sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,443 Commits 13 Branches 33 Tags
c0bf953fe889f5a47fb830cec53a57bfa2380b4d
Commit Graph

2532 Commits

Author SHA1 Message Date
Tom Lendacky
069f9911a3 OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

When building the Page State Change entries for a range of memory, it can
happen that multiple calls to BuildPageStateBuffer() need to be made. If
the size of the input work area passed to BuildPageStateBuffer() exceeds
the number of entries that can be passed to the hypervisor using the GHCB
shared buffer, the Page State Change VMGEXIT support will issue multiple
VMGEXITs to process all entries in the buffer.

However, it could be that the final VMGEXIT for each round of Page State
Changes is only for a small number of entries and subsequent VMGEXITs may
still be issued to handle the full range of memory requested. To maximize
the number of entries processed during the Page State Change VMGEXIT,
limit BuildPageStateBuffer() to not build entries that exceed the maximum
number of entries that can be handled in a single Page State Change
VMGEXIT.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
 2024-04-17 18:30:03 +00:00
Tom Lendacky
2b330b57db OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.

Currently, the page state change logic directly uses the GHCB shared
buffer to build the page state change structures. However, this will be
in conflict with the use of the GHCB should an SVSM call be required.

Instead, use a separate buffer (an area in the workarea during SEC and
an allocated page during PEI/DXE) to hold the page state change request
and only update the GHCB shared buffer as needed.

Since the information is copied to, and operated on, in the GHCB shared
buffer this has the added benefit of not requiring to save the start and
end entries for use when validating the memory during the page state
change sequence.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-04-17 18:30:03 +00:00
Tom Lendacky
5fe9db0f82 OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

Calculate the amount of memory that can be use to build the Page State
Change data (SNP_PAGE_STATE_CHANGE_INFO) instead of using a hard-coded
size. This allows for changes to the GHCB shared buffer size without
having to make changes to the page state change code.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
 2024-04-17 18:30:03 +00:00
Tom Lendacky
6b14ef6b28 OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

In prep for follow-on patches, fix an area of the code that does not meet
the uncrustify coding standards.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
 2024-04-17 18:30:03 +00:00
Tom Lendacky
4bd3b5ab13 OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an SVSM.

After retrieving the APIC IDs, save the address of the APIC ID data
structure in a GUIDed HOB.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
 2024-04-17 18:30:03 +00:00
Tom Lendacky
c212fec9cf OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The AsmRmpAdjust() function returns a UINT32, however in SevSnpIsVmpl0()
the return value is checked with EFI_ERROR() when it should just be
compared to 0. Fix the error check.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
 2024-04-17 18:30:03 +00:00
Min M Xu
93fac4fd7b OvmfPkg: Update TdTcg2Dxe path in OvmfPkgX64 and IntelTdxX64.dsc 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

Previously the TdTcg2Dxe and its corresponding HashLibTdx were in
SecurityPkg. This patch updates the paths in OvmfPkgX64.dsc and
IntelTdxX64.dsc after TdTcg2Dxe and HashLibTdxLib have been moved to
OvmfPkg.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-17 03:04:13 +00:00
Min M Xu
c98fbda328 OvmfPkg/TdTcg2Dxe: Add TdTcg2Dxe 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

This library is the one of SecurityPkg/Tcg/TdTcg2Dxe. It is
designed for Intel TDX enlightened OVMF. So moving it from SecurityPkg
to OvmfPkg. To prevent breaking the build, the moving is splitted into 2
patch. SecurityPkg/Tcg/TdTcg2Dxe will be deleted in the next patch.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-17 03:04:13 +00:00
Min M Xu
93ff80a218 OmvfPkg/HashLibTdx: Add HashLibTdx 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

This library is the one of SecurityPkg/Library/HashLibTdx. It is
designed for Intel TDX enlightened OVMF. So moving it from SecurityPkg
to OvmfPkg. To prevent breaking the build, the moving is splitted into 2
patch. SecurityPkg/Library/HashLibTdx will be deleted in the next patch.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2024-04-17 03:04:13 +00:00
Tuan Phan
b7f8779fe1 OvmfPkg/RiscVVirt: Disable Svpbmt extension 
Disable Svpbmt extension as QEMU not enables it in default config.

Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sunil V L <sunilvl@ventanamicro.com>
Signed-off-by: Tuan Phan <tphan@ventanamicro.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
 2024-04-08 05:43:59 +00:00
Ceping Sun
35f6a2780e OvmfPkg/TdxDxe: Clear the registers before tdcall 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696

Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.
And TDVF should clear the regitsers to avoid leaking secrets to VMM.

Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
 2024-03-19 09:42:06 +00:00
Ceping Sun
a1a6da80aa OvmfPkg/CcExitLib: Update TDVMCALL_EXPOSE_REGS_MASK 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4696

Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask.

Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.5
https://cdrdv2.intel.com/v1/dl/getContent/726792

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
 2024-03-19 09:42:06 +00:00
Laszlo Ersek
524feaa32f OvmfPkg/RiscVVirt/Sec: clean up ProcessLibraryConstructorList() decl 
<Library/PeimEntryPoint.h> declares a bogus
ProcessLibraryConstructorList() for the OvmfPkg/RiscVVirt SEC module. Rely
on AutoGen for (properly) declaring ProcessLibraryConstructorList().
Remove the correct, but superfluous, declaration as well.

Build-tested with:

  build -a RISCV64 -b DEBUG -m OvmfPkg/RiscVVirt/Sec/SecMain.inf \
    -p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc -t GCC5

Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sunil V L <sunilvl@ventanamicro.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=990
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240305113843.68812-5-lersek@redhat.com>
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-03-08 09:09:22 +00:00
Laszlo Ersek
9f9bf82209 OvmfPkg/IntelTdx: auto-gen & fix SEC ProcessLibraryConstructorList() decl 
<Library/PeimEntryPoint.h> declares a bogus
ProcessLibraryConstructorList() for IntelTdx's SEC module. Rely on AutoGen
for (properly) declaring ProcessLibraryConstructorList(). Update the call.

Build-tested with:

  build -a X64 -b DEBUG -m OvmfPkg/IntelTdx/Sec/SecMain.inf \
    -p OvmfPkg/IntelTdx/IntelTdxX64.dsc -t GCC5

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=990
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240305113843.68812-4-lersek@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-03-08 09:09:22 +00:00
Laszlo Ersek
1fbc121cfe OvmfPkg: auto-generate (and fix) SEC ProcessLibraryConstructorList() decl 
<Library/PeimEntryPoint.h> declares a bogus
ProcessLibraryConstructorList() for OVMF's SEC module. Rely on AutoGen for
(properly) declaring ProcessLibraryConstructorList(). Update the call.

Build-tested with:

  build -a X64 -b DEBUG -m OvmfPkg/Sec/SecMain.inf \
    -p OvmfPkg/OvmfPkgX64.dsc -t GCC5

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=990
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4643
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240305113843.68812-3-lersek@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
 2024-03-08 09:09:22 +00:00
Lee, Chun-Yi
2a0d4a2641 OvmfPkg/SmbiosPlatformDxe: tweak fallback release date again 
In case PcdFirmwareReleaseDateString is not set use a valid date
as fallback. But the default valid date can _NOT_ pass the Microsoft
SVVP test "Check SMBIOS Table Specific Requirements". The test emitted
the error message:

BIOS Release Date string is unexpected length: 8. This string must be in
MM/DD/YYYY format. No other format is allowed and no additional information
may be included. See field description in the SMBIOS specification.

