summaryrefslogtreecommitdiffstats
path: root/OvmfPkg
Commit message (Collapse)AuthorAgeFilesLines
* OvmfPkg/LoongArchVirt: Optimize the use of serial port librariesXianglai Li2024-07-051-11/+1
| | | | | | | | | | | | | | | | Because the complex dependency between SerialPortLib and PciExpressLib leads to multiple references to the lib library in the loongarch dsc file, optimizing SerialPortLib now simplifies multiple references to lib in the dsc file. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Chao Li <lichao@loongson.cn> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Xianglai Li <lixianglai@loongson.cn> Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
* OvmfPkg: Enable AMD SEV-ES DebugVirtualizationAlexey Kardashevskiy2024-07-043-5/+20
| | | | | | | | | | | | | | | | | | | | | Write the feature bit into PcdConfidentialComputingGuestAttr and enable DebugVirtualization in PEI, SEC, DXE. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Roth <michael.roth@amd.com> Cc: Min Xu <min.m.xu@intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Alexey Kardashevskiy <aik@amd.com> --- Changes: v5: * "rb" from Tom v4: * s/DebugSwap/DebugVirtualization/g
* OvmfPkg: Add AMD SEV-ES DebugVirtualization feature supportAlexey Kardashevskiy2024-07-045-3/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SEV-ES DebugVirtualization feature enables type B swapping of debug registers on #VMEXIT and makes #DB and DR7 intercepts unnecessary and unwanted. When DebugVirtualization is enabled, this stops booting if interaction from the HV. Add new API to PEI, SEC, DXE. This does not change the existing behaviour yet. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael Roth <michael.roth@amd.com> Cc: Min Xu <min.m.xu@intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Alexey Kardashevskiy <aik@amd.com> --- Changes: v5: * "rb" from Tom v4: * s/DebugSwap/DebugVirtualization/
* AmdSev: enable kernel hashes without initrdTobin Feldman-Fitzthum2024-07-041-10/+0
| | | | | | | | | | | | | | If kernel hashes are enabled but no initrd is provided, QEMU will still create an entry in the hash table, but it will be the hash of an empty buffer. Remove the explicit check for the length of the blob. This logic will be handled by the later hash comparison, which will still fail when the blob is not present but is expected, but will pass when the blob is not present and the hash table contains a hash of an empty buffer. Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
* OvmfPkg: Create SP800155 HOBs from QemuFwCfgFileDionna Glaze2024-07-024-1/+155
| | | | | | | | | | | | | | | | | | | | | Signed firmware measurements are allowed to be passed along to in the TCG and CC event logs according to the TCG PC Client Platform Firware Profile. The event logs include events that Tcg2Dxe reads from appropriately GUIDed HOBs, so allow opt/org.tianocode/sp800155evt/%d to pass along events that the VMM sees fit to provide. One event per number, starting from 0, increasing by 1 until there are no more contiguous files. The VMM may provide reference measurements through UEFI variables that it references from the SP800-155 event3 structure given the appropriate RIM locator type, or via URL, etc. Each event read from fw_cfg, is written one-by-one to a EFI_HOB_GUID_TYPE HOB created for the event. The name they target gTcg800155PlatformIdEventHobGuid for the later Dxe driver to use to extend the event log. Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
* OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.hGerd Hoffmann2024-06-262-2/+2
| | | | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/Sec: Setup MTRR early in the boot process.Gerd Hoffmann2024-06-264-10/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | Specifically before running lzma uncompress of the main firmware volume. This is needed to make sure caching is enabled, otherwise the uncompress can be extremely slow. Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes. Background: Depending on virtual machine configuration kvm may uses EPT memory types to apply guest MTRR settings. In case MTRRs are disabled kvm will use the uncachable memory type for all mappings. The vmx_get_mt_mask() function in the linux kernel handles this and can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580 In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In case the VM has a mdev device assigned that is not the case though. Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable should not be set by default in CR0") kvm also ended up using MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit kvm evaluates guest mtrr settings, which why setting up MTRRs early is important now. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* AmdSev: Halt on failed blob allocationTobin Feldman-Fitzthum2024-06-254-15/+35
