Add the 'initrd' dynamic shell command to the build so we can load
Linux initrds straight from the shell using the new generic protocol,
which does not rely on initrd= being passed on the command line.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2564
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
In preparation of conditializing the choice of resolution based on
TPM2_ENABLE for ArmVirtQemu, move the TpmMeasurementLib out of the
shared .DSC include and into the individual DSCs.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
DxeTpmMeasurementLib should only be used on platforms that implement
measured boot, which we will do in a future patch, but only for
ArmVirtQemu, as the remaining ones are fundamentally incompatible,
given that they do not implement a PEI phase.
So use TpmMeasurementLibNull as the default resolution for all
ArmVirtPkg platforms, regardless of how they are built.
This mirrors commit 1ec05b81e5 ("OvmfPkg: use DxeTpmMeasurementLib
if and only if TPM2_ENABLE", 2019-07-04).
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
After upgrading the CI system we use for building the ArmVirtPkg
targets, we started seeing failures due to the NOOPT build running
out of space when using the CLANG38 toolchain definition combined
with clang 7.
We really don't want to increase the FD/FV sizes in general to
accommodate this, so parameterize the relevant quantities and
increase them by 50% for NOOPT builds.
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Port the [LibraryClasses], [PcdsFixedAtBuild] and [Components] settings
that are related to NETWORK_TLS_ENABLE from OvmfPkg to ArmVirtPkg.
ArmVirtXen is not modified because it doesn't include the edk2 network
stack.
(This change is now simpler than it would have been when TianoCore#1009
was originally filed, due to ArmVirtPkg consuming the NetworkPkg include
fragments meanwhile, from TianoCore#1293 / commit 157a3b1aa50f.)
The usage hints from "OvmfPkg/README", section "HTTPS Boot", apply.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gary Lin <glin@suse.com>
Cc: Guillaume GARDET <guillaume.gardet@arm.com>
Cc: Julien Grall <julien.grall@arm.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1009
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Guillaume Gardet <guillaume.gardet@arm.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Tested-by: Gary Lin <glin@suse.com>
This patch updates the platform DSC/FDF files to use the include fragment
files provided by NetworkPkg.
The feature enabling flags in [Defines] section have been updated to use
the NetworkPkg's terms, and the value has been overridden with the original
default value on this platform.
v2:Add check for NETWORK_SNP_ENABLE and NETWORK_TLS_ENABLE.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Message-Id: <20190516081810.27840-4-shenglei.zhang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1293
[lersek@redhat.com: add TianoCore Bugzilla reference]
[lersek@redhat.com: undo spurious whitespace changes]
[lersek@redhat.com: clarify SNP and TLS rejection messages]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Having removed VALID_ARCHITECTURES from
"OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf", it now makes sense to
reflect the related platform DSC bits from OvmfPkg to ArmVirtPkg.
Build "EnrollDefaultKeys.efi" as part of ArmVirtQemu and ArmVirtQemuKernel
(which are the ArmVirtPkg platforms that include SecureBootConfigDxe too).
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1683
V2: Use the common UefiDecompressLib resolution in
[LibraryClasses.common] section and drop all the others.
BaseUefiDecompressLib in MdePkg is the
base UEFI decompress Library.
BaseUefiTianoCustomDecompressLib in IntelFrameworkModulePkg
implements the base UEFI decompress functionality and
Tiano decompress functionality.
1. TIANOCOMPRESSED rule in ArmVirtRules.fdf.inc
is not used, so remove it.
2. Platform doesn't use the TianoCompress, so do
not have to use BaseUefiTianoCustomDecompressLib,
can use the BaseUefiDecompressLib in MdePkg directly.
3. UefiDecompressLib common resolution now can apply to
all module types. So keep the UefiDecompressLib resolution
in [LibraryClasses.common] section and remove all others.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x {Xen} x {DEBUG,NOOPT,RELEASE} x {feat-1}
(6 builds in total), PcdOptionRomImageVerificationPolicy,
PcdFixedMediaImageVerificationPolicy, and
PcdRemovableMediaImageVerificationPolicy are not used in any of those
builds.
Restrict the settings to the ArmVirtQemu and ArmVirtQemuKernel platforms
(preserving the -D SECURE_BOOT_ENABLE restriction in the process).
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x {Xen} x {DEBUG,NOOPT,RELEASE} x {feat-0,feat-1}
(12 builds in total), the PCD is not used in any of those builds. Restrict
the setting to the ArmVirtQemu and ArmVirtQemuKernel platforms.
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x {Xen} x {DEBUG,NOOPT,RELEASE} x {feat-0,feat-1}
(12 builds in total), the PCD is not used in any of those builds.
Restrict the setting to the ArmVirtQemu and ArmVirtQemuKernel platforms.
Restrict the TTY_TERMINAL define similarly.
