Date   

Re: [PATCH v3 6/6] OvmfPkg IA32: add support for loading X64 images

Ard Biesheuvel
 

On Wed, 26 Feb 2020 at 21:32, Brian J. Johnson <brian.johnson@hpe.com> wrote:

On 2/26/20 1:43 PM, Ard Biesheuvel wrote:
This is the UEFI counterpart to my Linux series which generalizes
mixed mode support into a feature that requires very little internal
knowledge about the architecture specifics of booting Linux on the
part of the bootloader or firmware.

Instead, we add a .compat PE/COFF header containing an array of
PE_COMPAT nodes containing <machine type, entrypoint> tuples that
describe alternate entrypoints into the image for different native
machine types, e.g., IA-32 in a 64-bit image so it can be booted
from IA-32 firmware.

This patch implements the PE/COFF emulator protocol to take this new
section into account, so that such images can simply be loaded via
LoadImage/StartImage, e.g., straight from the shell.

This feature is based on the EDK2 specific PE/COFF emulator protocol
that was introduced in commit 57df17fe26cd ("MdeModulePkg/DxeCore:
invoke the emulator protocol for foreign images", 2019-04-14).

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c | 139 ++++++++++++++++++++
OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf | 36 +++++
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32.fdf | 4 +
4 files changed, 184 insertions(+)

diff --git a/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c
new file mode 100644
index 000000000000..6dc07f467752
--- /dev/null
+++ b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c
@@ -0,0 +1,139 @@
+/** @file
+ * PE/COFF emulator protocol implementation to start Linux kernel
+ * images from non-native firmware
+ *
+ * Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause-Patent
+ *
+ */
+
+#include <PiDxe.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeCoffLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+#include <Protocol/PeCoffImageEmulator.h>
+
+#pragma pack (1)
+typedef struct {
+ UINT8 Type;
+ UINT8 Size;
+ UINT16 MachineType;
+ UINT32 EntryPoint;
+} PE_COMPAT_TYPE1;
+#pragma pack ()
+
+STATIC
+BOOLEAN
+EFIAPI
+IsImageSupported (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN UINT16 ImageType,
+ IN EFI_DEVICE_PATH_PROTOCOL *DevicePath OPTIONAL
+ )
+{
+ return ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION;
+}
+
+STATIC
+EFI_IMAGE_ENTRY_POINT
+EFIAPI
+GetCompatEntryPoint (
+ IN EFI_PHYSICAL_ADDRESS ImageBase
+ )
+{
+ EFI_IMAGE_DOS_HEADER *DosHdr;
+ UINTN PeCoffHeaderOffset;
+ EFI_IMAGE_NT_HEADERS32 *Pe32;
+ EFI_IMAGE_SECTION_HEADER *Section;
+ UINTN NumberOfSections;
+ PE_COMPAT_TYPE1 *PeCompat;
+
+ DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageBase;
+ if (DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) {
+ return NULL;
+ }
+
+ PeCoffHeaderOffset = DosHdr->e_lfanew;
+ Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINTN)ImageBase + PeCoffHeaderOffset);
+
+ Section = (EFI_IMAGE_SECTION_HEADER *)((UINTN)&Pe32->OptionalHeader +
+ Pe32->FileHeader.SizeOfOptionalHeader);
+ NumberOfSections = (UINTN)Pe32->FileHeader.NumberOfSections;
+
+ while (NumberOfSections--) {
+ if (!CompareMem (Section->Name, ".compat", sizeof (Section->Name))) {
+ //
+ // Dereference the section contents to find the mixed mode entry point
+ //
+ PeCompat = (PE_COMPAT_TYPE1 *)((UINTN)ImageBase + Section->VirtualAddress);
+
+ while (PeCompat->Type != 0) {
+ if (PeCompat->Type == 1 &&
+ PeCompat->Size >= sizeof (PE_COMPAT_TYPE1) &&
+ EFI_IMAGE_MACHINE_TYPE_SUPPORTED (PeCompat->MachineType)) {
+
+ return (EFI_IMAGE_ENTRY_POINT)((UINTN)ImageBase + PeCompat->EntryPoint);
+ }
+ PeCompat = (PE_COMPAT_TYPE1 *)((UINTN)PeCompat + PeCompat->Size);
+ }
Ard,

Cool patch series!
Thanks!

I'm not an official reviewer, but I'd feel better about this patch if
you added a condition to exit the "while (PeCompat->Type != 0)" loop if
PeCompat ever gets pointed outside of the section. Otherwise a
malformed or corrupted .compat section could send you off dereferencing
anything at all.
Good point, I'll look into that.

Similarly, it wouldn't hurt to sanity check the header fields, such as
e_lfanew, OptionalHeader, SizeOfOptionalHeader, and NumberOfSections (or
at least verify that all pointers you calculate from them point within
the overall image. Or has that already been done by the PeCoff loader
by the time this code is called?
At this point, we should be able to rely on the LoadImage() boot
service to have sanity checked the headers, since we also have to rely
on the section having been copied into memory at the correct address.


+ }
+ Section++;
+ }
+ return NULL;
+}
+
+STATIC
+EFI_STATUS
+EFIAPI
+RegisterImage (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS ImageBase,
+ IN UINT64 ImageSize,
+ IN OUT EFI_IMAGE_ENTRY_POINT *EntryPoint
+ )
+{
+ EFI_IMAGE_ENTRY_POINT CompatEntryPoint;
+
+ CompatEntryPoint = GetCompatEntryPoint (ImageBase);
+ if (CompatEntryPoint == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ *EntryPoint = CompatEntryPoint;
+ return EFI_SUCCESS;
+}
+
+STATIC
+EFI_STATUS
+EFIAPI
+UnregisterImage (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS ImageBase
+ )
+{
+ return EFI_SUCCESS;
+}
+
+STATIC EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL mCompatLoaderPeCoffEmuProtocol = {
+ IsImageSupported,
+ RegisterImage,
+ UnregisterImage,
+ EDKII_PECOFF_IMAGE_EMULATOR_VERSION,
+ EFI_IMAGE_MACHINE_X64
+};
+
+EFI_STATUS
+EFIAPI
+CompatImageLoaderDxeEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return gBS->InstallProtocolInterface (&ImageHandle,
+ &gEdkiiPeCoffImageEmulatorProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &mCompatLoaderPeCoffEmuProtocol);
+}
diff --git a/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
new file mode 100644
index 000000000000..82369384fbe6
--- /dev/null
+++ b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
@@ -0,0 +1,36 @@
+## @file
+# PE/COFF emulator protocol implementation to start Linux kernel
+# images from non-native firmware
+#
+# Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.27
+ BASE_NAME = CompatImageLoaderDxe
+ FILE_GUID = 1019f54a-2560-41b2-87b0-6750b98f3eff
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = CompatImageLoaderDxeEntryPoint
+
+[Sources]
+ CompatImageLoaderDxe.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ BaseMemoryLib
+ PeCoffLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+
+[Protocols]
+ gEdkiiPeCoffImageEmulatorProtocolGuid ## PRODUCES
+
+[Depex]
+ TRUE
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 76e52a3de120..8d91903f8b4e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -33,6 +33,7 @@ [Defines]
DEFINE SOURCE_DEBUG_ENABLE = FALSE
DEFINE TPM2_ENABLE = FALSE
DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE

#
# Network definition
@@ -932,3 +933,7 @@ [Components]
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
+
+!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
+ OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
+!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index b6cd5da4f2b3..ff8d80859fb9 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -354,6 +354,10 @@ [FV.DXEFV]
!endif
!endif

+!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
+INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
+!endif
+
################################################################################

[FV.FVMAIN_COMPACT]

--

Brian

--------------------------------------------------------------------

"I don't believe personal letters sent bulk rate."
-- me


Re: [PATCH 12/16] OvmfPkg/CpuHotplugSmm: introduce First SMI Handler for hot-added CPUs

Laszlo Ersek
 

On 02/24/20 10:10, Laszlo Ersek wrote:

Overnight I managed to think up an attack, from the OS, against the
"SmmVacated" byte (the last byte of the reserved page, i.e. the last
byte of the Post-SMM Pen).

Here's how:

There are three CPUs being hotplugged in one SMI, CPU#1..CPU#3. The OS
boots them all before raising the SMI (i.e. before it allows the ACPI
GPE handler to take effect). After the first CPU (let's say CPU#1)
returns to the OS via the RSM, the OS uses it (=CPU#1) to attack
"SmmVacated", writing 1 to it in a loop.

Meanwhile CPU#2 and CPU#3 are still in SMM; let's say CPU#2 is
relocating SMBASE, while CPU#3 is spinning on the APIC ID gate. And the
SMM Monarch (CPU#0) is waiting for CPU#2 to report back in through
"SmmVacated", from the Post-SMM Pen.

Now, the OS writes 1 to "SmmVacated" early, pretending to be CPU#2. This
causes the SMM Monarch (CPU#0) to open the APIC ID gate for CPU#3 before
CPU#2 actually reaches the RSM. This may cause CPU#2 and CPU#3 to both
reach RSM with the same SMBASE value.

So why did I think to put SmmVacated in normal RAM (in the Post-SMM Pen
reserved page?) Because in the following message:

http://mid.mail-archive.com/20191004160948.72097f6c@redhat.com
(alt. link: <https://edk2.groups.io/g/devel/message/48475>)

Igor showed that putting "SmmVacated" in SMRAM is racy, even without a
malicious OS. The problem is that there is no way to flip a byte in
SMRAM *atomically* with RSM. So the CPU that has just completed SMBASE
relocation can only flip the byte before RSM (in SMRAM) or after RSM (in
normal RAM). In the latter case, the OS can attack SmmVacated -- but in
the former case, we get the same race *without* any OS involvement
(because the CPU just about to leave SMM via RSM actively allows the SMM
Monarch to ungate the relocation code for a different CPU).

So I don't think there's a 100% safe & secure way to do this. One thing
we could try -- I could update the code -- is to *combine* both
approaches; use two "SmmVacated" flags: one in SMRAM, set to 1 just
before the RSM instruction, and the other one in normal RAM (reserved
page) that this patch set already introduces. The normal RAM flag would
avoid the race completely for benign OSes (like the present patchset
already does), and the SMRAM flag would keep the racy window to a single
instruction when the OS is malicious and the normal RAM flag cannot be
trusted.
I've implemented and tested this "combined" approach.

Thanks
Laszlo


I'd appreciate feedback on this; I don't know how in physical firmware,
the initial SMI handler for hot-added CPUs deals with the same problem.

I guess on physical platforms, the platform manual could simply say,
"only hot-plug CPUs one by one". That eliminates the whole problem. In
such a case, we could safely stick with the current patchset, too.

