Date   

[PATCH 2/4] OvmfPkg/AmdSev: add Grub Firmware Volume Package

James Bottomley <jejb@...>
 

This is used to package up the grub bootloader into a firmware volume
where it can be executed as a shell like the UEFI Shell. Grub itself
is built as a minimal entity into a Fv and then added as a boot
option. By default the UEFI shell isn't built but for debugging
purposes it can be enabled and will then be presented as a boot option
(This should never be allowed for secure boot in an external data
centre but may be useful for local debugging). Finally all other boot
options except grub and possibly the shell are stripped and the boot
timeout forced to 0 so the system will not enter a setup menu and will
only boot to grub. This is done by copying the
Library/PlatformBootManagerLib into Library/PlatformBootManagerLibGrub
and then customizing it.

Boot failure is fatal to try to preven secret theft.

Signed-off-by: James Bottomley <jejb@linux.ibm.com>
---
OvmfPkg/OvmfPkg.dec | 1 +
OvmfPkg/AmdSev/AmdSevX64.dsc | 14 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 5 +-
OvmfPkg/AmdSev/Grub/Grub.inf | 37 +
.../PlatformBootManagerLibGrub.inf | 84 +
.../PlatformBootManagerLibGrub/BdsPlatform.h | 179 ++
.../PlatformBootManagerLibGrub/BdsPlatform.c | 1538 +++++++++++++++++
.../PlatformBootManagerLibGrub/PlatformData.c | 213 +++
OvmfPkg/AmdSev/Grub/.gitignore | 1 +
OvmfPkg/AmdSev/Grub/grub.cfg | 35 +
OvmfPkg/AmdSev/Grub/grub.sh | 54 +
11 files changed, 2157 insertions(+), 4 deletions(-)
create mode 100644 OvmfPkg/AmdSev/Grub/Grub.inf
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBoot=
ManagerLibGrub.inf
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformData=
.c
create mode 100644 OvmfPkg/AmdSev/Grub/.gitignore
create mode 100644 OvmfPkg/AmdSev/Grub/grub.cfg
create mode 100644 OvmfPkg/AmdSev/Grub/grub.sh

