summaryrefslogtreecommitdiffstats
path: root/OvmfPkg
Commit message (Collapse)AuthorAgeFilesLines
* OvmfPkg/IntelTdx: Add SecTdxHelperLibMin M Xu2023-02-042-0/+130
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 TdxHelperLib provides below helper functions for a td-guest. - TdxHelperProcessTdHob - TdxHelperMeasureTdHob - TdxHelperMeasureCfvImage - TdxHelperBuildGuidHobForTdxMeasurement SecTdxHelperLib is the SEC instance of TdxHelperLib. It implements 4 functions for tdx in SEC phase: - TdxHelperProcessTdHob consumes TdHob to accept un-accepted memories. Before the TdHob is consumed, it is first validated. - TdxHelperMeasureTdHob measure/extend TdHob and store the measurement value in workarea. - TdxHelperMeasureCfvImage measure/extend the Configuration FV image and store the measurement value in workarea. - TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for tdx measurement. This patch implements the stubs of the functions. The actual implementations are in the following patches. Because they are moved from other files. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg/IntelTdx: Add TdxHelperLibNullMin M Xu2023-02-044-0/+185
| | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 TdxHelperLib provides below helper functions for a td-guest. - TdxHelperProcessTdHob - TdxHelperMeasureTdHob - TdxHelperMeasureCfvImage - TdxHelperBuildGuidHobForTdxMeasurement TdxHelperLibNull is the NULL instance of TdxHelperLib. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg: Add Tdx measurement data structure in WorkAreaMin M Xu2023-02-041-3/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 From the perspective of security any external input should be measured and extended to some registers (TPM PCRs or TDX RTMR registers). There are below 2 external input in a Td guest: - TdHob - Configuration FV (CFV) TdHob contains the resource information passed from VMM, such as unaccepted memory region. CFV contains the configurations, such as secure boot variables. TdHob and CFV should be measured and extended to RTMRs before they're consumed. TdHob is consumed in the very early stage of boot process. At that moment the memory service is not ready. Cfv is consumed in PlatformPei to initialize the EmuVariableNvStore. To make the implementation simple and clean, these 2 external input are measured and extended to RTMRs in SEC phase. That is to say the tdx measurement is only supported in SEC phase. After the measurement the hash values are stored in WorkArea. Then after the Hob service is available, these 2 measurement values are retrieved and GuidHobs for these 2 tdx measurements are generated. This patch defines the structure of TDX_MEASUREMENTS_DATA in SEC_TDX_WORK_AREA to store above 2 tdx measurements. It can be extended to store more tdx measurements if needed in the future. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg/AcpiPlatformDxe: Measure ACPI table from QEMU in TDVFMin M Xu2023-02-042-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=4245 QEMU provides the following three files for guest to install the ACPI tables: - etc/acpi/rsdp - etc/acpi/tables - etc/table-loader "etc/acpi/rsdp" and "etc/acpi/tables" are similar, they are only kept separate because they have different allocation requirements in SeaBIOS. Both of these fw_cfg files contain preformatted ACPI payload. "etc/acpi/rsdp" contains only the RSDP table, while "etc/acpi/tables" contains all other tables, concatenated. To be noted, the tables in these two files have been filled in by qemu, but two kinds of fields are incomplete: pointers to other tables and checksums (which depend on the pointers). "/etc/table-loader" is a linker/loader which provides the commands to "patch" the tables in "etc/acpi/tables" and then install them. "Patch" means to fill the pointers and compute the checksum. From the security perspective these 3 files are the raw data downloaded from qemu. They should be measured and extended before they're consumed. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/PlatformPei: SEV-SNP make >=4GB unacceptedDionna Glaze2023-01-261-0/+6
| | | | | | | | | | | | | | | | | | | | | | Instead of eagerly accepting all memory in PEI, only accept memory under the 4GB address. This allows a loaded image to use the MEMORY_ACCEPTANCE_PROTOCOL to disable the accept behavior and indicate that it can interpret the memory type accordingly. This classification is safe since ExitBootServices will accept and reclassify the memory as conventional if the disable protocol is not used. Cc: Ard Biescheuvel <ardb@kernel.org> Cc: "Min M. Xu" <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Tom Lendacky <Thomas.Lendacky@amd.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Erdem Aktas <erdemaktas@google.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg: Implement AcceptAllUnacceptedMemory in AmdSevDxeDionna Glaze2023-01-262-3/+22
