Jiaxin Wu
42e8fa84f7
UefiCpuPkg/SmmRelocationLib: Rename global variables
...
This patch aims to rename global variables for clearer
association with Smm Init, ensuring their names are
distinct from those used in the PiSmmCpuDxeSmm Driver.
Cc: Ray Ni <ray.ni@intel.com >
Cc: Zeng Star <star.zeng@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com >
Reviewed-by: Ray Ni <ray.ni@intel.com >
2024-05-08 01:53:58 +00:00
Jiaxin Wu
51fcd2023b
UefiCpuPkg/SmmRelocationLib: Add SmmRelocationLib library instance
...
This patch just separates the smbase relocation logic from
PiSmmCpuDxeSmm driver, and moves to the SmmRelocationInit
interface. It maintains the original implementation of most
functions and leaves the definitions of global variables
intact. Further refinements to the code are planned for
subsequent patches.
Platform shall consume the interface for the smbase
relocation if need SMM support.
Note:
Before using SmmRelocationLib, the PiSmmCpuDxeSmm driver
allocates the SMRAM to be used for SMI handler and Save
state area of each processor from Smst->AllocatePages().
With SmmRelocationLib, the SMRAM allocation for SMI
handlers and Save state areas is moved to early PEI
phase (Smst->AllocatePages() service is not available).
So, the allocation is done by splitting the SMRAM out of
the SMRAM regions reported from gEfiSmmSMramMemoryGuid.
So, Platform must produce the gEfiSmmSMramMemoryGuid HOB
for SmmRelocationLib usage.
Cc: Ray Ni <ray.ni@intel.com >
Cc: Zeng Star <star.zeng@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com >
Reviewed-by: Ray Ni <ray.ni@intel.com >
2024-05-08 01:53:58 +00:00
Jiaxin Wu
af9b851732
UefiCpuPkg: Add SmmRelocationLib class
...
Intel plans to separate the smbase relocation logic from
PiSmmCpuDxeSmm driver, and the related behavior will be
moved to the new interface defined by the SmmRelocationLib
class.
The SmmRelocationLib class provides the SmmRelocationInit()
interface for platform to do the smbase relocation, which
shall provide below 2 functionalities:
1. Relocate smbases for each processor.
2. Create the gSmmBaseHobGuid HOB.
With SmmRelocationLib, PiSmmCpuDxeSmm driver (which runs at
a later phase) shall:
1. Consume the gSmmBaseHobGuid HOB for the relocated smbases
for each Processor.
2. Execute the early SMM Init.
This patch just provides the SmmRelocationLib class.
Cc: Ray Ni <ray.ni@intel.com >
Cc: Zeng Star <star.zeng@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com >
Reviewed-by: Ray Ni <ray.ni@intel.com >
2024-05-08 01:53:58 +00:00
Ray Ni
987bea6525
UefiCpuPkg/PiSmmCpuDxeSmm: Handle the NULL gMpInformation2HobGuid
...
If gMpInformation2HobGuid HOB is NULL,
then fall back to an older way of collecting
CPU information from the MP services library.
Reviewed-by: Ray Ni <ray.ni@intel.com >
Cc: Laszlo Ersek <lersek@redhat.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com >
2024-05-07 06:55:18 +00:00
Xianglei Cai
1c0d4ae2c0
MdeModulePkg/XhciDxe: Add PCD for the delay of HCRST
...
https://bugzilla.tianocore.org/show_bug.cgi?id=4727
Recently some of XHCI host controllers require to have
extra 1ms delay before accessing any MMIO register
during reset. PHY transition from P3 to P0 can take
around 1.3ms and the xHCI reset can take around 1.5ms.
Add PCD to control the delay, the default is 2 ms.
Cc: Ray Ni <ray.ni@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Krzysztof Lewandowski <krzysztof.lewandowski@intel.com >
Cc: Jenny Huang <jenny.huang@intel.com >
Cc: More Shih <more.shih@intel.com >
Cc: Ian Chiu <ian.chiu@intel.com >
Signed-off-by: Xianglei Cai <xianglei.cai@intel.com >
Reviewed-by: Krzysztof Lewandowski <krzysztof.lewandowski@intel.com >
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn >
2024-05-07 04:48:09 +00:00
Xianglei Cai
c12bbc1490
MdeModulePkg/XhciDxe: Reset endpoint while USB Transaction error
...
https://bugzilla.tianocore.org/show_bug.cgi?id=4556
Based on XHCI spec 4.8.3, software should do the
reset endpoint while USB Transaction occur.