| | | | | | | | | | | | A malicious host may be able to undermine the fw_cfg interface such that loading a blob fails. In this case rather than continuing to the next boot option, the blob verifier should halt. For non-confidential guests, the error should be non-fatal. Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
* AmdSev: Rework Blob VerifierTobin Feldman-Fitzthum2024-06-251-7/+28
| | | | | | | | | | | | | | | | | | | | | | | The Blob Verifier checks boot artifacts against a hash table injected by the hypervisor and measured by hardware. Update the Blob Verifier to enter a dead loop if the artifacts do not match. The verifier still returns ACCESS_DENIED in some cases, but this is considered non-fatal. These non-fatal cases occur when the artifact cannot be verified because the hashes table makes no claims about the artifiact (e.g. if the hashes table is not present or if there is no entry for the blob in question). Since the hash table is reflected in the launch measurement, it is okay to continue the boot in these cases. If the hash table does contain expected hash values, the boot cannot continue if the provided blobs do not match. In these cases we enter a dead loop to make sure no guest can boot with a TCB that does not reflect the launch measurement. Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
* OvmfPkg: refine TdTcg2DxeMike Maslenkin2024-06-212-5/+1
| | | | | | | This patch removes unused references to ResetNotification code. ACPI table generation refined by removing excessive CopyMem() call. Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
* OvmfPkg/QemuVideoDxe: add feature PCD to remap framebuffer W/CArd Biesheuvel2024-06-184-1/+29
| | | | | | | | | | | | | | | | | | | | | | Some platforms (such as SBSA-QEMU on recent builds of the emulator) only tolerate misaligned accesses to normal memory, and raise alignment faults on such accesses to device memory, which is the default for PCIe MMIO BARs. When emulating a PCIe graphics controller, the framebuffer is typically exposed via a MMIO BAR, while the disposition of the region is closer to memory (no side effects on reads or writes, except for the changing picture on the screen; direct random access to any pixel in the image). In order to permit the use of such controllers on platforms that only tolerate these types of accesses for normal memory, it is necessary to remap the memory. Use the DXE services to set the desired capabilities and attributes. Hide this behavior under a feature PCD so only platforms that really need it can enable it. (OVMF on x86 has no need for this) Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg/BhyvePkg: honor FwCfg when setting the bootorderCorvin Köhne2024-06-183-6/+13
| | | | | | | | | | | Bhyve has added support for the bootorder FwCfg file some time ago [1][2]. This FwCfg file is currently ignored by the OVMF and has no effect. Copy the relevant code from Qemu to Bhyve to make it usable. [1] https://github.com/freebsd/freebsd-src/commit/6632a0a4e3ab68b0e31b612e8aeca14de3fc8159 [2] https://github.com/freebsd/freebsd-src/commit/480bef9481f0c44b19ac4b2adb09f6c3191acd41 Signed-off-by: Corvin Köhne <c.koehne@beckhoff.com>
* OvmfPkg/PlatformCI: Add CI coverage for LoongArchVirtQemuChao Li2024-06-182-2/+15
| | | | | | | | | | | Add support for building LoongArchVirtQemu platform in CI BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Chao Li <lichao@loongson.cn>
* OvmfPkg/LoongArchVirt: Add self introduction fileChao Li2024-06-181-0/+69
| | | | | | | | | | | | | | | Add self introduction file for LoongArch virtual machine. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Bibo Mao <maobibo@loongson.cn>
* OvmfPkg/LoongArchVirt: Add build fileChao Li2024-06-184-0/+1098
