From nobody Sun Apr 28 20:26:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67814+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67814+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1606146802; cv=none; d=zohomail.com; s=zohoarc; b=UQbXX2JGxAQkbWCWHquJTixo2yZ61T9uieNu4FqJfxEqggn/iZ00vUgciBumie5fZUPtDRPJSzjSsbYs22JZTjmPp2h9okqvwebM/38GIR2JtDfGBoDhJ13gP1qjtejjXKjTTq2sBKi5Es4mmIdlfUGmDeSZGi85V296d/t1ATk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606146802; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Bs7giNAb2QQFBYC130Ku0rhv2TYsIKr1kVhkqs6uhS8=; b=NixMC8mTedz0+8YJpUiLgoW97JNZL5j7UOdoJMQ//yG4k44z7iSSMPlHFzeKgdp86KNjsrPBi1GEpVl0WjAmeQ+lsAoHtQAAF+/O0VufmaF0/wIAI4nBdfREQ5ZWfrzosNLlUMIvdj4DPq5WSaKKmS2mdE0UYOJ3dmzzn3uRD9M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67814+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1606146802047867.9630391505802; Mon, 23 Nov 2020 07:53:22 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id hukqYY1788612xbnWQblMhwP; Mon, 23 Nov 2020 07:53:21 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web08.108.1605897936691237253 for ; Fri, 20 Nov 2020 10:45:36 -0800 X-Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIZ53u136693; Fri, 20 Nov 2020 13:45:34 -0500 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 34xgu85cq3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:34 -0500 X-Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0AKIZCkt137366; Fri, 20 Nov 2020 13:45:33 -0500 X-Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 34xgu85cpr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:33 -0500 X-Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AKISUWK023863; Fri, 20 Nov 2020 18:45:32 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma04dal.us.ibm.com with ESMTP id 34t6va4rsb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 18:45:32 +0000 X-Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AKIjMN036372816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Nov 2020 18:45:22 GMT X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 213826A04D; Fri, 20 Nov 2020 18:45:28 +0000 (GMT) X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 733396A05D; Fri, 20 Nov 2020 18:45:25 +0000 (GMT) X-Received: from jarvis.int.hansenpartnership.com (unknown [9.80.207.206]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 20 Nov 2020 18:45:25 +0000 (GMT) From: "James Bottomley" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Laszlo Ersek Subject: [edk2-devel] [PATCH v2 1/6] OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF Date: Fri, 20 Nov 2020 10:45:16 -0800 Message-Id: <20201120184521.19437-2-jejb@linux.ibm.com> In-Reply-To: <20201120184521.19437-1-jejb@linux.ibm.com> References: <20201120184521.19437-1-jejb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com X-Gm-Message-State: 0a4oLNLbYr6tDWLBL1lETHhlx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1606146801; bh=KR4YzABhAxT1G/S8RZSrTJg2cz6C1bsRtG4lghDem3M=; h=Cc:Date:From:Reply-To:Subject:To; b=qfUBrVPyxlPffFvKxot5k65B9nuf9xjeMLz04MXZQdlkQPOYZDHD/HBvZ03jh4HuC3U GIN6p4QbU5IP+Q0NN53AbuThvnFlWAX9dvGW+Bw3hT73/YCbIobZ+GGXOjULwkVykikeF 3D7MRs14v4ivOiJUvQOVTkOXB/Rvq540llk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" This commit represents the file copied from OvmfPkgX64 with minor changes to change the build name. This package will form the basis for adding Sev specific features. Since everything must go into a single rom file for attestation, the separated build of code and variables is eliminated. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3077 Signed-off-by: James Bottomley --- v2: remove secure boot, smm and networking --- OvmfPkg/AmdSev/AmdSevX64.dsc | 867 +++++++++++++++++++++++++++++++++++ OvmfPkg/AmdSev/AmdSevX64.fdf | 461 +++++++++++++++++++ 2 files changed, 1328 insertions(+) create mode 100644 OvmfPkg/AmdSev/AmdSevX64.dsc create mode 100644 OvmfPkg/AmdSev/AmdSevX64.fdf diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc new file mode 100644 index 000000000000..852be757bfbe --- /dev/null +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -0,0 +1,867 @@ +## @file +# EFI/Framework Open Virtual Machine Firmware (OVMF) platform for SEV sec= ure +# virtual machine remote attestation and secret injection +# +# Copyright (c) 2020 James Bottomley, IBM Corporation. +# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +##########################################################################= ###### +# +# Defines Section - statements that will be processed to create a Makefile. +# +##########################################################################= ###### +[Defines] + PLATFORM_NAME =3D Ovmf + PLATFORM_GUID =3D 07ff380c-4760-4823-8f59-ec2cb06fbc16 + PLATFORM_VERSION =3D 0.1 + DSC_SPECIFICATION =3D 0x00010005 + OUTPUT_DIRECTORY =3D Build/AmdSev + SUPPORTED_ARCHITECTURES =3D X64 + BUILD_TARGETS =3D NOOPT|DEBUG|RELEASE + SKUID_IDENTIFIER =3D DEFAULT + FLASH_DEFINITION =3D OvmfPkg/AmdSev/AmdSevX64.fdf + + # + # Defines for default states. These can be changed on the command line. + # -D FLAG=3DVALUE + # + DEFINE SOURCE_DEBUG_ENABLE =3D FALSE + DEFINE TPM_ENABLE =3D FALSE + DEFINE TPM_CONFIG_ENABLE =3D FALSE + + # + # Device drivers + # + DEFINE PVSCSI_ENABLE =3D TRUE + DEFINE MPT_SCSI_ENABLE =3D TRUE + DEFINE LSI_SCSI_ENABLE =3D FALSE + + # + # Flash size selection. Setting FD_SIZE_IN_KB on the command line direct= ly to + # one of the supported values, in place of any of the convenience macros= , is + # permitted. + # +!ifdef $(FD_SIZE_1MB) + DEFINE FD_SIZE_IN_KB =3D 1024 +!else +!ifdef $(FD_SIZE_2MB) + DEFINE FD_SIZE_IN_KB =3D 2048 +!else +!ifdef $(FD_SIZE_4MB) + DEFINE FD_SIZE_IN_KB =3D 4096 +!else + DEFINE FD_SIZE_IN_KB =3D 4096 +!endif +!endif +!endif + +[BuildOptions] + GCC:RELEASE_*_*_CC_FLAGS =3D -DMDEPKG_NDEBUG + INTEL:RELEASE_*_*_CC_FLAGS =3D /D MDEPKG_NDEBUG + MSFT:RELEASE_*_*_CC_FLAGS =3D /D MDEPKG_NDEBUG +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(TOOL_CHAIN_TAG) !=3D "CLANGPDB" + GCC:*_*_*_CC_FLAGS =3D -mno-mmx -mno-sse +!endif +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + MSFT:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable + GCC:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable + INTEL:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable +!endif + + # + # Disable deprecated APIs. + # + MSFT:*_*_*_CC_FLAGS =3D /D DISABLE_NEW_DEPRECATED_INTERFACES + INTEL:*_*_*_CC_FLAGS =3D /D DISABLE_NEW_DEPRECATED_INTERFACES + GCC:*_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES + +[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] + GCC:*_*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000 + XCODE:*_*_*_DLINK_FLAGS =3D -seg1addr 0x1000 -segalign 0x1000 + XCODE:*_*_*_MTOC_FLAGS =3D -align 0x1000 + CLANGPDB:*_*_*_DLINK_FLAGS =3D /ALIGN:4096 + +# Force PE/COFF sections to be aligned at 4KB boundaries to support page l= evel +# protection of DXE_SMM_DRIVER/SMM_CORE modules +[BuildOptions.common.EDKII.DXE_SMM_DRIVER, BuildOptions.common.EDKII.SMM_C= ORE] + GCC:*_*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000 + XCODE:*_*_*_DLINK_FLAGS =3D -seg1addr 0x1000 -segalign 0x1000 + XCODE:*_*_*_MTOC_FLAGS =3D -align 0x1000 + CLANGPDB:*_*_*_DLINK_FLAGS =3D /ALIGN:4096 + +##########################################################################= ###### +# +# SKU Identification section - list of all SKU IDs supported by this Platf= orm. +# +##########################################################################= ###### +[SkuIds] + 0|DEFAULT + +##########################################################################= ###### +# +# Library Class section - list of all Library Classes needed by this Platf= orm. +# +##########################################################################= ###### +[LibraryClasses] + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/BaseResetSystemLib.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLibRepStr/BaseMemoryLibRepStr.inf + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.i= nf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf + CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf + PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibN= ull.inf + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMain= tenanceLib.inf + UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompres= sLib.inf + UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf + HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf + UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf + BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf + DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf + DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableL= ib.inf + PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeC= offGetEntryPointLib.inf + PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf + PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf + PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf + PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPc= iSegmentLib.inf + PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf + SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf + MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf + UefiLib|MdePkg/Library/UefiLib/UefiLib.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U= efiRuntimeServicesTableLib.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA= pplicationEntryPoint.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDev= icePathLibDevicePathProtocol.inf + NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf + FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf + UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf + SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeS= ecurityManagementLib.inf + UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf + SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf + QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFw= CfgSimpleParserLib.inf + VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf + LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL= ib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf + CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf + FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf + +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb= ug/PeCoffExtraActionLibDebug.inf + DebugCommunicationLib|SourceLevelDebugPkg/Library/DebugCommunicationLibS= erialPort/DebugCommunicationLibSerialPort.inf +!else + PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeC= offExtraActionLibNull.inf + DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.i= nf +!endif + + LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf + + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + + + ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf + S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip= tLib.inf + SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf + OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf + XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf + XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf + +!if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf +!endif + +[LibraryClasses.common] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf + +[LibraryClasses.common.SEC] + TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPor= t.inf +!endif + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor= tStatusCodeLib.inf + ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseE= xtractGuidedSectionLib.inf +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib= .inf +!endif + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/= PeiServicesTablePointerLibIdt.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf +!if $(TOOL_CHAIN_TAG) =3D=3D "XCODE5" + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5S= ecPeiCpuExceptionHandlerLib.inf +!else + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf +!endif + +[LibraryClasses.common.PEI_CORE] + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/= PeiServicesTablePointerLibIdt.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf + PeiCoreEntryPoint|MdePkg/Library/PeiCoreEntryPoint/PeiCoreEntryPoint.inf + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor= tStatusCodeLib.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf + PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeC= offGetEntryPointLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + +[LibraryClasses.common.PEIM] + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/= PeiServicesTablePointerLibIdt.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor= tStatusCodeLib.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf + PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeC= offGetEntryPointLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResou= rcePublicationLib.inf + ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExt= ractGuidedSectionLib.inf +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib= .inf +!endif + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE= xceptionHandlerLib.inf + MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf + QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf + +!if $(TPM_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif + +[LibraryClasses.common.DXE_CORE] + HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeC= oreMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExt= ractGuidedSectionLib.inf +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf +!endif + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE= xceptionHandlerLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/R= untimeDxeReportStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf + +[LibraryClasses.common.UEFI_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +[LibraryClasses.common.DXE_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLib/PlatformBo= otManagerLib.inf + PlatformBmPrintScLib|OvmfPkg/Library/PlatformBmPrintScLib/PlatformBmPrin= tScLib.inf + QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE= xceptionHandlerLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf +!endif + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf + QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf + QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf +!if $(TPM_ENABLE) =3D=3D TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif + +[LibraryClasses.common.UEFI_APPLICATION] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc= ationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL= ib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuE= xceptionHandlerLib.inf +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf +!endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +[LibraryClasses.common.SMM_CORE] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/S= mmCorePlatformHookLibNull.inf + MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/Pi= SmmCoreMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf + SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/Pi= SmmCoreSmmServicesTableLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +##########################################################################= ###### +# +# Pcd Section - list of all EDK II PCD Entries defined by this Platform. +# +##########################################################################= ###### +[PcdsFeatureFlag] + gEfiMdeModulePkgTokenSpaceGuid.PcdHiiOsRuntimeSupport|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE +!ifdef $(CSM_ENABLE) + gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE +!endif + +[PcdsFixedAtBuild] + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 + gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FAL= SE + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10 +!if ($(FD_SIZE_IN_KB) =3D=3D 1024) || ($(FD_SIZE_IN_KB) =3D=3D 2048) + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + # match PcdFlashNvStorageVariableSize purely for convenience + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000 +!endif +!if $(FD_SIZE_IN_KB) =3D=3D 4096 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400 + # match PcdFlashNvStorageVariableSize purely for convenience + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000 +!endif + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000 + + gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|TRUE + + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 + + # DEBUG_INIT 0x00000001 // Initialization + # DEBUG_WARN 0x00000002 // Warnings + # DEBUG_LOAD 0x00000004 // Load events + # DEBUG_FS 0x00000008 // EFI File system + # DEBUG_POOL 0x00000010 // Alloc & Free (pool) + # DEBUG_PAGE 0x00000020 // Alloc & Free (page) + # DEBUG_INFO 0x00000040 // Informational debug messages + # DEBUG_DISPATCH 0x00000080 // PEI/DXE/SMM Dispatchers + # DEBUG_VARIABLE 0x00000100 // Variable + # DEBUG_BM 0x00000400 // Boot Manager + # DEBUG_BLKIO 0x00001000 // BlkIo Driver + # DEBUG_NET 0x00004000 // SNP Driver + # DEBUG_UNDI 0x00010000 // UNDI Driver + # DEBUG_LOADFILE 0x00020000 // LoadFile + # DEBUG_EVENT 0x00080000 // Event messages + # DEBUG_GCD 0x00100000 // Global Coherency Database changes + # DEBUG_CACHE 0x00200000 // Memory range cachability changes + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F + +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +!else + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F +!endif + + # This PCD is used to set the base address of the PCI express hierarchy.