From nobody Mon May 6 17:45:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+98606+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98606+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1673911938; cv=none; d=zohomail.com; s=zohoarc; b=YGn6BNNOs1vr6CeQeNZa0bt5y5I9GHUZ9kE6qrYBZExocka6Fof4UGkWDOUCbjoaYQQ37e78Ruoi7dKNPBh3Qs1IhDh6lafGocCs08bZoxfW0h6sBkbmW/DNywp6XHgLow9edGYJnzsve9GVAZTxAoT2hXko0TEaOSKkWewEX4g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673911938; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=bIxF3I/ccsOU+/cWIuGw/pOrTJ5Kz4JW+mTRb61z/JQ=; b=Xcp6TirVBPNsD5CanxLKkJSKzTSdQ9jtw7CWZgIvxo4dR/X6TQ3WxkTKprH6ZaREbNQiFfTvCWVMqiuWCOij4zwPkiz1neVvHXBPi+54lz2cJacTJssi+FjdnGjVmYT/v73w8AUYSuBYkAV4Ob914Dntjrn39M+i3zTnGNBDuvg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98606+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1673911938949420.08969650704705; Mon, 16 Jan 2023 15:32:18 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 59BKYY1788612xSWZTija7gT; Mon, 16 Jan 2023 15:32:18 -0800 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.183457.1673911935704512234 for ; Mon, 16 Jan 2023 15:32:18 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="312432468" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="312432468" X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:17 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="987930913" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="987930913" X-Received: from huiyanxi-mobl.ccr.corp.intel.com (HELO mxu9-mobl1.ccr.corp.intel.com) ([10.254.211.139]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:14 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Leif Lindholm , Ard Biesheuvel , Abner Chang , Daniel Schaefer , Gerd Hoffmann , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [edk2-devel] [PATCH V3 1/4] EmbeddedPkg/PrePiLib: Add FFS_CHECK_SECTION_HOOK when finding section Date: Tue, 17 Jan 2023 07:31:55 +0800 Message-Id: <20230116233158.1268-2-min.m.xu@intel.com> In-Reply-To: <20230116233158.1268-1-min.m.xu@intel.com> References: <20230116233158.1268-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: P4oGvY7tyU7ujbI0uvJKdIV8x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1673911938; bh=gKl33j0rNmFIVnytezf7kbOK9LHIWavZuHYcsoTKPOA=; h=Cc:Date:From:Reply-To:Subject:To; b=I3Qsc2P4nFOFps+69950AFNSFNoi/xhzQcYag+P6JeBVZT0XJcvei5jTd+20AULbXA+ GoS8KTz090sNAUXhyYl3/qJ0rvjo2vLr7bI61SmgTz/qJ2fNlRKfDUNolyQlj6xBbCkan W81o4zqLSV1UCGbaIdjhoWFczyXlxPLYYbk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1673911941157100007 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4152 EmbeddedPkg/PrePiLib provides the service of finding sections based on the input SectionType. But sometimes there maybe multiple sections with the same SectionType. FFS_CHECK_SECTION_HOOK is a hook which can be called to do additional check. Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Abner Chang Cc: Daniel Schaefer Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Acked-by: Ard Biesheuvel Signed-off-by: Min Xu Acked-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- EmbeddedPkg/Include/Library/PrePiLib.h | 23 +++++++++++--- EmbeddedPkg/Library/PrePiLib/FwVol.c | 42 ++++++++++++++++++------- EmbeddedPkg/Library/PrePiLib/PrePiLib.c | 2 +- 3 files changed, 49 insertions(+), 18 deletions(-) diff --git a/EmbeddedPkg/Include/Library/PrePiLib.h b/EmbeddedPkg/Include/L= ibrary/PrePiLib.h index 3741b08c4478..f60b6678185a 100644 --- a/EmbeddedPkg/Include/Library/PrePiLib.h +++ b/EmbeddedPkg/Include/Library/PrePiLib.h @@ -52,11 +52,23 @@ FfsFindNextFile ( IN OUT EFI_PEI_FILE_HANDLE *FileHandle ); =20 +/** + * This is a hook which is used to check if the section is the target one. + * + */ +typedef +EFI_STATUS +(EFIAPI *FFS_CHECK_SECTION_HOOK)( + IN EFI_COMMON_SECTION_HEADER *Section + ); + /** This service enables discovery sections of a given type within a valid F= FS file. + Caller also can provide a SectionCheckHook to do additional