| | | | | | | | | | | | | | | | | This protocol implementation disables the accept-all-memory behavior of the BeforeExitBootServices event this driver adds. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: "Min M. Xu" <min.m.xu@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: "Michael D. Kinney" <michael.d.kinney@intel.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg: Introduce the OvmfSevMemoryAcceptance protocolDionna Glaze2023-01-262-0/+44
| | | | | | | | | | | | | | | | | | | | The default behavior for unaccepted memory in SEV-SNP is to accept all memory when ExitBootServices is called. An OS loader can use this protocol to disable this behavior to assume responsibility for memory acceptance and to affirm that the OS can handle the unaccepted memory type. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: "Min M. Xu" <min.m.xu@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: "Michael D. Kinney" <michael.d.kinney@intel.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg: Add memory acceptance event in AmdSevDxeDionna Glaze2023-01-262-0/+98
| | | | | | | | | | | | | | | | | | | The added behavior is to accept all unaccepted memory at ExitBootServices if the behavior is not disabled. This allows safe upgrades for OS loaders to affirm their support for the unaccepted memory type. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: "Min M. Xu" <min.m.xu@intel.com> Cc: Andrew Fish <afish@apple.com> Cc: "Michael D. Kinney" <michael.d.kinney@intel.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg: fix BuildResourceDescriptorHob call in PlatformAddHobCB()Gerd Hoffmann2023-01-261-1/+1
| | | | | | | | | | | BuildResourceDescriptorHob() expects the third parameter be the Length, not the End address. Fixes: 328076cfdf45 ("OvmfPkg/PlatformInitLib: Add PlatformAddHobCB") Reported-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* OvmfPkg/PlatformInitLib: catch QEMU's CPU hotplug reg block regressionLaszlo Ersek2023-01-201-0/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In QEMU v5.1.0, the CPU hotplug register block misbehaves: the negotiation protocol is (effectively) broken such that it suggests that switching from the legacy interface to the modern interface works, but in reality the switch never happens. The symptom has been witnessed when using TCG acceleration; KVM seems to mask the issue. The issue persists with the following (latest) stable QEMU releases: v5.2.0, v6.2.0, v7.2.0. Currently there is no stable release that addresses the problem. The QEMU bug confuses the Present and Possible counting in function PlatformMaxCpuCountInitialization(), in "OvmfPkg/Library/PlatformInitLib/Platform.c". OVMF ends up with Present=0 Possible=1. This in turn further confuses MpInitLib in UefiCpuPkg (hence firmware-time multiprocessing will be broken). Worse, CPU hot(un)plug with SMI will be summarily broken in OvmfPkg/CpuHotplugSmm, which (considering the privilege level of SMM) is not that great. Detect the issue in PlatformCpuCountBugCheck(), and print an error message and *hang* if the issue is present. Users willing to take risks can override the hang with the experimental QEMU command line option -fw_cfg name=opt/org.tianocore/X-Cpuhp-Bugcheck-Override,string=yes (The "-fw_cfg" QEMU option itself is not experimental; its above argument, as far it concerns the firmware, is experimental.) The problem was originally reported by Ard [0]. We analyzed it at [1] and [2]. A QEMU patch was sent at [3]; now merged as commit dab30fbef389 ("acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block", 2023-01-08), to be included in QEMU v8.0.0. [0] https://bugzilla.tianocore.org/show_bug.cgi?id=4234#c2 [1] https://bugzilla.tianocore.org/show_bug.cgi?id=4234#c3 [2] IO port write width clamping differs between TCG and KVM http://mid.mail-archive.com/aaedee84-d3ed-a4f9-21e7-d221a28d1683@redhat.com https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00199.html [3] acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block http://mid.mail-archive.com/20230104090138.214862-1-lersek@redhat.com https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00278.html NOTE: PlatformInitLib is used in the following platform DSCs: OvmfPkg/AmdSev/AmdSevX64.dsc OvmfPkg/CloudHv/CloudHvX64.dsc OvmfPkg/IntelTdx/IntelTdxX64.dsc OvmfPkg/Microvm/MicrovmX64.dsc OvmfPkg/OvmfPkgIa32.dsc OvmfPkg/OvmfPkgIa32X64.dsc