= It + # is only consulted when OVMF runs on Q35. In that case it is programmed= into + # the PCIEXBAR register. + # + # On Q35 machine types that QEMU intends to support in the long term, QE= MU + # never lets the RAM below 4 GB exceed 2816 MB. + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 + +!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE + gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 +!endif + + # + # The NumberOfPages values below are ad-hoc. They are updated sporadical= ly at + # best (please refer to git-blame for past updates). The values capture = a set + # of BIN hints that made sense at a particular time, for some (now likely + # unknown) workloads / boot paths. + # + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x80 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x10 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x80 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x100 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0x100 + + # IRQs 5, 9, 10, 11 are level-triggered + gUefiOvmfPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20 + + # Point to the MdeModulePkg/Application/UiApp/UiApp.inf + gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c= , 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0= x31 } + +##########################################################################= ###### +# +# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Pla= tform +# +##########################################################################= ###### + +[PcdsDynamicDefault] + # only set when + # ($(SMM_REQUIRE) =3D=3D FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800 + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600 + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciIoSize|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Base|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Size|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Base|0x0 +!ifdef $(CSM_ENABLE) + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x0 +!else + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x800000000 +!endif + + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0 + + # Set video resolution for text setup. + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640 + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|480 + + gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0208 + gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE + + # Noexec settings for DXE. + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE + + # UefiCpuPkg PCDs related to initial AP bringup and general AP managemen= t. + gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 + gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 + + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + + # Set SEV-ES defaults + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 + +!if $(TPM_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +!endif + +[PcdsDynamicHii] +!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS +!endif + +##########################################################################= ###### +# +# Components Section - list of all EDK II Modules needed by this Platform. +# +##########################################################################= ###### +[Components] + OvmfPkg/ResetVector/ResetVector.inf + + # + # SEC Phase modules + # + OvmfPkg/Sec/SecMain.inf { + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf + } + + # + # PEI Phase modules + # + MdeModulePkg/Core/Pei/PeiMain.inf + MdeModulePkg/Universal/PCD/Pei/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouter= Pei.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf + + OvmfPkg/PlatformPei/PlatformPei.inf + UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf { + + } + UefiCpuPkg/CpuMpPei/CpuMpPei.inf + +!if $(TPM_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!endif + + # + # DXE Phase modules + # + MdeModulePkg/Core/Dxe/DxeMain.inf { + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + } + + MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCod= eRouterRuntimeDxe.inf + MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRun= timeDxe.inf + MdeModulePkg/Universal/PCD/Dxe/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + + MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf + + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + +!if $(TPM_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf +!endif + } + + MdeModulePkg/Universal/EbcDxe/EbcDxe.inf + OvmfPkg/8259InterruptControllerDxe/8259.inf + UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf + UefiCpuPkg/CpuDxe/CpuDxe.inf + OvmfPkg/8254TimerDxe/8254Timer.inf + OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf + OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf + MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf { + + PciHostBridgeLib|OvmfPkg/Library/PciHostBridgeLib/PciHostBridgeLib.i= nf + NULL|OvmfPkg/Library/PlatformHasIoMmuLib/PlatformHasIoMmuLib.inf + } + MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf + MdeModulePkg/Universal/Metronome/Metronome.inf + PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.i= nf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf { + +!ifdef $(CSM_ENABLE) + NULL|OvmfPkg/Csm/CsmSupportLib/CsmSupportLib.inf + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf +!endif + } + MdeModulePkg/Logo/LogoDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf + NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf + NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc= eManagerUiLib.inf +!ifdef $(CSM_ENABLE) + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf + NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf +!endif + } + OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf + OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf + OvmfPkg/Virtio10Dxe/Virtio10.inf + OvmfPkg/VirtioBlkDxe/VirtioBlk.inf + OvmfPkg/VirtioScsiDxe/VirtioScsi.inf + OvmfPkg/VirtioRngDxe/VirtioRng.inf + OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf + OvmfPkg/XenBusDxe/XenBusDxe.inf + OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf +!if $(PVSCSI_ENABLE) =3D=3D TRUE + OvmfPkg/PvScsiDxe/PvScsiDxe.inf +!endif +!if $(MPT_SCSI_ENABLE) =3D=3D TRUE + OvmfPkg/MptScsiDxe/MptScsiDxe.inf +!endif +!if $(LSI_SCSI_ENABLE) =3D=3D TRUE + OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf +!endif + MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf + MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim= eDxe.inf + MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf + MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf + MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf + MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf= { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf + MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf { + + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + MdeModulePkg/Universal/PrintDxe/PrintDxe.inf + MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf + MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf + MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf + MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf + FatPkg/EnhancedFatDxe/Fat.inf + MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf + MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf + MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +!ifndef $(CSM_ENABLE) + OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +!endif + OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # + # ISA Support + # + OvmfPkg/SioBusDxe/SioBusDxe.inf + MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf + MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf + + # + # SMBIOS Support + # + MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf { + + NULL|OvmfPkg/Library/SmbiosVersionLib/DetectSmbiosVersionLib.inf + } + OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf + + # + # ACPI Support + # + MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf + OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf + OvmfPkg/AcpiTables/AcpiTables.inf + MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.= inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsRes= ourceTableDxe.inf + + OvmfPkg/VirtioNetDxe/VirtioNet.inf + + # + # Usb Support + # + MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf + MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf + MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf + MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf + MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf + MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + +!ifdef $(CSM_ENABLE) + OvmfPkg/Csm/BiosThunk/VideoDxe/VideoDxe.inf { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + OvmfPkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf + OvmfPkg/Csm/Csm16/Csm16.inf +!endif + +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" + OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.in= f { + + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + } +!endif + ShellPkg/Application/Shell/Shell.inf { + + ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellComman= dLib.inf + NULL|ShellPkg/Library/UefiShellLevel2CommandsLib/UefiShellLevel2Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellLevel1CommandsLib/UefiShellLevel1Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellLevel3CommandsLib/UefiShellLevel3Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellDriver1CommandsLib/UefiShellDriver1Co= mmandsLib.inf + NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1= CommandsLib.inf + HandleParsingLib|ShellPkg/Library/UefiHandleParsingLib/UefiHandlePar= singLib.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + BcfgCommandLib|ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcf= gCommandLib.inf + + + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xFF + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 + } + + OvmfPkg/PlatformDxe/Platform.inf + OvmfPkg/AmdSevDxe/AmdSevDxe.inf + OvmfPkg/IoMmuDxe/IoMmuDxe.inf + + # + # Variable driver stack (non-SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf + OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { + + PlatformFvbLib|OvmfPkg/Library/EmuVariableFvbLib/EmuVariableFvbLib.i= nf + } + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } + + # + # TPM support + # +!if $(TPM_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf + } +!endif diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf new file mode 100644 index 000000000000..4592a4ec067d --- /dev/null +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -0,0 +1,461 @@ +## @file +# Open Virtual Machine Firmware: FDF +# +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +##########################################################################= ###### + +[Defines] +!include OvmfPkg/OvmfPkgDefines.fdf.inc + +# +# Build the variable store and the firmware code as one unified flash devi= ce +# image. +# +[FD.OVMF] +BaseAddress =3D $(FW_BASE_ADDRESS) +Size =3D $(FW_SIZE) +ErasePolarity =3D 1 +BlockSize =3D $(BLOCK_SIZE) +NumBlocks =3D $(FW_BLOCKS) + +!include OvmfPkg/VarStore.fdf.inc + +$(VARS_SIZE)|$(FVMAIN_SIZE) +FV =3D FVMAIN_COMPACT + +$(SECFV_OFFSET)|$(SECFV_SIZE) +FV =3D SECFV + +##########################################################################= ###### + +[FD.MEMFD] +BaseAddress =3D $(MEMFD_BASE_ADDRESS) +Size =3D 0xD00000 +ErasePolarity =3D 1 +BlockSize =3D 0x10000 +NumBlocks =3D 0xD0 + +0x000000|0x006000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize + +0x006000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize + +0x007000|0x001000 +gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgT= okenSpaceGuid.PcdGuidedExtractHandlerTableSize + +0x008000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfSecGhcbPageTableSize + +0x009000|0x002000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize + +0x00B000|0x001000 +gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P= cdSevEsWorkAreaSize + +0x010000|0x010000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize + +0x020000|0x0E0000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfPeiMemFvSize +FV =3D PEIFV + +0x100000|0xC00000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize +FV =3D DXEFV + +##########################################################################= ###### + +[FV.SECFV] +FvNameGuid =3D 763BED0D-DE9F-48F5-81F1-3E90E1B1A015 +BlockSize =3D 0x1000 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +# +# SEC Phase modules +# +# The code in this FV handles the initial firmware startup, and +# decompresses the PEI and DXE FVs which handles the rest of the boot sequ= ence. +# +INF OvmfPkg/Sec/SecMain.inf + +INF RuleOverride=3DRESET_VECTOR OvmfPkg/ResetVector/ResetVector.inf + +##########################################################################= ###### +[FV.PEIFV] +FvNameGuid =3D 6938079B-B503-4E3D-9D24-B28337A25806 +BlockSize =3D 0x10000 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +APRIORI PEI { + INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf +} + +# +# PEI Phase modules +# +INF MdeModulePkg/Core/Pei/PeiMain.inf +INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf +INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRou= terPei.inf +INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf +INF OvmfPkg/PlatformPei/PlatformPei.inf +INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf +INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf + +!if $(TPM_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +!endif + +##########################################################################= ###### + +[FV.DXEFV] +FvForceRebase =3D FALSE +FvNameGuid =3D 7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1 +BlockSize =3D 0x10000 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +APRIORI DXE { + INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf + INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf + INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +} + +# +# DXE Phase modules +# +INF MdeModulePkg/Core/Dxe/DxeMain.inf + +INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatus= CodeRouterRuntimeDxe.inf +INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandler= RuntimeDxe.inf +INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + +INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf +INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf +INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf +INF OvmfPkg/8259InterruptControllerDxe/8259.inf +INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf +INF UefiCpuPkg/CpuDxe/CpuDxe.inf +INF OvmfPkg/8254TimerDxe/8254Timer.inf +INF OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.