OvmfPkg: Add VirtHstiDxe driver
The driver supports qemu machine types 'pc' and 'q35'. This patch adds some helper functions to manage the bitmasks. The implemented features depend on both OVMF build configuration and qemu VM configuration. For q35 a single security feature is supported and checked: In SMM-enabled builds the driver will verify smram is properly locked. That test should never fail. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Konstantin Kostiuk <kkostiuk@redhat.com> Initial-patch-by: Konstantin Kostiuk <kkostiuk@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
Konstantin Kostiuk
committed by
mergify[bot]
mergify[bot]
parent
be92e09206
commit
d0906f602b
58
OvmfPkg/VirtHstiDxe/QemuQ35.c
Normal file
58
OvmfPkg/VirtHstiDxe/QemuQ35.c
Normal file
@@ -0,0 +1,58 @@
|
||||
/** @file
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/HstiLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
#include <Library/PciLib.h>
|
||||
|
||||
#include <IndustryStandard/Hsti.h>
|
||||
#include <IndustryStandard/Q35MchIch9.h>
|
||||
|
||||
#include "VirtHstiDxe.h"
|
||||
|
||||
STATIC VIRT_ADAPTER_INFO_PLATFORM_SECURITY mHstiQ35 = {
|
||||
PLATFORM_SECURITY_VERSION_VNEXTCS,
|
||||
PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
|
||||
{ L"OVMF (Qemu Q35)" },
|
||||
VIRT_HSTI_SECURITY_FEATURE_SIZE,
|
||||
};
|
||||
|
||||
VIRT_ADAPTER_INFO_PLATFORM_SECURITY *
|
||||
VirtHstiQemuQ35Init (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
if (FeaturePcdGet (PcdSmmSmramRequire)) {
|
||||
VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
|
||||
}
|
||||
|
||||
return &mHstiQ35;
|
||||
}
|
||||
|
||||
VOID
|
||||
VirtHstiQemuQ35Verify (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK)) {
|
||||
CHAR16 *ErrorMsg = NULL;
|
||||
UINT8 SmramVal;
|
||||
UINT8 EsmramcVal;
|
||||
|
||||
SmramVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_SMRAM));
|
||||
EsmramcVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_ESMRAMC));
|
||||
|
||||
if (!(EsmramcVal & MCH_ESMRAMC_T_EN)) {
|
||||
ErrorMsg = L"q35 smram access is open";
|
||||
} else if (!(SmramVal & MCH_SMRAM_D_LCK)) {
|
||||
ErrorMsg = L"q35 smram config is not locked";
|
||||
}
|
||||
|
||||
VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user