summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ArmVirt/PlatformBootManagerLib: factor out IsVirtio()Gerd Hoffmann2023-06-011-5/+21
| | | | | | | | | IsVirtioRng() becomes just a thin wrapper for IsVirtio(). This allows to add similar thin wrappers for other virtio devices in the future. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* ArmVirt: add VirtioSerialDxe to ArmVirtQemu buildsGerd Hoffmann2023-06-013-0/+3
| | | | | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Ard Biesheuvel <ardb@kernel.org>
* BaseTools: remove duplicate includes: IndustryStandard/*.hGerd Hoffmann2023-06-017-740/+2
| | | | | | | | Use the MdePkg versions instead of maintaining a copy in BaseTools. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* BaseTools: remove duplicate includes: IndustryStandard/PeImage.hGerd Hoffmann2023-06-011-790/+0
| | | | | | | | | Use the MdePkg version instead of maintaining a copy in BaseTools. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Chao Li <lichao@loongson.cn> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* BaseTools: switch from EFI_IMAGE_MACHINE_* to IMAGE_FILE_MACHINE_*Gerd Hoffmann2023-06-017-55/+50
| | | | | | | | | Use the newer versions of the machine #defines. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Chao Li <lichao@loongson.cn> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* BaseTools: drop IMAGE_FILE_MACHINE_ARM hacksGerd Hoffmann2023-06-011-19/+4
| | | | | | | | | The #define for IMAGE_FILE_MACHINE_ARM is not present in MdePkg, this looks like a relic not used any more. Remove. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* MdePkg/PeImage.h: add bits from BaseTools versionGerd Hoffmann2023-06-011-0/+31
| | | | | | | | | | The BaseTools and MdePkg versions of PeImage.h diverged over time, add some missing bits to the MdePkg header file in preparation for removing the BaseTools version. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* BaseTools: remove duplicate includes: IndustryStandard/Acpi*.hGerd Hoffmann2023-06-018-1595/+7
| | | | | | | | | Use the MdePkg version instead of maintaining a copy in BaseTools. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Sunil V L <sunilvl@ventanamicro.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* BaseTools: remove duplicate includes: <arch>/ProcessorBind.hGerd Hoffmann2023-06-019-806/+19
| | | | | | | | | Use the MdePkg version instead of maintaining a copy in BaseTools. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Chao Li <lichao@loongson.cn> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* BaseTools: remove WinNtInclude.hGerd Hoffmann2023-06-016-75/+0
| | | | | | | | | Appears to be a relic for ancient windows / compiler versions, windows builds in CI work just fine without it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* MdePkg: don't set visibility to hiddenGerd Hoffmann2023-06-011-14/+0
| | | | | | | | | Not needed any more on modern toolchains, they are better in not creating a GOT without this trick. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* BaseTools: add -fdirect-access-external-data to clang pie buildsGerd Hoffmann2023-06-011-3/+3
| | | | | | | | Tell clang to not use external (via got) references for data access. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Liming Gao <gaoliming@byosoft.com.cn>
* BaseTools: make sure the got is emptyGerd Hoffmann2023-06-012-0/+20
| | | | | | | | | | Add ASSERT()s that .got and .got.plt sections are empty to linker scripts for gcc and clang. Suggested-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Rebecca Cran <rebecca@bsdio.com>
* OvmfPkg/PlatformInitLib: limit phys-bits to 46.Gerd Hoffmann2023-06-011-3/+6
| | | | | | | | | | Older linux kernels have problems with phys-bits larger than 46, ubuntu 18.04 (kernel 4.15) has been reported to be affected. Reduce phys-bits limit from 47 to 46. Reported-by: Fiona Ebner <f.ebner@proxmox.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/QemuFlashFvbServicesRuntimeDxe: refine flash detectionGerd Hoffmann2023-06-011-3/+11
| | | | | | | | | | | | | | | Flash can be write-protected in qemu (which is usually the case for code). In case the variable store flash block is configured read-only ovmf wouldn't be able to store EFI variables there, so not setting up fvb in that case (and fallhack to emulation) is the better option. It'll avoid problems later due to flash writes failing. The patch tries to write back the original value read earlier, so flash content doesn't change in case the write succeeds. But the status we read back after the attempt to write will tell us whenever flash is writable or not. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/VirtioSerialDxe: use TPL_NOTIFYGerd Hoffmann2023-06-011-2/+2