= inf +INF OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf +INF MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf +INF MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf +INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf +INF MdeModulePkg/Universal/Metronome/Metronome.inf +INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDx= e.inf + +INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf +INF OvmfPkg/Virtio10Dxe/Virtio10.inf +INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf +INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf +INF OvmfPkg/VirtioRngDxe/VirtioRng.inf +INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf +INF OvmfPkg/XenBusDxe/XenBusDxe.inf +INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf +!if $(PVSCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf +!endif +!if $(MPT_SCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf +!endif +!if $(LSI_SCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf +!endif + +INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf +INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRun= timeDxe.inf +INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf +INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf +INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf +INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.= inf +INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.= inf +INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +INF MdeModulePkg/Application/UiApp/UiApp.inf +INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf +INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf +INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf +INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf +INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf +INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf +INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf +INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf +INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +INF OvmfPkg/SataControllerDxe/SataControllerDxe.inf +INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf +INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +INF MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf +INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf +INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe= .inf + +INF OvmfPkg/SioBusDxe/SioBusDxe.inf +!if $(SOURCE_DEBUG_ENABLE) =3D=3D FALSE +INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf +!endif +INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf + +INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf + +INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf +INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf +INF RuleOverride=3DACPITABLE OvmfPkg/AcpiTables/AcpiTables.inf +INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf +INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorD= xe.inf +INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphics= ResourceTableDxe.inf + +INF FatPkg/EnhancedFatDxe/Fat.inf +INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" +INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand= .inf +!endif +INF ShellPkg/Application/Shell/Shell.inf + +INF MdeModulePkg/Logo/LogoDxe.inf + +# +# Usb Support +# +INF MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf +INF MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf +INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf +INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf +INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf +INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + +!ifdef $(CSM_ENABLE) +INF OvmfPkg/Csm/BiosThunk/VideoDxe/VideoDxe.inf +INF OvmfPkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf +INF RuleOverride=3DCSM OvmfPkg/Csm/Csm16/Csm16.inf +!else +INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +!endif + +INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf +INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf +INF OvmfPkg/PlatformDxe/Platform.inf +INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf +INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf + + +# +# Variable driver stack (non-SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + +# +# TPM support +# +!if $(TPM_ENABLE) =3D=3D TRUE +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif + +##########################################################################= ###### + +[FV.FVMAIN_COMPACT] +FvNameGuid =3D 48DB5E17-707C-472D-91CD-1613E7EF51B0 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +FILE FV_IMAGE =3D 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { + SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED= =3D TRUE { + # + # These firmware volumes will have files placed in them uncompressed, + # and then both firmware volumes will be compressed in a single + # compression operation in order to achieve better overall compressio= n. + # + SECTION FV_IMAGE =3D PEIFV + SECTION FV_IMAGE =3D DXEFV + } + } + +!include OvmfPkg/FvmainCompactScratchEnd.fdf.inc + +##########################################################################= ###### + +[Rule.Common.SEC] + FILE SEC =3D $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING =3D"$(MODULE_NAME)" Optional + VERSION STRING =3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.PEI_CORE] + FILE PEI_CORE =3D $(NAMED_GUID) { + PE32 PE32 Align=3DAuto $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING =3D"$(MODULE_NAME)" Optional + VERSION STRING =3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.PEIM] + FILE PEIM =3D $(NAMED_GUID) { + PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 Align=3DAuto $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.DXE_CORE] + FILE DXE_CORE =3D $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.DXE_DRIVER] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + RAW ACPI Optional |.acpi + RAW ASL Optional |.aml + } + +[Rule.Common.DXE_RUNTIME_DRIVER] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_DRIVER] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_DRIVER.BINARY] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional |.depex + PE32 PE32 |.efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.UEFI_APPLICATION] + FILE APPLICATION =3D $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_APPLICATION.BINARY] + FILE APPLICATION =3D $(NAMED_GUID) { + PE32 PE32 |.efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.USER_DEFINED.ACPITABLE] + FILE FREEFORM =3D $(NAMED_GUID) { + RAW ACPI |.acpi + RAW ASL |.aml + } + +[Rule.Common.USER_DEFINED.CSM] + FILE FREEFORM =3D $(NAMED_GUID) { + RAW BIN |.bin + } + +[Rule.Common.SEC.RESET_VECTOR] + FILE RAW =3D $(NAMED_GUID) { + RAW BIN Align =3D 16 |.bin + } + +[Rule.Common.SMM_CORE] + FILE SMM_CORE =3D $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.DXE_SMM_DRIVER] + FILE SMM =3D $(NAMED_GUID) { + SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67814): https://edk2.groups.io/g/devel/message/67814 Mute This Topic: https://groups.io/mt/78455897/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 20:26:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67815+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67815+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1606146804; cv=none; d=zohomail.com; s=zohoarc; b=TVz8NShLGsKHvhhxhitLHwnB1yTk02fklis5yh3+WC/ZO5A12Kel61QsEQZWuFmDfeHXe0IT/0yG1vF9w4zq0zcfnzwSB6PoLK8B2WC2XfQ5z+ZuvyMNDGsIM5P02unmRHDsIkBXR5q7gIw9/s/jvETfJwdL9jOzoJtZeeLkXkM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606146804; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=XaWw6+a49xgo6DJDopd6YuqVZ9xPPU7pKFDbZdmm8t8=; b=i6u6FJzulMS0YFNTXhV4m7dKuMhqTZfQvgzK7k35oFVbFg4vhU6xao+HocXtKzxY89toJdNVDuL5OGNRSc377MezRbrwKp0Q/B7PlcycY/KTW95k/GTOwHdQ79kT2E/uu5eKclczObiXoNPFpU6wKhdZLY0XOgnKulhVPMWS/pk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67815+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1606146804028670.0979891425953; Mon, 23 Nov 2020 07:53:24 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id FrjsYY1788612x0weZ38kvvv; Mon, 23 Nov 2020 07:53:23 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web09.94.1605897938548219806 for ; Fri, 20 Nov 2020 10:45:38 -0800 X-Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIb8Ll068111; Fri, 20 Nov 2020 13:45:37 -0500 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 34xemvtkq4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:36 -0500 X-Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0AKIbV7k070446; Fri, 20 Nov 2020 13:45:36 -0500 X-Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com with ESMTP id 34xemvtkpn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:36 -0500 X-Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIS3M5001949; Fri, 20 Nov 2020 18:45:35 GMT X-Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma03wdc.us.ibm.com with ESMTP id 34t6v9rkpm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 18:45:34 +0000 X-Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AKIjVU317695416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Nov 2020 18:45:31 GMT X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EB5F56A057; Fri, 20 Nov 2020 18:45:30 +0000 (GMT) X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6C8186A054; Fri, 20 Nov 2020 18:45:28 +0000 (GMT) X-Received: from jarvis.int.hansenpartnership.com (unknown [9.80.207.206]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 20 Nov 2020 18:45:28 +0000 (GMT) From: "James Bottomley" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Laszlo Ersek Subject: [edk2-devel] [PATCH v2 2/6] OvmfPkg/AmdSev: add Grub Firmware Volume Package Date: Fri, 20 Nov 2020 10:45:17 -0800 Message-Id: <20201120184521.19437-3-jejb@linux.ibm.com> In-Reply-To: <20201120184521.19437-1-jejb@linux.ibm.com> References: <20201120184521.19437-1-jejb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com X-Gm-Message-State: 9TOPhiTQw5FewrsHYTJtvRYRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1606146803; bh=+LX4H1nY2uNPqG3mPMoghB/f2N4VCoQ4pQLPGKQkjo0=; h=Cc:Date:From:Reply-To:Subject:To; b=kf6F0VnWZ+VwhtQopyVvr/y0Sy47baIkyXZMwW2Ctk1WSyJAOka++TbWLSzdsmVDGLf BDHqBMdMS6VolDBEGcQDUPxJNlkzcwG1rRDLKFYUlahqM5Qc9orEf4Qgdlo4GUuhqsIWe OyGEAz0nQfO+4HMMCA7TytRChBxaYSC8RRA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" This is used to package up the grub bootloader into a firmware volume where it can be executed as a shell like the UEFI Shell. Grub itself is built as a minimal entity into a Fv and then added as a boot option. By default the UEFI shell isn't built but for debugging purposes it can be enabled and will then be presented as a boot option (This should never be allowed for secure boot in an external data centre but may be useful for local debugging). Finally all other boot options except grub and possibly the shell are stripped and the boot timeout forced to 0 so the system will not enter a setup menu and will only boot to grub. This is done by copying the Library/PlatformBootManagerLib into Library/PlatformBootManagerLibGrub and then customizing it. Boot failure is fatal to try to prevent secret theft. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3077 Signed-off-by: James Bottomley --- v2: strip out s3 and qemu boot contacts make grub script robust and don't build grub.efi each time --- OvmfPkg/OvmfPkg.dec | 1 + OvmfPkg/AmdSev/AmdSevX64.dsc | 21 +- OvmfPkg/AmdSev/AmdSevX64.fdf | 7 +- OvmfPkg/AmdSev/Grub/Grub.inf | 37 + .../PlatformBootManagerLibGrub.inf | 79 + .../PlatformBootManagerLibGrub/BdsPlatform.h | 175 ++ .../PlatformBootManagerLibGrub/BdsPlatform.c | 1483 +++++++++++++++++ .../PlatformBootManagerLibGrub/PlatformData.c | 213 +++ OvmfPkg/AmdSev/Grub/.gitignore | 1 + OvmfPkg/AmdSev/Grub/grub.cfg | 46 + OvmfPkg/AmdSev/Grub/grub.sh | 92 + 11 files changed, 2146 insertions(+), 9 deletions(-) create mode 100644 OvmfPkg/AmdSev/Grub/Grub.inf create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBoot= ManagerLibGrub.inf create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformData= .c create mode 100644 OvmfPkg/AmdSev/Grub/.gitignore create mode 100644 OvmfPkg/AmdSev/Grub/grub.cfg create mode 100644 OvmfPkg/AmdSev/Grub/grub.sh diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6abde4fd9351..3fbf7a0ee1a4 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -116,6 +116,7 @@ [Guids] gEfiLegacyDevOrderVariableGuid =3D {0xa56074db, 0x65fe, 0x45f7, {= 0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}} gLinuxEfiInitrdMediaGuid =3D {0x5568e427, 0x68fc, 0x4f3d, {= 0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}} gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {= 0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} + gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {= 0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 852be757bfbe..c0b4e1b274fc 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -25,6 +25,7 @@ [Defines] BUILD_TARGETS =3D NOOPT|DEBUG|RELEASE SKUID_IDENTIFIER =3D DEFAULT FLASH_DEFINITION =3D OvmfPkg/AmdSev/AmdSevX64.fdf + PREBUILD =3D sh OvmfPkg/AmdSev/Grub/grub.sh =20 # # Defines for default states. These can be changed on the command line. @@ -34,6 +35,11 @@ [Defines] DEFINE TPM_ENABLE =3D FALSE DEFINE TPM_CONFIG_ENABLE =3D FALSE =20 + # + # Shell can be useful for debugging but should not be enabled for produc= tion + # + DEFINE BUILD_SHELL =3D FALSE + # # Device drivers # @@ -149,7 +155,6 @@ [LibraryClasses] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA= pplicationEntryPoint.inf DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDev= icePathLibDevicePathProtocol.inf - NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeS= ecurityManagementLib.inf @@ -183,9 +188,11 @@ [LibraryClasses] VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf =20 =20 +!if $(BUILD_SHELL) =3D=3D TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf - S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip= tLib.inf +!endif + SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf @@ -341,7 +348,7 @@ [LibraryClasses.common.DXE_DRIVER] !else DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf !endif - PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLib/PlatformBo= otManagerLib.inf + PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLibGrub/Platfo= rmBootManagerLibGrub.inf PlatformBmPrintScLib|OvmfPkg/Library/PlatformBmPrintScLib/PlatformBmPrin= tScLib.inf QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE= xceptionHandlerLib.inf @@ -510,6 +517,7 @@ [PcdsFixedAtBuild] # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c= , 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0= x31 } =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand|TRUE ##########################################################################= ###### # # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Pla= tform @@ -774,8 +782,6 @@ [Components] MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf OvmfPkg/AcpiTables/AcpiTables.inf - MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf - MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.