sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,512 Commits 13 Branches 33 Tags
42e8fa84f782d79cd18cd10493375d5b71bcc71b
Commit Graph

32512 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jiaxin Wu
42e8fa84f7 UefiCpuPkg/SmmRelocationLib: Rename global variables 
This patch aims to rename global variables for clearer
association with Smm Init, ensuring their names are
distinct from those used in the PiSmmCpuDxeSmm Driver.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Zeng Star <star.zeng@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
 2024-05-08 01:53:58 +00:00
Jiaxin Wu
51fcd2023b UefiCpuPkg/SmmRelocationLib: Add SmmRelocationLib library instance 
This patch just separates the smbase relocation logic from
PiSmmCpuDxeSmm driver, and moves to the SmmRelocationInit
interface. It maintains the original implementation of most
functions and leaves the definitions of global variables
intact. Further refinements to the code are planned for
subsequent patches.

Platform shall consume the interface for the smbase
relocation if need SMM support.

Note:
Before using SmmRelocationLib, the PiSmmCpuDxeSmm driver
allocates the SMRAM to be used for SMI handler and Save
state area of each processor from Smst->AllocatePages().
With SmmRelocationLib, the SMRAM allocation for SMI
handlers and Save state areas is moved to early PEI
phase (Smst->AllocatePages() service is not available).
So, the allocation is done by splitting the SMRAM out of
the SMRAM regions reported from gEfiSmmSMramMemoryGuid.

So, Platform must produce the gEfiSmmSMramMemoryGuid HOB
for SmmRelocationLib usage.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Zeng Star <star.zeng@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
 2024-05-08 01:53:58 +00:00
Jiaxin Wu
af9b851732 UefiCpuPkg: Add SmmRelocationLib class 
Intel plans to separate the smbase relocation logic from
PiSmmCpuDxeSmm driver, and the related behavior will be
moved to the new interface defined by the SmmRelocationLib
class.

The SmmRelocationLib class provides the SmmRelocationInit()
interface for platform to do the smbase relocation, which
shall provide below 2 functionalities:
1. Relocate smbases for each processor.
2. Create the gSmmBaseHobGuid HOB.

With SmmRelocationLib, PiSmmCpuDxeSmm driver (which runs at
a later phase) shall:
1. Consume the gSmmBaseHobGuid HOB for the relocated smbases
for each Processor.
2. Execute the early SMM Init.

This patch just provides the SmmRelocationLib class.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Zeng Star <star.zeng@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
 2024-05-08 01:53:58 +00:00
Ray Ni
987bea6525 UefiCpuPkg/PiSmmCpuDxeSmm: Handle the NULL gMpInformation2HobGuid 
If gMpInformation2HobGuid HOB is NULL,
then fall back to an older way of collecting
CPU information from the MP services library.

Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
 2024-05-07 06:55:18 +00:00
Xianglei Cai
1c0d4ae2c0 MdeModulePkg/XhciDxe: Add PCD for the delay of HCRST 
https://bugzilla.tianocore.org/show_bug.cgi?id=4727

Recently some of XHCI host controllers require to have
extra 1ms delay before accessing any MMIO register
during reset. PHY transition from P3 to P0 can take
around 1.3ms and the xHCI reset can take around 1.5ms.
Add PCD to control the delay, the default is 2 ms.

Cc: Ray Ni                   <ray.ni@intel.com>
Cc: Liming Gao               <gaoliming@byosoft.com.cn>
Cc: Krzysztof Lewandowski    <krzysztof.lewandowski@intel.com>
Cc: Jenny Huang              <jenny.huang@intel.com>
Cc: More Shih                <more.shih@intel.com>
Cc: Ian Chiu                 <ian.chiu@intel.com>
Signed-off-by: Xianglei Cai <xianglei.cai@intel.com>
Reviewed-by: Krzysztof Lewandowski <krzysztof.lewandowski@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
 2024-05-07 04:48:09 +00:00
Xianglei Cai
c12bbc1490 MdeModulePkg/XhciDxe: Reset endpoint while USB Transaction error 
https://bugzilla.tianocore.org/show_bug.cgi?id=4556

Based on XHCI spec 4.8.3, software should do the
reset endpoint while USB Transaction occur.
Add the error code for USB Transaction error
since UEFI spec don't have the related definition.

