLOBAL_SIGNATURE);
+ if ((UINTN) mLockBoxGlobal->SubPageRemaining >= Size) {
+ Buffer = (VOID*)(UINTN) mLockBoxGlobal->SubPageBuffer;
+ mLockBoxGlobal->SubPageBuffer += (UINT32) Size;
+ mLockBoxGlobal->SubPageRemaining -= (UINT32) Size;
+ return Buffer;
+ }
+
+ Status = gBS->AllocatePages (
+ AllocateMaxAddress,
+ MemoryType,
+ Pages,
+ &Address
+ );
+ if (EFI_ERROR (Status)) {
+ return NULL;
+ }
+
+ Buffer = (VOID *) (UINTN) Address;
+ ZeroMem (Buffer, EFI_PAGES_TO_SIZE (Pages));
+
+ AllocRemaining = EFI_PAGES_TO_SIZE (Pages) - Size;
+ if (AllocRemaining > (UINTN) mLockBoxGlobal->SubPageRemaining) {
+ mLockBoxGlobal->SubPageBuffer = (UINT32) (Address + Size);
+ mLockBoxGlobal->SubPageRemaining = (UINT32) AllocRemaining;
+ }
+
+ return Buffer;
+}
+
+
+/**
+ Allocates a buffer of type EfiACPIMemoryNVS.
+
+ Allocates the number bytes specified by AllocationSize of type
+ EfiACPIMemoryNVS and returns a pointer to the allocated buffer.
+ If AllocationSize is 0, then a valid buffer of 0 size is
+ returned. If there is not enough memory remaining to satisfy
+ the request, then NULL is returned.
+
+ @param AllocationSize The number of bytes to allocate.
+
+ @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+EFIAPI
+AllocateAcpiNvsPool (
+ IN UINTN AllocationSize
+ )
+{
+ return AllocateMemoryBelow4G (EfiACPIMemoryNVS, AllocationSize);
+}
+
+
+EFI_STATUS
+EFIAPI
+LockBoxDxeLibInitialize (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return LockBoxLibInitialize ();
+}
diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
new file mode 100644
index 0000000000..a4d27a598d
--- /dev/null
+++ b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
@@ -0,0 +1,45 @@
+## @file
+#
+# Library implementing the LockBox interface for OVMF
+#
+# Copyright (C) 2013, Red Hat, Inc.
+# Copyright (c) 2014, Intel Corporation. All rights reserved.
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = LockBoxDxeLib
+ FILE_GUID = f61c9a34-2e18-44ce-af2f-21a998e64fda
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = LockBoxLib
+
+ CONSTRUCTOR = LockBoxDxeLibInitialize
+
+[Sources]
+ LockBoxDxe.c
+ LockBoxLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ BaseMemoryLib
+ DebugLib
+ UefiBootServicesTableLib
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c
new file mode 100644
index 0000000000..af3bb7f46d
--- /dev/null
+++ b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c
@@ -0,0 +1,376 @@
+/** @file
+
+ Library implementing the LockBox interface for OVMF
+
+ Copyright (C) 2013, Red Hat, Inc.
+ Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+
+ This program and the accompanying materials are licensed and made available
+ under the terms and conditions of the BSD License which accompanies this
+ distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#pragma pack(1)
+typedef struct {
+ EFI_GUID Guid;
+ EFI_PHYSICAL_ADDRESS OrigAddress;
+ EFI_PHYSICAL_ADDRESS CopyAddress;
+ UINT32 Size;
+ UINT64 Attributes;
+} LOCK_BOX_ENTRY;
+#pragma pack()
+
+LOCK_BOX_GLOBAL *mLockBoxGlobal = NULL;
+STATIC LOCK_BOX_ENTRY *StartOfEntries = NULL;
+STATIC LOCK_BOX_ENTRY *EndOfEntries = NULL;
+
+RETURN_STATUS
+EFIAPI
+LockBoxLibInitialize (
+ VOID
+ )
+{
+ UINTN NumEntries;
+
+ if (PcdGet32 (PcdOvmfLockBoxStorageSize) < sizeof (LOCK_BOX_GLOBAL)) {
+ return RETURN_UNSUPPORTED;
+ }
+
+ mLockBoxGlobal = (LOCK_BOX_GLOBAL *)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase);
+ StartOfEntries = ((LOCK_BOX_ENTRY *) (mLockBoxGlobal + 1));
+ NumEntries = ((PcdGet32 (PcdOvmfLockBoxStorageSize) - sizeof (LOCK_BOX_GLOBAL)) /
+ sizeof (LOCK_BOX_ENTRY));
+ EndOfEntries = StartOfEntries + NumEntries;
+ if (mLockBoxGlobal->Signature != LOCK_BOX_GLOBAL_SIGNATURE) {
+ //
+ // Note: This code depends on the lock box being cleared in early
+ // PEI before usage, so the SubPageBuffer and SubPageRemaining
+ // fields don't need to be set to 0.