OvmfPkg/OvmfPkgX64.dsc but I can only test this change with the last three platforms, running on QEMU. Test results: TCG QEMU OVMF override result patched patched --- ------- ------- -------- -------------------------------------- 0 0 0 0 CPU counts OK (KVM masks the QEMU bug) 0 0 1 0 CPU counts OK (KVM masks the QEMU bug) 0 1 0 0 CPU counts OK (QEMU fix, but KVM masks the QEMU bug anyway) 0 1 1 0 CPU counts OK (QEMU fix, but KVM masks the QEMU bug anyway) 1 0 0 0 boot with broken CPU counts (original QEMU bug) 1 0 1 0 broken CPU count caught (boot hangs) 1 0 1 1 broken CPU count caught, bug check overridden, boot continues 1 1 0 0 CPU counts OK (QEMU fix) 1 1 1 0 CPU counts OK (QEMU fix) Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Michael Brown <mcb30@ipxe.org> Cc: Min Xu <min.m.xu@intel.com> Cc: Oliver Steffen <osteffen@redhat.com> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4250 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20230119110131.91923-3-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Hugely-appreciated-by: Michael Brown <mcb30@ipxe.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/PlatformInitLib: factor out PlatformCpuCountBugCheck()Laszlo Ersek2023-01-201-23/+58
| | | | | | | | | | | | | | | | | | | | | | | | Move the QEMU v2.7 reset bug check/workaround to a separate function, as we'll need to detect further issues. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Michael Brown <mcb30@ipxe.org> Cc: Min Xu <min.m.xu@intel.com> Cc: Oliver Steffen <osteffen@redhat.com> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4250 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20230119110131.91923-2-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Hugely-appreciated-by: Michael Brown <mcb30@ipxe.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/PlatformCI VS2019: Enable temporary workaround for cpuhp bugfixArd Biesheuvel2023-01-202-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | QEMU for x86 has a nasty CPU hotplug bug of which the ramifications are difficult to oversee, even though KVM acceleration seems to be unaffected. This has been addressed in QEMU mainline, and will percolate through the ecosystem at its usual pace. In the mean time, due to the potential impact on production workloads, we will be updating OVMF to abort the boot when it detects a QEMU build that is affected. Tiancore's platform CI uses QEMU in TCG mode, and is therefore impacted by this mitigation, unless its QEMU builds are updated. This has been done for Ubuntu-GCC5, but Windows-VS2019 still uses a QEMU build that is affected. Aborting the boot upon detecting the QEMU issue will render all boot tests carried out on Windows-VS2019 broken unless we implement the 'escape hatch' that enables proceed-at-your-own-risk mode, and permits the boot to proceed even if the QEMU issue is detected. So let's enable this for Windows-VS2019, and remove it again once it is no longer needed. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Brown <mcb30@ipxe.org> Cc: Oliver Steffen <osteffen@redhat.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4250 Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Message-Id: <20230119134302.1524569-1-ardb@kernel.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Jiewen Yao <Jiewen.yao@Intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* EmbeddedPkg: Rename FfsFindSectionData as FfsFindSectionDataWithHookMin M Xu2023-01-191-2/+2
| | | | | | | | | | | | | | | | Commit c673216f53 introduces FFS_CHECK_SECTION_HOOK and add it as the second input parameter in FfsFindSectionData. This change breaks the build of ArmVirtPkg. To fix this issue, the new version of FfsFindSectionData is renamed as FfsFindSectionDataWithHook in this patch. In the following patch the original FfsFindSectionData will be added back. FfsFindSectionData is renamed as FfsFindSectionDataWithHook. Accordingly PeilessStartupLib in OvmfPkg should be updated as well. To prevent the build from being broken, the changes in OvmfPkg are in this patch. Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/CcExitLib: Initialize Status in IoExitMin M Xu2023-01-181-4/+5
| | | | | | | | | | | | | Status should be initialized otherwise it may return unexpected value. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg/BaseMemEncryptTdxLib: Refactor error handle of SetOrClearSharedBitMin M Xu2023-01-181-8/+40
| | | | | | | | | | | | | | | The previous implementation of SetOrClearSharedBit doesn't handle the error correctly. In this patch SetOrClearSharedBit is changed to return error code so that the caller can handle it. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg/CcExitLib: Refactor TDX MmioExitMin M Xu2023-01-181-163/+381
| | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4169 The previous TDX MmioExit doesn't handle the Mmio instructions correctly in some scenarios. This patch refactors the implementation to fix the issues. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ryan Afranji <afranji@google.com> Reported-by: Ryan Afranji <afranji@google.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/CcExitLib: Move common X86 instruction code to separate fileMin M Xu2023-01-185-615/+735
| | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=4169 Move common X86 instruction codes from CcExitVcHandler.c to separate files (CcInstruction.h / CcInstruction.c) so that these codes can be re-used in TDX. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/PeilessStartupLib: Find NCCFV in non-td guestMin M Xu2023-01-183-1/+140
| | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 As described in BZ#4152, NCCFV includes the DXE phase drivers for non-cc guest. PeilessStartupLib is updated to find NCCFV for non-cc guest. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* OvmfPkg/IntelTdx: Enable separate-fv in IntelTdx/IntelTdxX64.fdfMin M Xu2023-01-182-40/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 In current DXE FV there are 100+ drivers. Some of the drivers are not used in Td guest. (Such as USB support drivers, network related drivers, etc). From the security perspective if a driver is not used, we'd should prevent it from being loaded / started. There are 2 benefits: 1. Reduce the attack surface 2. Improve the boot performance So we separate DXEFV into 2 FVs: DXEFV and NCCFV. All the drivers which are not needed by a Confidential Computing guest are moved from DXEFV to NCCFV. The following patch will find NCCFV for non-cc guest and build FVHob so that NCCFV drivers can be loaded / started in DXE phase. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* OvmfPkg: Add PCDs/GUID for NCCFVMin M Xu2023-01-181-0/+3
| | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152 NCCFV refers to Non-Confidential-Computing-FV. It includes the DXE phase drivers which are only loaded/started in non-cc guest. Hence the PCDs / GUID for NCCFV are defined in OvmfPkg.dec. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg: CI: use ubuntu-22.04 vm_image (Linux only)Oliver Steffen2023-01-171-1/+1
| | | | | | | | | | | | | Switch over to ubuntu-22.04 as the vm_image for Linux CI jobs. The previously used ubuntu-18.04 which is not available anymore since Dec 1st 2022. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Chris Fernald <chfernal@microsoft.com>
* OvmfPkg: CI: Use Fedora 35 container (Linux only)Oliver Steffen2023-01-171-5/+3
| | | | | | | | | | | | | | | | | | Run the Linux jobs of the OvmfPkg platform CI inside a container, in the same way the general CI does now. Make use of the default image specified in the defaults.yml template. Do not run apt-get in CI jobs to install qemu and gcc dependencies. Assume the container image provides these. Use Python from the container image, do not download at runtime. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Chris Fernald <chfernal@microsoft.com>
* OvmfPkg: CI: use Python version from defaults templateOliver Steffen2023-01-172-0/+9
| | | | | | | | | | | | | | | | | Use the default Python version from the defaults template (.azurepipelines/templates/defaults.yml) in the Windows and Linux CI jobs. Previous changes to the CI job templates make it necessary to specify a version number, if Python shall be pulled at CI runtime. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Chris Fernald <chfernal@microsoft.com>
* OvmfPkg/PlatformInitLib: reorder PlatformQemuUc32BaseInitializationGerd Hoffmann2023-01-171-8/+8
| | | | | | | | | | First handle the cases which do not need know the value of PlatformInfoHob->LowMemory (microvm and cloudhv). Then call PlatformGetSystemMemorySizeBelow4gb() to get LowMemory. Finally handle the cases (q35 and pc) which need to look at LowMemory, Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/PlatformInitLib: Add PlatformReservationConflictCBGerd Hoffmann2023-01-171-0/+46
| | | | | | | | | | | | | | | | | Add PlatformReservationConflictCB() callback function for use with PlatformScanE820(). It checks whenever the 64bit PCI MMIO window overlaps with a reservation from qemu. If so move down the MMIO window to resolve the conflict. Write any actions done (moving mmio window) to the firmware log with INFO loglevel. This happens on (virtual) AMD machines with 1TB address space, because the AMD IOMMU uses an address window just below 1TB. Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4251 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/PlatformInitLib: Add PlatformAddHobCBGerd Hoffmann2023-01-171-138/+48