Add the error code for USB Transaction error
since UEFI spec don't have the related definition.
Cc: Ray Ni <ray.ni@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Krzysztof Lewandowski <krzysztof.lewandowski@intel.com >
Cc: Jenny Huang <jenny.huang@intel.com >
Cc: More Shih <more.shih@intel.com >
Signed-off-by: Xianglei Cai <xianglei.cai@intel.com >
Reviewed-by: Krzysztof Lewandowski <krzysztof.lewandowski@intel.com >
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn >
2024-05-07 02:26:46 +00:00
Dionna Glaze
17f333f2a4
OvmfPkg: Add sp800155Event3 support
...
The signatures for event2 or event3 are now valid TCG SP800155 event
types. Fixes uncrustify formatting.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Dionna Glaze <dionnaglaze@google.com >
2024-05-07 00:21:40 +00:00
Dionna Glaze
7097c97bde
SecurityPkg: Recognize sp800155Event3 event
...
The signatures for event2 or event3 are now valid TCG SP800155 event
types. Fixes uncrustify formatting.
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Dionna Glaze <dionnaglaze@google.com >
2024-05-07 00:21:40 +00:00
Dionna Glaze
370c55b2ba
MdePkg: Add TcgSp800155Event3 type info
...
TCG PC Client Platform Firmware Profile 1.06 revision 52 of December
2023 added a new event signature and extended information about where a
reference measurement document for the firmware can be found.
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Zhiguang Liu <zhiguang.liu@intel.com >
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com >
Signed-off-by: Dionna Glaze <dionnaglaze@google.com >
Acked-by: Liming Gao <gaoliming@byosoft.com.cn >
2024-05-07 00:21:40 +00:00
Nickle Wang
24fa360857
RedfishPkg: Rename x-uefi-redfish to x-UEFI-redfish
...
Rename x-uefi-redfish to x-UEFI-redfish to match the format of
UEFI configuration namespace prefix.
RFC: https://edk2.groups.io/g/rfc/message/849
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com >
Co-authored-by: Nickle Wang <nicklew@nvidia.com >
Cc: Abner Chang <abner.chang@amd.com >
Cc: Igor Kulchytskyy <igork@ami.com >
Cc: Nick Ramirez <nramirez@nvidia.com >
Reviewed-by: Abner Chang <abner.chang@amd.com >
2024-05-04 04:03:13 +00:00
Duggapu Chinni B
248aa153f6
IntelFsp2Pkg/PatchFv.py: FIX for GCC 32BIT build error
...
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4762
Map file generating 8 byte address offset is not matched
with the pattern defined in patchFv tool resulting build
error.
Cc: Chasel Chiu <chasel.chiu@intel.com >
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com >
Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com >
Reviewed-by: Ashraf Ali S <ashraf.ali.s@intel.com >
Cc: Ted Kuo <ted.kuo@intel.com >
Signed-off-by: Duggapu Chinni B <chinni.b.duggapu@intel.com >
2024-05-03 00:25:54 +00:00
Michael Roth
fecf55a66a
OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC
...
The current #VC handler guards against MMIO to addresses that are mapped
with the encryption bit set, but has an special exception for MMIO
accesses to the APIC base address so allow for early access during SEC.
Now that the SEC page table has the encryption bit cleared for the APIC
base address range, there is no longer any need for this special
handling. Go ahead and remove it.
Cc: Ard Biesheuvel <ardb@kernel.org >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Erdem Aktas <erdemaktas@google.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Min Xu <min.m.xu@intel.com >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Signed-off-by: Michael Roth <michael.roth@amd.com >
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com >
2024-05-02 12:43:50 +00:00
Michael Roth
f0ed194236
OvmfPkg: Don't make APIC MMIO accesses with encryption bit set
...
For the most part, OVMF will clear the encryption bit for MMIO regions,
but there is currently one known exception during SEC when the APIC
base address is accessed via MMIO with the encryption bit set for
SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special
handling on the hypervisor side which may not be available in the
future[1], so make the necessary changes in the SEC-configured page
table to clear the encryption bit for 4K region containing the APIC
base address.
