This implements support for UEFI secure boot on SbsaQemu using
the standalone MM framework. This moves all of the software handling
of the UEFI authenticated variable store into the standalone MM
context residing in a secure partition.
Secure variable storage is located at 0x01000000 in secure NOR Flash.
Non-secure shared memory between UEFI and standalone MM
is allocated at the top of DRAM.
DRAM size of SbsaQemu varies depends on the QEMU parameter,
the non-secure shared memory base address is passed from
trusted-firmware through the device tree "/reserved-memory" node.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 44 ++++++++---
Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 40 ++++++++++
Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 ++++++++++++++++++--
Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +-
Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++-
6 files changed, 192 insertions(+), 20 deletions(-)
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
index f6af3f9111ee..83e7cd21e0c6 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
@@ -27,6 +27,8 @@ [Defines]
DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
+ DEFINE SECURE_BOOT_ENABLE = FALSE
+
#
# Network definition
#
@@ -148,12 +150,10 @@ [LibraryClasses.common]
# Secure Boot dependencies
#
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
# re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
- VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
@@ -167,6 +167,7 @@ [LibraryClasses.common]
ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
+
NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
@@ -296,6 +297,8 @@ [PcdsFeatureFlag.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
+
[PcdsFixedAtBuild.common]
gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000
gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000
@@ -511,6 +514,10 @@ [PcdsDynamicDefault.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0300
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
+ gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000
+ gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
+
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform
@@ -564,7 +571,6 @@ [Components.common]
ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
ArmPkg/Drivers/CpuPei/CpuPei.inf
-
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
@@ -588,24 +594,40 @@ [Components.common]
#
ArmPkg/Drivers/CpuDxe/CpuDxe.inf
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
- <LibraryClasses>
- NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
- # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
- BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
- }
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
+!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!endif
}
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
+ #
+ # Variable services
+ #
+!if $(SECURE_BOOT_ENABLE) == FALSE
+ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
+ <LibraryClasses>
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+ }
+!else
+ ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
+ <LibraryClasses>
+ NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
+ }
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
index 87f5ee351eaa..9e438bc5b6b6 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
@@ -77,6 +77,19 @@ [LibraryClasses.common.MM_STANDALONE]
HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+ TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
+ TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+ ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
################################################################################
#
@@ -94,6 +107,20 @@ [PcdsFixedAtBuild]
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
+ gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000
+ gArmTokenSpaceGuid.PcdFdSize|0x000C0000
+
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000
+
###################################################################################################
#
# Components Section - list of the modules and components that will be processed by compilation
@@ -118,6 +145,19 @@ [Components.common]
#
StandaloneMmPkg/Core/StandaloneMmCore.inf
StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
+ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
+
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
+ <LibraryClasses>
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
+ # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+ }
###################################################################################################
#
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
index 47ada7df9f2c..2373594f1fbc 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
@@ -21,10 +21,10 @@
[FD.SBSA_FLASH0]
BaseAddress = 0x00000000
-Size = 0x00400000
+Size = 0x01100000
ErasePolarity = 1
BlockSize = 0x00001000
-NumBlocks = 0x400
+NumBlocks = 0x1100
################################################################################
#
@@ -50,6 +50,66 @@ [FD.SBSA_FLASH0]
0x00008000|0x00300000
FILE = Platform/Qemu/Sbsa/fip.bin
+!if $(SECURE_BOOT_ENABLE)
+## Place for Secure Variables.
+# Must be aligned to Flash Block size 0x40000
+0x01000000|0x00040000
+gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
+#NV_VARIABLE_STORE
+DATA = {
+ ## This is the EFI_FIRMWARE_VOLUME_HEADER
+ # ZeroVector []
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ # FileSystemGuid: gEfiSystemNvDataFvGuid =
+ # { 0xFFF12B8D, 0x7696, 0x4C8B,
+ # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
+ 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
+ 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
+ # FvLength: 0xC0000
+ 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
+ # Signature "_FVH" # Attributes
+ 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00,
+ # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision
+ 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02,
+ # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block
+ 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
+ # Blockmap[1]: End
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ ## This is the VARIABLE_STORE_HEADER
+ # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
+ # Signature: gEfiAuthenticatedVariableGuid =
+ # { 0xaaf32c78, 0x947b, 0x439a,
+ # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
+ 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+ # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
+ # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
+ # This can speed up the Variable Dispatch a bit.
+ 0xB8, 0xFF, 0x03, 0x00,
+ # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32
+ 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+}
+
+0x01040000|0x00040000
+gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
+#NV_FTW_WORKING
+DATA = {
+ # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid =
+ # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
+ 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
+ 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95,
+ # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
+ 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF,
+ # WriteQueueSize: UINT64
+ 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00
+}
+
+0x01080000|0x00040000
+gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
+#NV_FTW_SPARE
+!endif
+
################################################################################
#
# FD Section for FLASH1
@@ -169,15 +229,25 @@ [FV.FvMain]
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
- INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
- INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+ #
+ # Variable services
+ #
+!if $(SECURE_BOOT_ENABLE) == FALSE
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+!else
+ INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
#
# Multiple Console IO support
#
@@ -189,7 +259,6 @@ [FV.FvMain]
INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
- INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
#
@@ -287,6 +356,7 @@ [FV.FVMAIN_COMPACT]
INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
INF ArmPkg/Drivers/CpuPei/CpuPei.inf
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
# IDE/AHCI Support
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
index a1acefcfb0a7..0fd2e9964c7e 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
+++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
@@ -19,8 +19,8 @@
################################################################################
[FD.STANDALONE_MM]
-BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
-Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
+BaseAddress = 0x20001000
+Size = 0x00e00000
ErasePolarity = 1
BlockSize = 0x00001000
@@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT]
READ_LOCK_STATUS = TRUE
INF StandaloneMmPkg/Core/StandaloneMmCore.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
+ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
################################################################################
diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
index c067a80cc715..1d7f12202ecc 100644
--- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
+++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
@@ -40,6 +40,8 @@ [Pcd]
gArmTokenSpaceGuid.PcdSystemMemoryBase
gArmTokenSpaceGuid.PcdSystemMemorySize
gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress
+ gArmTokenSpaceGuid.PcdMmBufferBase
+ gArmTokenSpaceGuid.PcdMmBufferSize
[FixedPcd]
gArmTokenSpaceGuid.PcdFdBaseAddress
diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
index 8c2eb0b6a028..fa164ff455f5 100644
--- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
+++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
@@ -25,15 +25,20 @@ SbsaQemuLibConstructor (
{
VOID *DeviceTreeBase;
INT32 Node, Prev;
- UINT64 NewBase, CurBase;
+ UINT64 NewBase, CurBase, NsBufBase;
UINT64 NewSize, CurSize;
+ UINT32 NsBufSize;
CONST CHAR8 *Type;
INT32 Len;
CONST UINT64 *RegProp;
RETURN_STATUS PcdStatus;
+ INT32 ParentOffset;
+ INT32 Offset;
NewBase = 0;
NewSize = 0;
+ NsBufBase = 0;
+ NsBufSize = 0;
DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress);
ASSERT (DeviceTreeBase != NULL);
@@ -73,9 +78,39 @@ SbsaQemuLibConstructor (
}
}
+ // StandaloneMM non-secure shared buffer is allocated at the top of
+ // the system memory by trusted-firmware using "/reserved-memory" node.
+ ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory");
+ if (ParentOffset < 0) {
+ DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n",
+ __FUNCTION__));
+ }
+ Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm");
+ if (Offset < 0) {
+ DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n",
+ __FUNCTION__));
+ }
+ // Get the 'reg' property of this node. 8 byte quantities for base address
+ // and 4 byte quantities for size.
+ RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len);
+ if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) {
+ NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp));
+ NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1)));
+
+ DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n",
+ __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1));
+ } else {
+ DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n",
+ __FUNCTION__, Len));
+ }
+
+ NewSize -= NsBufSize;
+
// Make sure the start of DRAM matches our expectation
ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
+ PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase);
+ PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize);
ASSERT_RETURN_ERROR (PcdStatus);
return RETURN_SUCCESS;
--
2.17.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#69322): https://edk2.groups.io/g/devel/message/69322
Mute This Topic: https://groups.io/mt/79124573/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi Ard,
I am encountering strange behavior when I apply this patch
"SbsaQemu: add MM based UEFI secure boot support".
When I start linux kernel, booting secondary cores failed.
# I don't store any secure boot keys, so UEFI Secure Boot itself
is disabled.
--- linux kernel log ---
[ 0.124805] Remapping and enabling EFI services.
[ 0.132850] smp: Bringing up secondary CPUs ...
[ 1.294478] CPU1: failed to come online
[ 1.295647] CPU1: failed in unknown state : 0x0
[ 2.426489] CPU2: failed to come online
[ 2.427112] CPU2: failed in unknown state : 0x0
[ 3.567428] CPU3: failed to come online
[ 3.567912] CPU3: failed in unknown state : 0x0
[ 3.569010] smp: Brought up 1 node, 1 CPU
[ 3.569555] SMP: Total of 1 processors activated.
[ 3.570395] CPU features: detected: GIC system register CPU interface
[ 3.571183] CPU features: detected: 32-bit EL0 Support
[ 3.587378] CPU: All CPU(s) started at EL2
---
In my check, arch/arm64/kernel/smp.c::secondary_start_kernel() is never
called, so wait_for_completion_timeout() is timed out.
https://github.com/torvalds/linux/blob/v5.11/arch/arm64/kernel/smp.c#L138
If I set "SECURE_BOOT_ENABLE=FALSE" in edk2 build(non-secure side)
and load the same STANDALONE_MM.fd(Secure Payload) and tf-a binary,
secondary cores boot successfully.
Major difference between success and failure cases is the
existence of UEFI secure variable accesses through Standalone MM framework.
If edk2 accesses UEFI secure variable through Standalone MM, secondary cores
boot fails. I don't come up with any possible reason.
# As a reference, there is no issue on Developerbox.
Do you have any idea about this error?
Thanks,
Masahisa
On Mon, 21 Dec 2020 at 21:52, Masahisa Kojima
<masahisa.kojima@linaro.org> wrote:
>
> This implements support for UEFI secure boot on SbsaQemu using
> the standalone MM framework. This moves all of the software handling
> of the UEFI authenticated variable store into the standalone MM
> context residing in a secure partition.
>
> Secure variable storage is located at 0x01000000 in secure NOR Flash.
>
> Non-secure shared memory between UEFI and standalone MM
> is allocated at the top of DRAM.