| | | | | | | | | | | | | | | | Add PlatformAddHobCB() callback function for use with PlatformScanE820(). It adds HOBs for high memory and reservations (low memory is handled elsewhere because there are some special cases to consider). This replaces calls to PlatformScanOrAdd64BitE820Ram() with AddHighHobs = TRUE. Write any actions done (adding HOBs, skip unknown types) to the firmware log with INFO loglevel. Also remove PlatformScanOrAdd64BitE820Ram() which is not used any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/PlatformInitLib: Add PlatformGetLowMemoryCBGerd Hoffmann2023-01-176-33/+60
| | | | | | | | | | | | | | | | | Add PlatformGetLowMemoryCB() callback function for use with PlatformScanE820(). It stores the low memory size in PlatformInfoHob->LowMemory. This replaces calls to PlatformScanOrAdd64BitE820Ram() with non-NULL LowMemory. Write any actions done (setting LowMemory) to the firmware log with INFO loglevel. Also change PlatformGetSystemMemorySizeBelow4gb() to likewise set PlatformInfoHob->LowMemory instead of returning the value. Update all Callers to the new convention. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/PlatformInitLib: Add PlatformScanE820 and GetFirstNonAddressCBGerd Hoffmann2023-01-171-23/+93
| | | | | | | | | | | | | | | | | | | | | First step replacing the PlatformScanOrAdd64BitE820Ram() function. Add a PlatformScanE820() function which loops over the e280 entries from FwCfg and calls a callback for each of them. Add a GetFirstNonAddressCB() function which will store the first free address (right after the last RAM block) in PlatformInfoHob->FirstNonAddress. This replaces calls to PlatformScanOrAdd64BitE820Ram() with non-NULL MaxAddress. Write any actions done (setting FirstNonAddress) to the firmware log with INFO loglevel. Also drop local FirstNonAddress variables and use PlatformInfoHob->FirstNonAddress instead everywhere. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/AcpiPlatformDxe: Return error if installing NotifyProtocol failedMin M Xu2023-01-151-6/+10
| | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4237 Installation of gQemuAcpiTableNotifyProtocol may fail. The error code should be returned so that the caller can handle it. Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Message-Id: <20230111012235.189-7-min.m.xu@intel.com> Reviewed-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
* OvmfPkg/AcpiPlatformDxe: Refactor QemuAcpiTableNotifyProtocolMin M Xu2023-01-151-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4237 Commit 9fdc70af6ba8 install the QemuAcpiTableNotifyProtocol at a wrong positioin. It should be called before TransferS3ContextToBootScript because TransferS3ContextToBootScript is the last operation in InstallQemuFwCfgTables(). Another error is that we should check the returned value after installing the QemuAcpiTableNotifyProtocol. This patch refactors the installation and error handling of QemuAcpiTableNotifyProtocol in InstallQemuFwCfgTables (). Cc: Laszlo Ersek <lersek@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Message-Id: <20230111012235.189-6-min.m.xu@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/AcpiPlatformDxe: Add log to show the installed tablesMin M Xu2023-01-151-0/+2
| | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4237 Commit 9fdc70af6ba8 wrongly removed the log from InstallQemuFwCfgTables after ACPI tables are successfully installed. This patch add the log back after all operations succeed. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Message-Id: <20230111012235.189-5-min.m.xu@intel.com>
* OvmfPkg/AcpiPlatformDxe: Use local variable in QemuFwCfgAcpi.cMin M Xu2023-01-151-2/+3
| | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4237 The handle of mQemuAcpiHandle is not needed for anything, beyond the scope of the InstallQemuFwCfgTables(). So a local variable will suffice for storing the handle. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Message-Id: <20230111012235.189-4-min.m.xu@intel.com>
* OvmfPkg/AcpiPlatformDxe: Use local variable in CloudHvAcpi.cMin M Xu2023-01-151-3/+3
| | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4237 The handle of mChAcpiHandle is not needed for anything, beyond the scope of the InstallCloudHvTablesTdx (). A local variable (ChAcpiHandle) suffices for storing the handle. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Message-Id: <20230111012235.189-3-min.m.xu@intel.com> Reviewed-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
