diff options
| author | Gerd Hoffmann <kraxel@redhat.com> | 2024-04-22 12:47:28 +0200 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-04-22 13:05:21 +0000 |
| commit | 506740982bba199f12e75f6cfda510c30aa4e7c6 (patch) | |
| tree | 10ae52dc39d09402ac9f95855dae34cda933d63b | |
| parent | ddc43e7a41fac5b1dc93b1d0bb1e71319acfba4e (diff) | |
| download | edk2-506740982bba199f12e75f6cfda510c30aa4e7c6.tar.gz edk2-506740982bba199f12e75f6cfda510c30aa4e7c6.tar.bz2 edk2-506740982bba199f12e75f6cfda510c30aa4e7c6.zip | |
OvmfPkg/VirtHstiDxe: add code flash check
Detects qemu config issue: code pflash is writable.
Checked for both PC and Q35.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
| -rw-r--r-- | OvmfPkg/VirtHstiDxe/QemuCommon.c | 36 | ||||
| -rw-r--r-- | OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 4 | ||||
| -rw-r--r-- | OvmfPkg/VirtHstiDxe/VirtHstiDxe.h | 13 | ||||
| -rw-r--r-- | OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 2 |
4 files changed, 55 insertions, 0 deletions
diff --git a/OvmfPkg/VirtHstiDxe/QemuCommon.c b/OvmfPkg/VirtHstiDxe/QemuCommon.c new file mode 100644 index 0000000000..4ab3fe2d6e --- /dev/null +++ b/OvmfPkg/VirtHstiDxe/QemuCommon.c @@ -0,0 +1,36 @@ +/** @file
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#include "VirtHstiDxe.h"
+
+VOID
+VirtHstiQemuCommonInit (
+ VIRT_ADAPTER_INFO_PLATFORM_SECURITY *VirtHsti
+ )
+{
+ VirtHstiSetSupported (VirtHsti, 0, VIRT_HSTI_BYTE0_READONLY_CODE_FLASH);
+}
+
+VOID
+VirtHstiQemuCommonVerify (
+ VOID
+ )
+{
+ CHAR16 *ErrorMsg;
+
+ switch (VirtHstiQemuFirmwareFlashCheck (PcdGet32 (PcdBfvBase))) {
+ case QEMU_FIRMWARE_FLASH_WRITABLE:
+ ErrorMsg = L"qemu code pflash is writable";
+ break;
+ default:
+ ErrorMsg = NULL;
+ }
+
+ VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_READONLY_CODE_FLASH);
+}
diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c index 74e5e6bd9d..b6e53a1219 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c @@ -104,9 +104,11 @@ VirtHstiOnReadyToBoot ( switch (VirtHstiGetHostBridgeDevId ()) {
case INTEL_82441_DEVICE_ID:
VirtHstiQemuPCVerify ();
+ VirtHstiQemuCommonVerify ();
break;
case INTEL_Q35_MCH_DEVICE_ID:
VirtHstiQemuQ35Verify ();
+ VirtHstiQemuCommonVerify ();
break;
default:
ASSERT (FALSE);
@@ -142,9 +144,11 @@ VirtHstiDxeEntrypoint ( switch (DevId) {
case INTEL_82441_DEVICE_ID:
VirtHsti = VirtHstiQemuPCInit ();
+ VirtHstiQemuCommonInit (VirtHsti);
break;
case INTEL_Q35_MCH_DEVICE_ID:
VirtHsti = VirtHstiQemuQ35Init ();
+ VirtHstiQemuCommonInit (VirtHsti);
break;
default:
DEBUG ((DEBUG_INFO, "%a: unknown platform (0x%x)\n", __func__, DevId));
diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h index ceff41c037..f8bdcfe8f2 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK BIT0
#define VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH BIT1
+#define VIRT_HSTI_BYTE0_READONLY_CODE_FLASH BIT2
typedef struct {
// ADAPTER_INFO_PLATFORM_SECURITY
@@ -67,6 +68,18 @@ VirtHstiQemuPCVerify ( VOID
);
+/* QemuCommon.c */
+
+VOID
+VirtHstiQemuCommonInit (
+ VIRT_ADAPTER_INFO_PLATFORM_SECURITY *VirtHsti
+ );
+
+VOID
+VirtHstiQemuCommonVerify (
+ VOID
+ );
+
/* Flash.c */
#define QEMU_FIRMWARE_FLASH_UNKNOWN 0
diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf index b6bdd1f22e..9514933011 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf @@ -22,6 +22,7 @@ VirtHstiDxe.c
QemuPC.c
QemuQ35.c
+ QemuCommon.c
Flash.c
[Packages]
@@ -48,6 +49,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase
[Depex]
|