+ //
+ mLockBoxGlobal->Signature = LOCK_BOX_GLOBAL_SIGNATURE;
+ }
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ Find LockBox entry based on GUID.
+
+ @param[in] Guid The GUID to search for.
+
+ @return Address of the LOCK_BOX_ENTRY found.
+
+ If NULL, then the item was not found, and there is no space
+ left to store a new item.
+
+ If non-NULL and LOCK_BOX_ENTRY.Size == 0, then the item was not
+ found, but a new item can be inserted at the returned location.
+
+ If non-NULL and LOCK_BOX_ENTRY.Size > 0, then the item was found.
+**/
+STATIC
+LOCK_BOX_ENTRY *
+EFIAPI
+FindHeaderByGuid (
+ IN CONST EFI_GUID *Guid
+ )
+{
+ LOCK_BOX_ENTRY *Header;
+
+ for (Header = StartOfEntries; Header < EndOfEntries; Header++) {
+ if (Header->Size == 0 || CompareGuid (Guid, &Header->Guid)) {
+ return Header;
+ }
+ }
+
+ return NULL;
+}
+
+
+/**
+ This function will save confidential information to lockbox.
+
+ @param Guid the guid to identify the confidential information
+ @param Buffer the address of the confidential information
+ @param Length the length of the confidential information
+
+ @retval RETURN_SUCCESS the information is saved successfully.
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or
+ Length is 0
+ @retval RETURN_ALREADY_STARTED the requested GUID already exist.
+ @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface
+ @retval RETURN_UNSUPPORTED the service is not supported by
+ implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+SaveLockBox (
+ IN GUID *Guid,
+ IN VOID *Buffer,
+ IN UINTN Length
+ )
+{
+ LOCK_BOX_ENTRY *Header;
+ VOID *CopyBuffer;
+
+ DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Buffer=%p Length=0x%x\n", __FUNCTION__,
+ Guid, Buffer, (UINT32) Length));
+
+ if (Guid == NULL || Buffer == NULL || Length == 0) {
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ if (Length > 0xFFFFFFFF) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
+
+ Header = FindHeaderByGuid (Guid);
+ if (Header == NULL) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
+
+ if (Header->Size > 0) {
+ return RETURN_ALREADY_STARTED;
+ }
+
+ CopyBuffer = AllocateAcpiNvsPool (Length);
+ if (CopyBuffer == NULL) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
+
+ //
+ // overwrite the current terminator header with new metadata
+ //
+ CopyGuid (&Header->Guid, Guid);
+ Header->OrigAddress = (UINTN) Buffer;
+ Header->CopyAddress = (UINTN) CopyBuffer;
+ Header->Size = (UINT32) Length;
+ Header->Attributes = 0;
+
+ //
+ // copy contents
+ //
+ CopyMem (CopyBuffer, Buffer, Length);
+
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ This function will set lockbox attributes.
+
+ @param Guid the guid to identify the confidential information
+ @param Attributes the attributes of the lockbox
+
+ @retval RETURN_SUCCESS the information is saved successfully.
+ @retval RETURN_INVALID_PARAMETER attributes is invalid.
+ @retval RETURN_NOT_FOUND the requested GUID not found.
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface
+ @retval RETURN_UNSUPPORTED the service is not supported by
+ implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+SetLockBoxAttributes (
+ IN GUID *Guid,
+ IN UINT64 Attributes
+ )
+{
+ LOCK_BOX_ENTRY *Header;
+
+ DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Attributes=0x%Lx\n", __FUNCTION__, Guid,
+ Attributes));
+
+ if (Guid == NULL) {
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ Header = FindHeaderByGuid (Guid);
+ if (!Header || Header->Size == 0) {
+ return RETURN_NOT_FOUND;
+ }
+ Header->Attributes = Attributes;
+
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ This function will update confidential information to lockbox.