| | | | | | | | | | | | | | | | | Add infrastructure files to build edk2 for LoongArch QEMU virtual machine. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn> Co-authored-by: Bibo Mao <maobibo@loongson.cn>
* OvmfPkg/LoongArchVirt: Support PEI phaseChao Li2024-06-185-0/+789
| | | | | | | | | | | | | | | | Platfrom PEI module for LoongArch platfrom initialization. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn> Co-authored-by: Bibo Mao <maobibo@loongson.cn>
* OvmfPkg/LoongArchVirt: Support SEC phaseChao Li2024-06-183-0/+750
| | | | | | | | | | | | | | | | Add SEC code for LoongArch virtual machine. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn> Co-authored-by: Bibo Mao <maobibo@loongson.cn>
* OvmfPkg/LoongArchVirt: Add reset system libraryChao Li2024-06-186-0/+637
| | | | | | | | | | | | | | | | | This library provides interface related to restart and shudown the LoongArch64 virtual machine. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn> Co-authored-by: Bibo Mao <maobibo@loongson.cn>
* OvmfPkg/LoongArchVirt: Add real time clock libraryChao Li2024-06-183-0/+409
| | | | | | | | | | | | | | | | This library is provides real time clock for LoongArch virtual machine. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Baoqi Zhang <zhangbaoqi@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn>
* OvmfPkg: Add a new GUID called gRtcRegisterBaseAddressHobGuidChao Li2024-06-181-0/+1
| | | | | | | | | | | | Added a new GUID use for store the RTC register base address if the platform can not uses the dynamic PCD in PEI stage. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Chao Li <lichao@loongson.cn>
* OvmfPkg/LoongArchVirt: Add the early serial port output libraryChao Li2024-06-182-0/+866
| | | | | | | | | | | | | | | | | | | | | | Add a early serial port output library into LoongArchVirt that named EarlyFdtSerialPortLib16550, this library is referenced from MdeModulePkg. This library is used in the PEI phase. Since the serial port address can not be saved in memory of the LoongArch QEMU virtual machine in the PEI phase, the serial prot base address will be obtained from the FDT before each output. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn>
* OvmfPkg/LoongArchVirt: Add serial port hook libraryChao Li2024-06-185-0/+172
| | | | | | | | | | | | | | | | | | | | Add a serial port hook library in LoongArchVirt named Fdt16550SerialProtHookLib, this library is referenced from ArmVirtPkg. LoongArch QEMU virtual machine uses register of LOONGARCH_CSR_KS1 to transfer serial port base addres from the PEI phase to the DXE phase. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Bibo Mao <maobibo@loongson.cn> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/LoongArchVirt: Add CpuMmuInit libraryChao Li2024-06-185-0/+279
| | | | | | | | | | | | | | Added a new library for LoongArch, it use for initialization the CPU MMU, it consumed the CpuMmuLib. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Baoqi Zhang <zhangbaoqi@loongson.cn> Co-authored-by: Dongyan Qian <qiandongyan@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn> Co-authored-by: Bibo Mao <maobibo@loongson.cn>
* OvmfPkg/LoongArchVirt: Add stable timer driverChao Li2024-06-182-0/+437
| | | | | | | | | | | | | | | | Add a CPU timer driver named StableTimerDxe, which proviedes EFI_TIMER_ARCH_PROTOCOL for LoongArch. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Bibo Mao <maobibo@loongson.cn> Cc: Dongyan Qian <qiandongyan@loongson.cn> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Baoqi Zhang <zhangbaoqi@loongson.cn>
* OvmfPkg/Xen: Fix use of networkingRoss Lagerwall2024-06-152-0/+4
| | | | | | | | | | | | | | | | | Since commit 4c4ceb2ceb80 ("NetworkPkg: SECURITY PATCH CVE-2023-45237"), networking modules depend on gEfiRngProtocolGuid but nothing in OvmfXen provides it. This is visible in the logs as several modules present but not loading: Driver A2F436EA-A127-4EF8-957C-8048606FF670 was discovered but not loaded!! Driver E4F61863-FE2C-4B56-A8F4-08519BC439DF was discovered but not loaded!! Driver 025BBFC7-E6A9-4B8B-82AD-6815A1AEAF4A was discovered but not loaded!! Driver 529D3F93-E8E9-4E73-B1E1-BDF6A9D50113 was discovered but not loaded!! Driver 94734718-0BBC-47FB-96A5-EE7A5AE6A2AD was discovered but not loaded!! Include SecurityPkg/RandomNumberGenerator/RngDxe to fix this. Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