[1] https://lore.kernel.org/lkml/20240208002420.34mvemnzrwwsaesw@amd.com/#t
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com >
Cc: Ard Biesheuvel <ardb@kernel.org >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Erdem Aktas <erdemaktas@google.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Min Xu <min.m.xu@intel.com >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Cc: Jianyong Wu <jianyong.wu@arm.com >
Cc: Anatol Belski <anbelski@linux.microsoft.com >
Signed-off-by: Michael Roth <michael.roth@amd.com >
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com >
2024-05-02 12:43:50 +00:00
Michael Roth
fd290ab862
OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs
...
Future changes will make use of CpuPageTableLib to handle splitting
page table mappings during SEC phase. While it's not strictly required
by hardware, CpuPageTableLib relies on non-leaf PTEs never having the
encryption bit set, so go ahead change the page table setup code to
satisfy this expectation.
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com >
Cc: Ard Biesheuvel <ardb@kernel.org >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Erdem Aktas <erdemaktas@google.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Min Xu <min.m.xu@intel.com >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Signed-off-by: Michael Roth <michael.roth@amd.com >
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com >
2024-05-02 12:43:50 +00:00
Anthony PERARD
5f783827bb
Maintainers.txt: Update my email address
...
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com >
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com >
2024-05-02 12:43:50 +00:00
Jiaxin Wu
5d4c5253e8
Maintainers.txt: Update StandaloneMmPkg and UefiCpuPkg Reviewer
...
This is to update StandaloneMmPkg and UefiCpuPkg Reviewer.
Cc: Ray Ni <ray.ni@intel.com >
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Sami Mujawar <sami.mujawar@arm.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com >
Reviewed-by: Ray Ni <ray.ni@intel.com >
2024-04-30 11:10:10 +00:00
Chao Li
ec6e59aefe
OvmfPkg: Remove QemuFwCfgLibMmio.inf
...
All of platforms are switching to QemuFwCfgMmioDxeLib.inf, remove
QemuFwCfgLibMmio.inf now.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Chao Li
1699845c5f
OvmfPkg/RiscVVirt: Enable QemuFwCfgMmioDxeLib.inf
...
Enable QemuFwCfgMmioDxeLib.inf in RiscVVirtQemu.dsc
Build-tested only (with "RiscVVirtQemu.dsc").
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Sunil V L <sunilvl@ventanamicro.com >
Cc: Andrei Warkentin <andrei.warkentin@intel.com >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Chao Li
3a4efc98b0
ArmVirtPkg: Enable QemuFwCfgMmioDxeLib.inf
...
Enable QemuFwCfgMmioDxeLib.inf in ArmVirtQemu.dsc and
ArmVirtQemuKernel.dsc.
Build-tested only (with "ArmVirtQemu.dsc").
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Leif Lindholm <quic_llindhol@quicinc.com >
Cc: Sami Mujawar <sami.mujawar@arm.com >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Chao Li
3d87214a20
OvmfPkg: Copy the same new INF as QemuFwCfgLibMmio.inf
...
Copy QemuFwCfgLibMmio.inf to QemuFwCfgMmioDxeLib.inf,
QemuFwCfgLibMmio.inf will be deleted when all platforms switching is
completed.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Chao Li
fcce7f77e6
OvmfPkg: Add the QemuFwCfgMmioLib PEI stage version
...
Added the PEI stage library for QemuFwCfgMmioLib, which uses the FDT to
find the fw_cfg and parse it.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Co-authored-by: Xianglai Li <lixianglai@loongson.cn >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Chao Li
748d57d40f
OvmfPkg: Add the way of HOBs in QemuFwCfgLibMmio
...
Added the HOB methods to load and store the QEMU firmware configure
address, data address and DMA address, which are not enabled during the
DXE stage.
Build-tested only (with "ArmVirtQemu.dsc and RiscVVirtQemu.dsc").
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Leif Lindholm <quic_llindhol@quicinc.com >
Cc: Sami Mujawar <sami.mujawar@arm.com >
Cc: Sunil V L <sunilvl@ventanamicro.com >
Cc: Andrei Warkentin <andrei.warkentin@intel.com >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Chao Li
5e31c5666d
OvmfPkg: Separate QemuFwCfgLibMmio.c into two files
...
Separate QemuFwCfgLibMmio.c into two files named QemuFwCfgLibMmio.c and
QemuFwCfgLibMmioDxe.c, added a new header named
QemuFwCfgLibMmioInternal.h for MMIO version.
