From nobody Thu Apr 25 17:06:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63441+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63441+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596016854; cv=none; d=zohomail.com; s=zohoarc; b=MQUbrU9plN6hmAThaUTJMnI4o+g2Gh3x08v7HPFaHZkiWJMm6gqEIO8ll8UumcwP24q8sCAzP6kE/GceMeNQ8+xdNKzrS9QUqxq1Ojndv5fTa+Oq8NY5B9E7ekhPjqIw1mcuxfwSWieBbm6XghNJ/eyAVbqI6R06UgUV99vJles= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596016854; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=LEZ9+07NRnqBcWFWt7hTv05g7JCnQJa/dwthaOYPSeg=; b=UqPbtAsfCcc/BjkuecOZVaDGsv/FBOKKqassfF6zBy7zGtZsdc/c/HI0spIfSOeojnVEl3DzJNlBaoA+SkaedrsYEmu91pzUdu7QmXvMWNBlAPU1LTXbRhYD8f/h1r7qStAA7Xz0PWiUgyQgbC/L96LQerzw3VuZDHlsyvMj3/A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63441+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 159601685469616.38516981711814; Wed, 29 Jul 2020 03:00:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id VDEIYY1788612xvHOzE2ybfW; Wed, 29 Jul 2020 03:00:54 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.1113.1596006540206119425 for ; Wed, 29 Jul 2020 00:09:00 -0700 IronPort-SDR: 0x248X9NYMytd8qI61dwdKPBfkOBr1kVfaAeVXfuMBERzw2csdw66+KMii9lKUCYU8g8Q0309T dbsEEo9Tn/9w== X-IronPort-AV: E=McAfee;i="6000,8403,9696"; a="150537737" X-IronPort-AV: E=Sophos;i="5.75,409,1589266800"; d="scan'208";a="150537737" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jul 2020 00:08:59 -0700 IronPort-SDR: JOZUNr+zkyQ58CU4UOy/uS6jiHAGU0ntnOjxqdHkdELrMM1UBS6i/2dR7cCh4S2BwIP5SOXzXs kUlwFsJSs+aA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,409,1589266800"; d="scan'208";a="490193697" X-Received: from shwdesssddpdwei.ccr.corp.intel.com ([10.239.157.46]) by fmsmga006.fm.intel.com with ESMTP; 29 Jul 2020 00:08:57 -0700 From: "Sheng Wei" To: devel@edk2.groups.io Cc: Ray Ni , Rangasai V Chaganty Subject: [edk2-devel] [PATCH 1/2] PlatformVTdInfoSamplePei: Install Null Root Entry Table PPI Date: Wed, 29 Jul 2020 15:08:20 +0800 Message-Id: <20200729070821.11120-2-w.sheng@intel.com> In-Reply-To: <20200729070821.11120-1-w.sheng@intel.com> References: <20200729070821.11120-1-w.sheng@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,w.sheng@intel.com X-Gm-Message-State: qEU3PfSu5uJDihaJRPCviaSDx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596016854; bh=fuVkQMIy+XKiHrG2hr6Z1wzNmfn29M0Iwu09UiIl9fU=; h=Cc:Date:From:Reply-To:Subject:To; b=vqIJkbVrOTTBBDimrLyXbnLilZXYfcdZRKCj5MQq6/0E6qKDAyIOqcvto5ZdpBVNYdk +JEPaSrZTwbZqX4odW2807+2OE3P3+yZBpaUH1gfuxjMthSEyoyFYi8tUPgMjZRTT8qEC ge6/Ue9El819AC5VmL1Jko7hTs27D0g7w6s= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BIOS uses TE with a null root entry table to block VT-d engine access to block any DMA traffic in pre-memory phase. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2867 Cc: Ray Ni Cc: Rangasai V Chaganty Signed-off-by: Sheng Wei --- .../PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c | 16 ++++++++++++= ++++ 1 file changed, 16 insertions(+) diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSampl= ePei/PlatformVTdInfoSamplePei.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd= /PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c index 6f6c14f7a9..1399f4238d 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/Pl= atformVTdInfoSamplePei.