> DRAM size of SbsaQemu varies depends on the QEMU parameter,
> the non-secure shared memory base address is passed from
> trusted-firmware through the device tree "/reserved-memory" node.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 44 ++++++++---
> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 40 ++++++++++
> Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 ++++++++++++++++++--
> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +-
> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++-
> 6 files changed, 192 insertions(+), 20 deletions(-)
>
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> index f6af3f9111ee..83e7cd21e0c6 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> @@ -27,6 +27,8 @@ [Defines]
>
> DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
>
> + DEFINE SECURE_BOOT_ENABLE = FALSE
> +
> #
> # Network definition
> #
> @@ -148,12 +150,10 @@ [LibraryClasses.common]
> # Secure Boot dependencies
> #
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
> PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
>
> - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>
> @@ -167,6 +167,7 @@ [LibraryClasses.common]
> ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
>
> TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> +
> NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
>
> CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
> @@ -296,6 +297,8 @@ [PcdsFeatureFlag.common]
> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
>
> + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
> +
> [PcdsFixedAtBuild.common]
> gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000
> gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000
> @@ -511,6 +514,10 @@ [PcdsDynamicDefault.common]
> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0300
> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
>
> + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000
> + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
> +
> +
> ################################################################################
> #
> # Components Section - list of all EDK II Modules needed by this Platform
> @@ -564,7 +571,6 @@ [Components.common]
> ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> ArmPkg/Drivers/CpuPei/CpuPei.inf
>
> -
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
> <LibraryClasses>
> NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
> @@ -588,24 +594,40 @@ [Components.common]
> #
> ArmPkg/Drivers/CpuDxe/CpuDxe.inf
> MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> - <LibraryClasses>
> - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> - # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> - }
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> <LibraryClasses>
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> +!endif
> }
> - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
>
> + #
> + # Variable services
> + #
> +!if $(SECURE_BOOT_ENABLE) == FALSE
> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> + <LibraryClasses>
> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> + }
> +!else
> + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
> + <LibraryClasses>
> + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
> + }
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +!endif
> +
> MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
> MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> index 87f5ee351eaa..9e438bc5b6b6 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> @@ -77,6 +77,19 @@ [LibraryClasses.common.MM_STANDALONE]
> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
> + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
> + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
>
> ################################################################################
> #
> @@ -94,6 +107,20 @@ [PcdsFixedAtBuild]
>
> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
>
> + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000
> + gArmTokenSpaceGuid.PcdFdSize|0x000C0000
> +
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000
> +
> ###################################################################################################
> #
> # Components Section - list of the modules and components that will be processed by compilation
> @@ -118,6 +145,19 @@ [Components.common]
> #
> StandaloneMmPkg/Core/StandaloneMmCore.inf
> StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> +
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
> + <LibraryClasses>
> + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> + }
>
> ###################################################################################################
> #
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> index 47ada7df9f2c..2373594f1fbc 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> @@ -21,10 +21,10 @@
>
> [FD.SBSA_FLASH0]
> BaseAddress = 0x00000000
> -Size = 0x00400000
> +Size = 0x01100000
> ErasePolarity = 1
> BlockSize = 0x00001000
> -NumBlocks = 0x400
> +NumBlocks = 0x1100
>
> ################################################################################
> #
> @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0]
> 0x00008000|0x00300000
> FILE = Platform/Qemu/Sbsa/fip.bin
>
> +!if $(SECURE_BOOT_ENABLE)
> +## Place for Secure Variables.
> +# Must be aligned to Flash Block size 0x40000
> +0x01000000|0x00040000
> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
> +#NV_VARIABLE_STORE
> +DATA = {
> + ## This is the EFI_FIRMWARE_VOLUME_HEADER
> + # ZeroVector []
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + # FileSystemGuid: gEfiSystemNvDataFvGuid =
> + # { 0xFFF12B8D, 0x7696, 0x4C8B,
> + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
> + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
> + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
> + # FvLength: 0xC0000
> + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
> + # Signature "_FVH" # Attributes
> + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00,
> + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision
> + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02,
> + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block
> + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
> + # Blockmap[1]: End
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + ## This is the VARIABLE_STORE_HEADER
> + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
> + # Signature: gEfiAuthenticatedVariableGuid =
> + # { 0xaaf32c78, 0x947b, 0x439a,
> + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
> + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
> + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
> + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
> + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
> + # This can speed up the Variable Dispatch a bit.
> + 0xB8, 0xFF, 0x03, 0x00,
> + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32
> + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
> +}
> +
> +0x01040000|0x00040000
> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
> +#NV_FTW_WORKING
> +DATA = {
> + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid =
> + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
> + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
> + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95,
> + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
> + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF,
> + # WriteQueueSize: UINT64
> + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00
> +}
> +
> +0x01080000|0x00040000
> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
> +#NV_FTW_SPARE
> +!endif
> +
> ################################################################################
> #
> # FD Section for FLASH1
> @@ -169,15 +229,25 @@ [FV.FvMain]
> INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
> INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
>
> + #
> + # Variable services
> + #
> +!if $(SECURE_BOOT_ENABLE) == FALSE
> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> +!else
> + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +!endif
> +
> #
> # Multiple Console IO support
> #
> @@ -189,7 +259,6 @@ [FV.FvMain]
>
> INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
> INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
> - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
>
> #
> @@ -287,6 +356,7 @@ [FV.FVMAIN_COMPACT]
> INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> INF ArmPkg/Drivers/CpuPei/CpuPei.inf
> INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
> +
> INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>
> # IDE/AHCI Support
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> index a1acefcfb0a7..0fd2e9964c7e 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> @@ -19,8 +19,8 @@
> ################################################################################
>
> [FD.STANDALONE_MM]
> -BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> -Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> +BaseAddress = 0x20001000
> +Size = 0x00e00000
> ErasePolarity = 1
>
> BlockSize = 0x00001000
> @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT]
> READ_LOCK_STATUS = TRUE
>
> INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
>
> ################################################################################
> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> index c067a80cc715..1d7f12202ecc 100644
> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> @@ -40,6 +40,8 @@ [Pcd]
> gArmTokenSpaceGuid.PcdSystemMemoryBase
> gArmTokenSpaceGuid.PcdSystemMemorySize
> gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress
> + gArmTokenSpaceGuid.PcdMmBufferBase
> + gArmTokenSpaceGuid.PcdMmBufferSize
>
> [FixedPcd]
> gArmTokenSpaceGuid.PcdFdBaseAddress
> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> index 8c2eb0b6a028..fa164ff455f5 100644
> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> @@ -25,15 +25,20 @@ SbsaQemuLibConstructor (
> {
> VOID *DeviceTreeBase;
> INT32 Node, Prev;
> - UINT64 NewBase, CurBase;
> + UINT64 NewBase, CurBase, NsBufBase;
> UINT64 NewSize, CurSize;
> + UINT32 NsBufSize;
> CONST CHAR8 *Type;
> INT32 Len;
> CONST UINT64 *RegProp;
> RETURN_STATUS PcdStatus;
> + INT32 ParentOffset;
> + INT32 Offset;
>
> NewBase = 0;
> NewSize = 0;
> + NsBufBase = 0;
> + NsBufSize = 0;
>
> DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress);
> ASSERT (DeviceTreeBase != NULL);
> @@ -73,9 +78,39 @@ SbsaQemuLibConstructor (
> }
> }
>
> + // StandaloneMM non-secure shared buffer is allocated at the top of
> + // the system memory by trusted-firmware using "/reserved-memory" node.
> + ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory");
> + if (ParentOffset < 0) {
> + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n",
> + __FUNCTION__));
> + }
> + Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm");
> + if (Offset < 0) {
> + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n",
> + __FUNCTION__));
> + }
> + // Get the 'reg' property of this node. 8 byte quantities for base address
> + // and 4 byte quantities for size.
> + RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len);
> + if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) {
> + NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp));
> + NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1)));
> +
> + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n",
> + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1));
> + } else {
> + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n",
> + __FUNCTION__, Len));
> + }
> +
> + NewSize -= NsBufSize;
> +
> // Make sure the start of DRAM matches our expectation
> ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
> PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
> + PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase);
> + PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize);
> ASSERT_RETURN_ERROR (PcdStatus);
>
> return RETURN_SUCCESS;
> --
> 2.17.1
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#71695): https://edk2.groups.io/g/devel/message/71695
Mute This Topic: https://groups.io/mt/79124573/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 16/02/2021 11:35, Masahisa Kojima wrote:
> Hi Ard,
>
> I am encountering strange behavior when I apply this patch
> "SbsaQemu: add MM based UEFI secure boot support".
> When I start linux kernel, booting secondary cores failed.
> # I don't store any secure boot keys, so UEFI Secure Boot itself
> is disabled.
>
> --- linux kernel log ---
> [ 0.124805] Remapping and enabling EFI services.
> [ 0.132850] smp: Bringing up secondary CPUs ...
> [ 1.294478] CPU1: failed to come online
> [ 1.295647] CPU1: failed in unknown state : 0x0
> [ 2.426489] CPU2: failed to come online
> [ 2.427112] CPU2: failed in unknown state : 0x0
> [ 3.567428] CPU3: failed to come online
> [ 3.567912] CPU3: failed in unknown state : 0x0
> [ 3.569010] smp: Brought up 1 node, 1 CPU
> [ 3.569555] SMP: Total of 1 processors activated.
> [ 3.570395] CPU features: detected: GIC system register CPU interface
> [ 3.571183] CPU features: detected: 32-bit EL0 Support
> [ 3.587378] CPU: All CPU(s) started at EL2
> ---
> In my check, arch/arm64/kernel/smp.c::secondary_start_kernel() is never
> called, so wait_for_completion_timeout() is timed out.
> https://github.com/torvalds/linux/blob/v5.11/arch/arm64/kernel/smp.c#L138
>
>
> If I set "SECURE_BOOT_ENABLE=FALSE" in edk2 build(non-secure side)
> and load the same STANDALONE_MM.fd(Secure Payload) and tf-a binary,
> secondary cores boot successfully.
> Major difference between success and failure cases is the
> existence of UEFI secure variable accesses through Standalone MM framework.
> If edk2 accesses UEFI secure variable through Standalone MM, secondary cores
> boot fails. I don't come up with any possible reason.
> # As a reference, there is no issue on Developerbox.
>
> Do you have any idea about this error?
>
I don't suppose that we have managed to have conflicting changes and the
memory I used for the expanded PSCI state table for upto 512 cores in
arm-tf is also the memory you are using for secure MM?
Graeme
> Thanks,
> Masahisa
>
> On Mon, 21 Dec 2020 at 21:52, Masahisa Kojima
> <masahisa.kojima@linaro.org> wrote:
>>
>> This implements support for UEFI secure boot on SbsaQemu using
>> the standalone MM framework. This moves all of the software handling
>> of the UEFI authenticated variable store into the standalone MM
>> context residing in a secure partition.
>>
>> Secure variable storage is located at 0x01000000 in secure NOR Flash.
>>
>> Non-secure shared memory between UEFI and standalone MM
>> is allocated at the top of DRAM.
>> DRAM size of SbsaQemu varies depends on the QEMU parameter,
>> the non-secure shared memory base address is passed from
>> trusted-firmware through the device tree "/reserved-memory" node.
