This library is designed for handling variable HII checks within the
Standalone MMm environment. It includes the functions
dedicated to registering handlers that process information received
from VarCheckHiiLibMmDependency.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Rename SetVariableCheckHandlerHii and wrap it as a common API to
facilitate the usage in the following patches.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Change the Size parameter of BuildVarCheckHiiBin from OUT to an
input-output parameter.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
VarCheckHiiLibMmDependency retrieve data (mVarCheckHiiBin) at the end
of the DXE phase, and pass the acquired data to the
VarCheckHiiLibStandaloneMm through a communication protocol.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Relocate the declaration of mVarCheckHiiBin to support for standalone
MM modules utilizing the same mVarCheckHiiBin.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Adds generic creator id as DYNT.
Updates the common ACPI tables with generic CreatorId.
Cc: Sami Mujawar <Sami.Mujawar@arm.com>
Cc: Pierre Gondois <pierre.gondois@arm.com>
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
EdkLogger logs were not showing up as part of the build log output.
Adding the EdkLogger import to GenMake.py fixes the missing log prints.
Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
In Standalone MM, there is no notification to MM drivers that variable
write is ready. Install gSmmVariableWriteGuid into MM handle database
for the notification.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
The timer counter register can wrap around and when this happens,
we'll get misbehavior for any MicroSecondDelay() calls. This adds
handling for that.
Signed-off-by: Carsten Haitzler <carsten.haitzler@foss.arm.com>
This patch measures the ExitBootServices invocation to the
TPM even in the case of ExitBootServices failing, per TCG
PC Client Platform Firmware Profile Version 1.06 Revision
52 Family 2.0 section 8.2.4(i).
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
When including one ASL file in another, add a header / footer to the
included file to easily tell where the included file starts and ends.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Clang complains about a couple of variables potentially being
uninitialized, and those complaints seem to be valid.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
'asm' is not a keyword in C99, but GCC supports it nonetheless as a GNU
extension. So when using Clang, we must specify the gnu99 dialect
explicitly, or inline asm blocks using asm() rather than __asm__() will
be rejected by the compiler.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
When launching a SEV-SNP VM, the ROM is not all that must be measured.
The OvmfSevMetadata sections describe ranges of memory that must be
measured with different types than PAGE_TYPE_NORMAL, except one. The
SevSnpKernelHashes page is also PAGE_TYPE_NORMAL, but is populated by
the VMM from configuration data that is separate from the OVMF build
itself. To more compactly provide reference values for the measurement
of the firmware separately from the kernel hashes, it's advantageous to
measure as much known information as possible first.
Whereas VMMs are permitted to measure these sections in any order they
prefer, the normative order of how they appear in the .fd is easiest to
follow. This change is semantics-preserving. Measurement calculation
tools that do not follow the normative ordering would need updating to
accommodate, but I don't know of any. The accounting for EC2 moving the
CPUID page to the end of measurement would be unchanged.
This change is to improve performance of a proposed launch update event
log to separate responsibility for initially measured data before VM
launch, application/vnd.amd.sevsnp.launch-updates+cbor:
https://github.com/deeglaze/draft-deeglaze-amd-sev-snp-corim-profile
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
On AARCH64 systems, the GCD is not fully synced with the page table. On
x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`,
`EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the
GCD, then the page table attributes are set on the GCD attributes.
However, on AARCH64, the GCD capabilities do not get updated, instead
only the attributes from the page table are masked by the existing GCD
capabilities, which means that any new page table attribute which are
already set are dropped and the GCD does not reflect the state of the
system. This has been seen to cause issues where memory in the page
table that was marked `EFI_MEMORY_XP` had an additional attribute set
using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this
caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a
potential security issue.
The existing behavior on AARCH64 systems is an implementation error, it
assumes one of two things:
- The page table attributes must be a subset of the GCD capabilities
- The GCD does not need to have its capabilities synced to what the page
table attributes are
The first is incorrect as important attributes such as `EFI_MEMORY_XP`
do not get applied to the GCD capabilities by default and therefore must
be synced back. This comment from ArmPkg's CpuDxe driver helps explain:
```c
// The GCD implementation maintains its own copy of the state of memory
// space attributes. GCD needs to know what the initial memory space
// attributes are. The CPU Arch. Protocol does not provide a
// GetMemoryAttributes function for GCD to get this so we must resort to
// calling GCD (as if we were a client) to update its copy of the
// attributes. This is bad architecture and should be replaced with a
// way for GCD to query the CPU Arch. driver of the existing memory
// space attributes instead.
```
However, this comment misses that updating the capabilities is critical
to updating the attributes.
The second is incorrect because significant pieces of core code
reference the GCD attributes instead of the page table attributes. For
example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and
attributes when interacting with a non-discoverable PCI device. When the
GCD is not synced to the page table, we get the errors and security
concerns listed above.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
There are a number of mostly older guests such as RHEL-7 which do not
support 5-level paging. This patch adds support for switching from
5-level paging mode back to 4-level paging mode. This is done in PEI,
after inspecting the address space needed (installed memory and
reservations configured via fw_cfg).
