From nobody Mon Feb 9 19:54:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89656+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89656+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1652187074; cv=none; d=zohomail.com; s=zohoarc; b=h4bP0KdlEspDG7j0C7k7te3pBpv70kKdThUYRjXA+NMzSjW9F4NXoBIulT47MXJsknfH+S5EW+e96Xtx1BaRCTYzPRs1/Jue+f6NGqsOBwpkFWDb1wU+RNWVnE7UK63vqILcB7qNi0qHukmySKO6vOKO+Q0jdC8Qsmwt+9PLJsA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1652187074; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9ARbWKnPO22yRrcEoCqHPpDmOv+Bd8IBNVKACCfbFqc=; b=FbuU4gLkz1ltPoHvlogNKqzrmlyHYMC0pTMisRZbjstxSG4WsIMXt6Torjo0tbqqAq70tIQ/u3Ql50cGdkh8av2xLt3hugXPrQY2zv2X7519/tGTochVW2pDr0mkXA+TJfKEsF5zHEyDI2f5BJA+vgpZuWPWE6zJTLno6DOJQlc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89656+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 165218707487279.7346746374152; Tue, 10 May 2022 05:51:14 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id iyNlYY1788612x27cwRc1ffM; Tue, 10 May 2022 05:51:14 -0700 X-Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.9335.1652187068864256248 for ; Tue, 10 May 2022 05:51:13 -0700 X-IronPort-AV: E=McAfee;i="6400,9594,10342"; a="269499096" X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="269499096" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 05:51:12 -0700 X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="593493431" X-Received: from amrutaya-mobl1.gar.corp.intel.com (HELO sboeuf-mobl.intel.com) ([10.251.220.13]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 05:51:11 -0700 From: "Boeuf, Sebastien" To: devel@edk2.groups.io Cc: jiewen.yao@intel.com, jordan.l.justen@intel.com, kraxel@redhat.com, sebastien.boeuf@intel.com Subject: [edk2-devel] [PATCH 1/4] OvmfPkg: CloudHv: Fix FW_BASE_ADDRESS Date: Tue, 10 May 2022 14:50:43 +0200 Message-Id: <6568b41858f6d8259286dd4b5400d9ddcf80a9ea.1652186234.git.sebastien.boeuf@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,sebastien.boeuf@intel.com X-Gm-Message-State: xVMTp0lOia9ahPFgzEV2au7ox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1652187074; bh=AXYtTOOk3M4LPsVd86HqRezGFEj6kXKWw42oyM4Osxo=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=w+rkKJD3hbO8EucrUM7Ur3WvFJCE85S5okCSsD+261ugmbWP4oMl1B0aVhufv+2RwVO tA1n8v6pC8G32l4c7zO+/RVkYOP7E0PR1gOou7+fC31Qn0N3NfpnFE/dINuATEgLRg0GW eZpDrfFoMkCuOQzDBnnv15K+SfHOnpLeuOE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1652187076064100007 Content-Type: text/plain; charset="utf-8" From: Sebastien Boeuf The FW_BASE_ADDRESS value provided by OvmfPkgDefines.fdf.inc is incorrect for the CloudHv target. We know the generated firmware contains a PVH ELF header, meaning it will be loaded according to the address provided through this header. And since we know this address isn't going to change as it's part of CloudHvElfHeader.fdf.inc, we can hardcode it through a new include file CloudHvDefines.fdf.inc, which replaces the generic one OvmfPkgDefines.fdf.inc. With this change, we prevent the firmware from accessing MMIO addresses from the address range 0xffc00000-0xffffffff since we know the firmware hasn't been loaded on this address range. Signed-off-by: Sebastien Boeuf --- OvmfPkg/CloudHv/CloudHvDefines.fdf.inc | 65 ++++++++++++++++++++++++++ OvmfPkg/CloudHv/CloudHvX64.fdf | 2 +- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 OvmfPkg/CloudHv/CloudHvDefines.fdf.inc diff --git a/OvmfPkg/CloudHv/CloudHvDefines.fdf.inc b/OvmfPkg/CloudHv/Cloud= HvDefines.fdf.inc new file mode 100644 index 0000000000..2198cbcd87 --- /dev/null +++ b/OvmfPkg/CloudHv/CloudHvDefines.fdf.inc @@ -0,0 +1,65 @@ +## @file +# FDF include file that defines the main macros and sets the dependent PC= Ds. +# +# Copyright (C) 2014, Red Hat, Inc. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +DEFINE BLOCK_SIZE =3D 0x1000 +DEFINE VARS_OFFSET =3D 0 + +DEFINE VARS_SIZE =3D 0x84000 +DEFINE VARS_BLOCKS =3D 0x84 +DEFINE VARS_LIVE_SIZE =3D 0x40000 +DEFINE VARS_SPARE_SIZE =3D 0x42000 + +DEFINE FW_BASE_ADDRESS =3D 0x004FFFD0 +DEFINE FW_SIZE =3D 0x00400000 +DEFINE FW_BLOCKS =3D 0x400 +DEFINE CODE_BASE_ADDRESS =3D 0x00583FD0 +DEFINE CODE_SIZE =3D 0x0037C000 +DEFINE CODE_BLOCKS =3D 0x37C +DEFINE FVMAIN_SIZE =3D 0x00348000 +DEFINE SECFV_OFFSET =3D 0x003CC000 +DEFINE SECFV_SIZE =3D 0x34000 + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress =3D $(FW_BASE_ADDR= ESS) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareFdSize =3D $(FW_SIZE) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareBlockSize =3D $(BLOCK_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase =3D $(FW_= BASE_ADDRESS) +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize =3D $(VAR= S_LIVE_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase + gEfiMdeModulePkgT= okenSpaceGuid.PcdFlashNvStorageVariableSize +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogSize =3D $(BLO= CK_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogBase + gUefiOvmfPkgTok= enSpaceGuid.PcdOvmfFlashNvStorageEventLogSize +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize =3D $(B= LOCK_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + gEfiMdeModulePk= gTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D $(VAR= S_SPARE_SIZE) + +# The OVMF WorkArea contains a fixed size header followed by the actual da= ta. +# The size of header is accessed through a fixed PCD in the reset vector c= ode. +# The value need to be kept in sync with the any changes to the Confidenti= al +# Computing Work Area header defined in the Include/WorkArea.h +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader = =3D 4 + +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase =3D $(FW_BASE_ADDRESS) +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataOffset =3D $(VARS_OFFSET) +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize =3D $(VARS_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase =3D $(CODE_BASE_ADDRES= S) +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset =3D $(VARS_SIZE) +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize =3D $(CODE_SIZE) + +!if $(SMM_REQUIRE) =3D=3D TRUE +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase +!endif + +DEFINE MEMFD_BASE_ADDRESS =3D 0x800000 diff --git a/OvmfPkg/CloudHv/CloudHvX64.fdf b/OvmfPkg/CloudHv/CloudHvX64.fdf index de64a3a709..a41a553693 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.fdf +++ b/OvmfPkg/CloudHv/CloudHvX64.fdf @@ -11,7 +11,7 @@ ##########################################################################= ###### =20 [Defines] -!include OvmfPkg/OvmfPkgDefines.fdf.inc +!include CloudHvDefines.fdf.inc =20 # # This will allow the flash device image to be recognize as an ELF, with f= irst --=20 2.32.0 --------------------------------------------------------------------- Intel Corporation SAS (French simplified joint stock company) Registered headquarters: "Les Montalets"- 2, rue de Paris,=20 92196 Meudon Cedex, France Registration Number: 302 456 199 R.C.S. NANTERRE Capital: 5 208 026.16 Euros This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89656): https://edk2.groups.io/g/devel/message/89656 Mute This Topic: https://groups.io/mt/91011838/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-