| | | | | | | Apparently TPL_CALLBACK is too low, code runs into an ASSERT complaining the new TPL is lower than the old TPL. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* UefiCpuPkg/PiSmmCpuDxeSmm:add Ap Rendezvous check in PerformRemainingTasks.Zhihao Li2023-05-311-0/+13
| | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4424 In Relaxed-AP Sync Mode, BSP will not wait for all Aps arrive. However, PerformRemainingTasks() needs to wait all Aps arrive before calling SetMemMapAttributes and ConfigSmmCodeAccessCheck() when mSmmReadyToLock is true. In SetMemMapAttributes(), SmmSetMemoryAttributesEx() will call FlushTlbForAll() that need to start up the aps. So it need to let all aps arrive. Same as SetMemMapAttributes(), ConfigSmmCodeAccessCheck() also will start up the aps. Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Zhihao Li <zhihao.li@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
* UefiCpuPkg/CpuService.c:check cpu sync mode in SmmCpuRendezvous()Zhihao Li2023-05-311-6/+13
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4431 In Ap relaxed mode, some SMI handlers should call SmmWaitForApArrival() to let all ap arrive in SmmCpuRendezvous(). But in traditional mode, these SMI handlers don't need to call SmmWaitForApArrival() again. So it need to be check cpu sync mode before calling SmmWaitForApArrival(). Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Zhihao Li <zhihao.li@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
* RedfishPkg: Use DEBUG_MANAGEABILITYAbner Chang2023-05-3112-61/+61
| | | | | | | | | | Use debug print level DEBUG_MANAGEABILITY in RedfishPkg. Signed-off-by: Abner Chang <abner.chang@amd.com> Cc: Nickle Wang <nicklew@nvidia.com> Cc: Igor Kulchytskyy <igork@ami.com> Reviewed-by: Nickle Wang <nicklew@nvidia.com>
* UefiPayloadPkg: Add CpuPageTableLib required by SecCore & CpuMpPeiJiaxin Wu2023-05-311-1/+1
| | | | | | | | | | | | | | Add CpuPageTableLib required by SecCore & CpuMpPei in UefiPayloadPkg. Cc: Guo Dong <guo.dong@intel.com> Cc: Sean Rhodes <sean@starlabs.systems> Cc: James Lu <james.lu@intel.com> Cc: Gua Guo <gua.guo@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Zeng Star <star.zeng@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Gua Guo <gua.guo@intel.com>
* OvmfPkg: Add CpuPageTableLib required by SecCore & CpuMpPeiJiaxin Wu2023-05-318-9/+8
| | | | | | | | | | | | | Add CpuPageTableLib required by SecCore & CpuMpPei in OvmfPkg. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Zeng Star <star.zeng@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
* MdeModulePkg/DxeIpl: Align Page table Level setting with previous level.Jiaxin Wu2023-05-311-12/+24
| | | | | | | | | | | | | | | | | | | | | | System paging 5 level enabled or not can be checked via CR4.LA57, system preferred Page table Level (PcdUse5LevelPageTable) must align with previous level for 64bit long mode. This patch is to do the wise check: If cpu has already run in 64bit long mode PEI, Page table Level in DXE must align with previous level. If cpu runs in 32bit protected mode PEI, Page table Level in DXE is decided by PCD and feature capability. Cc: Dandan Bi <dandan.bi@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Zeng Star <star.zeng@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
* UefiCpuPkg/CpuMpPei: Conditionally enable PAE paging in 32bit modeJiaxin Wu2023-05-313-129/+75
| | | | | | | | | | | | | Some security features depend on the page table enabling. So, This patch is to enable paging if it is not enabled (32bit mode)" Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Zeng Star <star.zeng@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
* UefiCpuPkg/SecCore: Migrate page table to permanent memoryJiaxin Wu2023-05-314-0/+153
| | | | | | | | | | | | | | | | | | | | | | Background: For arch X64, system will enable the page table in SPI to cover 0-512G range via CR4.PAE & MSR.LME & CR0.PG & CR3 setting (see ResetVector code). Existing code doesn't cover the higher address access above 512G before memory-discovered callback. That will be potential problem if system access the higher address after the transition from temporary RAM to permanent MEM RAM. Solution: This patch is to migrate page table to permanent memory to map entire physical address space if CR0.PG is set during temporary RAM Done. Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Zeng Star <star.zeng@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
* UefiCpuPkg/ResetVector: Support 5 level page table in ResetVectorZhiguang Liu2023-05-302-0/+29
| | | | | | | | | | | | | | | | | | Add a macro USE_5_LEVEL_PAGE_TABLE to determine whether to create 5 level page table. If macro USE_5_LEVEL_PAGE_TABLE is defined, PML5Table is created at (4G-12K), while PML4Table is at (4G-16K). In runtime check, if 5level paging is supported, use PML5Table, otherwise, use PML4Table. If macro USE_5_LEVEL_PAGE_TABLE is not defined, to save space, 5level paging is not created, and 4level paging is at (4G-12K) and be used. Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Debkumar De <debkumar.de@intel.com> Cc: Catharine West <catharine.west@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
* UefiCpuPkg/ResetVector: Modify Page Table in ResetVectorLiu, Zhiguang2023-05-301-16/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In ResetVector, if create page table, its highest address is fixed because after page table, code layout is fixed(4K for normal code, and another 4K only contains reset vector code). Today's implementation organizes the page table as following if 1G page table is used: 4G-16K: PML4 page (PML4[0] points to 4G-12K) 4G-12K: PDP page CR3 is set to 4G-16K When 2M page table is used, the layout is as following: 4G-32K: PML4 page (PML4[0] points to 4G-28K) 4G-28K: PDP page (PDP entries point to PD pages) 4G-24K: PD page mapping 0-1G 4G-20K: PD page mapping 1-2G 4G-16K: PD page mapping 2-3G 4G-12K: PD page mapping 3-4G CR3 is set to 4G-32K CR3 doesn't point to a fixed location which is a bit hard to debug at runtime. The new page table layout will always put PML4 in highest address When 1G page table is used, the layout is as following: 4G-16K: PDP page 4G-12K: PML4 page (PML4[0] points to 4G-16K) When 2M page table is used, the layout is as following: 4G-32K: PD page mapping 0-1G 4G-28K: PD page mapping 1-2G 4G-24K: PD page mapping 2-3G 4G-20K: PD page mapping 3-4G 4G-16K: PDP page (PDP entries point to PD pages) 4G-12K: PML4 page (PML4[0] points to 4G-16K) CR3 is always set to 4G-12K So, this patch can improve debuggability by make sure the init CR3 pointing to a fixed address(4G-12K). Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Cc: Debkumar De <debkumar.de@intel.com> Cc: Catharine West <catharine.west@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
* UefiCpuPkg/ResetVector: Combine PageTables1G.asm and PageTables2M.asmLiu, Zhiguang2023-05-303-76/+33
| | | | | | | | | | | | | Combine PageTables1G.asm and PageTables2M.asm to reuse code. Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Cc: Debkumar De <debkumar.de@intel.com> Cc: Catharine West <catharine.west@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
* UefiCpuPkg/ResetVector: Simplify page table creation in ResetVectorLiu, Zhiguang2023-05-303-32/+24
| | | | | | | | | | | | | | | Currently, page table creation has many hard-code values about the offset to the start of page table. To simplify it, add Labels such as Pml4, Pdp and Pd, so that we can remove many hard-code values Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Cc: Debkumar De <debkumar.de@intel.com> Cc: Catharine West <catharine.west@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
* UefiCpuPkg/ResetVector: Rename macros about page table.Liu, Zhiguang2023-05-302-22/+39
| | | | | | | | | | | | | | | | | | This patch only renames macro, with no code logic impacted. Two purpose to rename macro: 1. Align some macro name in PageTables1G.asm and PageTables2M.asm, so that these two files can be easily combined later. 2. Some Macro names such as PDP are not accurate, since 4 level page entry also uses this macro. PAGE_NLE (no leaf entry) is better Cc: Eric Dong <eric.dong@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Cc: Debkumar De <debkumar.de@intel.com> Cc: Catharine West <catharine.west@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
* IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN Coverity issueRanbir Singh2023-05-301-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4200 FspData->PerfIdx is getting increased for every call unconditionally in the function SetFspMeasurePoint and hence memory access can happen for out of bound FspData->PerfData[] array entries also. Example - FspData->PerfData is an array of 32 UINT64 entries. Assume a call is made to SetFspMeasurePoint function when the FspData->PerfIdx last value is 31. It gets incremented to 32 at line 400. Any subsequent call to SetFspMeasurePoint functions leads to FspData->PerfData[32] getting accessed which is out of the PerfData array as well as the FSP_GLOBAL_DATA structure boundary. Hence keep array access and index increment inside if block only and return invalid performance timestamp when PerfIdx is invalid. Cc: Chasel Chiu <chasel.chiu@intel.com> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> Cc: Star Zeng <star.zeng@intel.com> Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com> Acked-by: Pedro Falcato <pedro.falcato@gmail.com> Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