Base on SMBIOS spec v3.7.0:

08h     2.0+    BIOS Release Date       BYTE    STRING
String number of the BIOS release date. The date
string, if supplied, is in either mm/dd/yy or
mm/dd/yyyy format. If the year portion of the string
is two digits, the year is assumed to be 19yy.
NOTE: The mm/dd/yyyy format is required for SMBIOS
version 2.3 and later.

So, let's tweek the fallback release date again.

Fixes: a0f9628705 ("OvmfPkg/SmbiosPlatformDxe: tweak fallback release date") [edk2-stable202305~327]
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
Message-Id: <20240204092914.29813-1-jlee@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Pawel Polawski <ppolawsk@redhat.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Ruifeng Gao <ruifeng.gao@intel.com>
Cc: "Lee, Chun-Yi" <jlee@suse.com>
[lersek@redhat.com: Turn the CC's from the list posting to commit message
 body tags, for placating "PatchCheck.py". Also work the
 "ruifeng.gao@intel.com" email address into a format that "PatchCheck.py"
 accepts.]
 2024-03-05 08:49:19 +00:00
Gerd Hoffmann
275d0a39c4 OvmfPkg/ResetVector: wire up 5-level paging for TDX 
BSP workflow is quite simliar to the non-coco case.

TDX_WORK_AREA_PGTBL_READY is used to record the paging mode:
  1 == 4-level paging
  2 == 5-level paging

APs will look at TDX_WORK_AREA_PGTBL_READY to figure whenever
they should enable 5-level paging or not.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20240301074402.98625-9-kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
[lersek@redhat.com: move "CheckForSev:" label into "%if PG_5_LEVEL" scope,
 as discussed with Gerd]
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
318b0d714a OvmfPkg/ResetVector: print post codes for 4/5 level paging 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240301074402.98625-8-kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
49b7faba1d OvmfPkg/ResetVector: add 5-level paging support 
Add macros to check for 5-level paging and gigabyte page support.
Enable 5-level paging for the non-confidential-computing case.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20240301074402.98625-7-kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
e3bd782373 OvmfPkg/ResetVector: split SEV and non-CoCo workflows 
Use separate control flows for SEV and non-CoCo cases.

SevClearPageEncMaskForGhcbPage and GetSevCBitMaskAbove31 will now only
be called when running in SEV mode, so the SEV check in these functions
is not needed any more.

No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240301074402.98625-6-kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
b7a97bfac5 OvmfPkg/ResetVector: split TDX BSP workflow 
Create a separate control flow for TDX BSP.

TdxPostBuildPageTables will now only be called when running in TDX
mode, so the TDX check in that function is not needed any more.

No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240301074402.98625-5-kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
4329b5b0cd OvmfPkg/ResetVector: add CreatePageTables4Level macro 
Move code to create 4-level page tables to a nasm macro.
No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240301074402.98625-4-kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
52e44713d2 OvmfPkg/ResetVector: add ClearOvmfPageTables macro 
Move code to clear the page tables to a nasm macro.
No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240301074402.98625-3-kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
fded08e744 OvmfPkg/ResetVector: improve page table flag names 
Add comments, rename some of the PAGE_* flags and combined attributes.
Specifically use "LARGEPAGE" instead of "2M" because that bit is used
for both 2M and 1G large pages.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240301074402.98625-2-kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-03-01 18:47:27 +00:00
Gerd Hoffmann
adebfe121c OvmfPkg/PlatformInitLib: add 5-level paging support 
Adjust physical address space logic for la57 mode (5-level paging).
With a larger logical address space we can identity-map a larger
physical address space.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Message-Id: <20240222105407.75735-4-kraxel@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Oliver Steffen <osteffen@redhat.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
[lersek@redhat.com: turn the "Cc:" message headers from Gerd's on-list
 posting into "Cc:" tags in the commit message, in order to pacify
 "PatchCheck.py"]
 2024-02-29 09:56:38 +00:00
Gerd Hoffmann
aceb3490a2 OvmfPkg/PlatformPei: log pei memory cap details 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20240214104504.2931339-5-kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 2024-02-27 13:29:25 +00:00
Gerd Hoffmann
3ad1d7eb7b OvmfPkg/PlatformPei: rewrite page table calculation 
Consider 5-level paging.  Simplify calculation to make it easier
to understand.  Add some comments, improve ASSERTs.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240214104504.2931339-4-kraxel@redhat.com>
 2024-02-27 13:29:25 +00:00
Gerd Hoffmann
8757e648d1 OvmfPkg/PlatformPei: consider AP stacks for pei memory cap 
Needed to avoid running out of memory when booting
with a large (~2048) number of vcpus.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240214104504.2931339-3-kraxel@redhat.com>
 2024-02-27 13:29:25 +00:00
Gerd Hoffmann
9d32a02a72 OvmfPkg/PlatformPei: log a warning when memory is tight 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20240214104504.2931339-2-kraxel@redhat.com>
 2024-02-27 13:29:25 +00:00
Gerd Hoffmann
f881b4d129 OvmfPkg: only add shell to FV in case secure boot is disabled 
The EFI Shell allows to bypass secure boot, do not allow
to include the shell in the firmware images of secure boot
enabled builds.