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6abde4fd93..3fbf7a0ee1 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -116,6 +116,7 @@
gEfiLegacyDevOrderVariableGuid =3D {0xa56074db, 0x65fe, 0x45f7, {=
0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}}=0D
gLinuxEfiInitrdMediaGuid =3D {0x5568e427, 0x68fc, 0x4f3d, {=
0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}=0D
gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {=
0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}=0D
+ gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {=
0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}=0D
=0D
[Ppis]=0D
# PPI whose presence in the PPI database signals that the TPM base addre=
ss=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index d1dfb8742f..7d3663150e 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -23,6 +23,7 @@
BUILD_TARGETS =3D NOOPT|DEBUG|RELEASE=0D
SKUID_IDENTIFIER =3D DEFAULT=0D
FLASH_DEFINITION =3D OvmfPkg/AmdSev/AmdSevX64.fdf=0D
+ PREBUILD =3D sh OvmfPkg/AmdSev/Grub/grub.sh=0D
=0D
#=0D
# Defines for default states. These can be changed on the command line.=
=0D
@@ -33,6 +34,7 @@
DEFINE SOURCE_DEBUG_ENABLE =3D FALSE=0D
DEFINE TPM_ENABLE =3D FALSE=0D
DEFINE TPM_CONFIG_ENABLE =3D FALSE=0D
+ DEFINE BUILD_SHELL =3D FALSE=0D
=0D
#=0D
# Network definition=0D
@@ -159,7 +161,6 @@
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry=
Point.inf=0D
UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA=
pplicationEntryPoint.inf=0D
DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDev=
icePathLibDevicePathProtocol.inf=0D
- NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf=0D
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf=0D
UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf=0D
SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeS=
ecurityManagementLib.inf=0D
@@ -213,8 +214,11 @@
TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf=0D
!endif=0D
=0D
+!if $(BUILD_SHELL) =3D=3D TRUE=0D
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf=0D
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.in=
f=0D
+!endif=0D
+=0D
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip=
tLib.inf=0D
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf=0D
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib=
/BaseOrderedCollectionRedBlackTreeLib.inf=0D
@@ -371,7 +375,7 @@
!else=0D
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
!endif=0D
- PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLib/PlatformBo=
otManagerLib.inf=0D
+ PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLibGrub/Platfo=
rmBootManagerLibGrub.inf=0D
PlatformBmPrintScLib|OvmfPkg/Library/PlatformBmPrintScLib/PlatformBmPrin=
tScLib.inf=0D
QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf=0D
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE=
xceptionHandlerLib.inf=0D
@@ -566,6 +570,7 @@
# Point to the MdeModulePkg/Application/UiApp/UiApp.inf=0D
gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c=
, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0=
x31 }=0D
=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand|TRUE=0D
##########################################################################=
######=0D
#=0D
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Pla=
tform=0D
@@ -895,7 +900,7 @@
OvmfPkg/Csm/Csm16/Csm16.inf=0D
!endif=0D
=0D
-!if $(TOOL_CHAIN_TAG) !=3D "XCODE5"=0D
+!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(BUILD_SHELL) =3D=3D TRUE=0D
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {=0D
<PcdsFixedAtBuild>=0D
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE=0D
@@ -909,6 +914,8 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE=0D
}=0D
!endif=0D
+ OvmfPkg/AmdSev/Grub/Grub.inf=0D
+!if $(BUILD_SHELL) =3D=3D TRUE=0D
ShellPkg/Application/Shell/Shell.inf {=0D
<LibraryClasses>=0D
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellComman=
dLib.inf=0D
@@ -931,6 +938,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE=0D
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000=0D
}=0D
+!endif=0D
=0D
!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE=0D
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx=
e.inf=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index e874629a4e..689386612d 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -275,12 +275,15 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResource=
TableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf=0D
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf=0D
=0D
-!if $(TOOL_CHAIN_TAG) !=3D "XCODE5"=0D
+!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(BUILD_SHELL) =3D=3D TRUE=0D
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf=0D
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf=0D
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand=
.inf=0D
!endif=0D
+INF OvmfPkg/AmdSev/Grub/Grub.inf=0D
+!if $(BUILD_SHELL) =3D=3D TRUE=0D
INF ShellPkg/Application/Shell/Shell.inf=0D
+!endif=0D
=0D
INF MdeModulePkg/Logo/LogoDxe.inf=0D
=0D
diff --git a/OvmfPkg/AmdSev/Grub/Grub.inf b/OvmfPkg/AmdSev/Grub/Grub.inf
new file mode 100644
index 0000000000..a12428668b
--- /dev/null
+++ b/OvmfPkg/AmdSev/Grub/Grub.inf
@@ -0,0 +1,37 @@
+## @file=0D
+# Create a Firmware Volume based Grub Bootloaded=0D
+#=0D
+# Copyright (C) 2020 James Bottomley, IBM Corporation.=0D
+#=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010006=0D
+ BASE_NAME =3D Grub=0D
+ # This is gGrubFileGuid=0D
+ FILE_GUID =3D b5ae312c-bc8a-43b1-9c62-ebb826dd5d07=
=0D
+ MODULE_TYPE =3D UEFI_APPLICATION=0D
+ VERSION_STRING =3D 1.0=0D
+ ENTRY_POINT =3D UefiMain=0D
+=0D
+[Packages]=0D
+ OvmfPkg/OvmfPkg.dec=0D
+=0D
+#=0D
+# The following information is for reference only and not required by=0D
+# the build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D
+#=0D
+=0D
+##=0D
+# Note: The version of grub.efi this picks up can be generated by=0D
+# grub.sh which must be specified as a PREBUILD in the .dsc file or=0D
+# you can simply move a precompiled grub into here and not do the=0D
+# PREBUILD)=0D
+##=0D
+[Binaries]=0D
+ PE32|grub.efi|*=0D
+=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManager=
LibGrub.inf b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManage=
rLibGrub.inf
new file mode 100644
index 0000000000..62707b0bdd
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub=
.inf
@@ -0,0 +1,84 @@
+## @file=0D
+# Platform BDS customizations library.=0D
+#=0D
+# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>=
=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+[Defines]=0D
+ INF_VERSION =3D 0x00010005=0D
+ BASE_NAME =3D PlatformBootManagerLibGrub=0D
+ FILE_GUID =3D 3a8f8431-f0c9-4c95-8a1d-04445c582d4e=
=0D
+ MODULE_TYPE =3D DXE_DRIVER=0D
+ VERSION_STRING =3D 1.0=0D
+ LIBRARY_CLASS =3D PlatformBootManagerLib|DXE_DRIVER=0D
+=0D
+#=0D
+# The following information is for reference only and not required by the =
build tools.=0D
+#=0D
+# VALID_ARCHITECTURES =3D IA32 X64 EBC=0D
+#=0D
+=0D
+[Sources]=0D
+ BdsPlatform.c=0D
+ PlatformData.c=0D
+ BdsPlatform.h=0D
+=0D
+[Packages]=0D
+ MdePkg/MdePkg.dec=0D
+ MdeModulePkg/MdeModulePkg.dec=0D
+ SourceLevelDebugPkg/SourceLevelDebugPkg.dec=0D
+ OvmfPkg/OvmfPkg.dec=0D
+ SecurityPkg/SecurityPkg.dec=0D
+ ShellPkg/ShellPkg.dec=0D
+=0D
+[LibraryClasses]=0D
+ BaseLib=0D
+ MemoryAllocationLib=0D
+ UefiBootServicesTableLib=0D
+ UefiRuntimeServicesTableLib=0D
+ BaseMemoryLib=0D
+ DebugLib=0D
+ PcdLib=0D
+ UefiBootManagerLib=0D
+ BootLogoLib=0D
+ DevicePathLib=0D
+ PciLib=0D
+ QemuFwCfgLib=0D
+ QemuFwCfgS3Lib=0D
+ QemuLoadImageLib=0D
+ QemuBootOrderLib=0D
+ ReportStatusCodeLib=0D
+ UefiLib=0D
+ PlatformBmPrintScLib=0D
+ Tcg2PhysicalPresenceLib=0D
+ XenPlatformLib=0D
+=0D
+[Pcd]=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId=0D
+ gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut=0D
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES=0D
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits ## CONSUMES=0D
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity ## CONSUMES=0D
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits ## CONSUMES=0D
+=0D
+[Pcd.IA32, Pcd.X64]=0D
+ gEfiMdePkgTokenSpaceGuid.PcdFSBClock=0D
+=0D
+[Protocols]=0D
+ gEfiDecompressProtocolGuid=0D
+ gEfiPciRootBridgeIoProtocolGuid=0D
+ gEfiS3SaveStateProtocolGuid # PROTOCOL SOMETIMES_CONSU=
MED=0D
+ gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL SOMETIMES_PRODU=
CED=0D
+ gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODU=
CED=0D
+ gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSU=
MED=0D
+=0D
+[Guids]=0D
+ gEfiEndOfDxeEventGroupGuid=0D
+ gEfiGlobalVariableGuid=0D
+ gRootBridgesConnectedEventGroupGuid=0D
+ gUefiShellFileGuid=0D
+ gGrubFileGuid=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h b/Ovm=
fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
new file mode 100644
index 0000000000..c6ccf9e52e
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
@@ -0,0 +1,179 @@
+/** @file=0D
+ Platform BDS customizations include file.=0D
+=0D
+ Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+Module Name:=0D
+=0D
+ BdsPlatform.h=0D
+=0D
+Abstract:=0D
+=0D
+ Head file for BDS Platform specific code=0D
+=0D
+**/=0D
+=0D
+#ifndef _PLATFORM_SPECIFIC_BDS_PLATFORM_H_=0D
+#define _PLATFORM_SPECIFIC_BDS_PLATFORM_H_=0D
+=0D
+=0D
+#include <PiDxe.h>=0D
+=0D
+#include <IndustryStandard/Pci.h>=0D
+#include <IndustryStandard/Acpi.h>=0D
+#include <IndustryStandard/SmBios.h>=0D
+#include <IndustryStandard/PeImage.h>=0D
+#include <IndustryStandard/Virtio095.h>=0D
+=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/BaseMemoryLib.h>=0D
+#include <Library/UefiBootServicesTableLib.h>=0D
+#include <Library/UefiRuntimeServicesTableLib.h>=0D
+#include <Library/MemoryAllocationLib.h>=0D
+#include <Library/BaseLib.h>=0D
+#include <Library/PcdLib.h>=0D
+#include <Library/PciLib.h>=0D
+#include <Library/UefiBootManagerLib.h>=0D
+#include <Library/BootLogoLib.h>=0D
+#include <Library/HobLib.h>=0D
+#include <Library/UefiLib.h>=0D
+#include <Library/DxeServicesTableLib.h>=0D
+#include <Library/DevicePathLib.h>=0D
+#include <Library/IoLib.h>=0D
+#include <Library/NvVarsFileLib.h>=0D
+#include <Library/QemuFwCfgLib.h>=0D
+#include <Library/QemuFwCfgS3Lib.h>=0D
+#include <Library/QemuBootOrderLib.h>=0D
+=0D
+#include <Protocol/Decompress.h>=0D
+#include <Protocol/PciIo.h>=0D
+#include <Protocol/FirmwareVolume2.h>=0D
+#include <Protocol/SimpleFileSystem.h>=0D
+#include <Protocol/PciRootBridgeIo.h>=0D
+#include <Protocol/S3SaveState.h>=0D
+#include <Protocol/DxeSmmReadyToLock.h>=0D
+#include <Protocol/LoadedImage.h>=0D
+=0D
+#include <Guid/Acpi.h>=0D
+#include <Guid/SmBios.h>=0D
+#include <Guid/HobList.h>=0D
+#include <Guid/GlobalVariable.h>=0D
+#include <Guid/EventGroup.h>=0D
+#include <Guid/DebugAgentGuid.h>=0D
+=0D
+#include <OvmfPlatforms.h>=0D
+=0D
+extern EFI_DEVICE_PATH_PROTOCOL *gPlatformConnectSequence[];=0D
+extern ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode;=0D
+extern ACPI_HID_DEVICE_PATH gPnp16550ComPortDeviceNode;=0D
+extern UART_DEVICE_PATH gUartDeviceNode;=0D
+extern VENDOR_DEVICE_PATH gTerminalTypeDeviceNode;=0D
+=0D
+#define PCI_DEVICE_PATH_NODE(Func, Dev) \=0D
+ { \=0D
+ { \=0D
+ HARDWARE_DEVICE_PATH, \=0D
+ HW_PCI_DP, \=0D
+ { \=0D
+ (UINT8) (sizeof (PCI_DEVICE_PATH)), \=0D
+ (UINT8) ((sizeof (PCI_DEVICE_PATH)) >> 8) \=0D
+ } \=0D
+ }, \=0D
+ (Func), \=0D
+ (Dev) \=0D
+ }=0D
+=0D
+#define PNPID_DEVICE_PATH_NODE(PnpId) \=0D
+ { \=0D
+ { \=0D
+ ACPI_DEVICE_PATH, \=0D
+ ACPI_DP, \=0D
+ { \=0D
+ (UINT8) (sizeof (ACPI_HID_DEVICE_PATH)), \=0D
+ (UINT8) ((sizeof (ACPI_HID_DEVICE_PATH)) >> 8) \=0D
+ }, \=0D
+ }, \=0D
+ EISA_PNP_ID((PnpId)), \=0D
+ 0 \=0D
+ }=0D
+=0D
+#define gPciIsaBridge \=0D
+ PCI_DEVICE_PATH_NODE(0, 0x1f)=0D
+=0D
+#define gP2PBridge \=0D
+ PCI_DEVICE_PATH_NODE(0, 0x1e)=0D
+=0D
+#define gPnpPs2Keyboard \=0D
+ PNPID_DEVICE_PATH_NODE(0x0303)=0D
+=0D
+#define gPnp16550ComPort \=0D
+ PNPID_DEVICE_PATH_NODE(0x0501)=0D
+=0D
+#define gUart \=0D
+ { \=0D
+ { \=0D
+ MESSAGING_DEVICE_PATH, \=0D
+ MSG_UART_DP, \=0D
+ { \=0D
+ (UINT8) (sizeof (UART_DEVICE_PATH)), \=0D
+ (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8) \=0D
+ } \=0D
+ }, \=0D
+ 0, \=0D
+ 115200, \=0D
+ 8, \=0D
+ 1, \=0D
+ 1 \=0D
+ }=0D
+=0D
+#define gPcAnsiTerminal \=0D
+ { \=0D
+ { \=0D
+ MESSAGING_DEVICE_PATH, \=0D
+ MSG_VENDOR_DP, \=0D
+ { \=0D
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)), \=0D
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) \=0D
+ } \=0D
+ }, \=0D
+ DEVICE_PATH_MESSAGING_PC_ANSI \=0D
+ }=0D
+=0D
+#define gEndEntire \=0D
+ { \=0D
+ END_DEVICE_PATH_TYPE, \=0D
+ END_ENTIRE_DEVICE_PATH_SUBTYPE, \=0D
+ { \=0D
+ END_DEVICE_PATH_LENGTH, \=0D
+ 0 \=0D
+ } \=0D
+ }=0D
+=0D
+#define PCI_CLASS_SCC 0x07=0D
+#define PCI_SUBCLASS_SERIAL 0x00=0D
+#define PCI_IF_16550 0x02=0D
+#define IS_PCI_16550SERIAL(_p) IS_CLASS3 (_p, PCI_CLASS_SCC, PCI=
_SUBCLASS_SERIAL, PCI_IF_16550)=0D
+#define IS_PCI_ISA_PDECODE(_p) IS_CLASS3 (_p, PCI_CLASS_BRIDGE, PCI=
_CLASS_BRIDGE_ISA_PDECODE, 0)=0D
+=0D
+typedef struct {=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;=0D
+ UINTN ConnectType;=0D
+} PLATFORM_CONSOLE_CONNECT_ENTRY;=0D
+=0D
+#define CONSOLE_OUT BIT0=0D
+#define CONSOLE_IN BIT1=0D
+#define STD_ERROR BIT2=0D
+extern PLATFORM_CONSOLE_CONNECT_ENTRY gPlatformConsole[];=0D
+extern PLATFORM_CONSOLE_CONNECT_ENTRY gXenPlatformConsole[];=0D
+=0D
+//=0D
+// Platform BDS Functions=0D
+//=0D
+=0D
+VOID=0D
+PlatformInitializeConsole (=0D
+ IN PLATFORM_CONSOLE_CONNECT_ENTRY *PlatformConsole=0D
+ );=0D
+=0D
+#endif // _PLATFORM_SPECIFIC_BDS_PLATFORM_H_=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/Ovm=
fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
new file mode 100644
index 0000000000..24c37068a2
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
@@ -0,0 +1,1538 @@
+/** @file=0D
+ Platform BDS customizations.=0D
+=0D
+ Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.<BR>=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include "BdsPlatform.h"=0D
+#include <Guid/RootBridgesConnectedEventGroup.h>=0D
+#include <Protocol/FirmwareVolume2.h>=0D
+#include <Library/PlatformBmPrintScLib.h>=0D
+#include <Library/Tcg2PhysicalPresenceLib.h>=0D
+#include <Library/XenPlatformLib.h>=0D
+=0D
+=0D
+//=0D
+// Global data=0D
+//=0D
+=0D
+VOID *mEfiDevPathNotifyReg;=0D
+EFI_EVENT mEfiDevPathEvent;=0D
+UINT16 mHostBridgeDevId;=0D
+=0D
+//=0D
+// Table of host IRQs matching PCI IRQs A-D=0D
+// (for configuring PCI Interrupt Line register)=0D
+//=0D
+CONST UINT8 PciHostIrqs[] =3D {=0D
+ 0x0a, 0x0a, 0x0b, 0x0b=0D
+};=0D
+=0D
+//=0D
+// Type definitions=0D
+//=0D
+=0D
+typedef=0D
+EFI_STATUS=0D
+(EFIAPI *PROTOCOL_INSTANCE_CALLBACK)(=0D
+ IN EFI_HANDLE Handle,=0D
+ IN VOID *Instance,=0D
+ IN VOID *Context=0D
+ );=0D
+=0D
+/**=0D
+ @param[in] Handle - Handle of PCI device instance=0D
+ @param[in] PciIo - PCI IO protocol instance=0D
+ @param[in] Pci - PCI Header register block=0D
+**/=0D
+typedef=0D
+EFI_STATUS=0D
+(EFIAPI *VISIT_PCI_INSTANCE_CALLBACK)(=0D
+ IN EFI_HANDLE Handle,=0D
+ IN EFI_PCI_IO_PROTOCOL *PciIo,=0D
+ IN PCI_TYPE00 *Pci=0D
+ );=0D
+=0D
+=0D
+//=0D
+// Function prototypes=0D
+//=0D
+=0D
+EFI_STATUS=0D
+VisitAllInstancesOfProtocol (=0D
+ IN EFI_GUID *Id,=0D
+ IN PROTOCOL_INSTANCE_CALLBACK CallBackFunction,=0D
+ IN VOID *Context=0D
+ );=0D
+=0D
+EFI_STATUS=0D
+VisitAllPciInstancesOfProtocol (=0D
+ IN VISIT_PCI_INSTANCE_CALLBACK CallBackFunction=0D
+ );=0D
+=0D
+VOID=0D
+InstallDevicePathCallback (=0D
+ VOID=0D
+ );=0D
+=0D
+VOID=0D
+PlatformRegisterFvBootOption (=0D
+ EFI_GUID *FileGuid,=0D
+ CHAR16 *Description,=0D
+ UINT32 Attributes=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ INTN OptionIndex;=0D