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x {Qemu,QemuKernel,Xen} x {RELEASE} x {feat-0,feat-1}
(12 builds in total), the PCD is not used in any of those builds. Restrict
the PCD setting to ($(TARGET) != RELEASE).
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x {Qemu,QemuKernel,Xen} x {RELEASE} x {feat-0,feat-1}
(12 builds in total), the PCD is not used in any of those builds.
Rather than just restrict the PCD setting to ($(TARGET) != RELEASE),
remove the setting completely. The current value is identical to the 0xAF
default in "MdePkg/MdePkg.dec", which recognizes Andrew Fish, and so it's
unlikely to ever change.
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x
{QemuKernel,Xen} x
{DEBUG,NOOPT,RELEASE} x
{feat-0,feat-1}
(24 builds in total), the PCD is not used in any of those builds.
Move the setting from "ArmVirt.dsc.inc" to "ArmVirtQemu.dsc", to reflect
reality.
We originally moved the PCD setting in the opposite direction in commit
8aab575c26 ("ArmVirtPkg: enable non-executable DXE stack for all
platforms", 2017-03-07), generalizing it. However, as the comment itself
states, and according to all 36 ArmVirt build reports:
{AARCH64,ARM} x
{Qemu,QemuKernel,Xen} x
{DEBUG,NOOPT,RELEASE} x
{feat-0,feat-1}
the PCD is only consumed by "MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf", and
that module is only included in the ArmVirtQemu platform.
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x
{Qemu,QemuKernel,Xen} x
{DEBUG,NOOPT,RELEASE} x
{feat-0,feat-1}
(36 builds in total), the PCD is not used in any of those builds. Remove
the setting.
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
According to the
PCDs not used by modules or in conditional directives
sections of all the build reports for
{AARCH64,ARM} x
{Qemu,QemuKernel,Xen} x
{DEBUG,NOOPT,RELEASE} x
{feat-0,feat-1}
(36 builds in total), the PCD is not used in any of those builds. Remove
the setting.
("feat-1" stands for "-D HTTP_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D
SECURE_BOOT_ENABLE -D TTY_TERMINAL", while "feat-0" stands for "".)
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Drop the reference to ArmPkg/DefaultExceptionHandlerLibBase, which
is no longer used anywhere now that DebugAgentSymbolsBaseLib no
longer incorporates a vector table and exception handling.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Commit 9a67ba261f ("ArmVirtPkg: Replace obsoleted network drivers
from platform DSC/FDF") failed to take into account that the now
unconditionally included IScsiDxe.inf from NetworkPkg requires a
resolution for TcpIoLib. Since specifying such a resolution is harmless
for platforms that have no networking enabled, let's just fix things
by dropping the conditionals around it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This patch replaces the MdeModulePkg TCP, PXE and iSCSI driver with those
ones in NetworkPkg. These 3 drivers in MdeModulePkg are not being actively
maintained and will be removed from edk2 master soon.
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
PcdPrePiCpuMemorySize is no longer used so drop the PCD overrides
from all platform descriptions in ArmVirtPkg.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The class name for the "PeiResourcePublicationLib" instance is just
"ResourcePublicationLib", not "PeiResourcePublicationLib". However, no
module included in the ArmVirtPkg platforms depends on this lib class;
remove its resolution.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Add the IPv6 stack to ArmVirtQemu with a cumulative port of the following
OvmfPkg commits:
* 36c6413f76 "OvmfPkg: enable the IPv6 support", 2014-12-19
* 96302b80d9 "OvmfPkg: Enable Network2 Shell Commands for IPv6",
2016-03-08
* 6d0f8941bd "OvmfPkg: always resolve OpenSslLib, IntrinsicLib and
BaseCryptLib", 2017-01-17
* 32e22f20c9 "OvmfPkg: correct the IScsiDxe module included for the IPv6
stack", 2017-01-17
The IPv6-enabled IScsiDxe driver depends on BaseCryptLib, and the
"CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf" instance depends on
IntrinsicLib and OpensslLib. This is why commit 6d0f8941bd is relevant.
However, unlike in OvmfPkg, in ArmVirtPkg we'll precisely track the
firmware features that require these library classes. (The OvmfPkg
discussion was quite complex, and the OvmfPkg solution was a compromise:
<http://mid.mail-archive.com/1484569332-13440-1-git-send-email-jiaxin.wu@intel.com>.)
The ArmVirtXen platform is not extended with the relevant drivers because
currently it doesn't include any networking support.
