Currently, multiple dsc files within the OvmfPkg directory use the NULL
version of the CcProbeLib library. However, these packages have support
for confidential guests (usage of CcExitLib, MemEncrypt{Sev,Tdx}Lib, etc.)
and should be using the OvmfPkg version of the CcProbeLib.
The use of the NULL library causes the PCI option ROM to be enabled, which
can't be trusted as it originates from the hypervisor. The use of the NULL
library also causes a KVM hypervisor error when attempting to map/back the
option ROM region when running an SEV-SNP guest.
Update the various dsc files to reference the OvmfPkg version of the
CcProbeLib library and prevent usage of PCI option ROMs.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Since the tdx measurement APIs are implemented by
TdxMeasurementLib, the duplicate code are removed.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
This patch is to implement default IsCpuSyncAlwaysNeeded definition
for SmmCpuPlatformHookLibQemu. This interface will determine whether the first
CPU Synchronization should be executed unconditionally when a SMI occurs.
If the function returns true, it indicates that there is no need to check the system
configuration and status, and the first CPU Synchronization should be executed
unconditionally.
If the function returns false, it indicates that the first CPU Synchronization is
not executed unconditionally, and the decision to synchronize should be based on
the system configuration and status.
Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>
The VirtIO spec states that "Upon receipt of a
VIRTIO_CONSOLE_CONSOLE_PORT message, the driver SHOULD treat the port in
a manner suitable for text console access and MUST respond with a
VIRTIO_CONSOLE_PORT_OPEN message, which MUST have value set to 1". See
https://docs.oasis-open.org/virtio/virtio/v1.3/virtio-v1.3.html#x1-3330002.
The current driver implementation, however, does not comply with that
and only sends PORT_OPEN messages upon receipt of PORT_OPEN messages.
This causes a problem in platforms like Apple's Virtualization
Framework, where PORT_OPEN messages are not sent back to the driver
after CONSOLE_PORT messages are received by the device, a behaviour that
is compliant with the VirtIO specification.
This patch addresses this issue by always responding CONSOLE_PORT
messages with PORT_OPEN messages.
Signed-off-by: Pedro Tôrres <t0rr3sp3dr0@gmail.com>
This is virtio based keyboard driver designed to be used on ARM platform.
The driver implements basic and extended text input interface.
UEFI shell requires only basic text input interface, but Grub needs
extended text input to work on.
Signed-off-by: Paweł Poławski <ppolawsk@redhat.com>
This commit adds:
- missing virtio subsystem ID for input device
- PrepareVirtioKeyboardDevicePath() handler to boot manager library
Signed-off-by: Paweł Poławski <ppolawsk@redhat.com>
Add a FileIsInFv check to PlatformRegisterFvBootOption, this is to
to avoid adding and then removing a boot option shortly after,
because the file is no longer in the firmware volume.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Move out file presence check from RemoveStaleFvFileOptions
to a new helper function for reusability. No functional changes
intended.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
BaseCryptLib, RngLib, IntrinsicLib and OpensslLib are enabled by default
on LoongArch VM, since some APPs or OS require them.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
The Python version used for build and CI should always be at least
the minimum version supported by edk2-pytool-extensions. A badge
is added that keeps this information dynamically up-to-date based
on the minimum version specified in edk2-pytool-extensions
pyproject.toml file.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Refer to intel-tdx-module-api spec section 5.5.21, GPR mask
(TDVMCALL_EXPOSE_REGS_MASK) is a bitmap that controls which
part of the guest TD GPR and XMM state is passed as-is to
the VMM and back.
- A bit value of 0 indicates that the corresponding register
is saved by the Intel TDX module and not passed as-is to
Host VMM.
- A bit value of 1 indicates that the corresponding register
is passed as-is to the host VMM.
Currently, RBX is used as the mailbox address in ApRunLoop.nasm,
the corresponding bit value of RBX in MASK(Bit 3) is set as 1 which
means the value is passed to Host VMM as-is and it can be changed by
Host VMM.
So the bitmask shall be set as 0 to avoid this situation.
Reference:
[TDX-API]: intel-tdx-module-abi-spec
https://cdrdv2.intel.com/v1/dl/getContent/733579
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Hunter Adrian <adrian.hunter@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Since the UEFI 2.11 has been released, the macro
MAX_LOONGARCH_EXCEPTION has been added in MdePkg, so it is deleted in
LoongArchVirt/Sec/LoongArch64/Start.S
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
This PR updates the CI pipelines to use VS2022 instead of VS2019
as that is the latest supported VS toolchain on edk2.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Since TdxHelperLib was defined in LibraryClasses for OvmfPkgX64.dsc,
the extra definitions is removed.
And for other dsc, add the Null-TdxHelperLib to remove the extra
definitions.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Add TdTcg2Pei in OvmfPkgX64.dsc in early PEI phase to
support CC measurement.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Because PeiTpmMeasurementLib supports both TCG measurement and CC
measurement, it shall be controled by TPM2_ENABLE and
CC_MEASUREMENT_EANBLE.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
TdTcg2Pei is added to install the gEdkiiCcPpi for a TD-Guest.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Since TdxHelperLib has the API(TdxHelperMapPcrToMrIndex)
to map PCR to MR index, the duplicate codes are removed.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Add below APIs to support the implementation for CC measurement.
- TdxHelperMapPcrToMrIndex
- TdxHelperHashAndExtendToRtmr
- TdxHelperBuildTdxMeasurementGuidHob
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Since the TdxHelperLib is used for measurement
in PEI phase, it required TDVF to add the library.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
While IScsiDxe certainly is a useful feature it is rarely used, and it
slows down firmware boot quite a bit. So disable it by default and only
load it in case this is explicitly requested via fw_cfg.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
UefiDriverEntryPointFwCfgOverrideLib will use
PcdEntryPointOverrideDefaultValue to decide what to do in case the
fw_cfg file specified via PcdEntryPointOverrideFwCfgVarName is not
present. Default is "yes".
This allows to disable drivers by default and only enable them when
requested via fw_cfg.
Also log a message with the config option applied and whenever the
default value or a fw_cfg option was used.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for UsbMassStorageDxe so
the driver can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/UsbStorageSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for IScsiDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/ISCSISupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use UefiDriverEntryPointFwCfgOverrideLib for VirtioNetDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/VirtioNetSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The second step is to add an option to the OvmfPkg module to disable
PXE booting using the NETWORK_PXE_BOOT_ENABLE flag. The patch is divided
into 3 parts. At the current stage the flag is not functional.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
Check PcdConfidentialComputingGuestAttr instead of calling
MemEncryptSevIsEnabled() and MemEncryptTdxIsEnabled() to figure
whenever SEV or TDX is enabled.
This allows to remove the MemEncryptSevLib + MemEncryptTdxLib
dependencies.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Intel's ACPICA download is no longer on acpica.org, but that site
redirects to pages on intel.com. Update the link to acpica.org to
the new ACPICA download page.
Microsoft's acpi.info no longer exists, so update the link to point to
Microsoft's ACPI compiler information page.
While here, update the nasm link from http to https.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Currently, PciHostBridgeUtilityGetRootBridgesHostProvided allocates memory
for aperture structures without clearing memory. This causes garbage in
the Translation field, but the Base and Limit fields have the correct
values because they are copied from the HOST_BRIDGE_INFO fields in the
HardwareInfoPciHostBridgeHostBridgeHostBridgeGetApertures function.
RootBridge: PciRoot(0x0)
Support/Attr: 70069 / 70069
DmaAbove4G: No
NoExtConfSpace: No
AllocAttr: 3 (CombineMemPMem Mem64Decode)
Bus: 0 - 80 Translation=0
Io: 6000 - FFFF Translation=5E9EB018
Mem: 80000000 - DFFFFFFF Translation=0
MemAbove4G: 600000000000 - 7FFFFFFFFFFF Translation=0
PMem: FFFFFFFFFFFFFFFF - 0 Translation=0
PMemAbove4G: FFFFFFFFFFFFFFFF - 0 Translation=0
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
Since the pixiefail CVE fix the network stack requires a hardware
random number generator. This can currently be a modern CPU supporting
the RDRAND instruction or a virtio-rng device.