--*--

BTW, I did try hot-plugging multiple CPUs at once, with libvirt:

virsh setvcpu ovmf.fedora.q35 1,3 --enable --live

error: Operation not supported: only one hotpluggable entity can be
selected
I think this is because it would require multiple "device-add" commands
to be sent at the same time over the QMP monitor -- and that's something
that QEMU doesn't support. (Put alternatively, "device-add" does not
take a list of objects to create.) In that regard, the problem described
above is academic, because QEMU already seems like a platform that can
only hotplug one CPU at a time. In that sense, using APIC ID *arrays*
and *loops* per hotplug SMI is not really needed; I did that because we
had discussed this feature in terms of multiple CPUs from the beginning,
and because QEMU's ACPI GPE handler (the CSCN AML method) also loops
over multiple processors.

Again, comments would be most welcome... I wouldn't like to complicate
the SMI handler if it's not absolutely necessary.


Re: [PATCH 0/2] UefiCpuPkg/Library: Fix bug in MpInitLib

Duran, Leo <leo.duran@...>
 

-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, February 26, 2020 12:45 PM
To: Duran, Leo <leo.duran@amd.com>; Ni, Ray <ray.ni@intel.com>;
devel@edk2.groups.io; Wu, Hao A <hao.a.wu@intel.com>; Fu, Siyuan
<siyuan.fu@intel.com>
Cc: Dong, Eric <eric.dong@intel.com>
Subject: Re: [edk2-devel] [PATCH 0/2] UefiCpuPkg/Library: Fix bug in
MpInitLib

On 02/26/20 17:39, Duran, Leo wrote:


-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]
Sent: Wednesday, February 26, 2020 11:21 AM
To: Duran, Leo <leo.duran@amd.com>; Ni, Ray <ray.ni@intel.com>;
devel@edk2.groups.io; Wu, Hao A <hao.a.wu@intel.com>; Fu, Siyuan
<siyuan.fu@intel.com>
Cc: Dong, Eric <eric.dong@intel.com>
Subject: Re: [edk2-devel] [PATCH 0/2] UefiCpuPkg/Library: Fix bug in
MpInitLib

On 02/26/20 16:46, Duran, Leo wrote:
BTW,

I also considered adding a flag to CPU_MP_DATA to make the usage of
PlatformId a bit more explicit.
E.g., something like CpuMpData-
CpuData[ProcessorNumber].IsValidPlatformId... So the init code would
look
like this:

//
// NOTE: PlatformId is not relevant on AMD platforms.
//
if (StandardSignatureIsAuthenticAMD ()) {
CpuMpData->CpuData[ProcessorNumber].IsValidPlatformId = FALSE;
else {
PlatformIdMsr.Uint64 = AsmReadMsr64 (MSR_IA32_PLATFORM_ID);
CpuMpData->CpuData[ProcessorNumber].PlatformId =
(UINT8)PlatformIdMsr.Bits.PlatformId;
CpuMpData->CpuData[ProcessorNumber].IsValidPlatformId = TRUE;
}

This way "IsValidPlatformId" could be checked prior to using "PlatformId".
Anyway, that seemed a bit overkill, so I opted against it... thoughts?
I think a global flag is justified; in the above approach, "IsValidPlatformId"
would not vary across "ProcessorNumber", so it does look like useless
generality.
[Duran, Leo]
Great point, Laszlo.
Indeed, global makes senses in the case!
I can prepare a v2-set to incorporate that.
No, sorry, that wasn't what I meant. I didn't try to suggest a global variable.
Instead, I meant that a "global check" (conceptually, i.e.
regardless of particular processor number) made sense.

I'm also not particularly *against* a global variable. In other words, I didn't try
to comment on using a global variable *at all*.

Using a global variable might as well work, I just feel that your current patches
are good enough.
[Duran, Leo]
Great... I hear you.
Then, I'd prefer not refactoring further at this point.... I hope Ray & Eric agree.

Thanks for your feedback!
Leo.


Thanks
Laszlo


Re: [PATCH v3 6/6] OvmfPkg IA32: add support for loading X64 images

Brian J. Johnson
 

On 2/26/20 1:43 PM, Ard Biesheuvel wrote:
This is the UEFI counterpart to my Linux series which generalizes
mixed mode support into a feature that requires very little internal
knowledge about the architecture specifics of booting Linux on the
part of the bootloader or firmware.
Instead, we add a .compat PE/COFF header containing an array of
PE_COMPAT nodes containing <machine type, entrypoint> tuples that
describe alternate entrypoints into the image for different native
machine types, e.g., IA-32 in a 64-bit image so it can be booted
from IA-32 firmware.
This patch implements the PE/COFF emulator protocol to take this new
section into account, so that such images can simply be loaded via
LoadImage/StartImage, e.g., straight from the shell.
This feature is based on the EDK2 specific PE/COFF emulator protocol
that was introduced in commit 57df17fe26cd ("MdeModulePkg/DxeCore:
invoke the emulator protocol for foreign images", 2019-04-14).
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c | 139 ++++++++++++++++++++
OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf | 36 +++++
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32.fdf | 4 +
4 files changed, 184 insertions(+)
diff --git a/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c
new file mode 100644
index 000000000000..6dc07f467752
--- /dev/null
+++ b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c
@@ -0,0 +1,139 @@
+/** @file
+ * PE/COFF emulator protocol implementation to start Linux kernel
+ * images from non-native firmware
+ *
+ * Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause-Patent
+ *
+ */
+
+#include <PiDxe.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeCoffLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+#include <Protocol/PeCoffImageEmulator.h>
+
+#pragma pack (1)
+typedef struct {
+ UINT8 Type;
+ UINT8 Size;
+ UINT16 MachineType;
+ UINT32 EntryPoint;
+} PE_COMPAT_TYPE1;
+#pragma pack ()
+
+STATIC
+BOOLEAN
+EFIAPI
+IsImageSupported (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN UINT16 ImageType,
+ IN EFI_DEVICE_PATH_PROTOCOL *DevicePath OPTIONAL
+ )
+{
+ return ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION;
+}
+
+STATIC
+EFI_IMAGE_ENTRY_POINT
+EFIAPI
+GetCompatEntryPoint (
+ IN EFI_PHYSICAL_ADDRESS ImageBase
+ )
+{
+ EFI_IMAGE_DOS_HEADER *DosHdr;
+ UINTN PeCoffHeaderOffset;
+ EFI_IMAGE_NT_HEADERS32 *Pe32;
+ EFI_IMAGE_SECTION_HEADER *Section;
+ UINTN NumberOfSections;
+ PE_COMPAT_TYPE1 *PeCompat;
+
+ DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageBase;
+ if (DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) {
+ return NULL;
+ }
+
+ PeCoffHeaderOffset = DosHdr->e_lfanew;
+ Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINTN)ImageBase + PeCoffHeaderOffset);
+
+ Section = (EFI_IMAGE_SECTION_HEADER *)((UINTN)&Pe32->OptionalHeader +
+ Pe32->FileHeader.SizeOfOptionalHeader);
+ NumberOfSections = (UINTN)Pe32->FileHeader.NumberOfSections;
+
+ while (NumberOfSections--) {
+ if (!CompareMem (Section->Name, ".compat", sizeof (Section->Name))) {
+ //
+ // Dereference the section contents to find the mixed mode entry point
+ //
+ PeCompat = (PE_COMPAT_TYPE1 *)((UINTN)ImageBase + Section->VirtualAddress);
+
+ while (PeCompat->Type != 0) {
+ if (PeCompat->Type == 1 &&
+ PeCompat->Size >= sizeof (PE_COMPAT_TYPE1) &&
+ EFI_IMAGE_MACHINE_TYPE_SUPPORTED (PeCompat->MachineType)) {
+
+ return (EFI_IMAGE_ENTRY_POINT)((UINTN)ImageBase + PeCompat->EntryPoint);
+ }
+ PeCompat = (PE_COMPAT_TYPE1 *)((UINTN)PeCompat + PeCompat->Size);
+ }
Ard,

Cool patch series!

I'm not an official reviewer, but I'd feel better about this patch if you added a condition to exit the "while (PeCompat->Type != 0)" loop if PeCompat ever gets pointed outside of the section. Otherwise a malformed or corrupted .compat section could send you off dereferencing anything at all.

Similarly, it wouldn't hurt to sanity check the header fields, such as e_lfanew, OptionalHeader, SizeOfOptionalHeader, and NumberOfSections (or at least verify that all pointers you calculate from them point within the overall image. Or has that already been done by the PeCoff loader by the time this code is called?

Thanks,
Brian J. Johnson

+ }
+ Section++;
+ }
+ return NULL;
+}
+
+STATIC
+EFI_STATUS
+EFIAPI
+RegisterImage (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS ImageBase,
+ IN UINT64 ImageSize,
+ IN OUT EFI_IMAGE_ENTRY_POINT *EntryPoint
+ )
+{
+ EFI_IMAGE_ENTRY_POINT CompatEntryPoint;
+
+ CompatEntryPoint = GetCompatEntryPoint (ImageBase);
+ if (CompatEntryPoint == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ *EntryPoint = CompatEntryPoint;
+ return EFI_SUCCESS;
+}
+
+STATIC
+EFI_STATUS
+EFIAPI
+UnregisterImage (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS ImageBase
+ )
+{
+ return EFI_SUCCESS;
+}
+
+STATIC EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL mCompatLoaderPeCoffEmuProtocol = {
+ IsImageSupported,
+ RegisterImage,
+ UnregisterImage,
+ EDKII_PECOFF_IMAGE_EMULATOR_VERSION,
+ EFI_IMAGE_MACHINE_X64
+};
+
+EFI_STATUS
+EFIAPI
+CompatImageLoaderDxeEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return gBS->InstallProtocolInterface (&ImageHandle,
+ &gEdkiiPeCoffImageEmulatorProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &mCompatLoaderPeCoffEmuProtocol);
+}
diff --git a/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
new file mode 100644
index 000000000000..82369384fbe6
--- /dev/null
+++ b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
@@ -0,0 +1,36 @@
+## @file
+# PE/COFF emulator protocol implementation to start Linux kernel
+# images from non-native firmware
+#
+# Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.27
+ BASE_NAME = CompatImageLoaderDxe
+ FILE_GUID = 1019f54a-2560-41b2-87b0-6750b98f3eff
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = CompatImageLoaderDxeEntryPoint
+
+[Sources]
+ CompatImageLoaderDxe.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ BaseMemoryLib
+ PeCoffLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+
+[Protocols]
+ gEdkiiPeCoffImageEmulatorProtocolGuid ## PRODUCES
+
+[Depex]
+ TRUE
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 76e52a3de120..8d91903f8b4e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -33,6 +33,7 @@ [Defines]
DEFINE SOURCE_DEBUG_ENABLE = FALSE
DEFINE TPM2_ENABLE = FALSE
DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
#
# Network definition
@@ -932,3 +933,7 @@ [Components]
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
+
+!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
+ OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
+!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index b6cd5da4f2b3..ff8d80859fb9 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -354,6 +354,10 @@ [FV.DXEFV]
!endif
!endif
+!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
+INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
+!endif
+
################################################################################
[FV.FVMAIN_COMPACT]

--

Brian

--------------------------------------------------------------------

"I don't believe personal letters sent bulk rate."
-- me


[PATCH v3 6/6] OvmfPkg IA32: add support for loading X64 images

Ard Biesheuvel
 

This is the UEFI counterpart to my Linux series which generalizes
mixed mode support into a feature that requires very little internal
knowledge about the architecture specifics of booting Linux on the
part of the bootloader or firmware.