+
+ @param Guid the guid to identify the original confidential information
+ @param Offset the offset of the original confidential information
+ @param Buffer the address of the updated confidential information
+ @param Length the length of the updated confidential information
+
+ @retval RETURN_SUCCESS the information is saved successfully.
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or
+ Length is 0.
+ @retval RETURN_NOT_FOUND the requested GUID not found.
+ @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold
+ new information.
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface
+ @retval RETURN_UNSUPPORTED the service is not supported by
+ implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+UpdateLockBox (
+ IN GUID *Guid,
+ IN UINTN Offset,
+ IN VOID *Buffer,
+ IN UINTN Length
+ )
+{
+ LOCK_BOX_ENTRY *Header;
+
+ DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Offset=0x%x Length=0x%x\n", __FUNCTION__,
+ Guid, (UINT32) Offset, (UINT32) Length));
+
+ if (Guid == NULL || Buffer == NULL || Length == 0) {
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ Header = FindHeaderByGuid (Guid);
+ if (!Header || Header->Size == 0) {
+ return RETURN_NOT_FOUND;
+ }
+
+ if (Header->Size < Offset ||
+ Length > Header->Size - Offset) {
+ return RETURN_BUFFER_TOO_SMALL;
+ }
+
+ CopyMem ((UINT8 *)(UINTN) (Header->CopyAddress) + Offset, Buffer, Length);
+
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ This function will restore confidential information from lockbox.
+
+ @param Guid the guid to identify the confidential information
+ @param Buffer the address of the restored confidential information
+ NULL means restored to original address, Length MUST be NULL at
+ same time.
+ @param Length the length of the restored confidential information
+
+ @retval RETURN_SUCCESS the information is restored successfully.
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and
+ Length is NULL.
+ @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox
+ has no LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE
+ attribute.
+ @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the
+ confidential information.
+ @retval RETURN_NOT_FOUND the requested GUID not found.
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface
+ @retval RETURN_ACCESS_DENIED not allow to restore to the address
+ @retval RETURN_UNSUPPORTED the service is not supported by
+ implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+RestoreLockBox (
+ IN GUID *Guid,
+ IN VOID *Buffer, OPTIONAL
+ IN OUT UINTN *Length OPTIONAL
+ )
+{
+ LOCK_BOX_ENTRY *Header;
+
+ DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Buffer=%p\n", __FUNCTION__, Guid,
+ Buffer));
+
+ if ((Guid == NULL) ||
+ ((Buffer == NULL) && (Length != NULL)) ||
+ ((Buffer != NULL) && (Length == NULL))) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Header = FindHeaderByGuid (Guid);
+ if (!Header || Header->Size == 0) {
+ return RETURN_NOT_FOUND;
+ }
+
+ if (Buffer == NULL) {
+ if (!(Header->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE)) {
+ return RETURN_WRITE_PROTECTED;
+ }
+ if (Header->OrigAddress + (Header->Size - 1) > MAX_ADDRESS) {
+ return RETURN_UNSUPPORTED;
+ }
+ Buffer = (VOID *)(UINTN) Header->OrigAddress;
+ }
+
+ //
+ // Set RestoreLength
+ //
+ if (Length != NULL) {
+ if (Header->Size > *Length) {
+ //
+ // Input buffer is too small to hold all data.
+ //
+ *Length = Header->Size;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+ *Length = Header->Size;
+ }
+
+ CopyMem (Buffer, (VOID*)(UINTN) Header->CopyAddress, Header->Size);
+
+ return RETURN_SUCCESS;
+}
+
+
+/**
+ This function will restore confidential information from all lockbox which
+ have RestoreInPlace attribute.
+
+ @retval RETURN_SUCCESS the information is restored successfully.
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface
+ @retval RETURN_UNSUPPORTED the service is not supported by
+ implementaion.