checking. =20 - @param SearchType The value of the section type to find. - @param FfsFileHeader A pointer to the file header that contains= the set of sections to + @param SectionType The value of the section type to find. + @param SectionCheckHook A hook which can check if the section is t= he target one. + @param FileHeader A pointer to the file header that contains= the set of sections to be searched. @param SectionData A pointer to the discovered section, if su= ccessful. =20 @@ -67,9 +79,10 @@ FfsFindNextFile ( EFI_STATUS EFIAPI FfsFindSectionData ( - IN EFI_SECTION_TYPE SectionType, - IN EFI_PEI_FILE_HANDLE FileHandle, - OUT VOID **SectionData + IN EFI_SECTION_TYPE SectionType, + IN FFS_CHECK_SECTION_HOOK SectionCheckHook, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData ); =20 /** diff --git a/EmbeddedPkg/Library/PrePiLib/FwVol.c b/EmbeddedPkg/Library/Pre= PiLib/FwVol.c index 0a6d6925b7ea..778d8b13c33b 100644 --- a/EmbeddedPkg/Library/PrePiLib/FwVol.c +++ b/EmbeddedPkg/Library/PrePiLib/FwVol.c @@ -264,16 +264,18 @@ FindFileEx ( Go through the file to search SectionType section, when meeting an encapsuled section. =20 - @param SectionType - Filter to find only section of this type. - @param Section - From where to search. - @param SectionSize - The file size to search. - @param OutputBuffer - Pointer to the section to search. + @param SectionType - Filter to find only section of this type. + @param SectionCheckHook - A hook which can check if the section is the= target one. + @param Section - From where to search. + @param SectionSize - The file size to search. + @param OutputBuffer - Pointer to the section to search. =20 @retval EFI_SUCCESS **/ EFI_STATUS FfsProcessSection ( IN EFI_SECTION_TYPE SectionType, + IN FFS_CHECK_SECTION_HOOK SectionCheckHook, IN EFI_COMMON_SECTION_HEADER *Section, IN UINTN SectionSize, OUT VOID **OutputBuffer @@ -292,7 +294,9 @@ FfsProcessSection ( UINT32 AuthenticationStatus; CHAR8 *CompressedData; UINT32 CompressedDataLength; + BOOLEAN Found; =20 + Found =3D FALSE; *OutputBuffer =3D NULL; ParsedLength =3D 0; Status =3D EFI_NOT_FOUND; @@ -302,13 +306,23 @@ FfsProcessSection ( } =20 if (Section->Type =3D=3D SectionType) { - if (IS_SECTION2 (Section)) { - *OutputBuffer =3D (VOID *)((UINT8 *)Section + sizeof (EFI_COMMON_S= ECTION_HEADER2)); + if (SectionCheckHook !=3D NULL) { + Found =3D SectionCheckHook (Section) =3D=3D EFI_SUCCESS; } else { - *OutputBuffer =3D (VOID *)((UINT8 *)Section + sizeof (EFI_COMMON_S= ECTION_HEADER)); + Found =3D TRUE; } =20 - return EFI_SUCCESS; + if (Found) { + if (IS_SECTION2 (Section)) { + *OutputBuffer =3D (VOID *)((UINT8 *)Section + sizeof (EFI_COMMON= _SECTION_HEADER2)); + } else { + *OutputBuffer =3D (VOID *)((UINT8 *)Section + sizeof (EFI_COMMON= _SECTION_HEADER)); + } + + return EFI_SUCCESS; + } else { + goto CheckNextSection; + } } else if ((Section->Type =3D=3D EFI_SECTION_COMPRESSION) || (Section-= >Type =3D=3D EFI_SECTION_GUID_DEFINED)) { if (Section->Type =3D=3D EFI_SECTION_COMPRESSION) { if (IS_SECTION2 (Section)) { @@ -415,6 +429,7 @@ FfsProcessSection ( } else { return FfsProcessSection ( SectionType, + SectionCheckHook, DstBuffer, DstBufferSize, OutputBuffer @@ -422,6 +437,7 @@ FfsProcessSection ( } } =20 +CheckNextSection: if (IS_SECTION2 (Section)) { SectionLength =3D SECTION2_SIZE (Section); } else { @@ -456,9 +472,10 @@ FfsProcessSection ( EFI_STATUS EFIAPI FfsFindSectionData ( - IN EFI_SECTION_TYPE SectionType, - IN EFI_PEI_FILE_HANDLE FileHandle, - OUT VOID **SectionData + IN EFI_SECTION_TYPE SectionType, + IN FFS_CHECK_SECTION_HOOK SectionCheckHook, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData ) { EFI_FFS_FILE_HEADER *FfsFileHeader; @@ -478,6 +495,7 @@ FfsFindSectionData ( =20 return FfsProcessSection ( SectionType, + SectionCheckHook, Section, FileSize, SectionData @@ -799,7 +817,7 @@ FfsProcessFvFile ( // // Find FvImage in FvFile // - Status =3D FfsFindSectionData (EFI_SECTION_FIRMWARE_VOLUME_IMAGE, FvFile= Handle, (VOID **)&FvImageHandle); + Status =3D FfsFindSectionData (EFI_SECTION_FIRMWARE_VOLUME_IMAGE, NULL, = FvFileHandle, (VOID **)&FvImageHandle); if (EFI_ERROR (Status)) { return Status; } diff --git a/EmbeddedPkg/Library/PrePiLib/PrePiLib.c b/EmbeddedPkg/Library/= PrePiLib/PrePiLib.c index a0c5d02debd0..3b6fc4f0eba8 100644 --- a/EmbeddedPkg/Library/PrePiLib/PrePiLib.c +++ b/EmbeddedPkg/Library/PrePiLib/PrePiLib.c @@ -131,7 +131,7 @@ LoadDxeCoreFromFfsFile ( VOID *Hob; EFI_FV_FILE_INFO FvFileInfo; =20 - Status =3D FfsFindSectionData (EFI_SECTION_PE32, FileHandle, &PeCoffImag= e); + Status =3D FfsFindSectionData (EFI_SECTION_PE32, NULL, FileHandle, &PeCo= ffImage); if (EFI_ERROR (Status)) { return Status; } --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98606): https://edk2.groups.io/g/devel/message/98606 Mute This Topic: https://groups.io/mt/96319662/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 17:45:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+98607+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98607+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1673911941; cv=none; d=zohomail.com; s=zohoarc; b=YTPxLSIz4Td+nyDVWN2nAKY8eFD1hzw1XRYdLNM+cwF1cbzYxC65L6jiJO0SBv+vKxZQI1ds6hQc9jKj+5TTEVpTxttXC8HdCZAxmSijYnp6pNopRaPqKgeh470QMvI0dhnZSULeA/EMH2lPdWk4kZ4e0V1Tnn0E+9t/HSTmB1w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673911941; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/koWDNatNE2k+1AOf+zUzFia2TJH335dOfLKXrKgAc8=; b=OfSdaJpaWGxZvrYXR8I0xs/neCt7xkQMaQSzcu8ZrCTEZ9sNn9RoWEE9jCEFBmxshEc5pk7pmOSu5RMsu/j3n9rvAJGN+Io9ImRiCvSmTlbLIun1wG46atn8SC1+nCSjTmGTa8Ez0d1twBP9q2Kr4CeRr750tzSzwpDRx7jivGw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98607+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1673911941200150.58923339452497; Mon, 16 Jan 2023 15:32:21 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id IhuUYY1788612xkV5pvbT99I; Mon, 16 Jan 2023 15:32:20 -0800 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.183457.1673911935704512234 for ; Mon, 16 Jan 2023 15:32:20 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="312432497" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="312432497" X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:19 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="987930926" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="987930926" X-Received: from huiyanxi-mobl.ccr.corp.intel.com (HELO mxu9-mobl1.ccr.corp.intel.com) ([10.254.211.139]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:17 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Gerd Hoffmann , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [edk2-devel] [PATCH V3 2/4] OvmfPkg: Add PCDs/GUID for NCCFV Date: Tue, 17 Jan 2023 07:31:56 +0800 Message-Id: <20230116233158.1268-3-min.m.xu@intel.com> In-Reply-To: <20230116233158.1268-1-min.m.xu@intel.com> References: <20230116233158.1268-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: anwcUJBEwCNgDtEdGoxNR1yGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1673911940; bh=hoIcyqLXamOgAvS757FjdUMtgv7sz4oTP2C+bbTHI5M=; h=Cc:Date:From:Reply-To:Subject:To; b=TTP9WrTCJkoSxyTQvWiPF8Sa7hN3wsIgJHNex+kCQP5Tyy+/vycubt8ahUMVxdlqtV8 bdAnSrQep/qMkuAsOSxw+7/lEnXYYG731tvL/H2Dqy0VJdqGRyeW+xmTnUO6/Y1FUq5/b dgafL867dMp1SYczXCecojD6Tg05iPl6lnY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1673911942993100010 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4152 NCCFV refers to Non-Confidential-Computing-FV. It includes the DXE phase drivers which are only loaded/started in non-cc guest. Hence the PCDs / GUID for NCCFV are defined in OvmfPkg.dec. Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Min Xu Acked-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/OvmfPkg.dec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index e07546f4a701..1b521f2604ff 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -156,6 +156,7 @@ gUefiOvmfPkgPlatformInfoGuid =3D {0xdec9b486, 0x1f16, 0x47c7, {= 0x8f, 0x68, 0xdf, 0x1a, 0x41, 0x88, 0x8b, 0xa5}} gVMMBootOrderGuid =3D {0x668f4529, 0x63d0, 0x4bb5, {= 0xb6, 0x5d, 0x6f, 0xbb, 0x9d, 0x36, 0xa4, 0x4a}} gUefiOvmfPkgTdxAcpiHobGuid =3D {0x6a0c5870, 0xd4ed, 0x44f4, {= 0xa1, 0x35, 0xdd, 0x23, 0x8b, 0x6f, 0x0c, 0x8d}} + gEfiNonCcFvGuid =3D {0xae047c6d, 0xbce9, 0x426c, {= 0xae, 0x03, 0xa6, 0x8e, 0x3b, 0x8a, 0x04, 0x88}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss @@ -192,6 +193,8 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize|0x0|UINT32|1 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|0x0|UINT32|0x15 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize|0x0|UINT32|0x16 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeNonCcFvBase|0x0|UINT32|0x6a + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeNonCcFvSize|0x0|UINT32|0x6b =20 ## This flag is used to control the destination port for PlatformDebugLi= bIoPort gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort|0x402|UINT16|4 --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98607): https://edk2.groups.io/g/devel/message/98607 Mute This Topic: https://groups.io/mt/96319663/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 17:45:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+98608+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98608+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1673911943; cv=none; d=zohomail.com; s=zohoarc; b=VVvIjaMTBLeod3UXEzsEHNrvXutHhamFrMnexAVu+MiqeqqVhfhSXw3yanmBbw+LzzQq2W8Ec6ZFnuUVTDSbMcSRB3MTdN4tUSn/c2Oe8QSBSaiMozhTz5WDIsDJM7KKSkikIP3B88IMrE5gA0njfcDFiDzrUH7ReAnOF0NzvKU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673911943; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=OtkgLbNL0m6t3g+ZPCu2144vJzGb6pRJ6VnHixYS8bw=; b=EM1qkDbFitquhMc4UzEfEwU5gM3wscWl0OlHg2WEB/tluXo7H0rJuc6ryoIoQjC1SEmVphTvAc8HzS7Fs8HiU4ntVdZQ1MN9jYEMVhtYwwTlQ1sHst467YNLtkGrbixX0UxLTsiyRKgf4kzGzVB7lr6k90WK3S2mUU/fgGiRqIY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98608+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1673911943066279.1016313199249; Mon, 16 Jan 2023 15:32:23 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id MXQxYY1788612xlcXGLBg3sf; Mon, 16 Jan 2023 15:32:22 -0800 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.183457.1673911935704512234 for ; Mon, 16 Jan 2023 15:32:22 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="312432529" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="312432529" X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:21 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="987930940" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="987930940" X-Received: from huiyanxi-mobl.ccr.corp.intel.com (HELO mxu9-mobl1.ccr.corp.intel.com) ([10.254.211.139]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:19 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Gerd Hoffmann , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [edk2-devel] [PATCH V3 3/4] OvmfPkg/IntelTdx: Enable separate-fv in IntelTdx/IntelTdxX64.fdf Date: Tue, 17 Jan 2023 07:31:57 +0800 Message-Id: <20230116233158.1268-4-min.m.xu@intel.com> In-Reply-To: <20230116233158.1268-1-min.m.xu@intel.com> References: <20230116233158.1268-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: v3hHmEE4vyGgeZmxunOPsL1Ux1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1673911942; bh=EcZYapaRDRFuuZgm2nPVxmvlQxF+I/K2Hnu3Ix0Awq0=; h=Cc:Date:From:Reply-To:Subject:To; b=aRQ2KTgfTpGpBl1fu6nYr8G7c3uxwA5Kog7VAeOTHNhEnWhNkjBCrUkkF9PNvnHUNml YxO91zdYtZ4UDht/PqksAjq/+HDtM/5DsWXKEqzJ+uI8AGBds4cYf+0HQpfLpmGaUvyGZ oZ6gro7d2oaYFDuUw6cwpAFWFr+qsr3Zp6s= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1673911945049100014 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4152 In current DXE FV there are 100+ drivers. Some of the drivers are not used in Td guest. (Such as USB support drivers, network related drivers, etc). From the security perspective if a driver is not used, we'd should prevent it from being loaded / started. There are 2 benefits: 1. Reduce the attack surface 2. Improve the boot performance So we separate DXEFV into 2 FVs: DXEFV and NCCFV. All the drivers which are not needed by a Confidential Computing guest are moved from DXEFV to NCCFV. The following patch will find NCCFV for non-cc guest and build FVHob so that NCCFV drivers can be loaded / started in DXE phase. Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Min Xu Acked-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 11 ++- OvmfPkg/IntelTdx/IntelTdxX64.fdf | 112 ++++++++++++++++++++----------- 2 files changed, 83 insertions(+), 40 deletions(-) diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 81511e3556a6..0f1e970fbbb3 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -31,6 +31,11 @@ # DEFINE SECURE_BOOT_ENABLE =3D FALSE =20 + # + # Shell can be useful for debugging but should not be enabled for produc= tion + # + DEFINE BUILD_SHELL =3D TRUE + # # Device drivers # @@ -204,7 +209,9 @@ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseV= ariableFlashInfoLib.inf =20 +!if $(BUILD_SHELL) =3D=3D TRUE ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf +!endif ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip= tLib.inf SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf @@ -720,12 +727,13 @@ MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf =20 -!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" +!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(BUILD_SHELL) =3D=3D TRUE OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.in= f { gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE } !endif +!if $(BUILD_SHELL) =3D=3D TRUE ShellPkg/Application/Shell/Shell.inf { ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellComman= dLib.inf @@ -744,6 +752,7 @@ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 } +!endif =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX6= 4.fdf index a57bbcee8986..73dffc104301 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf @@ -97,10 +97,14 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPk= gTokenSpaceGuid.PcdOvmfCp 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 -0x100000|0xC00000 +0x100000|0x700000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 +0x800000|0x500000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeNonCcFvBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfDxeNonCcFvSize +FV =3D NCCFV + ##########################################################################= ################ # Set the SEV-ES specific work area PCDs # @@ -183,7 +187,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf =20 INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf -INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf =20 INF UefiCpuPkg/CpuDxe/CpuDxe.inf @@ -201,17 +204,6 @@ INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRe= alTimeClockRuntimeDxe.inf INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf -INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -INF OvmfPkg/VirtioRngDxe/VirtioRng.inf -!if $(PVSCSI_ENABLE) =3D=3D TRUE -INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -!endif -!if $(MPT_SCSI_ENABLE) =3D=3D TRUE -INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf -!endif -!if $(LSI_SCSI_ENABLE) =3D=3D TRUE -INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf -!endif =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon= figDxe.inf @@ -222,19 +214,14 @@ INF MdeModulePkg/Universal/MonotonicCounterRuntimeDx= e/MonotonicCounterRuntimeDx INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf -INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.= inf INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.