Instead, we add a .compat PE/COFF header containing an array of
PE_COMPAT nodes containing <machine type, entrypoint> tuples that
describe alternate entrypoints into the image for different native
machine types, e.g., IA-32 in a 64-bit image so it can be booted
from IA-32 firmware.

This patch implements the PE/COFF emulator protocol to take this new
section into account, so that such images can simply be loaded via
LoadImage/StartImage, e.g., straight from the shell.

This feature is based on the EDK2 specific PE/COFF emulator protocol
that was introduced in commit 57df17fe26cd ("MdeModulePkg/DxeCore:
invoke the emulator protocol for foreign images", 2019-04-14).

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c | 139 ++++++++++++++++++++
OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf | 36 +++++
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32.fdf | 4 +
4 files changed, 184 insertions(+)

diff --git a/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c
new file mode 100644
index 000000000000..6dc07f467752
--- /dev/null
+++ b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c
@@ -0,0 +1,139 @@
+/** @file
+ * PE/COFF emulator protocol implementation to start Linux kernel
+ * images from non-native firmware
+ *
+ * Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause-Patent
+ *
+ */
+
+#include <PiDxe.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeCoffLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+#include <Protocol/PeCoffImageEmulator.h>
+
+#pragma pack (1)
+typedef struct {
+ UINT8 Type;
+ UINT8 Size;
+ UINT16 MachineType;
+ UINT32 EntryPoint;
+} PE_COMPAT_TYPE1;
+#pragma pack ()
+
+STATIC
+BOOLEAN
+EFIAPI
+IsImageSupported (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN UINT16 ImageType,
+ IN EFI_DEVICE_PATH_PROTOCOL *DevicePath OPTIONAL
+ )
+{
+ return ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION;
+}
+
+STATIC
+EFI_IMAGE_ENTRY_POINT
+EFIAPI
+GetCompatEntryPoint (
+ IN EFI_PHYSICAL_ADDRESS ImageBase
+ )
+{
+ EFI_IMAGE_DOS_HEADER *DosHdr;
+ UINTN PeCoffHeaderOffset;
+ EFI_IMAGE_NT_HEADERS32 *Pe32;
+ EFI_IMAGE_SECTION_HEADER *Section;
+ UINTN NumberOfSections;
+ PE_COMPAT_TYPE1 *PeCompat;
+
+ DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageBase;
+ if (DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) {
+ return NULL;
+ }
+
+ PeCoffHeaderOffset = DosHdr->e_lfanew;
+ Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINTN)ImageBase + PeCoffHeaderOffset);
+
+ Section = (EFI_IMAGE_SECTION_HEADER *)((UINTN)&Pe32->OptionalHeader +
+ Pe32->FileHeader.SizeOfOptionalHeader);
+ NumberOfSections = (UINTN)Pe32->FileHeader.NumberOfSections;
+
+ while (NumberOfSections--) {
+ if (!CompareMem (Section->Name, ".compat", sizeof (Section->Name))) {
+ //
+ // Dereference the section contents to find the mixed mode entry point
+ //
+ PeCompat = (PE_COMPAT_TYPE1 *)((UINTN)ImageBase + Section->VirtualAddress);
+
+ while (PeCompat->Type != 0) {
+ if (PeCompat->Type == 1 &&
+ PeCompat->Size >= sizeof (PE_COMPAT_TYPE1) &&
+ EFI_IMAGE_MACHINE_TYPE_SUPPORTED (PeCompat->MachineType)) {
+
+ return (EFI_IMAGE_ENTRY_POINT)((UINTN)ImageBase + PeCompat->EntryPoint);
+ }
+ PeCompat = (PE_COMPAT_TYPE1 *)((UINTN)PeCompat + PeCompat->Size);
+ }
+ }
+ Section++;
+ }
+ return NULL;
+}
+
+STATIC
+EFI_STATUS
+EFIAPI
+RegisterImage (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS ImageBase,
+ IN UINT64 ImageSize,
+ IN OUT EFI_IMAGE_ENTRY_POINT *EntryPoint
+ )
+{
+ EFI_IMAGE_ENTRY_POINT CompatEntryPoint;
+
+ CompatEntryPoint = GetCompatEntryPoint (ImageBase);
+ if (CompatEntryPoint == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ *EntryPoint = CompatEntryPoint;
+ return EFI_SUCCESS;
+}
+
+STATIC
+EFI_STATUS
+EFIAPI
+UnregisterImage (
+ IN EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS ImageBase
+ )
+{
+ return EFI_SUCCESS;
+}
+
+STATIC EDKII_PECOFF_IMAGE_EMULATOR_PROTOCOL mCompatLoaderPeCoffEmuProtocol = {
+ IsImageSupported,
+ RegisterImage,
+ UnregisterImage,
+ EDKII_PECOFF_IMAGE_EMULATOR_VERSION,
+ EFI_IMAGE_MACHINE_X64
+};
+
+EFI_STATUS
+EFIAPI
+CompatImageLoaderDxeEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ return gBS->InstallProtocolInterface (&ImageHandle,
+ &gEdkiiPeCoffImageEmulatorProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &mCompatLoaderPeCoffEmuProtocol);
+}
diff --git a/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
new file mode 100644
index 000000000000..82369384fbe6
--- /dev/null
+++ b/OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
@@ -0,0 +1,36 @@
+## @file
+# PE/COFF emulator protocol implementation to start Linux kernel
+# images from non-native firmware
+#
+# Copyright (c) 2020, ARM Ltd. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.27
+ BASE_NAME = CompatImageLoaderDxe
+ FILE_GUID = 1019f54a-2560-41b2-87b0-6750b98f3eff
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = CompatImageLoaderDxeEntryPoint
+
+[Sources]
+ CompatImageLoaderDxe.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ BaseMemoryLib
+ PeCoffLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+
+[Protocols]
+ gEdkiiPeCoffImageEmulatorProtocolGuid ## PRODUCES
+
+[Depex]
+ TRUE
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 76e52a3de120..8d91903f8b4e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -33,6 +33,7 @@ [Defines]
DEFINE SOURCE_DEBUG_ENABLE = FALSE
DEFINE TPM2_ENABLE = FALSE
DEFINE TPM2_CONFIG_ENABLE = FALSE
+ DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE

#
# Network definition
@@ -932,3 +933,7 @@ [Components]
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
+
+!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
+ OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
+!endif
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index b6cd5da4f2b3..ff8d80859fb9 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -354,6 +354,10 @@ [FV.DXEFV]
!endif
!endif

+!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
+INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
+!endif
+
################################################################################

[FV.FVMAIN_COMPACT]
--
2.17.1


[PATCH v3 5/6] MdeModulePkg/DxeCore: defer PE/COFF emulator registration to StartImage

Ard Biesheuvel
 

EDK2's implementation of the LoadImage() boot service permits non-native
binaries to be loaded (i.e., X64 images on IA32 firmware), but any
attempts to start such an image using StartImage() will return
EFI_UNSUPPORTED.

The integration of the PE/COFF emulator protocol into the DXE core
deviates slightly from this paradigm, given that its IsImageSupported
hook as well as its RegisterImage hook are invoked from LoadImage,
and by the time StartImage is called, no opportunity is given to the
provider of the PE/COFF emulator protocol to prevent an image from
being started if it only supports loading it.

To address this disparity, let's move the invocation of RegisterImage()
to the implementation of the StartImage() boot service, allowing the
emulator to permit LoadImage() but reject StartImage() on images that
turn out not to meet the requirements of the emulator as it is being
started.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
MdeModulePkg/Core/Dxe/Image/Image.c | 24 +++++++++++---------
1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c
index 22a87ecf6d7c..d86da89ee704 100644
--- a/MdeModulePkg/Core/Dxe/Image/Image.c
+++ b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -756,17 +756,6 @@ CoreLoadPeImage (
// Get the image entry point.
//
Image->EntryPoint = (EFI_IMAGE_ENTRY_POINT)(UINTN)Image->ImageContext.EntryPoint;
- if (Image->PeCoffEmu != NULL) {
- Status = Image->PeCoffEmu->RegisterImage (Image->PeCoffEmu,
- Image->ImageBasePage,
- EFI_PAGES_TO_SIZE (Image->NumberOfPages),
- &Image->EntryPoint);
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_LOAD | DEBUG_ERROR,
- "CoreLoadPeImage: Failed to register foreign image with emulator.\n"));
- goto Done;
- }
- }

//
// Fill in the image information for the Loaded Image Protocol
@@ -1603,6 +1592,19 @@ CoreStartImage (
return EFI_UNSUPPORTED;
}

+ if (Image->PeCoffEmu != NULL) {
+ Status = Image->PeCoffEmu->RegisterImage (Image->PeCoffEmu,
+ Image->ImageBasePage,
+ EFI_PAGES_TO_SIZE (Image->NumberOfPages),
+ &Image->EntryPoint);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_LOAD | DEBUG_ERROR,
+ "CoreLoadPeImage: Failed to register foreign image with emulator - %r\n",
+ Status));
+ return Status;
+ }
+ }
+
PERF_START_IMAGE_BEGIN (Handle);


--
2.17.1


[PATCH v3 4/6] OvmfPkg: add the 'initrd' dynamic shell command

Ard Biesheuvel
 

Add the 'initrd' dynamic shell command to the build so we can load
Linux initrds straight from the shell using the new generic protocol,
which does not rely on initrd= being passed on the command line.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 4 ++++
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 4 ++++
OvmfPkg/OvmfPkgX64.fdf | 1 +
OvmfPkg/OvmfXen.dsc | 4 ++++
OvmfPkg/OvmfXen.fdf | 1 +
8 files changed, 20 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 19728f20b34e..76e52a3de120 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -821,6 +821,10 @@ [Components]
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
!endif
+ OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+ <PcdsFixedAtBuild>
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+ }
ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 63607551ed75..b6cd5da4f2b3 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -282,6 +282,7 @@ [FV.DXEFV]
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
+INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

INF MdeModulePkg/Logo/LogoDxe.inf

diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 3c0c229e3a72..842b4a028913 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -834,6 +834,10 @@ [Components.X64]
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
!endif
+ OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+ <PcdsFixedAtBuild>
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+ }
ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 0488e5d95ffe..69c133ec08d5 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -282,6 +282,7 @@ [FV.DXEFV]
!if $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
+INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
INF ShellPkg/Application/Shell/Shell.inf

INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f6c1d8d228c6..0b1e45d1f15a 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -832,6 +832,10 @@ [Components]
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
!endif
+ OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+ <PcdsFixedAtBuild>
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+ }
ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 0488e5d95ffe..69c133ec08d5 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -282,6 +282,7 @@ [FV.DXEFV]
!if $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
+INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
INF ShellPkg/Application/Shell/Shell.inf

INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 5751ff1f0352..6612018ad6a8 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -714,6 +714,10 @@ [Components]
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
}
+ OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+ <PcdsFixedAtBuild>
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+ }

OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/AmdSevDxe/AmdSevDxe.inf
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index 05138ffc5b4f..5ca8081c0265 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -364,6 +364,7 @@ [FV.DXEFV]
!if $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
+INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
INF ShellPkg/Application/Shell/Shell.inf

INF MdeModulePkg/Logo/LogoDxe.inf
--
2.17.1


[PATCH v3 3/6] ArmVirtPkg: add the 'initrd' dynamic shell command

Ard Biesheuvel
 

Add the 'initrd' dynamic shell command to the build so we can load
Linux initrds straight from the shell using the new generic protocol,
which does not rely on initrd= being passed on the command line.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 4 ++++
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 +
ArmVirtPkg/ArmVirtXen.fdf | 1 +
3 files changed, 6 insertions(+)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 10037c938eb8..42ecd5ce1d52 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -379,6 +379,10 @@ [Components.common]
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
+ OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+ <PcdsFixedAtBuild>
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+ }
ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 31f615a9d0f9..bfa380815f1a 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -103,6 +103,7 @@ [FV.FvMain]
#
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

#
# Bds
diff --git a/ArmVirtPkg/ArmVirtXen.fdf b/ArmVirtPkg/ArmVirtXen.fdf
index 38d4cc163524..6a97bceeacbc 100644
--- a/ArmVirtPkg/ArmVirtXen.fdf
+++ b/ArmVirtPkg/ArmVirtXen.fdf
@@ -182,6 +182,7 @@ [FV.FvMain]
#
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

#
# Bds
--
2.17.1


[PATCH v3 2/6] OvmfPkg: add 'initrd' shell command to expose Linux initrd via device path

Ard Biesheuvel
 

Add a new 'initrd' command to the UEFI Shell that allows any file that is
accessible to the shell to be registered as the initrd that is returned
when Linux's EFI stub loader invokes the LoadFile2 protocol on its special
vendor media device path.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.c | 429 ++++++++++++++++++++
OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf | 53 +++
OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.uni | 49 +++
3 files changed, 531 insertions(+)