= inf MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsRes= ourceTableDxe.inf =20 OvmfPkg/VirtioNetDxe/VirtioNet.inf @@ -799,12 +805,14 @@ [Components] OvmfPkg/Csm/Csm16/Csm16.inf !endif =20 -!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(BUILD_SHELL) =3D=3D TRUE OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.in= f { gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE } !endif + OvmfPkg/AmdSev/Grub/Grub.inf +!if $(BUILD_SHELL) =3D=3D TRUE ShellPkg/Application/Shell/Shell.inf { ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellComman= dLib.inf @@ -823,6 +831,7 @@ [Components] gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 } +!endif =20 OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/AmdSevDxe/AmdSevDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 4592a4ec067d..97f031950abd 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -257,17 +257,18 @@ [FV.DXEFV] INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf INF RuleOverride=3DACPITABLE OvmfPkg/AcpiTables/AcpiTables.inf -INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf -INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorD= xe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphics= ResourceTableDxe.inf =20 INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf =20 -!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(BUILD_SHELL) =3D=3D TRUE INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand= .inf !endif +INF OvmfPkg/AmdSev/Grub/Grub.inf +!if $(BUILD_SHELL) =3D=3D TRUE INF ShellPkg/Application/Shell/Shell.inf +!endif =20 INF MdeModulePkg/Logo/LogoDxe.inf =20 diff --git a/OvmfPkg/AmdSev/Grub/Grub.inf b/OvmfPkg/AmdSev/Grub/Grub.inf new file mode 100644 index 000000000000..211e7b8b2be6 --- /dev/null +++ b/OvmfPkg/AmdSev/Grub/Grub.inf @@ -0,0 +1,37 @@ +## @file +# Create a Firmware Volume based Grub Bootloaded +# +# Copyright (C) 2020 James Bottomley, IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010006 + BASE_NAME =3D Grub + # This is gGrubFileGuid + FILE_GUID =3D b5ae312c-bc8a-43b1-9c62-ebb826dd5d07 + MODULE_TYPE =3D UEFI_APPLICATION + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D UefiMain + +[Packages] + OvmfPkg/OvmfPkg.dec + +# +# The following information is for reference only and not required by +# the build tools. +# +# VALID_ARCHITECTURES =3D X64 +# + +## +# Note: The version of grub.efi this picks up can be generated by +# grub.sh which must be specified as a PREBUILD in the .dsc file or +# you can simply move a precompiled grub into here and not do the +# PREBUILD) +## +[Binaries] + PE32|grub.efi|* + diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManager= LibGrub.inf b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManage= rLibGrub.inf new file mode 100644 index 000000000000..a997d7586e6a --- /dev/null +++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub= .inf @@ -0,0 +1,79 @@ +## @file +# Platform BDS customizations library. +# +# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PlatformBootManagerLibGrub + FILE_GUID =3D 3a8f8431-f0c9-4c95-8a1d-04445c582d4e + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D PlatformBootManagerLib|DXE_DRIVER + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D X64 +# + +[Sources] + BdsPlatform.c + PlatformData.c + BdsPlatform.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SourceLevelDebugPkg/SourceLevelDebugPkg.dec + OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec + ShellPkg/ShellPkg.dec + +[LibraryClasses] + BaseLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + PcdLib + UefiBootManagerLib + BootLogoLib + DevicePathLib + PciLib + ReportStatusCodeLib + UefiLib + PlatformBmPrintScLib + Tcg2PhysicalPresenceLib + XenPlatformLib + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits ## CONSUMES + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity ## CONSUMES + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits ## CONSUMES + +[Pcd.IA32, Pcd.X64] + gEfiMdePkgTokenSpaceGuid.PcdFSBClock + +[Protocols] + gEfiDecompressProtocolGuid + gEfiPciRootBridgeIoProtocolGuid + gEfiS3SaveStateProtocolGuid # PROTOCOL SOMETIMES_CONSU= MED + gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL SOMETIMES_PRODU= CED + gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODU= CED + gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSU= MED + +[Guids] + gEfiEndOfDxeEventGroupGuid + gEfiGlobalVariableGuid + gRootBridgesConnectedEventGroupGuid + gUefiShellFileGuid + gGrubFileGuid diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h b/Ovm= fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h new file mode 100644 index 000000000000..a7fc4dbc3c1f --- /dev/null +++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h @@ -0,0 +1,175 @@ +/** @file + Platform BDS customizations include file. + + Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +Module Name: + + BdsPlatform.h + +Abstract: + + Head file for BDS Platform specific code + +**/ + +#ifndef _PLATFORM_SPECIFIC_BDS_PLATFORM_H_ +#define _PLATFORM_SPECIFIC_BDS_PLATFORM_H_ + + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +extern EFI_DEVICE_PATH_PROTOCOL *gPlatformConnectSequence[]; +extern ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode; +extern ACPI_HID_DEVICE_PATH gPnp16550ComPortDeviceNode; +extern UART_DEVICE_PATH gUartDeviceNode; +extern VENDOR_DEVICE_PATH gTerminalTypeDeviceNode; + +#define PCI_DEVICE_PATH_NODE(Func, Dev) \ + { \ + { \ + HARDWARE_DEVICE_PATH, \ + HW_PCI_DP, \ + { \ + (UINT8) (sizeof (PCI_DEVICE_PATH)), \ + (UINT8) ((sizeof (PCI_DEVICE_PATH)) >> 8) \ + } \ + }, \ + (Func), \ + (Dev) \ + } + +#define PNPID_DEVICE_PATH_NODE(PnpId) \ + { \ + { \ + ACPI_DEVICE_PATH, \ + ACPI_DP, \ + { \ + (UINT8) (sizeof (ACPI_HID_DEVICE_PATH)), \ + (UINT8) ((sizeof (ACPI_HID_DEVICE_PATH)) >> 8) \ + }, \ + }, \ + EISA_PNP_ID((PnpId)), \ + 0 \ + } + +#define gPciIsaBridge \ + PCI_DEVICE_PATH_NODE(0, 0x1f) + +#define gP2PBridge \ + PCI_DEVICE_PATH_NODE(0, 0x1e) + +#define gPnpPs2Keyboard \ + PNPID_DEVICE_PATH_NODE(0x0303) + +#define gPnp16550ComPort \ + PNPID_DEVICE_PATH_NODE(0x0501) + +#define gUart \ + { \ + { \ + MESSAGING_DEVICE_PATH, \ + MSG_UART_DP, \ + { \ + (UINT8) (sizeof (UART_DEVICE_PATH)), \ + (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8) \ + } \ + }, \ + 0, \ + 115200, \ + 8, \ + 1, \ + 1 \ + } + +#define gPcAnsiTerminal \ + { \ + { \ + MESSAGING_DEVICE_PATH, \ + MSG_VENDOR_DP, \ + { \ + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), \ + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) \ + } \ + }, \ + DEVICE_PATH_MESSAGING_PC_ANSI \ + } + +#define gEndEntire \ + { \ + END_DEVICE_PATH_TYPE, \ + END_ENTIRE_DEVICE_PATH_SUBTYPE, \ + { \ + END_DEVICE_PATH_LENGTH, \ + 0 \ + } \ + } + +#define PCI_CLASS_SCC 0x07 +#define PCI_SUBCLASS_SERIAL 0x00 +#define PCI_IF_16550 0x02 +#define IS_PCI_16550SERIAL(_p) IS_CLASS3 (_p, PCI_CLASS_SCC, PCI= _SUBCLASS_SERIAL, PCI_IF_16550) +#define IS_PCI_ISA_PDECODE(_p) IS_CLASS3 (_p, PCI_CLASS_BRIDGE, PCI= _CLASS_BRIDGE_ISA_PDECODE, 0) + +typedef struct { + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN ConnectType; +} PLATFORM_CONSOLE_CONNECT_ENTRY; + +#define CONSOLE_OUT BIT0 +#define CONSOLE_IN BIT1 +#define STD_ERROR BIT2 +extern PLATFORM_CONSOLE_CONNECT_ENTRY gPlatformConsole[]; +extern PLATFORM_CONSOLE_CONNECT_ENTRY gXenPlatformConsole[]; + +// +// Platform BDS Functions +// + +VOID +PlatformInitializeConsole ( + IN PLATFORM_CONSOLE_CONNECT_ENTRY *PlatformConsole + ); + +#endif // _PLATFORM_SPECIFIC_BDS_PLATFORM_H_ diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/Ovm= fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c new file mode 100644 index 000000000000..4fb2f904a10e --- /dev/null +++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c @@ -0,0 +1,1483 @@ +/** @file + Platform BDS customizations. + + Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "BdsPlatform.h" +#include +#include +#include +#include +#include + + +// +// Global data +// + +VOID *mEfiDevPathNotifyReg; +EFI_EVENT mEfiDevPathEvent; +UINT16 mHostBridgeDevId; + +// +// Table of host IRQs matching PCI IRQs A-D +// (for configuring PCI Interrupt Line register) +// +CONST UINT8 PciHostIrqs[] =3D { + 0x0a, 0x0a, 0x0b, 0x0b +}; + +// +// Type definitions +// + +typedef +EFI_STATUS +(EFIAPI *PROTOCOL_INSTANCE_CALLBACK)( + IN EFI_HANDLE Handle, + IN VOID *Instance, + IN VOID *Context + ); + +/** + @param[in] Handle - Handle of PCI device instance + @param[in] PciIo - PCI IO protocol instance + @param[in] Pci - PCI Header register block +**/ +typedef +EFI_STATUS +(EFIAPI *VISIT_PCI_INSTANCE_CALLBACK)( + IN EFI_HANDLE Handle, + IN EFI_PCI_IO_PROTOCOL *PciIo, + IN PCI_TYPE00 *Pci + ); + + +// +// Function prototypes +// + +EFI_STATUS +VisitAllInstancesOfProtocol ( + IN EFI_GUID *Id, + IN PROTOCOL_INSTANCE_CALLBACK CallBackFunction, + IN VOID *Context + ); + +EFI_STATUS +VisitAllPciInstancesOfProtocol ( + IN VISIT_PCI_INSTANCE_CALLBACK CallBackFunction + ); + +VOID +InstallDevicePathCallback ( + VOID + ); + +VOID +PlatformRegisterFvBootOption ( + EFI_GUID *FileGuid, + CHAR16 *Description, + UINT32 Attributes + ) +{ + EFI_STATUS Status; + INTN OptionIndex; + EFI_BOOT_MANAGER_LOAD_OPTION NewOption; + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH FileNode; + EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + Status =3D gBS->HandleProtocol ( + gImageHandle, + &gEfiLoadedImageProtocolGuid, + (VOID **) &LoadedImage + ); + ASSERT_EFI_ERROR (Status); + + EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid); + DevicePath =3D DevicePathFromHandle (LoadedImage->DeviceHandle); + ASSERT (DevicePath !=3D NULL); + DevicePath =3D AppendDevicePathNode ( + DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *) &FileNode + ); + ASSERT (DevicePath !=3D NULL); + + Status =3D EfiBootManagerInitializeLoadOption ( + &NewOption, + LoadOptionNumberUnassigned, + LoadOptionTypeBoot, + Attributes, + Description, + DevicePath, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + FreePool (DevicePath); + + BootOptions =3D EfiBootManagerGetLoadOptions ( + &BootOptionCount, LoadOptionTypeBoot + ); + + OptionIndex =3D EfiBootManagerFindLoadOption ( + &NewOption, BootOptions, BootOptionCount + ); + + if (OptionIndex =3D=3D -1) { + Status =3D EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN); + ASSERT_EFI_ERROR (Status); + } + EfiBootManagerFreeLoadOption (&NewOption); + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); +} + +/** + Remove all MemoryMapped(...)/FvFile(...) and Fv(...)/FvFile(...) boot op= tions + whose device paths do not resolve exactly to an FvFile in the system. + + Also strip out every boot option that is not an FvFile, meaning the syst= em + can only boot either the Grub or (if built) the shell. + + This removes any boot options that point to binaries built into the firm= ware + and have become stale due to any of the following: + - DXEFV's base address or size changed (historical), + - DXEFV's FvNameGuid changed, + - the FILE_GUID of the pointed-to binary changed, + - the referenced binary is no longer built into the firmware. + + EfiBootManagerFindLoadOption() used in PlatformRegisterFvBootOption() on= ly + avoids exact duplicates. +**/ +VOID +RemoveStaleFvFileOptions ( + VOID + ) +{ + EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions; + UINTN BootOptionCount; + UINTN Index; + + BootOptions =3D EfiBootManagerGetLoadOptions (&BootOptionCount, + LoadOptionTypeBoot); + + for (Index =3D 0; Index < BootOptionCount; ++Index) { + EFI_DEVICE_PATH_PROTOCOL *Node1, *Node2, *SearchNode; + EFI_STATUS Status; + EFI_HANDLE FvHandle; + + // + // If the device path starts with neither MemoryMapped(...) nor Fv(...= ), + // then delete the boot option. + // + Node1 =3D BootOptions[Index].FilePath; + if (!(DevicePathType (Node1) =3D=3D HARDWARE_DEVICE_PATH && + DevicePathSubType (Node1) =3D=3D HW_MEMMAP_DP) && + !(DevicePathType (Node1) =3D=3D MEDIA_DEVICE_PATH && + DevicePathSubType (Node1) =3D=3D MEDIA_PIWG_FW_VOL_DP)) { + EfiBootManagerDeleteLoadOptionVariable ( + BootOptions[Index].OptionNumber, LoadOptionTypeBoot); + continue; + } + + // + // If the second device path node is not FvFile(...), then delete the = boot + // option. + // + Node2 =3D NextDevicePathNode (Node1); + if (DevicePathType (Node2) !=3D MEDIA_DEVICE_PATH || + DevicePathSubType (Node2) !=3D MEDIA_PIWG_FW_FILE_DP) { + EfiBootManagerDeleteLoadOptionVariable ( + BootOptions[Index].OptionNumber, LoadOptionTypeBoot); + continue; + } + + // + // Locate the Firmware Volume2 protocol instance that is denoted by the + // boot option. If this lookup fails (i.e., the boot option references= a + // firmware volume that doesn't exist), then we'll proceed to delete t= he + // boot option. + // + SearchNode =3D Node1; + Status =3D gBS->LocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, + &SearchNode, &FvHandle); + + if (!EFI_ERROR (Status)) { + // + // The firmware volume was found; now let's see if it contains the F= vFile + // identified by GUID. + // + EFI_FIRMWARE_VOLUME2_PROTOCOL *FvProtocol; + MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *FvFileNode; + UINTN BufferSize; + EFI_FV_FILETYPE FoundType; + EFI_FV_FILE_ATTRIBUTES FileAttributes; + UINT32 AuthenticationStatus; + + Status =3D gBS->HandleProtocol (FvHandle, &gEfiFirmwareVolume2Protoc= olGuid, + (VOID **)&FvProtocol); + ASSERT_EFI_ERROR (Status); + + FvFileNode =3D (MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *)Node2; + // + // Buffer=3D=3DNULL means we request metadata only: BufferSize, Foun= dType, + // FileAttributes. + // + Status =3D FvProtocol->ReadFile ( + FvProtocol, + &FvFileNode->FvFileName, // NameGuid + NULL, // Buffer + &BufferSize, + &FoundType, + &FileAttributes, + &AuthenticationStatus + ); + if (!EFI_ERROR (Status)) { + // + // The FvFile was found. Keep the boot option. + // + continue; + } + } + + // + // Delete the boot option. + // + Status =3D EfiBootManagerDeleteLoadOptionVariable ( + BootOptions[Index].OptionNumber, LoadOptionTypeBoot); + DEBUG_CODE ( + CHAR16 *DevicePathString; + + DevicePathString =3D ConvertDevicePathToText(BootOptions[Index].File= Path, + FALSE, FALSE); + DEBUG (( + EFI_ERROR (Status) ? DEBUG_WARN : DEBUG_VERBOSE, + "%a: removing stale Boot#%04x %s: %r\n", + __FUNCTION__, + (UINT32)BootOptions[Index].OptionNumber, + DevicePathString =3D=3D NULL ? L"" : DevicePathString, + Status + )); + if (DevicePathString !