* OvmfPkg: Override PcdCpuSmmApSyncTimeout2 to 10msJiaxin Wu2024-06-146-6/+14
| | | | | | | | | | | | | PcdCpuSmmApSyncTimeout2 PCD was added in previous patch (52d0a208), this patch is to override PcdCpuSmmApSyncTimeout2 to 10ms (same as PcdCpuSmmApSyncTimeout) so as to align with original behavior. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
* OvmfPkg: wire up RngDxeGerd Hoffmann2024-06-1314-12/+27
| | | | | | | | | | | | Add OvmfRng include snippets with the random number generator configuration for OVMF. Include RngDxe, build with BaseRngLib, so the rdrand instruction is used (if available). Also move VirtioRng to the include snippets. Use the new include snippets for OVMF builds. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/QemuVideoDxe: purge VbeShimGerd Hoffmann2024-06-077-1411/+0
| | | | | | | | | | | | The guest os which depends on vbeshim for video support is -- according to the comments -- Windows 2008 R2. Which went EOL in January 2020, more than four years ago. Time to retire VbeShim. RIP. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/PlatformInitLib: allow PhysBits larger than 48Gerd Hoffmann2024-06-061-5/+5
| | | | | | | If GuestPhysBits reports more than 48 phys-bits can be used allow to go beyond that limit. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/PlatformInitLib: add support for GuestPhysBitsGerd Hoffmann2024-06-061-3/+14
| | | | | | | | | | | | | | Add support for GuestPhysBits (cpuid 0x80000008, eax, bits 23:16). GuestPhysBits is a field which can be set by the hypervisor to inform the guest about the /usable/ physical address space bits. This can be smaller than the PhysBits of the CPU, for example because of nested paging limitations. OVMF will read GuestPhysBits, log the value, in case it is set use it as upper limit. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg: add morlock supportGerd Hoffmann2024-06-068-0/+26
| | | | | | | Add dsc + fdf include files to add the MorLock drivers to the build. Add the include files to OVMF build configurations. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg: Add no hardcode version of FdtNorFlashQemuLibChao Li2024-06-042-0/+211
| | | | | | | | | | | | | | | | | | | | | | | | | | This library is copied from ArmVirtPkg, in the Arm version, the value of PcdFlashNvStorageVariableBase, PcdFlashNvStorageFtwWorkingBase and PcdFlashNvStorageFtwSpareBase are hardcoded in INC file. This version will calculate them from FDT resource and using the set PCD to store when the NorFlashInitialise is called. By default, the first available flash(not used for storage UEFI code) as NV variable storage medium. In this way, UEFI can better handle the change of flash base address, which is suitable for different cpu architecture board implementation. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4770 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Leif Lindholm <quic_llindhol@quicinc.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn> Co-authored-by: Xianglai Li <lixianglai@loongson.cn> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg: Save MTRR by lockbox in CpuS3DataDxeDun Tan2024-06-042-2/+15
| | | | | | | | | | | | | | | Save MTRR by lockbox in CpuS3DataDxe. In S3 boot, The MTRR setting will be restored in S3Resume.c in following patches. Then S3Resume.c will wakeup all APs to load the MTRR setting. This can avoid waking up APs in CpuS3.c. Signed-off-by: Dun Tan <dun.tan@intel.com> Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
* OvmfPkg/VirtioRngDxe: check if device is readyGerd Hoffmann2024-05-312-3/+11
| | | | | | | | | Add a 'Ready' boolean to the driver state struct, use it to track whenever the device is ready to be used. In case it is not ready throw an EFI_DEVICE_ERROR instead of sending a request which will never receive an answer. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg: Update VMM Hob list check to support new resource attributesDu Lin2024-05-301-0/+2
| | | | | | | | Encrypted and Special Purpose resource attributes are introduced in PI 1.8 Specification. This patch is to update VMM Hob list integrity check to recognize these resource attributes. Signed-off-by: Du Lin <du.lin@intel.com>
* OvmfPkg: Add Hash2DxeCrypto to OvmfPkgDoug Flick2024-05-248-3/+40