diff --git a/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.c b/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.c
new file mode 100644
index 000000000000..7ddeba0df624
--- /dev/null
+++ b/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.c
@@ -0,0 +1,429 @@
+/** @file
+ Provides 'initrd' dynamic UEFI shell command to load a Linux initrd
+ via its GUIDed vendor media path
+
+ Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+
+#include <Library/DebugLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/HiiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/ShellLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiHiiServicesLib.h>
+
+#include <Guid/LinuxEfiInitrdMedia.h>
+
+#include <Protocol/DevicePath.h>
+#include <Protocol/HiiPackageList.h>
+#include <Protocol/LoadFile2.h>
+#include <Protocol/ShellDynamicCommand.h>
+
+#pragma pack (1)
+typedef struct {
+ VENDOR_DEVICE_PATH VenMediaNode;
+ EFI_DEVICE_PATH_PROTOCOL EndNode;
+} SINGLE_NODE_VENDOR_MEDIA_DEVPATH;
+#pragma pack ()
+
+STATIC EFI_HII_HANDLE mLinuxInitrdShellCommandHiiHandle;
+STATIC EFI_PHYSICAL_ADDRESS mInitrdFileAddress;
+STATIC UINTN mInitrdFileSize;
+STATIC EFI_HANDLE mInitrdLoadFile2Handle;
+
+STATIC CONST SHELL_PARAM_ITEM ParamList[] = {
+ {L"-u", TypeFlag},
+ {NULL, TypeMax}
+ };
+
+STATIC CONST SINGLE_NODE_VENDOR_MEDIA_DEVPATH mInitrdDevicePath = {
+ {
+ {
+ MEDIA_DEVICE_PATH, MEDIA_VENDOR_DP, { sizeof (VENDOR_DEVICE_PATH) }
+ },
+ LINUX_EFI_INITRD_MEDIA_GUID
+ }, {
+ END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE,
+ { sizeof (EFI_DEVICE_PATH_PROTOCOL) }
+ }
+};
+
+STATIC
+EFI_STATUS
+EFIAPI
+InitrdLoadFile2 (
+ IN EFI_LOAD_FILE2_PROTOCOL *This,
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
+ IN BOOLEAN BootPolicy,
+ IN OUT UINTN *BufferSize,
+ OUT VOID *Buffer OPTIONAL
+ )
+{
+ if (BootPolicy) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if (BufferSize == NULL || !IsDevicePathValid (FilePath, 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (FilePath->Type != END_DEVICE_PATH_TYPE ||
+ FilePath->SubType != END_ENTIRE_DEVICE_PATH_SUBTYPE ||
+ mInitrdFileSize == 0) {
+ return EFI_NOT_FOUND;
+ }
+
+ if (Buffer == NULL || *BufferSize < mInitrdFileSize) {
+ *BufferSize = mInitrdFileSize;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ ASSERT (mInitrdFileAddress != 0);
+
+ gBS->CopyMem (Buffer, (VOID *)(UINTN)mInitrdFileAddress, mInitrdFileSize);
+ *BufferSize = mInitrdFileSize;
+ return EFI_SUCCESS;
+}
+
+STATIC CONST EFI_LOAD_FILE2_PROTOCOL mInitrdLoadFile2 = {
+ InitrdLoadFile2,
+};
+
+STATIC
+EFI_STATUS
+UninstallLoadFile2Protocol (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ if (mInitrdLoadFile2Handle != NULL) {
+ Status = gBS->UninstallMultipleProtocolInterfaces (mInitrdLoadFile2Handle,
+ &gEfiDevicePathProtocolGuid, &mInitrdDevicePath,
+ &gEfiLoadFile2ProtocolGuid, &mInitrdLoadFile2,
+ NULL);
+ if (!EFI_ERROR (Status)) {
+ mInitrdLoadFile2Handle = NULL;
+ }
+ }
+ return Status;
+}
+
+STATIC
+VOID
+FreeInitrdFile (
+ VOID
+ )
+{
+ if (mInitrdFileSize != 0) {
+ gBS->FreePages (mInitrdFileAddress, EFI_SIZE_TO_PAGES (mInitrdFileSize));
+ mInitrdFileSize = 0;
+ }
+}
+
+STATIC
+EFI_STATUS
+CacheInitrdFile (
+ IN SHELL_FILE_HANDLE FileHandle
+ )
+{
+ EFI_STATUS Status;
+ UINT64 FileSize;
+ UINTN ReadSize;
+
+ Status = gEfiShellProtocol->GetFileSize (FileHandle, &FileSize);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (FileSize == 0 || FileSize > MAX_UINTN) {
+ return EFI_UNSUPPORTED;
+ }
+
+ Status = gBS->AllocatePages (AllocateAnyPages, EfiLoaderData,
+ EFI_SIZE_TO_PAGES ((UINTN)FileSize), &mInitrdFileAddress);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ ReadSize = (UINTN)FileSize;
+ Status = gEfiShellProtocol->ReadFile (FileHandle, &ReadSize,
+ (VOID *)(UINTN)mInitrdFileAddress);
+ if (EFI_ERROR (Status) || ReadSize < FileSize) {
+ DEBUG ((DEBUG_WARN, "%a: failed to read initrd file - %r 0x%lx 0x%lx\n",
+ __FUNCTION__, Status, (UINT64)ReadSize, FileSize));
+ goto FreeMemory;
+ }
+
+ if (mInitrdLoadFile2Handle == NULL) {
+ Status = gBS->InstallMultipleProtocolInterfaces (&mInitrdLoadFile2Handle,
+ &gEfiDevicePathProtocolGuid, &mInitrdDevicePath,
+ &gEfiLoadFile2ProtocolGuid, &mInitrdLoadFile2,
+ NULL);
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ mInitrdFileSize = FileSize;
+ return EFI_SUCCESS;
+
+FreeMemory:
+ gBS->FreePages (mInitrdFileAddress, EFI_SIZE_TO_PAGES ((UINTN)FileSize));
+ return Status;
+}
+
+/**
+ Function for 'initrd' command.
+
+ @param[in] ImageHandle Handle to the Image (NULL if Internal).
+ @param[in] SystemTable Pointer to the System Table (NULL if Internal).
+**/
+STATIC
+SHELL_STATUS
+EFIAPI
+RunInitrd (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ LIST_ENTRY *Package;
+ CHAR16 *ProblemParam;
+ CONST CHAR16 *Param;
+ CONST CHAR16 *Filename;
+ SHELL_STATUS ShellStatus;
+ SHELL_FILE_HANDLE FileHandle;
+
+ ProblemParam = NULL;
+ ShellStatus = SHELL_SUCCESS;
+
+ Status = ShellInitialize ();
+ ASSERT_EFI_ERROR (Status);
+
+ //
+ // parse the command line
+ //
+ Status = ShellCommandLineParse (ParamList, &Package, &ProblemParam, TRUE);
+ if (EFI_ERROR (Status)) {
+ if (Status == EFI_VOLUME_CORRUPTED && ProblemParam != NULL) {
+ ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_GEN_PROBLEM),
+ mLinuxInitrdShellCommandHiiHandle, L"initrd", ProblemParam);
+ FreePool (ProblemParam);
+ ShellStatus = SHELL_INVALID_PARAMETER;
+ } else {
+ ASSERT(FALSE);
+ }
+ } else {
+ if (ShellCommandLineGetCount (Package) > 2) {
+ ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_GEN_TOO_MANY),
+ mLinuxInitrdShellCommandHiiHandle, L"initrd");
+ ShellStatus = SHELL_INVALID_PARAMETER;
+ } else if (ShellCommandLineGetCount (Package) < 2) {
+ if (ShellCommandLineGetFlag (Package, L"-u")) {
+ FreeInitrdFile ();
+ UninstallLoadFile2Protocol ();
+ } else {
+ ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_GEN_TOO_FEW),
+ mLinuxInitrdShellCommandHiiHandle, L"initrd");
+ ShellStatus = SHELL_INVALID_PARAMETER;
+ }
+ } else {
+ Param = ShellCommandLineGetRawValue (Package, 1);
+ ASSERT (Param != NULL);
+
+ Filename = ShellFindFilePath (Param);
+ if (Filename == NULL) {
+ ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_GEN_FIND_FAIL),
+ mLinuxInitrdShellCommandHiiHandle, L"initrd", Param);
+ ShellStatus = SHELL_NOT_FOUND;
+ } else {
+ Status = ShellOpenFileByName (Filename, &FileHandle,
+ EFI_FILE_MODE_READ, 0);
+ if (!EFI_ERROR (Status)) {
+ FreeInitrdFile ();
+ Status = CacheInitrdFile (FileHandle);
+ ShellCloseFile (&FileHandle);
+ }
+ if (EFI_ERROR (Status)) {
+ ShellPrintHiiEx (-1, -1, NULL, STRING_TOKEN (STR_GEN_FILE_OPEN_FAIL),
+ mLinuxInitrdShellCommandHiiHandle, L"initrd", Param);
+ ShellStatus = SHELL_NOT_FOUND;
+ }
+ }
+ FreePool (Filename);
+ }
+ }
+ return ShellStatus;
+}
+
+
+/**
+ This is the shell command handler function pointer callback type. This
+ function handles the command when it is invoked in the shell.
+
+ @param[in] This The instance of the
+ EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL.
+ @param[in] SystemTable The pointer to the system table.
+ @param[in] ShellParameters The parameters associated with the command.
+ @param[in] Shell The instance of the shell protocol used in
+ the context of processing this command.
+
+ @return EFI_SUCCESS the operation was successful
+ @return other the operation failed.
+**/
+SHELL_STATUS
+EFIAPI
+LinuxInitrdCommandHandler (
+ IN EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL *This,
+ IN EFI_SYSTEM_TABLE *SystemTable,
+ IN EFI_SHELL_PARAMETERS_PROTOCOL *ShellParameters,
+ IN EFI_SHELL_PROTOCOL *Shell
+ )
+{
+ gEfiShellParametersProtocol = ShellParameters;
+ gEfiShellProtocol = Shell;
+
+ return RunInitrd (gImageHandle, SystemTable);
+}
+
+/**
+ This is the command help handler function pointer callback type. This
+ function is responsible for displaying help information for the associated
+ command.
+
+ @param[in] This The instance of the
+ EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL.
+ @param[in] Language The pointer to the language string to use.
+
+ @return string Pool allocated help string, must be freed
+ by caller
+**/
+STATIC
+CHAR16 *
+EFIAPI
+LinuxInitrdGetHelp (
+ IN EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL *This,
+ IN CONST CHAR8 *Language
+ )
+{
+ return HiiGetString (mLinuxInitrdShellCommandHiiHandle,
+ STRING_TOKEN (STR_GET_HELP_INITRD), Language);
+}
+
+STATIC EFI_SHELL_DYNAMIC_COMMAND_PROTOCOL mLinuxInitrdDynamicCommand = {
+ L"initrd",
+ LinuxInitrdCommandHandler,
+ LinuxInitrdGetHelp
+};
+
+/**
+ Retrieve HII package list from ImageHandle and publish to HII database.
+
+ @param ImageHandle The image handle of the process.
+
+ @return HII handle.
+**/
+STATIC
+EFI_HII_HANDLE
+InitializeHiiPackage (
+ EFI_HANDLE ImageHandle
+ )
+{
+ EFI_STATUS Status;
+ EFI_HII_PACKAGE_LIST_HEADER *PackageList;
+ EFI_HII_HANDLE HiiHandle;
+
+ //
+ // Retrieve HII package list from ImageHandle
+ //
+ Status = gBS->OpenProtocol (ImageHandle, &gEfiHiiPackageListProtocolGuid,
+ (VOID **)&PackageList, ImageHandle, NULL,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return NULL;
+ }
+
+ //
+ // Publish HII package list to HII Database.
+ //
+ Status = gHiiDatabase->NewPackageList (gHiiDatabase, PackageList, NULL,
+ &HiiHandle);
+ ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return NULL;
+ }
+ return HiiHandle;
+}
+
+/**
+ Entry point of Linux Initrd dynamic UEFI Shell command.
+
+ Produce the DynamicCommand protocol to handle "initrd" command.
+
+ @param ImageHandle The image handle of the process.
+ @param SystemTable The EFI System Table pointer.
+
+ @retval EFI_SUCCESS Initrd command is executed successfully.
+ @retval EFI_ABORTED HII package was failed to initialize.
+ @retval others Other errors when executing Initrd command.
+**/
+EFI_STATUS
+EFIAPI
+LinuxInitrdDynamicShellCommandEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ mLinuxInitrdShellCommandHiiHandle = InitializeHiiPackage (ImageHandle);
+ if (mLinuxInitrdShellCommandHiiHandle == NULL) {
+ return EFI_ABORTED;
+ }
+
+ Status = gBS->InstallProtocolInterface (&ImageHandle,
+ &gEfiShellDynamicCommandProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &mLinuxInitrdDynamicCommand);
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+}
+
+/**
+ Unload the dynamic UEFI Shell command.
+
+ @param ImageHandle The image handle of the process.
+
+ @retval EFI_SUCCESS The image is unloaded.
+ @retval Others Failed to unload the image.
+**/
+EFI_STATUS
+EFIAPI
+LinuxInitrdDynamicShellCommandUnload (
+ IN EFI_HANDLE ImageHandle
+)
+{
+ EFI_STATUS Status;
+
+ FreeInitrdFile ();
+
+ Status = UninstallLoadFile2Protocol ();
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = gBS->UninstallProtocolInterface (ImageHandle,
+ &gEfiShellDynamicCommandProtocolGuid,
+ &mLinuxInitrdDynamicCommand);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ HiiRemovePackages (mLinuxInitrdShellCommandHiiHandle);
+ return EFI_SUCCESS;
+}
diff --git a/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf b/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
new file mode 100644
index 000000000000..6da6ef6d7818
--- /dev/null
+++ b/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
@@ -0,0 +1,53 @@
+## @file
+# Provides 'initrd' dynamic UEFI shell command to load a Linux initrd
+# via its GUIDed vendor media path
+#
+# Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 1.27
+ BASE_NAME = LinuxInitrdDynamicShellCommand
+ FILE_GUID = 2f30da26-f51b-4b6f-85c4-31873c281bca
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = LinuxInitrdDynamicShellCommandEntryPoint
+ UNLOAD_IMAGE = LinuxInitrdDynamicShellCommandUnload
+ UEFI_HII_RESOURCE_SECTION = TRUE
+
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 EBC
+#
+
+[Sources.common]
+ LinuxInitrdDynamicShellCommand.c
+ LinuxInitrdDynamicShellCommand.uni
+
+[Packages]
+ MdePkg/MdePkg.dec
+ ShellPkg/ShellPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ DebugLib
+ DevicePathLib
+ HiiLib
+ MemoryAllocationLib
+ ShellLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ UefiHiiServicesLib
+
+[Protocols]
+ gEfiDevicePathProtocolGuid ## SOMETIMES_PRODUCES
+ gEfiHiiPackageListProtocolGuid ## CONSUMES
+ gEfiLoadFile2ProtocolGuid ## SOMETIMES_PRODUCES
+ gEfiShellDynamicCommandProtocolGuid ## PRODUCES
+
+[DEPEX]
+ TRUE
diff --git a/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.uni b/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.uni
new file mode 100644
index 000000000000..a88fa6e3641b
--- /dev/null
+++ b/OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.uni
@@ -0,0 +1,49 @@
+// /**
+//
+// Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// Module Name:
+//
+// LinuxInitrdDynamicShellCommand.uni
+//
+// Abstract:
+//
+// String definitions for 'initrd' UEFI Shell command
+//
+// **/
+
+/=#
+
+#langdef en-US "english"
+
+#string STR_GEN_PROBLEM #language en-US "%H%s%N: Unknown flag - '%H%s%N'\r\n"
+#string STR_GEN_TOO_MANY #language en-US "%H%s%N: Too many arguments.\r\n"
+#string STR_GEN_TOO_FEW #language en-US "%H%s%N: Too few arguments.\r\n"
+#string STR_GEN_FIND_FAIL #language en-US "%H%s%N: File not found - '%H%s%N'\r\n"
+#string STR_GEN_FILE_OPEN_FAIL #language en-US "%H%s%N: Cannot open file - '%H%s%N'\r\n"
+
+#string STR_GET_HELP_INITRD #language en-US ""
+".TH initrd 0 "Registers or unregisters a file as Linux initrd."\r\n"
+".SH NAME\r\n"
+"Registers or unregisters a file as Linux initrd.\r\n"
+".SH SYNOPSIS\r\n"
+" \r\n"
+"initrd <FileName>\r\n"
+"initrd -u\r\n"
+".SH OPTIONS\r\n"
+" \r\n"
+" FileName - Specifies a file to register as initrd.\r\n"
+" -u - Unregisters any previously registered initrd files.\r\n"
+".SH DESCRIPTION\r\n"
+" \r\n"
+"NOTES:\r\n"
+" 1. Only a single file can be loaded as initrd at any given time. Using the\r\n"
+" command twice with a <FileName> option will result in the first file to\r\n"
+" be unloaded again, regardless of whether the second invocation succeeded\r\n"
+" or not.\r\n"
+" 2. The initrd is not unloaded when the shell exits, and will remain active\r\n"
+" until it is unloaded again by a different invocation of the shell.\r\n"
+" Consumers of the LoadFile2 protocol on the LINUX_EFI_INITRD_MEDIA_GUID\r\n"
+" device path that are started via means other than the shell will be able\r\n"
+" to locate the protocol and invoke it.\r\n"
--
2.17.1


[PATCH v3 1/6] OvmfPkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID

Ard Biesheuvel
 

Add LINUX_EFI_INITRD_MEDIA_GUID to our collection of GUID definitions,
it can be used in a media device path to specify a Linux style initrd
that can be loaded by the OS using the LoadFile2 protocol.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h | 17 +++++++++++++++++
OvmfPkg/OvmfPkg.dec | 1 +
2 files changed, 18 insertions(+)

diff --git a/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h b/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h
new file mode 100644
index 000000000000..83fc3fc79aa6
--- /dev/null
+++ b/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h
@@ -0,0 +1,17 @@
+/** @file
+ GUID definition for the Linux Initrd media device path
+
+ Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef LINUX_EFI_INITRD_MEDIA_GUID_H__
+#define LINUX_EFI_INITRD_MEDIA_GUID_H__
+
+#define LINUX_EFI_INITRD_MEDIA_GUID \
+ {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
+
+extern EFI_GUID gLinuxEfiInitrdMediaGuid;
+
+#endif
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 4c5b6511cb97..6849a79cd8b0 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -86,6 +86,7 @@ [Guids]
gMicrosoftVendorGuid = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}}
gEfiLegacyBiosGuid = {0x2E3044AC, 0x879F, 0x490F, {0x97, 0x60, 0xBB, 0xDF, 0xAF, 0x69, 0x5F, 0x50}}
gEfiLegacyDevOrderVariableGuid = {0xa56074db, 0x65fe, 0x45f7, {0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}}
+ gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}

[Protocols]
gVirtioDeviceProtocolGuid = {0xfa920010, 0x6785, 0x4941, {0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}}
--
2.17.1


[PATCH v3 0/6] OvmfPkg: implement initrd shell command and mixed mode loader

Ard Biesheuvel
 

This is tagged as a v2 since it is a followup to a couple of patches [0][1]
that have already been sent to the list.