This prevents misconfigured downstream builds.

Ref: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=4641
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-13-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
bc982869dd OvmfPkg/CI: copy shell to virtual drive 
Place the EFI shell as EFI/BOOT/BOOT{ARCH}.EFI on the virtual drive.
This allows the "run to shell" CI test case to work even in case the
shell is not included in the firmware image.

This is needed because an followup patch will exclude the shell from
secure boot enabled firmware images.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-12-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
8d7c48e0e7 OvmfPkg: switch MicrovmX64 to new shell include files 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-11-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
6bb39cfd00 OvmfPkg: switch IntelTdxX64 to new shell include files 
Note that IntelTdxX64 is compiled without network support, so thanks to
the network conditionals in the include files the build result (network
shell commands excluded) should be identical before and after the patch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-10-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
a7a0443751 OvmfPkg: switch AmdSevX64 to new shell include files 
Note that AmdSevX64 is compiled without network support, so thanks to
the network conditionals in the include files the build result (network
shell commands excluded) should be identical before and after the patch.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-9-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
796e1b82df OvmfPkg: switch OvmfPkgIa32X64 to new shell include files 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-8-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
65200edb3a OvmfPkg: switch OvmfPkgIa32 to new shell include files 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-7-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
bda5b4a6cf OvmfPkg: ShellDxe.fdf.inc: add VariablePolicyDynamicCommand to FV 
Needed to make the new 'varpolicy' EFI shell command
actually available in the OVMF firmware builds.

Fixes: fe6cd1c187 ("OvmfPkg: Add varpolicy shell command")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-6-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
7f17a15564 OvmfPkg: Shell*.inc: allow building without network support 
Add NETWORK_ENABLE conditionals for the components
which need network support.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-5-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
b25f84d7b3 OvmfPkg: add ShellDxe.fdf.inc 
Move EFI Shell firmware volume files to
the new ShellDxe.fdf.inc file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-4-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
efca2c6cfc OvmfPkg: add ShellLibs.dsc.inc 
Move EFI Shell libraries from OvmfPkgX64.dsc to
the new ShellComponents.dsc.inc include file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-3-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Gerd Hoffmann
2cb466cc2c OvmfPkg: add ShellComponents.dsc.inc 
Move EFI Shell components from OvmfPkgX64.dsc to
the new ShellComponents.dsc.inc include file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20240222101358.67818-2-kraxel@redhat.com>
 2024-02-25 17:38:07 +00:00
Suqiang Ren
8801c75b4d OvmfPkg: Align XenRealTimeClockLib function headers with return values 
XenRealTimeClockLib is used to back the runtime services time functions,
so align the description of the function return values with the
defined values for these services as described in UEFI Spec 2.10.