| | | | | | | | | | | | | | This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is used to provide the hashing protocol services. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg PlatformCI: Support virtio-rng-pciFlickdm2024-05-241-0/+2
| | | | | | | | | | | | | | This patch adds "virtio-rng-pci" to the PlatformBuildLib.py This adds Rng services to the guest VM Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* OvmfPkg: Use newly defined Unaccepted Memory TypeSachin Ganesh2024-05-085-14/+14
| | | | | | | | | | | | | | EFI_RESOURCE_MEMORY_UNACCEPTED has been officially defined in the PI 1.8 specification. So all temporary solutions have been replaced with the actual definition. Cc: Felix Polyudov <felixp@ami.com> Cc: Dhanaraj V <vdhanaraj@ami.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Sachin Ganesh <sachinganesh@ami.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
* OvmfPkg/PlatformPei: Relocate SmBases in PEI phaseJiaxin Wu2024-05-084-1/+92
| | | | | | | | | | | | | | This patch is to consume SmmRelocationInit for SmBase Relocation. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg/SmmCpuFeaturesLib: Check Smbase Relocation is done or notJiaxin Wu2024-05-081-11/+22
| | | | | | | | | | | | | | | | | | | | | | | | Based on gSmmBaseHobGuid: If gSmmBaseHobGuid found, means SmBase info has been relocated and recorded in the SmBase array. So, this patch check smbase relocation is done or not in SmmCpuFeaturesInitializeProcessor(). With SmmRelocationLib, gSmmBaseHobGuid will be always created. Here this patch just makes the function/logic correct. The SMM Relocation logic can be totally cleaned from the SmmCpuFeaturesLib. But it will happen in the future patch set, this patch does not target to the cleanup work. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg: Refine SmmAccess implementationJiaxin Wu2024-05-088-151/+87
| | | | | | | | | | | | | | | | | | | | This patch refines the SmmAccess implementation: 1. SmramMap will be retrieved from the gEfiSmmSmramMemoryGuid instead of original from the TSEG Memory Base register. 2. Remove the gEfiAcpiVariableGuid creation, thus the DESCRIPTOR_INDEX definition can be also cleaned. 3. The gEfiAcpiVariableGuid HOB is moved to the OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuidJiaxin Wu2024-05-082-40/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the PiSmmCpuDxeSmm driver, SMRAM allocation for SMI handlers and processor Save State areas was traditionally performed using the Smst->AllocatePages() function during the DXE phase. The introduction of SmmRelocationLib changes this process by moving the allocation to the PEI phase, where Smst->AllocatePages() is not accessible. Instead, the allocation is now handled by partitioning the SMRAM based on the information provided by a GUID HOB (identified by gEfiSmmSMramMemoryGuid). This patch is to ensure that OVMF produces the gEfiSmmSMramMemoryGuid HOB, allowing SmmRelocationLib to reserve the necessary memory for SMBASE relocation. More info for the change: 1. The EFI_SMM_SMRAM_MEMORY_GUID HOB, as defined in the PI specification, vol.3, section 5, which is used to describe the SMRAM memory regions supported by the platform. This HOB should be produced during the memory detection phase to align with the PI spec. 2. In addition to the memory reserved for ACPI S3 resume, an increasing number of features require reserving SMRAM for specific purposes, such as SmmRelocation. Other advanced features in Intel platforms also necessitate this. The implementation of these features varies and is entirely dependent on the platform. This is why an increasing number of platforms are adopting the EFI_SMM_SMRAM_MEMORY_GUID HOB for SMRAM description. 3. It is crucial that the SMRAM information remains consistent when retrieved from the platform, whether through the SMM ACCESS PPI/Protocol or the EFI_SMM_SMRAM_MEMORY_GUID HOB. Inconsistencies can lead to unexpected issues, most commonly memory region conflicts. 4. The SMM ACCESS PPI/Protocol can be naturally implemented for general use. The common approach is to utilize the EFI_SMM_SMRAM_MEMORY_GUID HOB. For reference, see the existing implementation in the EDK2 repository at edk2/UefiPayloadPkg/SmmAccessDxe/SmmAccessDxe.inf and edk2-platforms/Silicon/Intel/IntelSiliconPkg/Feature/ SmmAccess/Library/PeiSmmAccessLib/PeiSmmAccessLib.inf. Next patch will refine the OVMF SMM Access to consume the EFI_SMM_SMRAM_MEMORY_GUID HOB. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Ray Ni <ray.ni@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg/SmmRelocationLib: Add library instance for OVMFJiaxin Wu2024-05-0814-0/+1299