Some DXE stage variables became non-static in this patch, they will be
restored to static in the next patch.
Build-tested only (with "ArmVirtQemu.dsc and RiscVVirtQemu.dsc").
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Leif Lindholm <quic_llindhol@quicinc.com >
Cc: Sami Mujawar <sami.mujawar@arm.com >
Cc: Sunil V L <sunilvl@ventanamicro.com >
Cc: Andrei Warkentin <andrei.warkentin@intel.com >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Chao Li
e942b85a21
OvmfPkg: Add a GUID for QemuFwCfgLib
...
Added a new GUID for QemuFwCfgLib MMIO version, called
gQemuFirmwareResourceHobGuid, which is used to save QEMU firmware
configure resource during PEI stage.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Chao Li <lichao@loongson.cn >
2024-04-30 11:10:10 +00:00
Jiaxin Wu
0c74aa2073
UefiCpuPkg/Library: Cleanup debug message in LmceSupport
...
ProcessorNumber 0 is not always BSP. Debug message based on 0
of ProcessorNumber is incorrect.
This patch is to clean the debug message in LmceSupport
directly.
Cc: Ray Ni <ray.ni@intel.com >
Cc: Zeng Star <star.zeng@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com >
Reviewed-by: Zeng Star <star.zeng@intel.com >
Reviewed-by: Ray Ni <ray.ni@intel.com >
2024-04-30 07:15:46 +00:00
Wenxing Hou
88781ccd74
ReadMe.rst: Add libspdm submodule license
...
This patch add libspdm submodule license.
Cc: Andrew Fish <afish@apple.com >
Cc: Leif Lindholm <quic_llindhol@quicinc.com >
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
54a4fd9b35
SecurityPkg: Add libspdm submodule
...
libspdm is submodule to support DeviceSecurity feature.
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
9bc2725198
.gitmodule: Add libspdm submodule for EDKII
...
libspdm is submodule, which will be used in DeviceSecurity.
Cc: Andrew Fish <afish@apple.com >
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
cf3b34c0b8
.pytool/CISettings.py: add libspdm submodule.
...
Add DeviceSecurity submodule libspdm.
Cc: Sean Brogan <sean.brogan@microsoft.com >
Cc: Joey Vagedes <joey.vagedes@gmail.com >
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
750d763623
SecurityPkg: add DeviceSecurity support
...
This patch implement the SpdmSecurityLib,
which is the core of DeviceSecurity.
And the SpdmSecurityLib include Device Authentication and Measurement.
The other library is to support SpdmSecurityLib.
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
c3f615a1bd
SecurityPkg: Add TCG PFP 1.06 support.
...
Add new api Tpm2ExtendNvIndex.
It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX.
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Rahul Kumar <rahul1.kumar@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
d8e4c4b000
MdeModulePkg/Variable: Add TCG SPDM device measurement update
...
Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable.
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
74db2ed3e5
MdePkg: Add devAuthBoot GlobalVariable
...
According to UEFI 2.10 spec 3.3 Globally Defined Variables section,
add devAuthBoot GlobalVariable.
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Zhiguang Liu <zhiguang.liu@intel.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
5f391c6606
MdePkg: Add TCG PFP 1.06 support.
...
Add support for
TCG PC Client Platform Firmware Profile Specification 1.06.
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Zhiguang Liu <zhiguang.liu@intel.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Wenxing Hou
338fd26b8f
MdePkg: Add SPDM1.2 support.
...
Update Spdm.h to support 1.2 new features, such as:
Authentication and measurement. It wil be used in DeviceSecurity.
The DeviceSecurity feature is from
TCG PC Client Platform Firmware Profile Specification 1.06.
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Zhiguang Liu <zhiguang.liu@intel.com >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-30 02:21:13 +00:00
Foster Nong
094727264f
MdePkg: Add Cxl30.h into IndustryStandard
...
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4516
1) Add CXL 3.0 header file to comply with CXL 3.0 specification
2) CXL 3.0 header will embed Cxl20.h
3) Updated Cxl.h to point to 3.0 header file
Signed-off-by: Foster Nong <foster.nong@intel.com >
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Ray Ni <ray.ni@intel.com >
Cc: Chris Li <chrisli@os.amperecomputing.com >
Acked-by: Liming Gao <gaoliming@byosoft.com.cn >
2024-04-29 10:39:23 +00:00
Gua Guo
c0dfe3ec1f
BaseTools/GetUtcDateTime.py: Python 3.12 support
...