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/Pl= atformVTdInfoSamplePei.c @@ -164,6 +164,17 @@ EFI_PEI_PPI_DESCRIPTOR mPlatformVTdNoIgdInfoSampleDesc= =3D { &mPlatformVTdNoIgdSample }; =20 +EFI_GUID gVTdNullRootEntryTableGuid =3D { 0x3de0593f, 0x6e3e, 0x4542, { 0x= a1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff }}; + +// BIOS uses TE with a null root entry table to block VT-d engine access t= o block any DMA traffic in pre-memory phase. +UINT64 mNullRootEntryTable =3D 0xFED20000; + +EFI_PEI_PPI_DESCRIPTOR mPlatformNullRootEntryTableDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gVTdNullRootEntryTableGuid, + &mNullRootEntryTable +}; + /** Initialize VTd register. Initialize the VTd hardware unit which has INCLUDE_PCI_ALL set @@ -349,6 +360,11 @@ PlatformVTdInfoSampleInitialize ( Status =3D PeiServicesNotifyPpi (&mSiliconInitializedNotifyList); InitGlobalVtd (); =20 + Status =3D PeiServicesInstallPpi (&mPlatformNullRootEntryTableDesc); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR , "Failed to install the NullRootEntryTable ppi = - %r\n", Status)); + } + Status =3D PeiServicesInstallPpi (&mPlatformVTdNoIgdInfoSampleDesc); ASSERT_EFI_ERROR (Status); } else { --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63441): https://edk2.groups.io/g/devel/message/63441 Mute This Topic: https://groups.io/mt/75861787/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Apr 25 17:06:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63442+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63442+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596016856; cv=none; d=zohomail.com; s=zohoarc; b=CplXhPW7KOh2NPEi8xxTtccwfACfQmd1TLRri2IUZGOuNSouFO046Eoy3bBddnqWj5i2GGHmd/w/Dsf6s7KHq0+LHkGGu/mgoRHxC6ofI9fQ8JgCAqFwz9rldMyMdLbTAKIr2wmfS5Bu3pRlGojPJU6tXY4iBsF7HjMNJFbOn3c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596016856; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=yDsgivvUo+qPptjAJsU//+GUidgWgKgp3Du7+VnLYxQ=; b=l1nyWye6YcT16KaGJeDzbY/GHXsOWwlABfMS6K3IFEkYugaiKs00BoeqVwt4T8OE2otkhYXYjehIAUP+aXar+igeqNsuVNUDrRFZ/u+jBQaqOZTAJRiP3hsreXaUnzXDevdGhuyuNlsLCwoN+X+kqT+hDN7njjwNiuFWNOS9g/Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63442+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596016856247596.9742505420303; Wed, 29 Jul 2020 03:00:56 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id lGU1YY1788612xV9H2C5QMSV; Wed, 29 Jul 2020 03:00:54 -0700 X-Received: from mga14.intel.com (mga14.intel.com []) by mx.groups.io with SMTP id smtpd.web12.1113.1596006540206119425 for ; Wed, 29 Jul 2020 00:09:01 -0700 IronPort-SDR: MV0KDNRlQLQiZqRDg/51S8hWyl1h79uy3CZfbZP15fuF2mTzDp27aa1tp5R3YtPMCGVI8FcDkl Fni8Ea79tkUQ== X-IronPort-AV: E=McAfee;i="6000,8403,9696"; a="150537744" X-IronPort-AV: E=Sophos;i="5.75,409,1589266800"; d="scan'208";a="150537744" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jul 2020 00:09:00 -0700 IronPort-SDR: GXjHCzvRiD6YkbPVgtJVVYyxU9/w9MReNUeRIhQcCx0DxQ5Bwsvr+ZuZg0KGYOsNJsdDcQJ92c oXeNseAD4knA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,409,1589266800"; d="scan'208";a="490193731" X-Received: from shwdesssddpdwei.ccr.corp.intel.com ([10.239.157.46]) by fmsmga006.fm.intel.com with ESMTP; 29 Jul 2020 00:08:59 -0700 From: "Sheng Wei" To: devel@edk2.groups.io Cc: Ray Ni , Rangasai V Chaganty Subject: [edk2-devel] [PATCH 2/2] IntelVTdPmrPei: Fix PMR enabling setting confilct Date: Wed, 29 Jul 2020 15:08:21 +0800 Message-Id: <20200729070821.11120-3-w.sheng@intel.com> In-Reply-To: <20200729070821.11120-1-w.sheng@intel.com> References: <20200729070821.11120-1-w.sheng@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,w.sheng@intel.com X-Gm-Message-State: 0YlPLf1pK2bJ4N4I5MvJ1rYpx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596016854; bh=DIHaAkFH/i7g3Tr/vGpcNRb0e3S7tJ0kHpVAwZK8SC8=; h=Cc:Date:From:Reply-To:Subject:To; b=kIPGJWFfykuARh5eRGS+1FcXk2DKQSnpE0o9KkdAqXtllCo8WDmANR0C3IjRJIganT1 VWyw3Vm2t5305RSWJL8JUL0gN7W1KqO9QoBSH06og2yo72UlKWejRLonRGEygx6pvvvlR C6BFUNiHSZKXcG9IkQ3RpRJlDBO7zcdbSmo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" PMR enabling set by pre-boot DMA protection is cleared by RC when boot guard is enabled. Pre-boot DMA protection should only reset VT-d BAR when it is 0 and reset PMR region when it is not programmed to protect all memory address. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2867 Cc: Ray Ni Cc: Rangasai V Chaganty Signed-off-by: Sheng Wei --- .