Cc: Ray Ni                  <ray.ni@intel.com>
Cc: Liming Gao              <gaoliming@byosoft.com.cn>
Cc: Krzysztof Lewandowski   <krzysztof.lewandowski@intel.com>
Cc: Jenny Huang             <jenny.huang@intel.com>
Cc: More Shih               <more.shih@intel.com>
Signed-off-by: Xianglei Cai <xianglei.cai@intel.com>
Reviewed-by: Krzysztof Lewandowski <krzysztof.lewandowski@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
 2024-05-07 02:26:46 +00:00
Dionna Glaze
17f333f2a4 OvmfPkg: Add sp800155Event3 support 
The signatures for event2 or event3 are now valid TCG SP800155 event
types. Fixes uncrustify formatting.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
 2024-05-07 00:21:40 +00:00
Dionna Glaze
7097c97bde SecurityPkg: Recognize sp800155Event3 event 
The signatures for event2 or event3 are now valid TCG SP800155 event
types. Fixes uncrustify formatting.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
 2024-05-07 00:21:40 +00:00
Dionna Glaze
370c55b2ba MdePkg: Add TcgSp800155Event3 type info 
TCG PC Client Platform Firmware Profile 1.06 revision 52 of December
2023 added a new event signature and extended information about where a
reference measurement document for the firmware can be found.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Acked-by: Liming Gao <gaoliming@byosoft.com.cn>
 2024-05-07 00:21:40 +00:00
Nickle Wang
24fa360857 RedfishPkg: Rename x-uefi-redfish to x-UEFI-redfish 
Rename x-uefi-redfish to x-UEFI-redfish to match the format of
UEFI configuration namespace prefix.

RFC: https://edk2.groups.io/g/rfc/message/849

Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
Co-authored-by: Nickle Wang <nicklew@nvidia.com>
Cc: Abner Chang <abner.chang@amd.com>
Cc: Igor Kulchytskyy <igork@ami.com>
Cc: Nick Ramirez <nramirez@nvidia.com>
Reviewed-by: Abner Chang <abner.chang@amd.com>
 2024-05-04 04:03:13 +00:00
Duggapu Chinni B
248aa153f6 IntelFsp2Pkg/PatchFv.py: FIX for GCC 32BIT build error 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4762

Map file generating 8 byte address offset is not matched
with the pattern defined in patchFv tool resulting build
error.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com>
Reviewed-by: Ashraf Ali S <ashraf.ali.s@intel.com>
Cc: Ted Kuo <ted.kuo@intel.com>

Signed-off-by: Duggapu Chinni B <chinni.b.duggapu@intel.com>
 2024-05-03 00:25:54 +00:00
Michael Roth
fecf55a66a OvmfPkg/CcExitLib: Drop special handling for Encrypted MMIO to APIC 
The current #VC handler guards against MMIO to addresses that are mapped
with the encryption bit set, but has an special exception for MMIO
accesses to the APIC base address so allow for early access during SEC.

Now that the SEC page table has the encryption bit cleared for the APIC
base address range, there is no longer any need for this special
handling. Go ahead and remove it.

Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-05-02 12:43:50 +00:00
Michael Roth
f0ed194236 OvmfPkg: Don't make APIC MMIO accesses with encryption bit set 
For the most part, OVMF will clear the encryption bit for MMIO regions,
but there is currently one known exception during SEC when the APIC
base address is accessed via MMIO with the encryption bit set for
SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special
handling on the hypervisor side which may not be available in the
future[1], so make the necessary changes in the SEC-configured page
table to clear the encryption bit for 4K region containing the APIC
base address.