* OvmfPkg/AcpiPlatformDxe: Remove QEMU_ACPI_TABLE_NOTIFY_PROTOCOLMin M Xu2023-01-153-36/+4
| | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4237 The QEMU_ACPI_TABLE_NOTIFY_PROTOCOL structure is superfluous because NULL protocol interfaces have been used in edk2 repeatedly. A protocol instance can exist in the protocol database with a NULL associated interface. Therefore the QEMU_ACPI_TABLE_NOTIFY_PROTOCOL type, the "QemuAcpiTableNotify.h" header, and the "mAcpiNotifyProtocol" global variable can be removed. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com> Reported-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Message-Id: <20230111012235.189-2-min.m.xu@intel.com> Reviewed-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
* OvmfPkg: fix OvmfTpmSecurityStub.dsc.inc includeGerd Hoffmann2023-01-133-3/+3
| | | | | | | | | | TPM support is independent from secure boot support. Move the TPM include snipped out of the secure boot !if block. Fixes: b47575801e19 ("OvmfPkg: move tcg configuration to dsc and fdf include files") Bugzilla: https://bugzilla.tianocore.org//show_bug.cgi?id=4290 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxeSophia Wolf2023-01-123-8/+74
| | | | | | | | | | | | | | | | | | When a guest OS does not support unaccepted memory, the unaccepted memory must be accepted before returning a memory map to the caller. EfiMemoryAcceptProtocol is defined in MdePkg and is implemented / Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com> Message-Id: <20221108164616.3251967-2-dionnaglaze@google.com>
* OvmfPkg/VirtNorFlashDxe: map flash memory as uncacheableGerd Hoffmann2023-01-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switching from the ArmPlatformPkg/NorFlashDxe driver to the OvmfPkg/VirtNorFlashDxe driver had the side effect that flash address space got registered as EFI_MEMORY_WC instead of EFI_MEMORY_UC. That confuses the linux kernel's numa code, seems this makes kernel consider the flash being node memory. "lsmem" changes from ... RANGE SIZE STATE REMOVABLE BLOCK 0x0000000040000000-0x000000013fffffff 4G online yes 8-39 ... to ... RANGE SIZE STATE REMOVABLE BLOCK 0x0000000000000000-0x0000000007ffffff 128M online yes 0 0x0000000040000000-0x000000013fffffff 4G online yes 8-39 ... and in the kernel log got new error lines: NUMA: Warning: invalid memblk node 512 [mem 0x0000000004000000-0x0000000007ffffff] NUMA: Faking a node at [mem 0x0000000004000000-0x000000013fffffff] Changing the attributes back to EFI_MEMORY_UC fixes this. Fixes: b92298af8218 ("ArmVirtPkg/ArmVirtQemu: migrate to OVMF's VirtNorFlashDxe") Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/PlatformInitLib: fix comment about uncacheable MTRRsLaszlo Ersek2023-01-121-1/+1
| | | | | | | | | | In commit 49edde15230a ("OvmfPkg/PlatformPei: set 32-bit UC area at PciBase / PciExBarBase (pc/q35)", 2019-06-03), I forgot to update the comment. Do it now. Fixes: 49edde15230a5bfd6746225eb95535eaa2ec1ba4 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* Revert "OvmfPkg: Add CpuPageTableLib required by MpInitLib."Yuanhao Xie2023-01-097-13/+4
| | | | | | | | | | | | | | This reverts commit 4a8642422460635462d315defe4ca84bf6d33351 as the commit 73ccde8 introduced CpuPageTableLib dependency which resolved for OvmfPkg is to be reverted. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4234 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
* SecurityPkg: Move TdTcg2Dxe from OvmfPkg to SecurityPkgMin M Xu2023-01-066-3036/+2
| | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4194 The TdTcg2Dxe lives in the OvmfPkg instead of the SecurityPkg. Having the TdTcg2Dxe at the same place as Tcg2Dxe will be easier for platforms to consume. Definition of PcdCcEventlogAcpiTableLaml and PcdCcEventlogAcpiTableLasa are also moved from OvmfPkg.dec to SecurityPkg.dec. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Arti Gupta <ARGU@microsoft.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* OvmfPkg/SmmCpuFeaturesLib: drop obsolete API implementationLaszlo Ersek2023-01-041-31/+0