* IntelFsp2WrapperPkg: Fix ASSERT when FSP-S/M use FFS3.Tan, Ming2023-05-302-2/+2
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4458 Original code call PeiServicesInstallFvInfoPpi() with NULL for the FvFormat parameter, then PeiServicesInstallFvInfoPpi() will assume it use FFS2, then ASSERT if FSP-S/M use FFS3. Now set the FvFormat to the info got from FvHeader. Cc: Chasel Chiu <chasel.chiu@intel.com> Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com> Signed-off-by: Ming Tan <ming.tan@intel.com> Reviewed-by: S Ashraf Ali <ashraf.ali.s@intel.com> Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
* RedfishPkg/RedfishPlatformConfigDxe: fix value type issue.Nickle Wang2023-05-301-0/+10
| | | | | | | | | | | | | | | Fix incorrect value type issue for checked-box op-code. When the variable for checked-box is defined as UINT8 in varstore structure, IFR compiler assign its value type to EFI_IFR_TYPE_NUM_SIZE_8 instead of EFI_IFR_TYPE_BOOLEAN. However, the value type for checked-box is boolean value. Redfish service may return error because of incorrect value type passed to BIOS attribute registry. Signed-off-by: Nickle Wang <nicklew@nvidia.com> Cc: Abner Chang <abner.chang@amd.com> Cc: Igor Kulchytskyy <igork@ami.com> Reviewed-by: Abner Chang <abner.chang@amd.com>
* ArmPkg/CpuDxe: Perform preliminary NX remap of free memoryArd Biesheuvel2023-05-293-0/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The DXE core implementation of PcdDxeNxMemoryProtectionPolicy already contains an assertion that EfiConventionalMemory and EfiBootServicesData are subjected to the same policy when it comes to the use of NX permissions. The reason for this is that we may otherwise end up with unbounded recursion in the page table code, given that allocating a page table would then involve a permission attribute change, and this could result in the need for a block entry to be split, which would trigger the allocation of a page table recursively. For the same reason, a shortcut exists in ApplyMemoryProtectionPolicy() where, instead of setting the memory attributes unconditionally, we compare the NX policies and avoid touching the page tables if they are the same for the old and the new memory types. Without this shortcut, we may end up in a situation where, as the CPU arch protocol DXE driver is ramping up, the same unbounded recursion is triggered, due to the fact that the NX policy for EfiConventionalMemory has not been applied yet. To break this cycle, let's remap all EfiConventionalMemory regions according to the NX policy for EfiBootServicesData before exposing the CPU arch protocol to the DXE core and other drivers. This ensures that creating EfiBootServicesData allocations does not result in memory attribute changes, and therefore no recursion. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
* ArmVirtPkg/ArmVirtQemu: Use read-only memory region type for code flashArd Biesheuvel2023-05-291-1/+1
| | | | | | | | | Map the code flash with read-only attributes so we can execute from it even under a memory protection regime that enables WXN, making all writable memory regions non-executable by default. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
* ArmVirtPkg: Dispatch variable service if variable emulation is enabledSami Mujawar2023-05-293-3/+19
| | | | | | | | | | | | | | | | | | | | | | The VariableRuntimeDxe links with NvVarStoreFormattedLib which is required to establish the dependency on OvmfPkg\VirtNorFlashDxe. The VirtNorFlashDxe installs the gEdkiiNvVarStoreFormattedGuid to indicate it has finished initialising the flash variable storage and that the variable service can be dispatched. However, the kvmtool guest firmware dynamically detects if CFI flash is absent and sets PcdEmuVariableNvModeEnable to TRUE indicating emulated runtime variable must be used. Therefore, in this scenario install the gEdkiiNvVarStoreFormattedGuid so that the variable service can be dispatched. Also link the NorFlashKvmtoolLib as a NULL library so that it can discover if the CFI flash is absent and setup the PCD PcdEmuVariableNvModeEnable. This is required in case the NorFlashDxe is not yet dispatched. Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* ArmVirtPkg: Fallback to variable emulation if no CFI is foundSami Mujawar2023-05-292-5/+36
