From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86039+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86039+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092549; cv=none; d=zohomail.com; s=zohoarc; b=KrOtVghg6BJC6iIID7mOvKZJFdFuOszaIg20GviNiLusU7cSP4rIH6Cl2WhGQCiqnn8GiX0q7j/EMBsb4hDk6xr/eanmZwp2MTF6SSqdHMOfc2a9XCcJt7m2kFbOLayfM853vBDl2c40G4qF4+Yqrm8WwZieRQMXZhDE78lhrjo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092549; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=52a3u1WTSpS1RPnl27ATg/A5yDklDXkRypjDfsj0bQo=; b=XpDgddMAPSOwYHyMtVwxwZ03jL3aL3blwXSyOizuY/i076ETTzM7W3GKEmmRsOmBQ/+qS+CdjUG/KZCUb5lhNzsVlDEbN74JiarrJKvAN9lPWomE0fFp6eyw3GPA3LAqCWiJVUwGOJqMIu6vlWxzSQLDFxhYIuoP61th/t64w0Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86039+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092549104114.14339213386336; Mon, 24 Jan 2022 22:35:49 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id fFfBYY1788612xnEDmFZYrC7; Mon, 24 Jan 2022 22:35:48 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web08.3852.1643092545833111567 for ; Mon, 24 Jan 2022 22:35:48 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904815" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904815" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:34 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592630" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:32 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Leif Lindholm , Ard Biesheuvel , Abner Chang , Daniel Schaefer Subject: [edk2-devel] [PATCH V2 01/10] EmbeddedPkg: Fix a build error in FwVol.c in X64 arch Date: Tue, 25 Jan 2022 14:33:09 +0800 Message-Id: <20220125063318.862-2-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: c57qUQuNy3AqajSePxMVby6hx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092548; bh=ULM2A+xVX4rdS7DXBfnpYyvMmBupGg08XH08D0ha4gU=; h=Cc:Date:From:Reply-To:Subject:To; b=nOdcaazIVD5z29Flfvtry/dR/8t6xfinG6n3dokEDvV1VyiZ6Y1q2eLgnGOuT8bLJQy XgMbRiqlfzq7q5z82dH4dGK7JdAPFpaEcginaUIyemRqfrH5+WjmatsJkjufIrySCP8wr J54rCGvn9DaECykjRBd9h/+O0agAmh5k6m8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092551502100007 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 CompressedDataLength is declared as UINTN which is UINT64 in X64 arch. But the second parameter of UefiDecompressGetInfo() is declared as UINT32. So a build error is triggered. To declare CompressedDataLength as UINT32 to fix the build error. Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Abner Chang Cc: Daniel Schaefer Signed-off-by: Min Xu Reviewed-by: Abner Chang > Reviewed-by: Abner Chang --- EmbeddedPkg/Library/PrePiLib/FwVol.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c b/EmbeddedPkg/Library/Pre= PiLib/FwVol.c index 92ae68f0d382..0a6d6925b7ea 100644 --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c @@ -291,7 +291,7 @@ FfsProcessSection ( UINT16 SectionAttribute; UINT32 AuthenticationStatus; CHAR8 *CompressedData; - UINTN CompressedDataLength; + UINT32 CompressedDataLength; =20 *OutputBuffer =3D NULL; ParsedLength =3D 0; @@ -320,7 +320,7 @@ FfsProcessSection ( } =20 CompressedData =3D (CHAR8 *)((EFI_COMPRESSION_SECTION2 *)S= ection + 1); - CompressedDataLength =3D (UINT32)SectionLength - sizeof (EFI_COM= PRESSION_SECTION2); + CompressedDataLength =3D SectionLength - sizeof (EFI_COMPRESSION= _SECTION2); } else { CompressionSection =3D (EFI_COMPRESSION_SECTION *)Section; SectionLength =3D SECTION_SIZE (Section); @@ -330,7 +330,7 @@ FfsProcessSection ( } =20 CompressedData =3D (CHAR8 *)((EFI_COMPRESSION_SECTION *)Se= ction + 1); - CompressedDataLength =3D (UINT32)SectionLength - sizeof (EFI_COM= PRESSION_SECTION); + CompressedDataLength =3D SectionLength - sizeof (EFI_COMPRESSION= _SECTION); } =20 Status =3D UefiDecompressGetInfo ( --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86039): https://edk2.groups.io/g/devel/message/86039 Mute This Topic: https://groups.io/mt/88666799/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86040+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86040+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092551; cv=none; d=zohomail.com; s=zohoarc; b=PzKB0qgnGqvF0CFitx6Iok40QKuyagKxvm/gHGLh4Zc+hrc5n18Qz4vHRFpBf6xJ2nGjYxDgM3QunMHBtPxWJr/xBF9EF+dyHUNs2LMQnML7s98g0ZKVW9LOPFnHzOtzc5HNSkQLPmpWTMFljK1A2uDX0CwaRKf3pQIgTgsawLI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092551; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2la4Y5rLML6kKjod9wAmRtdFhS9m49o82uzzTEQRZ3I=; b=D4vimOoTd8v6PFgw5IJT96iJURRbQreLxbGRkOLlmwK2HKrllF5bvRpCDHx6yscjJzGSBzUgXvSW/IDjzWNhFBUAd/O9G+1boYjD/dlnXzcHIIZKOF5ax5NWdQYu33TCdyf5rHseXusjPPNvQPGAjSxS2HtAyiKT/cUAeQfVrHQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86040+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 164309255180584.80411179685052; Mon, 24 Jan 2022 22:35:51 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id X3FrYY1788612xITCqCSnRrB; Mon, 24 Jan 2022 22:35:51 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web08.3852.1643092545833111567 for ; Mon, 24 Jan 2022 22:35:50 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904822" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904822" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:37 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592646" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:34 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann , Ray Ni Subject: [edk2-devel] [PATCH V2 02/10] UefiCpuPkg: Add PcdTdxWorkAreaBase Date: Tue, 25 Jan 2022 14:33:10 +0800 Message-Id: <20220125063318.862-3-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: F6lwTVpiJ4TlnGbVOxLdFV1Bx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092551; bh=ZCaxt9UYg4ugv+CLAtr6qn5td6tZsYytdoa+vxZJwG0=; h=Cc:Date:From:Reply-To:Subject:To; b=UwiJOJcKfHzI+dVcMf5WNinSX7ogaltYRmsXdTEKluTDbw1uE04jauLmkZKc378VnrJ gpc5e1sPSTpppZByEKjznS1CGuz0p8nPdUQ6OoaqCS2zjDn25yXC0k6m5tV7+3kRB35Lx AlkIvGO8oQ5fB4oZfWPbp1UaPNavpw0x5DI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092553738100011 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Add PcdTdxWorkAreaBase to indicate the area of memory where the TDX work area block lives. Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Cc: Ray Ni Signed-off-by: Min Xu --- UefiCpuPkg/UefiCpuPkg.dec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 7de66fde674c..87cd20e0aa36 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -178,6 +178,10 @@ # @Prompt Configure the SEV-ES work area base gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize|0x0|UINT32|0x30002006 =20 + ## Area of memory where the TDX work area block lives. + # @Prompt Configure the TDX work area base + gUefiCpuPkgTokenSpaceGuid.PcdTdxWorkAreaBase|0x0|UINT32|0x30002007 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## This value is the CPU Local APIC base address, which aligns the addre= ss on a 4-KByte boundary. # @Prompt Configure base address of CPU Local APIC --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86040): https://edk2.groups.io/g/devel/message/86040 Mute This Topic: https://groups.io/mt/88666800/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86041+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86041+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092552; cv=none; d=zohomail.com; s=zohoarc; b=GHDGbi5P9e8TQVZXHTKSXILPPGx26lZrAQK4cUVYeMpthkDQ+Bykitd4VRtci8pdEL3Jo8mbkTOClvUf+plqMC+vjVEhC5Wws5QXzKa5x4yRFMNUE4585a5XZtuwU5XuUVt4qRvPdMJYmWqpY6sFKrHvu3CW5PcWEtXmrixIm9s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092552; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ZLax7NksJ5oqdESIAKrPuvAuMYvxgGTivPuHPHYPpno=; b=m4CGiep13UUsweTpGlheIU1GnOuH7f4iBtW6nH4Xi9FXBU2UrjaceFv9dx10cRpnGJu+X3wmdrr4plW8JNyPHU1VZ7qE2j0B59tYPNCk9Vo16sIF8XjnbmYMNxk4zOL17rG0jpzgil+GKGcgIMiTlrs+M2mV6xfkYlz6GZE3dig= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86041+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092552542679.4327466318562; Mon, 24 Jan 2022 22:35:52 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id fMVGYY1788612x1uVJWCix2k; Mon, 24 Jan 2022 22:35:51 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.3891.1643092550658200936 for ; Mon, 24 Jan 2022 22:35:50 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904836" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904836" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:39 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592657" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:37 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 03/10] OvmfPkg: Add TdxWorkArea definition Date: Tue, 25 Jan 2022 14:33:11 +0800 Message-Id: <20220125063318.862-4-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: 1bcmdmc590388Kb83CDWi9tTx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092551; bh=bD1Fk6nVjFDx7TKZGrEth5+UNUVWkzLC3ZWmbLsi+04=; h=Cc:Date:From:Reply-To:Subject:To; b=BBonexIJDI5jJen24X6VJnk5UJSBRMb/fE1wa0aNlvOrLL5x9xaptuIo6vbccCmTimM +Hlp5H+tuff/EWAJkNyjD6vT+IUEvjzHDMDQuDaQ4wkKRADJaFurn730f1YXRjoJr0MMP xw12fDGEtPrOyILCr4RxVzYMncMS8VNjlB8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092553845100013 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Add the TDX work area definition. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu Acked-by: Gerd Hoffmann --- OvmfPkg/Include/WorkArea.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h index ce60d97aa886..f5b07f18054b 100644 --- a/OvmfPkg/Include/WorkArea.h +++ b/OvmfPkg/Include/WorkArea.h @@ -63,9 +63,24 @@ typedef struct _SEV_WORK_AREA { SEC_SEV_ES_WORK_AREA SevEsWorkArea; } SEV_WORK_AREA; =20 +// +// The TDX work area definition +// +typedef struct _SEC_TDX_WORK_AREA { + UINT32 PageTableReady; + UINT32 Gpaw; + UINT64 HobList; +} SEC_TDX_WORK_AREA; + +typedef struct _TDX_WORK_AREA { + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; + SEC_TDX_WORK_AREA SecTdxWorkArea; +} TDX_WORK_AREA; + typedef union { CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER Header; SEV_WORK_AREA SevWorkArea; + TDX_WORK_AREA TdxWorkArea; } OVMF_WORK_AREA; =20 #endif --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86041): https://edk2.groups.io/g/devel/message/86041 Mute This Topic: https://groups.io/mt/88666801/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86043+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86043+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092554; cv=none; d=zohomail.com; s=zohoarc; b=mi2EDUCjJd8HlnkA/7H5qqVENVFPL024JxNLdaG+KZuePxVoeSdhyehQb2yUPfn5VuNn5cuzT62ClBZ+PVsZE5LxYl8QkbjKxLzryjSg2McrM50i5sHd22gv2un1J2ueubMy6PcuyFhv0mDYFj6gBq7oFVCjmOBxLD5ra9+2agA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092554; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=IiAqliSdOuwBvu/Mo3XrxftzMbWCIdzu8ORE021Fuo4=; b=Wj/yZN4mLubqPZG+3bAUY5f5hvcHNtzlWr9KLyCEvgASXlQxABVcFpnHgAzOjGF/MehPO9AAgScN7e04f+Qy4ljo7bqzrt9wfr92BcyXOcfNL8xtGVtUKbnfOaNF/MpmMy+TMbh4poqeumn23bmp1J29WKQ+ocnTEdUfXJB46FY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86043+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092554988362.58667314529794; Mon, 24 Jan 2022 22:35:54 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1PuzYY1788612x9arJBPgNC5; Mon, 24 Jan 2022 22:35:54 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.3918.1643092552922625005 for ; Mon, 24 Jan 2022 22:35:53 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904845" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904845" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:42 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592670" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:39 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 04/10] OvmfPkg: Add PrePiHobListPointerLibTdx Date: Tue, 25 Jan 2022 14:33:12 +0800 Message-Id: <20220125063318.862-5-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: 8lllvkvY9QsRrFHmkpnIezPlx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092554; bh=4YOZpy5IuVNWV/EZ4pFz/eYJfZ8hJKjCBkwW/Qw3v3c=; h=Cc:Date:From:Reply-To:Subject:To; b=iXTTljsgI6YsqY7aBbJ58RrCRUcB3yUBf5L14ad/DnvjMGEPttnlXYYd8ftyLmLo7VZ CCw7oy6pfalcjiwCQxE7LHYz4T13o2EIiXaqsZ7/QTjMb6OvKnHVFxKK0u27dmxJwdrwc EugGcwVjz3iKpFXaf0T8TJCOMpgBsCxYkgM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092556025100019 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 This library sets / gets the Hob list pointer in TDX_WORK_AREA. This is because it is designed to be used in SEC where the value of global variable cannot be saved, so the Hob list pointer is saved in TDX_WORK_AREA. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- .../PrePiHobListPointer.c | 57 +++++++++++++++++++ .../PrePiHobListPointerLibTdx.inf | 29 ++++++++++ 2 files changed, 86 insertions(+) create mode 100644 OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobList= Pointer.c create mode 100644 OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobList= PointerLibTdx.inf diff --git a/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer= .c b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer.c new file mode 100644 index 000000000000..d0fc240f873b --- /dev/null +++ b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer.c @@ -0,0 +1,57 @@ +/** @file +* +* Copyright (c) 2021, Intel Corporation. All rights reserved.
+* SPDX-License-Identifier: BSD-2-Clause-Patent +* +**/ + +#include +#include +#include +#include +#include + +/** + Returns the pointer to the HOB list. + + This function returns the pointer to first HOB in the list. + + @return The pointer to the HOB list. + +**/ +VOID * +EFIAPI +PrePeiGetHobList ( + VOID + ) +{ + TDX_WORK_AREA *TdxWorkArea; + + TdxWorkArea =3D (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdTdxWorkAreaBas= e); + ASSERT (TdxWorkArea !=3D NULL); + ASSERT (TdxWorkArea->SecTdxWorkArea.HobList !=3D 0); + + return (VOID *)(UINTN)TdxWorkArea->SecTdxWorkArea.HobList; +} + +/** + Updates the pointer to the HOB list. + + @param HobList Hob list pointer to store + +**/ +EFI_STATUS +EFIAPI +PrePeiSetHobList ( + IN VOID *HobList + ) +{ + TDX_WORK_AREA *TdxWorkArea; + + TdxWorkArea =3D (TDX_WORK_AREA *)(UINTN)FixedPcdGet32 (PcdTdxWorkAreaBas= e); + ASSERT (TdxWorkArea !=3D NULL); + + TdxWorkArea->SecTdxWorkArea.HobList =3D (UINTN)HobList; + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer= LibTdx.inf b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointer= LibTdx.inf new file mode 100644 index 000000000000..809c157ec5d0 --- /dev/null +++ b/OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiHobListPointerLibTdx.= inf @@ -0,0 +1,29 @@ +#/** @file +# +# Copyright (c) 2021, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +#**/ + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PrePiHobListPointerLibTdx + FILE_GUID =3D 28297DB9-4CE7-4679-80E6-0270B215A2F2 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D PrePiHobListPointerLib + +[Sources] + PrePiHobListPointer.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + EmbeddedPkg/EmbeddedPkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[Pcd] + gUefiCpuPkgTokenSpaceGuid.PcdTdxWorkAreaBase + +[LibraryClasses] + PcdLib --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86043): https://edk2.groups.io/g/devel/message/86043 Mute This Topic: https://groups.io/mt/88666803/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86042+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86042+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092554; cv=none; d=zohomail.com; s=zohoarc; b=hrOPtE/CG8gAmEOb39bprqmsHjJ/tvHCho4YGPRX5m/7X3S2FUAb6ciO7GKQLSFPMRyplJzhvzJmqHgVwapk6YNaRYEMHSxhUt67nTTGVATy2NZz3MovWAm9Tvw44URTYhVPPKNJ1lE2f013racUvQ+/V4Cjxzyh+ofiXArYwm8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092554; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=u4DRbviCeEoy4TfqS8d7iJaeQGBDO8CVYUyc9M9gU/Q=; b=MQaUnC20Qvj7GiR+QSm/NTUcvIMfr5ey0BHbZ7zwPptVK0ZLffQ8RDcczQ3eUvyCCEobxCXLPSQ94UOOuknRjwSeQDXHogtfZ1xIdoqNTKu4tn2BM1E+zACX9Zi5er/8iODyMz7QgnLjDVrEiv5TH3vFLE4tdURH4ZMxdgdHQ4M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86042+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092554223130.57473188841914; Mon, 24 Jan 2022 22:35:54 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id icTjYY1788612xgwb2AsOxRT; Mon, 24 Jan 2022 22:35:53 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.3918.1643092552922625005 for ; Mon, 24 Jan 2022 22:35:53 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904861" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904861" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:44 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592677" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:42 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 05/10] OvmfPkg: Update EFI_HOB_PLATFORM_INFO with more platform settings Date: Tue, 25 Jan 2022 14:33:13 +0800 Message-Id: <20220125063318.862-6-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: Y0Ryz0Kt7nZqVstbYwJQ23Uyx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092553; bh=MZiPyoMlxv9vUnegRvLLawd8BG6YSIpTiFYWBjXWkzM=; h=Cc:Date:From:Reply-To:Subject:To; b=l27J2E9XzFjK/57nZWPLefkju/y7Sydl7VxN9llgDrEnp33X04MO6xrhgi5TJ/J3ECk Mp42F39wQYRME66As2h51qscSM1LMujTSeRo98ppewK2ROsYBMD1YG05BTIOQVsJfn7dJ xFat73+FWZVQ34FrjrwcHP0Fs1gSdLRAHFU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092555904100017 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 This patch-sets is to bring up Legacy guest and Tdx guest without PEI phase. So platform initialization has to be done in SEC phase. It is similar with the work of OvmfPkg/PlatformPei. In OvmfPkg/PlatformPei some PCDs are set during platform initialization, such as PcdPciMmio64Base. But in PEI-less boot, PCDs cannot be set. So these values are saved in EFI_HOB_PLATFORM_INFO. Then in the early stage of DXE phase this hob will be parsed and PCDs are set accordingly. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/Include/IndustryStandard/IntelTdx.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/OvmfPkg/Include/IndustryStandard/IntelTdx.h b/OvmfPkg/Include/= IndustryStandard/IntelTdx.h index 44155adefd58..a37ad28f7bf4 100644 --- a/OvmfPkg/Include/IndustryStandard/IntelTdx.h +++ b/OvmfPkg/Include/IndustryStandard/IntelTdx.h @@ -65,6 +65,23 @@ typedef struct { typedef struct { EFI_HOB_GUID_TYPE GuidHeader; UINT16 HostBridgePciDevId; + BOOLEAN PcdSetNxForStack; + UINT8 SystemStates[6]; + + UINT64 PcdConfidentialComputingGuestAttr; + BOOLEAN PcdIa32EferChangeAllowed; + UINT64 PcdTdxSharedBitMask; + + UINT64 PcdPciMmio64Base; + UINT64 PcdPciMmio64Size; + UINT32 PcdPciMmio32Base; + UINT32 PcdPciMmio32Size; + UINT64 PcdPciIoBase; + UINT64 PcdPciIoSize; + + UINT64 PcdEmuVariableNvStoreReserved; + UINT32 PcdCpuBootLogicalProcessorNumber; + UINT32 PcdCpuMaxLogicalProcessorNumber; } EFI_HOB_PLATFORM_INFO; =20 #pragma pack() --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86042): https://edk2.groups.io/g/devel/message/86042 Mute This Topic: https://groups.io/mt/88666802/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86044+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86044+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092555; cv=none; d=zohomail.com; s=zohoarc; b=Jh9ZdHUZIAf/5tbj+em5o4cERBX2T9Pey4QaXgWdzM/2ipEZ+tg/5cP8SaaBd3gocHYd3QrWUKK5eDuUoHetog6AQZa8NvqHGdhQowzndDn2ckz4R0gzZ/rKP+oZYR1Rnl6U4n25qLzDNmveDWHesDZJDaW7VAXeZ3LXKjbyrak= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092555; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hNyYF/GjshfsCM67Q+jLQe3yu/reD7h5mbciq1Mx10U=; b=J2jL2eJkHm4J4Ka9aOFeIi7d+vMSGMT+JJgNDN/WbvwOZ9nakxC9ShhmNm6kmQVFuHjfynXfhEQSAPB0un1bc4/tstBYLMiE4NdKYdwUMzkZYGsilF45xXVD0ozaW2lj5YnhgvUNILZC3RR71T+QYqAl94M5AD3tKshp431y4ek= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86044+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092555712830.5278789014321; Mon, 24 Jan 2022 22:35:55 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id bJctYY1788612xEGliYssYVj; Mon, 24 Jan 2022 22:35:55 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.3918.1643092552922625005 for ; Mon, 24 Jan 2022 22:35:54 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904869" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904869" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:47 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592688" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:44 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 06/10] OvmfPkg: Add TdxStartupLib Date: Tue, 25 Jan 2022 14:33:14 +0800 Message-Id: <20220125063318.862-7-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: t5RfYykVd9isK78DkqVVL7efx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092555; bh=BJovysODmfGEyDDK547wv70vKwltSRMmv+uD4KM2ykU=; h=Cc:Date:From:Reply-To:Subject:To; b=FZ8lHu8O5tbTKrpQ3AXVA8CY7usa9StRRzMobYL+9ASRf2kg2sBchZrmWTKr/QukFz5 UqRer3/Y4sBJCD5GOzWnFmKA4MlamVBhkhU31grWlkL7BNP4YL/FNCN2ZAevoXY+kEDG4 DGfnocYgCyj9w8VIgXTzRrg2PEkSRdooRP8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092558115100027 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 TdxStarupLib provides a function (TdxStartup ()) which brings up both Legacy and Tdx guest from SEC phase to DXE phase. PEI phase is skipped so that the attack surfaces are reduced as much as possible. TdxStartup() does below tasks: 1. Contruct the FW hoblist. Since PEI is skipped, we must find a memory region which is the largest one below 4GB. Then this memory region will be used as the firmware hoblist. 2. Initialize the platform. 3. Build various Hobs, such as SecFv Hob, DxeFv Hob, Stack Hob, etc. 4. At last DXE Core is located / loaded and transfer control to it. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/Include/Library/TdxStartupLib.h | 34 + OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c | 218 ++++ OvmfPkg/IntelTdx/TdxStartupLib/Hob.c | 130 +++ OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c | 240 +++++ .../TdxStartupLib/TdxStartupInternal.h | 55 ++ .../IntelTdx/TdxStartupLib/TdxStartupLib.inf | 86 ++ .../TdxStartupLib/TdxStartupLibNull.inf | 40 + .../IntelTdx/TdxStartupLib/TdxStartupNull.c | 19 + .../IntelTdx/TdxStartupLib/X64/PageTables.h | 206 ++++ .../TdxStartupLib/X64/VirtualMemory.c | 935 ++++++++++++++++++ OvmfPkg/OvmfPkg.dec | 4 + 11 files changed, 1967 insertions(+) create mode 100644 OvmfPkg/Include/Library/TdxStartupLib.h create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/Hob.c create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h create mode 100644 OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c diff --git a/OvmfPkg/Include/Library/TdxStartupLib.h b/OvmfPkg/Include/Libr= ary/TdxStartupLib.h new file mode 100644 index 000000000000..a72866d90ca9 --- /dev/null +++ b/OvmfPkg/Include/Library/TdxStartupLib.h @@ -0,0 +1,34 @@ +/** @file + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef TDX_STARTUP_LIB_H_ +#define TDX_STARTUP_LIB_H_ + +#include +#include +#include +#include +#include +#include + +/** + * This function brings up the Tdx guest from SEC phase to DXE phase. + * PEI phase is skipped because most of the components in PEI phase + * is not needed for Tdx guest, for example, MP Services, TPM etc. + * In this way, the attack surfaces are reduced as much as possible. + * + * @param Context The pointer to the SecCoreData + * @return VOID This function never returns + */ +VOID +EFIAPI +TdxStartup ( + IN VOID *Context + ); + +#endif diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c b/OvmfPkg/IntelTdx/Td= xStartupLib/DxeLoad.c new file mode 100644 index 000000000000..41bd98573b48 --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/DxeLoad.c @@ -0,0 +1,218 @@ +/** @file + Responsibility of this file is to load the DXE Core from a Firmware Volu= me. + +Copyright (c) 2016 HP Development Company, L.P. +Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TdxStartupInternal.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "X64/PageTables.h" +#include + +#define STACK_SIZE 0x20000 + +/** + Transfers control to DxeCore. + + This function performs a CPU architecture specific operations to execute + the entry point of DxeCore + + @param DxeCoreEntryPoint The entry point of DxeCore. + +**/ +VOID +HandOffToDxeCore ( + IN EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint + ) +{ + VOID *BaseOfStack; + VOID *TopOfStack; + UINTN PageTables; + + // + // Clear page 0 and mark it as allocated if NULL pointer detection is en= abled. + // + if (IsNullDetectionEnabled ()) { + ClearFirst4KPage (GetHobList ()); + BuildMemoryAllocationHob (0, EFI_PAGES_TO_SIZE (1), EfiBootServicesDat= a); + } + + // + // Allocate 128KB for the Stack + // + BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); + ASSERT (BaseOfStack !=3D NULL); + + // + // Compute the top of the stack we were allocated. Pre-allocate a UINTN + // for safety. + // + TopOfStack =3D (VOID *)((UINTN)BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SI= ZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); + TopOfStack =3D ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); + + DEBUG ((DEBUG_INFO, "BaseOfStack=3D0x%x, TopOfStack=3D0x%x\n", BaseOfSta= ck, TopOfStack)); + + // + // Create page table and save PageMapLevel4 to CR3 + // + PageTables =3D CreateIdentityMappingPageTables ( + (EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack, + STACK_SIZE + ); + if (PageTables =3D=3D 0) { + DEBUG ((DEBUG_ERROR, "Failed to create idnetity mapping page tables.\n= ")); + CpuDeadLoop (); + } + + AsmWriteCr3 (PageTables); + + // + // Update the contents of BSP stack HOB to reflect the real stack info p= assed to DxeCore. + // + UpdateStackHob ((EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack, STACK_SIZE); + + DEBUG ((DEBUG_INFO, "SwitchStack then Jump to DxeCore\n")); + // + // Transfer the control to the entry point of DxeCore. + // + SwitchStack ( + (SWITCH_STACK_ENTRY_POINT)(UINTN)DxeCoreEntryPoint, + GetHobList (), + NULL, + TopOfStack + ); +} + +/** + Searches DxeCore in all firmware Volumes and loads the first + instance that contains DxeCore. + + @return FileHandle of DxeCore to load DxeCore. + +**/ +EFI_STATUS +FindDxeCore ( + IN INTN FvInstance, + IN OUT EFI_PEI_FILE_HANDLE *FileHandle + ) +{ + EFI_STATUS Status; + EFI_PEI_FV_HANDLE VolumeHandle; + + if (FileHandle =3D=3D NULL) { + ASSERT (FALSE); + return EFI_INVALID_PARAMETER; + } + + *FileHandle =3D NULL; + + // + // Caller passed in a specific FV to try, so only try that one + // + Status =3D FfsFindNextVolume (FvInstance, &VolumeHandle); + if (!EFI_ERROR (Status)) { + Status =3D FfsFindNextFile (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE, Vol= umeHandle, FileHandle); + if (*FileHandle) { + // Assume the FV that contains multiple compressed FVs. + // So decompress the compressed FVs + Status =3D FfsProcessFvFile (*FileHandle); + ASSERT_EFI_ERROR (Status); + Status =3D FfsAnyFvFindFirstFile (EFI_FV_FILETYPE_DXE_CORE, &VolumeH= andle, FileHandle); + } + } + + return Status; +} + +/** + This function finds DXE Core in the firmware volume and transfer the co= ntrol to + DXE core. + + @return EFI_SUCCESS DXE core was successfully loaded. + @return EFI_OUT_OF_RESOURCES There are not enough resources to load= DXE core. + +**/ +EFI_STATUS +EFIAPI +DxeLoadCore ( + IN INTN FvInstance + ) +{ + EFI_STATUS Status; + EFI_FV_FILE_INFO DxeCoreFileInfo; + EFI_PHYSICAL_ADDRESS DxeCoreAddress; + UINT64 DxeCoreSize; + EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint; + EFI_PEI_FILE_HANDLE FileHandle; + VOID *PeCoffImage; + + // + // Look in all the FVs present and find the DXE Core FileHandle + // + Status =3D FindDxeCore (FvInstance, &FileHandle); + + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + return Status; + } + + // + // Load the DXE Core from a Firmware Volume. + // + Status =3D FfsFindSectionData (EFI_SECTION_PE32, FileHandle, &PeCoffImag= e); + if (EFI_ERROR (Status)) { + return Status; + } + + Status =3D LoadPeCoffImage (PeCoffImage, &DxeCoreAddress, &DxeCoreSize, = &DxeCoreEntryPoint); + ASSERT_EFI_ERROR (Status); + + // + // Extract the DxeCore GUID file name. + // + Status =3D FfsGetFileInfo (FileHandle, &DxeCoreFileInfo); + ASSERT_EFI_ERROR (Status); + + // + // Add HOB for the DXE Core + // + BuildModuleHob ( + &DxeCoreFileInfo.FileName, + DxeCoreAddress, + ALIGN_VALUE (DxeCoreSize, EFI_PAGE_SIZE), + DxeCoreEntryPoint + ); + + DEBUG (( + DEBUG_INFO | DEBUG_LOAD, + "Loading DXE CORE at 0x%11p EntryPoint=3D0x%11p\n", + (VOID *)(UINTN)DxeCoreAddress, + FUNCTION_ENTRY_POINT (DxeCoreEntryPoint) + )); + + // Transfer control to the DXE Core + // The hand off state is simply a pointer to the HOB list + // + HandOffToDxeCore (DxeCoreEntryPoint); + + // + // If we get here, then the DXE Core returned. This is an error + // DxeCore should not return. + // + ASSERT (FALSE); + CpuDeadLoop (); + + return EFI_OUT_OF_RESOURCES; +} diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/Hob.c b/OvmfPkg/IntelTdx/TdxSta= rtupLib/Hob.c new file mode 100644 index 000000000000..bc30de7387f1 --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/Hob.c @@ -0,0 +1,130 @@ +/** @file + Main SEC phase code. Handles initial TDX Hob List Processing + + Copyright (c) 2008, Intel Corporation. All rights reserved.
+ (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "TdxStartupInternal.h" + +/** + * Construct the HobList in SEC phase. + * + * @return EFI_SUCCESS Successfully construct the firmware hoblist. + * @return EFI_NOT_FOUND Cannot find a memory region to be the fw hobli= st. + */ +EFI_STATUS +EFIAPI +ConstructSecHobList ( + ) +{ + UINT32 LowMemorySize; + UINT32 LowMemoryStart; + + EFI_HOB_HANDOFF_INFO_TABLE *HobList; + + LowMemorySize =3D PlatformGetSystemMemorySizeBelow4gb (); + ASSERT (LowMemorySize !=3D 0); + LowMemoryStart =3D FixedPcdGet32 (PcdOvmfDxeMemFvBase) + FixedPcdGet32 (= PcdOvmfDxeMemFvSize); + LowMemorySize -=3D LowMemoryStart; + + DEBUG ((DEBUG_INFO, "LowMemory Start and End: %x, %x\n", LowMemoryStart,= LowMemoryStart + LowMemorySize)); + HobList =3D HobConstructor ( + (VOID *)(UINTN)LowMemoryStart, + LowMemorySize, + (VOID *)(UINTN)LowMemoryStart, + (VOID *)(UINTN)(LowMemoryStart + LowMemorySize) + ); + + SetHobList ((VOID *)(UINT64)HobList); + + return EFI_SUCCESS; +} + +/** + * This function is to find a memory region which is the largest one below= 4GB. + * It will be used as the firmware hoblist. + * + * @param VmmHobList Vmm passed hoblist which constains the memory info= rmation. + * @return EFI_SUCCESS Successfully construct the firmware hoblist. + */ +EFI_STATUS +EFIAPI +ConstructFwHobList ( + IN CONST VOID *VmmHobList + ) +{ + EFI_PEI_HOB_POINTERS Hob; + EFI_PHYSICAL_ADDRESS PhysicalEnd; + UINT64 ResourceLength; + EFI_PHYSICAL_ADDRESS LowMemoryStart; + UINT64 LowMemoryLength; + + ASSERT (VmmHobList !=3D NULL); + + Hob.Raw =3D (UINT8 *)VmmHobList; + + LowMemoryLength =3D 0; + LowMemoryStart =3D 0; + + // + // Parse the HOB list until end of list or matching type is found. + // + while (!END_OF_HOB_LIST (Hob)) { + if (Hob.Header->HobType =3D=3D EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) { + if (Hob.ResourceDescriptor->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_= MEMORY) { + PhysicalEnd =3D Hob.ResourceDescriptor->PhysicalStart + Hob.Res= ourceDescriptor->ResourceLength; + ResourceLength =3D Hob.ResourceDescriptor->ResourceLength; + + if (PhysicalEnd <=3D BASE_4GB) { + if (ResourceLength > LowMemoryLength) { + LowMemoryStart =3D Hob.ResourceDescriptor->PhysicalStart; + LowMemoryLength =3D ResourceLength; + } + } else { + break; + } + } + } + + Hob.Raw =3D GET_NEXT_HOB (Hob); + } + + if (LowMemoryLength =3D=3D 0) { + DEBUG ((DEBUG_ERROR, "Cannot find a memory region under 4GB for Fw hob= list.