+**/
+RETURN_STATUS
+EFIAPI
+RestoreAllLockBoxInPlace (
+ VOID
+ )
+{
+ LOCK_BOX_ENTRY *Header;
+
+ for (Header = StartOfEntries;
+ Header < EndOfEntries && Header->Size > 0;
+ Header++) {
+ if (Header->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) {
+ VOID *Buffer;
+
+ if (Header->OrigAddress + (Header->Size - 1) > MAX_ADDRESS) {
+ return RETURN_UNSUPPORTED;
+ }
+ Buffer = (VOID *)(UINTN) Header->OrigAddress;
+ CopyMem (Buffer, (VOID*)(UINTN)Header->CopyAddress, Header->Size);
+ DEBUG ((DEBUG_VERBOSE, "%a: Guid=%g Buffer=%p\n", __FUNCTION__,
+ Header->Guid, Buffer));
+ }
+ }
+ return RETURN_SUCCESS;
+}
diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxLib.h b/OvmfPkg/Library/LockBoxLib/LockBoxLib.h
new file mode 100644
index 0000000000..5adb65fef2
--- /dev/null
+++ b/OvmfPkg/Library/LockBoxLib/LockBoxLib.h
@@ -0,0 +1,60 @@
+/** @file
+
+ Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __LOCK_BOX_LIB_IMPL_H__
+#define __LOCK_BOX_LIB_IMPL_H__
+
+#pragma pack(1)
+
+typedef struct {
+ UINT32 Signature;
+ UINT32 SubPageBuffer;
+ UINT32 SubPageRemaining;
+} LOCK_BOX_GLOBAL;
+
+#define LOCK_BOX_GLOBAL_SIGNATURE SIGNATURE_32('L', 'B', 'G', 'S')
+
+extern LOCK_BOX_GLOBAL *mLockBoxGlobal;
+
+#pragma pack()
+
+/**
+ Allocates a buffer of type EfiACPIMemoryNVS.
+
+ Allocates the number bytes specified by AllocationSize of type
+ EfiACPIMemoryNVS and returns a pointer to the allocated buffer.
+ If AllocationSize is 0, then a valid buffer of 0 size is
+ returned. If there is not enough memory remaining to satisfy
+ the request, then NULL is returned.
+
+ @param AllocationSize The number of bytes to allocate.
+
+ @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+EFIAPI
+AllocateAcpiNvsPool (
+ IN UINTN AllocationSize
+ );
+
+
+RETURN_STATUS
+EFIAPI
+LockBoxLibInitialize (
+ VOID
+ );
+
+
+#endif
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 8a52bb143b..b8a4cd5840 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -85,6 +85,8 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|0x0|UINT32|0x13
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize|0x0|UINT32|0x14
gUefiOvmfPkgTokenSpaceGuid.PcdS3AcpiReservedMemoryBase|0x0|UINT32|0x17
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|0x0|UINT32|0x18
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize|0x0|UINT32|0x19
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index cbb97d8f22..d4bfbfa816 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -99,7 +99,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
- LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
!ifdef $(SOURCE_DEBUG_ENABLE)
@@ -244,6 +244,7 @@
DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
[LibraryClasses.common.UEFI_APPLICATION]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index d935d97985..a03c52a4c1 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -138,6 +138,9 @@ NumBlocks = 0x80
0x000000|0x006000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
+0x006000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
+
0x010000|0x008000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 8e5baa260c..90a73e0f6a 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -104,7 +104,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
- LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
!ifdef $(SOURCE_DEBUG_ENABLE)
@@ -249,6 +249,7 @@
DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
[LibraryClasses.common.UEFI_APPLICATION]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 29f365f63f..93fece0dc1 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -138,6 +138,9 @@ NumBlocks = 0x80
0x000000|0x006000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
+0x006000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
+
0x010000|0x008000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index c934ddc2db..d9384f9153 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -104,7 +104,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
- LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
!ifdef $(SOURCE_DEBUG_ENABLE)
@@ -249,6 +249,7 @@
DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf
PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf
[LibraryClasses.common.UEFI_APPLICATION]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index c08024e8ea..b1444d9e8f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -138,6 +138,9 @@ NumBlocks = 0x80
0x000000|0x006000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
+0x006000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
+
0x010000|0x008000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 37030e6898..c1350b931f 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -24,6 +24,7 @@ Module Name:
//
// The Library classes this module consumes
//
+#include
#include
#include
#include
@@ -217,5 +218,21 @@ InitializeRamRegions (
EfiACPIMemoryNVS
);
#endif
+
+ //
+ // Reserve the lock box storage area
+ //
+ // Since this memory range will be used on S3 resume, it must be
+ // reserved as ACPI NVS.
+ //
+ ZeroMem (
+ (VOID*)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase),
+ (UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize)
+ );
+ BuildMemoryAllocationHob (
+ (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase),
+ (UINT64)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize),
+ EfiACPIMemoryNVS
+ );
}
}
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index c91513882a..3b47bb70dd 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -70,6 +70,8 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdS3AcpiReservedMemorySize
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize