mirror of https://github.com/acidanthera/audk.git
86defc2c25
In the next two patches, we'll temporarily decrypt the pages containing the initial SMRAM save state map, for SMBASE relocation. (Unlike the separate, relocated SMRAM save state map of each VCPU, the original, shared map behaves similarly to a "common buffer" between guest and host.) The decryption will occur near the beginning of the DXE phase, in AmdSevDxe, and the re-encryption will occur in PiSmmCpuDxeSmm, via OVMF's SmmCpuFeaturesLib instance. There is a non-trivial time gap between these two points, and the DXE phase might use the pages overlapping the initial SMRAM save state map for arbitrary purposes meanwhile. In order to prevent any information leak towards the hypervisor, make sure the DXE phase puts nothing in those pages until re-encryption is done. Creating a memalloc HOB for the area in question is safe: - the temporary SEC/PEI RAM (stack and heap) is based at PcdOvmfSecPeiTempRamBase, which is above 8MB, - the permanent PEI RAM (installed in PlatformPei's PublishPeiMemory() function) never starts below PcdOvmfDxeMemFvBase, which is also above 8MB. The allocated pages can be released to the DXE phase after SMBASE relocation and re-encryption are complete. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> |
||
|---|---|---|
| AppPkg | ||
| ArmPkg | ||
| ArmPlatformPkg | ||
| ArmVirtPkg | ||
| BaseTools | ||
| BeagleBoardPkg | ||
| Conf | ||
| CorebootModulePkg | ||
| CorebootPayloadPkg | ||
| CryptoPkg | ||
| DuetPkg | ||
| EdkCompatibilityPkg | ||
| EdkShellBinPkg | ||
| EdkShellPkg | ||
| EmbeddedPkg | ||
| EmulatorPkg | ||
| FatBinPkg | ||
| FatPkg | ||
| IntelFrameworkModulePkg | ||
| IntelFrameworkPkg | ||
| IntelFsp2Pkg | ||
| IntelFsp2WrapperPkg | ||
| IntelFspPkg | ||
| IntelFspWrapperPkg | ||
| IntelSiliconPkg | ||
| MdeModulePkg | ||
| MdePkg | ||
| NetworkPkg | ||
| Nt32Pkg | ||
| Omap35xxPkg | ||
| OptionRomPkg | ||
| OvmfPkg | ||
| PcAtChipsetPkg | ||
| QuarkPlatformPkg | ||
| QuarkSocPkg | ||
| SecurityPkg | ||
| ShellBinPkg | ||
| ShellPkg | ||
| SignedCapsulePkg | ||
| SourceLevelDebugPkg | ||
| StdLib | ||
| StdLibPrivateInternalFiles | ||
| UefiCpuPkg | ||
| UnixPkg | ||
| Vlv2DeviceRefCodePkg | ||
| Vlv2TbltDevicePkg | ||
| .gitignore | ||
| .gitmodules | ||
| BuildNotes2.txt | ||
| Contributions.txt | ||
| License.txt | ||
| Maintainers.txt | ||
| Readme.md | ||
| edksetup.bat | ||
| edksetup.sh | ||
Readme.md
EDK II Project
A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from www.uefi.org.
Contributions to the EDK II open source project are covered by the TianoCore Contribution Agreement 1.1
The majority of the content in the EDK II open source project uses a BSD 2-Clause License. The EDK II open source project contains the following components that are covered by additional licenses:
- AppPkg/Applications/Python/Python-2.7.2/Tools/pybench
- AppPkg/Applications/Python/Python-2.7.2
- AppPkg/Applications/Python/Python-2.7.10
- BaseTools/Source/C/BrotliCompress
- MdeModulePkg/Library/BrotliCustomDecompressLib
- OvmfPkg
- CryptoPkg/Library/OpensslLib/openssl
The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.