\n")); + return EFI_NOT_FOUND; + } + + // + // HobLib doesn't like HobStart at address 0 so adjust is needed + // + if (LowMemoryStart =3D=3D 0) { + LowMemoryStart +=3D EFI_PAGE_SIZE; + LowMemoryLength -=3D EFI_PAGE_SIZE; + } + + DEBUG ((DEBUG_INFO, "LowMemory Start and End: %x, %x\n", LowMemoryStart,= LowMemoryStart + LowMemoryLength)); + HobConstructor ( + (VOID *)LowMemoryStart, + LowMemoryLength, + (VOID *)LowMemoryStart, + (VOID *)(LowMemoryStart + LowMemoryLength) + ); + + SetHobList ((VOID *)(UINT64)LowMemoryStart); + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c b/OvmfPkg/IntelTdx= /TdxStartupLib/TdxStartup.c new file mode 100644 index 000000000000..16984bd7ff14 --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartup.c @@ -0,0 +1,240 @@ +/** @file + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "TdxStartupInternal.h" + +#define GET_GPAW_INIT_STATE(INFO) ((UINT8) ((INFO) & 0x3f)) + +EFI_MEMORY_TYPE_INFORMATION mDefaultMemoryTypeInformation[] =3D { + { EfiACPIMemoryNVS, 0x004 }, + { EfiACPIReclaimMemory, 0x008 }, + { EfiReservedMemoryType, 0x004 }, + { EfiRuntimeServicesData, 0x024 }, + { EfiRuntimeServicesCode, 0x030 }, + { EfiBootServicesCode, 0x180 }, + { EfiBootServicesData, 0xF00 }, + { EfiMaxMemoryType, 0x000 } +}; + +EFI_STATUS +EFIAPI +InitializePlatform ( + EFI_HOB_PLATFORM_INFO *PlatformInfoHob + ) +{ + EFI_STATUS Status; + UINT16 HostBridgeDeviceId; + UINT32 MaxCpuCount; + UINT16 BootCpuCount; + UINT32 Uc32Base; + UINT32 PciBase; + UINT32 PciSize; + UINT64 Pci64Base; + UINT64 Pci64Size; + UINT64 PciIoBase; + UINT64 PciIoSize; + BOOLEAN SetNxStatus; + UINT64 FirstNonAddress; + UINT8 PhysMemAddressWidth; + UINT32 LowerMemorySize; + + DEBUG ((DEBUG_INFO, "InitializePlatform in Pei-less boot\n")); + PlatformDebugDumpCmos (); + + Pci64Base =3D 0; + Pci64Size =3D 0; + + FirstNonAddress =3D PlatformGetFirstNonAddress (&Pci64= Base, &Pci64Size, 0x800000000); + PlatformInfoHob->PcdPciMmio64Base =3D Pci64Base; + PlatformInfoHob->PcdPciMmio64Size =3D Pci64Size; + + PhysMemAddressWidth =3D PlatformAddressWidthInitialization (FirstNonAddr= ess); + + DEBUG ((DEBUG_INFO, "PhysMemAddressWidth=3D0x%x, Pci64Base=3D0x%llx, Pci= 64Size=3D0x%llx\n", PhysMemAddressWidth, Pci64Base, Pci64Size)); + + HostBridgeDeviceId =3D PlatformQueryHostBridgeDid (); + PlatformInfoHob->HostBridgePciDevId =3D HostBridgeDeviceId; + DEBUG ((DEBUG_INFO, "HostBridgeDeviceId =3D 0x%x\n", HostBridgeDeviceId)= ); + + MaxCpuCount =3D 0; + BootCpuCount =3D 0; + PlatformMaxCpuCountInitialization (HostBridgeDeviceId, 64, &MaxCpuCount,= &BootCpuCount); + + PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber =3D MaxCpuCount; + PlatformInfoHob->PcdCpuBootLogicalProcessorNumber =3D BootCpuCount; + DEBUG ((DEBUG_INFO, "MaxCpuCount=3D%d, BootCpuCount=3D%d\n", MaxCpuCount= , BootCpuCount)); + + LowerMemorySize =3D PlatformGetSystemMemorySizeBelow4gb (); + Uc32Base =3D PlatformQemuUc32BaseInitialization (HostBridgeDevice= Id, LowerMemorySize); + DEBUG ((DEBUG_INFO, "Uc32Base =3D 0x%x, LowerMemorySize =3D 0x%x\n", Uc3= 2Base, LowerMemorySize)); + + if (TdIsEnabled ()) { + PlatformTdxPublishRamRegions (); + } else { + PlatformInitializeRamRegions (Uc32Base, HostBridgeDeviceId, FALSE, 0, = FALSE, LowerMemorySize, 0); + } + + // + // Create Memory Type Information HOB + // + BuildGuidDataHob ( + &gEfiMemoryTypeInformationGuid, + mDefaultMemoryTypeInformation, + sizeof (mDefaultMemoryTypeInformation) + ); + + PciBase =3D 0; + PciSize =3D 0; + PciIoBase =3D 0; + PciIoSize =3D 0; + PlatformMemMapInitialization (HostBridgeDeviceId, Uc32Base, &PciBase, &P= ciSize, &PciIoBase, &PciIoSize); + PlatformInfoHob->PcdPciMmio32Base =3D PciBase; + PlatformInfoHob->PcdPciMmio32Size =3D PciSize; + PlatformInfoHob->PcdPciIoBase =3D PciIoBase; + PlatformInfoHob->PcdPciIoSize =3D PciIoSize; + + Status =3D PlatformNoexecDxeInitialization (&SetNxStatus); + if (!EFI_ERROR (Status)) { + PlatformInfoHob->PcdSetNxForStack =3D SetNxStatus; + } + + if (TdIsEnabled ()) { + PlatformInfoHob->PcdConfidentialComputingGuestAttr =3D CCAttrIntelTdx; + PlatformInfoHob->PcdIa32EferChangeAllowed =3D FALSE; + PlatformInfoHob->PcdTdxSharedBitMask =3D TdSharedPageMas= k (); + PlatformInfoHob->PcdSetNxForStack =3D TRUE; + } + + PlatformMiscInitialization (HostBridgeDeviceId, PhysMemAddressWidth); + + return EFI_SUCCESS; +} + +/** + * This function brings up the Tdx guest from SEC phase to DXE phase. + * PEI phase is skipped because most of the components in PEI phase + * is not needed for Tdx guest, for example, MP Services, TPM etc. + * In this way, the attack surfaces are reduced as much as possible. + * + * @param Context The pointer to the SecCoreData + * @return VOID This function never returns + */ +VOID +EFIAPI +TdxStartup ( + IN VOID *Context + ) +{ + EFI_SEC_PEI_HAND_OFF *SecCoreData; + EFI_FIRMWARE_VOLUME_HEADER *BootFv; + EFI_STATUS Status; + EFI_HOB_PLATFORM_INFO PlatformInfoHob; + UINT32 DxeCodeBase; + UINT32 DxeCodeSize; + TD_RETURN_DATA TdReturnData; + VOID *VmmHobList; + + Status =3D EFI_SUCCESS; + BootFv =3D NULL; + VmmHobList =3D NULL; + SecCoreData =3D (EFI_SEC_PEI_HAND_OFF *)Context; + + ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob)); + + if (TdIsEnabled ()) { + VmmHobList =3D (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase); + Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); + ASSERT (Status =3D=3D EFI_SUCCESS); + + DEBUG (( + DEBUG_INFO, + "Tdx started with(Hob: 0x%x, Gpaw: 0x%x, Cpus: %d)\n", + (UINT32)(UINTN)VmmHobList, + GET_GPAW_INIT_STATE (TdReturnData.TdInfo.Gpaw), + TdReturnData.TdInfo.NumVcpus + )); + + Status =3D ConstructFwHobList (VmmHobList); + } else { + DEBUG ((DEBUG_INFO, "Ovmf started\n")); + Status =3D ConstructSecHobList (); + } + + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); + } + + DEBUG ((DEBUG_INFO, "HobList: %p\n", GetHobList ())); + + // + // Initialize the Platform + // + Status =3D InitializePlatform (&PlatformInfoHob); + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); + } + + BuildGuidDataHob (&gUefiOvmfPkgTdxPlatformGuid, &PlatformInfoHob, sizeof= (EFI_HOB_PLATFORM_INFO)); + + // + // SecFV + // + BootFv =3D (EFI_FIRMWARE_VOLUME_HEADER *)SecCoreData->BootFirmwareVolume= Base; + BuildFvHob ((UINTN)BootFv, BootFv->FvLength); + + // + // DxeFV + // + DxeCodeBase =3D PcdGet32 (PcdBfvBase); + DxeCodeSize =3D PcdGet32 (PcdBfvRawDataSize) - (UINT32)BootFv->FvLength; + BuildFvHob (DxeCodeBase, DxeCodeSize); + + DEBUG ((DEBUG_INFO, "SecFv : %p, 0x%x\n", BootFv, BootFv->FvLength)); + DEBUG ((DEBUG_INFO, "DxeFv : %x, 0x%x\n", DxeCodeBase, DxeCodeSize)); + + BuildStackHob ((UINTN)SecCoreData->StackBase, SecCoreData->StackSize <<= =3D 1); + + BuildResourceDescriptorHob ( + EFI_RESOURCE_SYSTEM_MEMORY, + EFI_RESOURCE_ATTRIBUTE_PRESENT | + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE | + EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE | + EFI_RESOURCE_ATTRIBUTE_TESTED, + (UINT64)SecCoreData->TemporaryRamBase, + (UINT64)SecCoreData->TemporaryRamSize + ); + + // + // Load the DXE Core and transfer control to it. + // Only DxeFV is in the compressed section. + // + Status =3D DxeLoadCore (1); + + // + // Never arrive here. + // + ASSERT (FALSE); + CpuDeadLoop (); +} diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h b/OvmfPkg/= IntelTdx/TdxStartupLib/TdxStartupInternal.h new file mode 100644 index 000000000000..b475f6ba223c --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupInternal.h @@ -0,0 +1,55 @@ +/** @file + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef TDX_STARTUP_INTERNAL_LIB_H_ +#define TDX_STARTUP_INTERNAL_LIB_H_ + +#include +#include +#include +#include +#include + +EFI_STATUS +EFIAPI +DxeLoadCore ( + IN INTN FvInstance + ); + +VOID +EFIAPI +TransferHobList ( + IN CONST VOID *HobStart + ); + +/** + * This function is to find a memory region which is the largest one below= 4GB. + * It will be used as the firmware hoblist. + * + * @param VmmHobList Vmm passed hoblist which constains the memory = information. + * @return EFI_SUCCESS Successfully construct the firmware hoblist. + * @return EFI_NOT_FOUND Cannot find a memory region to be the fw hobli= st. + */ +EFI_STATUS +EFIAPI +ConstructFwHobList ( + IN CONST VOID *VmmHobList + ); + +/** + * Construct the HobList in SEC phase. + * + * @return EFI_SUCCESS Successfully construct the firmware hoblist. + * @return EFI_NOT_FOUND Cannot find a memory region to be the fw hobli= st. + */ +EFI_STATUS +EFIAPI +ConstructSecHobList ( + ); + +#endif diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf b/OvmfPkg/Int= elTdx/TdxStartupLib/TdxStartupLib.inf new file mode 100644 index 000000000000..ce8a28a916c3 --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf @@ -0,0 +1,86 @@ +#/** @file +# Component description file for TDX Pre PI Library +# +# LIbrary helps you build a platform that skips PEI and loads DXE Core +# directly. Helps building HOBs, reading data from the FV, and doing +# decompression. +# +# Copyright (c) 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2008, Apple Inc. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +#**/ + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TdxStartupLib + FILE_GUID =3D 8FA74135-F841-40A4-86C8-69C923D2E85F + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TdxStartupLib|SEC + +# +# VALID_ARCHITECTURES =3D X64 +# + +[Sources] + TdxStartup.c + Hob.c + DxeLoad.c + +[Sources.X64] + X64/VirtualMemory.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiCpuPkg/UefiCpuPkg.dec + OvmfPkg/OvmfPkg.dec + EmbeddedPkg/EmbeddedPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + BaseMemoryLib + PcdLib + UefiCpuLib + DebugAgentLib + IoLib + LocalApicLib + SynchronizationLib + HobLib + TdxLib + MemoryAllocationLib + PrePiLib + QemuFwCfgLib + PlatformInitLib + +[Guids] + gEfiHobMemoryAllocModuleGuid + gEfiHobMemoryAllocStackGuid + gUefiOvmfPkgTdxPlatformGuid + gEfiMemoryTypeInformationGuid + gPcdDataBaseHobGuid + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase + gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataOffset + gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize + gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase + gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset + gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIM= ES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf b/OvmfPkg= /IntelTdx/TdxStartupLib/TdxStartupLibNull.inf new file mode 100644 index 000000000000..e79d266d58ca --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLibNull.inf @@ -0,0 +1,40 @@ +#/** @file +# Component description file for TDX Pre PI Library +# +# LIbrary helps you build a platform that skips PEI and loads DXE Core +# directly. Helps building HOBs, reading data from the FV, and doing +# decompression. +# +# Copyright (c) 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2008, Apple Inc. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +#**/ + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TdxStartupLibNull + FILE_GUID =3D 79DD2160-D5E0-48CD-AA87-479EACEE8393 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TdxStartupLib|SEC + +# +# VALID_ARCHITECTURES =3D X64 +# + +[Sources] + TdxStartupNull.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + +[Pcd] diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c b/OvmfPkg/Inte= lTdx/TdxStartupLib/TdxStartupNull.c new file mode 100644 index 000000000000..8c00e813c1f6 --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupNull.c @@ -0,0 +1,19 @@ +/** @file + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +VOID +EFIAPI +TdxStartup ( + IN VOID *Context + ) +{ + ASSERT (FALSE); + CpuDeadLoop (); +} diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h b/OvmfPkg/Inte= lTdx/TdxStartupLib/X64/PageTables.h new file mode 100644 index 000000000000..a0d0d3547bfa --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/X64/PageTables.h @@ -0,0 +1,206 @@ +/** @file + x64 Long Mode Virtual Memory Management Definitions + + References: + 1) IA-32 Intel(R) Architecture Software Developer's Manual Volume 1:Ba= sic Architecture, Intel + 2) IA-32 Intel(R) Architecture Software Developer's Manual Volume 2:In= struction Set Reference, Intel + 3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:Sy= stem Programmer's Guide, Intel + 4) AMD64 Architecture Programmer's Manual Volume 2: System Programming + +Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
+Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PAGE_TABLES_H_ +#define PAGE_TABLES_H_ + +#define SYS_CODE64_SEL 0x38 + +#pragma pack(1) + +typedef union { + struct { + UINT32 LimitLow : 16; + UINT32 BaseLow : 16; + UINT32 BaseMid : 8; + UINT32 Type : 4; + UINT32 System : 1; + UINT32 Dpl : 2; + UINT32 Present : 1; + UINT32 LimitHigh : 4; + UINT32 Software : 1; + UINT32 Reserved : 1; + UINT32 DefaultSize : 1; + UINT32 Granularity : 1; + UINT32 BaseHigh : 8; + } Bits; + UINT64 Uint64; +} IA32_GDT; + +typedef struct { + IA32_IDT_GATE_DESCRIPTOR Ia32IdtEntry; + UINT32 Offset32To63; + UINT32 Reserved; +} X64_IDT_GATE_DESCRIPTOR; + +// +// Page-Map Level-4 Offset (PML4) and +// Page-Directory-Pointer Offset (PDPE) entries 4K & 2MB +// + +typedef union { + struct { + UINT64 Present : 1; // 0 =3D Not present in memory, 1= =3D Present in memory + UINT64 ReadWrite : 1; // 0 =3D Read-Only, 1=3D Read/Wri= te + UINT64 UserSupervisor : 1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough : 1; // 0 =3D Write-Back caching, 1=3D= Write-Through caching + UINT64 CacheDisabled : 1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed : 1; // 0 =3D Not accessed, 1 =3D Acce= ssed (set by CPU) + UINT64 Reserved : 1; // Reserved + UINT64 MustBeZero : 2; // Must Be Zero + UINT64 Available : 3; // Available for use by system so= ftware + UINT64 PageTableBaseAddress : 40; // Page Table Base Address + UINT64 AvabilableHigh : 11; // Available for use by system so= ftware + UINT64 Nx : 1; // No Execute bit + } Bits; + UINT64 Uint64; +} PAGE_MAP_AND_DIRECTORY_POINTER; + +// +// Page Table Entry 4KB +// +typedef union { + struct { + UINT64 Present : 1; // 0 =3D Not present in memory, 1= =3D Present in memory + UINT64 ReadWrite : 1; // 0 =3D Read-Only, 1=3D Read/Wri= te + UINT64 UserSupervisor : 1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough : 1; // 0 =3D Write-Back caching, 1=3D= Write-Through caching + UINT64 CacheDisabled : 1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed : 1; // 0 =3D Not accessed, 1 =3D Acce= ssed (set by CPU) + UINT64 Dirty : 1; // 0 =3D Not Dirty, 1 =3D written= by processor on access to page + UINT64 PAT : 1; // + UINT64 Global : 1; // 0 =3D Not global page, 1 =3D g= lobal page TLB not cleared on CR3 write + UINT64 Available : 3; // Available for use by system so= ftware + UINT64 PageTableBaseAddress : 40; // Page Table Base Address + UINT64 AvabilableHigh : 11; // Available for use by system so= ftware + UINT64 Nx : 1; // 0 =3D Execute Code, 1 =3D No C= ode Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_4K_ENTRY; + +// +// Page Table Entry 2MB +// +typedef union { + struct { + UINT64 Present : 1; // 0 =3D Not present in memory, 1= =3D Present in memory + UINT64 ReadWrite : 1; // 0 =3D Read-Only, 1=3D Read/Wri= te + UINT64 UserSupervisor : 1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough : 1; // 0 =3D Write-Back caching, 1=3D= Write-Through caching + UINT64 CacheDisabled : 1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed : 1; // 0 =3D Not accessed, 1 =3D Acce= ssed (set by CPU) + UINT64 Dirty : 1; // 0 =3D Not Dirty, 1 =3D written= by processor on access to page + UINT64 MustBe1 : 1; // Must be 1 + UINT64 Global : 1; // 0 =3D Not global page, 1 =3D g= lobal page TLB not cleared on CR3 write + UINT64 Available : 3; // Available for use by system so= ftware + UINT64 PAT : 1; // + UINT64 MustBeZero : 8; // Must be zero; + UINT64 PageTableBaseAddress : 31; // Page Table Base Address + UINT64 AvabilableHigh : 11; // Available for use by system so= ftware + UINT64 Nx : 1; // 0 =3D Execute Code, 1 =3D No C= ode Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_ENTRY; + +// +// Page Table Entry 1GB +// +typedef union { + struct { + UINT64 Present : 1; // 0 =3D Not present in memory, 1= =3D Present in memory + UINT64 ReadWrite : 1; // 0 =3D Read-Only, 1=3D Read/Wri= te + UINT64 UserSupervisor : 1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough : 1; // 0 =3D Write-Back caching, 1=3D= Write-Through caching + UINT64 CacheDisabled : 1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed : 1; // 0 =3D Not accessed, 1 =3D Acce= ssed (set by CPU) + UINT64 Dirty : 1; // 0 =3D Not Dirty, 1 =3D written= by processor on access to page + UINT64 MustBe1 : 1; // Must be 1 + UINT64 Global : 1; // 0 =3D Not global page, 1 =3D g= lobal page TLB not cleared on CR3 write + UINT64 Available : 3; // Available for use by system so= ftware + UINT64 PAT : 1; // + UINT64 MustBeZero : 17; // Must be zero; + UINT64 PageTableBaseAddress : 22; // Page Table Base Address + UINT64 AvabilableHigh : 11; // Available for use by system so= ftware + UINT64 Nx : 1; // 0 =3D Execute Code, 1 =3D No C= ode Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_1G_ENTRY; + +#pragma pack() + +#define CR0_WP BIT16 + +#define IA32_PG_P BIT0 +#define IA32_PG_RW BIT1 +#define IA32_PG_PS BIT7 + +#define PAGING_PAE_INDEX_MASK 0x1FF + +#define PAGING_4K_ADDRESS_MASK_64 0x000FFFFFFFFFF000ull +#define PAGING_2M_ADDRESS_MASK_64 0x000FFFFFFFE00000ull +#define PAGING_1G_ADDRESS_MASK_64 0x000FFFFFC0000000ull + +#define PAGING_L1_ADDRESS_SHIFT 12 +#define PAGING_L2_ADDRESS_SHIFT 21 +#define PAGING_L3_ADDRESS_SHIFT 30 +#define PAGING_L4_ADDRESS_SHIFT 39 + +#define PAGING_PML4E_NUMBER 4 + +#define PAGE_TABLE_POOL_ALIGNMENT BASE_2MB +#define PAGE_TABLE_POOL_UNIT_SIZE SIZE_2MB +#define PAGE_TABLE_POOL_UNIT_PAGES EFI_SIZE_TO_PAGES (PAGE_TABLE_POOL_UNI= T_SIZE) +#define PAGE_TABLE_POOL_ALIGN_MASK \ + (~(EFI_PHYSICAL_ADDRESS)(PAGE_TABLE_POOL_ALIGNMENT - 1)) + +typedef struct { + VOID *NextPool; + UINTN Offset; + UINTN FreePages; +} PAGE_TABLE_POOL; + +UINTN +CreateIdentityMappingPageTables ( + IN EFI_PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ); + +/** + Clear legacy memory located at the first 4K-page. + + This function traverses the whole HOB list to check if memory from 0 to = 4095 + exists and has not been allocated, and then clear it if so. + + @param HobStart The start of HobList passed to DxeCore. + +**/ +VOID +ClearFirst4KPage ( + IN VOID *HobStart + ); + +/** + Return configure status of NULL pointer detection feature. + + @return TRUE NULL pointer detection feature is enabled + @return FALSE NULL pointer detection feature is disabled +**/ +BOOLEAN +IsNullDetectionEnabled ( + VOID + ); + +#endif diff --git a/OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c b/OvmfPkg/I= ntelTdx/TdxStartupLib/X64/VirtualMemory.c new file mode 100644 index 000000000000..4aeeb0d3de5b --- /dev/null +++ b/OvmfPkg/IntelTdx/TdxStartupLib/X64/VirtualMemory.c @@ -0,0 +1,935 @@ +/** @file + x64-specifc functionality for Page Table Setup. + +Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "PageTables.h" + +// +// Global variable to keep track current available memory used as page tab= le. +// +PAGE_TABLE_POOL *mPageTablePool =3D NULL; + +UINTN mLevelShift[5] =3D { + 0, + PAGING_L1_ADDRESS_SHIFT, + PAGING_L2_ADDRESS_SHIFT, + PAGING_L3_ADDRESS_SHIFT, + PAGING_L4_ADDRESS_SHIFT +}; + +UINT64 mLevelMask[5] =3D { + 0, + PAGING_4K_ADDRESS_MASK_64, + PAGING_2M_ADDRESS_MASK_64, + PAGING_1G_ADDRESS_MASK_64, + PAGING_1G_ADDRESS_MASK_64 +}; + +UINT64 mLevelSize[5] =3D { + 0, + SIZE_4KB, + SIZE_2MB, + SIZE_1GB, + SIZE_512GB +}; + +BOOLEAN +IsSetNxForStack ( + VOID + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + EFI_HOB_PLATFORM_INFO *PlatformInfo; + + GuidHob =3D GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid); + if (GuidHob =3D=3D NULL) { + ASSERT (FALSE); + return FALSE; + } + + PlatformInfo =3D (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob); + + return PlatformInfo->PcdSetNxForStack; +} + +/** + Clear legacy memory located at the first 4K-page, if available. + + This function traverses the whole HOB list to check if memory from 0 to = 4095 + exists and has not been allocated, and then clear it if so. + + @param HobStart The start of HobList passed to DxeCore. + +**/ +VOID +ClearFirst4KPage ( + IN VOID *HobStart + ) +{ + EFI_PEI_HOB_POINTERS RscHob; + EFI_PEI_HOB_POINTERS MemHob; + BOOLEAN DoClear; + + RscHob.Raw =3D HobStart; + MemHob.Raw =3D HobStart; + DoClear =3D FALSE; + + // + // Check if page 0 exists and free + // + while ((RscHob.Raw =3D GetNextHob ( + EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, + RscHob.Raw + )) !