REF: UEFI spec 2.10 section 8 Services ? Runtime Services

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Suqiang Ren <suqiangx.ren@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
 2024-02-09 22:16:32 +00:00
Chao Li
62b43ec896 ArmVirtPkg: Move PlatformBootManagerLib to OvmfPkg 
Moved the PlatformBootManagerLib to OvmfPkg and renamed to
PlatformBootManagerLibLight for easy use by other ARCH.

Build-tested only (with "ArmVirtQemu.dsc and OvmfPkgX64.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4663

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Lazlo Ersek <lersek@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 2024-02-06 23:51:47 +08:00
Chao Li
6bbce86d21 ArmVirtPkg: Move two PCD variables into OvmfPkg 
Move the PcdTerminalTypeGuidBuffer and PcdUninstallMemAttrProtocol into
OvmfPkg so other ARCH can easily use it.

Build-tested only (with "ArmVirtQemu.dsc and OvmfPkgX64.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 2024-02-06 23:51:47 +08:00
Chao Li
0cca97e0a8 ArmVirtPkg: Move the FdtSerialPortAddressLib to OvmfPkg 
Move the FdtSerialPortAddressLib to Ovmfpkg so that other ARCH can
easily use it.

Build-tested only (with "ArmVirtQemu.dsc and OvmfPkgX64.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 2024-02-06 23:51:47 +08:00
Chao Li
5a3788bfca OvmfPkg/RiscVVirt: Remove PciCpuIo2Dxe from RiscVVirt 
CpuIo2Dxe is already used by RiscVVirt, so remove it.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584

Cc: Sunil V L <sunilvl@ventanamicro.com>
Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
 2024-02-06 23:51:47 +08:00
Chao Li
010f7298ce OvmfPkg/RiscVVirt: Enable CpuMmio2Dxe 
CpuMmio2Dxe is supports MMIO, enable it.

Build-tested only (with "RiscVVirtQemu.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584

Cc: Sunil V L <sunilvl@ventanamicro.com>
Cc: Andrei Warkentin <andrei.warkentin@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
 2024-02-06 23:51:47 +08:00
Chao Li
54c2cdb241 ArmVirtPkg: Move PCD of FDT base address and FDT padding to OvmfPkg 
Moved PcdDeviceTreeInitialBaseAddress and PcdDeviceTreeAllocationPadding
to OvmfPkg for easier use by other architectures.

Build-tested only (with "ArmVirtQemu.dsc").

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4584

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 2024-02-06 23:51:47 +08:00
Tom Lendacky
cd6f215223 OvmfPkg/ResetVector: Fix SNP CPUID table processing results for ECX/EDX 
The current support within the boot SNP CPUID table processing mistakenly
swaps the ECX and EDX results. It does not have an effect at this time
because current CPUID results checking does not check ECX or EDX. However,
any future CPUID checks that need to check ECX or EDX may have erroneous
behavior.

Fix the assembler code to save ECX and EDX to the proper locations.

Fixes: 34819f2cac ("OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Michael Roth <michael.roth@amd.com>
 2024-02-03 17:42:54 +00:00
Tom Lendacky
97c3f5b8d2 OvmfPkg/IoMmuDxe: Provide an implementation for SetAttribute 
A recent change to the PciIoMap() function now propagates the return code
from the IoMmu protocol SetAttribute() operation. The implementation of
this operation in OvmfPkg/IoMmuDxe/CcIoMmu.c returns EFI_UNSUPPORTED,
resulting in a failure to boot the guest.

Provide an implementation for SetAttribute() that validates the IoMmu
access method being requested against the IoMmu mapping operation.

Suggested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <c0f9e95f557b601a045da015c1a97201e8aec2ab.1706634932.git.thomas.lendacky@amd.com>
Tested-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
 2024-01-31 13:08:29 +00:00