| | | | | | | | | | | | | | | | | | The kvmtool option '--flash <flash filename>' is used to launch a guests VM with a CFI flash device that maps the flash file specified at the command line. However, kvmtool allows guest VMs to be launched without a CFI flash device. In such scenarios the firmware can utilize the emulated variable storage for UEFI variables. To support this the PCD gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable must be set to TRUE. Therefore, update the NorFlashKvmtoolLib to fallback to variable emulation if a CFI device is not detected. Also improve the error logging. Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* ArmVirtPkg: Define variables for emulating runtime variablesSami Mujawar2023-05-291-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Kvmtool allows guest VMs to be launched with or without a CFI flash device. When the kvmtool option '--flash <flash filename>' is used to launch a guest VM a CFI flash device maps the flash file that was specified at the command line. The NorFlash driver uses this flash as the variable storage backend. However, when the above option is not specified, a CFI flash device is not present. In such cases, the firmware can fallback to use emulated runtime variables (which uses the VMs DRAM as the storage backend). Therefore, define the PCD PcdEmuVariableNvModeEnable required to enable the emulated runtime variable support, but do not enable it by default. The firmware is expected to dynamically discover if the CFI flash is present and subsequently enable NorFlash or emulate the runtime variables. Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* ArmPkg: Configure PcdEmuVariableNvModeEnable as a dynamic PCDSami Mujawar2023-05-291-1/+1
| | | | | | | | | | | | | | | | The PCD gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable indicates if a variable driver will emulate the variable NV mode. This PCD is defined as [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]. Some firmware builds may define this PCD as a dynamic PCD and initialise the value at runtime. Therefore, move the PCD declaration from the [FixedPcd] section to the [Pcd] section in the platform boot manager library file PlatformBootManagerLib.inf. Without this change the build would not succeed. Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* ArmVirtPkg/PrePi: Allocate separate stack for Dxe phaseSami Mujawar2023-05-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The patch "f07a9df9af60 ArmVirtPkg: Enable stack guard" enabled stack overflow detection for ArmVirtPkg. Following this patch, running UEFI shell command 'dmpstore' resulted in a crash indicating a stack overflow. Invoking 'dmpstore' results in recursive calls to CascadeProcessVariables () which apparently consumes the available stack space and overflows. Normally, SEC and PEI run off the initial stack, and the DxeIpl PEIM is in charge of launching the DxeCore with a full-sized stack and remapping it non-executable as well. PrePi platforms take some shortcuts and the DXE and BDS run off the initial stack which is relatively small. It is therefore desirable to allocate 128 KiB worth of boot services data memory as the stack for the Dxe phase. The PrePiMain () in ArmVirtPkg/PrePi/PrePi.c invokes the LoadDxeCoreFromFv () to load the Dxe core and transfers control. The second parameter to LoadDxeCoreFromFv () is the stack size, which is currently set to 0. LoadDxeCoreFromFv () is implemented in PrePiLib and if the stack size is 0, it continues to use the initial stack. However, if a stack size is specified in the call to LoadDxeCoreFromFv (), memory is allocated for a new stack and the stack is switched to use the newly allocated stack for the Dxe phase. Therefore, specify 128 KiB as the stack size in the call to LoadDxeCoreFromFv () so that a separate stack is allocated and used for the Dxe phase. Signed-off-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* ArmPkg/CpuDxe AARCH64: Report Memory Protection Attributes To GCDOliver Smith-Denny2023-05-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4463 When the AARCH64 CpuDxe attempts to SyncCacheConfig() with the GCD, it collects the page attributes as: EntryAttribute = Entry & TT_ATTR_INDX_MASK However, TT_ATTR_INDX_MASK only masks the cacheability attributes and drops the memory protections attributes. Importantly, it also drops the TT_AF (access flag) which is now wired up in EDK2 to represent EFI_MEMORY_RP, so by default all SystemMem pages will report as EFI_MEMORY_RP to the GCD. The GCD currently drops that silently, because the Capabilities field in the GCD does not support EFI_MEMORY_RP by default. However, some ranges may support EFI_MEMORY_RP and incorrectly mark those ranges as read protected. In conjunction with another change on the mailing list (see: https://edk2.groups.io/g/devel/topic/98505340), this causes an access flag fault incorrectly. See the linked BZ below for full details. This patch exposes all memory protections attributes to the GCD layer so it can correctly set pages as EFI_MEMORY[RP|XP|RO] when it initially syncs. Cc: Leif Lindholm <quic_llindhol@quicinc.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Taylor Beebe <t@taylorbeebe.com> Cc: Sean Brogan <sean.brogan@microsoft.com> Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