>>
>> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
>> ---
>> Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 44 ++++++++---
>> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 40 ++++++++++
>> Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 ++++++++++++++++++--
>> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +-
>> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
>> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++-
>> 6 files changed, 192 insertions(+), 20 deletions(-)
>>
>> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
>> index f6af3f9111ee..83e7cd21e0c6 100644
>> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
>> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
>> @@ -27,6 +27,8 @@ [Defines]
>>
>> DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
>>
>> + DEFINE SECURE_BOOT_ENABLE = FALSE
>> +
>> #
>> # Network definition
>> #
>> @@ -148,12 +150,10 @@ [LibraryClasses.common]
>> # Secure Boot dependencies
>> #
>> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
>> - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>>
>> # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
>> PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
>>
>> - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
>> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>>
>> @@ -167,6 +167,7 @@ [LibraryClasses.common]
>> ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
>>
>> TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
>> +
>> NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
>>
>> CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
>> @@ -296,6 +297,8 @@ [PcdsFeatureFlag.common]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
>> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
>>
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
>> +
>> [PcdsFixedAtBuild.common]
>> gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000
>> gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000
>> @@ -511,6 +514,10 @@ [PcdsDynamicDefault.common]
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0300
>> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
>>
>> + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000
>> + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
>> +
>> +
>> ################################################################################
>> #
>> # Components Section - list of all EDK II Modules needed by this Platform
>> @@ -564,7 +571,6 @@ [Components.common]
>> ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
>> ArmPkg/Drivers/CpuPei/CpuPei.inf
>>
>> -
>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
>> <LibraryClasses>
>> NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
>> @@ -588,24 +594,40 @@ [Components.common]
>> #
>> ArmPkg/Drivers/CpuDxe/CpuDxe.inf
>> MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
>> - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
>> - <LibraryClasses>
>> - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
>> - # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
>> - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
>> - }
>> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
>> <LibraryClasses>
>> +!if $(SECURE_BOOT_ENABLE) == TRUE
>> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
>> +!endif
>> }
>> - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>> MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
>> - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
>> MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
>> MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
>> EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
>> EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
>>
>> + #
>> + # Variable services
>> + #
>> +!if $(SECURE_BOOT_ENABLE) == FALSE
>> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
>> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
>> + <LibraryClasses>
>> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
>> + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
>> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
>> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
>> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
>> + }
>> +!else
>> + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
>> + <LibraryClasses>
>> + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
>> + }
>> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
>> + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>> +!endif
>> +
>> MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
>> MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
>> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
>> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
>> index 87f5ee351eaa..9e438bc5b6b6 100644
>> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
>> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
>> @@ -77,6 +77,19 @@ [LibraryClasses.common.MM_STANDALONE]
>> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
>> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
>> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
>> + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
>> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>> + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
>> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
>> + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
>> + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
>> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
>> + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
>> + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
>> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
>> + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
>> + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
>>
>> ################################################################################
>> #
>> @@ -94,6 +107,20 @@ [PcdsFixedAtBuild]
>>
>> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
>>
>> + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000
>> + gArmTokenSpaceGuid.PcdFdSize|0x000C0000
>> +
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>> + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>> +
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000
>> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000
>> +
>> ###################################################################################################
>> #
>> # Components Section - list of the modules and components that will be processed by compilation
>> @@ -118,6 +145,19 @@ [Components.common]
>> #
>> StandaloneMmPkg/Core/StandaloneMmCore.inf
>> StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
>> + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
>> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
>> +
>> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
>> + <LibraryClasses>
>> + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
>> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
>> + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
>> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
>> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
>> + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>> + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>> + }
>>
>> ###################################################################################################
>> #
>> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
>> index 47ada7df9f2c..2373594f1fbc 100644
>> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
>> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
>> @@ -21,10 +21,10 @@
>>
>> [FD.SBSA_FLASH0]
>> BaseAddress = 0x00000000
>> -Size = 0x00400000
>> +Size = 0x01100000
>> ErasePolarity = 1
>> BlockSize = 0x00001000
>> -NumBlocks = 0x400
>> +NumBlocks = 0x1100
>>
>> ################################################################################
>> #
>> @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0]
>> 0x00008000|0x00300000
>> FILE = Platform/Qemu/Sbsa/fip.bin
>>
>> +!if $(SECURE_BOOT_ENABLE)
>> +## Place for Secure Variables.
>> +# Must be aligned to Flash Block size 0x40000
>> +0x01000000|0x00040000
>> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
>> +#NV_VARIABLE_STORE
>> +DATA = {
>> + ## This is the EFI_FIRMWARE_VOLUME_HEADER
>> + # ZeroVector []
>> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
>> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
>> + # FileSystemGuid: gEfiSystemNvDataFvGuid =
>> + # { 0xFFF12B8D, 0x7696, 0x4C8B,
>> + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
>> + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
>> + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
>> + # FvLength: 0xC0000
>> + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
>> + # Signature "_FVH" # Attributes
>> + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00,
>> + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision
>> + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02,
>> + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block
>> + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
>> + # Blockmap[1]: End
>> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
>> + ## This is the VARIABLE_STORE_HEADER
>> + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
>> + # Signature: gEfiAuthenticatedVariableGuid =
>> + # { 0xaaf32c78, 0x947b, 0x439a,
>> + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
>> + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
>> + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
>> + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
>> + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
>> + # This can speed up the Variable Dispatch a bit.
>> + 0xB8, 0xFF, 0x03, 0x00,
>> + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32
>> + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
>> +}
>> +
>> +0x01040000|0x00040000
>> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
>> +#NV_FTW_WORKING
>> +DATA = {
>> + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid =
>> + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
>> + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
>> + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95,
>> + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
>> + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF,
>> + # WriteQueueSize: UINT64
>> + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00
>> +}
>> +
>> +0x01080000|0x00040000
>> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
>> +#NV_FTW_SPARE
>> +!endif
>> +
>> ################################################################################
>> #
>> # FD Section for FLASH1
>> @@ -169,15 +229,25 @@ [FV.FvMain]
>> INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
>> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
>> INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
>> - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
>> - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>> - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>> INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
>> INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
>> INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
>> INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
>> INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
>>
>> + #
>> + # Variable services
>> + #
>> +!if $(SECURE_BOOT_ENABLE) == FALSE
>> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
>> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
>> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>> +!else
>> + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
>> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
>> + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>> +!endif
>> +
>> #
>> # Multiple Console IO support
>> #
>> @@ -189,7 +259,6 @@ [FV.FvMain]
>>
>> INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
>> INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
>> - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
>> INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
>>
>> #
>> @@ -287,6 +356,7 @@ [FV.FVMAIN_COMPACT]
>> INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
>> INF ArmPkg/Drivers/CpuPei/CpuPei.inf
>> INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
>> +
>> INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>
>> # IDE/AHCI Support
>> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
>> index a1acefcfb0a7..0fd2e9964c7e 100644
>> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
>> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
>> @@ -19,8 +19,8 @@
>> ################################################################################
>>
>> [FD.STANDALONE_MM]
>> -BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
>> -Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
>> +BaseAddress = 0x20001000
>> +Size = 0x00e00000
>> ErasePolarity = 1
>>
>> BlockSize = 0x00001000
>> @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT]
>> READ_LOCK_STATUS = TRUE
>>
>> INF StandaloneMmPkg/Core/StandaloneMmCore.inf
>> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
>> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
>> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
>> INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
>>
>> ################################################################################
>> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
>> index c067a80cc715..1d7f12202ecc 100644
>> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
>> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
>> @@ -40,6 +40,8 @@ [Pcd]
>> gArmTokenSpaceGuid.PcdSystemMemoryBase
>> gArmTokenSpaceGuid.PcdSystemMemorySize
>> gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress
>> + gArmTokenSpaceGuid.PcdMmBufferBase
>> + gArmTokenSpaceGuid.PcdMmBufferSize
>>
>> [FixedPcd]
>> gArmTokenSpaceGuid.PcdFdBaseAddress
>> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
>> index 8c2eb0b6a028..fa164ff455f5 100644
>> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
>> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
>> @@ -25,15 +25,20 @@ SbsaQemuLibConstructor (
>> {
>> VOID *DeviceTreeBase;
>> INT32 Node, Prev;
>> - UINT64 NewBase, CurBase;
>> + UINT64 NewBase, CurBase, NsBufBase;
>> UINT64 NewSize, CurSize;
>> + UINT32 NsBufSize;
>> CONST CHAR8 *Type;
>> INT32 Len;
>> CONST UINT64 *RegProp;
>> RETURN_STATUS PcdStatus;
>> + INT32 ParentOffset;
>> + INT32 Offset;
>>
>> NewBase = 0;
>> NewSize = 0;
>> + NsBufBase = 0;
>> + NsBufSize = 0;
>>
>> DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress);
>> ASSERT (DeviceTreeBase != NULL);
>> @@ -73,9 +78,39 @@ SbsaQemuLibConstructor (
>> }
>> }
>>
>> + // StandaloneMM non-secure shared buffer is allocated at the top of
>> + // the system memory by trusted-firmware using "/reserved-memory" node.
>> + ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory");
>> + if (ParentOffset < 0) {
>> + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n",
>> + __FUNCTION__));
>> + }
>> + Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm");
>> + if (Offset < 0) {
>> + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n",
>> + __FUNCTION__));
>> + }
>> + // Get the 'reg' property of this node. 8 byte quantities for base address
>> + // and 4 byte quantities for size.
>> + RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len);
>> + if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) {
>> + NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp));
>> + NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1)));
>> +
>> + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n",
>> + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1));
>> + } else {
>> + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n",
>> + __FUNCTION__, Len));
>> + }
>> +
>> + NewSize -= NsBufSize;
>> +
>> // Make sure the start of DRAM matches our expectation
>> ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
>> PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
>> + PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase);
>> + PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize);
>> ASSERT_RETURN_ERROR (PcdStatus);
>>
>> return RETURN_SUCCESS;
>> --
>> 2.17.1
>>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#71698): https://edk2.groups.io/g/devel/message/71698
Mute This Topic: https://groups.io/mt/79124573/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Wed, 17 Feb 2021 at 01:15, Graeme Gregory <graeme@nuviainc.com> wrote:
>
> On 16/02/2021 11:35, Masahisa Kojima wrote:
> > Hi Ard,
> >
> > I am encountering strange behavior when I apply this patch
> > "SbsaQemu: add MM based UEFI secure boot support".
> > When I start linux kernel, booting secondary cores failed.
> > # I don't store any secure boot keys, so UEFI Secure Boot itself
> > is disabled.
> >
> > --- linux kernel log ---
> > [ 0.124805] Remapping and enabling EFI services.
> > [ 0.132850] smp: Bringing up secondary CPUs ...
> > [ 1.294478] CPU1: failed to come online
> > [ 1.295647] CPU1: failed in unknown state : 0x0
> > [ 2.426489] CPU2: failed to come online
> > [ 2.427112] CPU2: failed in unknown state : 0x0
> > [ 3.567428] CPU3: failed to come online
> > [ 3.567912] CPU3: failed in unknown state : 0x0
> > [ 3.569010] smp: Brought up 1 node, 1 CPU
> > [ 3.569555] SMP: Total of 1 processors activated.
> > [ 3.570395] CPU features: detected: GIC system register CPU interface
> > [ 3.571183] CPU features: detected: 32-bit EL0 Support
> > [ 3.587378] CPU: All CPU(s) started at EL2
> > ---
> > In my check, arch/arm64/kernel/smp.c::secondary_start_kernel() is never
> > called, so wait_for_completion_timeout() is timed out.
> > https://github.com/torvalds/linux/blob/v5.11/arch/arm64/kernel/smp.c#L138
> >
> >
> > If I set "SECURE_BOOT_ENABLE=FALSE" in edk2 build(non-secure side)
> > and load the same STANDALONE_MM.fd(Secure Payload) and tf-a binary,
> > secondary cores boot successfully.
> > Major difference between success and failure cases is the
> > existence of UEFI secure variable accesses through Standalone MM framework.
> > If edk2 accesses UEFI secure variable through Standalone MM, secondary cores
> > boot fails. I don't come up with any possible reason.
> > # As a reference, there is no issue on Developerbox.
> >
> > Do you have any idea about this error?
> >
>
> I don't suppose that we have managed to have conflicting changes and the
> memory I used for the expanded PSCI state table for upto 512 cores in
> arm-tf is also the memory you are using for secure MM?
Hi Graeme,
Thank you for your comment.
I think PSCI state table for 512 cores you are pointing is located at
0x20000000 - 0x20001FFF(8KiB).
# 8byte function pointer and (8bytes * 512 cores) state table
I realized this area, current StandaloneMM uses the following region.
0x0100_0000 - 0x010f_ffff(1MiB) Secure Flash : store UEFI variables
0x2000_2000 - 0x2030_1fff(3MiB) SRAM : Secure Payload Code(BL32)
0x2030_2000 - 0x22b0_2000(40MiB) SRAM : BL32 Heap(8MiB) and
Stack(32MiB[64KiB * 512cores])
0x3dcd_1000 - 0x3fcD_0fff(32MiB) SRAM : EL3->S-EL0 shared memory
0x3fcf_e000 - 0x3fcf_efff(4KiB) SRAM : spm shim
exception vectors
0x100_3fe0_0000 - 0x100_3fff_ffff(2MiB) NS DRAM : shared buffer for
non-secure world
I run QEMU with "-smp 4", PSCI calls seems to be successfully completed in tf-a.
pwr_domain_on() called from linux kernel three times with mpidr 1, 2 and 3.