Cc: Julien Grall <julien.grall@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1007
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Switch to the new IoLib implementation that will only use KVM
safe instructions to perform MMIO memory accesses.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Resolve the PciCapLib, PciCapPciSegmentLib, and PciCapPciIoLib classes to
their single respective instances under OvmfPkg. Later patches will use
those lib classes in OvmfPkg drivers, some of which are included in
ArmVirt platforms.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Port OvmfPkg commit 5c3481b0b6 to ArmVirtPkg. Some explanation should
be in order (because 5c3481b0b6 doesn't offer any):
- The UefiDevicePathLibDevicePathProtocol instance uses the Device Path
Utilities Protocol, produced by DevicePathDxe, for formatting and
parsing the textual device path representation. This allows for a
lighter weight lib instance that gets linked into several DXE modules.
In comparison, the more standalone UefiDevicePathLib instance includes
the formatting and parsing routines in every client module.
- The DXE core needs DevicePathLib before it dispatches DevicePathDxe, so
it needs to stick with the standalone instance.
- DevicePathDxe itself also needs the standalone instance, for
implementing the protocol.
- The DXE-phase PCD driver, "MdeModulePkg/Universal/PCD/Dxe/Pcd.inf",
depends on DevicePathLib via UefiLib and DxeServicesLib at the least; so
with this update, it inherits a dependency on the protocol. In reverse,
DevicePathDxe depends on the PCD Protocol, via PcdLib. The cycle is
broken by using BasePcdLibNull in DevicePathDxe. That restricts it to
FixedAtBuild, Patch, and FeatureFlag PCDs, but that's fine.
Example space savings (using ArmVirtQemu and the GCC5 toolchain):
- NOOPT: 187KB in FVMAIN, 12KB in FVMAIN_COMPACT
- DEBUG: 147KB in FVMAIN, 20KB in FVMAIN_COMPACT
- RELEASE: 123KB in FVMAIN, 17KB in FVMAIN_COMPACT
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=940
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Switch all users of ArmVirt.dsc.inc to the new DebugLib implementation
that was created especially for DXE_RUNTIME_DRIVER modules, ensuring
that DEBUG() calls do not touch the UART at runtime.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=800
Based on content from the following branch/commits:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport33bab4031aca516b1a612b9f111f2e
The BootGraphicsResourceTableDxe module uses the BmpSupportLib
and SafeIntLib to convert a GOP BLT buffer to a BMP graphics image.
Add library mappings for these new library classes.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Bret Barkelew <Bret.Barkelew@microsoft.com>
ArmVirt.dsc.inc sets gEmbeddedTokenSpaceGuid.PcdCacheEnable,
which is unused and about to be deleted. Drop it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
The TFTP command was converted from a NULL class library instance to a
dynamic shell command in commit 0961002352.
The ShellLib and FileHandleLib resolutions are moved from
[LibraryClasses.common.UEFI_APPLICATION] to [LibraryClasses.common]
because dynamic shell commands are implemented as DXE_DRIVER modules.
PcdShellLibAutoInitialize must be set to FALSE for both the shell app
itself and the dynamic shell command modules.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
[lersek@redhat.com: extend commit message]
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Build-tested-by: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Julien Grall <julien.grall@linaro.org>
ArmPlatformStackLib has hooks into primary/secondary core PCDs and
other ArmPlatformLib related junk, so let's simply set the stack
pointer directly. This is trivial given that our PrePi is unicore
only.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Switch to the new, cleaned up PL011UartLib implementation so we will
be able to remove the old one.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
"ArmVirtXen.fdf" pulls in none of the drivers from
"MdeModulePkg/Universal/Network", therefore building them in
"ArmVirtXen.dsc", via "ArmVirt.dsc.inc", is wasted work.
Move the "MdeModulePkg/Universal/Network" drivers from "ArmVirt.dsc.inc"
to "ArmVirtQemu.dsc" and "ArmVirtQemuKernel.dsc".
Place the new block between the "Bds" and "SCSI Bus and Disk Driver"
blocks, similarly to its context in "ArmVirtQemuFvMain.fdf.inc".
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
The virt targets never use non-coherent DMA, so there is no point
in having a shared DmaLib library class resolution pointing to
ArmDmaLib. So drop it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
A block of settings has been copied around ARM platforms for years.
These are consumed only by Ebl, and since none of the ArmVirtPkg
platforms use that, drop them.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Commit 7b1dc6c569 'ArmVirtPkg: switch to generic ResetSystemRuntimeDxe'
replaced all references in ArmVirtPkg to the deprecated ResetRuntimeDxe
from EmbeddedPkg with the well maintained generic alternative that lives
in MdeModulePkg.
However, as it turns out, the generic driver has a dependency on the
library class ReportStatusCodeLib, whose default resolution is an
implementation that is not safe for use at runtime, resulting in crashes
when trying to invoke it from the OS.
Since we have no use for status codes in any of the ArmVirtPkg
platforms, let's replace all resolutions with a common one to the NULL
implementation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
For obscure reasons, ARM platforms use a different implementation of
the ResetSystem() runtime service call than other platforms. So let's
switch all ArmVirtPkg platforms to the generic version instead.