= inf INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf INF MdeModulePkg/Application/UiApp/UiApp.inf INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf -INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf -INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf -INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf INF OvmfPkg/SataControllerDxe/SataControllerDxe.inf INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -242,34 +229,94 @@ INF MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe= .inf INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe= .inf =20 INF OvmfPkg/SioBusDxe/SioBusDxe.inf INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf -INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf =20 INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf =20 INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf + +INF FatPkg/EnhancedFatDxe/Fat.inf +INF OvmfPkg/TdxDxe/TdxDxe.inf + +INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf + +# +# Variable driver stack (non-SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + +# +# EFI_CC_MEASUREMENT_PROTOCOL +# +INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf + +##########################################################################= ###### + +[FV.NCCFV] +FvForceRebase =3D FALSE +FvNameGuid =3D AE047C6D-BCE9-426C-AE03-A68E3B8A0488 +BlockSize =3D 0x10000 +FvAlignment =3D 16 +ERASE_POLARITY =3D 1 +MEMORY_MAPPED =3D TRUE +STICKY_WRITE =3D TRUE +LOCK_CAP =3D TRUE +LOCK_STATUS =3D TRUE +WRITE_DISABLED_CAP =3D TRUE +WRITE_ENABLED_CAP =3D TRUE +WRITE_STATUS =3D TRUE +WRITE_LOCK_CAP =3D TRUE +WRITE_LOCK_STATUS =3D TRUE +READ_DISABLED_CAP =3D TRUE +READ_ENABLED_CAP =3D TRUE +READ_STATUS =3D TRUE +READ_LOCK_CAP =3D TRUE +READ_LOCK_STATUS =3D TRUE + +# +# DXE Phase modules +# +INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf +INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf +INF OvmfPkg/VirtioRngDxe/VirtioRng.inf +!if $(PVSCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf +!endif +!if $(MPT_SCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf +!endif +!if $(LSI_SCSI_ENABLE) =3D=3D TRUE +INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf +!endif +INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.= inf +INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.= inf +INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf +INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf +INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe= .inf +INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorD= xe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphics= ResourceTableDxe.inf - -INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf =20 -!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" +!if $(BUILD_SHELL) =3D=3D TRUE && $(TOOL_CHAIN_TAG) !=3D "XCODE5" INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand= .inf !endif +!if $(BUILD_SHELL) =3D=3D TRUE INF ShellPkg/Application/Shell/Shell.inf +!endif =20 INF MdeModulePkg/Logo/LogoDxe.inf =20 -INF OvmfPkg/TdxDxe/TdxDxe.inf - # # Usb Support # @@ -285,20 +332,6 @@ INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf -INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf - -# -# Variable driver stack (non-SMM) -# -INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf -INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf -INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf -INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - -# -# EFI_CC_MEASUREMENT_PROTOCOL -# -INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf =20 ##########################################################################= ###### =20 @@ -329,6 +362,7 @@ FILE FV_IMAGE =3D 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { # compression operation in order to achieve better overall compressio= n. # SECTION FV_IMAGE =3D DXEFV + SECTION FV_IMAGE =3D NCCFV } } =20 --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98608): https://edk2.groups.io/g/devel/message/98608 Mute This Topic: https://groups.io/mt/96319665/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 17:45:54 