=3D NULL) + { + if ((RscHob.ResourceDescriptor->ResourceType =3D=3D EFI_RESOURCE_SYSTE= M_MEMORY) && + (RscHob.ResourceDescriptor->PhysicalStart =3D=3D 0)) + { + DoClear =3D TRUE; + // + // Make sure memory at 0-4095 has not been allocated. + // + while ((MemHob.Raw =3D GetNextHob ( + EFI_HOB_TYPE_MEMORY_ALLOCATION, + MemHob.Raw + )) !=3D NULL) + { + if (MemHob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress + < EFI_PAGE_SIZE) + { + DoClear =3D FALSE; + break; + } + + MemHob.Raw =3D GET_NEXT_HOB (MemHob); + } + + break; + } + + RscHob.Raw =3D GET_NEXT_HOB (RscHob); + } + + if (DoClear) { + DEBUG ((DEBUG_INFO, "Clearing first 4K-page!\r\n")); + SetMem (NULL, EFI_PAGE_SIZE, 0); + } + + return; +} + +/** + Return configure status of NULL pointer detection feature. + + @return TRUE NULL pointer detection feature is enabled + @return FALSE NULL pointer detection feature is disabled + +**/ +BOOLEAN +IsNullDetectionEnabled ( + VOID + ) +{ + return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) !=3D 0); +} + +/** + The function will check if Execute Disable Bit is available. + + @retval TRUE Execute Disable Bit is available. + @retval FALSE Execute Disable Bit is not available. + +**/ +BOOLEAN +IsExecuteDisableBitAvailable ( + VOID + ) +{ + UINT32 RegEax; + UINT32 RegEdx; + BOOLEAN Available; + + Available =3D FALSE; + AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D 0x80000001) { + AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx); + if ((RegEdx & BIT20) !=3D 0) { + // + // Bit 20: Execute Disable Bit available. + // + Available =3D TRUE; + } + } + + return Available; +} + +/** + Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not. + + @retval TRUE IA32_EFER.NXE should be enabled. + @retval FALSE IA32_EFER.NXE should not be enabled. + +**/ +BOOLEAN +IsEnableNonExecNeeded ( + VOID + ) +{ + if (!IsExecuteDisableBitAvailable ()) { + return FALSE; + } + + // + // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is= set. + // Features controlled by Following PCDs need this feature to be enabled. + // + return (IsSetNxForStack () || + FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) !=3D 0 || + PcdGet32 (PcdImageProtectionPolicy) !=3D 0); +} + +/** + Enable Execute Disable Bit. + +**/ +VOID +EnableExecuteDisableBit ( + VOID + ) +{ + UINT64 MsrRegisters; + + MsrRegisters =3D AsmReadMsr64 (0xC0000080); + MsrRegisters |=3D BIT11; + AsmWriteMsr64 (0xC0000080, MsrRegisters); +} + +/** + The function will check if page table entry should be splitted to smaller + granularity. + + @param Address Physical memory address. + @param Size Size of the given physical memory. + @param StackBase Base address of stack. + @param StackSize Size of stack. + + @retval TRUE Page table should be split. + @retval FALSE Page table should not be split. +**/ +BOOLEAN +ToSplitPageTable ( + IN EFI_PHYSICAL_ADDRESS Address, + IN UINTN Size, + IN EFI_PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + if (IsNullDetectionEnabled () && (Address =3D=3D 0)) { + return TRUE; + } + + if (FixedPcdGetBool (PcdCpuStackGuard)) { + if ((StackBase >=3D Address) && (StackBase < (Address + Size))) { + return TRUE; + } + } + + if (IsSetNxForStack ()) { + if ((Address < StackBase + StackSize) && ((Address + Size) > StackBase= )) { + return TRUE; + } + } + + return FALSE; +} + +/** + Initialize a buffer pool for page table use only. + + To reduce the potential split operation on page table, the pages reserve= d for + page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGE= S and + at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always + initialized with number of pages greater than or equal to the given Pool= Pages. + + Once the pages in the pool are used up, this method should be called aga= in to + reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. But usually this wo= n't + happen in practice. + + @param PoolPages The least page number of the pool to be created. + + @retval TRUE The pool is initialized successfully. + @retval FALSE The memory is out of resource. +**/ +BOOLEAN +InitializePageTablePool ( + IN UINTN PoolPages + ) +{ + VOID *Buffer; + + DEBUG ((DEBUG_INFO, "InitializePageTablePool PoolPages=3D%d\n", PoolPage= s)); + + // + // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one pag= e for + // header. + // + PoolPages +=3D 1; // Add one page for header. + PoolPages =3D ((PoolPages - 1) / PAGE_TABLE_POOL_UNIT_PAGES + 1) * + PAGE_TABLE_POOL_UNIT_PAGES; + Buffer =3D AllocateAlignedPages (PoolPages, PAGE_TABLE_POOL_ALIGNMENT); + if (Buffer =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "ERROR: Out of aligned pages\r\n")); + return FALSE; + } + + // + // Link all pools into a list for easier track later. + // + if (mPageTablePool =3D=3D NULL) { + mPageTablePool =3D Buffer; + mPageTablePool->NextPool =3D mPageTablePool; + } else { + ((PAGE_TABLE_POOL *)Buffer)->NextPool =3D mPageTablePool->NextPool; + mPageTablePool->NextPool =3D Buffer; + mPageTablePool =3D Buffer; + } + + // + // Reserve one page for pool header. + // + mPageTablePool->FreePages =3D PoolPages - 1; + mPageTablePool->Offset =3D EFI_PAGES_TO_SIZE (1); + + return TRUE; +} + +/** + This API provides a way to allocate memory for page table. + + This API can be called more than once to allocate memory for page tables. + + Allocates the number of 4KB pages and returns a pointer to the allocated + buffer. The buffer returned is aligned on a 4KB boundary. + + If Pages is 0, then NULL is returned. + If there is not enough memory remaining to satisfy the request, then NUL= L is + returned. + + @param Pages The number of 4 KB pages to allocate. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +AllocatePageTableMemory ( + IN UINTN Pages + ) +{ + VOID *Buffer; + + if (Pages =3D=3D 0) { + return NULL; + } + + DEBUG ((DEBUG_INFO, "AllocatePageTableMemory. mPageTablePool=3D%p, Pages= =3D%d\n", mPageTablePool, Pages)); + // + // Renew the pool if necessary. + // + if ((mPageTablePool =3D=3D NULL) || + (Pages > mPageTablePool->FreePages)) + { + if (!InitializePageTablePool (Pages)) { + return NULL; + } + } + + Buffer =3D (UINT8 *)mPageTablePool + mPageTablePool->Offset; + + mPageTablePool->Offset +=3D EFI_PAGES_TO_SIZE (Pages); + mPageTablePool->FreePages -=3D Pages; + + DEBUG (( + DEBUG_INFO, + "%a:%a: Buffer=3D0x%Lx Pages=3D%ld\n", + gEfiCallerBaseName, + __FUNCTION__, + Buffer, + Pages + )); + + return Buffer; +} + +/** + Split 2M page to 4K. + + @param[in] PhysicalAddress Start physical address the 2M page= covered. + @param[in, out] PageEntry2M Pointer to 2M page entry. + @param[in] StackBase Stack base address. + @param[in] StackSize Stack size. + +**/ +VOID +Split2MPageTo4K ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN OUT UINT64 *PageEntry2M, + IN EFI_PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + EFI_PHYSICAL_ADDRESS PhysicalAddress4K; + UINTN IndexOfPageTableEntries; + PAGE_TABLE_4K_ENTRY *PageTableEntry; + + DEBUG ((DEBUG_INFO, "Split2MPageTo4K\n")); + + PageTableEntry =3D AllocatePageTableMemory (1); + + if (PageTableEntry =3D=3D NULL) { + ASSERT (FALSE); + return; + } + + // + // Fill in 2M page entry. + // + *PageEntry2M =3D (UINT64)(UINTN)PageTableEntry | IA32_PG_P | IA32_PG_RW; + + PhysicalAddress4K =3D PhysicalAddress; + for (IndexOfPageTableEntries =3D 0; IndexOfPageTableEntries < 512; Index= OfPageTableEntries++, PageTableEntry++, PhysicalAddress4K +=3D SIZE_4KB) { + // + // Fill in the Page Table entries + // + PageTableEntry->Uint64 =3D (UINT64)PhysicalAddress4K; + PageTableEntry->Bits.ReadWrite =3D 1; + + if ((IsNullDetectionEnabled () && (PhysicalAddress4K =3D=3D 0)) || + (FixedPcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K =3D=3D S= tackBase))) + { + PageTableEntry->Bits.Present =3D 0; + } else { + PageTableEntry->Bits.Present =3D 1; + } + + if ( IsSetNxForStack () + && (PhysicalAddress4K >=3D StackBase) + && (PhysicalAddress4K < StackBase + StackSize)) + { + // + // Set Nx bit for stack. + // + PageTableEntry->Bits.Nx =3D 1; + } + } +} + +/** + Split 1G page to 2M. + + @param[in] PhysicalAddress Start physical address the 1G page= covered. + @param[in, out] PageEntry1G Pointer to 1G page entry. + @param[in] StackBase Stack base address. + @param[in] StackSize Stack size. + +**/ +VOID +Split1GPageTo2M ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN OUT UINT64 *PageEntry1G, + IN EFI_PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + EFI_PHYSICAL_ADDRESS PhysicalAddress2M; + UINTN IndexOfPageDirectoryEntries; + PAGE_TABLE_ENTRY *PageDirectoryEntry; + + PageDirectoryEntry =3D AllocatePageTableMemory (1); + + if (PageDirectoryEntry =3D=3D NULL) { + ASSERT (FALSE); + return; + } + + // + // Fill in 1G page entry. + // + *PageEntry1G =3D (UINT64)(UINTN)PageDirectoryEntry | IA32_PG_P | IA32_PG= _RW; + + PhysicalAddress2M =3D PhysicalAddress; + for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries < 51= 2; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += =3D SIZE_2MB) { + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSiz= e)) { + // + // Need to split this 2M page that covers NULL or stack range. + // + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *)PageDirectoryEntry, St= ackBase, StackSize); + } else { + // + // Fill in the Page Directory entries + // + PageDirectoryEntry->Uint64 =3D (UINT64)PhysicalAddress2M; + PageDirectoryEntry->Bits.ReadWrite =3D 1; + PageDirectoryEntry->Bits.Present =3D 1; + PageDirectoryEntry->Bits.MustBe1 =3D 1; + } + } +} + +/** + Set one page of page table pool memory to be read-only. + + @param[in] PageTableBase Base address of page table (CR3). + @param[in] Address Start address of a page to be set as read-on= ly. + @param[in] Level4Paging Level 4 paging flag. + +**/ +VOID +SetPageTablePoolReadOnly ( + IN UINTN PageTableBase, + IN EFI_PHYSICAL_ADDRESS Address, + IN BOOLEAN Level4Paging + ) +{ + UINTN Index; + UINTN EntryIndex; + EFI_PHYSICAL_ADDRESS PhysicalAddress; + UINT64 *PageTable; + UINT64 *NewPageTable; + UINT64 PageAttr; + UINTN Level; + UINT64 PoolUnitSize; + + if (PageTableBase =3D=3D 0) { + ASSERT (FALSE); + return; + } + + // + // Since the page table is always from page table pool, which is always + // located at the boundary of PcdPageTablePoolAlignment, we just need to + // set the whole pool unit to be read-only. + // + Address =3D Address & PAGE_TABLE_POOL_ALIGN_MASK; + + PageTable =3D (UINT64 *)(UINTN)PageTableBase; + PoolUnitSize =3D PAGE_TABLE_POOL_UNIT_SIZE; + + for (Level =3D (Level4Paging) ? 4 : 3; Level > 0; --Level) { + Index =3D ((UINTN)RShiftU64 (Address, mLevelShift[Level])); + Index &=3D PAGING_PAE_INDEX_MASK; + + PageAttr =3D PageTable[Index]; + if ((PageAttr & IA32_PG_PS) =3D=3D 0) { + // + // Go to next level of table. + // + PageTable =3D (UINT64 *)(UINTN)(PageAttr & PAGING_4K_ADDRESS_MASK_64= ); + continue; + } + + if (PoolUnitSize >=3D mLevelSize[Level]) { + // + // Clear R/W bit if current page granularity is not larger than pool= unit + // size. + // + if ((PageAttr & IA32_PG_RW) !=3D 0) { + while (PoolUnitSize > 0) { + // + // PAGE_TABLE_POOL_UNIT_SIZE and PAGE_TABLE_POOL_ALIGNMENT are f= it in + // one page (2MB). Then we don't need to update attributes for p= ages + // crossing page directory. ASSERT below is for that purpose. + // + ASSERT (Index < EFI_PAGE_SIZE/sizeof (UINT64)); + + PageTable[Index] &=3D ~(UINT64)IA32_PG_RW; + PoolUnitSize -=3D mLevelSize[Level]; + + ++Index; + } + } + + break; + } else { + // + // The smaller granularity of page must be needed. + // + ASSERT (Level > 1); + + NewPageTable =3D AllocatePageTableMemory (1); + + if (NewPageTable =3D=3D NULL) { + ASSERT (FALSE); + return; + } + + PhysicalAddress =3D PageAttr & mLevelMask[Level]; + for (EntryIndex =3D 0; + EntryIndex < EFI_PAGE_SIZE/sizeof (UINT64); + ++EntryIndex) + { + NewPageTable[EntryIndex] =3D PhysicalAddress | + IA32_PG_P | IA32_PG_RW; + if (Level > 2) { + NewPageTable[EntryIndex] |=3D IA32_PG_PS; + } + + PhysicalAddress +=3D mLevelSize[Level - 1]; + } + + PageTable[Index] =3D (UINT64)(UINTN)NewPageTable | + IA32_PG_P | IA32_PG_RW; + PageTable =3D NewPageTable; + } + } +} + +/** + Prevent the memory pages used for page table from been overwritten. + + @param[in] PageTableBase Base address of page table (CR3). + @param[in] Level4Paging Level 4 paging flag. + +**/ +VOID +EnablePageTableProtection ( + IN UINTN PageTableBase, + IN BOOLEAN Level4Paging + ) +{ + PAGE_TABLE_POOL *HeadPool; + PAGE_TABLE_POOL *Pool; + UINT64 PoolSize; + EFI_PHYSICAL_ADDRESS Address; + + DEBUG ((DEBUG_INFO, "EnablePageTableProtection\n")); + + if (mPageTablePool =3D=3D NULL) { + return; + } + + // + // Disable write protection, because we need to mark page table to be wr= ite + // protected. + // + AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); + + // + // SetPageTablePoolReadOnly might update mPageTablePool. It's safer to + // remember original one in advance. + // + HeadPool =3D mPageTablePool; + Pool =3D HeadPool; + do { + Address =3D (EFI_PHYSICAL_ADDRESS)(UINTN)Pool; + PoolSize =3D Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages); + + // + // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE,= which + // is one of page size of the processor (2MB by default). Let's apply = the + // protection to them one by one. + // + while (PoolSize > 0) { + SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging); + Address +=3D PAGE_TABLE_POOL_UNIT_SIZE; + PoolSize -=3D PAGE_TABLE_POOL_UNIT_SIZE; + } + + Pool =3D Pool->NextPool; + } while (Pool !=3D HeadPool); + + // + // Enable write protection, after page table attribute updated. + // + AsmWriteCr0 (AsmReadCr0 () | CR0_WP); +} + +/** + Allocates and fills in the Page Directory and Page Table Entries to + establish a 1:1 Virtual to Physical mapping. + + @param[in] StackBase Stack base address. + @param[in] StackSize Stack size. + + @return The address of 4 level page map. + +**/ +UINTN +CreateIdentityMappingPageTables ( + IN EFI_PHYSICAL_ADDRESS StackBase, + IN UINTN StackSize + ) +{ + UINT32 RegEax; + UINT32 RegEdx; + UINT8 PhysicalAddressBits; + EFI_PHYSICAL_ADDRESS PageAddress; + UINTN IndexOfPml5Entries; + UINTN IndexOfPml4Entries; + UINTN IndexOfPdpEntries; + UINTN IndexOfPageDirectoryEntries; + UINT32 NumberOfPml5EntriesNeeded; + UINT32 NumberOfPml4EntriesNeeded; + UINT32 NumberOfPdpEntriesNeeded; + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel5Entry; + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; + PAGE_MAP_AND_DIRECTORY_POINTER *PageMap; + PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry; + PAGE_TABLE_ENTRY *PageDirectoryEntry; + UINTN TotalPagesNum; + UINTN BigPageAddress; + VOID *Hob; + BOOLEAN Page5LevelSupport; + BOOLEAN Page1GSupport; + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; + IA32_CR4 Cr4; + + // + // Set PageMapLevel5Entry to suppress incorrect compiler/analyzer warnin= gs + // + PageMapLevel5Entry =3D NULL; + + Page1GSupport =3D FALSE; + if (FixedPcdGetBool (PcdUse1GPageTable)) { + AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL); + if (RegEax >=3D 0x80000001) { + AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx); + if ((RegEdx & BIT26) !