Thanks,
Masahisa
>
> Graeme
>
> > Thanks,
> > Masahisa
> >
> > On Mon, 21 Dec 2020 at 21:52, Masahisa Kojima
> > <masahisa.kojima@linaro.org> wrote:
> >>
> >> This implements support for UEFI secure boot on SbsaQemu using
> >> the standalone MM framework. This moves all of the software handling
> >> of the UEFI authenticated variable store into the standalone MM
> >> context residing in a secure partition.
> >>
> >> Secure variable storage is located at 0x01000000 in secure NOR Flash.
> >>
> >> Non-secure shared memory between UEFI and standalone MM
> >> is allocated at the top of DRAM.
> >> DRAM size of SbsaQemu varies depends on the QEMU parameter,
> >> the non-secure shared memory base address is passed from
> >> trusted-firmware through the device tree "/reserved-memory" node.
> >>
> >> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> >> ---
> >> Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 44 ++++++++---
> >> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 40 ++++++++++
> >> Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 ++++++++++++++++++--
> >> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +-
> >> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
> >> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++-
> >> 6 files changed, 192 insertions(+), 20 deletions(-)
> >>
> >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> >> index f6af3f9111ee..83e7cd21e0c6 100644
> >> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> >> @@ -27,6 +27,8 @@ [Defines]
> >>
> >> DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
> >>
> >> + DEFINE SECURE_BOOT_ENABLE = FALSE
> >> +
> >> #
> >> # Network definition
> >> #
> >> @@ -148,12 +150,10 @@ [LibraryClasses.common]
> >> # Secure Boot dependencies
> >> #
> >> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> >> - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> >>
> >> # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
> >> PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
> >>
> >> - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> >> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> >> VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> >>
> >> @@ -167,6 +167,7 @@ [LibraryClasses.common]
> >> ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
> >>
> >> TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> >> +
> >> NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
> >>
> >> CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
> >> @@ -296,6 +297,8 @@ [PcdsFeatureFlag.common]
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
> >>
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
> >> +
> >> [PcdsFixedAtBuild.common]
> >> gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000
> >> gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000
> >> @@ -511,6 +514,10 @@ [PcdsDynamicDefault.common]
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0300
> >> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
> >>
> >> + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000
> >> + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
> >> +
> >> +
> >> ################################################################################
> >> #
> >> # Components Section - list of all EDK II Modules needed by this Platform
> >> @@ -564,7 +571,6 @@ [Components.common]
> >> ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> >> ArmPkg/Drivers/CpuPei/CpuPei.inf
> >>
> >> -
> >> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
> >> <LibraryClasses>
> >> NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
> >> @@ -588,24 +594,40 @@ [Components.common]
> >> #
> >> ArmPkg/Drivers/CpuDxe/CpuDxe.inf
> >> MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> >> - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> >> - <LibraryClasses>
> >> - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> >> - # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> >> - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> >> - }
> >> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> >> <LibraryClasses>
> >> +!if $(SECURE_BOOT_ENABLE) == TRUE
> >> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> >> +!endif
> >> }
> >> - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> >> MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> >> - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> >> MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> >> MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> >> EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> >> EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
> >>
> >> + #
> >> + # Variable services
> >> + #
> >> +!if $(SECURE_BOOT_ENABLE) == FALSE
> >> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> >> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> >> + <LibraryClasses>
> >> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> >> + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
> >> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> >> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> >> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> >> + }
> >> +!else
> >> + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
> >> + <LibraryClasses>
> >> + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
> >> + }
> >> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> >> + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> >> +!endif
> >> +
> >> MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
> >> MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
> >> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
> >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> >> index 87f5ee351eaa..9e438bc5b6b6 100644
> >> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> >> @@ -77,6 +77,19 @@ [LibraryClasses.common.MM_STANDALONE]
> >> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> >> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> >> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> >> + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> >> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> >> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> >> + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
> >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >> + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> >> + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> >> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
> >> + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> >> + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
> >> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> >> + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
> >> + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
> >>
> >> ################################################################################
> >> #
> >> @@ -94,6 +107,20 @@ [PcdsFixedAtBuild]
> >>
> >> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> >>
> >> + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000
> >> + gArmTokenSpaceGuid.PcdFdSize|0x000C0000
> >> +
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> >> + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> >> +
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000
> >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000
> >> +
> >> ###################################################################################################
> >> #
> >> # Components Section - list of the modules and components that will be processed by compilation
> >> @@ -118,6 +145,19 @@ [Components.common]
> >> #
> >> StandaloneMmPkg/Core/StandaloneMmCore.inf
> >> StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> >> + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> >> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> >> +
> >> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
> >> + <LibraryClasses>
> >> + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
> >> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> >> + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
> >> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> >> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> >> + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> >> + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> >> + }
> >>
> >> ###################################################################################################
> >> #
> >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> >> index 47ada7df9f2c..2373594f1fbc 100644
> >> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> >> @@ -21,10 +21,10 @@
> >>
> >> [FD.SBSA_FLASH0]
> >> BaseAddress = 0x00000000
> >> -Size = 0x00400000
> >> +Size = 0x01100000
> >> ErasePolarity = 1
> >> BlockSize = 0x00001000
> >> -NumBlocks = 0x400
> >> +NumBlocks = 0x1100
> >>
> >> ################################################################################
> >> #
> >> @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0]
> >> 0x00008000|0x00300000
> >> FILE = Platform/Qemu/Sbsa/fip.bin
> >>
> >> +!if $(SECURE_BOOT_ENABLE)
> >> +## Place for Secure Variables.