+ EFI_BOOT_MANAGER_LOAD_OPTION NewOption;=0D
+ EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions;=0D
+ UINTN BootOptionCount;=0D
+ MEDIA_FW_VOL_FILEPATH_DEVICE_PATH FileNode;=0D
+ EFI_LOADED_IMAGE_PROTOCOL *LoadedImage;=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;=0D
+=0D
+ Status =3D gBS->HandleProtocol (=0D
+ gImageHandle,=0D
+ &gEfiLoadedImageProtocolGuid,=0D
+ (VOID **) &LoadedImage=0D
+ );=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
+ EfiInitializeFwVolDevicepathNode (&FileNode, FileGuid);=0D
+ DevicePath =3D DevicePathFromHandle (LoadedImage->DeviceHandle);=0D
+ ASSERT (DevicePath !=3D NULL);=0D
+ DevicePath =3D AppendDevicePathNode (=0D
+ DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *) &FileNode=0D
+ );=0D
+ ASSERT (DevicePath !=3D NULL);=0D
+=0D
+ Status =3D EfiBootManagerInitializeLoadOption (=0D
+ &NewOption,=0D
+ LoadOptionNumberUnassigned,=0D
+ LoadOptionTypeBoot,=0D
+ Attributes,=0D
+ Description,=0D
+ DevicePath,=0D
+ NULL,=0D
+ 0=0D
+ );=0D
+ ASSERT_EFI_ERROR (Status);=0D
+ FreePool (DevicePath);=0D
+=0D
+ BootOptions =3D EfiBootManagerGetLoadOptions (=0D
+ &BootOptionCount, LoadOptionTypeBoot=0D
+ );=0D
+=0D
+ OptionIndex =3D EfiBootManagerFindLoadOption (=0D
+ &NewOption, BootOptions, BootOptionCount=0D
+ );=0D
+=0D
+ if (OptionIndex =3D=3D -1) {=0D
+ Status =3D EfiBootManagerAddLoadOptionVariable (&NewOption, MAX_UINTN)=
;=0D
+ ASSERT_EFI_ERROR (Status);=0D
+ }=0D
+ EfiBootManagerFreeLoadOption (&NewOption);=0D
+ EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount);=0D
+}=0D
+=0D
+/**=0D
+ Remove all MemoryMapped(...)/FvFile(...) and Fv(...)/FvFile(...) boot op=
tions=0D
+ whose device paths do not resolve exactly to an FvFile in the system.=0D
+=0D
+ Also strip out every boot option that is not an FvFile, meaning the syst=
em=0D
+ can only boot either the Grub or (if built) the shell.=0D
+=0D
+ This removes any boot options that point to binaries built into the firm=
ware=0D
+ and have become stale due to any of the following:=0D
+ - DXEFV's base address or size changed (historical),=0D
+ - DXEFV's FvNameGuid changed,=0D
+ - the FILE_GUID of the pointed-to binary changed,=0D
+ - the referenced binary is no longer built into the firmware.=0D
+=0D
+ EfiBootManagerFindLoadOption() used in PlatformRegisterFvBootOption() on=
ly=0D
+ avoids exact duplicates.=0D
+**/=0D
+VOID=0D
+RemoveStaleFvFileOptions (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_BOOT_MANAGER_LOAD_OPTION *BootOptions;=0D
+ UINTN BootOptionCount;=0D
+ UINTN Index;=0D
+=0D
+ BootOptions =3D EfiBootManagerGetLoadOptions (&BootOptionCount,=0D
+ LoadOptionTypeBoot);=0D
+=0D
+ for (Index =3D 0; Index < BootOptionCount; ++Index) {=0D
+ EFI_DEVICE_PATH_PROTOCOL *Node1, *Node2, *SearchNode;=0D
+ EFI_STATUS Status;=0D
+ EFI_HANDLE FvHandle;=0D
+=0D
+ //=0D
+ // If the device path starts with neither MemoryMapped(...) nor Fv(...=
),=0D
+ // then delete the boot option.=0D
+ //=0D
+ Node1 =3D BootOptions[Index].FilePath;=0D
+ if (!(DevicePathType (Node1) =3D=3D HARDWARE_DEVICE_PATH &&=0D
+ DevicePathSubType (Node1) =3D=3D HW_MEMMAP_DP) &&=0D
+ !(DevicePathType (Node1) =3D=3D MEDIA_DEVICE_PATH &&=0D
+ DevicePathSubType (Node1) =3D=3D MEDIA_PIWG_FW_VOL_DP)) {=0D
+ EfiBootManagerDeleteLoadOptionVariable (=0D
+ BootOptions[Index].OptionNumber, LoadOptionTypeBoot);=0D
+ continue;=0D
+ }=0D
+=0D
+ //=0D
+ // If the second device path node is not FvFile(...), then delete the =
boot=0D
+ // option.=0D
+ //=0D
+ Node2 =3D NextDevicePathNode (Node1);=0D
+ if (DevicePathType (Node2) !=3D MEDIA_DEVICE_PATH ||=0D
+ DevicePathSubType (Node2) !=3D MEDIA_PIWG_FW_FILE_DP) {=0D
+ EfiBootManagerDeleteLoadOptionVariable (=0D
+ BootOptions[Index].OptionNumber, LoadOptionTypeBoot);=0D
+ continue;=0D
+ }=0D
+=0D
+ //=0D
+ // Locate the Firmware Volume2 protocol instance that is denoted by th=
e=0D
+ // boot option. If this lookup fails (i.e., the boot option references=
a=0D
+ // firmware volume that doesn't exist), then we'll proceed to delete t=
he=0D
+ // boot option.=0D
+ //=0D
+ SearchNode =3D Node1;=0D
+ Status =3D gBS->LocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid,=0D
+ &SearchNode, &FvHandle);=0D
+=0D
+ if (!EFI_ERROR (Status)) {=0D
+ //=0D
+ // The firmware volume was found; now let's see if it contains the F=
vFile=0D
+ // identified by GUID.=0D
+ //=0D
+ EFI_FIRMWARE_VOLUME2_PROTOCOL *FvProtocol;=0D
+ MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *FvFileNode;=0D
+ UINTN BufferSize;=0D
+ EFI_FV_FILETYPE FoundType;=0D
+ EFI_FV_FILE_ATTRIBUTES FileAttributes;=0D
+ UINT32 AuthenticationStatus;=0D
+=0D
+ Status =3D gBS->HandleProtocol (FvHandle, &gEfiFirmwareVolume2Protoc=
olGuid,=0D
+ (VOID **)&FvProtocol);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
+ FvFileNode =3D (MEDIA_FW_VOL_FILEPATH_DEVICE_PATH *)Node2;=0D
+ //=0D
+ // Buffer=3D=3DNULL means we request metadata only: BufferSize, Foun=
dType,=0D
+ // FileAttributes.=0D
+ //=0D
+ Status =3D FvProtocol->ReadFile (=0D
+ FvProtocol,=0D
+ &FvFileNode->FvFileName, // NameGuid=0D
+ NULL, // Buffer=0D
+ &BufferSize,=0D
+ &FoundType,=0D
+ &FileAttributes,=0D
+ &AuthenticationStatus=0D
+ );=0D
+ if (!EFI_ERROR (Status)) {=0D
+ //=0D
+ // The FvFile was found. Keep the boot option.=0D
+ //=0D
+ continue;=0D
+ }=0D
+ }=0D
+=0D
+ //=0D
+ // Delete the boot option.=0D
+ //=0D
+ Status =3D EfiBootManagerDeleteLoadOptionVariable (=0D
+ BootOptions[Index].OptionNumber, LoadOptionTypeBoot);=0D
+ DEBUG_CODE (=0D
+ CHAR16 *DevicePathString;=0D
+=0D
+ DevicePathString =3D ConvertDevicePathToText(BootOptions[Index].File=
Path,=0D
+ FALSE, FALSE);=0D
+ DEBUG ((=0D
+ EFI_ERROR (Status) ? DEBUG_WARN : DEBUG_VERBOSE,=0D
+ "%a: removing stale Boot#%04x %s: %r\n",=0D
+ __FUNCTION__,=0D
+ (UINT32)BootOptions[Index].OptionNumber,=0D
+ DevicePathString =3D=3D NULL ? L"<unavailable>" : DevicePathString=
,=0D
+ Status=0D
+ ));=0D
+ if (DevicePathString !=3D NULL) {=0D
+ FreePool (DevicePathString);=0D
+ }=0D
+ );=0D
+ }=0D
+=0D
+ EfiBootManagerFreeLoadOptions (BootOptions, BootOptionCount);=0D
+}=0D
+=0D
+EFI_STATUS=0D
+EFIAPI=0D
+ConnectRootBridge (=0D
+ IN EFI_HANDLE RootBridgeHandle,=0D
+ IN VOID *Instance,=0D
+ IN VOID *Context=0D
+ );=0D
+=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+ConnectVirtioPciRng (=0D
+ IN EFI_HANDLE Handle,=0D
+ IN VOID *Instance,=0D
+ IN VOID *Context=0D
+ );=0D
+=0D
+STATIC=0D
+VOID=0D
+SaveS3BootScript (=0D
+ VOID=0D
+ );=0D
+=0D
+//=0D
+// BDS Platform Functions=0D
+//=0D
+/**=0D
+ Do the platform init, can be customized by OEM/IBV=0D
+=0D
+ Possible things that can be done in PlatformBootManagerBeforeConsole:=0D
+=0D
+ > Update console variable: 1. include hot-plug devices;=0D
+ > 2. Clear ConIn and add SOL for AMT=0D
+ > Register new Driver#### or Boot####=0D
+ > Register new Key####: e.g.: F12=0D
+ > Signal ReadyToLock event=0D
+ > Authentication action: 1. connect Auth devices;=0D
+ > 2. Identify auto logon user.=0D
+**/=0D
+VOID=0D
+EFIAPI=0D
+PlatformBootManagerBeforeConsole (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_HANDLE Handle;=0D
+ EFI_STATUS Status;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "PlatformBootManagerBeforeConsole\n"));=0D
+ InstallDevicePathCallback ();=0D
+=0D
+ VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid,=0D
+ ConnectRootBridge, NULL);=0D
+=0D
+ //=0D
+ // Signal the ACPI platform driver that it can download QEMU ACPI tables=
.=0D
+ //=0D
+ EfiEventGroupSignal (&gRootBridgesConnectedEventGroupGuid);=0D
+=0D
+ //=0D
+ // We can't signal End-of-Dxe earlier than this. Namely, End-of-Dxe trig=
gers=0D
+ // the preparation of S3 system information. That logic has a hard depen=
dency=0D
+ // on the presence of the FACS ACPI table. Since our ACPI tables are onl=
y=0D
+ // installed after PCI enumeration completes, we must not trigger the S3=
save=0D
+ // earlier, hence we can't signal End-of-Dxe earlier.=0D
+ //=0D
+ EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);=0D
+=0D
+ if (QemuFwCfgS3Enabled ()) {=0D
+ //=0D
+ // Save the boot script too. Note that this will require us to emit th=
e=0D
+ // DxeSmmReadyToLock event just below, which in turn locks down SMM.=0D
+ //=0D
+ SaveS3BootScript ();=0D
+ }=0D
+=0D
+ //=0D
+ // Prevent further changes to LockBoxes or SMRAM.=0D
+ //=0D
+ Handle =3D NULL;=0D
+ Status =3D gBS->InstallProtocolInterface (&Handle,=0D
+ &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE=
,=0D
+ NULL);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Dispatch deferred images after EndOfDxe event and ReadyToLock=0D
+ // installation.=0D
+ //=0D
+ EfiBootManagerDispatchDeferredImages ();=0D
+=0D
+ PlatformInitializeConsole (=0D
+ XenDetected() ? gXenPlatformConsole : gPlatformConsole);=0D
+=0D
+ //=0D
+ // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL=
=0D
+ // instances on Virtio PCI RNG devices.=0D
+ //=0D
+ VisitAllInstancesOfProtocol (&gEfiPciIoProtocolGuid, ConnectVirtioPciRng=
,=0D
+ NULL);=0D
+}=0D
+=0D
+=0D
+EFI_STATUS=0D
+EFIAPI=0D
+ConnectRootBridge (=0D
+ IN EFI_HANDLE RootBridgeHandle,=0D
+ IN VOID *Instance,=0D
+ IN VOID *Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ //=0D
+ // Make the PCI bus driver connect the root bridge, non-recursively. Thi=
s=0D
+ // will produce a number of child handles with PciIo on them.=0D
+ //=0D
+ Status =3D gBS->ConnectController (=0D
+ RootBridgeHandle, // ControllerHandle=0D
+ NULL, // DriverImageHandle=0D
+ NULL, // RemainingDevicePath -- produce all=
=0D
+ // children=0D
+ FALSE // Recursive=0D
+ );=0D
+ return Status;=0D
+}=0D
+=0D
+=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+ConnectVirtioPciRng (=0D
+ IN EFI_HANDLE Handle,=0D
+ IN VOID *Instance,=0D
+ IN VOID *Context=0D
+ )=0D
+{=0D
+ EFI_PCI_IO_PROTOCOL *PciIo;=0D
+ EFI_STATUS Status;=0D
+ UINT16 VendorId;=0D
+ UINT16 DeviceId;=0D
+ UINT8 RevisionId;=0D
+ BOOLEAN Virtio10;=0D
+ UINT16 SubsystemId;=0D
+=0D
+ PciIo =3D Instance;=0D
+=0D
+ //=0D
+ // Read and check VendorId.=0D
+ //=0D
+ Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OF=
FSET,=0D
+ 1, &VendorId);=0D
+ if (EFI_ERROR (Status)) {=0D
+ goto Error;=0D
+ }=0D
+ if (VendorId !=3D VIRTIO_VENDOR_ID) {=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+=0D
+ //=0D
+ // Read DeviceId and RevisionId.=0D
+ //=0D
+ Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OF=
FSET,=0D
+ 1, &DeviceId);=0D
+ if (EFI_ERROR (Status)) {=0D
+ goto Error;=0D
+ }=0D
+ Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, PCI_REVISION_ID_O=
FFSET,=0D
+ 1, &RevisionId);=0D
+ if (EFI_ERROR (Status)) {=0D
+ goto Error;=0D
+ }=0D
+=0D
+ //=0D
+ // From DeviceId and RevisionId, determine whether the device is a=0D
+ // modern-only Virtio 1.0 device. In case of Virtio 1.0, DeviceId can=0D
+ // immediately be restricted to VIRTIO_SUBSYSTEM_ENTROPY_SOURCE, and=0D
+ // SubsystemId will only play a sanity-check role. Otherwise, DeviceId c=
an=0D
+ // only be sanity-checked, and SubsystemId will decide.=0D
+ //=0D
+ if (DeviceId =3D=3D 0x1040 + VIRTIO_SUBSYSTEM_ENTROPY_SOURCE &&=0D
+ RevisionId >=3D 0x01) {=0D
+ Virtio10 =3D TRUE;=0D
+ } else if (DeviceId >=3D 0x1000 && DeviceId <=3D 0x103F && RevisionId =
=3D=3D 0x00) {=0D
+ Virtio10 =3D FALSE;=0D
+ } else {=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+=0D
+ //=0D
+ // Read and check SubsystemId as dictated by Virtio10.=0D
+ //=0D
+ Status =3D PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16,=0D
+ PCI_SUBSYSTEM_ID_OFFSET, 1, &SubsystemId);=0D
+ if (EFI_ERROR (Status)) {=0D
+ goto Error;=0D
+ }=0D
+ if ((Virtio10 && SubsystemId >=3D 0x40) ||=0D
+ (!Virtio10 && SubsystemId =3D=3D VIRTIO_SUBSYSTEM_ENTROPY_SOURCE)) {=
=0D
+ Status =3D gBS->ConnectController (=0D
+ Handle, // ControllerHandle=0D
+ NULL, // DriverImageHandle -- connect all drivers=0D
+ NULL, // RemainingDevicePath -- produce all child ha=
ndles=0D
+ FALSE // Recursive -- don't follow child handles=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ goto Error;=0D
+ }=0D
+ }=0D
+ return EFI_SUCCESS;=0D
+=0D
+Error:=0D
+ DEBUG ((DEBUG_ERROR, "%a: %r\n", __FUNCTION__, Status));=0D
+ return Status;=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut.=0D
+=0D
+ @param[in] DeviceHandle Handle of the LPC Bridge device.=0D
+=0D
+ @retval EFI_SUCCESS Console devices on the LPC bridge have been added t=
o=0D
+ ConOut, ConIn, and ErrOut.=0D
+=0D
+ @return Error codes, due to EFI_DEVICE_PATH_PROTOCOL missin=
g=0D
+ from DeviceHandle.=0D
+**/=0D
+EFI_STATUS=0D
+PrepareLpcBridgeDevicePath (=0D
+ IN EFI_HANDLE DeviceHandle=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;=0D
+ EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;=0D
+ CHAR16 *DevPathStr;=0D
+=0D
+ DevicePath =3D NULL;=0D
+ Status =3D gBS->HandleProtocol (=0D
+ DeviceHandle,=0D
+ &gEfiDevicePathProtocolGuid,=0D
+ (VOID*)&DevicePath=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+ TempDevicePath =3D DevicePath;=0D
+=0D
+ //=0D
+ // Register Keyboard=0D
+ //=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gPnpPs2KeyboardDeviceNode);=
=0D
+=0D
+ EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL);=0D
+=0D
+ //=0D
+ // Register COM1=0D
+ //=0D
+ DevicePath =3D TempDevicePath;=0D
+ gPnp16550ComPortDeviceNode.UID =3D 0;=0D
+=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gPnp16550ComPortDeviceNode);=
=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode);=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode);=0D
+=0D
+ //=0D
+ // Print Device Path=0D
+ //=0D
+ DevPathStr =3D ConvertDevicePathToText (DevicePath, FALSE, FALSE);=0D
+ if (DevPathStr !=3D NULL) {=0D
+ DEBUG((=0D
+ DEBUG_INFO,=0D
+ "BdsPlatform.c+%d: COM%d DevPath: %s\n",=0D
+ __LINE__,=0D
+ gPnp16550ComPortDeviceNode.UID + 1,=0D
+ DevPathStr=0D
+ ));=0D
+ FreePool(DevPathStr);=0D
+ }=0D
+=0D
+ EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL);=0D
+ EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL);=0D
+ EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL);=0D
+=0D
+ //=0D
+ // Register COM2=0D
+ //=0D
+ DevicePath =3D TempDevicePath;=0D
+ gPnp16550ComPortDeviceNode.UID =3D 1;=0D
+=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gPnp16550ComPortDeviceNode);=
=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode);=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode);=0D
+=0D
+ //=0D
+ // Print Device Path=0D
+ //=0D
+ DevPathStr =3D ConvertDevicePathToText (DevicePath, FALSE, FALSE);=0D
+ if (DevPathStr !=3D NULL) {=0D
+ DEBUG((=0D
+ DEBUG_INFO,=0D
+ "BdsPlatform.c+%d: COM%d DevPath: %s\n",=0D
+ __LINE__,=0D
+ gPnp16550ComPortDeviceNode.UID + 1,=0D
+ DevPathStr=0D
+ ));=0D
+ FreePool(DevPathStr);=0D
+ }=0D
+=0D
+ EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL);=0D
+ EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL);=0D
+ EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL);=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+EFI_STATUS=0D
+GetGopDevicePath (=0D
+ IN EFI_DEVICE_PATH_PROTOCOL *PciDevicePath,=0D
+ OUT EFI_DEVICE_PATH_PROTOCOL **GopDevicePath=0D
+ )=0D
+{=0D
+ UINTN Index;=0D
+ EFI_STATUS Status;=0D
+ EFI_HANDLE PciDeviceHandle;=0D
+ EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;=0D
+ EFI_DEVICE_PATH_PROTOCOL *TempPciDevicePath;=0D
+ UINTN GopHandleCount;=0D
+ EFI_HANDLE *GopHandleBuffer;=0D
+=0D
+ if (PciDevicePath =3D=3D NULL || GopDevicePath =3D=3D NULL) {=0D
+ return EFI_INVALID_PARAMETER;=0D
+ }=0D
+=0D
+ //=0D
+ // Initialize the GopDevicePath to be PciDevicePath=0D
+ //=0D
+ *GopDevicePath =3D PciDevicePath;=0D
+ TempPciDevicePath =3D PciDevicePath;=0D
+=0D
+ Status =3D gBS->LocateDevicePath (=0D
+ &gEfiDevicePathProtocolGuid,=0D
+ &TempPciDevicePath,=0D
+ &PciDeviceHandle=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ //=0D