| | | | | | | | | | | | | | | | | | | | | Commit 0426115b6738 ("UefiCpuPkg: Remove unused API in SmmCpuFeaturesLib.h", 2022-12-21) removed the declaration of the function SmmCpuFeaturesAllocatePageTableMemory() from the "SmmCpuFeaturesLib.h" library class header. Remove the API's (null-)implementation from OvmfPkg/SmmCpuFeaturesLib as well. Testing: OVMF builds, boots, and suspends/resumes (see earlier in this series). Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4235 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg: raise DXEFV size to 13 MB in the traditional platform FDFsLaszlo Ersek2023-01-043-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Similarly to the "cadence" mentioned in commit d272449d9e1e ("OvmfPkg: raise DXEFV size to 11 MB", 2018-05-29), it's been ~1.75 years since commit 5e75c4d1fe4f ("OvmfPkg: raise DXEFV size to 12 MB", 2020-03-11), and we've outgrown DXEFV again (with NOOPT builds). Increase the DXEFV size to 13MB now. Do not modify all platform FDF files under OvmfPkg. "BhyveX64.fdf" is still at 11MB, "OvmfXen.fdf" at 10MB. The "AmdSevX64.fdf", "CloudHvX64.fdf", "IntelTdxX64.fdf" and "MicrovmX64.fdf" flash devices could be modified similarly (from 12MB to 13MB), but I don't use or build those platforms. Tested on: - IA32, q35, SMM_REQUIRE, Fedora 30 guest - X64, pc (i440fx), no SMM, RHEL-7.9 guest - IA32X64, q35, SMM_REQUIRE, RHEL-7.9 guest Test steps: - configure 3 VCPUs - boot - run "taskset -c $I efibootmgr" with $I covering 0..2 - systemctl suspend - resume from virt-manager - run "taskset -c $I efibootmgr" with $I covering 0..2 Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Julien Grall <julien@xen.org> Cc: Min Xu <min.m.xu@intel.com> Cc: Peter Grehan <grehan@freebsd.org> Cc: Rebecca Cran <rebecca@bsdio.com> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4236 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/QemuVideoDxe/VbeShim.sh: remove end-of-options delimiter for nasmLaszlo Ersek2023-01-041-2/+5
| | | | | | | | | | | | | | | | | | | | | | | Per my bisection: nasm broke the parsing of the "--" end-of-options delimiter in commit 55568c1193df ("nasm: scan the command line twice", 2016-10-03), part of the nasm-2.13 release. The parsing remains broken in at least nasm-2.15.03. The (invalid) error message is: "more than one input file specified". I've filed the following ticket for upstream nasm (and ndisasm): <https://bugzilla.nasm.us/show_bug.cgi?id=3392829>. Since the delimiter is not necessary in practice (due to $STEM being "VbeShim", i.e., not starting with a hyphen), simply remove the delimiter. Tested by enabling DEBUG in "VbeShim.asm", running the script, building OVMF, booting Windows 7, and checking the firmware log (debug console). Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3876 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg: Use NestedInterruptTplLib in nested interrupt handlersMichael Brown2022-12-2312-6/+22
| | | | | | | | | | | | | | | | Prevent stack underrun in the event of a timer interrupt storm in LocalApicTimerDxe and 8254TimerDxe interrupt handlers by using the helper functions provided by NestedInterruptTplLib. This fixes the same problem as addressed in commit 239b50a86 ("OvmfPkg: End timer interrupt later to avoid stack overflow under load"), but does so without breaking nested timer interrupts. Cc: Paolo Bonzini <pbonzini@redhat.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2815 Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4162 Signed-off-by: Michael Brown <mcb30@ipxe.org> Acked-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg: Add library to handle TPL from within nested interrupt handlersMichael Brown2022-12-236-0/+423
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UEFI requires us to support nested interrupts, but provides no way for an interrupt handler to call RestoreTPL() without implicitly re-enabling interrupts. In a virtual machine, it is possible for a large burst of interrupts to arrive. We must prevent such a burst from leading to stack underrun, while continuing to allow nested interrupts to occur. This can be achieved by allowing, when provably safe to do so, an inner interrupt handler to return from the interrupt without restoring the TPL and with interrupts remaining disabled after IRET, with the deferred call to RestoreTPL() then being issued from the outer interrupt handler. This is necessarily messy and involves direct manipulation of the interrupt stack frame, and so should not be implemented as open-coded logic within each interrupt handler. Add the Nested Interrupt TPL Library (NestedInterruptTplLib) to provide helper functions that can be used by nested interrupt handlers in place of RaiseTPL()/RestoreTPL(). Example call tree for a timer interrupt occurring at TPL_APPLICATION with a nested timer interrupt that makes its own call to RestoreTPL(): outer TimerInterruptHandler() InterruptedTPL == TPL_APPLICATION ... IsrState->InProgressRestoreTPL = TPL_APPLICATION; gBS->RestoreTPL (TPL_APPLICATION); EnableInterrupts(); dispatch a TPL_CALLBACK event gEfiCurrentTpl = TPL_CALLBACK; nested timer interrupt occurs