summaryrefslogtreecommitdiffstats
path: root/OvmfPkg/VirtHstiDxe
Commit message (Collapse)AuthorAgeFilesLines
* OvmfPkg/VirtHstiDxe: do not load driver in confidential guestsGerd Hoffmann2024-04-252-0/+7
| | | | | | | | | | | | | | The VirtHstiDxe does not work in confidential guests. There also isn't anything we can reasonably test, neither flash storage nor SMM mode will be used in that case. So just skip driver load when running in a confidential guest. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Fixes: 506740982bba ("OvmfPkg/VirtHstiDxe: add code flash check") Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Srikanth Aithal <sraithal@amd.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* OvmfPkg/VirtHstiDxe: add README.mdGerd Hoffmann2024-04-221-0/+48
| | | | | | | | Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Konstantin Kostiuk <kkostiuk@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg/VirtHstiDxe: add code flash checkGerd Hoffmann2024-04-224-0/+55
| | | | | | | | | | | Detects qemu config issue: code pflash is writable. Checked for both PC and Q35. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Konstantin Kostiuk <kkostiuk@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg/VirtHstiDxe: add varstore flash checkGerd Hoffmann2024-04-224-1/+122
| | | | | | | | | | | Detects qemu config issue: vars pflash is not in secure mode (write access restricted to smm). Applies to Q35 with SMM only. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Konstantin Kostiuk <kkostiuk@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg: Add VirtHstiDxe driverKonstantin Kostiuk2024-04-225-0/+382
The driver supports qemu machine types 'pc' and 'q35'. This patch adds some helper functions to manage the bitmasks. The implemented features depend on both OVMF build configuration and qemu VM configuration. For q35 a single security feature is supported and checked: In SMM-enabled builds the driver will verify smram is properly locked. That test should never fail. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Konstantin Kostiuk <kkostiuk@redhat.com> Initial-patch-by: Konstantin Kostiuk <kkostiuk@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 15:02:45 +0000