[1] https://lore.kernel.org/lkml/20240208002420.34mvemnzrwwsaesw@amd.com/#t

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jianyong Wu <jianyong.wu@arm.com>
Cc: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-05-02 12:43:50 +00:00
Michael Roth
fd290ab862 OvmfPkg/ResetVector: Clear SEV encryption bit for non-leaf PTEs 
Future changes will make use of CpuPageTableLib to handle splitting
page table mappings during SEC phase. While it's not strictly required
by hardware, CpuPageTableLib relies on non-leaf PTEs never having the
encryption bit set, so go ahead change the page table setup code to
satisfy this expectation.

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-05-02 12:43:50 +00:00
Anthony PERARD
5f783827bb Maintainers.txt: Update my email address 
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
 2024-05-02 12:43:50 +00:00
Jiaxin Wu
5d4c5253e8 Maintainers.txt: Update StandaloneMmPkg and UefiCpuPkg Reviewer 
This is to update StandaloneMmPkg and UefiCpuPkg Reviewer.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
 2024-04-30 11:10:10 +00:00
Chao Li
ec6e59aefe OvmfPkg: Remove QemuFwCfgLibMmio.inf 
All of platforms are switching to QemuFwCfgMmioDxeLib.inf, remove
QemuFwCfgLibMmio.inf now.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Chao Li
1699845c5f OvmfPkg/RiscVVirt: Enable QemuFwCfgMmioDxeLib.inf 
Enable QemuFwCfgMmioDxeLib.inf in RiscVVirtQemu.dsc

Build-tested only (with "RiscVVirtQemu.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Sunil V L <sunilvl@ventanamicro.com>
Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Chao Li
3a4efc98b0 ArmVirtPkg: Enable QemuFwCfgMmioDxeLib.inf 
Enable QemuFwCfgMmioDxeLib.inf in ArmVirtQemu.dsc and
ArmVirtQemuKernel.dsc.

Build-tested only (with "ArmVirtQemu.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Chao Li
3d87214a20 OvmfPkg: Copy the same new INF as QemuFwCfgLibMmio.inf 
Copy QemuFwCfgLibMmio.inf to QemuFwCfgMmioDxeLib.inf,
QemuFwCfgLibMmio.inf will be deleted when all platforms switching is
completed.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Chao Li
fcce7f77e6 OvmfPkg: Add the QemuFwCfgMmioLib PEI stage version 
Added the PEI stage library for QemuFwCfgMmioLib, which uses the FDT to
find the fw_cfg and parse it.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Co-authored-by: Xianglai Li <lixianglai@loongson.cn>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Chao Li
748d57d40f OvmfPkg: Add the way of HOBs in QemuFwCfgLibMmio 
Added the HOB methods to load and store the QEMU firmware configure
address, data address and DMA address, which are not enabled during the
DXE stage.

Build-tested only (with "ArmVirtQemu.dsc and RiscVVirtQemu.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Sunil V L <sunilvl@ventanamicro.com>
Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Chao Li
5e31c5666d OvmfPkg: Separate QemuFwCfgLibMmio.c into two files 
Separate QemuFwCfgLibMmio.c into two files named QemuFwCfgLibMmio.c and
QemuFwCfgLibMmioDxe.c, added a new header named
QemuFwCfgLibMmioInternal.h for MMIO version.

Some DXE stage variables became non-static in this patch, they will be
restored to static in the next patch.

Build-tested only (with "ArmVirtQemu.dsc and RiscVVirtQemu.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Sunil V L <sunilvl@ventanamicro.com>
Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Chao Li
e942b85a21 OvmfPkg: Add a GUID for QemuFwCfgLib 
Added a new GUID for QemuFwCfgLib MMIO version, called
gQemuFirmwareResourceHobGuid, which is used to save QEMU firmware
configure resource during PEI stage.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4755

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
 2024-04-30 11:10:10 +00:00
Jiaxin Wu
0c74aa2073 UefiCpuPkg/Library: Cleanup debug message in LmceSupport 
ProcessorNumber 0 is not always BSP. Debug message based on 0
of ProcessorNumber is incorrect.

This patch is to clean the debug message in LmceSupport
directly.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Zeng Star <star.zeng@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
 2024-04-30 07:15:46 +00:00
Wenxing Hou
88781ccd74 ReadMe.rst: Add libspdm submodule license 
This patch add libspdm submodule license.