inner TimerInterruptHandler() InterruptedTPL == TPL_CALLBACK ... IsrState->InProgressRestoreTPL = TPL_CALLBACK; gBS->RestoreTPL (TPL_CALLBACK); EnableInterrupts(); DisableInterrupts(); IsrState->InProgressRestoreTPL = TPL_APPLICATION; IRET re-enables interrupts ... finish dispatching TPL_CALLBACK events ... gEfiCurrentTpl = TPL_APPLICATION; DisableInterrupts(); IsrState->InProgressRestoreTPL = 0; sees IsrState->DeferredRestoreTPL == FALSE and returns IRET re-enables interrupts Example call tree for a timer interrupt occurring at TPL_APPLICATION with a nested timer interrupt that defers its call to RestoreTPL() to the outer instance of the interrupt handler: outer TimerInterruptHandler() InterruptedTPL == TPL_APPLICATION ... IsrState->InProgressRestoreTPL = TPL_APPLICATION; gBS->RestoreTPL (TPL_APPLICATION); EnableInterrupts(); dispatch a TPL_CALLBACK event ... finish dispatching TPL_CALLBACK events ... gEfiCurrentTpl = TPL_APPLICATION; nested timer interrupt occurs inner TimerInterruptHandler() InterruptedTPL == TPL_APPLICATION; ... sees InterruptedTPL == IsrState->InProgressRestoreTPL IsrState->DeferredRestoreTPL = TRUE; DisableInterruptsOnIret(); IRET returns without re-enabling interrupts DisableInterrupts(); IsrState->InProgressRestoreTPL = 0; sees IsrState->DeferredRestoreTPL == TRUE and loops IsrState->InProgressRestoreTPL = TPL_APPLICATION; gBS->RestoreTPL (TPL_APPLICATION); <-- deferred call EnableInterrupts(); DisableInterrupts(); IsrState->InProgressRestoreTPL = 0; sees IsrState->DeferredRestoreTPL == FALSE and returns IRET re-enables interrupts Cc: Paolo Bonzini <pbonzini@redhat.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4162 Signed-off-by: Michael Brown <mcb30@ipxe.org> Acked-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg: Send EOI before RestoreTPL() in timer interrupt handlersMichael Brown2022-12-232-6/+4
| | | | | | | | | | | | | | | | Deferring the EOI until after the call to RestoreTPL() means that any callbacks invoked by RestoreTPL() will run with timer interrupt delivery disabled. If any such callbacks themselves rely on timers to implement timeout loops, then the callbacks will get stuck in an infinite loop from which the system will never recover. This reverts commit 239b50a86 ("OvmfPkg: End timer interrupt later to avoid stack overflow under load"). Cc: Paolo Bonzini <pbonzini@redhat.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4162 Signed-off-by: Michael Brown <mcb30@ipxe.org> Acked-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/PlatformInitLib: pass through reservations from qemuGerd Hoffmann2022-12-231-0/+16
| | | | | | | | | | | | | | | | | | qemu uses the etc/e820 fw_cfg file not only for memory, but also for reservations. Handle reservations by adding resource descriptor hobs for them. A typical qemu configuration has a small reservation between lapic and flash: # sudo cat /proc/iomem [ ... ] fee00000-fee00fff : Local APIC feffc000-feffffff : Reserved <= HERE ffc00000-ffffffff : Reserved [ ... ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg: fix PlatformConfigGerd Hoffmann2022-12-233-2/+4
| | | | | | | | The Hii form is named "MainFormState" and the EFI variable is named "PlatformConfig". Take into account the different names. Fixes: aefcc91805fd ("OvmfPkg/PlatformDxe: Handle all requests in ExtractConfig and RouteConfig") Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/AcpiPlatformDxe: Check PcdConfidentialComputingGuestAttrMin M Xu2022-12-222-5/+3
| | | | | | | | | | | | | | | | | | | | | PcdConfidentialComputingGuestAttr can be used to check the cc guest type, including td-guest or sev-guest. CcProbe() can do the same thing but CcProbeLib should be included in the dsc which uses AcpiPlatformDxe. The difference between PcdConfidentialComputingGuestAttr and CcProbe() is that PcdConfidentialComputingGuestAttr cannot be used in multi-processor scenario but CcProbe() can. But there is no such issue in AcpiPlatformDxe. So we use PcdConfidentialComputingGuestAttr instead of CcProbeLib so that it is simpler. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg/OvmfXen: Build platform info HOB in XenPlatformPeiAnthony PERARD2022-12-212-0/+21
| | | | | | | | | | | | | | Copy the function BuildPlatformInfoHob() from OvmfPkg/PlatformPei. QemuFwCfgLib expect this HOB to be present, or fails to do anything. InternalQemuFwCfgIsAvailable() from QemuFwCfgPeiLib module will not check if the HOB is actually present for example and try to use a NULL pointer. Fixes: cda98df16228 ("OvmfPkg/QemuFwCfgLib: remove mQemuFwCfgSupported + mQemuFwCfgDmaSupported") Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>