From nobody Wed Feb 11 04:06:08 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+72259+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+72259+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1614575853; cv=none; d=zohomail.com; s=zohoarc; b=Dtymk04VjVF3LVW1gc5F9y/ibFv4ENDEtZa/XlgSVRFJZBdINKs+QuPx2VDbC+ZV3TKsixFeASY3exlS5l1p63oJ9wNyfHsnW/HVmdrQPCWoRKkZ8vb85NzaxAzHQLjWtdg3qHiz/wzoz93Syg11ZRyfOhFEIl+Cn5K8ZbDmHBw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614575853; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Ogxof4qQIPd5wIF2UCMUsuoVBRzCw8sHxMI9nvS5rAA=; b=CBKYC5zuDzG4EtXrLk1BBbyp73KQRzc063C2Nwl0sFiSA6Poqw/1GDrnmcCriYlKCYG40o9IE5ID9RppLjOPMyVtRKi886qZhi7QbjZMsp4q6e6cSkqwNf4saAYrzGEgkHsFvLYcexjJyO4YLULsnwYL2qgbQ7F+mnThvxbwlwg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+72259+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16145758538252.3125446330913064; Sun, 28 Feb 2021 21:17:33 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 0NtyYY1788612xRMQ5uj3oTB; Sun, 28 Feb 2021 21:17:33 -0800 X-Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by mx.groups.io with SMTP id smtpd.web08.8577.1614575853038313335 for ; Sun, 28 Feb 2021 21:17:33 -0800 X-Received: by mail-pg1-f169.google.com with SMTP id o38so10734853pgm.9 for ; Sun, 28 Feb 2021 21:17:32 -0800 (PST) X-Gm-Message-State: SBmgUz7VxwfpEmImYiP23iYkx1787277AA= X-Google-Smtp-Source: ABdhPJwFEjMlFemas/O0IbyAQWAqY+FIUdzjBZSM22KSZyJpYPToMu2Iex9RuHg/dClS0YCRnJWsNg== X-Received: by 2002:aa7:87d5:0:b029:1ed:b85b:1420 with SMTP id i21-20020aa787d50000b02901edb85b1420mr13561272pfo.17.1614575852237; Sun, 28 Feb 2021 21:17:32 -0800 (PST) X-Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id g17sm11877365pfb.214.2021.02.28.21.17.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 28 Feb 2021 21:17:31 -0800 (PST) From: "Masahisa Kojima" To: devel@edk2.groups.io Cc: Masahisa Kojima , Ard Biesheuvel , Leif Lindholm , Graeme Gregory , Radoslaw Biernacki , Shashi Mallela Subject: [edk2-devel] [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support Date: Mon, 1 Mar 2021 14:19:50 +0900 Message-Id: <20210301051952.29091-3-masahisa.kojima@linaro.org> In-Reply-To: <20210301051952.29091-1-masahisa.kojima@linaro.org> References: <20210301051952.29091-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,masahisa.kojima@linaro.org Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1614575853; bh=HCALKbopySUBjnlvZiHceltS9WiRPr9mqoKk8G/kuLs=; h=Cc:Date:From:Reply-To:Subject:To; b=HhHE8ejT042k0Up3h1C5WGfvV71tqdvmFVI8WCcA0U535TFukS8mBS3TjpUcSxulvGG uK+c7pJ+t6pafrA4K1LQ/U9PnrYKAGADCkE41ZFRuSIUB7rSJz/XaHMZtwJlBWQjKp5Kn V47tKUIOi1PpAxZzIyi5oD4QMAtDmleZ/Z8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" This implements support for UEFI secure boot on SbsaQemu using the standalone MM framework. This moves all of the software handling of the UEFI authenticated variable store into the standalone MM context residing in a secure partition. Secure variable storage is located at 0x01000000 in secure NOR Flash. Non-secure shared memory between UEFI and standalone MM is allocated at the top of DRAM. DRAM size of SbsaQemu varies depends on the QEMU parameter, the non-secure shared memory base address is passed from trusted-firmware through the device tree "/reserved-memory" node. Signed-off-by: Masahisa Kojima --- Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 43 +++++++--- .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 39 +++++++++ Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 +++++++++++++++++-- .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +- .../Library/SbsaQemuLib/SbsaQemuLib.inf | 2 + .../Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++- 6 files changed, 190 insertions(+), 20 deletions(-) diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/S= bsaQemu.dsc index c1f8a4696560..a75116ee70fc 100644 --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc @@ -28,6 +28,8 @@ [Defines] =20 DEFINE DEBUG_PRINT_ERROR_LEVEL =3D 0x8000004F =20 + DEFINE SECURE_BOOT_ENABLE =3D FALSE + # # Network definition # @@ -152,12 +154,10 @@ [LibraryClasses.common] # Secure Boot dependencies # TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf =20 # re-use the UserPhysicalPresent() dummy implementation from the ovmf tr= ee PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf =20 - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ib.inf VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf =20 @@ -171,6 +171,7 @@ [LibraryClasses.common] ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibN= ull.inf =20 TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/Sb= saQemuNorFlashLib.inf =20 CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf @@ -300,6 +301,8 @@ [PcdsFeatureFlag.common] gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE + [PcdsFixedAtBuild.common] gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000 gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000 @@ -551,6 +554,9 @@ [PcdsDynamicDefault.common] gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisAssetTag|L"AT0000" gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisSKU|L"SK0000" =20 + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000 + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000 + ##########################################################################= ###### # # Components Section - list of all EDK II Modules needed by this Platform @@ -604,7 +610,6 @@ [Components.common] ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf ArmPkg/Drivers/CpuPei/CpuPei.inf =20 - MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf @@ -628,24 +633,40 @@ [Components.common] # ArmPkg/Drivers/CpuDxe/CpuDxe.inf MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { - - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf - # don't use unaligned CopyMem () on the UEFI varstore NOR flash regi= on - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf - } MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!endif } - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim= eDxe.inf MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf =20 + # + # Variable services + # +!if $(SECURE_BOOT_ENABLE) =3D=3D FALSE + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariabl= eLibNull.