diff options
author | Laszlo Ersek <lersek@redhat.com> | 2019-09-23 11:41:41 +0200 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-02-05 12:59:32 +0000 |
commit | 9108fc17b09cf89a6dad0dcad3e15fb884ccf707 (patch) | |
tree | 646aade93f26e87051783352d87c307769bb0387 /OvmfPkg/SmmAccess/SmmAccess2Dxe.c | |
parent | 300aae1180909b9141225d6a67e100fbfacc758f (diff) | |
download | edk2-9108fc17b09cf89a6dad0dcad3e15fb884ccf707.tar.gz edk2-9108fc17b09cf89a6dad0dcad3e15fb884ccf707.tar.bz2 edk2-9108fc17b09cf89a6dad0dcad3e15fb884ccf707.zip |
OvmfPkg/SmmAccess: close and lock SMRAM at default SMBASE
During normal boot, when EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is installed
by platform BDS, the SMM IPL locks SMRAM (TSEG) through
EFI_SMM_ACCESS2_PROTOCOL.Lock(). See SmmIplReadyToLockEventNotify() in
"MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c".
During S3 resume, S3Resume2Pei locks SMRAM (TSEG) through
PEI_SMM_ACCESS_PPI.Lock(), before executing the boot script. See
S3ResumeExecuteBootScript() in
"UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c".
Those are precisely the places where the SMRAM at the default SMBASE
should be locked too. Add such an action to SmramAccessLock().
Notes:
- The SMRAM at the default SMBASE doesn't support the "closed and
unlocked" state (and so it can't be closed without locking it, and it
cannot be opened after closing it).
- The SMRAM at the default SMBASE isn't (and shouldn't) be exposed with
another EFI_SMRAM_DESCRIPTOR in the GetCapabilities() members of
EFI_SMM_ACCESS2_PROTOCOL / PEI_SMM_ACCESS_PPI. That's because the SMRAM
in question is not "general purpose"; it's only QEMU's solution to
protect the initial SMI handler from the OS, when a VCPU is hot-plugged.
Consequently, the state of the SMRAM at the default SMBASE is not
reflected in the "OpenState" / "LockState" fields of the protocol and
PPI.
- An alternative to extending SmramAccessLock() would be to register an
EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL notify in SmmAccess2Dxe (for locking
at normal boot), and an EDKII_S3_SMM_INIT_DONE_GUID PPI notify in
SmmAccessPei (for locking at S3 resume).
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1512
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Message-Id: <20200129214412.2361-10-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Diffstat (limited to 'OvmfPkg/SmmAccess/SmmAccess2Dxe.c')
-rw-r--r-- | OvmfPkg/SmmAccess/SmmAccess2Dxe.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/OvmfPkg/SmmAccess/SmmAccess2Dxe.c b/OvmfPkg/SmmAccess/SmmAccess2Dxe.c index e098f6f15f..3691a6cd1f 100644 --- a/OvmfPkg/SmmAccess/SmmAccess2Dxe.c +++ b/OvmfPkg/SmmAccess/SmmAccess2Dxe.c @@ -145,6 +145,13 @@ SmmAccess2DxeEntryPoint ( InitQ35TsegMbytes ();
GetStates (&mAccess2.LockState, &mAccess2.OpenState);
+
+ //
+ // SmramAccessLock() depends on "mQ35SmramAtDefaultSmbase"; init the latter
+ // just before exposing the former via EFI_SMM_ACCESS2_PROTOCOL.Lock().
+ //
+ InitQ35SmramAtDefaultSmbase ();
+
return gBS->InstallMultipleProtocolInterfaces (&ImageHandle,
&gEfiSmmAccess2ProtocolGuid, &mAccess2,
NULL);
|