=3D 0) { + Page1GSupport =3D TRUE; + } + } + } + + // + // Get physical address bits supported. + // + Hob =3D GetFirstHob (EFI_HOB_TYPE_CPU); + if (Hob =3D=3D NULL) { + ASSERT (FALSE); + return 0; + } + + PhysicalAddressBits =3D ((EFI_HOB_CPU *)Hob)->SizeOfMemorySpace; + + // + // CPU will already have LA57 enabled so just check CR4 + Cr4.UintN =3D AsmReadCr4 (); + Page5LevelSupport =3D (Cr4.Bits.LA57 ? TRUE : FALSE); + + DEBUG (( + DEBUG_INFO, + "AddressBits=3D%u 5LevelPaging=3D%u 1GPage=3D%u \n", + PhysicalAddressBits, + Page5LevelSupport, + Page1GSupport + )); + + // + // Calculate the table entries needed. + // + NumberOfPml5EntriesNeeded =3D 1; + if (PhysicalAddressBits > 48) { + NumberOfPml5EntriesNeeded =3D (UINT32)LShiftU64 (1, PhysicalAddressBit= s - 48); + PhysicalAddressBits =3D 48; + } + + NumberOfPml4EntriesNeeded =3D 1; + if (PhysicalAddressBits > 39) { + NumberOfPml4EntriesNeeded =3D (UINT32)LShiftU64 (1, PhysicalAddressBit= s - 39); + PhysicalAddressBits =3D 39; + } + + NumberOfPdpEntriesNeeded =3D 1; + ASSERT (PhysicalAddressBits > 30); + NumberOfPdpEntriesNeeded =3D (UINT32)LShiftU64 (1, PhysicalAddressBits -= 30); + + // + // Pre-allocate big pages to avoid later allocations. + // + if (!Page1GSupport) { + TotalPagesNum =3D ((NumberOfPdpEntriesNeeded + 1) * NumberOfPml4Entrie= sNeeded + 1) * NumberOfPml5EntriesNeeded + 1; + } else { + TotalPagesNum =3D (NumberOfPml4EntriesNeeded + 1) * NumberOfPml5Entrie= sNeeded + 1; + } + + // + // Substract the one page occupied by PML5 entries if 5-Level Paging is = disabled. + // + if (!Page5LevelSupport) { + TotalPagesNum--; + } + + DEBUG (( + DEBUG_INFO, + "Pml5=3D%u Pml4=3D%u Pdp=3D%u TotalPage=3D%Lu\n", + NumberOfPml5EntriesNeeded, + NumberOfPml4EntriesNeeded, + NumberOfPdpEntriesNeeded, + (UINT64)TotalPagesNum + )); + + BigPageAddress =3D (UINTN)AllocatePageTableMemory (TotalPagesNum); + if (BigPageAddress =3D=3D 0) { + ASSERT (FALSE); + return 0; + } + + DEBUG ((DEBUG_INFO, "BigPageAddress =3D 0x%llx\n", BigPageAddress)); + + // + // By architecture only one PageMapLevel4 exists - so lets allocate stor= age for it. + // + PageMap =3D (VOID *)BigPageAddress; + if (Page5LevelSupport) { + // + // By architecture only one PageMapLevel5 exists - so lets allocate st= orage for it. + // + PageMapLevel5Entry =3D PageMap; + BigPageAddress +=3D SIZE_4KB; + } + + PageAddress =3D 0; + + for ( IndexOfPml5Entries =3D 0 + ; IndexOfPml5Entries < NumberOfPml5EntriesNeeded + ; IndexOfPml5Entries++) + { + // + // Each PML5 entry points to a page of PML4 entires. + // So lets allocate space for them and fill them in in the IndexOfPml4= Entries loop. + // When 5-Level Paging is disabled, below allocation happens only once. + // + PageMapLevel4Entry =3D (VOID *)BigPageAddress; + BigPageAddress +=3D SIZE_4KB; + + if (Page5LevelSupport) { + // + // Make a PML5 Entry + // + PageMapLevel5Entry->Uint64 =3D (UINT64)(UINTN)PageMapLevel4E= ntry; + PageMapLevel5Entry->Bits.ReadWrite =3D 1; + PageMapLevel5Entry->Bits.Present =3D 1; + PageMapLevel5Entry++; + } + + for ( IndexOfPml4Entries =3D 0 + ; IndexOfPml4Entries < (NumberOfPml5EntriesNeeded =3D=3D 1 ? Num= berOfPml4EntriesNeeded : 512) + ; IndexOfPml4Entries++, PageMapLevel4Entry++) + { + // + // Each PML4 entry points to a page of Page Directory Pointer entire= s. + // So lets allocate space for them and fill them in in the IndexOfPd= pEntries loop. + // + PageDirectoryPointerEntry =3D (VOID *)BigPageAddress; + BigPageAddress +=3D SIZE_4KB; + + // + // Make a PML4 Entry + // + PageMapLevel4Entry->Uint64 =3D (UINT64)(UINTN)PageDirectoryP= ointerEntry; + PageMapLevel4Entry->Bits.ReadWrite =3D 1; + PageMapLevel4Entry->Bits.Present =3D 1; + + if (Page1GSupport) { + PageDirectory1GEntry =3D (VOID *)PageDirectoryPointerEntry; + + for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntrie= s < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress= +=3D SIZE_1GB) { + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSiz= e)) { + Split1GPageTo2M ( + PageAddress, + (UINT64 *)PageDirectory1GEntry, + StackBase, + StackSize + ); + } else { + // + // Fill in the Page Directory entries + // + PageDirectory1GEntry->Uint64 =3D (UINT64)PageAddress; + PageDirectory1GEntry->Bits.ReadWrite =3D 1; + PageDirectory1GEntry->Bits.Present =3D 1; + PageDirectory1GEntry->Bits.MustBe1 =3D 1; + } + } + } else { + for ( IndexOfPdpEntries =3D 0 + ; IndexOfPdpEntries < (NumberOfPml4EntriesNeeded =3D=3D 1 ? = NumberOfPdpEntriesNeeded : 512) + ; IndexOfPdpEntries++, PageDirectoryPointerEntry++) + { + // + // Each Directory Pointer entries points to a page of Page Direc= tory entires. + // So allocate space for them and fill them in in the IndexOfPag= eDirectoryEntries loop. + // + PageDirectoryEntry =3D (VOID *)BigPageAddress; + BigPageAddress +=3D SIZE_4KB; + + // + // Fill in a Page Directory Pointer Entries + // + PageDirectoryPointerEntry->Uint64 =3D (UINT64)(UINTN)Pag= eDirectoryEntry; + PageDirectoryPointerEntry->Bits.ReadWrite =3D 1; + PageDirectoryPointerEntry->Bits.Present =3D 1; + + for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntr= ies < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress= +=3D SIZE_2MB) { + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackS= ize)) { + // + // Need to split this 2M page that covers NULL or stack rang= e. + // + Split2MPageTo4K (PageAddress, (UINT64 *)PageDirectoryEntry, = StackBase, StackSize); + } else { + // + // Fill in the Page Directory entries + // + PageDirectoryEntry->Uint64 =3D (UINT64)PageAddress; + PageDirectoryEntry->Bits.ReadWrite =3D 1; + PageDirectoryEntry->Bits.Present =3D 1; + PageDirectoryEntry->Bits.MustBe1 =3D 1; + } + } + } + + // + // Fill with null entry for unused PDPTE + // + ZeroMem (PageDirectoryPointerEntry, (512 - IndexOfPdpEntries) * si= zeof (PAGE_MAP_AND_DIRECTORY_POINTER)); + } + } + + // + // For the PML4 entries we are not using fill in a null entry. + // + ZeroMem (PageMapLevel4Entry, (512 - IndexOfPml4Entries) * sizeof (PAGE= _MAP_AND_DIRECTORY_POINTER)); + } + + if (Page5LevelSupport) { + // + // For the PML5 entries we are not using fill in a null entry. + // + ZeroMem (PageMapLevel5Entry, (512 - IndexOfPml5Entries) * sizeof (PAGE= _MAP_AND_DIRECTORY_POINTER)); + } + + // + // Protect the page table by marking the memory used for page table to be + // read-only. + // + EnablePageTableProtection ((UINTN)PageMap, TRUE); + + return (UINTN)PageMap; +} diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 161ac9b48c21..97f238396e53 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -121,6 +121,10 @@ # PlatformInitLib|Include/Library/PlatformInitLib.h =20 + ## @libraryclass TdxStartupLib + # + TdxStartupLib|Include/Library/TdxStartupLib.h + [Guids] gUefiOvmfPkgTokenSpaceGuid =3D {0x93bb96af, 0xb9f2, 0x4eb8, {= 0x94, 0x62, 0xe0, 0xba, 0x74, 0x56, 0x42, 0x36}} gEfiXenInfoGuid =3D {0xd3b46f3b, 0xd441, 0x1244, {= 0x9a, 0x12, 0x0, 0x12, 0x27, 0x3f, 0xc1, 0x4d}} --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86044): https://edk2.groups.io/g/devel/message/86044 Mute This Topic: https://groups.io/mt/88666804/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86045+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86045+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092558; cv=none; d=zohomail.com; s=zohoarc; b=ehti6alq4yx2vtKDKZZKQ1vF8ITFDwKjTZiOO499CaTi2QiWHUNnrGYzyyybVF8gLujI1gyQJEVlfVoxtQYTi+0z6EgDE4Kw1vkM8p6b3oyOhsGN8iR1OryYZ9VWOL3TO3vzIPhtoXYbe87ICrZC2gQ/dNGRhemNm10Mn905ovg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092558; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=5WvCCXmVTiKeeg7gOVjXeaWafZd3U2DsHD1TllxEJlw=; b=DqZHxC69BRqNaDrbkzVqA4Psmp5h4FF+kkivsY0ZC7MU3ftwgTModEIgN7ZJLTJtqyBIyyILrDNMIzYqxRuDSVEi2asQeu02sbXP6xYrFVdA2cdT/IJ6diOgI/hwvaDgvdT+MHuPncZLOWy9g8bxRyMwCh8CLci9RDh9yGqW+uo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86045+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092558720315.6739627401322; Mon, 24 Jan 2022 22:35:58 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id ORUQYY1788612x9GzFW4Z5TQ; Mon, 24 Jan 2022 22:35:58 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.3918.1643092552922625005 for ; Mon, 24 Jan 2022 22:35:57 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904906" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904906" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:51 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592703" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:46 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 07/10] OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest Date: Tue, 25 Jan 2022 14:33:15 +0800 Message-Id: <20220125063318.862-8-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: BzdV7Mjxg99xe6C48iPWkekhx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092558; bh=sL6HsBT+ZbsvNSUbfeE/d8RPQEGxHL32pkcwY8J+Io8=; h=Cc:Date:From:Reply-To:Subject:To; b=RD6nbRpZkqgwPSOSacr0fx721pxTKlK86CK5Q7R/4EkJlMwqQIl5/lIlmfNupTfxRlr wwi1B0Gsq2pm4F4Ij8dhSmo6NrmpcLnMzn1qGBsaUHv/KCENlVOU8q3J/uwMr4NDXO2WV R2dCyRbMvryT53dalTpbFLMm5tJSNCGuxXc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092560427100031 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 OvmfPkg/IntelTdx/Sec is a simplied version of OvmfPkg/Sec. There are below differences between these 2 Sec - IntelTdx/Sec only supports Legacy guest and Tdx guest. - IntelTdx/Sec calls TdxStartup () to jump from SEC to DXE directly. - IntelTdx/Sec only supports X64. - IntelTdx/Sec uses MemoryAllocationLib / HobLib / PrePiLib in EmbeddedPkg. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/Sec/IntelTdx.c | 508 +++++++++++++++++++++++++ OvmfPkg/IntelTdx/Sec/IntelTdx.h | 46 +++ OvmfPkg/IntelTdx/Sec/SecMain.c | 200 ++++++++++ OvmfPkg/IntelTdx/Sec/SecMain.inf | 73 ++++ OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm | 151 ++++++++ 5 files changed, 978 insertions(+) create mode 100644 OvmfPkg/IntelTdx/Sec/IntelTdx.c create mode 100644 OvmfPkg/IntelTdx/Sec/IntelTdx.h create mode 100644 OvmfPkg/IntelTdx/Sec/SecMain.c create mode 100644 OvmfPkg/IntelTdx/Sec/SecMain.inf create mode 100644 OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm diff --git a/OvmfPkg/IntelTdx/Sec/IntelTdx.c b/OvmfPkg/IntelTdx/Sec/IntelTd= x.c new file mode 100644 index 000000000000..aae64fd155e2 --- /dev/null +++ b/OvmfPkg/IntelTdx/Sec/IntelTdx.c @@ -0,0 +1,508 @@ +/** @file + + Copyright (c) 2008, Intel Corporation. All rights reserved.
+ (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "IntelTdx.h" + +#define ALIGNED_2MB_MASK 0x1fffff + +#define GET_HOB_TYPE(Hob) ((Hob).Header->HobType) +#define GET_HOB_LENGTH(Hob) ((Hob).Header->HobLength) +#define GET_NEXT_HOB(Hob) ((Hob).Raw + GET_HOB_LENGTH (Hob)) +#define END_OF_HOB_LIST(Hob) (GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_END_= OF_HOB_LIST) + +/** + Check TDX is enabled. + + @retval TRUE TDX is enabled + @retval FALSE TDX is not enabled +**/ +BOOLEAN +SecTdxIsEnabled ( + VOID + ) +{ + CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *CcWorkAreaHeader; + + CcWorkAreaHeader =3D (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *)FixedPcd= Get32 (PcdOvmfWorkAreaBase); + return (CcWorkAreaHeader !=3D NULL && CcWorkAreaHeader->GuestType =3D=3D= GUEST_TYPE_INTEL_TDX); +} + +/** + This function will be called to accept pages. Only BSP accepts pages. + + TDCALL(ACCEPT_PAGE) supports the accept page size of 4k and 2M. To + simplify the implementation, the Memory to be accpeted is splitted + into 3 parts: + ----------------- <-- StartAddress1 (not 2M aligned) + | part 1 | Length1 < 2M + |---------------| <-- StartAddress2 (2M aligned) + | | Length2 =3D Integer multiples of 2M + | part 2 | + | | + |---------------| <-- StartAddress3 + | part 3 | Length3 < 2M + |---------------| + + @param[in] PhysicalAddress Start physical adress + @param[in] PhysicalEnd End physical address + + @retval EFI_SUCCESS Accept memory successfully + @retval Others Other errors as indicated +**/ +EFI_STATUS +EFIAPI +BspAcceptMemoryResourceRange ( + IN EFI_PHYSICAL_ADDRESS PhysicalAddress, + IN EFI_PHYSICAL_ADDRESS PhysicalEnd + ) +{ + EFI_STATUS Status; + UINT32 AcceptPageSize; + UINT64 StartAddress1; + UINT64 StartAddress2; + UINT64 StartAddress3; + UINT64 TotalLength; + UINT64 Length1; + UINT64 Length2; + UINT64 Length3; + UINT64 Pages; + + AcceptPageSize =3D FixedPcdGet32 (PcdTdxAcceptPageSize); + TotalLength =3D PhysicalEnd - PhysicalAddress; + StartAddress1 =3D 0; + StartAddress2 =3D 0; + StartAddress3 =3D 0; + Length1 =3D 0; + Length2 =3D 0; + Length3 =3D 0; + + if (TotalLength =3D=3D 0) { + return EFI_SUCCESS; + } + + if ((AcceptPageSize =3D=3D SIZE_4KB) || (TotalLength <=3D SIZE_2MB)) { + // + // if total length is less than 2M, then we accept pages in 4k + // + StartAddress2 =3D PhysicalAddress; + Length2 =3D PhysicalEnd - PhysicalAddress; + AcceptPageSize =3D SIZE_4KB; + } else if (AcceptPageSize =3D=3D SIZE_2MB) { + // + // Total length is bigger than 2M and Page Accept size 2M is supported. + // + if ((PhysicalAddress & ALIGNED_2MB_MASK) =3D=3D 0) { + // + // Start address is 2M aligned + // + StartAddress2 =3D PhysicalAddress; + Length2 =3D TotalLength & ~(UINT64)ALIGNED_2MB_MASK; + + if (TotalLength > Length2) { + // + // There is remaining part 3) + // + StartAddress3 =3D StartAddress2 + Length2; + Length3 =3D TotalLength - Length2; + ASSERT (Length3 < SIZE_2MB); + } + } else { + // + // Start address is not 2M aligned and total length is bigger than 2= M. + // + StartAddress1 =3D PhysicalAddress; + ASSERT (TotalLength > SIZE_2MB); + Length1 =3D SIZE_2MB - (PhysicalAddress & ALIGNED_2MB_MASK); + if (TotalLength - Length1 < SIZE_2MB) { + // + // The Part 2) length is less than 2MB, so let's accept all the + // memory in 4K + // + Length1 =3D TotalLength; + } else { + StartAddress2 =3D PhysicalAddress + Length1; + Length2 =3D (TotalLength - Length1) & ~(UINT64)ALIGNED_2MB_M= ASK; + Length3 =3D TotalLength - Length1 - Length2; + StartAddress3 =3D Length3 > 0 ? StartAddress2 + Length2 : 0; + ASSERT (Length3 < SIZE_2MB); + } + } + } + + DEBUG ((DEBUG_INFO, "TdAccept: 0x%llx - 0x%llx\n", PhysicalAddress, Tota= lLength)); + DEBUG ((DEBUG_INFO, " Part1: 0x%llx - 0x%llx\n", StartAddress1, Length= 1)); + DEBUG ((DEBUG_INFO, " Part2: 0x%llx - 0x%llx\n", StartAddress2, Length= 2)); + DEBUG ((DEBUG_INFO, " Part3: 0x%llx - 0x%llx\n", StartAddress3, Length= 3)); + DEBUG ((DEBUG_INFO, " Page : 0x%x\n", AcceptPageSize)); + + Status =3D EFI_SUCCESS; + if (Length1 > 0) { + Pages =3D Length1 / SIZE_4KB; + Status =3D TdAcceptPages (StartAddress1, Pages, SIZE_4KB); + if (EFI_ERROR (Status)) { + return Status; + } + } + + if (Length2 > 0) { + Pages =3D Length2 / AcceptPageSize; + Status =3D TdAcceptPages (StartAddress2, Pages, AcceptPageSize); + if (EFI_ERROR (Status)) { + return Status; + } + } + + if (Length3 > 0) { + Pages =3D Length3 / SIZE_4KB; + Status =3D TdAcceptPages (StartAddress3, Pages, SIZE_4KB); + ASSERT (!EFI_ERROR (Status)); + if (EFI_ERROR (Status)) { + return Status; + } + } + + return Status; +} + +/** + Check the value whether in the valid list. + + @param[in] Value A value + @param[in] ValidList A pointer to valid list + @param[in] ValidListLength Length of valid list + + @retval TRUE The value is in valid list. + @retval FALSE The value is not in valid list. + +**/ +BOOLEAN +EFIAPI +IsInValidList ( + IN UINT32 Value, + IN UINT32 *ValidList, + IN UINT32 ValidListLength + ) +{ + UINT32 index; + + if (ValidList =3D=3D NULL) { + return FALSE; + } + + for (index =3D 0; index < ValidListLength; index++) { + if (ValidList[index] =3D=3D Value) { + return TRUE; + } + } + + return FALSE; +} + +/** + Check the integrity of VMM Hob List. + + @param[in] VmmHobList A pointer to Hob List + + @retval TRUE The Hob List is valid. + @retval FALSE The Hob List is invalid. + +**/ +BOOLEAN +EFIAPI +ValidateHobList ( + IN CONST VOID *VmmHobList + ) +{ + EFI_PEI_HOB_POINTERS Hob; + UINT32 EFI_BOOT_MODE_LIST[12] =3D { + BOOT_WITH_FULL_CONFIGURATION, + BOOT_WITH_MINIMAL_CONFIGURATION, + BOOT_ASSUMING_NO_CONFIGURATION_CHANGES, + BOOT_WITH_FULL_CONFIGURATION_PLUS_DIAGNOSTICS, + BOOT_WITH_DEFAULT_SETTINGS, + BOOT_ON_S4_RESUME, + BOOT_ON_S5_RESUME, + BOOT_WITH_MFG_MODE_SETTINGS, + BOOT_ON_S2_RESUME, + BOOT_ON_S3_RESUME, + BOOT_ON_FLASH_UPDATE, + BOOT_IN_RECOVERY_MODE + }; + + UINT32 EFI_RESOURCE_TYPE_LIST[8] =3D { + EFI_RESOURCE_SYSTEM_MEMORY, + EFI_RESOURCE_MEMORY_MAPPED_IO, + EFI_RESOURCE_IO, + EFI_RESOURCE_FIRMWARE_DEVICE, + EFI_RESOURCE_MEMORY_MAPPED_IO_PORT, + EFI_RESOURCE_MEMORY_RESERVED, + EFI_RESOURCE_IO_RESERVED, + EFI_RESOURCE_MAX_MEMORY_TYPE + }; + + if (VmmHobList =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "HOB: HOB data pointer is NULL\n")); + return FALSE; + } + + Hob.Raw =3D (UINT8 *)VmmHobList; + + // + // Parse the HOB list until end of list or matching type is found. + // + while (!END_OF_HOB_LIST (Hob)) { + if (Hob.Header->Reserved !