=3D NULL) { + FreePool (DevicePathString); + } + ); + } + + EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount); +} + +EFI_STATUS +EFIAPI +ConnectRootBridge ( + IN EFI_HANDLE RootBridgeHandle, + IN VOID *Instance, + IN VOID *Context + ); + +STATIC +EFI_STATUS +EFIAPI +ConnectVirtioPciRng ( + IN EFI_HANDLE Handle, + IN VOID *Instance, + IN VOID *Context + ); + +// +// BDS Platform Functions +// +/** + Do the platform init, can be customized by OEM/IBV + + Possible things that can be done in PlatformBootManagerBeforeConsole: + + > Update console variable: 1. include hot-plug devices; + > 2. Clear ConIn and add SOL for AMT + > Register new Driver#### or Boot#### + > Register new Key####: e.g.: F12 + > Signal ReadyToLock event + > Authentication action: 1. connect Auth devices; + > 2. Identify auto logon user. +**/ +VOID +EFIAPI +PlatformBootManagerBeforeConsole ( + VOID + ) +{ + EFI_HANDLE Handle; + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "PlatformBootManagerBeforeConsole\n")); + InstallDevicePathCallback (); + + VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid, + ConnectRootBridge, NULL); + + // + // Signal the ACPI platform driver that it can download QEMU ACPI tables. + // + EfiEventGroupSignal (&gRootBridgesConnectedEventGroupGuid); + + // + // We can't signal End-of-Dxe earlier than this. Namely, End-of-Dxe trig= gers + // the preparation of S3 system information. That logic has a hard depen= dency + // on the presence of the FACS ACPI table. Since our ACPI tables are only + // installed after PCI enumeration completes, we must not trigger the S3= save + // earlier, hence we can't signal End-of-Dxe earlier. + // + EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid); + + // + // Prevent further changes to LockBoxes or SMRAM. + // + Handle =3D NULL; + Status =3D gBS->InstallProtocolInterface (&Handle, + &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE, + NULL); + ASSERT_EFI_ERROR (Status); + + // + // Dispatch deferred images after EndOfDxe event and ReadyToLock + // installation. + // + EfiBootManagerDispatchDeferredImages (); + + PlatformInitializeConsole ( + XenDetected() ? gXenPlatformConsole : gPlatformConsole); + + // + // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL + // instances on Virtio PCI RNG devices. + // + VisitAllInstancesOfProtocol (&gEfiPciIoProtocolGuid, ConnectVirtioPciRng, + NULL); +} + + +EFI_STATUS +EFIAPI +ConnectRootBridge ( + IN EFI_HANDLE RootBridgeHandle, + IN VOID *Instance, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + // + // Make the PCI bus driver connect the root bridge, non-recursively. This + // will produce a number of child handles with PciIo on them. + // + Status =3D gBS->ConnectController ( + RootBridgeHandle, // ControllerHandle + NULL, // DriverImageHandle + NULL, // RemainingDevicePath -- produce all + // children + FALSE // Recursive + ); + return Status; +} + + +STATIC +EFI_STATUS +EFIAPI +ConnectVirtioPciRng ( + IN EFI_HANDLE Handle, + IN VOID *Instance, + IN VOID *Context + ) +{ + EFI_PCI_IO_PROTOCOL *PciIo; + EFI_STATUS Status; + UINT16 VendorId; + UINT16 DeviceId; + UINT8 RevisionId; + BOOLEAN Virtio10; + UINT16 SubsystemId; + + PciIo =3D Instance; + + // + // Read and check VendorId. + // + Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OF= FSET, + 1, &VendorId); + if (EFI_ERROR (Status)) { + goto Error; + } + if (VendorId !=3D VIRTIO_VENDOR_ID) { + return EFI_SUCCESS; + } + + // + // Read DeviceId and RevisionId. + // + Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OF= FSET, + 1, &DeviceId); + if (EFI_ERROR (Status)) { + goto Error; + } + Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, PCI_REVISION_ID_O= FFSET, + 1, &RevisionId); + if (EFI_ERROR (Status)) { + goto Error; + } + + // + // From DeviceId and RevisionId, determine whether the device is a + // modern-only Virtio 1.0 device. In case of Virtio 1.0, DeviceId can + // immediately be restricted to VIRTIO_SUBSYSTEM_ENTROPY_SOURCE, and + // SubsystemId will only play a sanity-check role. Otherwise, DeviceId c= an + // only be sanity-checked, and SubsystemId will decide. + // + if (DeviceId =3D=3D 0x1040 + VIRTIO_SUBSYSTEM_ENTROPY_SOURCE && + RevisionId >=3D 0x01) { + Virtio10 =3D TRUE; + } else if (DeviceId >=3D 0x1000 && DeviceId <=3D 0x103F && RevisionId = =3D=3D 0x00) { + Virtio10 =3D FALSE; + } else { + return EFI_SUCCESS; + } + + // + // Read and check SubsystemId as dictated by Virtio10. + // + Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, + PCI_SUBSYSTEM_ID_OFFSET, 1, &SubsystemId); + if (EFI_ERROR (Status)) { + goto Error; + } + if ((Virtio10 && SubsystemId >=3D 0x40) || + (!Virtio10 && SubsystemId =3D=3D VIRTIO_SUBSYSTEM_ENTROPY_SOURCE)) { + Status =3D gBS->ConnectController ( + Handle, // ControllerHandle + NULL, // DriverImageHandle -- connect all drivers + NULL, // RemainingDevicePath -- produce all child ha= ndles + FALSE // Recursive -- don't follow child handles + ); + if (EFI_ERROR (Status)) { + goto Error; + } + } + return EFI_SUCCESS; + +Error: + DEBUG ((DEBUG_ERROR, "%a: %r\n", __FUNCTION__, Status)); + return Status; +} + + +/** + Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut. + + @param[in] DeviceHandle Handle of the LPC Bridge device. + + @retval EFI_SUCCESS Console devices on the LPC bridge have been added to + ConOut, ConIn, and ErrOut. + + @return Error codes, due to EFI_DEVICE_PATH_PROTOCOL missing + from DeviceHandle. +**/ +EFI_STATUS +PrepareLpcBridgeDevicePath ( + IN EFI_HANDLE DeviceHandle + ) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + CHAR16 *DevPathStr; + + DevicePath =3D NULL; + Status =3D gBS->HandleProtocol ( + DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID*)&DevicePath + ); + if (EFI_ERROR (Status)) { + return Status; + } + TempDevicePath =3D DevicePath; + + // + // Register Keyboard + // + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode); + + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + + // + // Register COM1 + // + DevicePath =3D TempDevicePath; + gPnp16550ComPortDeviceNode.UID =3D 0; + + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gPnp16550ComPortDeviceNode); + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + + // + // Print Device Path + // + DevPathStr =3D ConvertDevicePathToText (DevicePath, FALSE, FALSE); + if (DevPathStr !=3D NULL) { + DEBUG(( + DEBUG_INFO, + "BdsPlatform.c+%d: COM%d DevPath: %s\n", + __LINE__, + gPnp16550ComPortDeviceNode.UID + 1, + DevPathStr + )); + FreePool(DevPathStr); + } + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + + // + // Register COM2 + // + DevicePath =3D TempDevicePath; + gPnp16550ComPortDeviceNode.UID =3D 1; + + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gPnp16550ComPortDeviceNode); + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + + // + // Print Device Path + // + DevPathStr =3D ConvertDevicePathToText (DevicePath, FALSE, FALSE); + if (DevPathStr !=3D NULL) { + DEBUG(( + DEBUG_INFO, + "BdsPlatform.c+%d: COM%d DevPath: %s\n", + __LINE__, + gPnp16550ComPortDeviceNode.UID + 1, + DevPathStr + )); + FreePool(DevPathStr); + } + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + + return EFI_SUCCESS; +} + +EFI_STATUS +GetGopDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *PciDevicePath, + OUT EFI_DEVICE_PATH_PROTOCOL **GopDevicePath + ) +{ + UINTN Index; + EFI_STATUS Status; + EFI_HANDLE PciDeviceHandle; + EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + EFI_DEVICE_PATH_PROTOCOL *TempPciDevicePath; + UINTN GopHandleCount; + EFI_HANDLE *GopHandleBuffer; + + if (PciDevicePath =3D=3D NULL || GopDevicePath =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Initialize the GopDevicePath to be PciDevicePath + // + *GopDevicePath =3D PciDevicePath; + TempPciDevicePath =3D PciDevicePath; + + Status =3D gBS->LocateDevicePath ( + &gEfiDevicePathProtocolGuid, + &TempPciDevicePath, + &PciDeviceHandle + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Try to connect this handle, so that GOP driver could start on this + // device and create child handles with GraphicsOutput Protocol installed + // on them, then we get device paths of these child handles and select + // them as possible console device. + // + gBS->ConnectController (PciDeviceHandle, NULL, NULL, FALSE); + + Status =3D gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiGraphicsOutputProtocolGuid, + NULL, + &GopHandleCount, + &GopHandleBuffer + ); + if (!EFI_ERROR (Status)) { + // + // Add all the child handles as possible Console Device + // + for (Index =3D 0; Index < GopHandleCount; Index++) { + Status =3D gBS->HandleProtocol (GopHandleBuffer[Index], + &gEfiDevicePathProtocolGuid, (VOID*)&TempDevicePath); + if (EFI_ERROR (Status)) { + continue; + } + if (CompareMem ( + PciDevicePath, + TempDevicePath, + GetDevicePathSize (PciDevicePath) - END_DEVICE_PATH_LENGTH + ) =3D=3D 0) { + // + // In current implementation, we only enable one of the child hand= les + // as console device, i.e. sotre one of the child handle's device + // path to variable "ConOut" + // In future, we could select all child handles to be console devi= ce + // + + *GopDevicePath =3D TempDevicePath; + + // + // Delete the PCI device's path that added by + // GetPlugInPciVgaDevicePath(). Add the integrity GOP device path. + // + EfiBootManagerUpdateConsoleVariable (ConOutDev, NULL, PciDevicePat= h); + EfiBootManagerUpdateConsoleVariable (ConOutDev, TempDevicePath, NU= LL); + } + } + gBS->FreePool (GopHandleBuffer); + } + + return EFI_SUCCESS; +} + +/** + Add PCI display to ConOut. + + @param[in] DeviceHandle Handle of the PCI display device. + + @retval EFI_SUCCESS The PCI display device has been added to ConOut. + + @return Error codes, due to EFI_DEVICE_PATH_PROTOCOL missing + from DeviceHandle. +**/ +EFI_STATUS +PreparePciDisplayDevicePath ( + IN EFI_HANDLE DeviceHandle + ) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + EFI_DEVICE_PATH_PROTOCOL *GopDevicePath; + + DevicePath =3D NULL; + GopDevicePath =3D NULL; + Status =3D gBS->HandleProtocol ( + DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID*)&DevicePath + ); + if (EFI_ERROR (Status)) { + return Status; + } + + GetGopDevicePath (DevicePath, &GopDevicePath); + DevicePath =3D GopDevicePath; + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + + return EFI_SUCCESS; +} + +/** + Add PCI Serial to ConOut, ConIn, ErrOut. + + @param[in] DeviceHandle Handle of the PCI serial device. + + @retval EFI_SUCCESS The PCI serial device has been added to ConOut, Con= In, + ErrOut. + + @return Error codes, due to EFI_DEVICE_PATH_PROTOCOL missing + from DeviceHandle. +**/ +EFI_STATUS +PreparePciSerialDevicePath ( + IN EFI_HANDLE DeviceHandle + ) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + + DevicePath =3D NULL; + Status =3D gBS->HandleProtocol ( + DeviceHandle, + &gEfiDevicePathProtocolGuid, + (VOID*)&DevicePath + ); + if (EFI_ERROR (Status)) { + return Status; + } + + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode); + DevicePath =3D AppendDevicePathNode (DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode); + + EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL); + EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL); + + return EFI_SUCCESS; +} + +EFI_STATUS +VisitAllInstancesOfProtocol ( + IN EFI_GUID *Id, + IN PROTOCOL_INSTANCE_CALLBACK CallBackFunction, + IN VOID *Context + ) +{ + EFI_STATUS Status; + UINTN HandleCount; + EFI_HANDLE *HandleBuffer; + UINTN Index; + VOID *Instance; + + // + // Start to check all the PciIo to find all possible device + // + HandleCount =3D 0; + HandleBuffer =3D NULL; + Status =3D gBS->LocateHandleBuffer ( + ByProtocol, + Id, + NULL, + &HandleCount, + &HandleBuffer + ); + if (EFI_ERROR (Status)) { + return Status; + } + + for (Index =3D 0; Index < HandleCount; Index++) { + Status =3D gBS->HandleProtocol (HandleBuffer[Index], Id, &Instance); + if (EFI_ERROR (Status)) { + continue; + } + + Status =3D (*CallBackFunction) ( + HandleBuffer[Index], + Instance, + Context + ); + } + + gBS->FreePool (HandleBuffer); + + return EFI_SUCCESS; +} + + +EFI_STATUS +EFIAPI +VisitingAPciInstance ( + IN EFI_HANDLE Handle, + IN VOID *Instance, + IN VOID *Context + ) +{ + EFI_STATUS Status; + EFI_PCI_IO_PROTOCOL *PciIo; + PCI_TYPE00 Pci; + + PciIo =3D (EFI_PCI_IO_PROTOCOL*) Instance; + + // + // Check for all PCI device + // + Status =3D PciIo->Pci.Read ( + PciIo, + EfiPciIoWidthUint32, + 0, + sizeof (Pci) / sizeof (UINT32), + &Pci + ); + if (EFI_ERROR (Status)) { + return Status; + } + + return (*(VISIT_PCI_INSTANCE_CALLBACK)(UINTN) Context) ( + Handle, + PciIo, + &Pci + ); + +} + + + +EFI_STATUS +VisitAllPciInstances ( + IN VISIT_PCI_INSTANCE_CALLBACK CallBackFunction + ) +{ + return VisitAllInstancesOfProtocol ( + &gEfiPciIoProtocolGuid, + VisitingAPciInstance, + (VOID*)(UINTN) CallBackFunction + ); +} + + +/** + Do platform specific PCI Device check and add them to + ConOut, ConIn, ErrOut. + + @param[in] Handle - Handle of PCI device instance + @param[in] PciIo - PCI IO protocol instance + @param[in] Pci - PCI Header register block + + @retval EFI_SUCCESS - PCI Device check and Console variable update + successfully. + @retval EFI_STATUS - PCI Device check or Console variable update fail. + +**/ +EFI_STATUS +EFIAPI +DetectAndPreparePlatformPciDevicePath ( + IN EFI_HANDLE Handle, + IN EFI_PCI_IO_PROTOCOL *PciIo, + IN PCI_TYPE00 *Pci + ) +{ + EFI_STATUS Status; + + Status =3D PciIo->Attributes ( + PciIo, + EfiPciIoAttributeOperationEnable, + EFI_PCI_DEVICE_ENABLE, + NULL + ); + ASSERT_EFI_ERROR (Status); + + // + // Here we decide whether it is LPC Bridge + // + if ((IS_PCI_LPC (Pci)) || + ((IS_PCI_ISA_PDECODE (Pci)) && + (Pci->Hdr.VendorId =3D=3D 0x8086) && + (Pci->Hdr.DeviceId =3D=3D 0x7000) + ) + ) { + // + // Add IsaKeyboard to ConIn, + // add IsaSerial to ConOut, ConIn, ErrOut + // + DEBUG ((DEBUG_INFO, "Found LPC Bridge device\n")); + PrepareLpcBridgeDevicePath (Handle); + return EFI_SUCCESS; + } + // + // Here we decide which Serial device to enable in PCI bus + // + if (IS_PCI_16550SERIAL (Pci)) { + // + // Add them to ConOut, ConIn, ErrOut. + // + DEBUG ((DEBUG_INFO, "Found PCI 16550 SERIAL device\n")); + PreparePciSerialDevicePath (Handle); + return EFI_SUCCESS; + } + + // + // Here we decide which display device to enable in PCI bus + // + if (IS_PCI_DISPLAY (Pci)) { + // + // Add them to ConOut. + // + DEBUG ((DEBUG_INFO, "Found PCI display device\n")); + PreparePciDisplayDevicePath (Handle); + return EFI_SUCCESS; + } + + return Status; +} + + +/** + Connect the predefined platform default console device. + + Always try to find and enable PCI display devices. + + @param[in] PlatformConsole Predefined platform default console device a= rray. +**/ +VOID +PlatformInitializeConsole ( + IN PLATFORM_CONSOLE_CONNECT_ENTRY *PlatformConsole + ) +{ + UINTN Index; + + // + // Do platform specific PCI Device check and add them to ConOut, ConIn, + // ErrOut + // + VisitAllPciInstances (DetectAndPreparePlatformPciDevicePath); + + // + // Have chance to connect the platform default console, + // the platform default console is the minimum device group + // the platform should support + // + for (Index =3D 0; PlatformConsole[Index].DevicePath !