+ // Try to connect this handle, so that GOP driver could start on this=0D
+ // device and create child handles with GraphicsOutput Protocol installe=
d=0D
+ // on them, then we get device paths of these child handles and select=0D
+ // them as possible console device.=0D
+ //=0D
+ gBS->ConnectController (PciDeviceHandle, NULL, NULL, FALSE);=0D
+=0D
+ Status =3D gBS->LocateHandleBuffer (=0D
+ ByProtocol,=0D
+ &gEfiGraphicsOutputProtocolGuid,=0D
+ NULL,=0D
+ &GopHandleCount,=0D
+ &GopHandleBuffer=0D
+ );=0D
+ if (!EFI_ERROR (Status)) {=0D
+ //=0D
+ // Add all the child handles as possible Console Device=0D
+ //=0D
+ for (Index =3D 0; Index < GopHandleCount; Index++) {=0D
+ Status =3D gBS->HandleProtocol (GopHandleBuffer[Index],=0D
+ &gEfiDevicePathProtocolGuid, (VOID*)&TempDevicePath)=
;=0D
+ if (EFI_ERROR (Status)) {=0D
+ continue;=0D
+ }=0D
+ if (CompareMem (=0D
+ PciDevicePath,=0D
+ TempDevicePath,=0D
+ GetDevicePathSize (PciDevicePath) - END_DEVICE_PATH_LENGTH=0D
+ ) =3D=3D 0) {=0D
+ //=0D
+ // In current implementation, we only enable one of the child hand=
les=0D
+ // as console device, i.e. sotre one of the child handle's device=
=0D
+ // path to variable "ConOut"=0D
+ // In future, we could select all child handles to be console devi=
ce=0D
+ //=0D
+=0D
+ *GopDevicePath =3D TempDevicePath;=0D
+=0D
+ //=0D
+ // Delete the PCI device's path that added by=0D
+ // GetPlugInPciVgaDevicePath(). Add the integrity GOP device path.=
=0D
+ //=0D
+ EfiBootManagerUpdateConsoleVariable (ConOutDev, NULL, PciDevicePat=
h);=0D
+ EfiBootManagerUpdateConsoleVariable (ConOutDev, TempDevicePath, NU=
LL);=0D
+ }=0D
+ }=0D
+ gBS->FreePool (GopHandleBuffer);=0D
+ }=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+/**=0D
+ Add PCI display to ConOut.=0D
+=0D
+ @param[in] DeviceHandle Handle of the PCI display device.=0D
+=0D
+ @retval EFI_SUCCESS The PCI display device has been added to ConOut.=0D
+=0D
+ @return Error codes, due to EFI_DEVICE_PATH_PROTOCOL missin=
g=0D
+ from DeviceHandle.=0D
+**/=0D
+EFI_STATUS=0D
+PreparePciDisplayDevicePath (=0D
+ IN EFI_HANDLE DeviceHandle=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;=0D
+ EFI_DEVICE_PATH_PROTOCOL *GopDevicePath;=0D
+=0D
+ DevicePath =3D NULL;=0D
+ GopDevicePath =3D NULL;=0D
+ Status =3D gBS->HandleProtocol (=0D
+ DeviceHandle,=0D
+ &gEfiDevicePathProtocolGuid,=0D
+ (VOID*)&DevicePath=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ GetGopDevicePath (DevicePath, &GopDevicePath);=0D
+ DevicePath =3D GopDevicePath;=0D
+=0D
+ EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL);=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+/**=0D
+ Add PCI Serial to ConOut, ConIn, ErrOut.=0D
+=0D
+ @param[in] DeviceHandle Handle of the PCI serial device.=0D
+=0D
+ @retval EFI_SUCCESS The PCI serial device has been added to ConOut, Con=
In,=0D
+ ErrOut.=0D
+=0D
+ @return Error codes, due to EFI_DEVICE_PATH_PROTOCOL missin=
g=0D
+ from DeviceHandle.=0D
+**/=0D
+EFI_STATUS=0D
+PreparePciSerialDevicePath (=0D
+ IN EFI_HANDLE DeviceHandle=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;=0D
+=0D
+ DevicePath =3D NULL;=0D
+ Status =3D gBS->HandleProtocol (=0D
+ DeviceHandle,=0D
+ &gEfiDevicePathProtocolGuid,=0D
+ (VOID*)&DevicePath=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gUartDeviceNode);=0D
+ DevicePath =3D AppendDevicePathNode (DevicePath,=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gTerminalTypeDeviceNode);=0D
+=0D
+ EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL);=0D
+ EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL);=0D
+ EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL);=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+EFI_STATUS=0D
+VisitAllInstancesOfProtocol (=0D
+ IN EFI_GUID *Id,=0D
+ IN PROTOCOL_INSTANCE_CALLBACK CallBackFunction,=0D
+ IN VOID *Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ UINTN HandleCount;=0D
+ EFI_HANDLE *HandleBuffer;=0D
+ UINTN Index;=0D
+ VOID *Instance;=0D
+=0D
+ //=0D
+ // Start to check all the PciIo to find all possible device=0D
+ //=0D
+ HandleCount =3D 0;=0D
+ HandleBuffer =3D NULL;=0D
+ Status =3D gBS->LocateHandleBuffer (=0D
+ ByProtocol,=0D
+ Id,=0D
+ NULL,=0D
+ &HandleCount,=0D
+ &HandleBuffer=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ for (Index =3D 0; Index < HandleCount; Index++) {=0D
+ Status =3D gBS->HandleProtocol (HandleBuffer[Index], Id, &Instance);=0D
+ if (EFI_ERROR (Status)) {=0D
+ continue;=0D
+ }=0D
+=0D
+ Status =3D (*CallBackFunction) (=0D
+ HandleBuffer[Index],=0D
+ Instance,=0D
+ Context=0D
+ );=0D
+ }=0D
+=0D
+ gBS->FreePool (HandleBuffer);=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+=0D
+EFI_STATUS=0D
+EFIAPI=0D
+VisitingAPciInstance (=0D
+ IN EFI_HANDLE Handle,=0D
+ IN VOID *Instance,=0D
+ IN VOID *Context=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_PCI_IO_PROTOCOL *PciIo;=0D
+ PCI_TYPE00 Pci;=0D
+=0D
+ PciIo =3D (EFI_PCI_IO_PROTOCOL*) Instance;=0D
+=0D
+ //=0D
+ // Check for all PCI device=0D
+ //=0D
+ Status =3D PciIo->Pci.Read (=0D
+ PciIo,=0D
+ EfiPciIoWidthUint32,=0D
+ 0,=0D
+ sizeof (Pci) / sizeof (UINT32),=0D
+ &Pci=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ return (*(VISIT_PCI_INSTANCE_CALLBACK)(UINTN) Context) (=0D
+ Handle,=0D
+ PciIo,=0D
+ &Pci=0D
+ );=0D
+=0D
+}=0D
+=0D
+=0D
+=0D
+EFI_STATUS=0D
+VisitAllPciInstances (=0D
+ IN VISIT_PCI_INSTANCE_CALLBACK CallBackFunction=0D
+ )=0D
+{=0D
+ return VisitAllInstancesOfProtocol (=0D
+ &gEfiPciIoProtocolGuid,=0D
+ VisitingAPciInstance,=0D
+ (VOID*)(UINTN) CallBackFunction=0D
+ );=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Do platform specific PCI Device check and add them to=0D
+ ConOut, ConIn, ErrOut.=0D
+=0D
+ @param[in] Handle - Handle of PCI device instance=0D
+ @param[in] PciIo - PCI IO protocol instance=0D
+ @param[in] Pci - PCI Header register block=0D
+=0D
+ @retval EFI_SUCCESS - PCI Device check and Console variable update=0D
+ successfully.=0D
+ @retval EFI_STATUS - PCI Device check or Console variable update fail.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+DetectAndPreparePlatformPciDevicePath (=0D
+ IN EFI_HANDLE Handle,=0D
+ IN EFI_PCI_IO_PROTOCOL *PciIo,=0D
+ IN PCI_TYPE00 *Pci=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+=0D
+ Status =3D PciIo->Attributes (=0D
+ PciIo,=0D
+ EfiPciIoAttributeOperationEnable,=0D
+ EFI_PCI_DEVICE_ENABLE,=0D
+ NULL=0D
+ );=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Here we decide whether it is LPC Bridge=0D
+ //=0D
+ if ((IS_PCI_LPC (Pci)) ||=0D
+ ((IS_PCI_ISA_PDECODE (Pci)) &&=0D
+ (Pci->Hdr.VendorId =3D=3D 0x8086) &&=0D
+ (Pci->Hdr.DeviceId =3D=3D 0x7000)=0D
+ )=0D
+ ) {=0D
+ //=0D
+ // Add IsaKeyboard to ConIn,=0D
+ // add IsaSerial to ConOut, ConIn, ErrOut=0D
+ //=0D
+ DEBUG ((DEBUG_INFO, "Found LPC Bridge device\n"));=0D
+ PrepareLpcBridgeDevicePath (Handle);=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+ //=0D
+ // Here we decide which Serial device to enable in PCI bus=0D
+ //=0D
+ if (IS_PCI_16550SERIAL (Pci)) {=0D
+ //=0D
+ // Add them to ConOut, ConIn, ErrOut.=0D
+ //=0D
+ DEBUG ((DEBUG_INFO, "Found PCI 16550 SERIAL device\n"));=0D
+ PreparePciSerialDevicePath (Handle);=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+=0D
+ //=0D
+ // Here we decide which display device to enable in PCI bus=0D
+ //=0D
+ if (IS_PCI_DISPLAY (Pci)) {=0D
+ //=0D
+ // Add them to ConOut.=0D
+ //=0D
+ DEBUG ((DEBUG_INFO, "Found PCI display device\n"));=0D
+ PreparePciDisplayDevicePath (Handle);=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Connect the predefined platform default console device.=0D
+=0D
+ Always try to find and enable PCI display devices.=0D
+=0D
+ @param[in] PlatformConsole Predefined platform default console device a=
rray.=0D
+**/=0D
+VOID=0D
+PlatformInitializeConsole (=0D
+ IN PLATFORM_CONSOLE_CONNECT_ENTRY *PlatformConsole=0D
+ )=0D
+{=0D
+ UINTN Index;=0D
+=0D
+ //=0D
+ // Do platform specific PCI Device check and add them to ConOut, ConIn,=
=0D
+ // ErrOut=0D
+ //=0D
+ VisitAllPciInstances (DetectAndPreparePlatformPciDevicePath);=0D
+=0D
+ //=0D
+ // Have chance to connect the platform default console,=0D
+ // the platform default console is the minimum device group=0D
+ // the platform should support=0D
+ //=0D
+ for (Index =3D 0; PlatformConsole[Index].DevicePath !=3D NULL; ++Index) =
{=0D
+ //=0D
+ // Update the console variable with the connect type=0D
+ //=0D
+ if ((PlatformConsole[Index].ConnectType & CONSOLE_IN) =3D=3D CONSOLE_I=
N) {=0D
+ EfiBootManagerUpdateConsoleVariable (ConIn,=0D
+ PlatformConsole[Index].DevicePath, NULL);=0D
+ }=0D
+ if ((PlatformConsole[Index].ConnectType & CONSOLE_OUT) =3D=3D CONSOLE_=
OUT) {=0D
+ EfiBootManagerUpdateConsoleVariable (ConOut,=0D
+ PlatformConsole[Index].DevicePath, NULL);=0D
+ }=0D
+ if ((PlatformConsole[Index].ConnectType & STD_ERROR) =3D=3D STD_ERROR)=
{=0D
+ EfiBootManagerUpdateConsoleVariable (ErrOut,=0D
+ PlatformConsole[Index].DevicePath, NULL);=0D
+ }=0D
+ }=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Configure PCI Interrupt Line register for applicable devices=0D
+ Ported from SeaBIOS, src/fw/pciinit.c, *_pci_slot_get_irq()=0D
+=0D
+ @param[in] Handle - Handle of PCI device instance=0D
+ @param[in] PciIo - PCI IO protocol instance=0D
+ @param[in] PciHdr - PCI Header register block=0D
+=0D
+ @retval EFI_SUCCESS - PCI Interrupt Line register configured successfull=
y.=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+SetPciIntLine (=0D
+ IN EFI_HANDLE Handle,=0D
+ IN EFI_PCI_IO_PROTOCOL *PciIo,=0D
+ IN PCI_TYPE00 *PciHdr=0D
+ )=0D
+{=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevPathNode;=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevPath;=0D
+ UINTN RootSlot;=0D
+ UINTN Idx;=0D
+ UINT8 IrqLine;=0D
+ EFI_STATUS Status;=0D
+ UINT32 RootBusNumber;=0D
+=0D
+ Status =3D EFI_SUCCESS;=0D
+=0D
+ if (PciHdr->Device.InterruptPin !=3D 0) {=0D
+=0D
+ DevPathNode =3D DevicePathFromHandle (Handle);=0D
+ ASSERT (DevPathNode !=3D NULL);=0D
+ DevPath =3D DevPathNode;=0D
+=0D
+ RootBusNumber =3D 0;=0D
+ if (DevicePathType (DevPathNode) =3D=3D ACPI_DEVICE_PATH &&=0D
+ DevicePathSubType (DevPathNode) =3D=3D ACPI_DP &&=0D
+ ((ACPI_HID_DEVICE_PATH *)DevPathNode)->HID =3D=3D EISA_PNP_ID(0x0A=
03)) {=0D
+ RootBusNumber =3D ((ACPI_HID_DEVICE_PATH *)DevPathNode)->UID;=0D
+ }=0D
+=0D
+ //=0D
+ // Compute index into PciHostIrqs[] table by walking=0D
+ // the device path and adding up all device numbers=0D
+ //=0D
+ Status =3D EFI_NOT_FOUND;=0D
+ RootSlot =3D 0;=0D
+ Idx =3D PciHdr->Device.InterruptPin - 1;=0D
+ while (!IsDevicePathEnd (DevPathNode)) {=0D
+ if (DevicePathType (DevPathNode) =3D=3D HARDWARE_DEVICE_PATH &&=0D
+ DevicePathSubType (DevPathNode) =3D=3D HW_PCI_DP) {=0D
+=0D
+ Idx +=3D ((PCI_DEVICE_PATH *)DevPathNode)->Device;=0D
+=0D
+ //=0D
+ // Unlike SeaBIOS, which starts climbing from the leaf device=0D
+ // up toward the root, we traverse the device path starting at=0D
+ // the root moving toward the leaf node.=0D
+ // The slot number of the top-level parent bridge is needed for=0D
+ // Q35 cases with more than 24 slots on the root bus.=0D
+ //=0D
+ if (Status !=3D EFI_SUCCESS) {=0D
+ Status =3D EFI_SUCCESS;=0D
+ RootSlot =3D ((PCI_DEVICE_PATH *)DevPathNode)->Device;=0D
+ }=0D
+ }=0D
+=0D
+ DevPathNode =3D NextDevicePathNode (DevPathNode);=0D
+ }=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+ if (RootBusNumber =3D=3D 0 && RootSlot =3D=3D 0) {=0D
+ DEBUG((=0D
+ DEBUG_ERROR,=0D
+ "%a: PCI host bridge (00:00.0) should have no interrupts!\n",=0D
+ __FUNCTION__=0D
+ ));=0D
+ ASSERT (FALSE);=0D
+ }=0D
+=0D
+ //=0D
+ // Final PciHostIrqs[] index calculation depends on the platform=0D
+ // and should match SeaBIOS src/fw/pciinit.c *_pci_slot_get_irq()=0D
+ //=0D
+ switch (mHostBridgeDevId) {=0D
+ case INTEL_82441_DEVICE_ID:=0D
+ Idx -=3D 1;=0D
+ break;=0D
+ case INTEL_Q35_MCH_DEVICE_ID:=0D
+ //=0D
+ // SeaBIOS contains the following comment:=0D
+ // "Slots 0-24 rotate slot:pin mapping similar to piix above, but=
=0D
+ // with a different starting index - see q35-acpi-dsdt.dsl.=0D
+ //=0D
+ // Slots 25-31 all use LNKA mapping (or LNKE, but A:D =3D E:H)"=0D
+ //=0D
+ if (RootSlot > 24) {=0D
+ //=0D
+ // in this case, subtract back out RootSlot from Idx=0D
+ // (SeaBIOS never adds it to begin with, but that would make our=
=0D
+ // device path traversal loop above too awkward)=0D
+ //=0D
+ Idx -=3D RootSlot;=0D
+ }=0D
+ break;=0D
+ default:=0D
+ ASSERT (FALSE); // should never get here=0D
+ }=0D
+ Idx %=3D ARRAY_SIZE (PciHostIrqs);=0D
+ IrqLine =3D PciHostIrqs[Idx];=0D
+=0D
+ DEBUG_CODE_BEGIN ();=0D
+ {=0D
+ CHAR16 *DevPathString;=0D
+ STATIC CHAR16 Fallback[] =3D L"<failed to convert>";=0D
+ UINTN Segment, Bus, Device, Function;=0D
+=0D
+ DevPathString =3D ConvertDevicePathToText (DevPath, FALSE, FALSE);=0D
+ if (DevPathString =3D=3D NULL) {=0D
+ DevPathString =3D Fallback;=0D
+ }=0D
+ Status =3D PciIo->GetLocation (PciIo, &Segment, &Bus, &Device, &Func=
tion);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
+ DEBUG ((DEBUG_VERBOSE, "%a: [%02x:%02x.%x] %s -> 0x%02x\n", __FUNCTI=
ON__,=0D
+ (UINT32)Bus, (UINT32)Device, (UINT32)Function, DevPathString,=0D
+ IrqLine));=0D
+=0D
+ if (DevPathString !=3D Fallback) {=0D
+ FreePool (DevPathString);=0D
+ }=0D
+ }=0D
+ DEBUG_CODE_END ();=0D
+=0D
+ //=0D
+ // Set PCI Interrupt Line register for this device to PciHostIrqs[Idx]=
=0D
+ //=0D
+ Status =3D PciIo->Pci.Write (=0D
+ PciIo,=0D
+ EfiPciIoWidthUint8,=0D
+ PCI_INT_LINE_OFFSET,=0D
+ 1,=0D
+ &IrqLine=0D
+ );=0D
+ }=0D
+=0D
+ return Status;=0D
+}=0D
+=0D
+=0D
+VOID=0D
+PciAcpiInitialization (=0D
+ )=0D
+{=0D
+ UINTN Pmba;=0D
+=0D
+ //=0D
+ // Query Host Bridge DID to determine platform type=0D
+ //=0D
+ mHostBridgeDevId =3D PcdGet16 (PcdOvmfHostBridgePciDevId);=0D
+ switch (mHostBridgeDevId) {=0D
+ case INTEL_82441_DEVICE_ID:=0D
+ Pmba =3D POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMBA);=0D
+ //=0D
+ // 00:01.0 ISA Bridge (PIIX4) LNK routing targets=0D
+ //=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x60), 0x0b); // A=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x61), 0x0b); // B=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x62), 0x0a); // C=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 1, 0, 0x63), 0x0a); // D=0D
+ break;=0D
+ case INTEL_Q35_MCH_DEVICE_ID:=0D
+ Pmba =3D POWER_MGMT_REGISTER_Q35 (ICH9_PMBASE);=0D
+ //=0D
+ // 00:1f.0 LPC Bridge (Q35) LNK routing targets=0D
+ //=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x60), 0x0a); // A=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x61), 0x0a); // B=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x62), 0x0b); // C=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x63), 0x0b); // D=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x68), 0x0a); // E=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x69), 0x0a); // F=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x6a), 0x0b); // G=0D
+ PciWrite8 (PCI_LIB_ADDRESS (0, 0x1f, 0, 0x6b), 0x0b); // H=0D
+ break;=0D
+ default:=0D
+ if (XenDetected ()) {=0D
+ //=0D
+ // There is no PCI bus in this case.=0D
+ //=0D
+ return;=0D
+ }=0D
+ DEBUG ((DEBUG_ERROR, "%a: Unknown Host Bridge Device ID: 0x%04x\n",=
=0D
+ __FUNCTION__, mHostBridgeDevId));=0D
+ ASSERT (FALSE);=0D
+ return;=0D
+ }=0D
+=0D
+ //=0D
+ // Initialize PCI_INTERRUPT_LINE for applicable present PCI devices=0D
+ //=0D
+ VisitAllPciInstances (SetPciIntLine);=0D
+=0D
+ //=0D
+ // Set ACPI SCI_EN bit in PMCNTRL=0D
+ //=0D
+ IoOr16 ((PciRead32 (Pmba) & ~BIT0) + 4, BIT0);=0D
+}=0D
+=0D
+EFI_STATUS=0D
+EFIAPI=0D
+ConnectRecursivelyIfPciMassStorage (=0D
+ IN EFI_HANDLE Handle,=0D
+ IN EFI_PCI_IO_PROTOCOL *Instance,=0D