=3D (UINT32)0) { + DEBUG ((DEBUG_ERROR, "HOB: Hob header Reserved filed should be zero\= n")); + return FALSE; + } + + if (Hob.Header->HobLength =3D=3D 0) { + DEBUG ((DEBUG_ERROR, "HOB: Hob header LEANGTH should not be zero\n")= ); + return FALSE; + } + + switch (Hob.Header->HobType) { + case EFI_HOB_TYPE_HANDOFF: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_HANDOFF_INFO_TABLE)= ) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_HANDOFF)); + return FALSE; + } + + if (IsInValidList (Hob.HandoffInformationTable->BootMode, EFI_BOOT= _MODE_LIST, 12) =3D=3D FALSE) { + DEBUG ((DEBUG_ERROR, "HOB: Unknow HandoffInformationTable BootMo= de type. Type: 0x%08x\n", Hob.HandoffInformationTable->BootMode)); + return FALSE; + } + + if ((Hob.HandoffInformationTable->EfiFreeMemoryTop % 4096) !=3D 0)= { + DEBUG ((DEBUG_ERROR, "HOB: HandoffInformationTable EfiFreeMemory= Top address must be 4-KB aligned to meet page restrictions of UEFI.\ + Address: 0x%016lx\n", Hob.HandoffInformatio= nTable->EfiFreeMemoryTop)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_RESOURCE_DESCRIPTOR: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_RESOURCE_DESCRIPTOR= )) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_RESOURCE_DESCRIPTOR)); + return FALSE; + } + + if (IsInValidList (Hob.ResourceDescriptor->ResourceType, EFI_RESOU= RCE_TYPE_LIST, 8) =3D=3D FALSE) { + DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceTyp= e type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceType)); + return FALSE; + } + + if ((Hob.ResourceDescriptor->ResourceAttribute & (~(EFI_RESOURCE_A= TTRIBUTE_PRESENT | + EFI_RESOURCE_A= TTRIBUTE_INITIALIZED | + EFI_RESOURCE_A= TTRIBUTE_TESTED | + EFI_RESOURCE_A= TTRIBUTE_READ_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_WRITE_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_EXECUTION_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_PERSISTENT | + EFI_RESOURCE_A= TTRIBUTE_SINGLE_BIT_ECC | + EFI_RESOURCE_A= TTRIBUTE_MULTIPLE_BIT_ECC | + EFI_RESOURCE_A= TTRIBUTE_ECC_RESERVED_1 | + EFI_RESOURCE_A= TTRIBUTE_ECC_RESERVED_2 | + EFI_RESOURCE_A= TTRIBUTE_UNCACHEABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_COMBINEABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_THROUGH_CACHEABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_BACK_CACHEABLE | + EFI_RESOURCE_A= TTRIBUTE_16_BIT_IO | + EFI_RESOURCE_A= TTRIBUTE_32_BIT_IO | + EFI_RESOURCE_A= TTRIBUTE_64_BIT_IO | + EFI_RESOURCE_A= TTRIBUTE_UNCACHED_EXPORTED | + EFI_RESOURCE_A= TTRIBUTE_READ_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_WRITE_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_EXECUTION_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_PERSISTABLE | + EFI_RESOURCE_A= TTRIBUTE_READ_ONLY_PROTECTED | + EFI_RESOURCE_A= TTRIBUTE_READ_ONLY_PROTECTABLE | + EFI_RESOURCE_A= TTRIBUTE_MORE_RELIABLE | + EFI_RESOURCE_A= TTRIBUTE_ENCRYPTED))) !=3D 0) + { + DEBUG ((DEBUG_ERROR, "HOB: Unknow ResourceDescriptor ResourceAtt= ribute type. Type: 0x%08x\n", Hob.ResourceDescriptor->ResourceAttribute)); + return FALSE; + } + + break; + + // EFI_HOB_GUID_TYPE is variable length data, so skip check + case EFI_HOB_TYPE_GUID_EXTENSION: + break; + + case EFI_HOB_TYPE_FV: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_FV2: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME2)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV2)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_FV3: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_FIRMWARE_VOLUME3)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_FV3)); + return FALSE; + } + + break; + + case EFI_HOB_TYPE_CPU: + if (Hob.Header->HobLength !=3D sizeof (EFI_HOB_CPU)) { + DEBUG ((DEBUG_ERROR, "HOB: Hob length is not equal corresponding= hob structure. Type: 0x%04x\n", EFI_HOB_TYPE_CPU)); + return FALSE; + } + + for (UINT32 index =3D 0; index < 6; index++) { + if (Hob.Cpu->Reserved[index] !=3D 0) { + DEBUG ((DEBUG_ERROR, "HOB: Cpu Reserved field will always be s= et to zero.\n")); + return FALSE; + } + } + + break; + + default: + DEBUG ((DEBUG_ERROR, "HOB: Hob type is not know. Type: 0x%04x\n", = Hob.Header->HobType)); + return FALSE; + } + + // Get next HOB + Hob.Raw =3D (UINT8 *)(Hob.Raw + Hob.Header->HobLength); + } + + return TRUE; +} + +/** + Processing the incoming HobList for the TDX + + Firmware must parse list, and accept the pages of memory before their ca= n be + use by the guest. + + @param[in] VmmHobList The Hoblist pass the firmware + + @retval EFI_SUCCESS Process the HobList successfully + @retval Others Other errors as indicated + +**/ +EFI_STATUS +EFIAPI +ProcessHobList ( + IN CONST VOID *VmmHobList + ) +{ + EFI_STATUS Status; + EFI_PEI_HOB_POINTERS Hob; + EFI_PHYSICAL_ADDRESS PhysicalEnd; + + Status =3D EFI_SUCCESS; + ASSERT (VmmHobList !=3D NULL); + Hob.Raw =3D (UINT8 *)VmmHobList; + + // + // Parse the HOB list until end of list or matching type is found. + // + while (!END_OF_HOB_LIST (Hob)) { + if (Hob.Header->HobType =3D=3D EFI_HOB_TYPE_RESOURCE_DESCRIPTOR) { + DEBUG ((DEBUG_INFO, "\nResourceType: 0x%x\n", Hob.ResourceDescriptor= ->ResourceType)); + + if (Hob.ResourceDescriptor->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_= MEMORY) { + DEBUG ((DEBUG_INFO, "ResourceAttribute: 0x%x\n", Hob.ResourceDescr= iptor->ResourceAttribute)); + DEBUG ((DEBUG_INFO, "PhysicalStart: 0x%llx\n", Hob.ResourceDescrip= tor->PhysicalStart)); + DEBUG ((DEBUG_INFO, "ResourceLength: 0x%llx\n", Hob.ResourceDescri= ptor->ResourceLength)); + DEBUG ((DEBUG_INFO, "Owner: %g\n\n", &Hob.ResourceDescriptor->Owne= r)); + + PhysicalEnd =3D Hob.ResourceDescriptor->PhysicalStart + Hob.Resour= ceDescriptor->ResourceLength; + + Status =3D BspAcceptMemoryResourceRange ( + Hob.ResourceDescriptor->PhysicalStart, + PhysicalEnd + ); + if (EFI_ERROR (Status)) { + break; + } + } + } + + Hob.Raw =3D GET_NEXT_HOB (Hob); + } + + return Status; +} + +/** + In Tdx guest, some information need to be passed from host VMM to guest + firmware. For example, the memory resource, etc. These information are + prepared by host VMM and put in HobList which is described in TdxMetadat= a. + + Information in HobList is treated as external input. From the security + perspective before it is consumed, it should be validated. + + @retval EFI_SUCCESS Successfully process the hoblist + @retval Others Other error as indicated +**/ +EFI_STATUS +EFIAPI +ProcessTdxHobList ( + VOID + ) +{ + EFI_STATUS Status; + VOID *TdHob; + TD_RETURN_DATA TdReturnData; + + TdHob =3D (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase); + Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG (( + DEBUG_INFO, + "Intel Tdx Started with (GPAW: %d, Cpus: %d)\n", + TdReturnData.TdInfo.Gpaw, + TdReturnData.TdInfo.NumVcpus + )); + + // + // Validate HobList + // + if (ValidateHobList (TdHob) =3D=3D FALSE) { + return EFI_INVALID_PARAMETER; + } + + // + // Process Hoblist to accept memory + // + Status =3D ProcessHobList (TdHob); + + return Status; +} diff --git a/OvmfPkg/IntelTdx/Sec/IntelTdx.h b/OvmfPkg/IntelTdx/Sec/IntelTd= x.h new file mode 100644 index 000000000000..ddd09eff34cd --- /dev/null +++ b/OvmfPkg/IntelTdx/Sec/IntelTdx.h @@ -0,0 +1,46 @@ +/** @file + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SEC_INTEL_TDX_H_ +#define SEC_INTEL_TDX_H_ + +#include +#include +#include +#include +#include + +/** + Check TDX is enabled. + + @retval TRUE TDX is enabled + @retval FALSE TDX is not enabled +**/ +BOOLEAN +SecTdxIsEnabled ( + VOID + ); + +/** + In Tdx guest, some information need to be passed from host VMM to guest + firmware. For example, the memory resource, etc. These information are + prepared by host VMM and put in HobList which is described in TdxMetadat= a. + + Information in HobList is treated as external input. From the security + perspective before it is consumed, it should be validated. + + @retval EFI_SUCCESS Successfully process the hoblist + @retval Others Other error as indicated +**/ +EFI_STATUS +EFIAPI +ProcessTdxHobList ( + VOID + ); + +#endif diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c new file mode 100644 index 000000000000..374e7cc7eeb6 --- /dev/null +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -0,0 +1,200 @@ +/** @file + Main SEC phase code. Transitions to PEI. + + Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.
+ (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+ Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "IntelTdx.h" + +#include + +#define SEC_IDT_ENTRY_COUNT 34 + +typedef struct _SEC_IDT_TABLE { + EFI_PEI_SERVICES *PeiService; + IA32_IDT_GATE_DESCRIPTOR IdtTable[SEC_IDT_ENTRY_COUNT]; +} SEC_IDT_TABLE; + +// +// Template of an IDT entry pointing to 10:FFFFFFE4h. +// +IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate =3D { + { // Bits + 0xffe4, // OffsetLow + 0x10, // Selector + 0x0, // Reserved_0 + IA32_IDT_GATE_TYPE_INTERRUPT_32, // GateType + 0xffff // OffsetHigh + } +}; + +VOID +EFIAPI +SecCoreStartupWithStack ( + IN EFI_FIRMWARE_VOLUME_HEADER *BootFv, + IN VOID *TopOfCurrentStack + ) +{ + EFI_SEC_PEI_HAND_OFF SecCoreData; + SEC_IDT_TABLE IdtTableInStack; + IA32_DESCRIPTOR IdtDescriptor; + UINT32 Index; + volatile UINT8 *Table; + + if (SecTdxIsEnabled ()) { + // + // For Td guests, the memory map info is in TdHobLib. It should be pro= cessed + // first so that the memory is accepted. Otherwise access to the unacc= epted + // memory will trigger tripple fault. + // + if (ProcessTdxHobList () !=3D EFI_SUCCESS) { + CpuDeadLoop (); + } + } + + // + // To ensure SMM can't be compromised on S3 resume, we must force re-ini= t of + // the BaseExtractGuidedSectionLib. Since this is before library contruc= tors + // are called, we must use a loop rather than SetMem. + // + Table =3D (UINT8 *)(UINTN)FixedPcdGet64 (PcdGuidedExtractHandlerTableAdd= ress); + for (Index =3D 0; + Index < FixedPcdGet32 (PcdGuidedExtractHandlerTableSize); + ++Index) + { + Table[Index] =3D 0; + } + + // + // Initialize IDT - Since this is before library constructors are called, + // we use a loop rather than CopyMem. + // + IdtTableInStack.PeiService =3D NULL; + + for (Index =3D 0; Index < SEC_IDT_ENTRY_COUNT; Index++) { + // + // Declare the local variables that actually move the data elements as + // volatile to prevent the optimizer from replacing this function with + // the intrinsic memcpy() + // + CONST UINT8 *Src; + volatile UINT8 *Dst; + UINTN Byte; + + Src =3D (CONST UINT8 *)&mIdtEntryTemplate; + Dst =3D (volatile UINT8 *)&IdtTableInStack.IdtTable[Index]; + + for (Byte =3D 0; Byte < sizeof (mIdtEntryTemplate); Byte++) { + Dst[Byte] =3D Src[Byte]; + } + } + + IdtDescriptor.Base =3D (UINTN)&IdtTableInStack.IdtTable; + IdtDescriptor.Limit =3D (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); + + ProcessLibraryConstructorList (NULL, NULL); + + // + // Load the IDTR. + // + AsmWriteIdtr (&IdtDescriptor); + + if (SecTdxIsEnabled ()) { + // + // InitializeCpuExceptionHandlers () should be called in Td guests so = that + // #VE exceptions can be handled correctly. + // + InitializeCpuExceptionHandlers (NULL); + } + + DEBUG (( + DEBUG_INFO, + "SecCoreStartupWithStack(0x%x, 0x%x)\n", + (UINT32)(UINTN)BootFv, + (UINT32)(UINTN)TopOfCurrentStack + )); + + // + // Initialize floating point operating environment + // to be compliant with UEFI spec. + // + InitializeFloatingPointUnits (); + + // + // ASSERT that the Page Tables were set by the reset vector code to + // the address we expect. + // + ASSERT (AsmReadCr3 () =3D=3D (UINTN)PcdGet32 (PcdOvmfSecPageTablesBase)); + + // + // |-------------| <-- TopOfCurrentStack + // | Stack | 32k + // |-------------| + // | Heap | 32k + // |-------------| <-- SecCoreData.TemporaryRamBase + // + + ASSERT ( + (UINTN)(PcdGet32 (PcdOvmfSecPeiTempRamBase) + + PcdGet32 (PcdOvmfSecPeiTempRamSize)) =3D=3D + (UINTN)TopOfCurrentStack + ); + + // + // Initialize SEC hand-off state + // + SecCoreData.DataSize =3D sizeof (EFI_SEC_PEI_HAND_OFF); + + SecCoreData.TemporaryRamSize =3D (UINTN)PcdGet32 (PcdOvmfSecPeiTempRamSi= ze); + SecCoreData.TemporaryRamBase =3D (VOID *)((UINT8 *)TopOfCurrentStack - S= ecCoreData.TemporaryRamSize); + + SecCoreData.PeiTemporaryRamBase =3D SecCoreData.TemporaryRamBase; + SecCoreData.PeiTemporaryRamSize =3D SecCoreData.TemporaryRamSize >> 1; + + SecCoreData.StackBase =3D (UINT8 *)SecCoreData.TemporaryRamBase + SecCor= eData.PeiTemporaryRamSize; + SecCoreData.StackSize =3D SecCoreData.TemporaryRamSize >> 1; + + SecCoreData.BootFirmwareVolumeBase =3D BootFv; + SecCoreData.BootFirmwareVolumeSize =3D (UINTN)BootFv->FvLength; + + // + // Make sure the 8259 is masked before initializing the Debug Agent and = the debug timer is enabled + // + IoWrite8 (0x21, 0xff); + IoWrite8 (0xA1, 0xff); + + // + // Initialize Local APIC Timer hardware and disable Local APIC Timer + // interrupts before initializing the Debug Agent and the debug timer is + // enabled. + // + InitializeApicTimer (0, MAX_UINT32, TRUE, 5); + DisableApicTimerInterrupt (); + + TdxStartup (&SecCoreData); + + ASSERT (FALSE); + CpuDeadLoop (); +} diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.inf b/OvmfPkg/IntelTdx/Sec/SecMai= n.inf new file mode 100644 index 000000000000..7815d6ba77cf --- /dev/null +++ b/OvmfPkg/IntelTdx/Sec/SecMain.inf @@ -0,0 +1,73 @@ +## @file +# SEC Driver +# +# Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SecMain + FILE_GUID =3D 69d96630-eb64-4b33-8491-13a5cf023dcf + MODULE_TYPE =3D SEC + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D SecMain + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D X64 +# + +[Sources] + SecMain.c + IntelTdx.c + X64/SecEntry.nasm + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UefiCpuPkg/UefiCpuPkg.dec + OvmfPkg/OvmfPkg.dec + EmbeddedPkg/EmbeddedPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + BaseMemoryLib + PcdLib + UefiCpuLib + DebugAgentLib + IoLib + PeCoffLib + PeCoffGetEntryPointLib + PeCoffExtraActionLib + ExtractGuidedSectionLib + LocalApicLib + MemEncryptSevLib + CpuExceptionHandlerLib + TdxLib + TdxStartupLib + +[Pcd] + gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize + gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress + gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd + gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecValidatedStart + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase + gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase diff --git a/OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm b/OvmfPkg/IntelTdx/Sec/= X64/SecEntry.nasm new file mode 100644 index 000000000000..4528fec309a0 --- /dev/null +++ b/OvmfPkg/IntelTdx/Sec/X64/SecEntry.nasm @@ -0,0 +1,151 @@ +;-------------------------------------------------------------------------= ----- +;* +;* Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