This series is part of my effort to define a generic EFI boot protocol for
Linux, i.e,. one that is the same across all different architectures that
are able to boot Linux from EFI, and naturally reused the firmware's
infrastructure for authenticated boot and measured boot.

Path #1 ... #4 implement the 'initrd' dynamic shell command, which takes a
file and exposes it via the LoadFile2 protocol installed on a vendor media
device path with guid LINUX_EFI_INITRD_MEDIA_GUID. This is a Linux specific,
but arch-agnostic way for the OS loader to load an initial ramdisk, while
leaving the firmware (or bootloader) in charge of where the file contents
are served from. This supersedes the currently existing solutions on Linux,
which are either limited to loading from the same volume that the OS loader
was loaded from, or load the initrd into memory first, and use architecture
specific data structures to pass on the information regarding base and size.

Patch #5 is an update to the integration of the PE/COFF emulator protocol,
to align it more closely with how LoadImage() and StartImage() behave today:
LoadImage() is not restricted to images that can execute natively on the
platform, but also permits loading of cross-type supported images. This means
that any judgement on whether an image can be *started* needs to be deferred
until StartImage(), which is why the invocation of the RegisterImage()
callback needs to be deferred as well.

Patch #6 implements the PE/COFF emulator protocol so it can start X64 images
that have been loaded on IA32 firmware. This is needed for Linux's so-called
'mixed mode', which is an elaborate scheme of on-the-fly translation of data
structures and thunking into 32-bit compat mode, allowing X64 Linux kernels
to be used on X64 capable hardware that shipped with IA32 firmware. This
needs support from the loader, and is currently implemented in GRUB (and
OVMF's command line kernel loader) using the EFI handover protocol, which
relies far too much on knowledge of kernel internal data structures, and
circumvents LoadImage and StartImage entirely.
(Note: mixed mode support is mainly targeted at cheap Atom tablets that
shipped with a [cheaper] 32-bit version of Windows, and so this particular
patch is unlikely to help that use case, but it is useful for validation.)

With these changes in place, we can boot x86 mixed-mode Linux straight from
the UEFI Shell

Shell>initrd fs0:\initrd.img
Shell>fs0:\bzImage root=/dev/vda2

Another benefit of this approach is that we can exit cleanly from the loader
(and back to the shell) using the Exit() boot service if any errors occur,
whereas the EFI handover protocol enters a deadloop upon any error that
occurs during execution of the EFI stub.

Changes since v2:
- incorporate Laszlo's feedback, and add R-b's - I have incorporated all the
feedback given, except for the structure of the shell command implementation:
it is not my preferred style, but it is correct, and idiomatic for the shell
commands I could find in the tree.

Changes from v1:
- Use a dynamic UEFI shell command, which is the recommended way of implementing
new shell commands that are not covered by the UEFI shell specification. It
also makes the command more easily usable on existing platforms, since the
driver can be loaded as an ordinary driver.
- split initrd patch into 4, as requested by Laszlo
- add patch to tweak the LoadImage/StartImage behavior wrt the PE/COFF emulator
protocol
- return EFI_UNSUPPORTED from PeCoffEmu::RegisterImage() if the image does not
have the required .compat section

[0] https://edk2.groups.io/g/devel/topic/rfc_patch_1_1_ovmfpkg_add/71177416
[1] https://edk2.groups.io/g/devel/topic/patch_1_1_ovmfpkg_ia32_add/71272266

v2: https://edk2.groups.io/g/devel/topic/patch_v2_0_6_ovmfpkg/71530294

Cc: lersek@redhat.com
Cc: leif@nuviainc.com
Cc: michael.d.kinney@intel.com
Cc: jian.j.wang@intel.com
Cc: hao.a.wu@intel.com
Cc: ray.ni@intel.com
Cc: zhichao.gao@intel.com

Ard Biesheuvel (6):
OvmfPkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID
OvmfPkg: add 'initrd' shell command to expose Linux initrd via device
path
ArmVirtPkg: add the 'initrd' dynamic shell command
OvmfPkg: add the 'initrd' dynamic shell command
MdeModulePkg/DxeCore: defer PE/COFF emulator registration to
StartImage
OvmfPkg IA32: add support for loading X64 images

ArmVirtPkg/ArmVirt.dsc.inc | 4 +
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 +
ArmVirtPkg/ArmVirtXen.fdf | 1 +
MdeModulePkg/Core/Dxe/Image/Image.c | 24 +-
.../CompatImageLoaderDxe.c | 139 ++++++
.../CompatImageLoaderDxe.inf | 36 ++
OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h | 17 +
.../LinuxInitrdDynamicShellCommand.c | 429 ++++++++++++++++++
.../LinuxInitrdDynamicShellCommand.inf | 53 +++
.../LinuxInitrdDynamicShellCommand.uni | 49 ++
OvmfPkg/OvmfPkg.dec | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 9 +
OvmfPkg/OvmfPkgIa32.fdf | 5 +
OvmfPkg/OvmfPkgIa32X64.dsc | 4 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 4 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
OvmfPkg/OvmfXen.dsc | 4 +
OvmfPkg/OvmfXen.fdf | 1 +
19 files changed, 772 insertions(+), 11 deletions(-)
create mode 100644 OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.c
create mode 100644 OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
create mode 100644 OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h
create mode 100644 OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.c
create mode 100644 OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
create mode 100644 OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.uni

--
2.17.1


[PATCH v3 9/9] ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot

Ard Biesheuvel
 

Now that all the TPM2 related plumbing is in place, we can add the
final piece that performs the measurements of loaded images into
the appropriate PCRs.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
ArmVirtPkg/ArmVirtQemu.dsc | 3 +++
1 file changed, 3 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7cb2d1b42fb8..a0d179a72b2a 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -346,6 +346,9 @@ [Components.common]
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!if $(TPM2_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
+!endif
}
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
--
2.17.1


[PATCH v3 8/9] ArmVirtPkg/ArmVirtQemu: enable the TPM2 configuration module

Ard Biesheuvel
 

Enable the DXE phase component that publishes the HII pages and
associated logic to enable TPM2 parameters to be configured by
the user via the setup menu.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
ArmVirtPkg/ArmVirtQemu.dsc | 9 +++++++++
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 3 +++
2 files changed, 12 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 9fe5ab37611c..7cb2d1b42fb8 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -30,6 +30,7 @@ [Defines]
DEFINE TTY_TERMINAL = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE TPM2_ENABLE = FALSE
+ DEFINE TPM2_CONFIG_ENABLE = FALSE

#
# Network definition
@@ -268,6 +269,11 @@ [PcdsDynamicDefault.common]
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS

+!if $(TPM2_CONFIG_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
+!endif
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform
@@ -490,6 +496,9 @@ [Components.common]
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
!endif

#
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 63247fd10058..d481e4b2b8fb 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -188,4 +188,7 @@ [FV.FvMain]
#
!if $(TPM2_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+ INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
!endif
--
2.17.1


[PATCH v3 7/9] ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2 support module

Ard Biesheuvel
 

Enable the TPM2 support module in the DXE phase, and the associated
libraries and PCDs that it requires. This will be wired into the
measured boot support code in a subsequent patch.

Note that Tcg2Dxe.inf is added to ArmVirtQemuFvMain.fdf.inc, which
is shared with other platforms in ArmVirtPkg, but as those will not
set the TPM2_ENABLE define, this change does not affect them.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
ArmVirtPkg/ArmVirtQemu.dsc | 23 ++++++++++++++++++++
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 7 ++++++
2 files changed, 30 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 8950116dacab..9fe5ab37611c 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -77,6 +77,8 @@ [LibraryClasses.common]

!if $(TPM2_ENABLE) == TRUE
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
!endif

[LibraryClasses.common.PEIM]
@@ -91,6 +93,10 @@ [LibraryClasses.common.PEIM]
[LibraryClasses.common.DXE_DRIVER]
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf

+!if $(TPM2_ENABLE) == TRUE
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
+!endif
+
[LibraryClasses.common.UEFI_DRIVER]
UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf

@@ -469,6 +475,23 @@ [Components.common]
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf

+ #
+ # TPM2 support
+ #
+!if $(TPM2_ENABLE) == TRUE
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+ }
+!endif
+
#
# ACPI Support
#
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 31f615a9d0f9..63247fd10058 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -182,3 +182,10 @@ [FV.FvMain]
# Ramdisk support
#
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+
+ #
+ # TPM2 support
+ #
+!if $(TPM2_ENABLE) == TRUE
+ INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+!endif
--
2.17.1


[PATCH v3 6/9] ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase

Ard Biesheuvel
 

Incorporate the PEI components and the associated library class
resolutions and PCD declarations to enable TPM2 support in the
PEI phase.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
ArmVirtPkg/ArmVirtQemu.dsc | 20 ++++++++++++++++++++
ArmVirtPkg/ArmVirtQemu.fdf | 2 ++
2 files changed, 22 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d1757cdba671..8950116dacab 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -75,11 +75,17 @@ [LibraryClasses.common]
PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf
PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf

+!if $(TPM2_ENABLE) == TRUE
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+!endif
+
[LibraryClasses.common.PEIM]
ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf

!if $(TPM2_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif

[LibraryClasses.common.DXE_DRIVER]
@@ -248,6 +254,10 @@ [PcdsDynamicDefault.common]
# TPM2 support
#
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+!if $(TPM2_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+!endif

[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
@@ -278,6 +288,16 @@ [Components.common]
<LibraryClasses>
ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
}
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+ }
!endif

MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index f55918d26b06..b5e2253295fe 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -115,6 +115,8 @@ [FV.FVMAIN_COMPACT]

!if $(TPM2_ENABLE) == TRUE
INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
+ INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+ INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
!endif

FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
--
2.17.1


[PATCH v3 5/9] ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2 support

Ard Biesheuvel
 

As a first step in gradually adding TPM2 support to ArmVirtQemu, add
the TPM2_ENABLE configurable to the [Defines] section, and if it is
set, add the ResetSystem PEIM to the build, along with the library
class references that we will need to support it:
- wire ArmVirtPsciResetSystemPeiLib into the ResetSystem PEIM itself,
which will be in charge of performing the actual reset
- add PeiResetSystemLib as the common ResetSystemLib resolution for
PEIM class modules, so that other PEIMs will invoke the PPI
published by the ResetSystem PEIM.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
ArmVirtPkg/ArmVirtQemu.dsc | 14 ++++++++++++++
ArmVirtPkg/ArmVirtQemu.fdf | 4 ++++
2 files changed, 18 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7d05415d0f93..d1757cdba671 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -29,6 +29,7 @@ [Defines]
#
DEFINE TTY_TERMINAL = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE
+ DEFINE TPM2_ENABLE = FALSE