* OvmfPkg/MicrovmX64: enable 1G pagesGerd Hoffmann2023-05-291-0/+3
| | | | | | | Reduces the memory footprint and speeds up booting. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/OvmfPkgIa32X64: enable 1G pagesGerd Hoffmann2023-05-291-0/+3
| | | | | | | Reduces the memory footprint and speeds up booting. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/PlatformInitLib: check PcdUse1GPageTableGerd Hoffmann2023-05-292-0/+6
| | | | | | | | | | | | If PcdUse1GPageTable is not enabled restrict the physical address space used to 1TB, to limit the amount of memory needed for identity mapping page tables. The same already happens in case the processor has no support for gigabyte pages. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/PciHotPlugInitDxe: Do not reserve IO ports by default.Gerd Hoffmann2023-05-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Flip the default for IO address space reservations for PCI(e) bridges and root ports with hotplug support from TRUE to FALSE. PCI(e) bridges will still get IO address space assigned in case: (a) Downstream devices actually need IO address space, or (b) Explicit configuration, using "qemu -device pcie-root-port,io-reserve=<size>". In case IO address space is exhausted edk2 will stop assigning resources to PCI(e) bridges. This is not limited to IO resources, the affected bridges will not get any memory resources assigned either. This patch solves this issue by not handing out the scarce IO address space, which is not needed in most cases anyway. Result is a more consistent PCI configuration in virtual machine configurations with many PCie root ports. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/Bhyve/PlatformPei: drop S3Verification()Gerd Hoffmann2023-05-291-29/+0
| | | | | | | Drop S3Verification () which is dead code. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/PlatformPei: drop S3Verification()Gerd Hoffmann2023-05-291-31/+0
| | | | | | | | | | | | | Not needed any more, SMM + 64-bit PEI + S3 suspend works now. Fixed by commits: - 8bd2028f9ac3 ("MdeModulePkg: Supporting S3 in 64bit PEI") - 6acf72901a2e ("UefiCpuPkg: Supporting S3 in 64bit PEI") See also https://bugzilla.tianocore.org/show_bug.cgi?id=4195 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
* OvmfPkg/VirtIoSerialDxe: Update for VS2015x86 compatibilityMichael D Kinney2023-05-291-5/+5
| | | | | | | | | | | | Move initialization of local variable structure from declaration to statements to fix VS2015x86 build break. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
* MdeModulePkg SdMmcPciHcDxe: SD/MMC capability debug print is incorrectGiri Mudusuru2023-05-291-1/+1
| | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4394 Fix DumpCapabilityReg() debug log to print 64 bit capability instead of 32 bit pointer Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Andrew Fish <afish@apple.com> Signed-off-by: Giri Mudusuru <girim@apple.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
* RedfishPkg/RedfishPlatformConfigDxe: Fix string assert issueNickle Wang2023-05-294-27/+169
| | | | | | | | | | | | | | When calling SetValue() with string type input, there is assertion of providing zero string ID to HII string function. Fix this issue by creating string ID for input string buffer. Fix Unicode and Ascii code convert issue together. Add text op-code support Signed-off-by: Nickle Wang <nicklew@nvidia.com> Cc: Abner Chang <abner.chang@amd.com> Cc: Igor Kulchytskyy <igork@ami.com> Reviewed-by: Abner Chang <abner.chang@amd.com> Reviewed-by: Igor Kulchytskyy <igork@ami.com>
* PcAtChipsetPkg: RTC Runtime unable to get correct IO port by PCDGua Guo2023-05-292-19/+31
| | | | | | | | | | | | RTC runtime is unable to get dynamic PCD value after booting to OS using runtime services. Resolution: Cache the dynamic PCD value in RTC driver entry point Cc: Ray Ni <ray.ni@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Gua Guo <gua.guo@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>