+ IN PCI_TYPE00 *PciHeader=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;=0D
+ CHAR16 *DevPathStr;=0D
+=0D
+ //=0D
+ // Recognize PCI Mass Storage, and Xen PCI devices=0D
+ //=0D
+ if (IS_CLASS1 (PciHeader, PCI_CLASS_MASS_STORAGE) ||=0D
+ (XenDetected() && IS_CLASS2 (PciHeader, 0xFF, 0x80))) {=0D
+ DevicePath =3D NULL;=0D
+ Status =3D gBS->HandleProtocol (=0D
+ Handle,=0D
+ &gEfiDevicePathProtocolGuid,=0D
+ (VOID*)&DevicePath=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ //=0D
+ // Print Device Path=0D
+ //=0D
+ DevPathStr =3D ConvertDevicePathToText (DevicePath, FALSE, FALSE);=0D
+ if (DevPathStr !=3D NULL) {=0D
+ DEBUG((=0D
+ DEBUG_INFO,=0D
+ "Found %s device: %s\n",=0D
+ (IS_CLASS1 (PciHeader, PCI_CLASS_MASS_STORAGE) ?=0D
+ L"Mass Storage" :=0D
+ L"Xen"=0D
+ ),=0D
+ DevPathStr=0D
+ ));=0D
+ FreePool(DevPathStr);=0D
+ }=0D
+=0D
+ Status =3D gBS->ConnectController (Handle, NULL, NULL, TRUE);=0D
+ if (EFI_ERROR (Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
+ }=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Connect with predefined platform connect sequence.=0D
+=0D
+ The OEM/IBV can customize with their own connect sequence.=0D
+**/=0D
+VOID=0D
+PlatformBdsConnectSequence (=0D
+ VOID=0D
+ )=0D
+{=0D
+ UINTN Index;=0D
+ RETURN_STATUS Status;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "PlatformBdsConnectSequence\n"));=0D
+=0D
+ Index =3D 0;=0D
+=0D
+ //=0D
+ // Here we can get the customized platform connect sequence=0D
+ // Notes: we can connect with new variable which record the=0D
+ // last time boots connect device path sequence=0D
+ //=0D
+ while (gPlatformConnectSequence[Index] !=3D NULL) {=0D
+ //=0D
+ // Build the platform boot option=0D
+ //=0D
+ EfiBootManagerConnectDevicePath (gPlatformConnectSequence[Index], NULL=
);=0D
+ Index++;=0D
+ }=0D
+=0D
+ Status =3D ConnectDevicesFromQemu ();=0D
+ if (RETURN_ERROR (Status)) {=0D
+ //=0D
+ // Just use the simple policy to connect all devices=0D
+ //=0D
+ DEBUG ((DEBUG_INFO, "EfiBootManagerConnectAll\n"));=0D
+ EfiBootManagerConnectAll ();=0D
+ }=0D
+}=0D
+=0D
+/**=0D
+ Save the S3 boot script.=0D
+=0D
+ Note that DxeSmmReadyToLock must be signaled after this function returns=
;=0D
+ otherwise the script wouldn't be saved actually.=0D
+**/=0D
+STATIC=0D
+VOID=0D
+SaveS3BootScript (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_STATUS Status;=0D
+ EFI_S3_SAVE_STATE_PROTOCOL *BootScript;=0D
+ STATIC CONST UINT8 Info[] =3D { 0xDE, 0xAD, 0xBE, 0xEF };=0D
+=0D
+ Status =3D gBS->LocateProtocol (&gEfiS3SaveStateProtocolGuid, NULL,=0D
+ (VOID **) &BootScript);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
+ //=0D
+ // Despite the opcode documentation in the PI spec, the protocol=0D
+ // implementation embeds a deep copy of the info in the boot script, rat=
her=0D
+ // than storing just a pointer to runtime or NVS storage.=0D
+ //=0D
+ Status =3D BootScript->Write(BootScript, EFI_BOOT_SCRIPT_INFORMATION_OPC=
ODE,=0D
+ (UINT32) sizeof Info,=0D
+ (EFI_PHYSICAL_ADDRESS)(UINTN) &Info);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Do the platform specific action after the console is ready=0D
+=0D
+ Possible things that can be done in PlatformBootManagerAfterConsole:=0D
+=0D
+ > Console post action:=0D
+ > Dynamically switch output mode from 100x31 to 80x25 for certain sena=
rino=0D
+ > Signal console ready platform customized event=0D
+ > Run diagnostics like memory testing=0D
+ > Connect certain devices=0D
+ > Dispatch aditional option roms=0D
+ > Special boot: e.g.: USB boot, enter UI=0D
+**/=0D
+VOID=0D
+EFIAPI=0D
+PlatformBootManagerAfterConsole (=0D
+ VOID=0D
+ )=0D
+{=0D
+ EFI_BOOT_MODE BootMode;=0D
+=0D
+ DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));=0D
+=0D
+ //=0D
+ // Get current Boot Mode=0D
+ //=0D
+ BootMode =3D GetBootModeHob ();=0D
+ DEBUG ((DEBUG_INFO, "Boot Mode:%x\n", BootMode));=0D
+=0D
+ //=0D
+ // Go the different platform policy with different boot mode=0D
+ // Notes: this part code can be change with the table policy=0D
+ //=0D
+ ASSERT (BootMode =3D=3D BOOT_WITH_FULL_CONFIGURATION);=0D
+=0D
+ //=0D
+ // Logo show=0D
+ //=0D
+ BootLogoEnableLogo ();=0D
+=0D
+ //=0D
+ // Set PCI Interrupt Line registers and ACPI SCI_EN=0D
+ //=0D
+ PciAcpiInitialization ();=0D
+=0D
+ //=0D
+ // Process TPM PPI request=0D
+ //=0D
+ Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
+=0D
+ //=0D
+ // Perform some platform specific connect sequence=0D
+ //=0D
+ PlatformBdsConnectSequence ();=0D
+=0D
+ EfiBootManagerRefreshAllBootOption ();=0D
+=0D
+ //=0D
+ // Register UEFI Shell (Will be removed if the Shell isn't built=0D
+ // which is the default)=0D
+ //=0D
+ PlatformRegisterFvBootOption (=0D
+ &gUefiShellFileGuid, L"EFI Internal Shell", LOAD_OPTION_ACTIVE=0D
+ );=0D
+=0D
+ //=0D
+ // Register Grub=0D
+ //=0D
+ PlatformRegisterFvBootOption (=0D
+ &gGrubFileGuid, L"Grub Bootloader", LOAD_OPTION_ACTIVE=0D
+ );=0D
+=0D
+ RemoveStaleFvFileOptions ();=0D
+=0D
+ PlatformBmPrintScRegisterHandler ();=0D
+}=0D
+=0D
+/**=0D
+ This notification function is invoked when an instance of the=0D
+ EFI_DEVICE_PATH_PROTOCOL is produced.=0D
+=0D
+ @param Event The event that occurred=0D
+ @param Context For EFI compatibility. Not used.=0D
+=0D
+**/=0D
+VOID=0D
+EFIAPI=0D
+NotifyDevPath (=0D
+ IN EFI_EVENT Event,=0D
+ IN VOID *Context=0D
+ )=0D
+{=0D
+ EFI_HANDLE Handle;=0D
+ EFI_STATUS Status;=0D
+ UINTN BufferSize;=0D
+ EFI_DEVICE_PATH_PROTOCOL *DevPathNode;=0D
+ ATAPI_DEVICE_PATH *Atapi;=0D
+=0D
+ //=0D
+ // Examine all new handles=0D
+ //=0D
+ for (;;) {=0D
+ //=0D
+ // Get the next handle=0D
+ //=0D
+ BufferSize =3D sizeof (Handle);=0D
+ Status =3D gBS->LocateHandle (=0D
+ ByRegisterNotify,=0D
+ NULL,=0D
+ mEfiDevPathNotifyReg,=0D
+ &BufferSize,=0D
+ &Handle=0D
+ );=0D
+=0D
+ //=0D
+ // If not found, we're done=0D
+ //=0D
+ if (EFI_NOT_FOUND =3D=3D Status) {=0D
+ break;=0D
+ }=0D
+=0D
+ if (EFI_ERROR (Status)) {=0D
+ continue;=0D
+ }=0D
+=0D
+ //=0D
+ // Get the DevicePath protocol on that handle=0D
+ //=0D
+ Status =3D gBS->HandleProtocol (Handle, &gEfiDevicePathProtocolGuid,=0D
+ (VOID **)&DevPathNode);=0D
+ ASSERT_EFI_ERROR (Status);=0D
+=0D
+ while (!IsDevicePathEnd (DevPathNode)) {=0D
+ //=0D
+ // Find the handler to dump this device path node=0D
+ //=0D
+ if (=0D
+ (DevicePathType(DevPathNode) =3D=3D MESSAGING_DEVICE_PATH) &&=0D
+ (DevicePathSubType(DevPathNode) =3D=3D MSG_ATAPI_DP)=0D
+ ) {=0D
+ Atapi =3D (ATAPI_DEVICE_PATH*) DevPathNode;=0D
+ PciOr16 (=0D
+ PCI_LIB_ADDRESS (=0D
+ 0,=0D
+ 1,=0D
+ 1,=0D
+ (Atapi->PrimarySecondary =3D=3D 1) ? 0x42: 0x40=0D
+ ),=0D
+ BIT15=0D
+ );=0D
+ }=0D
+=0D
+ //=0D
+ // Next device path node=0D
+ //=0D
+ DevPathNode =3D NextDevicePathNode (DevPathNode);=0D
+ }=0D
+ }=0D
+=0D
+ return;=0D
+}=0D
+=0D
+=0D
+VOID=0D
+InstallDevicePathCallback (=0D
+ VOID=0D
+ )=0D
+{=0D
+ DEBUG ((DEBUG_INFO, "Registered NotifyDevPath Event\n"));=0D
+ mEfiDevPathEvent =3D EfiCreateProtocolNotifyEvent (=0D
+ &gEfiDevicePathProtocolGuid,=0D
+ TPL_CALLBACK,=0D
+ NotifyDevPath,=0D
+ NULL,=0D
+ &mEfiDevPathNotifyReg=0D
+ );=0D
+}=0D
+=0D
+/**=0D
+ This function is called each second during the boot manager waits the=0D
+ timeout.=0D
+=0D
+ @param TimeoutRemain The remaining timeout.=0D
+**/=0D
+VOID=0D
+EFIAPI=0D
+PlatformBootManagerWaitCallback (=0D
+ UINT16 TimeoutRemain=0D
+ )=0D
+{=0D
+ //=0D
+ // Since the timeout should be forced to zero we should never=0D
+ // Get here=0D
+ //=0D
+ ASSERT (FALSE);=0D
+}=0D
+=0D
+/**=0D
+ The function is called when no boot option could be launched,=0D
+ including platform recovery options and options pointing to applications=
=0D
+ built into firmware volumes.=0D
+=0D
+ If this function returns, BDS attempts to enter an infinite loop.=0D
+**/=0D
+VOID=0D
+EFIAPI=0D
+PlatformBootManagerUnableToBoot (=0D
+ VOID=0D
+ )=0D
+{=0D
+ //=0D
+ // If we get here something failed about the grub boot but since=0D
+ // We're privy to the secret we must panic and not retry or loop=0D
+ //=0D
+ ASSERT (FALSE);=0D
+}=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformData.c b/Ov=
mfPkg/Library/PlatformBootManagerLibGrub/PlatformData.c
new file mode 100644
index 0000000000..2858c3dfd5
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformData.c
@@ -0,0 +1,213 @@
+/** @file=0D
+ Defined the platform specific device path which will be used by=0D
+ platform Bbd to perform the platform policy connect.=0D
+=0D
+ Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.<BR>=0D
+ SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#include "BdsPlatform.h"=0D
+#include <Guid/QemuRamfb.h>=0D
+#include <Guid/SerialPortLibVendor.h>=0D
+=0D
+//=0D
+// Vendor UART Device Path structure=0D
+//=0D
+#pragma pack (1)=0D
+typedef struct {=0D
+ VENDOR_DEVICE_PATH VendorHardware;=0D
+ UART_DEVICE_PATH Uart;=0D
+ VENDOR_DEVICE_PATH TerminalType;=0D
+ EFI_DEVICE_PATH_PROTOCOL End;=0D
+} VENDOR_UART_DEVICE_PATH;=0D
+#pragma pack ()=0D
+=0D
+//=0D
+// USB Keyboard Device Path structure=0D
+//=0D
+#pragma pack (1)=0D
+typedef struct {=0D
+ USB_CLASS_DEVICE_PATH Keyboard;=0D
+ EFI_DEVICE_PATH_PROTOCOL End;=0D
+} USB_KEYBOARD_DEVICE_PATH;=0D
+#pragma pack ()=0D
+=0D
+//=0D
+// QemuRamfb Device Path structure=0D
+//=0D
+#pragma pack (1)=0D
+typedef struct {=0D
+ VENDOR_DEVICE_PATH Vendor;=0D
+ ACPI_ADR_DEVICE_PATH AcpiAdr;=0D
+ EFI_DEVICE_PATH_PROTOCOL End;=0D
+} VENDOR_RAMFB_DEVICE_PATH;=0D
+#pragma pack ()=0D
+=0D
+ACPI_HID_DEVICE_PATH gPnpPs2KeyboardDeviceNode =3D gPnpPs2Keyboard;=
=0D
+ACPI_HID_DEVICE_PATH gPnp16550ComPortDeviceNode =3D gPnp16550ComPort=
;=0D
+UART_DEVICE_PATH gUartDeviceNode =3D gUart;=0D
+VENDOR_DEVICE_PATH gTerminalTypeDeviceNode =3D gPcAnsiTerminal;=
=0D
+=0D
+//=0D
+// Platform specific keyboard device path=0D
+//=0D
+=0D
+=0D
+//=0D
+// Debug Agent UART Device Path=0D
+//=0D
+VENDOR_UART_DEVICE_PATH gDebugAgentUartDevicePath =3D {=0D
+ {=0D
+ {=0D
+ HARDWARE_DEVICE_PATH,=0D
+ HW_VENDOR_DP,=0D
+ {=0D
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),=0D
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)=0D
+ }=0D
+ },=0D
+ EFI_DEBUG_AGENT_GUID,=0D
+ },=0D
+ {=0D
+ {=0D
+ MESSAGING_DEVICE_PATH,=0D
+ MSG_UART_DP,=0D
+ {=0D
+ (UINT8) (sizeof (UART_DEVICE_PATH)),=0D
+ (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8)=0D
+ }=0D
+ },=0D
+ 0, // Reserved=0D
+ 0, // BaudRate - Default=0D
+ 0, // DataBits - Default=0D
+ 0, // Parity - Default=0D
+ 0, // StopBits - Default=0D
+ },=0D
+ gPcAnsiTerminal,=0D
+ gEndEntire=0D
+};=0D
+=0D
+STATIC USB_KEYBOARD_DEVICE_PATH gUsbKeyboardDevicePath =3D {=0D
+ {=0D
+ {=0D
+ MESSAGING_DEVICE_PATH,=0D
+ MSG_USB_CLASS_DP,=0D
+ {=0D
+ (UINT8)sizeof (USB_CLASS_DEVICE_PATH),=0D
+ (UINT8)(sizeof (USB_CLASS_DEVICE_PATH) >> 8)=0D
+ }=0D
+ },=0D
+ 0xFFFF, // VendorId: any=0D
+ 0xFFFF, // ProductId: any=0D
+ 3, // DeviceClass: HID=0D
+ 1, // DeviceSubClass: boot=0D
+ 1 // DeviceProtocol: keyboard=0D
+ },=0D
+ gEndEntire=0D
+};=0D
+=0D
+STATIC VENDOR_RAMFB_DEVICE_PATH gQemuRamfbDevicePath =3D {=0D
+ {=0D
+ {=0D
+ HARDWARE_DEVICE_PATH,=0D
+ HW_VENDOR_DP,=0D
+ {=0D
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),=0D
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)=0D
+ }=0D
+ },=0D
+ QEMU_RAMFB_GUID,=0D
+ },=0D
+ {=0D
+ {=0D
+ ACPI_DEVICE_PATH,=0D
+ ACPI_ADR_DP,=0D
+ {=0D
+ (UINT8) (sizeof (ACPI_ADR_DEVICE_PATH)),=0D
+ (UINT8) ((sizeof (ACPI_ADR_DEVICE_PATH)) >> 8)=0D
+ }=0D
+ },=0D
+ ACPI_DISPLAY_ADR (=0D
+ 1, // DeviceIdScheme=0D
+ 0, // HeadId=0D
+ 0, // NonVgaOutput=0D
+ 1, // BiosCanDetect=0D
+ 0, // VendorInfo=0D
+ ACPI_ADR_DISPLAY_TYPE_EXTERNAL_DIGITAL, // Type=0D
+ 0, // Port=0D
+ 0 // Index=0D
+ ),=0D
+ },=0D
+ gEndEntire=0D
+};=0D
+=0D
+STATIC VENDOR_UART_DEVICE_PATH gXenConsoleDevicePath =3D {=0D
+ {=0D
+ {=0D
+ HARDWARE_DEVICE_PATH,=0D
+ HW_VENDOR_DP,=0D
+ {=0D
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),=0D
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)=0D
+ }=0D
+ },=0D
+ EDKII_SERIAL_PORT_LIB_VENDOR_GUID=0D
+ },=0D
+ {=0D
+ {=0D
+ MESSAGING_DEVICE_PATH,=0D
+ MSG_UART_DP,=0D
+ {=0D
+ (UINT8) (sizeof (UART_DEVICE_PATH)),=0D
+ (UINT8) ((sizeof (UART_DEVICE_PATH)) >> 8)=0D
+ }=0D
+ },=0D
+ 0,=0D
+ FixedPcdGet64 (PcdUartDefaultBaudRate),=0D
+ FixedPcdGet8 (PcdUartDefaultDataBits),=0D
+ FixedPcdGet8 (PcdUartDefaultParity),=0D
+ FixedPcdGet8 (PcdUartDefaultStopBits),=0D
+ },=0D
+ gPcAnsiTerminal,=0D
+ gEndEntire=0D
+};=0D
+=0D
+//=0D
+// Predefined platform default console device path=0D
+//=0D
+PLATFORM_CONSOLE_CONNECT_ENTRY gPlatformConsole[] =3D {=0D
+ {=0D
+ (EFI_DEVICE_PATH_PROTOCOL *) &gDebugAgentUartDevicePath,=0D
+ (CONSOLE_OUT | CONSOLE_IN | STD_ERROR)=0D
+ },=0D
+ {=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gUsbKeyboardDevicePath,=0D
+ CONSOLE_IN=0D
+ },=0D
+ {=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gQemuRamfbDevicePath,=0D
+ CONSOLE_OUT=0D
+ },=0D
+ {=0D
+ NULL,=0D
+ 0=0D
+ }=0D
+};=0D
+=0D
+PLATFORM_CONSOLE_CONNECT_ENTRY gXenPlatformConsole[] =3D {=0D
+ {=0D
+ (EFI_DEVICE_PATH_PROTOCOL *)&gXenConsoleDevicePath,=0D
+ (CONSOLE_OUT | CONSOLE_IN | STD_ERROR)=0D
+ },=0D
+ {=0D
+ NULL,=0D
+ 0=0D
+ }=0D
+};=0D
+=0D
+//=0D
+// Predefined platform connect sequence=0D
+//=0D
+EFI_DEVICE_PATH_PROTOCOL *gPlatformConnectSequence[] =3D { NULL };=0D
+=0D
diff --git a/OvmfPkg/AmdSev/Grub/.gitignore b/OvmfPkg/AmdSev/Grub/.gitignore
new file mode 100644
index 0000000000..7e3b30951f
--- /dev/null
+++ b/OvmfPkg/AmdSev/Grub/.gitignore
@@ -0,0 +1 @@
+grub.efi
diff --git a/OvmfPkg/AmdSev/Grub/grub.cfg b/OvmfPkg/AmdSev/Grub/grub.cfg
new file mode 100644
index 0000000000..5c8fd1e547
--- /dev/null
+++ b/OvmfPkg/AmdSev/Grub/grub.cfg
@@ -0,0 +1,35 @@
+echo "Entering grub config"
+sevsecret
+if [ $? -ne 0 ]; then
+ echo "Failed to locate anything in the SEV secret area, prompting for =
password"
+ cryptomount -a
+else
+ cryptomount -s
+ if [ $? -ne 0 ]; then
+ echo "Failed to mount root securely, retrying with password prompt"
+ cryptomount -a
+ fi
+fi
+set root=3D
+for f in (crypto*); do
+ if [ -e $f/boot/grub/grub.cfg ]; then
+ set root=3D$f
+ set prefix=3D($root)/boot/grub
+ break;
+ fi
+done
+if [ x$root =3D x ]; then
+ echo "Failed to find any grub configuration on the encrypted volume"
+ sleep 5
+ reboot
+fi
+# rest of modules to get boot to work
+set modules=3D"
+ boot
+ loadenv
+ "
+for f in $modules; do
+ insmod $f
+done
+echo "Transferring to ${prefix}/grub.cfg"
+source $prefix/grub.cfg
diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh
new file mode 100644
index 0000000000..91fac11ac9
--- /dev/null
+++ b/OvmfPkg/AmdSev/Grub/grub.sh
@@ -0,0 +1,54 @@
+GRUB_MODULES=3D"
+ part_msdos
+ part_gpt
+ cryptodisk
+ luks
+ gcry_rijndael
+ gcry_sha256
+ ext2
+ btrfs
+ xfs
+ fat
+ configfile
+ memdisk
+ sleep
+ normal
+ echo
+ test
+ regexp
+ linux
+ linuxefi
+ reboot
+ sevsecret
+ "
+basedir=3D`dirname $0`
+##
+# different distributions have different names for grub-mkimage, so
+# search all the known ones
+##
+for b in grub2-mkimage grub-mkimage; do
+ if which $b > /dev/null 2>&1; then
+ mkimage=3D$b
+ fi
+done
+if [ -z "$mkimage" ]; then
+ echo "Can't find grub mkimage"
+ exit 1
+fi
+
+# GRUB's rescue parser doesn't understand 'if'.
+echo 'normal (memdisk)/grub.cfg' >"${basedir}/grub-bootstrap.cfg"
+
+# Now build a memdisk with the correct grub.cfg
+rm -f ${basedir}/disk.fat
+mkfs.msdos -C ${basedir}/disk.fat 64 || exit 1
+mcopy -i ${basedir}/disk.fat ${basedir}/grub.cfg ::grub.cfg || exit 1
+
+
+${mkimage} -O x86_64-efi -p '(crypto0)' -c ${basedir}/grub-bootstrap.cfg -=
m ${basedir}/disk.fat -o ${basedir}/grub.efi ${GRUB_MODULES} || exit 1
+
+# remove the intermediates
+for f in disk.fat grub-bootstrap.cfg; do
+ rm -f ${basedir}/$f
+done
+echo "grub.efi generated in ${basedir}"
--=20
2.26.2