The latter is initialized during the BDS phase.
To ensure all depending (network) modules are also started, we need to
run the dispatcher once more after the device was initialized.
Without this, network boot is not available under certain hardware
configurations.
Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Enable x2apic mode in case the number of possible CPUs (including
hotplug-able CPus which are not (yet) online) is larger than 255.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add a debug message that indicates when the NV variables are being
initialized through the template structure.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
When OVMF is built with SECURE_BOOT_ENABLE, the variable store will be
populated and validated in PlatformValidateNvVarStore(). When an SEV
or an SEV-ES guest is running, this may be encrypted or unencrypted
depending on how the guest was started. If the guest was started with the
combined code and variable contents (OVMF.fd), then the variable store
will be encrypted. If the guest was started with the separate code and
variables contents (OVMF_CODE.fd and OVMF_VARS.fd), then the variable
store will be unencrypted.
When PlatformValidateNvVarStore() is first invoked, the variable store
area is initially mapped encrypted, which may or may not pass the variable
validation step depending how the guest was launched. To accomodate this,
retry the validation step on failure after remapping the variable store
area as unencrypted.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and
initializing the emulated variable store happens before memory has been
accepted under SEV-SNP. This results in a #VC exception for accessing
memory that hasn't been validated (error code 0x404). The #VC handler
treats this error code as a fatal error, causing the OVMF boot to fail.
Move the call to ReserveEmuVariableNvStore() to after memory has been
accepted by AmdSevInitialize().
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
SEV-SNP does not support the use of the Qemu flash device as SEV-SNP
guests are started using the Qemu -bios option instead of the Qemu -drive
if=pflash option. Perform runtime detection of SEV-SNP and exit early from
the Qemu flash device initialization, indicating the Qemu flash device is
not present. SEV-SNP guests will use the emulated variable support.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Following the change in UefiCpuPkg, this moves OvmfPkg's
ResetVectors to USER_DEFINED modules to prevent any
NULL libraries from being linked against them, allowing
for expected behavior from the ResetVector and for
simpler implementation of NULL libraries applied globally.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Rename `NetworkPcds` to `NetworkFixedPcds` to avoid confusion with
dynamic PCDs
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jianyong Wu <jianyong.wu@arm.com>
Cc: Anatol Belski <anbelski@linux.microsoft.com>
Cc: Sunil V L <sunilvl@ventanamicro.com>
Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Cc: Chao Li <lichao@loongson.cn>
Cc: Bibo Mao <maobibo@loongson.cn>
Cc: Xianglai Li <lixianglai@loongson.cn>
Signed-off-by: Aleksandr Goncharov <chat@joursoir.net>
Start using the include file in the OvmfPkg package to manage dynamic
network-related PCDs. This change removes the manual addition of
`PcdIPv4PXESupport` and `PcdIPv6PXESupport` from the DSC file,
relying instead on the centralized include file introduced in
NetworkPkg.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jianyong Wu <jianyong.wu@arm.com>
Cc: Anatol Belski <anbelski@linux.microsoft.com>
Cc: Sunil V L <sunilvl@ventanamicro.com>
Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Cc: Chao Li <lichao@loongson.cn>
Cc: Bibo Mao <maobibo@loongson.cn>
Cc: Xianglai Li <lixianglai@loongson.cn>
Signed-off-by: Aleksandr Goncharov <chat@joursoir.net>
Tom Lendacky
Ceping Sun
Khor Swee Aun
Pedro Tôrres
Paweł Poławski
Luigi Leonardi
Chao Li
Gerd Hoffmann
Michael Kubacki
Oliver Smith-Denny
Alexander Gryanko
Rebecca Cran
Alexander Gryanko
Marc Chen
Oliver Steffen
Aleksandr Goncharov
Jiaxin Wu