> >> +# Must be aligned to Flash Block size 0x40000
> >> +0x01000000|0x00040000
> >> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
> >> +#NV_VARIABLE_STORE
> >> +DATA = {
> >> + ## This is the EFI_FIRMWARE_VOLUME_HEADER
> >> + # ZeroVector []
> >> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >> + # FileSystemGuid: gEfiSystemNvDataFvGuid =
> >> + # { 0xFFF12B8D, 0x7696, 0x4C8B,
> >> + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
> >> + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
> >> + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
> >> + # FvLength: 0xC0000
> >> + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
> >> + # Signature "_FVH" # Attributes
> >> + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00,
> >> + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision
> >> + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02,
> >> + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block
> >> + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
> >> + # Blockmap[1]: End
> >> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> >> + ## This is the VARIABLE_STORE_HEADER
> >> + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
> >> + # Signature: gEfiAuthenticatedVariableGuid =
> >> + # { 0xaaf32c78, 0x947b, 0x439a,
> >> + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
> >> + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
> >> + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
> >> + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
> >> + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
> >> + # This can speed up the Variable Dispatch a bit.
> >> + 0xB8, 0xFF, 0x03, 0x00,
> >> + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32
> >> + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
> >> +}
> >> +
> >> +0x01040000|0x00040000
> >> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
> >> +#NV_FTW_WORKING
> >> +DATA = {
> >> + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid =
> >> + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
> >> + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
> >> + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95,
> >> + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
> >> + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF,
> >> + # WriteQueueSize: UINT64
> >> + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00
> >> +}
> >> +
> >> +0x01080000|0x00040000
> >> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
> >> +#NV_FTW_SPARE
> >> +!endif
> >> +
> >> ################################################################################
> >> #
> >> # FD Section for FLASH1
> >> @@ -169,15 +229,25 @@ [FV.FvMain]
> >> INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> >> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> >> INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> >> - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> >> - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> >> - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> >> INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> >> INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> >> INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> >> INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
> >> INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
> >>
> >> + #
> >> + # Variable services
> >> + #
> >> +!if $(SECURE_BOOT_ENABLE) == FALSE
> >> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> >> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> >> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> >> +!else
> >> + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> >> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> >> + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> >> +!endif
> >> +
> >> #
> >> # Multiple Console IO support
> >> #
> >> @@ -189,7 +259,6 @@ [FV.FvMain]
> >>
> >> INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
> >> INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
> >> - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> >> INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
> >>
> >> #
> >> @@ -287,6 +356,7 @@ [FV.FVMAIN_COMPACT]
> >> INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> >> INF ArmPkg/Drivers/CpuPei/CpuPei.inf
> >> INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
> >> +
> >> INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >>
> >> # IDE/AHCI Support
> >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> >> index a1acefcfb0a7..0fd2e9964c7e 100644
> >> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> >> @@ -19,8 +19,8 @@
> >> ################################################################################
> >>
> >> [FD.STANDALONE_MM]
> >> -BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> >> -Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> >> +BaseAddress = 0x20001000
> >> +Size = 0x00e00000
> >> ErasePolarity = 1
> >>
> >> BlockSize = 0x00001000
> >> @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT]
> >> READ_LOCK_STATUS = TRUE
> >>
> >> INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> >> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> >> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> >> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> >> INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> >>
> >> ################################################################################
> >> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> >> index c067a80cc715..1d7f12202ecc 100644
> >> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> >> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> >> @@ -40,6 +40,8 @@ [Pcd]
> >> gArmTokenSpaceGuid.PcdSystemMemoryBase
> >> gArmTokenSpaceGuid.PcdSystemMemorySize
> >> gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress
> >> + gArmTokenSpaceGuid.PcdMmBufferBase
> >> + gArmTokenSpaceGuid.PcdMmBufferSize
> >>
> >> [FixedPcd]
> >> gArmTokenSpaceGuid.PcdFdBaseAddress
> >> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> >> index 8c2eb0b6a028..fa164ff455f5 100644
> >> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> >> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> >> @@ -25,15 +25,20 @@ SbsaQemuLibConstructor (
> >> {
> >> VOID *DeviceTreeBase;
> >> INT32 Node, Prev;
> >> - UINT64 NewBase, CurBase;
> >> + UINT64 NewBase, CurBase, NsBufBase;
> >> UINT64 NewSize, CurSize;
> >> + UINT32 NsBufSize;
> >> CONST CHAR8 *Type;
> >> INT32 Len;
> >> CONST UINT64 *RegProp;
> >> RETURN_STATUS PcdStatus;
> >> + INT32 ParentOffset;
> >> + INT32 Offset;
> >>
> >> NewBase = 0;
> >> NewSize = 0;
> >> + NsBufBase = 0;
> >> + NsBufSize = 0;
> >>
> >> DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress);
> >> ASSERT (DeviceTreeBase != NULL);
> >> @@ -73,9 +78,39 @@ SbsaQemuLibConstructor (
> >> }
> >> }
> >>
> >> + // StandaloneMM non-secure shared buffer is allocated at the top of
> >> + // the system memory by trusted-firmware using "/reserved-memory" node.
> >> + ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory");
> >> + if (ParentOffset < 0) {
> >> + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n",
> >> + __FUNCTION__));
> >> + }
> >> + Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm");
> >> + if (Offset < 0) {
> >> + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n",
> >> + __FUNCTION__));
> >> + }
> >> + // Get the 'reg' property of this node. 8 byte quantities for base address
> >> + // and 4 byte quantities for size.
> >> + RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len);
> >> + if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) {
> >> + NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp));
> >> + NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1)));
> >> +
> >> + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n",
> >> + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1));
> >> + } else {
> >> + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n",
> >> + __FUNCTION__, Len));
> >> + }
> >> +
> >> + NewSize -= NsBufSize;
> >> +
> >> // Make sure the start of DRAM matches our expectation
> >> ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
> >> PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
> >> + PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase);
> >> + PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize);
> >> ASSERT_RETURN_ERROR (PcdStatus);
> >>
> >> return RETURN_SUCCESS;
> >> --
> >> 2.17.1
> >>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#71702): https://edk2.groups.io/g/devel/message/71702
Mute This Topic: https://groups.io/mt/79124573/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.