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
54a4fd9b35 SecurityPkg: Add libspdm submodule 
libspdm is submodule to support DeviceSecurity feature.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
9bc2725198 .gitmodule: Add libspdm submodule for EDKII 
libspdm is submodule, which will be used in DeviceSecurity.

Cc: Andrew Fish <afish@apple.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
cf3b34c0b8 .pytool/CISettings.py: add libspdm submodule. 
Add DeviceSecurity submodule libspdm.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
750d763623 SecurityPkg: add DeviceSecurity support 
This patch implement the SpdmSecurityLib,
which is the core of DeviceSecurity.
And the SpdmSecurityLib include Device Authentication and Measurement.
The other library is to support SpdmSecurityLib.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
c3f615a1bd SecurityPkg: Add TCG PFP 1.06 support. 
Add new api Tpm2ExtendNvIndex.
It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
d8e4c4b000 MdeModulePkg/Variable: Add TCG SPDM device measurement update 
Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable.

Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
74db2ed3e5 MdePkg: Add devAuthBoot GlobalVariable 
According to UEFI 2.10 spec 3.3 Globally Defined Variables section,
add devAuthBoot GlobalVariable.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
5f391c6606 MdePkg: Add TCG PFP 1.06 support. 
Add support for
TCG PC Client Platform Firmware Profile Specification 1.06.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Wenxing Hou
338fd26b8f MdePkg: Add SPDM1.2 support. 
Update Spdm.h to support 1.2 new features, such as:
Authentication and measurement. It wil be used in DeviceSecurity.
The DeviceSecurity feature is from
TCG PC Client Platform Firmware Profile Specification 1.06.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-30 02:21:13 +00:00
Foster Nong
094727264f MdePkg: Add Cxl30.h into IndustryStandard 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4516

1) Add CXL 3.0 header file to comply with CXL 3.0 specification
2) CXL 3.0 header will embed Cxl20.h
3) Updated Cxl.h to point to 3.0 header file

Signed-off-by: Foster Nong <foster.nong@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Chris Li <chrisli@os.amperecomputing.com>
Acked-by: Liming Gao <gaoliming@byosoft.com.cn>
 2024-04-29 10:39:23 +00:00
Gua Guo
c0dfe3ec1f BaseTools/GetUtcDateTime.py: Python 3.12 support 
Ref to https://docs.python.org/3/whatsnew/3.12.html
utcnow() and utcfromtimestamp() are deprecated
Prevent use it cause build error.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
 2024-04-26 03:01:55 +00:00
Gerd Hoffmann
66c24219ad OvmfPkg/VirtHstiDxe: do not load driver in confidential guests 
The VirtHstiDxe does not work in confidential guests.  There also isn't
anything we can reasonably test, neither flash storage nor SMM mode will
be used in that case.  So just skip driver load when running in a
confidential guest.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Fixes: 506740982b ("OvmfPkg/VirtHstiDxe: add code flash check")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Srikanth Aithal <sraithal@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-25 00:55:20 +00:00
Michael Kubacki
90b6725562 Update to CodeQL 2.16.1 
Updates CodeQL to work with the latest queries. Includes functional
and security fixes within the CodeQL CLI binary.

For more information on release details see:

https://github.com/github/codeql-cli-binaries/releases

For changes between the previous version (2.14.5) and 2.16.1 see:

https://github.com/github/codeql-cli-binaries/compare/v2.14.5...v2.16.1

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com>
 2024-04-24 23:11:19 +00:00
Gua Guo
d97f964f7c BaseTools/Fmmt.py: Python 3.12 support 
Ref to https://docs.python.org/3/whatsnew/3.12.html
A backslash-character pair that is not a valid
escape sequence now generates

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
 2024-04-23 21:36:22 +00:00
Adam Dunlap
e3fa6986ae OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742) 
Ensure that when a #VC exception happens, the instruction at the
instruction pointer matches the instruction that is expected given the
error code. This is to mitigate the ahoi WeSee attack [1] that could
allow hypervisors to breach integrity and confidentiality of the
firmware by maliciously injecting interrupts. This change is a
translated version of a linux patch e3ef461af35a ("x86/sev: Harden #VC
instruction emulation somewhat")