Given that all platforms use an implementation of EfiResetSystemLib [as
consumed by the ResetRuntimeDxe in EmbeddedPkg that we are replacing]
which is unlikely to be depended upon by out of tree platforms, let's
simply modify this library into an implementation of ResetSystemLib
instead [which is what the generic driver in MdeModulePkg consumes]
This does mean we need to update all clients at the same time, which
is why all changes are part of the same patch.
As before, warm reset and platform specific reset are mapped onto
cold reset (which is the only thing PSCI implements, at least the
version we depend on). The new library function EnterS3WithImmediateWake()
is left unimplemented, as permitted by the ResetSystemLib library class.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Remove the functions now provided by TimeBaseLib from
PL031RealTimeClockLib. Add TimeBaseLib resolution to ArmVirtPkg
in same commit to prevent breakage.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
In this patch, the ACPI protocol / driver chain is enabled dynamically,
when appropriate. This is being done in one larger patch, because
ArmVirt.dsc.inc, where AcpiTableDxe is built, is used by all the platform
DSCs.
No change in behavior should be observable after this patch on any
ArmVirtPkg platform.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Include DXE_CORE in the BuildOptions that are set to force 4 KB section
alignment for PE/COFF images in order to allow them to be mapped with
strict memory permissions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Now that ARM has grown support for managing memory permissions in
ArmMmuLib, we can enable the non-executable DXE stack for all virt
platforms. Note that this includes the AARCH64 Xen platform as well.
Note that this is not [entirely] redundant: the non-executable stack
is configured before DxeCore is invoked. The image and memory protection
features configured during DXE only take affect when the CPU arch
protocol implementation is registered.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Like for AARCH64, enable PE/COFF image and NX memory protection for all
32-bit ARM virt platforms.
Note that this does not [yet] protect EfiLoaderData regions, due to
compatibility issues with GRUB.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This sets the recently introduced PCD PcdDxeNxMemoryProtectionPolicy to
a value that protects all memory regions except code regions against
inadvertent execution.
Note that this does not [yet] protect EfiLoaderData regions, due to
compatibility issues with shim and GRUB.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Recent changes to ShellPkg require a resolution for UefiBootManagerLib
for all platforms in ArmVirtPkg. So move the resolution to the shared
include ArmVirt.dsc.inc.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This removes the PCD PcdArmUncachedMemoryMask from ArmPkg, along with
any remaining references to it in various platform .DSC files. It is
no longer used now that we removed the virtual uncached pages protocol
and the associated DebugUncachedMemoryAllocationLib library instance.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
The only observeable effect of having PcdPerformanceLibraryPropertyMask
set to 1 is that a EfiReservedMemory region of 4 pages is allocated right
below the 4 GB mark. This region is out of bounds for the OS, which means
it is not even allowed to map it, to avoid speculative loads from it.
On Linux, this may prevent the kernel from using a 1 GB block mapping for
this region, and instead it has to carve up the block as follows:
0xffffffff80000000-0xffffffffbe000000 992M PMD CON BLK
0xffffffffbe000000-0xffffffffbfe00000 30M PMD BLK
0xffffffffbfe00000-0xffffffffbfff0000 1984K PTE CON
0xffffffffbfff0000-0xffffffffbfffc000 48K PTE
where it would otherwise use a single 1 GB mapping (*), i.e.,
0xffffffff80000000-0xffffffffc0000000 1G PGD
To clarify, the latter is a single 8 byte entry in the top level page
table, whereas in the former case, we have two additional levels of
paging, requiring two extra 4 KB pages (on a 4 KB pagesize kernel).
The real cost, however, is the TLB footprint, which goes up from a
single entry to a number between 90 and 1020, depending on whether
contiguous hints are honoured by the hardware.
So let's remove PcdPerformanceLibraryPropertyMask until we find a reason
why we need it.
(*) provided that no other allocations were deliberately located right
below the 4 GB mark, and that we are running with more than 3 GB of
memory, in which case most allocations will be over 4 GB, given EDK2's
default top-down allocation policy.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
The OpensslLibCrypto library instance (which does not contain libssl
functions) is sufficient for the Secure Boot feature. It would not be
sufficient for HTTPS booting (which requires TLS), but in ArmVirtPkg, we
don't even enable plaintext HTTP booting for the time being.
Ease security analysis by excluding libssl functionality from the
OpensslLib instance we use.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Tomas Hoger <thoger@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Enable the new DXE image protection for all image, i.e., FV images but
also external images that originate from disk or the network, such as
OS loaders.
This complements work that is underway on the arm64/Linux kernel side,
to emit the OS loader with 4 KB section alignment, and a suitable split
between code and data.
http://marc.info/?l=linux-arm-kernel&m=148655557227819
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>