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c | 14 ++++++ .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h | 15 +++++++ .../Feature/VTd/IntelVTdPmrPei/VtdReg.c | 50 ++++++++++++++++++= ++++ 3 files changed, 79 insertions(+) diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/Intel= VTdPmrPei.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/Inte= lVTdPmrPei.c index ea944aa40c..31a14f2852 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrP= ei.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrP= ei.c @@ -745,7 +745,21 @@ VTdInfoNotify ( // Protect all system memory // InitVTdInfo (); + + Hob =3D GetFirstGuidHob (&mVTdInfoGuid); + VTdInfo =3D GET_GUID_HOB_DATA(Hob); + + // + // NOTE: We need check if PMR is enabled or not. + // + EnabledEngineMask =3D GetDmaProtectionEnabledEngineMask (VTdInfo, VTdI= nfo->EngineMask); + if (EnabledEngineMask !=3D 0) { + Status =3D PreMemoryEnableVTdTranslationProtection (VTdInfo, Enabled= EngineMask); + } InitVTdPmrForAll (); + if (((EnabledEngineMask !=3D 0) && (!EFI_ERROR (Status)))) { + DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask); + } =20 // // Install PPI. diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/Intel= VTdPmrPei.h b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/Inte= lVTdPmrPei.h index 58e6afad08..ffed2c5b6c 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrP= ei.h +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrP= ei.h @@ -97,6 +97,21 @@ GetHighMemoryAlignment ( IN UINT64 EngineMask ); =20 +/** + Enable VTd translation table protection in pre-memory phase. + + @param VTdInfo The VTd engine context information. + @param EngineMask The mask of the VTd engine to be accessed. + + @retval EFI_SUCCESS DMAR translation protection is enabled. + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported. +**/ +EFI_STATUS +PreMemoryEnableVTdTranslationProtection ( + IN VTD_INFO *VTdInfo, + IN UINT64 EngineMask + ); + /** Enable VTd translation table protection. =20 diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdRe= g.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c index c9669426aa..e4b027ac57 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c @@ -13,11 +13,16 @@ #include #include #include +#include #include #include =20 #include "IntelVTdPmrPei.h" =20 +EFI_GUID gVTdNullRootEntryTableGuid =3D { + 0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, = 0xff } +}; + /** Flush VTD page table and context table memory. =20 @@ -246,6 +251,51 @@ DisableDmar ( return EFI_SUCCESS; } =20 +/** + Enable VTd translation table protection in pre-memory phase. + + @param VTdInfo The VTd engine context information. + @param EngineMask The mask of the VTd engine to be accessed. + + @retval EFI_SUCCESS DMAR translation protection is enabled. + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported. +**/ +EFI_STATUS +PreMemoryEnableVTdTranslationProtection ( + IN VTD_INFO *VTdInfo, + IN UINT64 EngineMask + ) +{ + EFI_STATUS Status; + UINTN Index; + UINT64 *RootEntryTable; + + DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection - 0x%lx\n",= EngineMask)); + + Status =3D PeiServicesLocatePpi ( + &gVTdNullRootEntryTableGuid, + 0, + NULL, + (VOID **)&RootEntryTable + ); + + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status)); + return EFI_UNSUPPORTED; + } + + DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n", *RootEntryTable)); + + for (Index =3D 0; Index < VTdInfo->VTdEngineCount; Index++) { + if ((EngineMask & LShiftU64(1, Index)) =3D=3D 0) { + continue; + } + EnableDmar ((UINTN)VTdInfo->VTdEngineAddress[Index], (UINTN)*RootEntry= Table); + } + + return EFI_SUCCESS; +} + /** Enable VTd translation table protection. =20 --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63442): https://edk2.groups.io/g/devel/message/63442 Mute This Topic: https://groups.io/mt/75861788/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-