#
# Network definition
@@ -77,6 +78,10 @@ [LibraryClasses.common]
[LibraryClasses.common.PEIM]
ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf

+!if $(TPM2_ENABLE) == TRUE
+ ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf
+!endif
+
[LibraryClasses.common.DXE_DRIVER]
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf

@@ -100,6 +105,8 @@ [PcdsFeatureFlag.common]

gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE

+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
+
[PcdsFixedAtBuild.common]
!if $(ARCH) == AARCH64
gArmTokenSpaceGuid.PcdVFPEnabled|1
@@ -266,6 +273,13 @@ [Components.common]

MdeModulePkg/Universal/Variable/Pei/VariablePei.inf

+!if $(TPM2_ENABLE) == TRUE
+ MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf {
+ <LibraryClasses>
+ ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
+ }
+!endif
+
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 2c8936a1ae15..f55918d26b06 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -113,6 +113,10 @@ [FV.FVMAIN_COMPACT]
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf

+!if $(TPM2_ENABLE) == TRUE
+ INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
+!endif
+
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED = TRUE {
SECTION FV_IMAGE = FVMAIN
--
2.17.1


[PATCH v3 4/9] ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib

Ard Biesheuvel
 

Implement a ArmVirtPkg specific version of the PSCI ResetSystemLib that
is usable in the PEI phase, as the existing one relies on the FDT client
protocol, making it unsuitable.

Note that accessing the device tree passed by QEMU via its initial base
address is guaranteed to be safe at any time during the PEI phase, so we
can defer discovery of the PSCI method until the time the reset library
is actually invoked (which is rarely)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
---
ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c | 232 ++++++++++++++++++++
ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf | 39 ++++
2 files changed, 271 insertions(+)

diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c
new file mode 100644
index 000000000000..394a04e3c384
--- /dev/null
+++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c
@@ -0,0 +1,232 @@
+/** @file
+ Reset System lib using PSCI hypervisor or secure monitor calls
+
+ Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
+ Copyright (c) 2013, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.<BR>
+ Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <libfdt.h>
+#include <Library/ArmHvcLib.h>
+#include <Library/ArmSmcLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/ResetSystemLib.h>
+
+#include <IndustryStandard/ArmStdSmc.h>
+
+typedef enum {
+ PsciMethodUnknown,
+ PsciMethodSmc,
+ PsciMethodHvc,
+} PSCI_METHOD;
+
+STATIC
+PSCI_METHOD
+DiscoverPsciMethod (
+ VOID
+ )
+{
+ VOID *DeviceTreeBase;
+ INT32 Node, Prev;
+ INT32 Len;
+ CONST CHAR8 *Compatible;
+ CONST CHAR8 *CompatibleItem;
+ CONST VOID *Prop;
+
+ DeviceTreeBase = (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress);
+ ASSERT (fdt_check_header (DeviceTreeBase) == 0);
+
+ //
+ // Enumerate all FDT nodes looking for the PSCI node and capture the method
+ //
+ for (Prev = 0;; Prev = Node) {
+ Node = fdt_next_node (DeviceTreeBase, Prev, NULL);
+ if (Node < 0) {
+ break;
+ }
+
+ Compatible = fdt_getprop (DeviceTreeBase, Node, "compatible", &Len);
+ if (Compatible == NULL) {
+ continue;
+ }
+
+ //
+ // Iterate over the NULL-separated items in the compatible string
+ //
+ for (CompatibleItem = Compatible; CompatibleItem < Compatible + Len;
+ CompatibleItem += 1 + AsciiStrLen (CompatibleItem)) {
+
+ if (AsciiStrCmp (CompatibleItem, "arm,psci-0.2") != 0) {
+ continue;
+ }
+
+ Prop = fdt_getprop (DeviceTreeBase, Node, "method", NULL);
+ if (!Prop) {
+ DEBUG ((DEBUG_ERROR, "%a: Missing PSCI method property\n",
+ __FUNCTION__));
+ return PsciMethodUnknown;
+ }
+
+ if (AsciiStrnCmp (Prop, "hvc", 3) == 0) {
+ return PsciMethodHvc;
+ } else if (AsciiStrnCmp (Prop, "smc", 3) == 0) {
+ return PsciMethodSmc;
+ } else {
+ DEBUG ((DEBUG_ERROR, "%a: Unknown PSCI method \"%a\"\n", __FUNCTION__,
+ Prop));
+ return PsciMethodUnknown;
+ }
+ }
+ }
+ return PsciMethodUnknown;
+}
+
+STATIC
+VOID
+PerformPsciAction (
+ IN UINTN Arg0
+ )
+{
+ ARM_SMC_ARGS ArmSmcArgs;
+ ARM_HVC_ARGS ArmHvcArgs;
+
+ ArmSmcArgs.Arg0 = Arg0;
+ ArmHvcArgs.Arg0 = Arg0;
+
+ switch (DiscoverPsciMethod ()) {
+ case PsciMethodHvc:
+ ArmCallHvc (&ArmHvcArgs);
+ break;
+
+ case PsciMethodSmc:
+ ArmCallSmc (&ArmSmcArgs);
+ break;
+
+ default:
+ DEBUG ((DEBUG_ERROR, "%a: no PSCI method defined\n", __FUNCTION__));
+ ASSERT (FALSE);
+ }
+}
+
+/**
+ This function causes a system-wide reset (cold reset), in which
+ all circuitry within the system returns to its initial state. This type of reset
+ is asynchronous to system operation and operates without regard to
+ cycle boundaries.
+
+ If this function returns, it means that the system does not support cold reset.
+**/
+VOID
+EFIAPI
+ResetCold (
+ VOID
+ )
+{
+ // Send a PSCI 0.2 SYSTEM_RESET command
+ PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_RESET);
+}
+
+/**
+ This function causes a system-wide initialization (warm reset), in which all processors
+ are set to their initial state. Pending cycles are not corrupted.
+
+ If this function returns, it means that the system does not support warm reset.
+**/
+VOID
+EFIAPI
+ResetWarm (
+ VOID
+ )
+{
+ // Map a warm reset into a cold reset
+ ResetCold ();
+}
+
+/**
+ This function causes the system to enter a power state equivalent
+ to the ACPI G2/S5 or G3 states.
+
+ If this function returns, it means that the system does not support shutdown reset.
+**/
+VOID
+EFIAPI
+ResetShutdown (
+ VOID
+ )
+{
+ // Send a PSCI 0.2 SYSTEM_OFF command
+ PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_OFF);
+}
+
+/**
+ This function causes a systemwide reset. The exact type of the reset is
+ defined by the EFI_GUID that follows the Null-terminated Unicode string passed
+ into ResetData. If the platform does not recognize the EFI_GUID in ResetData
+ the platform must pick a supported reset type to perform.The platform may
+ optionally log the parameters from any non-normal reset that occurs.
+
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData The data buffer starts with a Null-terminated string,
+ followed by the EFI_GUID.
+**/
+VOID
+EFIAPI
+ResetPlatformSpecific (
+ IN UINTN DataSize,
+ IN VOID *ResetData
+ )
+{
+ // Map the platform specific reset as reboot
+ ResetCold ();
+}
+
+/**
+ The ResetSystem function resets the entire platform.
+
+ @param[in] ResetType The type of reset to perform.
+ @param[in] ResetStatus The status code for the reset.
+ @param[in] DataSize The size, in bytes, of ResetData.
+ @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or EfiResetShutdown
+ the data buffer starts with a Null-terminated string, optionally
+ followed by additional binary data. The string is a description
+ that the caller may use to further indicate the reason for the
+ system reset.
+**/
+VOID
+EFIAPI
+ResetSystem (
+ IN EFI_RESET_TYPE ResetType,
+ IN EFI_STATUS ResetStatus,
+ IN UINTN DataSize,
+ IN VOID *ResetData OPTIONAL
+ )
+{
+ switch (ResetType) {
+ case EfiResetWarm:
+ ResetWarm ();
+ break;
+
+ case EfiResetCold:
+ ResetCold ();
+ break;
+
+ case EfiResetShutdown:
+ ResetShutdown ();
+ return;
+
+ case EfiResetPlatformSpecific:
+ ResetPlatformSpecific (DataSize, ResetData);
+ return;
+
+ default:
+ return;
+ }
+}
diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
new file mode 100644
index 000000000000..3a65706e8dc6
--- /dev/null
+++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
@@ -0,0 +1,39 @@
+#/** @file
+# Reset System lib using PSCI hypervisor or secure monitor calls
+#
+# Copyright (c) 2008, Apple Inc. All rights reserved.<BR>
+# Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+#**/
+
+[Defines]
+ INF_VERSION = 1.27
+ BASE_NAME = ArmVirtPsciResetSystemPeiLib
+ FILE_GUID = 551cfb98-c185-41a3-86bf-8cdb7e2a530c
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = ResetSystemLib|PEIM
+
+[Sources]
+ ArmVirtPsciResetSystemPeiLib.c
+
+[Packages]
+ ArmPkg/ArmPkg.dec
+ ArmVirtPkg/ArmVirtPkg.dec
+ EmbeddedPkg/EmbeddedPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ ArmSmcLib
+ ArmHvcLib
+ BaseLib
+ DebugLib
+ FdtLib
+ HobLib
+
+[Pcd]
+ gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
--
2.17.1


[PATCH v3 3/9] ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT

Ard Biesheuvel
 

Introduce a boolean PCD that tells us whether TPM support is enabled
in the build, and if it is, record the TPM base address in the existing
routine that traverses the device tree in the platform PEIM.