+;* SPDX-License-Identifier: BSD-2-Clause-Patent +;* +;* CpuAsm.asm +;* +;* Abstract: +;* +;-------------------------------------------------------------------------= ----- + +#include +%include "TdxCommondefs.inc" + +DEFAULT REL +SECTION .text + +extern ASM_PFX(SecCoreStartupWithStack) + +%macro tdcall 0 + db 0x66, 0x0f, 0x01, 0xcc +%endmacro + +; +; SecCore Entry Point +; +; Processor is in flat protected mode +; +; @param[in] RAX Initial value of the EAX register (BIST: Built-in Self= Test) +; @param[in] DI 'BP': boot-strap processor, or 'AP': application proce= ssor +; @param[in] RBP Pointer to the start of the Boot Firmware Volume +; @param[in] DS Selector allowing flat access to all addresses +; @param[in] ES Selector allowing flat access to all addresses +; @param[in] FS Selector allowing flat access to all addresses +; @param[in] GS Selector allowing flat access to all addresses +; @param[in] SS Selector allowing flat access to all addresses +; +; @return None This routine does not return +; +global ASM_PFX(_ModuleEntryPoint) +ASM_PFX(_ModuleEntryPoint): + + ; + ; Guest type is stored in OVMF_WORK_AREA + ; + %define OVMF_WORK_AREA FixedPcdGet32 (PcdOvmfWorkAreaBase) + %define VM_GUEST_TYPE_TDX 2 + mov eax, OVMF_WORK_AREA + cmp byte[eax], VM_GUEST_TYPE_TDX + jne InitStack + + mov rax, TDCALL_TDINFO + tdcall + + ; + ; R8 [31:0] NUM_VCPUS + ; [63:32] MAX_VCPUS + ; R9 [31:0] VCPU_INDEX + ; Td Guest set the VCPU0 as the BSP, others are the APs + ; APs jump to spinloop and get released by DXE's MpInitLib + ; + mov rax, r9 + and rax, 0xffff + test rax, rax + jne ParkAp + +InitStack: + + ; + ; Fill the temporary RAM with the initial stack value. + ; The loop below will seed the heap as well, but that's harmless. + ; + mov rax, (FixedPcdGet32 (PcdInitValueInTempStack) << 32) | FixedPc= dGet32 (PcdInitValueInTempStack) + ; qword to s= tore + mov rdi, FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) ; base addre= ss, + ; relative= to + ; ES + mov rcx, FixedPcdGet32 (PcdOvmfSecPeiTempRamSize) / 8 ; qword count + cld ; store from= base + ; up + rep stosq + + ; + ; Load temporary RAM stack based on PCDs + ; + %define SEC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + \ + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize)) + mov rsp, SEC_TOP_OF_STACK + nop + + ; + ; Setup parameters and call SecCoreStartupWithStack + ; rcx: BootFirmwareVolumePtr + ; rdx: TopOfCurrentStack + ; + mov rcx, rbp + mov rdx, rsp + sub rsp, 0x20 + call ASM_PFX(SecCoreStartupWithStack) + + ; + ; Note: BSP never gets here. APs will be unblocked by DXE + ; + ; R8 [31:0] NUM_VCPUS + ; [63:32] MAX_VCPUS + ; R9 [31:0] VCPU_INDEX + ; +ParkAp: + + mov rbp, r9 + +.do_wait_loop: + mov rsp, FixedPcdGet32 (PcdOvmfSecGhcbBackupBase) + + ; + ; register itself in [rsp + CpuArrivalOffset] + ; + mov rax, 1 + lock xadd dword [rsp + CpuArrivalOffset], eax + inc eax + +.check_arrival_cnt: + cmp eax, r8d + je .check_command + mov eax, dword[rsp + CpuArrivalOffset] + jmp .check_arrival_cnt + +.check_command: + mov eax, dword[rsp + CommandOffset] + cmp eax, MpProtectedModeWakeupCommandNoop + je .check_command + + cmp eax, MpProtectedModeWakeupCommandWakeup + je .do_wakeup + + ; Don't support this command, so ignore + jmp .check_command + +.do_wakeup: + ; + ; BSP sets these variables before unblocking APs + ; RAX: WakeupVectorOffset + ; RBX: Relocated mailbox address + ; RBP: vCpuId + ; + mov rax, 0 + mov eax, dword[rsp + WakeupVectorOffset] + mov rbx, [rsp + WakeupArgsRelocatedMailBox] + nop + jmp rax + jmp $ --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86045): https://edk2.groups.io/g/devel/message/86045 Mute This Topic: https://groups.io/mt/88666805/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86046+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86046+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092559; cv=none; d=zohomail.com; s=zohoarc; b=lKFf/NbzwDXJ+HNVd7deT/03o3bgPjN4eOHy6YAYL2HHUVhTHiPpyMqnjWQdpJp2puNnJaC31IrMt6QQvZwI0Yocau3hHjzvO1+Seo2sNNrsFH5q85zT0EMb8QnZ9POWdvukGgDECzKV/VSPI5wPMNNo7UGvsd/QA2fX38B22XI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092559; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=PHU+phcUj6Y9ZQbVzNl7OUP0KL9cC/rjGKfJiWSpt7A=; b=MDhtSw4TlBCjGJTs3n0ePd7MBnJXQ7/AUxWIF3sC6XVtbizQLuyMjlot2TZn41i4j41/Y3SeMgakh2XeDKg/6l7NfvpT0qcwk6jFnP9UYy9mjexJtRPcI7IxScXuZxaNK5HKDJR4Ncx0EN/Og4+8jVFdmV4I7T1wpGgtSt+Ckkg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86046+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092559614438.36896752351606; Mon, 24 Jan 2022 22:35:59 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id QVvtYY1788612xl8NWuT5hvQ; Mon, 24 Jan 2022 22:35:59 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web09.3918.1643092552922625005 for ; Mon, 24 Jan 2022 22:35:58 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904924" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904924" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:52 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592717" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:50 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 08/10] OvmfPkg: Update TdxDxe to set TDX PCDs Date: Tue, 25 Jan 2022 14:33:16 +0800 Message-Id: <20220125063318.862-9-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: ncjl3jTbTU3h0R7iFe5lDae4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092559; bh=rqJDbJHh9QkJ88F9IoTxQCoQ3HhXwOgEbme4f6EG3co=; h=Cc:Date:From:Reply-To:Subject:To; b=lIIpmInRNa/VoIC/rL1XM71uZ5+uTzMWS2RP5WuQztDTXT+zTCbAJGAXnuGElVYzvbG FSYUn31oBuFJo/9EmoX656wqC4GLinY8NlrJq8hcYctdBwHKlpRVv6SJCg7SbB9vonHZr my6EUYYHo9MdvRTSq8dmpikMBw+F7TA2kig= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092562493100035 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 TDX_PEI_LESS_BOOT indicates the boot without PEI phase. In this case settings in EFI_HOB_PLATFORM_INFO should be set to its according PCDs. TdxDxe driver is workable for both Legacy guest and Tdx guest. It is because for Legacy guest (in PEI-less boot) there should be a place to set the PCDs based on EFI_HOB_PLATFORM_INFO hob. TdxDxe driver is the right place to do this work. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/TdxDxe/TdxDxe.c | 71 +++++++++++++++++++++++++++++++++++++-- OvmfPkg/TdxDxe/TdxDxe.inf | 5 +++ 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c index 36ef5c510771..be2b5ab388b9 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.c +++ b/OvmfPkg/TdxDxe/TdxDxe.c @@ -24,12 +24,70 @@ #include #include #include +#include #include #include #include #include #include =20 +VOID +SetPcdSettings ( + EFI_HOB_PLATFORM_INFO *PlatformInfoHob + ) +{ + RETURN_STATUS PcdStatus; + + PcdStatus =3D PcdSet16S (PcdOvmfHostBridgePciDevId, PlatformInfoHob->Hos= tBridgePciDevId); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdConfidentialComputingGuestAttr, PlatformInfo= Hob->PcdConfidentialComputingGuestAttr); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSetBoolS (PcdSetNxForStack, PlatformInfoHob->PcdSetNxFo= rStack); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSetBoolS (PcdIa32EferChangeAllowed, PlatformInfoHob->Pc= dIa32EferChangeAllowed); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG (( + DEBUG_INFO, + "HostBridgeDevId=3D0x%x, CCAttr=3D0x%x, SetNxForStack=3D%x, Ia32EferCh= angeAllowed=3D%x\n", + PlatformInfoHob->HostBridgePciDevId, + PlatformInfoHob->PcdConfidentialComputingGuestAttr, + PlatformInfoHob->PcdSetNxForStack, + PlatformInfoHob->PcdIa32EferChangeAllowed + )); + + PcdStatus =3D PcdSet32S (PcdCpuBootLogicalProcessorNumber, PlatformInfoH= ob->PcdCpuBootLogicalProcessorNumber); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet32S (PcdCpuMaxLogicalProcessorNumber, PlatformInfoHo= b->PcdCpuMaxLogicalProcessorNumber); + + ASSERT_RETURN_ERROR (PcdStatus); + DEBUG (( + DEBUG_INFO, + "MaxCpuCount=3D0x%x, BootCpuCount=3D0x%x\n", + PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber, + PlatformInfoHob->PcdCpuBootLogicalProcessorNumber + )); + + if (TdIsEnabled ()) { + PcdStatus =3D PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ()); + ASSERT_RETURN_ERROR (PcdStatus); + DEBUG ((DEBUG_INFO, "TdxSharedBitMask=3D0x%llx\n", PcdGet64 (PcdTdxSha= redBitMask))); + } else { + PcdStatus =3D PcdSet64S (PcdPciMmio64Base, PlatformInfoHob->PcdPciMmio= 64Base); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdPciMmio64Size, PlatformInfoHob->PcdPciMmio= 64Size); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdPciMmio32Base, PlatformInfoHob->PcdPciMmio= 32Base); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdPciMmio32Size, PlatformInfoHob->PcdPciMmio= 32Size); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdPciIoBase, PlatformInfoHob->PcdPciIoBase); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdPciIoSize, PlatformInfoHob->PcdPciIoSize); + ASSERT_RETURN_ERROR (PcdStatus); + } +} + /** Location of resource hob matching type and starting address =20 @@ -179,10 +237,19 @@ TdxDxeEntryPoint ( return EFI_UNSUPPORTED; } =20 - SetMmioSharedBit (); - PlatformInfo =3D (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob); =20 + #ifdef TDX_PEI_LESS_BOOT + SetPcdSettings (PlatformInfo); + + if (!TdIsEnabled ()) { + return EFI_SUCCESS; + } + + #endif + + SetMmioSharedBit (); + // // Call TDINFO to get actual number of cpus in domain // diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf index 077769bcf70c..ca51122664fa 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.inf +++ b/OvmfPkg/TdxDxe/TdxDxe.inf @@ -60,5 +60,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber + gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress + gEfiMdeModulePkgTokenSpaceGuid.PcdIa32EferChangeAllowed + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86046): https://edk2.groups.io/g/devel/message/86046 Mute This Topic: https://groups.io/mt/88666806/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86047+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86047+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092566; cv=none; d=zohomail.com; s=zohoarc; b=XFog/UOpKHMyozrlmAhlTQs/ykhQeWxyQPTBJ948SbNIsWF33u4hiV5juE4TJv/M6MEZ7hIi2iDQ7rRjtIZj6bbQfhrBvN9f5Yh8dAib982SffKkMVpq9GaC6Ims7SMTATpVYp7coCTfcjFO7PXXMHUZbwZ2uLGPfJBGmiHQK1I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092566; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=940jXQuqu/PabooVylhpcnHyCOTQ157HLEc98ywDrII=; b=AQpF0tJ8PSV/MMnX4dlJCUTLvOp6QwnUyS199Iimr5pQs9IKIWBY4LWn6+fum/d163lfg5L9WV3MAFCAZdDwpMtB2447tq6weyQa0ku5IChy5IsHFCdM4DI2hH86OX8EuqYworESYho8nJ6iayfh5FK3ZVSxD+U9XaFLLj8eZYw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86047+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1643092566316982.9226624867003; Mon, 24 Jan 2022 22:36:06 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id BAZeYY1788612xnwPU5ZUQXF; Mon, 24 Jan 2022 22:36:05 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.3894.1643092565142842596 for ; Mon, 24 Jan 2022 22:36:05 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904951" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904951" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:55 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592726" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:52 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 09/10] OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob Date: Tue, 25 Jan 2022 14:33:17 +0800 Message-Id: <20220125063318.862-10-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: l5rIR9195vd9yTQ5QJbSbZs4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092565; bh=HpWtFfwjda4W4YKPq4+Y1eWntTyRsAqp7Nuhs5XNkas=; h=Cc:Date:From:Reply-To:Subject:To; b=adPcz5W8DAUU7Cv6fd2l4H9Uzv5ACay8gJ88zFSwMYlJcfQEZ/1AEbmsF4mt9hfJqxX zjdrVCG7Q5bNKt5SwdPVyECoTfNUsvTILErP+qz3Yq1qYbOMOtOpL+Y+vEwoMBLHDidCE TSDgEg0ObqZsI7Y3HfIz1IajdtbU3GGnqtQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092567417100001 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 The entrypoint of DxeAcpiTimerLib checks HostBridgeDevId by reading PcdOvmfHostBridgePciDevId. If the DevId is not set, ASSERT is triggered. Normally this DevId is set in PlatformPei which is executed in PEI phase. But Tdvf Config-B skips PEI phase so there is no chance to set this DevId. A word-round is that in PEI-less boot HostBridgeDevId is set in PlatformInfoHob. So we can check if PlatformInfoHob exists and if HostBridgeDevId is set in this Hob. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- .../Library/AcpiTimerLib/DxeAcpiTimerLib.c | 23 ++++++++++++++++--- .../Library/AcpiTimerLib/DxeAcpiTimerLib.inf | 4 ++++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.c b/OvmfPkg/Libra= ry/AcpiTimerLib/DxeAcpiTimerLib.c index 115846187455..5c7011f2dd3d 100644 --- a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.c +++ b/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.c @@ -6,10 +6,16 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 +#include +#include +#include +#include +#include #include #include #include #include +#include #include =20 // @@ -36,13 +42,24 @@ AcpiTimerLibConstructor ( VOID ) { - UINT16 HostBridgeDevId; - UINTN Pmba; + UINT16 HostBridgeDevId; + UINTN Pmba; + EFI_HOB_GUID_TYPE *GuidHob; + EFI_HOB_PLATFORM_INFO *PlatformInfo =3D NULL; =20 // // Query Host Bridge DID to determine platform type + // Tdx guest stores the HostBridgePciDevId in a GuidHob. + // So we first check if this HOB exists // - HostBridgeDevId =3D PcdGet16 (PcdOvmfHostBridgePciDevId); + GuidHob =3D GetFirstGuidHob (&gUefiOvmfPkgTdxPlatformGuid); + if (GuidHob !=3D NULL) { + PlatformInfo =3D (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHo= b); + HostBridgeDevId =3D PlatformInfo->HostBridgePciDevId; + } else { + HostBridgeDevId =3D PcdGet16 (PcdOvmfHostBridgePciDevId); + } + switch (HostBridgeDevId) { case INTEL_82441_DEVICE_ID: Pmba =3D POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMBA); diff --git a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf b/OvmfPkg/Lib= rary/AcpiTimerLib/DxeAcpiTimerLib.inf index e29872add3c7..44a4423a9ddd 100644 --- a/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf +++ b/OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf @@ -33,3 +33,7 @@ BaseLib PciLib IoLib + HobLib + +[Guids] + gUefiOvmfPkgTdxPlatformGuid ## CONSUMES --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86047): https://edk2.groups.io/g/devel/message/86047 Mute This Topic: https://groups.io/mt/88666807/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 19:03:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86048+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86048+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1643092573; cv=none; d=zohomail.com; s=zohoarc; b=HeAou2wts37s5ezxUAmk+BHX4q+aomlswYJmxRxQy4EG6lQCjwWooAFUcIYfBU//9YnDicX65rCR3RkozDLsAezxE09PKJNoLUg+O3acjGyP2GP1PrANBQZwhOQL8KMtAdbDCu3LO5PevN2IDMuaj51hKYXU2nL/Y5mlUUBNwsk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1643092573; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=PX1nli3ZAYSD68sQ5dS5/B33Wy4IuEot1p+GwpsZd4g=; b=aExfezNWqr7KNsIcoOvdj5vOKprBDhF2LcOsxc8Hc1tewAm67rpQ9S6jfRRfpMIytEjtQ4mUjRAzjcTT011eosoFjUthBjD/tmVKSAiWyrqWfQpDpbiRIkeGahAZpXk9pFgb3yXnk73IiEXeIj9v3rmnnS3yNbC7/eul97zLwD0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86048+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 164309257304617.52889335603288; Mon, 24 Jan 2022 22:36:13 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id tXEqYY1788612xARCqjKMRQQ; Mon, 24 Jan 2022 22:36:12 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.3896.1643092571653628949 for ; Mon, 24 Jan 2022 22:36:11 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10237"; a="226904988" X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="226904988" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:57 -0800 X-IronPort-AV: E=Sophos;i="5.88,314,1635231600"; d="scan'208";a="534592732" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.238.0.72]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 22:35:55 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V2 10/10] OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B Date: Tue, 25 Jan 2022 14:33:18 +0800 Message-Id: <20220125063318.862-11-min.m.xu@intel.com> In-Reply-To: <20220125063318.862-1-min.m.xu@intel.com> References: <20220125063318.862-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: Db5uQah1P5elpXMoi278PRqJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1643092572; bh=jbMeaszGfRPQ9iTBNsLRXArBmcYOq6G860Tuy9MHkWg=; h=Cc:Date:From:Reply-To:Subject:To; b=sfRVUV6Z+PenDqNqSr0R4WwSIncy/DxgVNKTvo3mEjLMT4n7EGjgB1qkU+UOgvsGkOG uZD+kRAHi98fOZQ/pqQFxgdmXmaxolODgcH7poTz2+F8TFSqJWhPHy3NaLq1qHmst5cVX rVaGWHIHb1WXJCrJI/3TDhGvao6CsZ5LE6s= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1643092574319100001 Content-Type: text/plain; charset="utf-8" RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) with a new kind of virutal machines guest called a Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the confidentiality of TD memory contents and the TD's CPU state from other software, including the hosting Virtual-Machine Monitor (VMM), unless explicitly shared by the TD itself. There are 2 configurations for TDVF to upstream. See below link for the definitions of the 2 configurations. https://edk2.groups.io/g/devel/message/76367 This patch-set is to enable the basic feature of Config-B in OvmfPkg. - Add a standalone IntelTdxX64.dsc to a TDX specific directory for a *full* feature TDVF. (Align with existing SEV) - IntelTdx.dsc includes Tdx/Legacy OVMF basic boot capability. The final binary can run on Tdx/Legacy OVMF. - PEI phase is skipped. By design in Config-B there should be more advanced features, such as: - RTMR based measurement and measure boot. - Remove unnecessary drivers to reduce attack surface, such as network stack. To make the code review more efficiency, Config-B is split into 2 waves: - Basic feature of Config-B - Advanced feature of Config-B This patch contains 2 files (IntelTdxX64.dsc/IntelTdxX64.fdf) which enable the basic feature of Config-B. In the waves of Advanced feature of Config-B, we will re-visit these 2 files. TDX_PEI_LESS_BOOT is defined in IntelTdxX64.dsc to indicate it boots up without PEI phase. Cc: Michael D Kinney Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 718 +++++++++++++++++++++++++++++++ OvmfPkg/IntelTdx/IntelTdxX64.fdf | 402 +++++++++++++++++ 2 files changed, 1120 insertions(+) create mode 100644 OvmfPkg/IntelTdx/IntelTdxX64.dsc create mode 100644 OvmfPkg/IntelTdx/IntelTdxX64.fdf diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc new file mode 100644 index 000000000000..40f32d8d8a61 --- /dev/null +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -0,0 +1,718 @@ +## @file +# EFI/Framework Open Virtual Machine Firmware (OVMF) platform +# +# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved.
