tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OvmfPkg: Use the OvmfPkg version of CcProbeLib 

Currently, multiple dsc files within the OvmfPkg directory use the NULL
version of the CcProbeLib library. However, these packages have support
for confidential guests (usage of CcExitLib, MemEncrypt{Sev,Tdx}Lib, etc.)
and should be using the OvmfPkg version of the CcProbeLib.

The use of the NULL library causes the PCI option ROM to be enabled, which
can't be trusted as it originates from the hypervisor. The use of the NULL
library also causes a KVM hypervisor error when attempting to map/back the
option ROM region when running an SEV-SNP guest.

Update the various dsc files to reference the OvmfPkg version of the
CcProbeLib library and prevent usage of PCI option ROMs.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
This commit is contained in:
Tom Lendacky 2025-01-08 12:22:43 -06:00 committed by mergify[bot]
parent d51baa02a6
commit 8b87eb9dfb
3 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
OvmfPkg/AmdSev/AmdSevX64.dsc
View File

@ -142,7 +142,6 @@
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
@ -165,6 +164,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
@ -232,6 +232,7 @@
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEI_CORE] [LibraryClasses.common.PEI_CORE]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@ -248,6 +249,7 @@
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
!endif !endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEIM] [LibraryClasses.common.PEIM]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@ -277,6 +279,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
[LibraryClasses.common.DXE_CORE] [LibraryClasses.common.DXE_CORE]

7
OvmfPkg/CloudHv/CloudHvX64.dsc
View File

@ -160,7 +160,6 @@
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
@ -187,6 +186,9 @@
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
!if $(SMM_REQUIRE) == FALSE !if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
!else
CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
!endif !endif
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
@ -270,6 +272,7 @@
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEI_CORE] [LibraryClasses.common.PEI_CORE]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@ -286,6 +289,7 @@
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
!endif !endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEIM] [LibraryClasses.common.PEIM]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@ -314,6 +318,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibNull.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLibNull.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
[LibraryClasses.common.DXE_CORE] [LibraryClasses.common.DXE_CORE]

5
OvmfPkg/Microvm/MicrovmX64.dsc
View File

@ -163,7 +163,6 @@
PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
@ -186,6 +185,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
@ -278,6 +278,7 @@
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEI_CORE] [LibraryClasses.common.PEI_CORE]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@ -294,6 +295,7 @@
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
!endif !endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
[LibraryClasses.common.PEIM] [LibraryClasses.common.PEIM]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
@ -322,6 +324,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
[LibraryClasses.common.DXE_CORE] [LibraryClasses.common.DXE_CORE]