1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
/** @file
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/HstiLib.h>
#include <Library/PcdLib.h>
#include <Library/PciLib.h>
#include <IndustryStandard/Hsti.h>
#include <IndustryStandard/Q35MchIch9.h>
#include "VirtHstiDxe.h"
STATIC VIRT_ADAPTER_INFO_PLATFORM_SECURITY mHstiQ35 = {
PLATFORM_SECURITY_VERSION_VNEXTCS,
PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
{ L"OVMF (Qemu Q35)" },
VIRT_HSTI_SECURITY_FEATURE_SIZE,
};
VIRT_ADAPTER_INFO_PLATFORM_SECURITY *
VirtHstiQemuQ35Init (
VOID
)
{
if (FeaturePcdGet (PcdSmmSmramRequire)) {
VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
}
return &mHstiQ35;
}
VOID
VirtHstiQemuQ35Verify (
VOID
)
{
if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK)) {
CHAR16 *ErrorMsg = NULL;
UINT8 SmramVal;
UINT8 EsmramcVal;
SmramVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_SMRAM));
EsmramcVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_ESMRAMC));
if (!(EsmramcVal & MCH_ESMRAMC_T_EN)) {
ErrorMsg = L"q35 smram access is open";
} else if (!(SmramVal & MCH_SMRAM_D_LCK)) {
ErrorMsg = L"q35 smram config is not locked";
}
VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
}
if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH)) {
CHAR16 *ErrorMsg = NULL;
switch (VirtHstiQemuFirmwareFlashCheck (PcdGet32 (PcdOvmfFlashNvStorageVariableBase))) {
case QEMU_FIRMWARE_FLASH_WRITABLE:
ErrorMsg = L"qemu vars pflash is not secure";
break;
}
VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
}
}
|