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+98609+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98609+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1673911945; cv=none; d=zohomail.com; s=zohoarc; b=n3rlqVYPx5XlR2R8znnxplvqwc6/HkLqrtG8/H82DShqu9TfnDv7M19U+5gT0zyF6WDFodG4z5996dRhhKfFTdbNchi/G0N2b0fur5BFKxOy/IQiXXxl5GRZ7MMnxRtB7Bc5eGtlJzYbzPJ8OrAeBUub+w9UeexFX4zgn6LsGZI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1673911945; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hL62n+1ALTYEdZvQJup/+qjuy55LwlWY0E6kuauwIAo=; b=OsEgW29A9FyFSAyhOhc7Bfs2/OqfqUasNGlNtWlsXYzn3zNtdkyVWdhZaEKjyDvgODvU48l0lIYkMq+4gOdxiilrD3THXU7mHwVxJ7nhXti0ir6TuH3LjZrIMaHogTN5T+6J2JGSpEDB2hcMVmLP6WE9t2xvJjMaC5GeqqkI7HA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+98609+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1673911945337328.1423653864289; Mon, 16 Jan 2023 15:32:25 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id ytZEYY1788612xjpZJGTqxd4; Mon, 16 Jan 2023 15:32:25 -0800 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.183457.1673911935704512234 for ; Mon, 16 Jan 2023 15:32:24 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="312432556" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="312432556" X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:23 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10592"; a="987930951" X-IronPort-AV: E=Sophos;i="5.97,222,1669104000"; d="scan'208";a="987930951" X-Received: from huiyanxi-mobl.ccr.corp.intel.com (HELO mxu9-mobl1.ccr.corp.intel.com) ([10.254.211.139]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2023 15:32:21 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Gerd Hoffmann , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [edk2-devel] [PATCH V3 4/4] OvmfPkg/PeilessStartupLib: Find NCCFV in non-td guest Date: Tue, 17 Jan 2023 07:31:58 +0800 Message-Id: <20230116233158.1268-5-min.m.xu@intel.com> In-Reply-To: <20230116233158.1268-1-min.m.xu@intel.com> References: <20230116233158.1268-1-min.m.xu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: C1ELiANMsuydB3RO3Yf1JFOdx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1673911945; bh=AsZoivX37rKflFua1/TaLxzFkh9FbC2tbPW+HNOz9LI=; h=Cc:Date:From:Reply-To:Subject:To; b=M5OvVyoALjfyjFQpEcEdPfHJjUbXzvQ6hEloj6F1keDM7HyEhND3S3HwSFTaF/n6OkU 5JRmHSufxRi9WRDN/eW8zLZi2J72ebe5HrgW9xBQrmEvcLWS8azV7rZhtlWlKImiTgRin gJjRz5vjgyT6NDa4l05AsTf0GfsmLEnFIXM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1673911947094100018 Content-Type: text/plain; charset="utf-8" From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4152 As described in BZ#4152, NCCFV includes the DXE phase drivers for non-cc guest. PeilessStartupLib is updated to find NCCFV for non-cc guest. Cc: Gerd Hoffmann Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Min Xu Acked-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/Library/PeilessStartupLib/DxeLoad.c | 134 +++++++++++++++++- .../PeilessStartupInternal.h | 6 + .../PeilessStartupLib/PeilessStartupLib.inf | 1 + 3 files changed, 140 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c b/OvmfPkg/Library/= PeilessStartupLib/DxeLoad.c index 6e79c3084672..4b1fefd452dc 100644 --- a/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c +++ b/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =20 #define STACK_SIZE 0x20000 +extern EFI_GUID gEfiNonCcFvGuid; =20 /** Transfers control to DxeCore. @@ -136,6 +137,133 @@ FindDxeCore ( return Status; } =20 +/** + * This is a FFS_CHECK_SECTION_HOOK which is defined by caller to check + * if the section is an EFI_SECTION_FIRMWARE_VOLUME_IMAGE and if it is + * a NonCc FV. + * + * @param Section The section in which we're checking for the NonCc = FV. + * @return EFI_STATUS The section is the NonCc FV. + */ +EFI_STATUS +EFIAPI +CheckSectionHookForDxeNonCc ( + IN EFI_COMMON_SECTION_HEADER *Section + ) +{ + VOID *Buffer; + EFI_STATUS Status; + EFI_FV_INFO FvImageInfo; + + if (Section->Type !