[1] https://ahoi-attacks.github.io/wesee/

Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Adam Dunlap <acdunlap@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-04-23 17:29:55 +00:00
Gua Guo
86c8d69146 IntelFsp2Pkg/PatchFv.py: Python 3.12 support 
Ref to https://docs.python.org/3/whatsnew/3.12.html
A backslash-character pair that is not a valid
escape sequence now generates

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Ted Kuo <ted.kuo@intel.com>
Reviewed-by: Ashraf Ali S <ashraf.ali.s@intel.com>
Cc: Susovan Mohapatra <susovan.mohapatra@intel.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
 2024-04-22 22:57:07 +00:00
Gua Guo
680030a6ec IntelFsp2Pkg/GenCfgOpt.py: Python 3.12 support 
Ref to https://docs.python.org/3/whatsnew/3.12.html
A backslash-character pair that is not a valid
escape sequence now generates

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Duggapu Chinni B <chinni.b.duggapu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Ted Kuo <ted.kuo@intel.com>
Reviewed-by: Ashraf Ali S <ashraf.ali.s@intel.com>
Cc: Susovan Mohapatra <susovan.mohapatra@intel.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
 2024-04-22 22:57:07 +00:00
Ard Biesheuvel
7dd7b89058 ArmVirtPkg/ArmVirtQemu: always build XIP code with strict alignment 
The optimization that enabled entry with MMU and caches enabled at EL1
removed the strict alignment requirement for XIP code (roughly, any code
that might execute with the MMU and caches off, which means SEC and PEI
phase modules but also *all* BASE libraries), on the basis that QEMU can
only run guest payloads at EL2 in TCG emulation, which used to ignore
alignment violations, and execution at EL1 would always occur with the
MMU enabled.

This assumption no longer holds: not only does QEMU now enforce strict
alignment for memory accesses with device semantics, there are also
cases where this code might execute at EL2 under virtualization (i.e.,
under NV2 nested virtualization) where the strict alignment is required
too.

The latter case could be optimized too, by enabling VHE and pretending
execution is occurring at EL1, which would allow the existing logic for
entry with the MMU enabled to be reused. However, this would leave
non-VHE CPUs behind.

So in summary, strict alignment needs to be enforced for any code that
may execute with the MMU off, so drop the override that sets the XIP
flags to the empty string.

Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
 2024-04-22 13:05:21 +00:00
Gerd Hoffmann
f29160a896 OvmfPkg/VirtHstiDxe: add README.md 
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2024-04-22 13:05:21 +00:00
Gerd Hoffmann
506740982b OvmfPkg/VirtHstiDxe: add code flash check 
Detects qemu config issue: code pflash is writable.
Checked for both PC and Q35.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2024-04-22 13:05:21 +00:00
Gerd Hoffmann
ddc43e7a41 OvmfPkg/VirtHstiDxe: add varstore flash check 
Detects qemu config issue: vars pflash is not in secure mode (write
access restricted to smm).  Applies to Q35 with SMM only.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2024-04-22 13:05:21 +00:00
Konstantin Kostiuk
538b8944c1 OvmfPkg: Add VirtHstiDxe to OVMF firmware build 
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2024-04-22 13:05:21 +00:00
Konstantin Kostiuk
d0906f602b OvmfPkg: Add VirtHstiDxe driver 
The driver supports qemu machine types 'pc' and 'q35'.

This patch adds some helper functions to manage the bitmasks.
The implemented features depend on both OVMF build configuration
and qemu VM configuration.

For q35 a single security feature is supported and checked: In
SMM-enabled builds the driver will verify smram is properly locked.
That test should never fail.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Initial-patch-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2024-04-22 13:05:21 +00:00
Min M Xu
be92e09206 OvmfPkg/IntelTdx: Update TDVF README 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4756

There are below updates in this patch:
1. Rename README to README.md so that it can be show as markdown
   document.
2. Update some information about TDVF.
2. Fix some typo.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-22 02:53:53 +00:00