[PATCH 1/4] OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF

James Bottomley <jejb@...>
 

This commit represents the file copied from OvmfPkgX64 with minor
changes to change the build name.

This package will form the basis for adding Sev specific features.
Since everything must go into a single rom file for attestation, the
separated build of code and variables is eliminated.

Signed-off-by: James Bottomley <jejb@linux.ibm.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1024 ++++++++++++++++++++++++++++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 506 +++++++++++++++++
2 files changed, 1530 insertions(+)
create mode 100644 OvmfPkg/AmdSev/AmdSevX64.dsc
create mode 100644 OvmfPkg/AmdSev/AmdSevX64.fdf

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
new file mode 100644
index 0000000000..d1dfb8742f
--- /dev/null
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -0,0 +1,1024 @@
+## @file=0D
+# EFI/Framework Open Virtual Machine Firmware (OVMF) platform for SEV=0D
+#=0D
+# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>=
=0D
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>=0D
+#=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+##########################################################################=
######=0D
+#=0D
+# Defines Section - statements that will be processed to create a Makefile=
.=0D
+#=0D
+##########################################################################=
######=0D
+[Defines]=0D
+ PLATFORM_NAME =3D Ovmf=0D
+ PLATFORM_GUID =3D 5a9e7754-d81b-49ea-85ad-69eaa7b1539b=
=0D
+ PLATFORM_VERSION =3D 0.1=0D
+ DSC_SPECIFICATION =3D 0x00010005=0D
+ OUTPUT_DIRECTORY =3D Build/AmdSev=0D
+ SUPPORTED_ARCHITECTURES =3D X64=0D
+ BUILD_TARGETS =3D NOOPT|DEBUG|RELEASE=0D
+ SKUID_IDENTIFIER =3D DEFAULT=0D
+ FLASH_DEFINITION =3D OvmfPkg/AmdSev/AmdSevX64.fdf=0D
+=0D
+ #=0D
+ # Defines for default states. These can be changed on the command line.=
=0D
+ # -D FLAG=3DVALUE=0D
+ #=0D
+ DEFINE SECURE_BOOT_ENABLE =3D FALSE=0D
+ DEFINE SMM_REQUIRE =3D FALSE=0D
+ DEFINE SOURCE_DEBUG_ENABLE =3D FALSE=0D
+ DEFINE TPM_ENABLE =3D FALSE=0D
+ DEFINE TPM_CONFIG_ENABLE =3D FALSE=0D
+=0D
+ #=0D
+ # Network definition=0D
+ #=0D
+ DEFINE NETWORK_TLS_ENABLE =3D FALSE=0D
+ DEFINE NETWORK_IP6_ENABLE =3D FALSE=0D
+ DEFINE NETWORK_HTTP_BOOT_ENABLE =3D FALSE=0D
+ DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS =3D TRUE=0D
+=0D
+!include NetworkPkg/NetworkDefines.dsc.inc=0D
+=0D
+ #=0D
+ # Device drivers=0D
+ #=0D
+ DEFINE PVSCSI_ENABLE =3D TRUE=0D
+ DEFINE MPT_SCSI_ENABLE =3D TRUE=0D
+ DEFINE LSI_SCSI_ENABLE =3D FALSE=0D
+=0D
+ #=0D
+ # Flash size selection. Setting FD_SIZE_IN_KB on the command line direct=
ly to=0D
+ # one of the supported values, in place of any of the convenience macros=
, is=0D
+ # permitted.=0D
+ #=0D
+!ifdef $(FD_SIZE_1MB)=0D
+ DEFINE FD_SIZE_IN_KB =3D 1024=0D
+!else=0D
+!ifdef $(FD_SIZE_2MB)=0D
+ DEFINE FD_SIZE_IN_KB =3D 2048=0D
+!else=0D
+!ifdef $(FD_SIZE_4MB)=0D
+ DEFINE FD_SIZE_IN_KB =3D 4096=0D
+!else=0D
+ DEFINE FD_SIZE_IN_KB =3D 4096=0D
+!endif=0D
+!endif=0D
+!endif=0D
+=0D
+[BuildOptions]=0D
+ GCC:RELEASE_*_*_CC_FLAGS =3D -DMDEPKG_NDEBUG=0D
+ INTEL:RELEASE_*_*_CC_FLAGS =3D /D MDEPKG_NDEBUG=0D
+ MSFT:RELEASE_*_*_CC_FLAGS =3D /D MDEPKG_NDEBUG=0D
+!if $(TOOL_CHAIN_TAG) !=3D "XCODE5" && $(TOOL_CHAIN_TAG) !=3D "CLANGPDB"=0D
+ GCC:*_*_*_CC_FLAGS =3D -mno-mmx -mno-sse=0D
+!endif=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ MSFT:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D
+ GCC:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D
+ INTEL:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D
+!endif=0D
+=0D
+ #=0D
+ # Disable deprecated APIs.=0D
+ #=0D
+ MSFT:*_*_*_CC_FLAGS =3D /D DISABLE_NEW_DEPRECATED_INTERFACES=0D
+ INTEL:*_*_*_CC_FLAGS =3D /D DISABLE_NEW_DEPRECATED_INTERFACES=0D
+ GCC:*_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES=0D
+=0D
+[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]=0D
+ GCC:*_*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000=0D
+ XCODE:*_*_*_DLINK_FLAGS =3D -seg1addr 0x1000 -segalign 0x1000=0D
+ XCODE:*_*_*_MTOC_FLAGS =3D -align 0x1000=0D
+ CLANGPDB:*_*_*_DLINK_FLAGS =3D /ALIGN:4096=0D
+=0D
+# Force PE/COFF sections to be aligned at 4KB boundaries to support page l=
evel=0D
+# protection of DXE_SMM_DRIVER/SMM_CORE modules=0D
+[BuildOptions.common.EDKII.DXE_SMM_DRIVER, BuildOptions.common.EDKII.SMM_C=
ORE]=0D
+ GCC:*_*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000=0D
+ XCODE:*_*_*_DLINK_FLAGS =3D -seg1addr 0x1000 -segalign 0x1000=0D
+ XCODE:*_*_*_MTOC_FLAGS =3D -align 0x1000=0D
+ CLANGPDB:*_*_*_DLINK_FLAGS =3D /ALIGN:4096=0D
+=0D
+##########################################################################=
######=0D
+#=0D
+# SKU Identification section - list of all SKU IDs supported by this Platf=
orm.=0D
+#=0D
+##########################################################################=
######=0D
+[SkuIds]=0D
+ 0|DEFAULT=0D
+=0D
+##########################################################################=
######=0D
+#=0D
+# Library Class section - list of all Library Classes needed by this Platf=
orm.=0D
+#=0D
+##########################################################################=
######=0D
+[LibraryClasses]=0D
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf=0D
+ ResetSystemLib|OvmfPkg/Library/ResetSystemLib/BaseResetSystemLib.inf=0D
+ PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf=0D
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLibRepStr/BaseMemoryLibRepStr.inf=
=0D
+ BaseLib|MdePkg/Library/BaseLib/BaseLib.inf=0D
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf=0D
+ BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.i=
nf=0D
+ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchroniza=
tionLib.inf=0D
+ CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf=0D
+ PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibN=
ull.inf=0D
+ PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf=0D
+ CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMain=
tenanceLib.inf=0D
+ UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompres=
sLib.inf=0D
+ UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServic=
esLib.inf=0D
+ HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf=0D
+ SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf=0D
+ UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManag=
erLib.inf=0D
+ BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf=0D
+ FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf=
=0D
+ CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf=
=0D
+ DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf=0D
+ DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableL=
ib.inf=0D
+ PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeC=
offGetEntryPointLib.inf=0D
+ PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf=0D
+ PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf=0D
+ PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf=0D
+ PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i=
nf=0D
+ PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf=0D
+ PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPc=
iSegmentLib.inf=0D
+ PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf=
=0D
+ IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf=0D
+ OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo=
okStatusCodeLibNull.inf=0D
+ SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf=0D
+ MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf=0D
+ UefiLib|MdePkg/Library/UefiLib/UefiLib.inf=0D
+ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBoo=
tServicesTableLib.inf=0D
+ UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/U=
efiRuntimeServicesTableLib.inf=0D
+ UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry=
Point.inf=0D
+ UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA=
pplicationEntryPoint.inf=0D
+ DevicePathLib|MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDev=
icePathLibDevicePathProtocol.inf=0D
+ NvVarsFileLib|OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf=0D
+ FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf=0D
+ UefiCpuLib|UefiCpuPkg/Library/BaseUefiCpuLib/BaseUefiCpuLib.inf=0D
+ SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeS=
ecurityManagementLib.inf=0D
+ UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf=0D
+ SerializeVariablesLib|OvmfPkg/Library/SerializeVariablesLib/SerializeVar=
iablesLib.inf=0D
+ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf=0D
+ QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFw=
CfgSimpleParserLib.inf=0D
+ VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf=0D
+ LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf=0D
+ MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevL=
ib.inf=0D
+!if $(SMM_REQUIRE) =3D=3D FALSE=0D
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf=0D
+!endif=0D
+ CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize=
dDisplayLib.inf=0D
+ FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL=
ib.inf=0D
+=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb=
ug/PeCoffExtraActionLibDebug.inf=0D
+ DebugCommunicationLib|SourceLevelDebugPkg/Library/DebugCommunicationLibS=
erialPort/DebugCommunicationLibSerialPort.inf=0D
+!else=0D
+ PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeC=
offExtraActionLibNull.inf=0D
+ DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.i=
nf=0D
+!endif=0D
+=0D
+ LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.in=
f=0D
+ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseD=
ebugPrintErrorLevelLib.inf=0D
+=0D
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf=0D
+!if $(NETWORK_TLS_ENABLE) =3D=3D TRUE=0D
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf=0D
+!else=0D
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf=0D
+!endif=0D
+ RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf=0D
+=0D
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE=0D
+ PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.in=
f=0D
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf=
=0D
+!else=0D
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib=
Null.inf=0D
+!endif=0D
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf=0D
+=0D
+=0D
+ #=0D
+ # Network libraries=0D
+ #=0D
+!include NetworkPkg/NetworkLibs.dsc.inc=0D
+=0D
+!if $(NETWORK_TLS_ENABLE) =3D=3D TRUE=0D
+ TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf=0D
+!endif=0D
+=0D
+ ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf=0D
+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.in=
f=0D
+ S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScrip=
tLib.inf=0D
+ SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf=0D
+ OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib=
/BaseOrderedCollectionRedBlackTreeLib.inf=0D
+ XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf=0D
+ XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf=0D
+=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf=
=0D
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf=0D
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT=
cg2PhysicalPresenceLib.inf=0D
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN=
ull.inf=0D
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf=0D
+!else=0D
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf=0D
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf=0D
+!endif=0D
+=0D
+[LibraryClasses.common]=0D
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf=0D
+ VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf=0D
+=0D
+[LibraryClasses.common.SEC]=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf=0D
+ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPor=
t.inf=0D
+!endif=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor=
tStatusCodeLib.inf=0D
+ ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseE=
xtractGuidedSectionLib.inf=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib=
.inf=0D
+!endif=0D
+ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf=0D
+ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf=0D
+ PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/=
PeiServicesTablePointerLibIdt.inf=0D
+ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc=
ationLib.inf=0D
+!if $(TOOL_CHAIN_TAG) =3D=3D "XCODE5"=0D
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5S=
ecPeiCpuExceptionHandlerLib.inf=0D
+!else=0D
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiC=
puExceptionHandlerLib.inf=0D
+!endif=0D
+=0D
+[LibraryClasses.common.PEI_CORE]=0D
+ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf=0D
+ PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/=
PeiServicesTablePointerLibIdt.inf=0D
+ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf=0D
+ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc=
ationLib.inf=0D
+ PeiCoreEntryPoint|MdePkg/Library/PeiCoreEntryPoint/PeiCoreEntryPoint.inf=
=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor=
tStatusCodeLib.inf=0D
+ OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo=
okStatusCodeLibNull.inf=0D
+ PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeC=
offGetEntryPointLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf=0D
+=0D
+[LibraryClasses.common.PEIM]=0D
+ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf=0D
+ PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/=
PeiServicesTablePointerLibIdt.inf=0D
+ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf=0D
+ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc=
ationLib.inf=0D
+ PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiRepor=
tStatusCodeLib.inf=0D
+ OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHo=
okStatusCodeLibNull.inf=0D
+ PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeC=
offGetEntryPointLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf=0D
+ ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResou=
rcePublicationLib.inf=0D
+ ExtractGuidedSectionLib|MdePkg/Library/PeiExtractGuidedSectionLib/PeiExt=
ractGuidedSectionLib.inf=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SecPeiDebugAgentLib=
.inf=0D
+!endif=0D
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE=
xceptionHandlerLib.inf=0D
+ MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf=0D
+ QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf=
=0D
+ PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf=0D
+ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf=0D
+=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf=0D
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm=
.inf=0D
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.in=
f=0D
+!endif=0D
+=0D
+[LibraryClasses.common.DXE_CORE]=0D
+ HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf=0D
+ DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf=
=0D
+ MemoryAllocationLib|MdeModulePkg/Library/DxeCoreMemoryAllocationLib/DxeC=
oreMemoryAllocationLib.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor=
tStatusCodeLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExt=
ractGuidedSectionLib.inf=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.in=
f=0D
+!endif=0D
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE=
xceptionHandlerLib.inf=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+=0D
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf=0D
+ ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf=0D
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf=0D
+ DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf=
=0D
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll=
ocationLib.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/R=
untimeDxeReportStatusCodeLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf=0D
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf=0D
+ PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf=0D
+ QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf=
=0D
+=0D
+[LibraryClasses.common.UEFI_DRIVER]=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf=0D
+ ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf=0D
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf=0D
+ DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf=
=0D
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll=
ocationLib.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor=
tStatusCodeLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf=0D
+ PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf=0D
+=0D
+[LibraryClasses.common.DXE_DRIVER]=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf=0D
+ ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf=0D
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf=0D
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll=
ocationLib.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor=
tStatusCodeLib.inf=0D
+ UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ PlatformBootManagerLib|OvmfPkg/Library/PlatformBootManagerLib/PlatformBo=
otManagerLib.inf=0D
+ PlatformBmPrintScLib|OvmfPkg/Library/PlatformBmPrintScLib/PlatformBmPrin=
tScLib.inf=0D
+ QemuBootOrderLib|OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf=0D
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE=
xceptionHandlerLib.inf=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf=0D
+!else=0D
+ LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf=0D
+!endif=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.in=
f=0D
+!endif=0D
+ PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf=0D
+ MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf=0D
+ QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf=
=0D
+ QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib=
.inf=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i=
nf=0D
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.in=
f=0D
+!endif=0D
+=0D
+[LibraryClasses.common.UEFI_APPLICATION]=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf=0D
+ ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf=0D
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf=0D
+ MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAll=
ocationLib.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor=
tStatusCodeLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf=0D
+=0D
+[LibraryClasses.common.DXE_SMM_DRIVER]=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf=0D
+ ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf=0D
+ MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAlloc=
ationLib.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor=
tStatusCodeLib.inf=0D
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf=0D
+ SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf=0D
+ MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.=
inf=0D
+ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableL=
ib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuE=
xceptionHandlerLib.inf=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.in=
f=0D
+!endif=0D
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf=0D
+ PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf=0D
+=0D
+[LibraryClasses.common.SMM_CORE]=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf=0D
+ ResetSystemLib|OvmfPkg/Library/ResetSystemLib/DxeResetSystemLib.inf=0D
+ SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/S=
mmCorePlatformHookLibNull.inf=0D
+ MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/Pi=
SmmCoreMemoryAllocationLib.inf=0D
+ ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor=
tStatusCodeLib.inf=0D
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf=0D
+ SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf=0D
+ SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/Pi=
SmmCoreSmmServicesTableLib.inf=0D
+!ifdef $(DEBUG_ON_SERIAL_PORT)=0D
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.in=
f=0D
+!else=0D
+ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.i=
nf=0D
+!endif=0D
+ PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf=0D
+=0D
+##########################################################################=
######=0D
+#=0D
+# Pcd Section - list of all EDK II PCD Entries defined by this Platform.=0D
+#=0D
+##########################################################################=
######=0D
+[PcdsFeatureFlag]=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdHiiOsRuntimeSupport|FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress|FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode|FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdInstallAcpiSdtProtocol|TRUE=0D
+!ifdef $(CSM_ENABLE)=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable|TRUE=0D
+!endif=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE=0D
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE=0D
+!endif=0D
+=0D
+[PcdsFixedAtBuild]=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1=0D
+!if $(SMM_REQUIRE) =3D=3D FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FAL=
SE=0D
+!endif=0D
+ gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10=0D
+!if ($(FD_SIZE_IN_KB) =3D=3D 1024) || ($(FD_SIZE_IN_KB) =3D=3D 2048)=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800=0D
+!if $(NETWORK_TLS_ENABLE) =3D=3D FALSE=0D
+ # match PcdFlashNvStorageVariableSize purely for convenience=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000=0D
+!endif=0D
+!endif=0D
+!if $(FD_SIZE_IN_KB) =3D=3D 4096=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400=0D
+!if $(NETWORK_TLS_ENABLE) =3D=3D FALSE=0D
+ # match PcdFlashNvStorageVariableSize purely for convenience=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x40000=0D
+!endif=0D
+!endif=0D
+!if $(NETWORK_TLS_ENABLE) =3D=3D TRUE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0x80000=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize|0x40000=0D
+!endif=0D
+=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|TRUE=0D
+=0D
+ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07=0D
+=0D
+ # DEBUG_INIT 0x00000001 // Initialization=0D
+ # DEBUG_WARN 0x00000002 // Warnings=0D
+ # DEBUG_LOAD 0x00000004 // Load events=0D
+ # DEBUG_FS 0x00000008 // EFI File system=0D
+ # DEBUG_POOL 0x00000010 // Alloc & Free (pool)=0D
+ # DEBUG_PAGE 0x00000020 // Alloc & Free (page)=0D
+ # DEBUG_INFO 0x00000040 // Informational debug messages=0D
+ # DEBUG_DISPATCH 0x00000080 // PEI/DXE/SMM Dispatchers=0D
+ # DEBUG_VARIABLE 0x00000100 // Variable=0D
+ # DEBUG_BM 0x00000400 // Boot Manager=0D
+ # DEBUG_BLKIO 0x00001000 // BlkIo Driver=0D
+ # DEBUG_NET 0x00004000 // SNP Driver=0D
+ # DEBUG_UNDI 0x00010000 // UNDI Driver=0D
+ # DEBUG_LOADFILE 0x00020000 // LoadFile=0D
+ # DEBUG_EVENT 0x00080000 // Event messages=0D
+ # DEBUG_GCD 0x00100000 // Global Coherency Database changes=0D
+ # DEBUG_CACHE 0x00200000 // Memory range cachability changes=0D
+ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may=0D
+ # // significantly impact boot performance=0D
+ # DEBUG_ERROR 0x80000000 // Error=0D
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F=0D
+=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17=0D
+!else=0D
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F=0D
+!endif=0D
+=0D
+ # This PCD is used to set the base address of the PCI express hierarchy.=
It=0D
+ # is only consulted when OVMF runs on Q35. In that case it is programmed=
into=0D
+ # the PCIEXBAR register.=0D
+ #=0D
+ # On Q35 machine types that QEMU intends to support in the long term, QE=
MU=0D
+ # never lets the RAM below 4 GB exceed 2816 MB.=0D
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000=0D
+=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
+ gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2=0D
+!endif=0D
+=0D
+ #=0D
+ # The NumberOfPages values below are ad-hoc. They are updated sporadical=
ly at=0D
+ # best (please refer to git-blame for past updates). The values capture =
a set=0D
+ # of BIN hints that made sense at a particular time, for some (now likel=
y=0D
+ # unknown) workloads / boot paths.=0D
+ #=0D
+ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIMemoryNVS|0x80=0D
+ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiACPIReclaimMemory|0x10=0D
+ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType|0x80=0D
+ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x100=0D
+ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0x100=0D
+=0D
+ #=0D
+ # Network Pcds=0D
+ #=0D
+!include NetworkPkg/NetworkPcds.dsc.inc=0D
+=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackSize|0x4000=0D
+!endif=0D
+=0D
+ # IRQs 5, 9, 10, 11 are level-triggered=0D
+ gUefiOvmfPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel|0x0E20=0D
+=0D
+ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c=
, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0=
x31 }=0D
+=0D
+##########################################################################=
######=0D
+#=0D
+# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Pla=
tform=0D
+#=0D
+##########################################################################=
######=0D
+=0D
+[PcdsDynamicDefault]=0D
+ # only set when=0D
+ # ($(SMM_REQUIRE) =3D=3D FALSE)=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0=0D
+=0D
+!if $(SMM_REQUIRE) =3D=3D FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0=0D
+!endif=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdPciIoSize|0x0=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Base|0x0=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio32Size|0x0=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Base|0x0=0D
+!ifdef $(CSM_ENABLE)=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x0=0D
+!else=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdPciMmio64Size|0x800000000=0D
+!endif=0D
+=0D
+ gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|0=0D
+=0D
+ # Set video resolution for text setup.=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|480=0D
+=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0208=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE=0D
+=0D
+ # Noexec settings for DXE.=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE=0D
+=0D
+ # UefiCpuPkg PCDs related to initial AP bringup and general AP managemen=
t.=0D
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64=0D
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0=0D
+=0D
+ # Set memory encryption mask=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0=0D
+=0D
+ # Set SEV-ES defaults=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0=0D
+ gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0=0D
+ gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0=0D
+=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8=0D
+ gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase|FALSE=0D
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01=0D
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmApSyncTimeout|100000=0D
+!endif=0D
+=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00=0D
+=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00=
, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}=0D
+!endif=0D
+=0D
+ # IPv4 and IPv6 PXE Boot support.=0D
+ gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01=0D
+ gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01=0D
+=0D
+[PcdsDynamicHii]=0D
+!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_=
VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS=0D
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C=
onfigFormSetGuid|0x8|3|NV,BS=0D
+!endif=0D
+=0D
+##########################################################################=
######=0D
+#=0D
+# Components Section - list of all EDK II Modules needed by this Platform.=
=0D
+#=0D
+##########################################################################=
######=0D
+[Components]=0D
+ OvmfPkg/ResetVector/ResetVector.inf=0D
+=0D
+ #=0D
+ # SEC Phase modules=0D
+ #=0D
+ OvmfPkg/Sec/SecMain.inf {=0D
+ <LibraryClasses>=0D
+ NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre=
ssLib.inf=0D
+ }=0D
+=0D
+ #=0D
+ # PEI Phase modules=0D
+ #=0D
+ MdeModulePkg/Core/Pei/PeiMain.inf=0D
+ MdeModulePkg/Universal/PCD/Pei/Pcd.inf {=0D
+ <LibraryClasses>=0D
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D
+ }=0D
+ MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouter=
Pei.inf {=0D
+ <LibraryClasses>=0D
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D
+ }=0D
+ MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf {=
=0D
+ <LibraryClasses>=0D
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D
+ }=0D
+ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf=0D
+=0D
+ OvmfPkg/PlatformPei/PlatformPei.inf=0D
+ UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf {=0D
+ <LibraryClasses>=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf=0D
+!endif=0D
+ }=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+ MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf=0D
+ MdeModulePkg/Universal/Variable/Pei/VariablePei.inf=0D
+ OvmfPkg/SmmAccess/SmmAccessPei.inf=0D
+!endif=0D
+ UefiCpuPkg/CpuMpPei/CpuMpPei.inf=0D
+=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf=0D
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf=0D
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {=0D
+ <LibraryClasses>=0D
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt=
oRouterPei.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf=
=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256=
.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384=
.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512=
.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf=0D
+ }=0D
+!endif=0D
+=0D
+ #=0D
+ # DXE Phase modules=0D
+ #=0D
+ MdeModulePkg/Core/Dxe/DxeMain.inf {=0D
+ <LibraryClasses>=0D
+ NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre=
ssLib.inf=0D
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf=