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + # don't use unaligned CopyMem () on the UEFI varstore NOR flash regi= on + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + } +!else + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf { + + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependen= cy.inf + } + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf +!endif + MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qem= u/SbsaQemu/SbsaQemuStandaloneMm.dsc index 87f5ee351eaa..b80379acd1ad 100644 --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc @@ -77,6 +77,18 @@ [LibraryClasses.common.MM_STANDALONE] HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/Standalon= eMmServicesTableLib.inf MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocation= Lib/StandaloneMmMemoryAllocationLib.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/Sb= saQemuNorFlashLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecu= reLibNull.inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/Ar= mGenericTimerPhyCounterLib.inf =20 ##########################################################################= ###### # @@ -94,6 +106,20 @@ [PcdsFixedAtBuild] =20 gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2 =20 + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000 + gArmTokenSpaceGuid.PcdFdSize|0x000C0000 + + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000 + ##########################################################################= ######################### # # Components Section - list of the modules and components that will be pro= cessed by compilation @@ -118,6 +144,19 @@ [Components.common] # StandaloneMmPkg/Core/StandaloneMmCore.inf StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandalon= eMm.inf + + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf { + + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandal= oneMm.inf + # don't use unaligned CopyMem () on the UEFI varstore NOR flash regi= on + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePol= icyLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib= /VariablePolicyHelperLib.inf + } =20 ##########################################################################= ######################### # diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/S= bsaQemu.fdf index b61ae1891233..a46a47063ccc 100644 --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf @@ -21,10 +21,10 @@ =20 [FD.SBSA_FLASH0] BaseAddress =3D 0x00000000 -Size =3D 0x00400000 +Size =3D 0x01100000 ErasePolarity =3D 1 BlockSize =3D 0x00001000 -NumBlocks =3D 0x400 +NumBlocks =3D 0x1100 =20 ##########################################################################= ###### # @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0] 0x00008000|0x00300000 FILE =3D Platform/Qemu/Sbsa/fip.bin =20 +!if $(SECURE_BOOT_ENABLE) +## Place for Secure Variables. +# Must be aligned to Flash Block size 0x40000 +0x01000000|0x00040000 +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModule= PkgTokenSpaceGuid.PcdFlashNvStorageVariableSize +#NV_VARIABLE_STORE +DATA =3D { + ## This is the EFI_FIRMWARE_VOLUME_HEADER + # ZeroVector [] + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + # FileSystemGuid: gEfiSystemNvDataFvGuid =3D + # { 0xFFF12B8D, 0x7696, 0x4C8B, + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }} + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C, + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50, + # FvLength: 0xC0000 + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, + # Signature "_FVH" # Attributes + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00, + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02, + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, + # Blockmap[1]: End + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ## This is the VARIABLE_STORE_HEADER + # It is compatible with SECURE_BOOT_ENABLE =3D=3D FALSE as well. + # Signature: gEfiAuthenticatedVariableGuid =3D + # { 0xaaf32c78, 0x947b, 0x439a, + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariabl= eSize) - + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) =3D 0x3ffb8 + # This can speed up the Variable Dispatch a bit. + 0xB8, 0xFF, 0x03, 0x00, + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32 + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +} + +0x01040000|0x00040000 +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModu= lePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize +#NV_FTW_WORKING +DATA =3D { + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature =3D gEdkiiWorkingBl= ockSignatureGuid =3D + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0= x1b, 0x95 }} + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49, + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95, + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Res= erved + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF, + # WriteQueueSize: UINT64 + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00 +} + +0x01080000|0x00040000 +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModule= PkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize +#NV_FTW_SPARE +!endif + ##########################################################################= ###### # # FD Section for FLASH1 @@ -169,15 +229,25 @@ [FV.FvMain] INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.i= nf - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf= igDxe.inf INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRu= ntimeDxe.inf INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.i= nf INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf =20 + # + # Variable services + # +!if $(SECURE_BOOT_ENABLE) =3D=3D FALSE + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.i= nf + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!else + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf= igDxe.inf +!endif + # # Multiple Console IO support # @@ -189,7 +259,6 @@ [FV.FvMain] =20 INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf =20 # @@ -294,6 +363,7 @@ [FV.FVMAIN_COMPACT] INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf INF ArmPkg/Drivers/CpuPei/CpuPei.inf INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf + INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf =20 # IDE/AHCI Support diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qem= u/SbsaQemu/SbsaQemuStandaloneMm.fdf index a1acefcfb0a7..dbe1555c68f2 100644 --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf @@ -19,8 +19,8 @@ ##########################################################################= ###### =20 [FD.STANDALONE_MM] -BaseAddress =3D 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress -Size =3D 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in by= tes of the device (14MiB). +BaseAddress =3D 0x20002000 +Size =3D 0x00e00000 ErasePolarity =3D 1 =20 BlockSize =3D 0x00001000 @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT] READ_LOCK_STATUS =3D TRUE =20 INF StandaloneMmPkg/Core/StandaloneMmCore.inf + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStand= aloneMm.inf + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf =20 ##########################################################################= ###### diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Si= licon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf index c067a80cc715..1d7f12202ecc 100644 --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf @@ -40,6 +40,8 @@ [Pcd] gArmTokenSpaceGuid.PcdSystemMemoryBase gArmTokenSpaceGuid.PcdSystemMemorySize gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress + gArmTokenSpaceGuid.PcdMmBufferBase + gArmTokenSpaceGuid.PcdMmBufferSize =20 [FixedPcd] gArmTokenSpaceGuid.PcdFdBaseAddress diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Sili= con/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c index 8c2eb0b6a028..fa164ff455f5 100644 --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c @@ -25,15 +25,20 @@ SbsaQemuLibConstructor ( { VOID *DeviceTreeBase; INT32 Node, Prev; - UINT64 NewBase, CurBase; + UINT64 NewBase, CurBase, NsBufBase; UINT64 NewSize, CurSize; + UINT32 NsBufSize; CONST CHAR8 *Type; INT32 Len; CONST UINT64 *RegProp; RETURN_STATUS PcdStatus; + INT32 ParentOffset; + INT32 Offset; =20 NewBase =3D 0; NewSize =3D 0; + NsBufBase =3D 0; + NsBufSize =3D 0; =20 DeviceTreeBase =3D (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress); ASSERT (DeviceTreeBase !=3D NULL); @@ -73,9 +78,39 @@ SbsaQemuLibConstructor ( } } =20 + // StandaloneMM non-secure shared buffer is allocated at the top of + // the system memory by trusted-firmware using "/reserved-memory" node. + ParentOffset =3D fdt_path_offset(DeviceTreeBase, "/reserved-memory"); + if (ParentOffset < 0) { + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n", + __FUNCTION__)); + } + Offset =3D fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-= mm"); + if (Offset < 0) { + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n", + __FUNCTION__)); + } + // Get the 'reg' property of this node. 8 byte quantities for base addre= ss + // and 4 byte quantities for size. + RegProp =3D fdt_getprop (DeviceTreeBase, Offset, "reg", &Len); + if (RegProp !=3D 0 && Len =3D=3D (sizeof (UINT64) + sizeof(UINT32))) { + NsBufBase =3D fdt64_to_cpu (ReadUnaligned64 (RegProp)); + NsBufSize =3D fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1))); + + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n", + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1)); + } else { + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len= %d\n", + __FUNCTION__, Len)); + } + + NewSize -=3D NsBufSize; + // Make sure the start of DRAM matches our expectation ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) =3D=3D NewBase); PcdStatus =3D PcdSet64S (PcdSystemMemorySize, NewSize); + PcdStatus =3D PcdSet64S (PcdMmBufferBase, NsBufBase); + PcdStatus =3D PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize); ASSERT_RETURN_ERROR (PcdStatus); =20 return RETURN_SUCCESS; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#72259): https://edk2.groups.io/g/devel/message/72259 Mute This Topic: https://groups.io/mt/80990866/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-