sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e8f28b09e63dfdbb4169969a43c65f86c44b035a
system76-edk2/OvmfPkg/SmmAccess/SmmAccess2Dxe.inf
Laszlo Ersek 9108fc17b0 OvmfPkg/SmmAccess: close and lock SMRAM at default SMBASE 
During normal boot, when EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is installed
by platform BDS, the SMM IPL locks SMRAM (TSEG) through
EFI_SMM_ACCESS2_PROTOCOL.Lock(). See SmmIplReadyToLockEventNotify() in
"MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c".

During S3 resume, S3Resume2Pei locks SMRAM (TSEG) through
PEI_SMM_ACCESS_PPI.Lock(), before executing the boot script. See
S3ResumeExecuteBootScript() in
"UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume.c".

Those are precisely the places where the SMRAM at the default SMBASE
should be locked too. Add such an action to SmramAccessLock().

Notes:

- The SMRAM at the default SMBASE doesn't support the "closed and
  unlocked" state (and so it can't be closed without locking it, and it
  cannot be opened after closing it).

- The SMRAM at the default SMBASE isn't (and shouldn't) be exposed with
  another EFI_SMRAM_DESCRIPTOR in the GetCapabilities() members of
  EFI_SMM_ACCESS2_PROTOCOL / PEI_SMM_ACCESS_PPI. That's because the SMRAM
  in question is not "general purpose"; it's only QEMU's solution to
  protect the initial SMI handler from the OS, when a VCPU is hot-plugged.

  Consequently, the state of the SMRAM at the default SMBASE is not
  reflected in the "OpenState" / "LockState" fields of the protocol and
  PPI.

- An alternative to extending SmramAccessLock() would be to register an
  EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL notify in SmmAccess2Dxe (for locking
  at normal boot), and an EDKII_S3_SMM_INIT_DONE_GUID PPI notify in
  SmmAccessPei (for locking at S3 resume).

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1512
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Message-Id: <20200129214412.2361-10-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2020-02-05 12:59:32 +00:00

57 lines
1.3 KiB
INI
Raw Blame History

## @file
# A DXE_DRIVER providing SMRAM access by producing EFI_SMM_ACCESS2_PROTOCOL.
#
# Q35 TSEG is expected to have been verified and set up by the SmmAccessPei
# driver.
#
# Copyright (C) 2013, 2015, Red Hat, Inc.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SmmAccess2Dxe
FILE_GUID = AC95AD3D-4366-44BF-9A62-E4B29D7A2206
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
PI_SPECIFICATION_VERSION = 0x00010400
ENTRY_POINT = SmmAccess2DxeEntryPoint
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
SmmAccess2Dxe.c
SmramInternal.c
SmramInternal.h
[Packages]
MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
OvmfPkg/OvmfPkg.dec
[LibraryClasses]
DebugLib
PcdLib
PciLib
UefiBootServicesTableLib
UefiDriverEntryPoint
[Protocols]
gEfiSmmAccess2ProtocolGuid ## PRODUCES
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase
gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes
[Depex]
TRUE
Reference in New Issue View Git Blame Copy Permalink