=0D
+ }=0D
+=0D
+ MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCod=
eRouterRuntimeDxe.inf=0D
+ MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRun=
timeDxe.inf=0D
+ MdeModulePkg/Universal/PCD/Dxe/Pcd.inf {=0D
+ <LibraryClasses>=0D
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D
+ }=0D
+=0D
+ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf=0D
+=0D
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {=0D
+ <LibraryClasses>=0D
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE=0D
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio=
nLib.inf=0D
+!endif=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i=
nf=0D
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib=
.inf=0D
+!endif=0D
+ }=0D
+=0D
+ MdeModulePkg/Universal/EbcDxe/EbcDxe.inf=0D
+ OvmfPkg/8259InterruptControllerDxe/8259.inf=0D
+ UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf=0D
+ UefiCpuPkg/CpuDxe/CpuDxe.inf=0D
+ OvmfPkg/8254TimerDxe/8254Timer.inf=0D
+ OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.inf=
=0D
+ OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf=0D
+ MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf {=0D
+ <LibraryClasses>=0D
+ PciHostBridgeLib|OvmfPkg/Library/PciHostBridgeLib/PciHostBridgeLib.i=
nf=0D
+ NULL|OvmfPkg/Library/PlatformHasIoMmuLib/PlatformHasIoMmuLib.inf=0D
+ }=0D
+ MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf {=0D
+ <LibraryClasses>=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ }=0D
+ MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf=0D
+ MdeModulePkg/Universal/Metronome/Metronome.inf=0D
+ PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.i=
nf=0D
+ MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf=
=0D
+ MdeModulePkg/Universal/BdsDxe/BdsDxe.inf {=0D
+ <LibraryClasses>=0D
+!ifdef $(CSM_ENABLE)=0D
+ NULL|OvmfPkg/Csm/CsmSupportLib/CsmSupportLib.inf=0D
+ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf=0D
+!endif=0D
+ }=0D
+ MdeModulePkg/Logo/LogoDxe.inf=0D
+ MdeModulePkg/Application/UiApp/UiApp.inf {=0D
+ <LibraryClasses>=0D
+ NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf=
=0D
+ NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf=0D
+ NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc=
eManagerUiLib.inf=0D
+!ifdef $(CSM_ENABLE)=0D
+ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf=0D
+ NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf=0D
+!endif=0D
+ }=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
+ OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
+ OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
+ OvmfPkg/VirtioScsiDxe/VirtioScsi.inf=0D
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf=0D
+ OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf=0D
+ OvmfPkg/XenBusDxe/XenBusDxe.inf=0D
+ OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf=0D
+!if $(PVSCSI_ENABLE) =3D=3D TRUE=0D
+ OvmfPkg/PvScsiDxe/PvScsiDxe.inf=0D
+!endif=0D
+!if $(MPT_SCSI_ENABLE) =3D=3D TRUE=0D
+ OvmfPkg/MptScsiDxe/MptScsiDxe.inf=0D
+!endif=0D
+!if $(LSI_SCSI_ENABLE) =3D=3D TRUE=0D
+ OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf=0D
+!endif=0D
+ MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf=0D
+ MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntim=
eDxe.inf=0D
+ MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf=0D
+ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf=0D
+ MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf=0D
+ MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf=
{=0D
+ <LibraryClasses>=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ }=0D
+ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf=0D
+ MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf {=0D
+ <LibraryClasses>=0D
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf=
=0D
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf=0D
+ }=0D
+ MdeModulePkg/Universal/PrintDxe/PrintDxe.inf=0D
+ MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf=0D
+ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf=0D
+ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf=0D
+ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf=0D
+ FatPkg/EnhancedFatDxe/Fat.inf=0D
+ MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf=0D
+ MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf=0D
+ MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf=0D
+ OvmfPkg/SataControllerDxe/SataControllerDxe.inf=0D
+ MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf=0D
+ MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf=0D
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf=0D
+ MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf=0D
+ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf=0D
+ MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf=0D
+ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.in=
f=0D
+=0D
+!ifndef $(CSM_ENABLE)=0D
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf=0D
+!endif=0D
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf=0D
+ OvmfPkg/VirtioGpuDxe/VirtioGpu.inf=0D
+=0D
+ #=0D
+ # ISA Support=0D
+ #=0D
+ OvmfPkg/SioBusDxe/SioBusDxe.inf=0D
+ MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf=0D
+ MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf=0D
+=0D
+ #=0D
+ # SMBIOS Support=0D
+ #=0D
+ MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/SmbiosVersionLib/DetectSmbiosVersionLib.inf=0D
+ }=0D
+ OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf=0D
+=0D
+ #=0D
+ # ACPI Support=0D
+ #=0D
+ MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf=0D
+ OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf=0D
+ OvmfPkg/AcpiTables/AcpiTables.inf=0D
+ MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf=0D
+ MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.=
inf=0D
+ MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsRes=
ourceTableDxe.inf=0D
+=0D
+ #=0D
+ # Network Support=0D
+ #=0D
+!include NetworkPkg/NetworkComponents.dsc.inc=0D
+=0D
+ NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/PxeBcPcdProducerLib/PxeBcPcdProducerLib.inf=0D
+ }=0D
+=0D
+!if $(NETWORK_TLS_ENABLE) =3D=3D TRUE=0D
+ NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/TlsAuthConfigLib/TlsAuthConfigLib.inf=0D
+ }=0D
+!endif=0D
+ OvmfPkg/VirtioNetDxe/VirtioNet.inf=0D
+=0D
+ #=0D
+ # Usb Support=0D
+ #=0D
+ MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf=0D
+ MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf=0D
+ MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf=0D
+ MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf=0D
+ MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf=0D
+ MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf=0D
+=0D
+!ifdef $(CSM_ENABLE)=0D
+ OvmfPkg/Csm/BiosThunk/VideoDxe/VideoDxe.inf {=0D
+ <LibraryClasses>=0D
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf=0D
+ }=0D
+ OvmfPkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf=0D
+ OvmfPkg/Csm/Csm16/Csm16.inf=0D
+!endif=0D
+=0D
+!if $(TOOL_CHAIN_TAG) !=3D "XCODE5"=0D
+ ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {=0D
+ <PcdsFixedAtBuild>=0D
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE=0D
+ }=0D
+ ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {=0D
+ <PcdsFixedAtBuild>=0D
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE=0D
+ }=0D
+ OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.in=
f {=0D
+ <PcdsFixedAtBuild>=0D
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE=0D
+ }=0D
+!endif=0D
+ ShellPkg/Application/Shell/Shell.inf {=0D
+ <LibraryClasses>=0D
+ ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellComman=
dLib.inf=0D
+ NULL|ShellPkg/Library/UefiShellLevel2CommandsLib/UefiShellLevel2Comm=
andsLib.inf=0D
+ NULL|ShellPkg/Library/UefiShellLevel1CommandsLib/UefiShellLevel1Comm=
andsLib.inf=0D
+ NULL|ShellPkg/Library/UefiShellLevel3CommandsLib/UefiShellLevel3Comm=
andsLib.inf=0D
+ NULL|ShellPkg/Library/UefiShellDriver1CommandsLib/UefiShellDriver1Co=
mmandsLib.inf=0D
+ NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1Comm=
andsLib.inf=0D
+ NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1=
CommandsLib.inf=0D
+ NULL|ShellPkg/Library/UefiShellNetwork1CommandsLib/UefiShellNetwork1=
CommandsLib.inf=0D
+!if $(NETWORK_IP6_ENABLE) =3D=3D TRUE=0D
+ NULL|ShellPkg/Library/UefiShellNetwork2CommandsLib/UefiShellNetwork2=
CommandsLib.inf=0D
+!endif=0D
+ HandleParsingLib|ShellPkg/Library/UefiHandleParsingLib/UefiHandlePar=
singLib.inf=0D
+ PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf=0D
+ BcfgCommandLib|ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcf=
gCommandLib.inf=0D
+=0D
+ <PcdsFixedAtBuild>=0D
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xFF=0D
+ gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE=0D
+ gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000=0D
+ }=0D
+=0D
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE=0D
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx=
e.inf=0D
+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf=0D
+!endif=0D
+=0D
+ OvmfPkg/PlatformDxe/Platform.inf=0D
+ OvmfPkg/AmdSevDxe/AmdSevDxe.inf=0D
+ OvmfPkg/IoMmuDxe/IoMmuDxe.inf=0D
+=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+ OvmfPkg/SmmAccess/SmmAccess2Dxe.inf=0D
+ OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf=0D
+ OvmfPkg/CpuS3DataDxe/CpuS3DataDxe.inf=0D
+=0D
+ #=0D
+ # SMM Initial Program Load (a DXE_RUNTIME_DRIVER)=0D
+ #=0D
+ MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf=0D
+=0D
+ #=0D
+ # SMM_CORE=0D
+ #=0D
+ MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf=0D
+=0D
+ #=0D
+ # Privileged drivers (DXE_SMM_DRIVER modules)=0D
+ #=0D
+ OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf=0D
+ UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf=0D
+ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf {=0D
+ <LibraryClasses>=0D
+ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf=0D
+ }=0D
+ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf {=0D
+ <LibraryClasses>=0D
+ SmmCpuPlatformHookLib|OvmfPkg/Library/SmmCpuPlatformHookLibQemu/SmmC=
puPlatformHookLibQemu.inf=0D
+ SmmCpuFeaturesLib|OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLi=
b.inf=0D
+ }=0D
+=0D
+ #=0D
+ # Variable driver stack (SMM)=0D
+ #=0D
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf=0D
+ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf=0D
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {=0D
+ <LibraryClasses>=0D
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf=0D
+ }=0D
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf=0D
+=0D
+!else=0D
+=0D
+ #=0D
+ # Variable driver stack (non-SMM)=0D
+ #=0D
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf=0D
+ OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf {=0D
+ <LibraryClasses>=0D
+ PlatformFvbLib|OvmfPkg/Library/EmuVariableFvbLib/EmuVariableFvbLib.i=
nf=0D
+ }=0D
+ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf=0D
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf=0D
+ }=0D
+!endif=0D
+=0D
+ #=0D
+ # TPM support=0D
+ #=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {=0D
+ <LibraryClasses>=0D
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR=
outerDxe.inf=0D
+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf=0D
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt=
oRouterDxe.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf=
=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256=
.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384=
.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512=
.inf=0D
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf=0D
+ }=0D
+!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE=0D
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf=0D
+!endif=0D
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {=0D
+ <LibraryClasses>=0D
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib=
DTpm.inf=0D
+ }=0D
+!endif=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
new file mode 100644
index 0000000000..e874629a4e
--- /dev/null
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -0,0 +1,506 @@
+## @file=0D
+# Open Virtual Machine Firmware: FDF=0D
+#=0D
+# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>=
=0D
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>=0D
+#=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#=0D
+##=0D
+=0D
+##########################################################################=
######=0D
+=0D
+[Defines]=0D
+!include OvmfPkg/OvmfPkgDefines.fdf.inc=0D
+=0D
+#=0D
+# Build the variable store and the firmware code as one unified flash devi=
ce=0D
+# image.=0D
+#=0D
+[FD.OVMF]=0D
+BaseAddress =3D $(FW_BASE_ADDRESS)=0D
+Size =3D $(FW_SIZE)=0D
+ErasePolarity =3D 1=0D
+BlockSize =3D $(BLOCK_SIZE)=0D
+NumBlocks =3D $(FW_BLOCKS)=0D
+=0D
+!include OvmfPkg/VarStore.fdf.inc=0D
+=0D
+$(VARS_SIZE)|$(FVMAIN_SIZE)=0D
+FV =3D FVMAIN_COMPACT=0D
+=0D
+$(SECFV_OFFSET)|$(SECFV_SIZE)=0D
+FV =3D SECFV=0D
+=0D
+##########################################################################=
######=0D
+=0D
+[FD.MEMFD]=0D
+BaseAddress =3D $(MEMFD_BASE_ADDRESS)=0D
+Size =3D 0xD00000=0D
+ErasePolarity =3D 1=0D
+BlockSize =3D 0x10000=0D
+NumBlocks =3D 0xD0=0D
+=0D
+0x000000|0x006000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPageTablesSize=0D
+=0D
+0x006000|0x001000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac=
eGuid.PcdOvmfLockBoxStorageSize=0D
+=0D
+0x007000|0x001000=0D
+gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgT=
okenSpaceGuid.PcdGuidedExtractHandlerTableSize=0D
+=0D
+0x008000|0x001000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbPageTableBase|gUefiOvmfPkgTokenSp=
aceGuid.PcdOvmfSecGhcbPageTableSize=0D
+=0D
+0x009000|0x002000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P=
cdOvmfSecGhcbSize=0D
+=0D
+0x00B000|0x001000=0D
+gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase|gUefiCpuPkgTokenSpaceGuid.P=
cdSevEsWorkAreaSize=0D
+=0D
+0x010000|0x010000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace=
Guid.PcdOvmfSecPeiTempRamSize=0D
+=0D
+0x020000|0x0E0000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.=
PcdOvmfPeiMemFvSize=0D
+FV =3D PEIFV=0D
+=0D
+0x100000|0xC00000=0D
+gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.=
PcdOvmfDxeMemFvSize=0D
+FV =3D DXEFV=0D
+=0D
+##########################################################################=
######=0D
+=0D
+[FV.SECFV]=0D
+FvNameGuid =3D 763BED0D-DE9F-48F5-81F1-3E90E1B1A015=0D
+BlockSize =3D 0x1000=0D
+FvAlignment =3D 16=0D
+ERASE_POLARITY =3D 1=0D
+MEMORY_MAPPED =3D TRUE=0D
+STICKY_WRITE =3D TRUE=0D
+LOCK_CAP =3D TRUE=0D
+LOCK_STATUS =3D TRUE=0D
+WRITE_DISABLED_CAP =3D TRUE=0D
+WRITE_ENABLED_CAP =3D TRUE=0D
+WRITE_STATUS =3D TRUE=0D
+WRITE_LOCK_CAP =3D TRUE=0D
+WRITE_LOCK_STATUS =3D TRUE=0D
+READ_DISABLED_CAP =3D TRUE=0D
+READ_ENABLED_CAP =3D TRUE=0D
+READ_STATUS =3D TRUE=0D
+READ_LOCK_CAP =3D TRUE=0D
+READ_LOCK_STATUS =3D TRUE=0D
+=0D
+#=0D
+# SEC Phase modules=0D
+#=0D
+# The code in this FV handles the initial firmware startup, and=0D
+# decompresses the PEI and DXE FVs which handles the rest of the boot sequ=
ence.=0D
+#=0D
+INF OvmfPkg/Sec/SecMain.inf=0D
+=0D
+INF RuleOverride=3DRESET_VECTOR OvmfPkg/ResetVector/ResetVector.inf=0D
+=0D
+##########################################################################=
######=0D
+[FV.PEIFV]=0D
+FvNameGuid =3D 6938079B-B503-4E3D-9D24-B28337A25806=0D
+BlockSize =3D 0x10000=0D
+FvAlignment =3D 16=0D
+ERASE_POLARITY =3D 1=0D
+MEMORY_MAPPED =3D TRUE=0D
+STICKY_WRITE =3D TRUE=0D
+LOCK_CAP =3D TRUE=0D
+LOCK_STATUS =3D TRUE=0D
+WRITE_DISABLED_CAP =3D TRUE=0D
+WRITE_ENABLED_CAP =3D TRUE=0D
+WRITE_STATUS =3D TRUE=0D
+WRITE_LOCK_CAP =3D TRUE=0D
+WRITE_LOCK_STATUS =3D TRUE=0D
+READ_DISABLED_CAP =3D TRUE=0D
+READ_ENABLED_CAP =3D TRUE=0D
+READ_STATUS =3D TRUE=0D
+READ_LOCK_CAP =3D TRUE=0D
+READ_LOCK_STATUS =3D TRUE=0D
+=0D
+APRIORI PEI {=0D
+ INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf=0D
+}=0D
+=0D
+#=0D
+# PEI Phase modules=0D
+#=0D
+INF MdeModulePkg/Core/Pei/PeiMain.inf=0D
+INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf=0D
+INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRou=
terPei.inf=0D
+INF MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf=
=0D
+INF OvmfPkg/PlatformPei/PlatformPei.inf=0D
+INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf=0D
+INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+INF MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.in=
f=0D
+INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf=0D
+INF OvmfPkg/SmmAccess/SmmAccessPei.inf=0D
+!endif=0D
+INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf=0D
+=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf=0D
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf=0D
+INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf=0D
+!endif=0D
+=0D
+##########################################################################=
######=0D
+=0D
+[FV.DXEFV]=0D
+FvForceRebase =3D FALSE=0D
+FvNameGuid =3D 7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1=0D
+BlockSize =3D 0x10000=0D
+FvAlignment =3D 16=0D
+ERASE_POLARITY =3D 1=0D
+MEMORY_MAPPED =3D TRUE=0D
+STICKY_WRITE =3D TRUE=0D
+LOCK_CAP =3D TRUE=0D
+LOCK_STATUS =3D TRUE=0D
+WRITE_DISABLED_CAP =3D TRUE=0D
+WRITE_ENABLED_CAP =3D TRUE=0D
+WRITE_STATUS =3D TRUE=0D
+WRITE_LOCK_CAP =3D TRUE=0D
+WRITE_LOCK_STATUS =3D TRUE=0D
+READ_DISABLED_CAP =3D TRUE=0D
+READ_ENABLED_CAP =3D TRUE=0D
+READ_STATUS =3D TRUE=0D
+READ_LOCK_CAP =3D TRUE=0D
+READ_LOCK_STATUS =3D TRUE=0D
+=0D
+APRIORI DXE {=0D
+ INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf=0D
+ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf=0D
+ INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf=0D
+!if $(SMM_REQUIRE) =3D=3D FALSE=0D
+ INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf=0D
+!endif=0D
+}=0D
+=0D
+#=0D
+# DXE Phase modules=0D
+#=0D
+INF MdeModulePkg/Core/Dxe/DxeMain.inf=0D
+=0D
+INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatus=
CodeRouterRuntimeDxe.inf=0D
+INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandler=
RuntimeDxe.inf=0D
+INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf=0D
+=0D
+INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf=0D
+INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf=0D
+INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf=0D
+INF OvmfPkg/8259InterruptControllerDxe/8259.inf=0D
+INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf=0D
+INF UefiCpuPkg/CpuDxe/CpuDxe.inf=0D
+INF OvmfPkg/8254TimerDxe/8254Timer.inf=0D
+INF OvmfPkg/IncompatiblePciDeviceSupportDxe/IncompatiblePciDeviceSupport.=
inf=0D
+INF OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.inf=0D
+INF MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf=0D
+INF MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf=0D
+INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.in=
f=0D
+INF MdeModulePkg/Universal/Metronome/Metronome.inf=0D
+INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDx=
e.inf=0D
+=0D
+INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
+INF OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
+INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
+INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf=0D
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf=0D
+INF OvmfPkg/XenIoPciDxe/XenIoPciDxe.inf=0D
+INF OvmfPkg/XenBusDxe/XenBusDxe.inf=0D
+INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf=0D
+!if $(PVSCSI_ENABLE) =3D=3D TRUE=0D
+INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf=0D
+!endif=0D
+!if $(MPT_SCSI_ENABLE) =3D=3D TRUE=0D
+INF OvmfPkg/MptScsiDxe/MptScsiDxe.inf=0D
+!endif=0D
+!if $(LSI_SCSI_ENABLE) =3D=3D TRUE=0D
+INF OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf=0D
+!endif=0D
+=0D
+!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE=0D
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon=
figDxe.inf=0D
+!endif=0D
+=0D
+INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf=0D
+INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRun=
timeDxe.inf=0D
+INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf=0D
+INF MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf=0D
+INF MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf=0D
+INF MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.=
inf=0D
+INF MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf=0D
+INF MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.=
inf=0D
+INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf=0D
+INF MdeModulePkg/Application/UiApp/UiApp.inf=0D
+INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf=0D
+INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf=0D
+INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf=0D
+INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf=0D
+INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf=0D
+INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.in=
f=0D
+INF MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf=0D
+INF MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf=0D
+INF OvmfPkg/SataControllerDxe/SataControllerDxe.inf=0D
+INF MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf=0D
+INF MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf=0D
+INF MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf=0D
+INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf=0D
+INF MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf=0D
+INF MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf=0D
+INF MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe=
.inf=0D
+=0D
+INF OvmfPkg/SioBusDxe/SioBusDxe.inf=0D
+!if $(SOURCE_DEBUG_ENABLE) =3D=3D FALSE=0D
+INF MdeModulePkg/Bus/Pci/PciSioSerialDxe/PciSioSerialDxe.inf=0D
+!endif=0D
+INF MdeModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2KeyboardDxe.inf=0D
+=0D
+INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf=0D
+INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf=0D
+=0D
+INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf=0D
+INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf=0D
+INF RuleOverride=3DACPITABLE OvmfPkg/AcpiTables/AcpiTables.inf=0D
+INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf=0D
+INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorD=
xe.inf=0D
+INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphics=
ResourceTableDxe.inf=0D
+=0D
+INF FatPkg/EnhancedFatDxe/Fat.inf=0D
+INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf=0D
+=0D
+!if $(TOOL_CHAIN_TAG) !=3D "XCODE5"=0D
+INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf=0D
+INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf=0D
+INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand=
.inf=0D
+!endif=0D
+INF ShellPkg/Application/Shell/Shell.inf=0D
+=0D
+INF MdeModulePkg/Logo/LogoDxe.inf=0D
+=0D
+#=0D
+# Network modules=0D
+#=0D
+!if $(E1000_ENABLE)=0D
+ FILE DRIVER =3D 5D695E11-9B3F-4b83-B25F-4A8D5D69BE07 {=0D
+ SECTION PE32 =3D Intel3.5/EFIX64/E3522X2.EFI=0D
+ }=0D
+!endif=0D
+!include NetworkPkg/Network.fdf.inc=0D
+ INF OvmfPkg/VirtioNetDxe/VirtioNet.inf=0D
+=0D
+#=0D
+# Usb Support=0D
+#=0D
+INF MdeModulePkg/Bus/Pci/UhciDxe/UhciDxe.inf=0D
+INF MdeModulePkg/Bus/Pci/EhciDxe/EhciDxe.inf=0D
+INF MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf=0D
+INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf=0D
+INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf=0D
+INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf=0D
+=0D
+!ifdef $(CSM_ENABLE)=0D
+INF OvmfPkg/Csm/BiosThunk/VideoDxe/VideoDxe.inf=0D
+INF OvmfPkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf=0D
+INF RuleOverride=3DCSM OvmfPkg/Csm/Csm16/Csm16.inf=0D
+!else=0D
+INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf=0D
+!endif=0D
+=0D
+INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf=0D
+INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf=0D
+INF OvmfPkg/PlatformDxe/Platform.inf=0D
+INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf=0D
+INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf=0D
+=0D
+!if $(SMM_REQUIRE) =3D=3D TRUE=0D
+INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf=0D
+INF OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf=0D
+INF OvmfPkg/CpuS3DataDxe/CpuS3DataDxe.inf=0D
+INF MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf=0D
+INF MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf=0D
+INF OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf=0D
+INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf=0D
+INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf=0D
+INF UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf=0D
+=0D
+#=0D
+# Variable driver stack (SMM)=0D
+#=0D
+INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf=0D
+INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.in=
f=0D
+INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf=0D
+INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf=
=0D
+=0D
+!else=0D
+=0D
+#=0D
+# Variable driver stack (non-SMM)=0D
+#=0D
+INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf=0D
+INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf=0D
+INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.in=
f=0D
+INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf=0D
+!endif=0D
+=0D
+#=0D
+# TPM support=0D
+#=0D
+!if $(TPM_ENABLE) =3D=3D TRUE=0D
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf=0D
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf=0D
+!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE=0D
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf=0D
+!endif=0D
+!endif=0D
+=0D
+##########################################################################=
######=0D
+=0D
+[FV.FVMAIN_COMPACT]=0D
+FvNameGuid =3D 48DB5E17-707C-472D-91CD-1613E7EF51B0=0D
+FvAlignment =3D 16=0D
+ERASE_POLARITY =3D 1=0D
+MEMORY_MAPPED =3D TRUE=0D
+STICKY_WRITE =3D TRUE=0D
+LOCK_CAP =3D TRUE=0D
+LOCK_STATUS =3D TRUE=0D
+WRITE_DISABLED_CAP =3D TRUE=0D
+WRITE_ENABLED_CAP =3D TRUE=0D
+WRITE_STATUS =3D TRUE=0D
+WRITE_LOCK_CAP =3D TRUE=0D
+WRITE_LOCK_STATUS =3D TRUE=0D
+READ_DISABLED_CAP =3D TRUE=0D
+READ_ENABLED_CAP =3D TRUE=0D
+READ_STATUS =3D TRUE=0D
+READ_LOCK_CAP =3D TRUE=0D
+READ_LOCK_STATUS =3D TRUE=0D
+=0D
+FILE FV_IMAGE =3D 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {=0D
+ SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRED=
=3D TRUE {=0D
+ #=0D
+ # These firmware volumes will have files placed in them uncompressed,=
=0D
+ # and then both firmware volumes will be compressed in a single=0D
+ # compression operation in order to achieve better overall compressio=
n.=0D
+ #=0D
+ SECTION FV_IMAGE =3D PEIFV=0D
+ SECTION FV_IMAGE =3D DXEFV=0D
+ }=0D
+ }=0D
+=0D
+!include OvmfPkg/FvmainCompactScratchEnd.fdf.inc=0D
+=0D
+##########################################################################=
######=0D
+=0D
+[Rule.Common.SEC]=0D
+ FILE SEC =3D $(NAMED_GUID) {=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING =3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING =3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE=
R)=0D
+ }=0D
+=0D
+[Rule.Common.PEI_CORE]=0D
+ FILE PEI_CORE =3D $(NAMED_GUID) {=0D
+ PE32 PE32 Align=3DAuto $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING =3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING =3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE=
R)=0D
+ }=0D
+=0D
+[Rule.Common.PEIM]=0D
+ FILE PEIM =3D $(NAMED_GUID) {=0D
+ PEI_DEPEX PEI_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depe=
x=0D
+ PE32 PE32 Align=3DAuto $(INF_OUTPUT)/$(MODULE_NAME).ef=
i=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE=
R)=0D
+ }=0D
+=0D
+[Rule.Common.DXE_CORE]=0D
+ FILE DXE_CORE =3D $(NAMED_GUID) {=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER=
)=0D
+ }=0D
+=0D
+[Rule.Common.DXE_DRIVER]=0D
+ FILE DRIVER =3D $(NAMED_GUID) {=0D
+ DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depe=
x=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER=
)=0D
+ RAW ACPI Optional |.acpi=0D
+ RAW ASL Optional |.aml=0D
+ }=0D
+=0D
+[Rule.Common.DXE_RUNTIME_DRIVER]=0D
+ FILE DRIVER =3D $(NAMED_GUID) {=0D
+ DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depe=
x=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER=
)=0D
+ }=0D
+=0D
+[Rule.Common.UEFI_DRIVER]=0D
+ FILE DRIVER =3D $(NAMED_GUID) {=0D
+ DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depe=
x=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER=
)=0D
+ }=0D
+=0D
+[Rule.Common.UEFI_DRIVER.BINARY]=0D
+ FILE DRIVER =3D $(NAMED_GUID) {=0D
+ DXE_DEPEX DXE_DEPEX Optional |.depex=0D
+ PE32 PE32 |.efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE=
R)=0D
+ }=0D
+=0D
+[Rule.Common.UEFI_APPLICATION]=0D
+ FILE APPLICATION =3D $(NAMED_GUID) {=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER=
)=0D
+ }=0D
+=0D
+[Rule.Common.UEFI_APPLICATION.BINARY]=0D
+ FILE APPLICATION =3D $(NAMED_GUID) {=0D
+ PE32 PE32 |.efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBE=
R)=0D
+ }=0D
+=0D
+[Rule.Common.USER_DEFINED.ACPITABLE]=0D
+ FILE FREEFORM =3D $(NAMED_GUID) {=0D
+ RAW ACPI |.acpi=0D
+ RAW ASL |.aml=0D
+ }=0D
+=0D
+[Rule.Common.USER_DEFINED.CSM]=0D
+ FILE FREEFORM =3D $(NAMED_GUID) {=0D
+ RAW BIN |.bin=0D
+ }=0D
+=0D
+[Rule.Common.SEC.RESET_VECTOR]=0D
+ FILE RAW =3D $(NAMED_GUID) {=0D
+ RAW BIN Align =3D 16 |.bin=0D
+ }=0D
+=0D
+[Rule.Common.SMM_CORE]=0D
+ FILE SMM_CORE =3D $(NAMED_GUID) {=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER=
)=0D
+ }=0D
+=0D
+[Rule.Common.DXE_SMM_DRIVER]=0D
+ FILE SMM =3D $(NAMED_GUID) {=0D
+ SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depe=
x=0D
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi=0D
+ UI STRING=3D"$(MODULE_NAME)" Optional=0D
+ VERSION STRING=3D"$(INF_VERSION)" Optional BUILD_NUM=3D$(BUILD_NUMBER=
)=0D
+ }=0D
--=20
2.26.2