Ref to https://docs.python.org/3/whatsnew/3.12.html
utcnow() and utcfromtimestamp() are deprecated
Prevent use it cause build error.
Cc: Rebecca Cran <rebecca@bsdio.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Bob Feng <bob.c.feng@intel.com >
Cc: Yuwei Chen <yuwei.chen@intel.com >
Signed-off-by: Gua Guo <gua.guo@intel.com >
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn >
2024-04-26 03:01:55 +00:00
Gerd Hoffmann
66c24219ad
OvmfPkg/VirtHstiDxe: do not load driver in confidential guests
...
The VirtHstiDxe does not work in confidential guests. There also isn't
anything we can reasonably test, neither flash storage nor SMM mode will
be used in that case. So just skip driver load when running in a
confidential guest.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Fixes: 506740982b
("OvmfPkg/VirtHstiDxe: add code flash check")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com >
Tested-by: Srikanth Aithal <sraithal@amd.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-25 00:55:20 +00:00
Michael Kubacki
90b6725562
Update to CodeQL 2.16.1
...
Updates CodeQL to work with the latest queries. Includes functional
and security fixes within the CodeQL CLI binary.
For more information on release details see:
https://github.com/github/codeql-cli-binaries/releases
For changes between the previous version (2.14.5) and 2.16.1 see:
https://github.com/github/codeql-cli-binaries/compare/v2.14.5...v2.16.1
Cc: Bob Feng <bob.c.feng@intel.com >
Cc: Joey Vagedes <joey.vagedes@gmail.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Michael D Kinney <michael.d.kinney@intel.com >
Cc: Rebecca Cran <rebecca@bsdio.com >
Cc: Sean Brogan <sean.brogan@microsoft.com >
Cc: Yuwei Chen <yuwei.chen@intel.com >
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com >
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com >
Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com >
2024-04-24 23:11:19 +00:00
Gua Guo
d97f964f7c
BaseTools/Fmmt.py: Python 3.12 support
...
Ref to https://docs.python.org/3/whatsnew/3.12.html
A backslash-character pair that is not a valid
escape sequence now generates
Cc: Rebecca Cran <rebecca@bsdio.com >
Cc: Liming Gao <gaoliming@byosoft.com.cn >
Cc: Bob Feng <bob.c.feng@intel.com >
Cc: Yuwei Chen <yuwei.chen@intel.com >
Signed-off-by: Gua Guo <gua.guo@intel.com >
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn >
2024-04-23 21:36:22 +00:00
Adam Dunlap
e3fa6986ae
OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742)
...
Ensure that when a #VC exception happens, the instruction at the
instruction pointer matches the instruction that is expected given the
error code. This is to mitigate the ahoi WeSee attack [1] that could
allow hypervisors to breach integrity and confidentiality of the
firmware by maliciously injecting interrupts. This change is a
translated version of a linux patch e3ef461af35a ("x86/sev: Harden #VC
instruction emulation somewhat")
[1] https://ahoi-attacks.github.io/wesee/
Cc: Borislav Petkov (AMD) <bp@alien8.de >
Cc: Tom Lendacky <thomas.lendacky@amd.com >
Signed-off-by: Adam Dunlap <acdunlap@google.com >
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com >
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com >
2024-04-23 17:29:55 +00:00
Gua Guo
86c8d69146
IntelFsp2Pkg/PatchFv.py: Python 3.12 support
...
Ref to https://docs.python.org/3/whatsnew/3.12.html
A backslash-character pair that is not a valid
escape sequence now generates
Cc: Chasel Chiu <chasel.chiu@intel.com >
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com >
Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com >
Cc: Star Zeng <star.zeng@intel.com >
Cc: Ted Kuo <ted.kuo@intel.com >
Reviewed-by: Ashraf Ali S <ashraf.ali.s@intel.com >
Cc: Susovan Mohapatra <susovan.mohapatra@intel.com >
Signed-off-by: Gua Guo <gua.guo@intel.com >
2024-04-22 22:57:07 +00:00
Gua Guo
680030a6ec
IntelFsp2Pkg/GenCfgOpt.py: Python 3.12 support
...