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are below 2 differences between AMD & OVMF according existing implementation: 1.The mode of the CPU check is different between the AMD & OVMF. OVMF: CpuSaveState->x86.SMMRevId & 0Xffff AMD: LMAValue = (UINT32)AsmReadMsr64 (EFER_ADDRESS) & LMA 2.Existing SmBase configuration is different between the AMD & OVMF. OVMF: if ((CpuSaveState->x86.SMMRevId & 0xFFFF) == 0) { CpuSaveState->x86.SMBASE = mSmBaseForAllCpus[CpuIndex]; } else { CpuSaveState->x64.SMBASE = mSmBaseForAllCpus[CpuIndex]; } AMD: AmdCpuState->x64.SMBASE = mSmBaseForAllCpus[CpuIndex]; This patch provides the SmmRelocationLib library instance for OVMF to handle the logic difference, and it won't change the existing implementation code logic. Cc: Ray Ni <ray.ni@intel.com> Cc: Zeng Star <star.zeng@intel.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
* OvmfPkg: Add sp800155Event3 supportDionna Glaze2024-05-071-5/+10
| | | | | | | | | | | | The signatures for event2 or event3 are now valid TCG SP800155 event types. Fixes uncrustify formatting. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
* OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APICMichael Roth2024-05-021-11/+1
| | | | | | | | | | | | | | | | | | | The current #VC handler guards against MMIO to addresses that are mapped with the encryption bit set, but has an special exception for MMIO accesses to the APIC base address so allow for early access during SEC. Now that the SEC page table has the encryption bit cleared for the APIC base address range, there is no longer any need for this special handling. Go ahead and remove it. Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg: Don't make APIC MMIO accesses with encryption bit setMichael Roth2024-05-0210-3/+97
| | | | | | | | | | | | | | | | | | | | | | | | | For the most part, OVMF will clear the encryption bit for MMIO regions, but there is currently one known exception during SEC when the APIC base address is accessed via MMIO with the encryption bit set for SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special handling on the hypervisor side which may not be available in the future[1], so make the necessary changes in the SEC-configured page table to clear the encryption bit for 4K region containing the APIC base address. [1] https://lore.kernel.org/lkml/20240208002420.34mvemnzrwwsaesw@amd.com/#t Suggested-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jianyong Wu <jianyong.wu@arm.com> Cc: Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEsMichael Roth2024-05-022-11/+14
| | | | | | | | | | | | | | | | | | Future changes will make use of CpuPageTableLib to handle splitting page table mappings during SEC phase. While it's not strictly required by hardware, CpuPageTableLib relies on non-leaf PTEs never having the encryption bit set, so go ahead change the page table setup code to satisfy this expectation. Suggested-by: Tom Lendacky <thomas.lendacky@amd.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Michael Roth <michael.roth@amd.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
* OvmfPkg: Remove QemuFwCfgLibMmio.infChao Li2024-04-301-54/+0
| | | | | | | | | | | | All of platforms are switching to QemuFwCfgMmioDxeLib.inf, remove QemuFwCfgLibMmio.inf now. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Chao Li <lichao@loongson.cn>
* OvmfPkg/RiscVVirt: Enable QemuFwCfgMmioDxeLib.infChao Li2024-04-301-1/+1
| | | | | | | | | | | | | | | Enable QemuFwCfgMmioDxeLib.inf in RiscVVirtQemu.dsc Build-tested only (with "RiscVVirtQemu.dsc"). BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Sunil V L <sunilvl@ventanamicro.com> Cc: Andrei Warkentin <andrei.warkentin@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn>
* OvmfPkg: Copy the same new INF as QemuFwCfgLibMmio.infChao Li2024-04-301-0/+54
| | | | | | | | | | | | | Copy QemuFwCfgLibMmio.inf to QemuFwCfgMmioDxeLib.inf, QemuFwCfgLibMmio.inf will be deleted when all platforms switching is completed. BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Chao Li <lichao@loongson.cn>