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +##########################################################################= ###### +# +# Defines Section - statements that will be processed to create a Makefile. +# +##########################################################################= ###### +[Defines] + PLATFORM_NAME =3D Ovmf + PLATFORM_GUID =3D 5a9e7754-d81b-49ea-85ad-69eaa7b1539b + PLATFORM_VERSION =3D 0.1 + DSC_SPECIFICATION =3D 0x00010005 + OUTPUT_DIRECTORY =3D Build/IntelTdx + SUPPORTED_ARCHITECTURES =3D X64 + BUILD_TARGETS =3D NOOPT|DEBUG|RELEASE + SKUID_IDENTIFIER =3D DEFAULT + FLASH_DEFINITION =3D OvmfPkg/IntelTdx/IntelTdxX64.fdf + + # + # Defines for default states. These can be changed on the command line. + # -D FLAG=3DVALUE + # + DEFINE SECURE_BOOT_ENABLE =3D FALSE + + # + # Device drivers + # + DEFINE PVSCSI_ENABLE =3D TRUE + DEFINE MPT_SCSI_ENABLE =3D TRUE + DEFINE LSI_SCSI_ENABLE =3D FALSE + + # + # Flash size selection. Setting FD_SIZE_IN_KB on the command line direct= ly to + # one of the supported values, in place of any of the convenience macros= , is + # permitted. + # +!ifdef $(FD_SIZE_1MB) + DEFINE FD_SIZE_IN_KB =3D 1024 +!else +!ifdef $(FD_SIZE_2MB) + DEFINE FD_SIZE_IN_KB =3D 2048 +!else +!ifdef $(FD_SIZE_4MB) + DEFINE FD_SIZE_IN_KB =3D 4096 +!else + DEFINE FD_SIZE_IN_KB =3D 4096 +!endif +!endif +!endif + +[BuildOptions] + GCC:RELEASE_*_*_CC_FLAGS =3D -DMDEPKG_NDEBUG + INTEL:RELEASE_*_*_CC_FLAGS =3D /D MDEPKG_NDEBUG + MSFT:RELEASE_*_*_CC_FLAGS =3D /D MDEPKG_NDEBUG +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(TOOL_CHAIN_TAG) !=3D "CLANGPDB" + GCC:*_*_*_CC_FLAGS =3D -mno-mmx -mno-sse +!endif + RELEASE_*_*_GENFW_FLAGS =3D --zero + + # + # Disable deprecated APIs. + # + MSFT:*_*_*_CC_FLAGS =3D /D DISABLE_NEW_DEPRECATED_INTERFACES + INTEL:*_*_*_CC_FLAGS =3D /D DISABLE_NEW_DEPRECATED_INTERFACES + GCC:*_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES + + # + # Add TDX_PEI_LESS_BOOT + # + MSFT:*_*_*_CC_FLAGS =3D /D TDX_PEI_LESS_BOOT + INTEL:*_*_*_CC_FLAGS =3D /D TDX_PEI_LESS_BOOT + GCC:*_*_*_CC_FLAGS =3D -D TDX_PEI_LESS_BOOT + +[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] + GCC:*_*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000 + XCODE:*_*_*_DLINK_FLAGS =3D -seg1addr 0x1000 -segalign 0x1000 + XCODE:*_*_*_MTOC_FLAGS =3D -align 0x1000 + CLANGPDB:*_*_*_DLINK_FLAGS =3D /ALIGN:4096 + +##########################################################################= ###### +# +# SKU Identification section - list of all SKU IDs supported by this Platf= orm. +# +##########################################################################= ###### +[SkuIds] + 0|DEFAULT + +##########################################################################= ###### +# +# Library Class section - list of all Library Classes needed by this Platf= orm. +# +##########################################################################= ###### + +!include MdePkg/MdeLibs.dsc.inc + +[LibraryClasses] + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/BaseResetSystemLib.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLibRepStr/BaseMemoryLibRepStr.inf + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf + BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.i= nf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza= tionLib.inf + CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf + PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibN= ull.inf + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMain= tenanceLib.inf + UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompres= sLib.inf + UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic= esLib.inf + HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf + UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag= erLib.inf + BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf + CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf + DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf + DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableL= ib.inf + PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeC= offGetEntryPointLib.inf + PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf + PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf + PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf + PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf + PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf + PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPc= iSegmentLib.inf + PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo= okStatusCodeLibNull.inf + SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf + MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf + MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf + UefiLib|MdePkg/Library/UefiLib/UefiLib.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo= tServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U= efiRuntimeServicesTableLib.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA= pplicationEntryPoint.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDev= icePathLibDevicePathProtocol.inf + NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf + FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf + UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf + SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeS= ecurityManagementLib.inf + UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf + SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar= iablesLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf + QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFw= CfgSimpleParserLib.inf + VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf + LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLi= b.inf + MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxL= ib.inf + + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf + CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf + FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL= ib.inf + + PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeC= offExtraActionLibNull.inf + DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.i= nf + + LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD= ebugPrintErrorLevelLib.inf + + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf + SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariablePro= visionLib/SecureBootVariableProvisionLib.inf +!else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf +!endif + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf + + ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf + ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf + S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip= tLib.inf + SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf + OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf + + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + +[LibraryClasses.common] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf + TdxLib|MdePkg/Library/TdxLib/TdxLib.inf + TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf + PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf + +[LibraryClasses.common.SEC] + TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPor= t.inf +!endif + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor= tStatusCodeLib.inf + ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseE= xtractGuidedSectionLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/= PeiServicesTablePointerLibIdt.inf + MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMe= moryAllocationLib.inf +!if $(TOOL_CHAIN_TAG) =3D=3D "XCODE5" + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5S= ecPeiCpuExceptionHandlerLib.inf +!else + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC= puExceptionHandlerLib.inf +!endif + VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLi= b.inf + PrePiHobListPointerLib|OvmfPkg/IntelTdx/PrePiHobListPointerLibTdx/PrePiH= obListPointerLibTdx.inf + HobLib|EmbeddedPkg/Library/PrePiHobLib/PrePiHobLib.inf + PrePiLib|EmbeddedPkg/Library/PrePiLib/PrePiLib.inf + TdxStartupLib|OvmfPkg/IntelTdx/TdxStartupLib/TdxStartupLib.inf + +[LibraryClasses.common.DXE_CORE] + HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeC= oreMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExt= ractGuidedSectionLib.inf + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE= xceptionHandlerLib.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/R= untimeDxeReportStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyL= ibRuntimeDxe.inf + +[LibraryClasses.common.UEFI_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +[LibraryClasses.common.DXE_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLib/PlatformBo= otManagerLib.inf + PlatformBmPrintScLib|OvmfPkg/Library/PlatformBmPrintScLib/PlatformBmPrin= tScLib.inf + QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE= xceptionHandlerLib.inf + LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf + QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf + QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf + +[LibraryClasses.common.UEFI_APPLICATION] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll= ocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc= ationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.= inf + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL= ib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuE= xceptionHandlerLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +[LibraryClasses.common.SMM_CORE] + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf + SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/S= mmCorePlatformHookLibNull.inf + MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/Pi= SmmCoreMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf + SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/Pi= SmmCoreSmmServicesTableLib.inf +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i= nf +!endif + PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf + +##########################################################################= ###### +# +# Pcd Section - list of all EDK II PCD Entries defined by this Platform. +# +##########################################################################= ###### +[PcdsFeatureFlag] + gEfiMdeModulePkgTokenSpaceGuid.PcdHiiOsRuntimeSupport|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE +!ifdef $(CSM_ENABLE) + gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE +!endif + +[PcdsFixedAtBuild] + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 + gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FAL= SE + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10 + gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength|0 +!if ($(FD_SIZE_IN_KB) =3D=3D 1024) || ($(FD_SIZE_IN_KB) =3D=3D 2048) + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + # match PcdFlashNvStorageVariableSize purely for convenience + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000 +!endif +!if $(FD_SIZE_IN_KB) =3D=3D 4096 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400 + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400 + # match PcdFlashNvStorageVariableSize purely for convenience + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000 +!endif + + gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0 + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|TRUE + + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07 + + # DEBUG_INIT 0x00000001 // Initialization + # DEBUG_WARN 0x00000002 // Warnings + # DEBUG_LOAD 0x00000004 // Load events + # DEBUG_FS 0x00000008 // EFI File system + # DEBUG_POOL 0x00000010 // Alloc & Free (pool) + # DEBUG_PAGE 0x00000020 // Alloc & Free (page) + # DEBUG_INFO 0x00000040 // Informational debug messages + # DEBUG_DISPATCH 0x00000080 // PEI/DXE/SMM Dispatchers + # DEBUG_VARIABLE 0x00000100 // Variable + # DEBUG_BM 0x00000400 // Boot Manager + # DEBUG_BLKIO 0x00001000 // BlkIo Driver + # DEBUG_NET 0x00004000 // SNP Driver + # DEBUG_UNDI 0x00010000 // UNDI Driver + # DEBUG_LOADFILE 0x00020000 // LoadFile + # DEBUG_EVENT 0x00080000 // Event messages + # DEBUG_GCD 0x00100000 // Global Coherency Database changes + # DEBUG_CACHE 0x00200000 // Memory range cachability changes + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F + + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F + + # This PCD is used to set the base address of the PCI express hierarchy.= It + # is only consulted when OVMF runs on Q35. In that case it is programmed= into + # the PCIEXBAR register. + # + # On Q35 machine types that QEMU intends to support in the long term, QE= MU + # never lets the RAM below 4 GB exceed 2816 MB. + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 + + # + # The NumberOfPages values below are ad-hoc. They are updated sporadical= ly at + # best (please refer to git-blame for past updates). The values capture = a set + # of BIN hints that made sense at a particular time, for some (now likely + # unknown) workloads / boot paths. + # + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x80 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x10 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x80 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x100 + gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0x100 + + # + # TDX need 1G PageTable support + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE + + gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000 + + # IRQs 5, 9, 10, 11 are level-triggered + gUefiOvmfPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20 + + # Point to the MdeModulePkg/Application/UiApp/UiApp.inf + gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c= , 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0= x31 } + +##########################################################################= ###### +# +# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Pla= tform +# +##########################################################################= ###### + +[PcdsDynamicDefault] + # only set when + # ($(SMM_REQUIRE) =3D=3D FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 + + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800 + gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600 + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciIoSize|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Base|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Size|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Base|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x800000000 + + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0 + + # Set video resolution for text setup. + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640 + gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|480 + + gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0208 + gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE + + # Noexec settings for DXE. + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + + # UefiCpuPkg PCDs related to initial AP bringup and general AP managemen= t. + gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 + gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 + + # Set memory encryption mask + gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 + + # Set SEV-ES defaults + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 + gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 + + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 + + # Set ConfidentialComputing defaults + gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 + + gEfiMdePkgTokenSpaceGuid.PcdFSBClock|100000000 + +##########################################################################= ###### +# +# Components Section - list of all EDK II Modules needed by this Platform. +# +##########################################################################= ###### +[Components] + OvmfPkg/ResetVector/ResetVector.inf + + # + # SEC Phase modules + # + OvmfPkg/IntelTdx/Sec/SecMain.inf { + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf + } + + # + # DXE Phase modules + # + MdeModulePkg/Core/Dxe/DxeMain.inf { + + NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + } + + MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCod= eRouterRuntimeDxe.inf + MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRun= timeDxe.inf + MdeModulePkg/Universal/PCD/Dxe/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + + MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf + + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!endif + } + + MdeModulePkg/Universal/EbcDxe/EbcDxe.inf + UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf + UefiCpuPkg/CpuDxe/CpuDxe.inf + OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf + OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf + OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf + MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf { + + PciHostBridgeLib|OvmfPkg/Library/PciHostBridgeLib/PciHostBridgeLib.i= nf + PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciH= ostBridgeUtilityLib.inf + NULL|OvmfPkg/Library/PlatformHasIoMmuLib/PlatformHasIoMmuLib.inf + } + MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf + MdeModulePkg/Universal/Metronome/Metronome.inf + PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.i= nf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf { + + XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf + } + MdeModulePkg/Logo/LogoDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf + NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf + NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc= eManagerUiLib.inf + } + OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf { + + NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf + } + OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf + OvmfPkg/Virtio10Dxe/Virtio10.inf + OvmfPkg/VirtioBlkDxe/VirtioBlk.inf + OvmfPkg/VirtioScsiDxe/VirtioScsi.inf + OvmfPkg/VirtioRngDxe/VirtioRng.inf +!if $(PVSCSI_ENABLE) =3D=3D TRUE + OvmfPkg/PvScsiDxe/PvScsiDxe.inf +!endif +!if $(MPT_SCSI_ENABLE) =3D=3D TRUE + OvmfPkg/MptScsiDxe/MptScsiDxe.inf +!endif +!if $(LSI_SCSI_ENABLE) =3D=3D TRUE + OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf +!endif + MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf + MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim= eDxe.inf + MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf + MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf + MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf + MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf= { + + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf + MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf { + + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } + + MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf + MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf + MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf + MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf + FatPkg/EnhancedFatDxe/Fat.inf + MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf + MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf + MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf + MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +!ifndef $(CSM_ENABLE) + OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +!endif + OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # + # ISA Support + # + OvmfPkg/SioBusDxe/SioBusDxe.inf + MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf + MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf + + # + # SMBIOS Support + # + MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf { + + NULL|OvmfPkg/Library/SmbiosVersionLib/DetectSmbiosVersionLib.inf + } + OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf + + # + # ACPI Support + # + MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf + OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf + MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.= inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsRes= ourceTableDxe.inf + + # + # Usb Support + # + MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf + MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf + MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf + MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf + MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf + MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" + OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.in= f { + + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + } +!endif + ShellPkg/Application/Shell/Shell.inf { + + ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellComman= dLib.inf + NULL|ShellPkg/Library/UefiShellLevel2CommandsLib/UefiShellLevel2Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellLevel1CommandsLib/UefiShellLevel1Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellLevel3CommandsLib/UefiShellLevel3Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellDriver1CommandsLib/UefiShellDriver1Co= mmandsLib.inf + NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1Comm= andsLib.inf + NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1= CommandsLib.inf + HandleParsingLib|ShellPkg/Library/UefiHandleParsingLib/UefiHandlePar= singLib.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + BcfgCommandLib|ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcf= gCommandLib.inf + + + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xFF + gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE + gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 + } + +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf +!endif + + OvmfPkg/PlatformDxe/Platform.inf + OvmfPkg/IoMmuDxe/IoMmuDxe.inf + + OvmfPkg/TdxDxe/TdxDxe.inf + + # + # Variable driver stack (non-SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf + OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { + + PlatformFvbLib|OvmfPkg/Library/EmuVariableFvbLib/EmuVariableFvbLib.i= nf + } + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX6= 4.fdf new file mode 100644 index 000000000000..4dae40ffcd7b --- /dev/null +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -0,0 +1,402 @@ +## @file +# Open Virtual Machine Firmware: FDF +# +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +##########################################################################= ###### + +[Defines] +!include OvmfPkg/OvmfPkgDefines.fdf.inc + +# +# Build the variable store and the firmware code as one unified flash devi= ce +# image. +# +[FD.OVMF] +BaseAddress =3D $(FW_BASE_ADDRESS) +Size =3D $(FW_SIZE) +ErasePolarity =3D 1 +BlockSize =3D $(BLOCK_SIZE) +NumBlocks =3D $(FW_BLOCKS) + +!include OvmfPkg/VarStore.fdf.inc + +$(VARS_SIZE)|$(FVMAIN_SIZE) +FV =3D FVMAIN_COMPACT + +$(SECFV_OFFSET)|$(SECFV_SIZE) +FV =3D SECFV + +# +# Build the variable store and the firmware code as separate flash device +# images. +# +[FD.OVMF_VARS] +BaseAddress =3D $(FW_BASE_ADDRESS) +Size =3D $(VARS_SIZE) +ErasePolarity =3D 1 +BlockSize =3D $(BLOCK_SIZE) +NumBlocks =3D $(VARS_BLOCKS) + +!include OvmfPkg/VarStore.fdf.inc + +[FD.OVMF_CODE] +BaseAddress =3D $(CODE_BASE_ADDRESS) +Size =3D $(CODE_SIZE) +ErasePolarity =3D 1 +BlockSize =3D $(BLOCK_SIZE) +NumBlocks =3D $(CODE_BLOCKS) + +0x00000000|$(FVMAIN_SIZE) +FV =3D FVMAIN_COMPACT + +$(FVMAIN_SIZE)|$(SECFV_SIZE) +FV =3D SECFV + +##########################################################################= ###### + +[FD.MEMFD] +BaseAddress =3D $(MEMFD_BASE_ADDRESS) +Size =3D 0xD00000 +ErasePolarity =3D 1 +BlockSize =3D 0x10000 +NumBlocks =3D 0xD0 + +0x000000|0x006000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize + +0x006000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize + +0x007000|0x001000 +gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgT= okenSpaceGuid.PcdGuidedExtractHandlerTableSize + +0x008000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfSecGhcbPageTableSize + +0x009000|0x002000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize + +0x00B000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfWorkAreaSize + +0x00C000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecGhcbBackupSize + +0x00D000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSnpSecretsSize + +0x00E000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.Pcd= OvmfCpuidSize + +0x010000|0x010000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize + +0x100000|0xC00000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize +FV =3D DXEFV + +##########################################################################= ################ +# Set the SEV-ES specific work area PCDs +# +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase =3D $(MEMFD_BASE_ADDRES= S) + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpa= ceGuid.PcdOvmfConfidentialComputingWorkAreaHeader +SET gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize =3D gUefiOvmfPkgTokenSp= aceGuid.PcdOvmfWorkAreaSize - gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentia= lComputingWorkAreaHeader + +SET gUefiCpuPkgTokenSpaceGuid.PcdTdxWorkAreaBase =3D $(MEMFD_BASE_ADDRESS)= + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase + gUefiOvmfPkgTokenSpace= Guid.PcdOvmfConfidentialComputingWorkAreaHeader + +##########################################################################= ################ + +##########################################################################= ###### + +[FV.SECFV] +FvNameGuid =3D 763BED0D-DE9F-48F5-81F1-3E90E1B1A015 +BlockSize =3D 0x1000 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +# +# SEC Phase modules +# +# The code in this FV handles the initial firmware startup, and +# decompresses the PEI and DXE FVs which handles the rest of the boot sequ= ence. +# +INF OvmfPkg/IntelTdx/Sec/SecMain.inf + +INF RuleOverride=3DRESET_VECTOR OvmfPkg/ResetVector/ResetVector.inf + +##########################################################################= ###### + +[FV.DXEFV] +FvForceRebase =3D FALSE +FvNameGuid =3D 7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1 +BlockSize =3D 0x10000 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +APRIORI DXE { + INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf + INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF OvmfPkg/TdxDxe/TdxDxe.inf + INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +} + +# +# DXE Phase modules +# +INF MdeModulePkg/Core/Dxe/DxeMain.inf + +INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatus= CodeRouterRuntimeDxe.inf +INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandler= RuntimeDxe.inf +INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + +INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf +INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf +INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf +INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf +INF UefiCpuPkg/CpuDxe/CpuDxe.inf +INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf +INF OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.= inf +INF OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf +INF MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf +INF MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf +INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf +INF MdeModulePkg/Universal/Metronome/Metronome.inf +INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDx= e.inf + +INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf +INF OvmfPkg/Virtio10Dxe/Virtio10.inf +INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf +INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf +INF OvmfPkg/VirtioRngDxe/VirtioRng.inf +!if $(PVSCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf +!endif +!if $(MPT_SCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf +!endif +!if $(LSI_SCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf +!endif + +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon= figDxe.inf +!endif + +INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf +INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRun= timeDxe.inf +INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf +INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf +INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf +INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.= inf +INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.= inf +INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +INF MdeModulePkg/Application/UiApp/UiApp.inf +INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf +INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf +INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf +INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf +INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf +INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf +INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf +INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +INF OvmfPkg/SataControllerDxe/SataControllerDxe.inf +INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf +INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +INF MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf +INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf +INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe= .inf + +INF OvmfPkg/SioBusDxe/SioBusDxe.inf +INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf +INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf + +INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf + +INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf +INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf +INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf +INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorD= xe.inf +INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphics= ResourceTableDxe.inf + +INF FatPkg/EnhancedFatDxe/Fat.inf +INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf +INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf + +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" +INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand= .inf +!endif +INF ShellPkg/Application/Shell/Shell.inf + +INF MdeModulePkg/Logo/LogoDxe.inf + +INF OvmfPkg/TdxDxe/TdxDxe.inf + +# +# Usb Support +# +INF MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf +INF MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf +INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf +INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf +INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf +INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + +INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf + +INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf +INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf +INF OvmfPkg/PlatformDxe/Platform.inf +INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf + +# +# Variable driver stack (non-SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + +##########################################################################= ###### + +[FV.FVMAIN_COMPACT] +FvNameGuid =3D 48DB5E17-707C-472D-91CD-1613E7EF51B0 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +FILE FV_IMAGE =3D 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { + SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED= =3D TRUE { + # + # These firmware volumes will have files placed in them uncompressed, + # and then both firmware volumes will be compressed in a single + # compression operation in order to achieve better overall compressio= n. + # + SECTION FV_IMAGE =3D DXEFV + } + } + +# !include OvmfPkg/FvmainCompactScratchEnd.fdf.inc + +##########################################################################= ###### + +[Rule.Common.SEC] + FILE SEC =3D $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING =3D"$(MODULE_NAME)" Optional + VERSION STRING =3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.DXE_CORE] + FILE DXE_CORE =3D $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.DXE_DRIVER] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + RAW ACPI Optional |.acpi + RAW ASL Optional |.aml + } + +[Rule.Common.DXE_RUNTIME_DRIVER] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_DRIVER] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_DRIVER.BINARY] + FILE DRIVER =3D $(NAMED_GUID) { + DXE_DEPEX DXE_DEPEX Optional |.depex + PE32 PE32 |.efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.UEFI_APPLICATION] + FILE APPLICATION =3D $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER) + } + +[Rule.Common.UEFI_APPLICATION.BINARY] + FILE APPLICATION =3D $(NAMED_GUID) { + PE32 PE32 |.efi + UI STRING=3D"$(MODULE_NAME)" Optional + VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE= R) + } + +[Rule.Common.USER_DEFINED.CSM] + FILE FREEFORM =3D $(NAMED_GUID) { + RAW BIN |.bin + } + +[Rule.Common.SEC.RESET_VECTOR] + FILE RAW =3D $(NAMED_GUID) { + RAW BIN Align =3D 16 |.bin + } --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86048): https://edk2.groups.io/g/devel/message/86048 Mute This Topic: https://groups.io/mt/88666809/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-