=3D NULL; ++Index) { + // + // Update the console variable with the connect type + // + if ((PlatformConsole[Index].ConnectType & CONSOLE_IN) =3D=3D CONSOLE_I= N) { + EfiBootManagerUpdateConsoleVariable (ConIn, + PlatformConsole[Index].DevicePath, NULL); + } + if ((PlatformConsole[Index].ConnectType & CONSOLE_OUT) =3D=3D CONSOLE_= OUT) { + EfiBootManagerUpdateConsoleVariable (ConOut, + PlatformConsole[Index].DevicePath, NULL); + } + if ((PlatformConsole[Index].ConnectType & STD_ERROR) =3D=3D STD_ERROR)= { + EfiBootManagerUpdateConsoleVariable (ErrOut, + PlatformConsole[Index].DevicePath, NULL); + } + } +} + + +/** + Configure PCI Interrupt Line register for applicable devices + Ported from SeaBIOS, src/fw/pciinit.c, *_pci_slot_get_irq() + + @param[in] Handle - Handle of PCI device instance + @param[in] PciIo - PCI IO protocol instance + @param[in] PciHdr - PCI Header register block + + @retval EFI_SUCCESS - PCI Interrupt Line register configured successfull= y. + +**/ +EFI_STATUS +EFIAPI +SetPciIntLine ( + IN EFI_HANDLE Handle, + IN EFI_PCI_IO_PROTOCOL *PciIo, + IN PCI_TYPE00 *PciHdr + ) +{ + EFI_DEVICE_PATH_PROTOCOL *DevPathNode; + EFI_DEVICE_PATH_PROTOCOL *DevPath; + UINTN RootSlot; + UINTN Idx; + UINT8 IrqLine; + EFI_STATUS Status; + UINT32 RootBusNumber; + + Status =3D EFI_SUCCESS; + + if (PciHdr->Device.InterruptPin !=3D 0) { + + DevPathNode =3D DevicePathFromHandle (Handle); + ASSERT (DevPathNode !=3D NULL); + DevPath =3D DevPathNode; + + RootBusNumber =3D 0; + if (DevicePathType (DevPathNode) =3D=3D ACPI_DEVICE_PATH && + DevicePathSubType (DevPathNode) =3D=3D ACPI_DP && + ((ACPI_HID_DEVICE_PATH *)DevPathNode)->HID =3D=3D EISA_PNP_ID(0x0A= 03)) { + RootBusNumber =3D ((ACPI_HID_DEVICE_PATH *)DevPathNode)->UID; + } + + // + // Compute index into PciHostIrqs[] table by walking + // the device path and adding up all device numbers + // + Status =3D EFI_NOT_FOUND; + RootSlot =3D 0; + Idx =3D PciHdr->Device.InterruptPin - 1; + while (!IsDevicePathEnd (DevPathNode)) { + if (DevicePathType (DevPathNode) =3D=3D HARDWARE_DEVICE_PATH && + DevicePathSubType (DevPathNode) =3D=3D HW_PCI_DP) { + + Idx +=3D ((PCI_DEVICE_PATH *)DevPathNode)->Device; + + // + // Unlike SeaBIOS, which starts climbing from the leaf device + // up toward the root, we traverse the device path starting at + // the root moving toward the leaf node. + // The slot number of the top-level parent bridge is needed for + // Q35 cases with more than 24 slots on the root bus. + // + if (Status !=3D EFI_SUCCESS) { + Status =3D EFI_SUCCESS; + RootSlot =3D ((PCI_DEVICE_PATH *)DevPathNode)->Device; + } + } + + DevPathNode =3D NextDevicePathNode (DevPathNode); + } + if (EFI_ERROR (Status)) { + return Status; + } + if (RootBusNumber =3D=3D 0 && RootSlot =3D=3D 0) { + DEBUG(( + DEBUG_ERROR, + "%a: PCI host bridge (00:00.0) should have no interrupts!\n", + __FUNCTION__ + )); + ASSERT (FALSE); + } + + // + // Final PciHostIrqs[] index calculation depends on the platform + // and should match SeaBIOS src/fw/pciinit.c *_pci_slot_get_irq() + // + switch (mHostBridgeDevId) { + case INTEL_82441_DEVICE_ID: + Idx -=3D 1; + break; + case INTEL_Q35_MCH_DEVICE_ID: + // + // SeaBIOS contains the following comment: + // "Slots 0-24 rotate slot:pin mapping similar to piix above, but + // with a different starting index - see q35-acpi-dsdt.dsl. + // + // Slots 25-31 all use LNKA mapping (or LNKE, but A:D =3D E:H)" + // + if (RootSlot > 24) { + // + // in this case, subtract back out RootSlot from Idx + // (SeaBIOS never adds it to begin with, but that would make our + // device path traversal loop above too awkward) + // + Idx -=3D RootSlot; + } + break; + default: + ASSERT (FALSE); // should never get here + } + Idx %=3D ARRAY_SIZE (PciHostIrqs); + IrqLine =3D PciHostIrqs[Idx]; + + DEBUG_CODE_BEGIN (); + { + CHAR16 *DevPathString; + STATIC CHAR16 Fallback[] =3D L""; + UINTN Segment, Bus, Device, Function; + + DevPathString =3D ConvertDevicePathToText (DevPath, FALSE, FALSE); + if (DevPathString =3D=3D NULL) { + DevPathString =3D Fallback; + } + Status =3D PciIo->GetLocation (PciIo, &Segment, &Bus, &Device, &Func= tion); + ASSERT_EFI_ERROR (Status); + + DEBUG ((DEBUG_VERBOSE, "%a: [%02x:%02x.%x] %s -> 0x%02x\n", __FUNCTI= ON__, + (UINT32)Bus, (UINT32)Device, (UINT32)Function, DevPathString, + IrqLine)); + + if (DevPathString !=3D Fallback) { + FreePool (DevPathString); + } + } + DEBUG_CODE_END (); + + // + // Set PCI Interrupt Line register for this device to PciHostIrqs[Idx] + // + Status =3D PciIo->Pci.Write ( + PciIo, + EfiPciIoWidthUint8, + PCI_INT_LINE_OFFSET, + 1, + &IrqLine + ); + } + + return Status; +} + + +VOID +PciAcpiInitialization ( + ) +{ + UINTN Pmba; + + // + // Query Host Bridge DID to determine platform type + // + mHostBridgeDevId =3D PcdGet16 (PcdOvmfHostBridgePciDevId); + switch (mHostBridgeDevId) { + case INTEL_82441_DEVICE_ID: + Pmba =3D POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMBA); + // + // 00:01.0 ISA Bridge (PIIX4) LNK routing targets + // + PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x60), 0x0b); // A + PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x61), 0x0b); // B + PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x62), 0x0a); // C + PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x63), 0x0a); // D + break; + case INTEL_Q35_MCH_DEVICE_ID: + Pmba =3D POWER_MGMT_REGISTER_Q35 (ICH9_PMBASE); + // + // 00:1f.0 LPC Bridge (Q35) LNK routing targets + // + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x60), 0x0a); // A + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x61), 0x0a); // B + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x62), 0x0b); // C + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x63), 0x0b); // D + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x68), 0x0a); // E + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x69), 0x0a); // F + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x6a), 0x0b); // G + PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x6b), 0x0b); // H + break; + default: + if (XenDetected ()) { + // + // There is no PCI bus in this case. + // + return; + } + DEBUG ((DEBUG_ERROR, "%a: Unknown Host Bridge Device ID: 0x%04x\n", + __FUNCTION__, mHostBridgeDevId)); + ASSERT (FALSE); + return; + } + + // + // Initialize PCI_INTERRUPT_LINE for applicable present PCI devices + // + VisitAllPciInstances (SetPciIntLine); + + // + // Set ACPI SCI_EN bit in PMCNTRL + // + IoOr16 ((PciRead32 (Pmba) & ~BIT0) + 4, BIT0); +} + +EFI_STATUS +EFIAPI +ConnectRecursivelyIfPciMassStorage ( + IN EFI_HANDLE Handle, + IN EFI_PCI_IO_PROTOCOL *Instance, + IN PCI_TYPE00 *PciHeader + ) +{ + EFI_STATUS Status; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + CHAR16 *DevPathStr; + + // + // Recognize PCI Mass Storage, and Xen PCI devices + // + if (IS_CLASS1 (PciHeader, PCI_CLASS_MASS_STORAGE) || + (XenDetected() && IS_CLASS2 (PciHeader, 0xFF, 0x80))) { + DevicePath =3D NULL; + Status =3D gBS->HandleProtocol ( + Handle, + &gEfiDevicePathProtocolGuid, + (VOID*)&DevicePath + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Print Device Path + // + DevPathStr =3D ConvertDevicePathToText (DevicePath, FALSE, FALSE); + if (DevPathStr !=3D NULL) { + DEBUG(( + DEBUG_INFO, + "Found %s device: %s\n", + (IS_CLASS1 (PciHeader, PCI_CLASS_MASS_STORAGE) ? + L"Mass Storage" : + L"Xen" + ), + DevPathStr + )); + FreePool(DevPathStr); + } + + Status =3D gBS->ConnectController (Handle, NULL, NULL, TRUE); + if (EFI_ERROR (Status)) { + return Status; + } + + } + + return EFI_SUCCESS; +} + + +/** + Connect with predefined platform connect sequence. + + The OEM/IBV can customize with their own connect sequence. +**/ +VOID +PlatformBdsConnectSequence ( + VOID + ) +{ + UINTN Index; + + DEBUG ((DEBUG_INFO, "PlatformBdsConnectSequence\n")); + + Index =3D 0; + + // + // Here we can get the customized platform connect sequence + // Notes: we can connect with new variable which record the + // last time boots connect device path sequence + // + while (gPlatformConnectSequence[Index] !=3D NULL) { + // + // Build the platform boot option + // + EfiBootManagerConnectDevicePath (gPlatformConnectSequence[Index], NULL= ); + Index++; + } + EfiBootManagerConnectAll (); +} + +/** + Do the platform specific action after the console is ready + + Possible things that can be done in PlatformBootManagerAfterConsole: + + > Console post action: + > Dynamically switch output mode from 100x31 to 80x25 for certain sena= rino + > Signal console ready platform customized event + > Run diagnostics like memory testing + > Connect certain devices + > Dispatch aditional option roms + > Special boot: e.g.: USB boot, enter UI +**/ +VOID +EFIAPI +PlatformBootManagerAfterConsole ( + VOID + ) +{ + EFI_BOOT_MODE BootMode; + + DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n")); + + // + // Get current Boot Mode + // + BootMode =3D GetBootModeHob (); + DEBUG ((DEBUG_INFO, "Boot Mode:%x\n", BootMode)); + + // + // Go the different platform policy with different boot mode + // Notes: this part code can be change with the table policy + // + ASSERT (BootMode =3D=3D BOOT_WITH_FULL_CONFIGURATION); + + // + // Logo show + // + BootLogoEnableLogo (); + + // + // Set PCI Interrupt Line registers and ACPI SCI_EN + // + PciAcpiInitialization (); + + // + // Process TPM PPI request + // + Tcg2PhysicalPresenceLibProcessRequest (NULL); + + // + // Perform some platform specific connect sequence + // + PlatformBdsConnectSequence (); + + EfiBootManagerRefreshAllBootOption (); + + // + // Register UEFI Shell (Will be removed if the Shell isn't built + // which is the default) + // + PlatformRegisterFvBootOption ( + &gUefiShellFileGuid, L"EFI Internal Shell", LOAD_OPTION_ACTIVE + ); + + // + // Register Grub + // + PlatformRegisterFvBootOption ( + &gGrubFileGuid, L"Grub Bootloader", LOAD_OPTION_ACTIVE + ); + + RemoveStaleFvFileOptions (); + + PlatformBmPrintScRegisterHandler (); +} + +/** + This notification function is invoked when an instance of the + EFI_DEVICE_PATH_PROTOCOL is produced. + + @param Event The event that occurred + @param Context For EFI compatibility. Not used. + +**/ +VOID +EFIAPI +NotifyDevPath ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_HANDLE Handle; + EFI_STATUS Status; + UINTN BufferSize; + EFI_DEVICE_PATH_PROTOCOL *DevPathNode; + ATAPI_DEVICE_PATH *Atapi; + + // + // Examine all new handles + // + for (;;) { + // + // Get the next handle + // + BufferSize =3D sizeof (Handle); + Status =3D gBS->LocateHandle ( + ByRegisterNotify, + NULL, + mEfiDevPathNotifyReg, + &BufferSize, + &Handle + ); + + // + // If not found, we're done + // + if (EFI_NOT_FOUND =3D=3D Status) { + break; + } + + if (EFI_ERROR (Status)) { + continue; + } + + // + // Get the DevicePath protocol on that handle + // + Status =3D gBS->HandleProtocol (Handle, &gEfiDevicePathProtocolGuid, + (VOID **)&DevPathNode); + ASSERT_EFI_ERROR (Status); + + while (!IsDevicePathEnd (DevPathNode)) { + // + // Find the handler to dump this device path node + // + if ( + (DevicePathType(DevPathNode) =3D=3D MESSAGING_DEVICE_PATH) && + (DevicePathSubType(DevPathNode) =3D=3D MSG_ATAPI_DP) + ) { + Atapi =3D (ATAPI_DEVICE_PATH*) DevPathNode; + PciOr16 ( + PCI_LIB_ADDRESS ( + 0, + 1, + 1, + (Atapi->PrimarySecondary =3D=3D 1) ? 0x42: 0x40 + ), + BIT15 + ); + } + + // + // Next device path node + // + DevPathNode =3D NextDevicePathNode (DevPathNode); + } + } + + return; +} + + +VOID +InstallDevicePathCallback ( + VOID + ) +{ + DEBUG ((DEBUG_INFO, "Registered NotifyDevPath Event\n")); + mEfiDevPathEvent =3D EfiCreateProtocolNotifyEvent ( + &gEfiDevicePathProtocolGuid, + TPL_CALLBACK, + NotifyDevPath, + NULL, + &mEfiDevPathNotifyReg + ); +} + +/** + This function is called each second during the boot manager waits the + timeout. + + @param TimeoutRemain The remaining timeout. +**/ +VOID +EFIAPI +PlatformBootManagerWaitCallback ( + UINT16 TimeoutRemain + ) +{ + // + // Since the timeout should be forced to zero we should never + // Get here + // + ASSERT (FALSE); +} + +/** + The function is called when no boot option could be launched, + including platform recovery options and options pointing to applications + built into firmware volumes. + + If this function returns, BDS attempts to enter an infinite loop. +**/ +VOID +EFIAPI +PlatformBootManagerUnableToBoot ( + VOID + ) +{ + // + // If we get here something failed about the grub boot but since + // We're privy to the secret we must panic and not retry or loop + // + CpuDeadLoop (); +} diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformData.c b/Ov= mfPkg/Library/PlatformBootManagerLibGrub/PlatformData.c new file mode 100644 index 000000000000..2858c3dfd5ca --- /dev/null +++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformData.c @@ -0,0 +1,213 @@ +/** @file + Defined the platform specific device path which will be used by + platform Bbd to perform the platform policy connect. + + Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "BdsPlatform.h" +#include +#include + +// +// Vendor UART Device Path structure +// +#pragma pack (1) +typedef struct { + VENDOR_DEVICE_PATH VendorHardware; + UART_DEVICE_PATH Uart; + VENDOR_DEVICE_PATH TerminalType; + EFI_DEVICE_PATH_PROTOCOL End; +} VENDOR_UART_DEVICE_PATH; +#pragma pack () + +// +// USB Keyboard Device Path structure +// +#pragma pack (1) +typedef struct { + USB_CLASS_DEVICE_PATH Keyboard; + EFI_DEVICE_PATH_PROTOCOL End; +} USB_KEYBOARD_DEVICE_PATH; +#pragma pack () + +// +// QemuRamfb Device Path structure +// +#pragma pack (1) +typedef struct { + VENDOR_DEVICE_PATH Vendor; + ACPI_ADR_DEVICE_PATH AcpiAdr; + EFI_DEVICE_PATH_PROTOCOL End; +} VENDOR_RAMFB_DEVICE_PATH; +#pragma pack () + +ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode =3D gPnpPs2Keyboard; +ACPI_HID_DEVICE_PATH gPnp16550ComPortDeviceNode =3D gPnp16550ComPort; +UART_DEVICE_PATH gUartDeviceNode =3D gUart; +VENDOR_DEVICE_PATH gTerminalTypeDeviceNode =3D gPcAnsiTerminal; + +// +// Platform specific keyboard device path +// + + +// +// Debug Agent UART Device Path +// +VENDOR_UART_DEVICE_PATH gDebugAgentUartDevicePath =3D { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + EFI_DEBUG_AGENT_GUID, + }, + { + { + MESSAGING_DEVICE_PATH, + MSG_UART_DP, + { + (UINT8) (sizeof (UART_DEVICE_PATH)), + (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8) + } + }, + 0, // Reserved + 0, // BaudRate - Default + 0, // DataBits - Default + 0, // Parity - Default + 0, // StopBits - Default + }, + gPcAnsiTerminal, + gEndEntire +}; + +STATIC USB_KEYBOARD_DEVICE_PATH gUsbKeyboardDevicePath =3D { + { + { + MESSAGING_DEVICE_PATH, + MSG_USB_CLASS_DP, + { + (UINT8)sizeof (USB_CLASS_DEVICE_PATH), + (UINT8)(sizeof (USB_CLASS_DEVICE_PATH) >> 8) + } + }, + 0xFFFF, // VendorId: any + 0xFFFF, // ProductId: any + 3, // DeviceClass: HID + 1, // DeviceSubClass: boot + 1 // DeviceProtocol: keyboard + }, + gEndEntire +}; + +STATIC VENDOR_RAMFB_DEVICE_PATH gQemuRamfbDevicePath =3D { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + QEMU_RAMFB_GUID, + }, + { + { + ACPI_DEVICE_PATH, + ACPI_ADR_DP, + { + (UINT8) (sizeof (ACPI_ADR_DEVICE_PATH)), + (UINT8) ((sizeof (ACPI_ADR_DEVICE_PATH)) >> 8) + } + }, + ACPI_DISPLAY_ADR ( + 1, // DeviceIdScheme + 0, // HeadId + 0, // NonVgaOutput + 1, // BiosCanDetect + 0, // VendorInfo + ACPI_ADR_DISPLAY_TYPE_EXTERNAL_DIGITAL, // Type + 0, // Port + 0 // Index + ), + }, + gEndEntire +}; + +STATIC VENDOR_UART_DEVICE_PATH gXenConsoleDevicePath =3D { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + EDKII_SERIAL_PORT_LIB_VENDOR_GUID + }, + { + { + MESSAGING_DEVICE_PATH, + MSG_UART_DP, + { + (UINT8) (sizeof (UART_DEVICE_PATH)), + (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8) + } + }, + 0, + FixedPcdGet64 (PcdUartDefaultBaudRate), + FixedPcdGet8 (PcdUartDefaultDataBits), + FixedPcdGet8 (PcdUartDefaultParity), + FixedPcdGet8 (PcdUartDefaultStopBits), + }, + gPcAnsiTerminal, + gEndEntire +}; + +// +// Predefined platform default console device path +// +PLATFORM_CONSOLE_CONNECT_ENTRY gPlatformConsole[] =3D { + { + (EFI_DEVICE_PATH_PROTOCOL *) &gDebugAgentUartDevicePath, + (CONSOLE_OUT | CONSOLE_IN | STD_ERROR) + }, + { + (EFI_DEVICE_PATH_PROTOCOL *)&gUsbKeyboardDevicePath, + CONSOLE_IN + }, + { + (EFI_DEVICE_PATH_PROTOCOL *)&gQemuRamfbDevicePath, + CONSOLE_OUT + }, + { + NULL, + 0 + } +}; + +PLATFORM_CONSOLE_CONNECT_ENTRY gXenPlatformConsole[] =3D { + { + (EFI_DEVICE_PATH_PROTOCOL *)&gXenConsoleDevicePath, + (CONSOLE_OUT | CONSOLE_IN | STD_ERROR) + }, + { + NULL, + 0 + } +}; + +// +// Predefined platform connect sequence +// +EFI_DEVICE_PATH_PROTOCOL *gPlatformConnectSequence[] =3D { NULL }; + diff --git a/OvmfPkg/AmdSev/Grub/.gitignore b/OvmfPkg/AmdSev/Grub/.gitignore new file mode 100644 index 000000000000..7e3b30951f22 --- /dev/null +++ b/OvmfPkg/AmdSev/Grub/.gitignore @@ -0,0 +1 @@ +grub.efi diff --git a/OvmfPkg/AmdSev/Grub/grub.cfg b/OvmfPkg/AmdSev/Grub/grub.cfg new file mode 100644 index 000000000000..b2951bb13e41 --- /dev/null +++ b/OvmfPkg/AmdSev/Grub/grub.cfg @@ -0,0 +1,46 @@ +## @file +# Execute a script to recover the SEV supplied secret and use it to +# decrypt a luks volume. For security, the kernel must be on an encrypted +# volume so reboot if none are found. +# +# Copyright (C) 2020 James Bottomley, IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +echo "Entering grub config" +sevsecret +if [ $? -ne 0 ]; then + echo "Failed to locate anything in the SEV secret area, prompting for = password" + cryptomount -a +else + cryptomount -s + if [ $? -ne 0 ]; then + echo "Failed to mount root securely, retrying with password prompt" + cryptomount -a + fi +fi +set root=3D +for f in (crypto*); do + if [ -e $f/boot/grub/grub.cfg ]; then + set root=3D$f + set prefix=3D($root)/boot/grub + break; + fi +done +if [ x$root =3D x ]; then + echo "Failed to find any grub configuration on the encrypted volume" + sleep 5 + reboot +fi +# rest of modules to get boot to work +set modules=3D" + boot + loadenv + " +for f in $modules; do + insmod $f +done +echo "Transferring to ${prefix}/grub.cfg" +source $prefix/grub.cfg diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh new file mode 100644 index 000000000000..fd28dc6ab274 --- /dev/null +++ b/OvmfPkg/AmdSev/Grub/grub.sh @@ -0,0 +1,92 @@ +## @file +# Build a version of grub capable of decrypting a luks volume with a SEV +# Supplied secret +# +# Copyright (C) 2020 James Bottomley, IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +set -e +remove_efi=3D1 + +cleanup() { + # remove the intermediates + for f in disk.fat grub-bootstrap.cfg; do + rm -f "${basedir}/$f" + done + if [ $remove_efi -eq 1 ]; then + rm -f "${basedir}/grub.efi" + fi +} + +trap cleanup EXIT + +GRUB_MODULES=3D" + part_msdos + part_gpt + cryptodisk + luks + gcry_rijndael + gcry_sha256 + ext2 + btrfs + xfs + fat + configfile + memdisk + sleep + normal + echo + test + regexp + linux + linuxefi + reboot + sevsecret + " +basedir=3D$(dirname -- "$0") + +# don't run a build if grub.efi exists and is newer than the config files +if [ -e "${basedir}/grub.efi" -a \ + "${basedir}/grub.efi" -nt "${basedir}/grub.cfg" -a \ + "${basedir}/grub.efi" -nt "${basedir}/grub.sh" ]; then + remove_efi=3D0 + echo "preserving existing grub.efi" + exit 0 +fi + +## +# different distributions have different names for grub-mkimage, so +# search all the known ones +## +for b in grub2-mkimage grub-mkimage; do + if which "$b" > /dev/null 2>&1; then + mkimage=3D"$b" + break; + fi +done +if [ -z "$mkimage" ]; then + echo "Can't find grub mkimage" >&2 + exit 1 +fi + +# GRUB's rescue parser doesn't understand 'if'. +echo 'normal (memdisk)/grub.cfg' > "${basedir}/grub-bootstrap.cfg" + +# Now build a memdisk with the correct grub.cfg +rm -f -- "${basedir}/disk.fat" +mkfs.msdos -C -- "${basedir}/disk.fat" 64 +mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg + + +${mkimage} -O x86_64-efi \ + -p '(crypto0)' \ + -c "${basedir}/grub-bootstrap.cfg" \ + -m "${basedir}/disk.fat" \ + -o "${basedir}/grub.efi" \ + ${GRUB_MODULES} + +remove_efi=3D0 +echo "grub.efi generated in ${basedir}" --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67815): https://edk2.groups.io/g/devel/message/67815 Mute This Topic: https://groups.io/mt/78455898/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 20:26:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67816+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67816+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1606146801; cv=none; d=zohomail.com; s=zohoarc; b=igMznm9uj150KixynPUINh/T56WnLAdBG7WtAYjRmaJ/3ym64FWX2saWS3TKENSFz7ACVibBxxI7BhTylQqncpzHTUw1sj9ig6dRmw+KRXfzFSqqAgj37VfFIK9rXJp8cA+z9z0WTh1eT/MeQRzTDHdDb7ZSqv66P5igwlhJISQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606146801; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=btkQ+PbWhIBFy0GrF6AMemPstpjCsFSOpQ1535qdTBY=; b=Aq9wN+7YODHngd4xz5RM0DrJ52bPgqz70NKqE//inHeGu9SSWx09trjVVITja9FfXiHho0JtWqgFe6syBWOiUIQS9nTY1hiLNBYbQJ6TuS+A++2KSOFljQzUAgqEBAY9psw20YkKisa+RsCZ15Ae1lbWODnQdhAyf42XONVaGcY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67816+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1606146801048356.4767382548898; Mon, 23 Nov 2020 07:53:21 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id OmTxYY1788612xntIfJNxBbd; Mon, 23 Nov 2020 07:53:20 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.109.1605897940655196945 for ; Fri, 20 Nov 2020 10:45:40 -0800 X-Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIY3YU159847; Fri, 20 Nov 2020 13:45:38 -0500 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 34x0jpdvft-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:38 -0500 X-Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0AKIeJfM187611; Fri, 20 Nov 2020 13:45:37 -0500 X-Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0b-001b2d01.pphosted.com with ESMTP id 34x0jpdvfn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:37 -0500 X-Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIRKV9012803; Fri, 20 Nov 2020 18:45:37 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma05wdc.us.ibm.com with ESMTP id 34t6v9rje6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 18:45:37 +0000 X-Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AKIjOJ764029176 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Nov 2020 18:45:24 GMT X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A8B8E6A04F; Fri, 20 Nov 2020 18:45:33 +0000 (GMT) X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4F67D6A051; Fri, 20 Nov 2020 18:45:31 +0000 (GMT) X-Received: from jarvis.int.hansenpartnership.com (unknown [9.80.207.206]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 20 Nov 2020 18:45:31 +0000 (GMT) From: "James Bottomley" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Laszlo Ersek Subject: [edk2-devel] [PATCH v2 3/6] OvmfPkg: convert ES Reset Block structure to be guided Date: Fri, 20 Nov 2020 10:45:18 -0800 Message-Id: <20201120184521.19437-4-jejb@linux.ibm.com> In-Reply-To: <20201120184521.19437-1-jejb@linux.ibm.com> References: <20201120184521.19437-1-jejb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com X-Gm-Message-State: 0ULXxy3jFHxLzfj0WaB9Huwyx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1606146800; bh=b45pvHSlCTaDHKbkQztF3MLMcGgJwC3VbAGQhlWTmgY=; h=Cc:Date:From:Reply-To:Subject:To; b=KSDXTWLjwet4HDJKMC/P1yML3sNk9LideLQBTVKSEdZhtl+5F4+g4ztruqhlT0j9Cov hp3F9/83GytX5cyqE7Paag30486SDBqBIA6s68mFD+osaa/MT1bGsYVxjAipSHf6DHjBo 4N8U/qIGjfDmycTqcZELiEcm+ayppV5I2jU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Convert the current ES reset block structure to an extensible guid based structure by appending a header and length, which allow for multiple guid based data packets to be inserted. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3077 Signed-off-by: James Bottomley --- v2: added --- OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 49 +++++++++++++++----- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 980e0138e7fe..baf9d09f3625 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -25,21 +25,40 @@ ALIGN 16 TIMES (0x1000 - ($ - EndOfPageTables) - 0x20) DB 0 %endif =20 +; +; Padding to ensure first guid starts at 0xffffffd0 +; +TIMES (32 - ((guidedStructureEnd - guidedStructureStart) % 32)) DB 0 + +; Guided structure. To traverse this you should first verify the +; presence of the table header guid +; (96b582de-1fb2-45f7-baea-a366c55a082d) at 0xffffffd0. If that +; is found, the two bytes at 0xffffffce are the entire table length. +; +; The table is composed of structures with the form: +; +; Data (arbitrary bytes identified by guid) +; length from start of guid to end of data (2 bytes) +; guid (16 bytes) +; +; so work back from the header using the length to traverse until you +; either find the guid you're looking for or run off the end of the +; table. +; +guidedStructureStart: + ; ; SEV-ES Processor Reset support ; ; sevEsResetBlock: ; For the initial boot of an AP under SEV-ES, the "reset" RIP must be -; programmed to the RAM area defined by SEV_ES_AP_RESET_IP. A known offs= et -; and GUID will be used to locate this block in the firmware and extract -; the build time RIP value. The GUID must always be 48 bytes from the -; end of the firmware. +; programmed to the RAM area defined by SEV_ES_AP_RESET_IP. The data +; format is ; -; 0xffffffca (-0x36) - IP value -; 0xffffffcc (-0x34) - CS segment base [31:16] -; 0xffffffce (-0x32) - Size of the SEV-ES reset block -; 0xffffffd0 (-0x30) - SEV-ES reset block GUID -; (00f771de-1a7e-4fcb-890e-68c77e2fb44e) +; IP value [0:15] +; CS segment base [31:16] +; +; SEV-ES reset block GUID: 00f771de-1a7e-4fcb-890e-68c77e2fb44e ; ; A hypervisor reads the CS segement base and IP value. The CS segment b= ase ; value represents the high order 16-bits of the CS segment base, so the @@ -48,8 +67,6 @@ ALIGN 16 ; program the EIP register with the IP value as read. ; =20 -TIMES (32 - (sevEsResetBlockEnd - sevEsResetBlockStart)) DB 0 - sevEsResetBlockStart: DD SEV_ES_AP_RESET_IP DW sevEsResetBlockEnd - sevEsResetBlockStart @@ -57,6 +74,16 @@ sevEsResetBlockStart: DB 0x89, 0x0E, 0x68, 0xC7, 0x7E, 0x2F, 0xB4, 0x4E sevEsResetBlockEnd: =20 +; +; Table header: length of whole table followed by table header +; guid: 96b582de-1fb2-45f7-baea-a366c55a082d +; + DW guidedStructureEnd - guidedStructureStart + DB 0xDE, 0x82, 0xB5, 0x96, 0xB2, 0x1F, 0xF7, 0x45 + DB 0xBA, 0xEA, 0xA3, 0x66, 0xC5, 0x5A, 0x08, 0x2D + +guidedStructureEnd: + ALIGN 16 =20 applicationProcessorEntryPoint: --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67816): https://edk2.groups.io/g/devel/message/67816 Mute This Topic: https://groups.io/mt/78455899/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 20:26:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67817+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67817+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1606146801; cv=none; d=zohomail.com; s=zohoarc; b=UMWrL8eQP7nTsootAMWEk8fYD0uLnGcdNeknpHLqoZamz226eFkUmmgiKYzJkIjcc77F7iEyHmMg+ukTwF9K85sbVa07seZfjavrL32m0P2VSHgMTIhLWo+eth6PQgHxutJKdlVzmvtbIx/fYnkQUs23VWk0pt8rFUTJ/i/pCnI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606146801; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=rc+Wt4AwWdCXvOQizkPcEHsag49fiiDZbzHEKhrJJ28=; b=ds7WSgwiMTRDjJtckSw5BE32Gng5j8NMT49ETlTbjqhvzZbudngTqIIQPO8xkRC8xOtpU8H8qe+gljbo8JhMgYcUa9sihRH8gp+8jM4IXfw61K5NnMtR7+FBM+tBJjliIMcvqbarTdWvm0KLn4G+K2I5yBSAboOCxp0iL67+Jzg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67817+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1606146801492168.00297797134692; Mon, 23 Nov 2020 07:53:21 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id qNf9YY1788612xW6Q4YQ0pge; Mon, 23 Nov 2020 07:53:21 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.110.1605897943581673544 for ; Fri, 20 Nov 2020 10:45:43 -0800 X-Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIXOIx070119; Fri, 20 Nov 2020 13:45:41 -0500 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 34xhk83p6s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:41 -0500 X-Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0AKIYCWb077383; Fri, 20 Nov 2020 13:45:40 -0500 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 34xhk83p6f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:40 -0500 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIRflj017761; Fri, 20 Nov 2020 18:45:40 GMT X-Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma03dal.us.ibm.com with ESMTP id 34w263fs85-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 18:45:40 +0000 X-Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AKIjaZm6554206 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Nov 2020 18:45:36 GMT X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5C0566A047; Fri, 20 Nov 2020 18:45:36 +0000 (GMT) X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 00CDA6A04F; Fri, 20 Nov 2020 18:45:33 +0000 (GMT) X-Received: from jarvis.int.hansenpartnership.com (unknown [9.80.207.206]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 20 Nov 2020 18:45:33 +0000 (GMT) From: "James Bottomley" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Laszlo Ersek Subject: [edk2-devel] [PATCH v2 4/6] OvmfPkg: create a SEV secret area in the AmdSev memfd Date: Fri, 20 Nov 2020 10:45:19 -0800 Message-Id: <20201120184521.19437-5-jejb@linux.ibm.com> In-Reply-To: <20201120184521.19437-1-jejb@linux.ibm.com> References: <20201120184521.19437-1-jejb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com X-Gm-Message-State: n1m9q3Fo0wFPmGHHQIty3hoxx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1606146801; bh=olkpRPA86YCzVAt/95y5mNubkljZuO2S6hLI5Rg6Jt8=; h=Cc:Date:From:Reply-To:Subject:To; b=IayhV4NRXsVk33fRx94EcyCIyuWwRUm6UQ/El/Sg13xz9VWi79TyBOdaE146x6GCtu4 JKF2kZgGjW8kozMFGPbLXitvehXGGSnwef6f9lZxHYuAeLeCBhsLdPbvsSWyCQ/73g/Ew 62Wt6Yc/QmVGpBECcZonjb0u8gC0V9RypYg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" SEV needs an area to place an injected secret where OVMF can find it and pass it up as a ConfigurationTable. This patch implements the area itself as an addition to the SEV enhanced reset vector table using an additional guid (4c2eb361-7d9b-4cc3-8081-127c90d3d294). Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3077 Signed-off-by: James Bottomley Reviewed-by: Laszlo Ersek --- v2: move guid to OVMF token space, separate patches --- OvmfPkg/OvmfPkg.dec | 6 ++++++ OvmfPkg/ResetVector/ResetVector.inf | 4 ++++ OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 14 ++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 2 ++ 4 files changed, 26 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 3fbf7a0ee1a4..7d27f8e16040 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -304,6 +304,12 @@ [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|0|UINT32|0x40 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize|0|UINT32|0x41 =20 + ## The base address and size of the SEV Launch Secret Area provisioned + # after remote attestation. If this is set in the .fdf, the platform + # is responsible for protecting the area from DXE phase overwrites. + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|0x0|UINT32|0x42 + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize|0x0|UINT32|0x43 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index a53ae6c194ae..dc38f68919cd 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -43,3 +43,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize + +[FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index baf9d09f3625..8d6600f17310 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -47,6 +47,20 @@ TIMES (32 - ((guidedStructureEnd - guidedStructureStart)= % 32)) DB 0 ; guidedStructureStart: =20 +; +; SEV Secret block Guid: 4c2eb361-7d9b-4cc3-8081-127c90d3d294 +; +; This describes the guest ram area where the hypervisor may have +; injected the secret +; +sevSecretBlockStart: + DD SEV_LAUNCH_SECRET_BASE + DD SEV_LAUNCH_SECRET_SIZE + DW sevSecretBlockEnd - sevSecretBlockStart + DB 0x61, 0xB3, 0x2E, 0x4C, 0x9B, 0x7D, 0xC3, 0x4C + DB 0x80, 0x81, 0x12, 0x7C, 0x90, 0xD3, 0xD2, 0x94 +sevSecretBlockEnd: + ; ; SEV-ES Processor Reset support ; diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 4913b379a993..c5e0fe93abf4 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -83,5 +83,7 @@ %include "Main.asm" =20 %define SEV_ES_AP_RESET_IP FixedPcdGet32 (PcdSevEsWorkAreaBase) + %define SEV_LAUNCH_SECRET_BASE FixedPcdGet32 (PcdSevLaunchSecretBase) + %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67817): https://edk2.groups.io/g/devel/message/67817 Mute This Topic: https://groups.io/mt/78455900/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 20:26:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67818+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67818+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1606146804; cv=none; d=zohomail.com; s=zohoarc; b=lfOCHDboQy74B0ga1gvMc1EqNhBavl0K/GwPbJSp01/Mbd41JQ0QiyU7bGmUDvAPEOQnTJBHSvLEnJJVnrnopbsPrkToh9/BEcrRTXjyCyWLr8a2ioMc6HW9jNCiMdStTLXM2PDyvYP5oiC0Fqgs5Y4q9zpWtCaO/DUDgqOObIw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606146804; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/CKYuU4S7UZ8H3XWHhexSbvLu6qj7h9AzDG/NcXWAw4=; b=UQuig225TEgxA/4YELJrfDKTa7FoEHhiLzs7uA0zfnHNrC83VxHb6WaIvboWSeE9nlkRZLs8DJufn20jR8sR8nchEGCsXG/+6wJZgng7ITuJUd1wrjIekcjTxDVUbadcnN7QRwraS6Q1B38foSva1PtlNxV8LDK5Ka5T5JxkMmU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67818+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1606146804551401.32464655390413; Mon, 23 Nov 2020 07:53:24 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id XN8IYY1788612xsiVoyZvfRz; Mon, 23 Nov 2020 07:53:24 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.124.1605897945989618391 for ; Fri, 20 Nov 2020 10:45:46 -0800 X-Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIW8GJ104639; Fri, 20 Nov 2020 13:45:44 -0500 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 34xg0kpsqs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:44 -0500 X-Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0AKIXH2x107036; Fri, 20 Nov 2020 13:45:43 -0500 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 34xg0kpsqg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:43 -0500 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIR1EN003233; Fri, 20 Nov 2020 18:45:42 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma02dal.us.ibm.com with ESMTP id 34vgjn7n9t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 18:45:42 +0000 X-Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AKIjUI262980556 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Nov 2020 18:45:30 GMT X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A4B86A04D; Fri, 20 Nov 2020 18:45:39 +0000 (GMT) X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C0C126A047; Fri, 20 Nov 2020 18:45:36 +0000 (GMT) X-Received: from jarvis.int.hansenpartnership.com (unknown [9.80.207.206]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 20 Nov 2020 18:45:36 +0000 (GMT) From: "James Bottomley" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Laszlo Ersek Subject: [edk2-devel] [PATCH v2 5/6] OvmfPkg/AmdSev: assign and protect the Sev Secret area Date: Fri, 20 Nov 2020 10:45:20 -0800 Message-Id: <20201120184521.19437-6-jejb@linux.ibm.com> In-Reply-To: <20201120184521.19437-1-jejb@linux.ibm.com> References: <20201120184521.19437-1-jejb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com X-Gm-Message-State: bLXGy6DYy62IkOO7C6zI2MCNx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1606146804; bh=U8mr6utt45TMcowhpOrtfq4uJwGI01n3F4byt0K767E=; h=Cc:Date:From:Reply-To:Subject:To; b=MsJrGROHpDRjJAi6XPHtgGww6B/PRuUtbf2JW/HqvFxKqUMkB4bMi+KFGNhL1T5DOBS fPal3Q47m30AVh0Tlt+SdC0f9AYY3J0DT9vH6sTRN5407fLEEjPu90C97ftLndtvlrAh8 TnMZEvX1p6Xzr27P9B5lHIoMaFS257xI9ks= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Create a one page secret area in the MEMFD and protect the area with a boot time HOB. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3077 Signed-off-by: James Bottomley Reviewed-by: Laszlo Ersek --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 4 +++ OvmfPkg/AmdSev/SecretPei/SecretPei.inf | 39 ++++++++++++++++++++++++++ OvmfPkg/AmdSev/SecretPei/SecretPei.c | 25 +++++++++++++++++ 4 files changed, 69 insertions(+) create mode 100644 OvmfPkg/AmdSev/SecretPei/SecretPei.inf create mode 100644 OvmfPkg/AmdSev/SecretPei/SecretPei.c diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index c0b4e1b274fc..a3f75a626e5e 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -624,6 +624,7 @@ [Components] } UefiCpuPkg/CpuMpPei/CpuMpPei.inf + OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 97f031950abd..c628e6d8f6e7 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -59,6 +59,9 @@ [FD.MEMFD] 0x00B000|0x001000 gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P= cdSevEsWorkAreaSize =20 +0x00C000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 @@ -138,6 +141,7 @@ [FV.PEIFV] INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf +INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.inf b/OvmfPkg/AmdSev/Secret= Pei/SecretPei.inf new file mode 100644 index 000000000000..1b40ac036aba --- /dev/null +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.inf @@ -0,0 +1,39 @@ +## @file +# PEI support for SEV Secrets +# +# Copyright (C) 2020 James Bottomley, IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecretPei + FILE_GUID =3D 45260dde-0c3c-4b41-a226-ef3803fac7d4 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeSecretPei + +# +# The following information is for reference only and not required by the = build tools. +# + +[Sources] + SecretPei.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + HobLib + PeimEntryPoint + PcdLib + +[FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPe= i/SecretPei.c new file mode 100644 index 000000000000..ad491515dd5d --- /dev/null +++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c @@ -0,0 +1,25 @@ +/** @file + SEV Secret boot time HOB placement + + Copyright (C) 2020 James Bottomley, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include + +EFI_STATUS +EFIAPI +InitializeSecretPei ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + BuildMemoryAllocationHob ( + PcdGet32 (PcdSevLaunchSecretBase), + PcdGet32 (PcdSevLaunchSecretSize), + EfiBootServicesData + ); + + return EFI_SUCCESS; +} --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67818): https://edk2.groups.io/g/devel/message/67818 Mute This Topic: https://groups.io/mt/78455901/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 20:26:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+67819+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67819+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1606146803; cv=none; d=zohomail.com; s=zohoarc; b=Ut0vIAvNXFQs/1hFm2CVimqbbgghfd47uIyD/dlcs7Ms2Hnur1ZTTgehpeCA/rd5I7oc0NztWHcJI7ur9dd+vg+vblP5TyOBVQk56N6Mtkf+qN5IenRA3Z8poDs0NfcIm+7xstBxas9/stLjLsaHAaGKzKurUaNUUSzhAMUDMzA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606146803; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=jCqFbdYENZNdzUcXaEjPBo/t4XNWxrE7txamxt05844=; b=F/sB7lV2Ps2mqeIqKr+KEIOoUCI1xV0huGheUq+DCWgOkIaGFgfyl439vIuPKKXR5hwx88OoHg8o3/jTitz5mVSRSFZ/OmrkvuYP1FTXW7L84EXMMHNQXS3AoILPw5iTIsY878JO4Ly/yPYFN47g5SpYRRFeM5Ct6tFD7tGFLRE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+67819+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1606146803014215.42760254134612; Mon, 23 Nov 2020 07:53:23 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id n5gpYY1788612xgDtb8r1zrR; Mon, 23 Nov 2020 07:53:22 -0800 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.113.1605897948688217877 for ; Fri, 20 Nov 2020 10:45:48 -0800 X-Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIYukq143840; Fri, 20 Nov 2020 13:45:47 -0500 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 34xgsndmsr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:46 -0500 X-Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0AKIabAL155507; Fri, 20 Nov 2020 13:45:46 -0500 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 34xgsndmsj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 13:45:46 -0500 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0AKIRa4O017690; Fri, 20 Nov 2020 18:45:45 GMT X-Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma03dal.us.ibm.com with ESMTP id 34w263fs8q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Nov 2020 18:45:45 +0000 X-Received: from b03ledav003.gho.boulder.ibm.com (b03ledav003.gho.boulder.ibm.com [9.17.130.234]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0AKIjfNH32637280 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Nov 2020 18:45:41 GMT X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CE3066A04F; Fri, 20 Nov 2020 18:45:41 +0000 (GMT) X-Received: from b03ledav003.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 773B06A047; Fri, 20 Nov 2020 18:45:39 +0000 (GMT) X-Received: from jarvis.int.hansenpartnership.com (unknown [9.80.207.206]) by b03ledav003.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 20 Nov 2020 18:45:39 +0000 (GMT) From: "James Bottomley" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, ashish.kalra@amd.com, brijesh.singh@amd.com, tobin@ibm.com, david.kaplan@amd.com, jon.grimm@amd.com, thomas.lendacky@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , Laszlo Ersek Subject: [edk2-devel] [PATCH v2 6/6] OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table Date: Fri, 20 Nov 2020 10:45:21 -0800 Message-Id: <20201120184521.19437-7-jejb@linux.ibm.com> In-Reply-To: <20201120184521.19437-1-jejb@linux.ibm.com> References: <20201120184521.19437-1-jejb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jejb@linux.ibm.com X-Gm-Message-State: DGbDMimVfmbGREJ0o0PKvwhKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1606146802; bh=0lBxRMMF/xu2HMLeMnRV4EFZuy/kpRFoXuIyxWHVoBM=; h=Cc:Date:From:Reply-To:Subject:To; b=U9Pgyv2TcP/QcTywx9iNXqJI+ssF8Xu3+3UjzWYkSi01d7PqGAza5HPazLByY7QqWXj 7erKdOi+wr/8ASuH/StnTsudaEGsApTkIsPaBAKMLYxs1EUPEKFzvtIXRaZ5PbV/kkaW0 Vga1lT3q+RMrI/m/Ege06VK2Ig9UWFXylJI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Now that the secret area is protected by a boot time HOB, extract its location details into a configuration table referenced by gSevLaunchSecretGuid so the boot loader or OS can locate it before a call to ExitBootServices(). Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3077 Signed-off-by: James Bottomley Reviewed-by: Laszlo Ersek --- OvmfPkg/OvmfPkg.dec | 1 + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf | 37 ++++++++++++++++++++++++++ OvmfPkg/Include/Guid/SevLaunchSecret.h | 28 +++++++++++++++++++ OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 25 +++++++++++++++++ 6 files changed, 93 insertions(+) create mode 100644 OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf create mode 100644 OvmfPkg/Include/Guid/SevLaunchSecret.h create mode 100644 OvmfPkg/AmdSev/SecretDxe/SecretDxe.c diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 7d27f8e16040..8a294116efaa 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -117,6 +117,7 @@ [Guids] gLinuxEfiInitrdMediaGuid =3D {0x5568e427, 0x68fc, 0x4f3d, {= 0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}} gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {= 0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {= 0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} + gSevLaunchSecretGuid =3D {0xadf956ad, 0xe98c, 0x484c, {= 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index a3f75a626e5e..fa2d1d20d551 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -812,6 +812,7 @@ [Components] gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE } !endif + OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf OvmfPkg/AmdSev/Grub/Grub.inf !if $(BUILD_SHELL) =3D=3D TRUE ShellPkg/Application/Shell/Shell.inf { diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index c628e6d8f6e7..b60ff6227a4f 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -269,6 +269,7 @@ [FV.DXEFV] !if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(BUILD_SHELL) =3D=3D TRUE INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand= .inf !endif +INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf INF OvmfPkg/AmdSev/Grub/Grub.inf !if $(BUILD_SHELL) =3D=3D TRUE INF ShellPkg/Application/Shell/Shell.inf diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf b/OvmfPkg/AmdSev/Secret= Dxe/SecretDxe.inf new file mode 100644 index 000000000000..62ab00a3d382 --- /dev/null +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf @@ -0,0 +1,37 @@ +## @file +# Sev Secret configuration Table installer +# +# Copyright (C) 2020 James Bottomley, IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecretDxe + FILE_GUID =3D 6e2b9619-8810-4e9d-a177-d432bb9abeda + MODULE_TYPE =3D DXE_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeSecretDxe + +[Sources] + SecretDxe.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + UefiDriverEntryPoint + +[Guids] + gSevLaunchSecretGuid + +[FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase + gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize + +[Depex] + TRUE diff --git a/OvmfPkg/Include/Guid/SevLaunchSecret.h b/OvmfPkg/Include/Guid/= SevLaunchSecret.h new file mode 100644 index 000000000000..fa5f3830bc2b --- /dev/null +++ b/OvmfPkg/Include/Guid/SevLaunchSecret.h @@ -0,0 +1,28 @@ + /** @file + UEFI Configuration Table for exposing the SEV Launch Secret location to= UEFI + applications (boot loaders). + + Copyright (C) 2020 James Bottomley, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + **/ + +#ifndef SEV_LAUNCH_SECRET_H_ +#define SEV_LAUNCH_SECRET_H_ + +#include + +#define SEV_LAUNCH_SECRET_GUID \ + { 0xadf956ad, \ + 0xe98c, \ + 0x484c, \ + { 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47 }, \ + } + +typedef struct { + UINT32 Base; + UINT32 Size; +} SEV_LAUNCH_SECRET_LOCATION; + +extern EFI_GUID gSevLaunchSecretGuid; + +#endif // SEV_LAUNCH_SECRET_H_ diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx= e/SecretDxe.c new file mode 100644 index 000000000000..e5a1624e3cd7 --- /dev/null +++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c @@ -0,0 +1,25 @@ +/** @file + SEV Secret configuration table constructor + + Copyright (C) 2020 James Bottomley, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include + +STATIC SEV_LAUNCH_SECRET_LOCATION mSecretDxeTable =3D { + FixedPcdGet32 (PcdSevLaunchSecretBase), + FixedPcdGet32 (PcdSevLaunchSecretSize), +}; + +EFI_STATUS +EFIAPI +InitializeSecretDxe( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return gBS->InstallConfigurationTable (&gSevLaunchSecretGuid, + &mSecretDxeTable); +} --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#67819): https://edk2.groups.io/g/devel/message/67819 Mute This Topic: https://groups.io/mt/78455902/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-