audk/OvmfPkg/VirtHstiDxe/QemuQ35.c

/** @file

SPDX-License-Identifier: BSD-2-Clause-Patent

**/

#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/HstiLib.h>
#include <Library/PcdLib.h>
#include <Library/PciLib.h>

#include <IndustryStandard/Hsti.h>
#include <IndustryStandard/Q35MchIch9.h>

#include "VirtHstiDxe.h"

STATIC VIRT_ADAPTER_INFO_PLATFORM_SECURITY  mHstiQ35 = {
  PLATFORM_SECURITY_VERSION_VNEXTCS,
  PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
  { L"OVMF (Qemu Q35)" },
  VIRT_HSTI_SECURITY_FEATURE_SIZE,
};

VIRT_ADAPTER_INFO_PLATFORM_SECURITY *
VirtHstiQemuQ35Init (
  VOID
  )
{
  if (FeaturePcdGet (PcdSmmSmramRequire)) {
    VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
    VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
  }

  return &mHstiQ35;
}

VOID
VirtHstiQemuQ35Verify (
  VOID
  )
{
  if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK)) {
    CHAR16  *ErrorMsg = NULL;
    UINT8   SmramVal;
    UINT8   EsmramcVal;

    SmramVal   = PciRead8 (DRAMC_REGISTER_Q35 (MCH_SMRAM));
    EsmramcVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_ESMRAMC));

    if (!(EsmramcVal & MCH_ESMRAMC_T_EN)) {
      ErrorMsg = L"q35 smram access is open";
    } else if (!(SmramVal & MCH_SMRAM_D_LCK)) {
      ErrorMsg = L"q35 smram config is not locked";
    }

    VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
  }

  if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH)) {
    CHAR16  *ErrorMsg = NULL;

    switch (VirtHstiQemuFirmwareFlashCheck (PcdGet32 (PcdOvmfFlashNvStorageVariableBase))) {
      case QEMU_FIRMWARE_FLASH_WRITABLE:
        ErrorMsg = L"qemu vars pflash is not secure";
        break;
    }

    VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
  }
}