Ref to https://docs.python.org/3/whatsnew/3.12.html
A backslash-character pair that is not a valid
escape sequence now generates
Cc: Chasel Chiu <chasel.chiu@intel.com >
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com >
Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com >
Cc: Star Zeng <star.zeng@intel.com >
Cc: Ted Kuo <ted.kuo@intel.com >
Reviewed-by: Ashraf Ali S <ashraf.ali.s@intel.com >
Cc: Susovan Mohapatra <susovan.mohapatra@intel.com >
Signed-off-by: Gua Guo <gua.guo@intel.com >
2024-04-22 22:57:07 +00:00
Ard Biesheuvel
7dd7b89058
ArmVirtPkg/ArmVirtQemu: always build XIP code with strict alignment
...
The optimization that enabled entry with MMU and caches enabled at EL1
removed the strict alignment requirement for XIP code (roughly, any code
that might execute with the MMU and caches off, which means SEC and PEI
phase modules but also *all* BASE libraries), on the basis that QEMU can
only run guest payloads at EL2 in TCG emulation, which used to ignore
alignment violations, and execution at EL1 would always occur with the
MMU enabled.
This assumption no longer holds: not only does QEMU now enforce strict
alignment for memory accesses with device semantics, there are also
cases where this code might execute at EL2 under virtualization (i.e.,
under NV2 nested virtualization) where the strict alignment is required
too.
The latter case could be optimized too, by enabling VHE and pretending
execution is occurring at EL1, which would allow the existing logic for
entry with the MMU enabled to be reused. However, this would leave
non-VHE CPUs behind.
So in summary, strict alignment needs to be enforced for any code that
may execute with the MMU off, so drop the override that sets the XIP
flags to the empty string.
Cc: Ard Biesheuvel <ardb@kernel.org >
Signed-off-by: Ard Biesheuvel <ardb@kernel.org >
Tested-by: Jonathan Cameron <Jonathan.Cameron@huawei.com >
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com >
2024-04-22 13:05:21 +00:00
Gerd Hoffmann
f29160a896
OvmfPkg/VirtHstiDxe: add README.md
...
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Konstantin Kostiuk <kkostiuk@redhat.com >
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com >
2024-04-22 13:05:21 +00:00
Gerd Hoffmann
506740982b
OvmfPkg/VirtHstiDxe: add code flash check
...
Detects qemu config issue: code pflash is writable.
Checked for both PC and Q35.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Konstantin Kostiuk <kkostiuk@redhat.com >
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com >
2024-04-22 13:05:21 +00:00
Gerd Hoffmann
ddc43e7a41
OvmfPkg/VirtHstiDxe: add varstore flash check
...
Detects qemu config issue: vars pflash is not in secure mode (write
access restricted to smm). Applies to Q35 with SMM only.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Konstantin Kostiuk <kkostiuk@redhat.com >
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com >
2024-04-22 13:05:21 +00:00
Konstantin Kostiuk
538b8944c1
OvmfPkg: Add VirtHstiDxe to OVMF firmware build
...
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com >
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com >
2024-04-22 13:05:21 +00:00
Konstantin Kostiuk
d0906f602b
OvmfPkg: Add VirtHstiDxe driver
...
The driver supports qemu machine types 'pc' and 'q35'.
This patch adds some helper functions to manage the bitmasks.
The implemented features depend on both OVMF build configuration
and qemu VM configuration.
For q35 a single security feature is supported and checked: In
SMM-enabled builds the driver will verify smram is properly locked.
That test should never fail.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org >
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Konstantin Kostiuk <kkostiuk@redhat.com >
Initial-patch-by: Konstantin Kostiuk <kkostiuk@redhat.com >
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com >
2024-04-22 13:05:21 +00:00
Min M Xu
be92e09206
OvmfPkg/IntelTdx: Update TDVF README
...
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4756
There are below updates in this patch:
1. Rename README to README.md so that it can be show as markdown
document.
2. Update some information about TDVF.
2. Fix some typo.
Cc: Jiewen Yao <jiewen.yao@intel.com >
Cc: Gerd Hoffmann <kraxel@redhat.com >
Signed-off-by: Min Xu <min.m.xu@intel.com >
Acked-by: Gerd Hoffmann <kraxel@redhat.com >
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com >
2024-04-22 02:53:53 +00:00