=3D EFI_SECTION_FIRMWARE_VOLUME_IMAGE) { + return EFI_INVALID_PARAMETER; + } + + if (IS_SECTION2 (Section)) { + Buffer =3D (VOID *)((UINT8 *)Section + sizeof (EFI_COMMON_SECTION_HEAD= ER2)); + } else { + Buffer =3D (VOID *)((UINT8 *)Section + sizeof (EFI_COMMON_SECTION_HEAD= ER)); + } + + ZeroMem (&FvImageInfo, sizeof (FvImageInfo)); + Status =3D FfsGetVolumeInfo ((EFI_PEI_FV_HANDLE)(UINTN)Buffer, &FvImageI= nfo); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Cannot get volume info! %r\n", Status)); + return Status; + } + + return CompareGuid (&FvImageInfo.FvName, &gEfiNonCcFvGuid) ? EFI_SUCCESS= : EFI_NOT_FOUND; +} + +/** + * Find the NonCc FV. + * + * @param FvInstance The FvInstance number. + * @return EFI_STATUS Successfuly find the NonCc FV. + */ +EFI_STATUS +EFIAPI +FindDxeNonCc ( + IN INTN FvInstance + ) +{ + EFI_STATUS Status; + EFI_PEI_FV_HANDLE VolumeHandle; + EFI_PEI_FILE_HANDLE FileHandle; + EFI_PEI_FV_HANDLE FvImageHandle; + EFI_FV_INFO FvImageInfo; + UINT32 FvAlignment; + VOID *FvBuffer; + + FileHandle =3D NULL; + + // + // Caller passed in a specific FV to try, so only try that one + // + Status =3D FfsFindNextVolume (FvInstance, &VolumeHandle); + ASSERT (Status =3D=3D EFI_SUCCESS); + + Status =3D FfsFindNextFile (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE, Volum= eHandle, &FileHandle); + ASSERT (FileHandle !=3D NULL); + + // + // Find FvImage in FvFile + // + Status =3D FfsFindSectionData (EFI_SECTION_FIRMWARE_VOLUME_IMAGE, CheckS= ectionHookForDxeNonCc, FileHandle, (VOID **)&FvImageHandle); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Collect FvImage Info. + // + ZeroMem (&FvImageInfo, sizeof (FvImageInfo)); + Status =3D FfsGetVolumeInfo (FvImageHandle, &FvImageInfo); + ASSERT_EFI_ERROR (Status); + + // + // FvAlignment must be more than 8 bytes required by FvHeader structure. + // + FvAlignment =3D 1 << ((FvImageInfo.FvAttributes & EFI_FVB2_ALIGNMENT) >>= 16); + if (FvAlignment < 8) { + FvAlignment =3D 8; + } + + // + // Check FvImage + // + if ((UINTN)FvImageInfo.FvStart % FvAlignment !=3D 0) { + FvBuffer =3D AllocateAlignedPages (EFI_SIZE_TO_PAGES ((UINT32)FvImageI= nfo.FvSize), FvAlignment); + if (FvBuffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (FvBuffer, FvImageInfo.FvStart, (UINTN)FvImageInfo.FvSize); + // + // Update FvImageInfo after reload FvImage to new aligned memory + // + FfsGetVolumeInfo ((EFI_PEI_FV_HANDLE)FvBuffer, &FvImageInfo); + } + + // + // Inform HOB consumer phase, i.e. DXE core, the existence of this FV + // + BuildFvHob ((EFI_PHYSICAL_ADDRESS)(UINTN)FvImageInfo.FvStart, FvImageInf= o.FvSize); + + // + // Makes the encapsulated volume show up in DXE phase to skip processing= of + // encapsulated file again. + // + BuildFv2Hob ( + (EFI_PHYSICAL_ADDRESS)(UINTN)FvImageInfo.FvStart, + FvImageInfo.FvSize, + &FvImageInfo.FvName, + &(((EFI_FFS_FILE_HEADER *)FileHandle)->Name) + ); + + return Status; +} + /** This function finds DXE Core in the firmware volume and transfer the co= ntrol to DXE core. @@ -168,10 +296,14 @@ DxeLoadCore ( return Status; } =20 + if (!TdIsEnabled ()) { + FindDxeNonCc (FvInstance); + } + // // Load the DXE Core from a Firmware Volume. // - Status =3D FfsFindSectionData (EFI_SECTION_PE32, FileHandle, &PeCoffImag= e); + Status =3D FfsFindSectionData (EFI_SECTION_PE32, NULL, FileHandle, &PeCo= ffImage); if (EFI_ERROR (Status)) { return Status; } diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h b/O= vmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h index 09cac3e26c67..f56bc3578e5e 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h @@ -21,6 +21,12 @@ DxeLoadCore ( IN INTN FvInstance ); =20 +EFI_STATUS +EFIAPI +FindDxeNonCc ( + IN INTN FvInstance + ); + VOID EFIAPI TransferHobList ( diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/Ovmf= Pkg/Library/PeilessStartupLib/PeilessStartupLib.inf index def50b4b019e..5c6eb1597bea 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -67,6 +67,7 @@ gEfiMemoryTypeInformationGuid gPcdDataBaseHobGuid gCcEventEntryHobGuid + gEfiNonCcFvGuid =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98609): https://edk2.groups.io/g/devel/message/98609 Mute This Topic: https://groups.io/mt/96319667/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-