By default small guests (which need less than 1 TB) will use 4-level
paging mode. There is a fw_cfg override though, so it is possible to
force the one or the other this way:
qemu-system-x86_64 -fw_cfg name=opt/org.tianocode/PagingLevel,string=5
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Since all places where the old name was used for the LoongArch CSR 0x20
regiser have been changed to the new name, the old name is removed.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Since the LoongArch SPEC has adjusted the CSR 0x20 register name and
the MdePkg also added the new name, so enable it in OvmfPkg.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Since the LoongArch SPEC has adjusted the CSR 0x20 register name and
the MdePkg also added the new name, so enable it in UefiCpuPkg.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Added a new name for CSR 0x20 because LoongArch SPEC has adjustd the CSR
0x20 register name.
Ref: LoongArch Reference Manual Vol 1, Seciton 7.1.
https://loongson.github.io/LoongArch-Documentation/LoongArch-Vol1-EN.html#control-and-status-registers
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
X64 arch needs to restart the MM dispatcher once MM entry point is
registered, therefore set PcdRestartMmDispatcherOnceMmEntryRegistered
to TRUE by default for X64 only.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
When booting OvmfXen, the ACPI interface for shutdown/reset might not
be available, instead use the hypercall interface.
While it's probably possible to use the hypercall in all cases, we
keep using the same interface while it still possible. That is ACPI on
HVM guest, and fallback to hypercall on PVH guest.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
Add a new function to allow to make an hypercall to shutdown the
machine.
This import "sched.h" public header from Xen Project's repo. Some
changes have been made to be closer to EDK2's coding style.
Add the entire OvmfPkg/Include/IndustryStandard/Xen/ directory to
LicenseCheck ignore. All the existing header files, as well as the new
sched.h, are MIT licensed.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
XenHypercallLib now makes direct hypercalls, so HyperPages is
unnecessary and can be removed.
Change the XenPvhDetected() ASSERT to use the Xen version. That has
never been 0, AFAIK.
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
This removes the need to allocate memory for the hypercall page,
particularly for use during runtime. This also makes the library usable
in all phases, so LIBRARY_CLASS can remove the restrictions.
The processor vendor is used to select vmmcall or vmcall instructions.
The listed vendors are those in the Xen tree.
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
In the current code, TDVF reads the PcdSetNxForStack value via fw_cfg ,
but overwrites it with a fixed value after the read is complete.
In this patch, TDVF removes the redundant logic code.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
LocateAndInstallAcpiFromFvConditional was always returning EFI_SUCCESS
even when it failed to find `AcpiFile`. Fix that, and improve the layout
by checking if an error occurred and breaking earlier.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
According to TCG's Platform Reset Attack Mitigation spec, the OS should
never create the MOR variable, only read and write it.
But some OSes (Fedora 24 and 25) don't follow the TCG's Platform Reset
Attack Mitigation spec and unintentionally create MOR variable.
The commit fda8f631ed added function
VariableHaveTcgProtocols() to check against Tcg/Tcg2 protocol to infer
whether the MOR variable is created by platform firmware or not. If not,
delete the variable created by OS and lock the variable to avoid OS to
create it.
But in VariableStandaloneMm, VariableHaveTcgProtocols() always returns
FALSE, it causes TCG MOR secure feature does not work in standalone MM
environment.
As Fedora 24 and 25 are EOL today, directly returns TRUE in the function
VariableHaveTcgProtocols() for VariableStandaloneMm, and rename the
function to VariableIsMorVariableLegitimate() to make it more obvious
what the narrow use-case is for which it exists.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
REF : https://bugzilla.tianocore.org/show_bug.cgi?id=4817
This commit is to add OrderedCollectionLib in MdePkg for DxeCore usage.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Andrew Fish <afish@apple.com>
Tested-by: Xiaoqiang Zhang <xiaoqiang.zhang@intel.com>
REF : https://bugzilla.tianocore.org/show_bug.cgi?id=4817
Before entering BIOS setup, CoreValidateHandle function executed
over 600,000 times during BDS phase on latest 8S server platform.
In CoreValidateHandle function, current implementation will go
through the doubly-linked list handle database in each call, and
this will have big impact on boot performance.
The optimization is using Red-black tree to store the EFI handle
address when insert each EFI handle into the handle database, and
remove the handle from Red-black tree if the handle is removed
from the handle database. CoreValidateHandle function changed to
go through the Red-black tree.
After verification on latest 8S server platform, BDS boot time can
save 20s+ after this change.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Andrew Fish <afish@apple.com>
Tested-by: Xiaoqiang Zhang <xiaoqiang.zhang@intel.com>
LzmaDecompressLib does not exist as a library class, and the library
implementation that is usually referenced in this context is intended to
be incorporated using NULL library class resolution.
Let's fix this so that we can drop the reference to LzmaDecompressLib.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Sami Mujawar <sami.mujawar@arm.com>
Some of the boilerplate in ArmPlatformLib is only relevant when entering
UEFI on multiple cores, and this is no longer supported. So retire the
associated helper routines.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Some of the boilerplate in ArmPlatformLib is only relevant when entering
UEFI on multiple cores, and this is no longer supported. So retire the
associated helper routines.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Add helper functions to generate AML resource data
for I/O resource descriptor.
Cc: Pierre Gondois <pierre.gondois@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
Ken Lautner
xieyuanh
Abdul Lateef Attar
zodf0055980
Wei6 Xu
Carsten Haitzler
Saloni Kasbekar
Matthew Carlson
Ashraf Ali
Joey Vagedes
Ard Biesheuvel
Dionna Glaze
Oliver Smith-Denny
Gerd Hoffmann
Chao Li
Anthony PERARD
Jason Andryuk
Ceping Sun
Rebecca Cran
Xiaoqiang Zhang