If a TPM is found, install the gOvmfTpmDiscoveredPpiGuid signalling PPI
that will unlock the dispatch of OvmfPkg's Tcg2ConfigPei. If TPM2
support is enabled in the build but no TPM2 device is found, install the
gPeiTpmInitializationDonePpiGuid PPI, which is normally installed by
Tcg2ConfigPei if no TPM2 is found, but in our case Tcg2ConfigPei will
never run so let's do it here instead.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
ArmVirtPkg/ArmVirtPkg.dec | 6 ++
ArmVirtPkg/ArmVirtQemu.dsc | 5 +
ArmVirtPkg/ArmVirtQemuKernel.dsc | 6 ++
ArmVirtPkg/ArmVirtXen.dsc | 6 ++
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 101 ++++++++++++++++++--
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 19 +++-
6 files changed, 129 insertions(+), 14 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec
index a019cc269d10..08ddd68a863e 100644
--- a/ArmVirtPkg/ArmVirtPkg.dec
+++ b/ArmVirtPkg/ArmVirtPkg.dec
@@ -36,6 +36,12 @@ [Guids.common]
[Protocols]
gFdtClientProtocolGuid = { 0xE11FACA0, 0x4710, 0x4C8E, { 0xA7, 0xA2, 0x01, 0xBA, 0xA2, 0x59, 0x1B, 0x4C } }

+[PcdsFeatureFlag]
+ #
+ # Feature Flag PCD that defines whether TPM2 support is enabled
+ #
+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004
+
[PcdsFixedAtBuild, PcdsPatchableInModule]
#
# This is the physical address where the device tree is expected to be stored
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7ae6702ac1f0..7d05415d0f93 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -237,6 +237,11 @@ [PcdsDynamicDefault.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE

+ #
+ # TPM2 support
+ #
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS

diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 3b0f04967a4b..720f8fa78b3d 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -172,6 +172,12 @@ [PcdsFixedAtBuild.common]
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|3

[PcdsPatchableInModule.common]
+ # we need to provide a resolution for this PCD that supports PcdSet64()
+ # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c,
+ # even though that call will be compiled out on this platform as it does
+ # not (and cannot) support the TPM2 driver stack
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+
#
# This will be overridden in the code
#
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 1b42a9a81323..baa21f389947 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -95,6 +95,12 @@ [PcdsFixedAtBuild.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|TRUE

[PcdsPatchableInModule.common]
+ # we need to provide a resolution for this PCD that supports PcdSet64()
+ # being called from ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c,
+ # even though that call will be compiled out on this platform as it does
+ # not (and cannot) support the TPM2 driver stack
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
+
#
# This will be overridden in the code
#
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
index 0a1469550db0..8b5b3dd5dc1c 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
@@ -1,7 +1,7 @@
/** @file
*
* Copyright (c) 2011-2014, ARM Limited. All rights reserved.
-* Copyright (c) 2014, Linaro Limited. All rights reserved.
+* Copyright (c) 2014-2020, Linaro Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*
@@ -13,11 +13,24 @@
#include <Library/DebugLib.h>
#include <Library/HobLib.h>
#include <Library/PcdLib.h>
+#include <Library/PeiServicesLib.h>
#include <libfdt.h>

#include <Guid/EarlyPL011BaseAddress.h>
#include <Guid/FdtHob.h>

+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gOvmfTpmDiscoveredPpiGuid,
+ NULL
+};
+
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2InitializationDonePpi = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gPeiTpmInitializationDonePpiGuid,
+ NULL
+};
+
EFI_STATUS
EFIAPI
PlatformPeim (
@@ -31,14 +44,18 @@ PlatformPeim (
UINT64 *FdtHobData;
UINT64 *UartHobData;
INT32 Node, Prev;
+ INT32 Parent, Depth;
CONST CHAR8 *Compatible;
CONST CHAR8 *CompItem;
CONST CHAR8 *NodeStatus;
INT32 Len;
+ INT32 RangesLen;
INT32 StatusLen;
CONST UINT64 *RegProp;
+ CONST UINT32 *RangesProp;
UINT64 UartBase;
-
+ UINT64 TpmBase;
+ EFI_STATUS Status;

Base = (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress);
ASSERT (Base != NULL);
@@ -58,18 +75,18 @@ PlatformPeim (
ASSERT (UartHobData != NULL);
*UartHobData = 0;

- //
- // Look for a UART node
- //
- for (Prev = 0;; Prev = Node) {
- Node = fdt_next_node (Base, Prev, NULL);
+ TpmBase = 0;
+
+ for (Prev = Depth = 0;; Prev = Node) {
+ Node = fdt_next_node (Base, Prev, &Depth);
if (Node < 0) {
break;
}

- //
- // Check for UART node
- //
+ if (Depth == 1) {
+ Parent = Node;
+ }
+
Compatible = fdt_getprop (Base, Node, "compatible", &Len);

//
@@ -93,10 +110,74 @@ PlatformPeim (

*UartHobData = UartBase;
break;
+ } else if (FeaturePcdGet (PcdTpm2SupportEnabled) &&
+ AsciiStrCmp (CompItem, "tcg,tpm-tis-mmio") == 0) {
+
+ RegProp = fdt_getprop (Base, Node, "reg", &Len);
+ ASSERT (Len == 8 || Len == 16);
+ if (Len == 8) {
+ TpmBase = fdt32_to_cpu (RegProp[0]);
+ } else if (Len == 16) {
+ TpmBase = fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RegProp));
+ }
+
+ if (Depth > 1) {
+ //
+ // QEMU/mach-virt may put the TPM on the platform bus, in which case
+ // we have to take its 'ranges' property into account to translate the
+ // MMIO address. This consists of a <child base, parent base, size>
+ // tuple, where the child base and the size use the same number of
+ // cells as the 'reg' property above, and the parent base uses 2 cells
+ //
+ RangesProp = fdt_getprop (Base, Parent, "ranges", &RangesLen);
+ ASSERT (RangesProp != NULL);
+
+ //
+ // a plain 'ranges' attribute without a value implies a 1:1 mapping
+ //
+ if (RangesLen != 0) {
+ //
+ // assume a single translated range with 2 cells for the parent base
+ //
+ if (RangesLen != Len + 2 * sizeof (UINT32)) {
+ DEBUG ((DEBUG_WARN,
+ "%a: 'ranges' property has unexpected size %d\n",
+ __FUNCTION__, RangesLen));
+ break;
+ }
+
+ if (Len == 8) {
+ TpmBase -= fdt32_to_cpu (RangesProp[0]);
+ } else {
+ TpmBase -= fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp));
+ }
+
+ //
+ // advance RangesProp to the parent bus address
+ //
+ RangesProp = (UINT32 *)((UINT8 *)RangesProp + Len / 2);
+ TpmBase += fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesProp));
+ }
+ }
+ break;
}
}
}

+ if (FeaturePcdGet (PcdTpm2SupportEnabled)) {
+ if (TpmBase != 0) {
+ DEBUG ((DEBUG_INFO, "%a: TPM @ 0x%lx\n", __FUNCTION__, TpmBase));
+
+ Status = (EFI_STATUS)PcdSet64S (PcdTpmBaseAddress, TpmBase);
+ ASSERT_EFI_ERROR (Status);
+
+ Status = PeiServicesInstallPpi (&mTpm2DiscoveredPpi);
+ } else {
+ Status = PeiServicesInstallPpi (&mTpm2InitializationDonePpi);
+ }
+ ASSERT_EFI_ERROR (Status);
+ }
+
BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize));

return EFI_SUCCESS;
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
index 5428040f121d..3f97ef080520 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
@@ -1,7 +1,7 @@
#/** @file
#
# Copyright (c) 2011-2015, ARM Limited. All rights reserved.
-# Copyright (c) 2014, Linaro Limited. All rights reserved.
+# Copyright (c) 2014-2020, Linaro Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -11,7 +11,7 @@ [Defines]
INF_VERSION = 0x00010005
BASE_NAME = PlatformPeiLib
FILE_GUID = 59C11815-F8DA-4F49-B4FB-EC1E41ED1F06
- MODULE_TYPE = SEC
+ MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = PlatformPeiLib

@@ -21,15 +21,21 @@ [Sources]
[Packages]
ArmPkg/ArmPkg.dec
ArmVirtPkg/ArmVirtPkg.dec
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
EmbeddedPkg/EmbeddedPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[FeaturePcd]
+ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled

[LibraryClasses]
DebugLib
HobLib
FdtLib
PcdLib
+ PeiServicesLib

[FixedPcd]
gArmTokenSpaceGuid.PcdFvSize
@@ -38,6 +44,11 @@ [FixedPcd]
[Pcd]
gArmTokenSpaceGuid.PcdFvBaseAddress
gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRODUCES
+
+[Ppis]
+ gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRODUCES
+ gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES

[Guids]
gEarlyPL011BaseAddressGuid
--
2.17.1


[PATCH v3 2/9] ArmVirtPkg/PlatformPeiLib: make PcdLib dependency explicit in .INF

Ard Biesheuvel
 

We currently include PcdLib.h in PlatformPeiLib, without declaring
this dependency in its .INF description. Since all the PCDs we use
resolve to fixed type in practice, this does not really matter at
the moment, but since we will be adding dynamic PCD references in
a subsequent patch, let's make the PcdLib dependency explicit, so
that its dispatch is guaranteed to be ordered correctly with respect
to the provider of the dynamic PCD PPI.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 1 +
1 file changed, 1 insertion(+)

diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
index 46db117ac28e..5428040f121d 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
@@ -29,6 +29,7 @@ [LibraryClasses]
DebugLib
HobLib
FdtLib
+ PcdLib

[FixedPcd]
gArmTokenSpaceGuid.PcdFvSize
--
2.17.1


[PATCH v3 1/9] OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex on

Ard Biesheuvel
 

On ARM systems, the TPM does not live at a fixed address, and so we
need the platform to discover it first. So introduce a PPI that signals
that the TPM address has been discovered and recorded in the appropriate
PCD, and make Tcg2ConfigPei depex on it when built for ARM or AARCH64.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
OvmfPkg/OvmfPkg.dec | 5 +++++
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 6 +++++-
2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 4c5b6511cb97..30faecb7a5c8 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -87,6 +87,11 @@ [Guids]
gEfiLegacyBiosGuid = {0x2E3044AC, 0x879F, 0x490F, {0x97, 0x60, 0xBB, 0xDF, 0xAF, 0x69, 0x5F, 0x50}}
gEfiLegacyDevOrderVariableGuid = {0xa56074db, 0x65fe, 0x45f7, {0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}}

+[Ppis]
+ # PPI whose presence in the PPI database signals that the TPM base address
+ # has been discovered and recorded
+ gOvmfTpmDiscoveredPpiGuid = {0xb9a61ad0, 0x2802, 0x41f3, {0xb5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}}
+
[Protocols]
gVirtioDeviceProtocolGuid = {0xfa920010, 0x6785, 0x4941, {0xb6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}}
gXenBusProtocolGuid = {0x3d3ca290, 0xb9a5, 0x11e3, {0xb7, 0x5d, 0xb8, 0xac, 0x6f, 0x7d, 0x65, 0xe6}}
diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
index e34cd6210611..55684ba045b3 100644
--- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
@@ -25,6 +25,7 @@ [Sources]
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
SecurityPkg/SecurityPkg.dec

[LibraryClasses]
@@ -43,5 +44,8 @@ [Ppis]
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES

-[Depex]
+[Depex.IA32, Depex.X64]
TRUE
+
+[Depex.ARM, Depex.AARCH64]
+ gOvmfTpmDiscoveredPpiGuid
--
2.17.1