[PATCH 0/4] SEV Encrypted Boot for Ovmf

James Bottomley <jejb@...>
 

From: James Bottomley <James.Bottomley@HansenPartnership.com>

This patch series is modelled on the structure of the Bhyve patches
for Ovmf, since it does somewhat similar things. This patch series
creates a separate build for an AmdSev OVMF.fd that does nothing
except combine with grub and boot straight through the internal grub
to try to mount an encrypted volume.

Concept: SEV Secure Encrypted Images
====================================

The SEV patches in Linux and OVMF allow for the booting of SEV VMs in
an encrypted state, but don't really show how this could be done with
an encrypted image. Since the key used to decrypt the image must be
maintained within the SEV encryption envelope, encrypted QCOW is not
an option because the key would then have to be known to QEMU which is
outside the encryption envelope. The proposal here is that an
encrypted image should be a QCOW image consisting of two partitions,
the normal unencrypted EFI partition (Identifying it as an OVMF
bootable image) and a luks encrypted root partition. The kernel would
be inside the encrypted root in the /boot directory. The secret
injected securely through QEMU is extracted by OVMF and passed to grub
which uses it to mount the encrypted root and boot the kernel
normally. The creator of the secret bundle must be satisfied with the
SEV attestation before the secret is constructed. Unfortunately, the
SEV attestation can only be on the first QEMU firmware volume and
nothing else, so this patch series builds grub itself into a firmware
volume and places it inside OVMF so that the entire boot system can be
attested. In a normal OVMF KVM system, the variable store is on the
second flash volume (which is read/write). Unfortunately, this
mutable configuration provided by the variables is outside the
attestation envelope and can significantly alter the boot path,
possibly leading to secret leak, so encrypted image boot should only
be done with the OVMF.fd that combines both the code and variables.
the OVMF.fd is constructed so that it becomes impossible to interrupt
the boot sequence after attestation and the system will either boot
the image or fail. The boot sequence runs the grub.efi embedded in the
OVMF firmware volume so the encrypted image owner knows their own
version of grub is the only one that will boot before injecting the
secret. Note this boot path actually ignores the unencrypted EFI
partition. However, as part of this design, the encrypted image may be
booted by a standard OVMF KVM boot and in that case, the user will
have to type the encryption password. This standard boot will be
insecure but it might be used by the constructor of the encrypted
images on their own private laptop, for instance. The standard boot
path will use the unencrypted EFI partition.

Patches Required Outside of OVMF
================================

There is a patch set to grub which allows it to extract the SEV secret
area from the configuration table and use the secret as a password to
do a luks crypto mount of root (this is the sevsecret grub module).

There is also a patch to qemu which allows it to search through the
OVMF.fd and find the SEV secret area which is now described inside the
Reset Vector using the existing SEV_ES reset block. This area is the
place QEMU will inject the encrypted SEV secret bundle.

Security of the System
======================

Since Grub is now part of the attested OVMF.fd bundle, the VM owner
knows absolutely that it will proceed straight to partition decryption
inside the attested code and boot the kernel off the encrypted
partition. Even if a different QCOW image is substituted, the boot
will fail without revealing the secret because the system is designed
to fail hard in that case and because the secret is always contained
within the encrypted envelope it should be impossible for the cloud
operator to obtain it even if they can pause the boot and examine the
machine memory.

Putting it All Together
=======================

This is somewhat hard. You must first understand how to boot a QEMU
system so as to have the VM pause after firmware loading (-S option)
and use the qmp port to request an attestation. Only if the
attestation corresponds to the expected sha256sum of OVMF.fd should
the secret bundle be constructed and injected using qmp. The tools
for constructing the secret bundle are in

https://github.com/AMDESE/sev-tool/

James

---

James Bottomley (4):
OvmfPkg/Amdsev: Base commit to build encrypted boot specific OVMF
OvmfPkg/AmdSev: add Grub Firmware Volume Package
OvmfPkg: create a SEV secret area in the AmdSev memfd
OvmfPkg/AmdSev: Expose the Sev Secret area using a configuration table

OvmfPkg/OvmfPkg.dec | 6 +
OvmfPkg/AmdSev/AmdSevX64.dsc | 1035 +++++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 515 ++++++
OvmfPkg/AmdSev/Grub/Grub.inf | 37 +
.../SevLaunchSecret/SecretDxe/SecretDxe.inf | 38 +
.../SevLaunchSecret/SecretPei/SecretPei.inf | 46 +
.../PlatformBootManagerLibGrub.inf | 84 +
OvmfPkg/ResetVector/ResetVector.inf | 4 +
.../PlatformBootManagerLibGrub/BdsPlatform.h | 179 ++
.../SevLaunchSecret/SecretDxe/SecretDxe.c | 29 +
.../SevLaunchSecret/SecretPei/SecretPei.c | 26 +
.../PlatformBootManagerLibGrub/BdsPlatform.c | 1538 +++++++++++++++++
.../PlatformBootManagerLibGrub/PlatformData.c | 213 +++
OvmfPkg/AmdSev/Grub/.gitignore | 1 +
OvmfPkg/AmdSev/Grub/grub.cfg | 35 +
OvmfPkg/AmdSev/Grub/grub.sh | 54 +
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 4 +
OvmfPkg/ResetVector/ResetVector.nasmb | 2 +
18 files changed, 3846 insertions(+)
create mode 100644 OvmfPkg/AmdSev/AmdSevX64.dsc
create mode 100644 OvmfPkg/AmdSev/AmdSevX64.fdf
create mode 100644 OvmfPkg/AmdSev/Grub/Grub.inf
create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.inf
create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.inf
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.inf
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretDxe/SecretDxe.c
create mode 100644 OvmfPkg/AmdSev/SevLaunchSecret/SecretPei/SecretPei.c
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
create mode 100644 OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformData.c
create mode 100644 OvmfPkg/AmdSev/Grub/.gitignore
create mode 100644 OvmfPkg/AmdSev/Grub/grub.cfg
create mode 100644 OvmfPkg/AmdSev/Grub/grub.sh

--
2.26.2


回复: [edk2-devel] [PATCH 1/1] MdePkg/BaseRngLibDxe: Add DXE_RUNTIME_DRIVER class to RngLib

gaoliming
 

I agree this library instance can be used for RUNTIME driver before boot to
OS.

Can you let me know which runtime driver consumes it? And, please make sure
the consumer code runs in boot phase only.

Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+67295+4905953+8761045@groups.io
<bounce+27952+67295+4905953+8761045@groups.io> 代表 Samer
El-Haj-Mahmoud
发送时间: 2020年11月12日 1:38
收件人: Pete Batard <pete@akeo.ie>; devel@edk2.groups.io
抄送: michael.d.kinney@intel.com; gaoliming@byosoft.com.cn;
zhiguang.liu@intel.com
主题: Re: [edk2-devel] [PATCH 1/1] MdePkg/BaseRngLibDxe: Add
DXE_RUNTIME_DRIVER class to RngLib

Reviewed-by: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>

-----Original Message-----
From: Pete Batard <pete@akeo.ie>
Sent: Wednesday, November 4, 2020 2:04 PM
To: devel@edk2.groups.io
Cc: michael.d.kinney@intel.com; gaoliming@byosoft.com.cn;
zhiguang.liu@intel.com; Samer El-Haj-Mahmoud <Samer.El-Haj-
Mahmoud@arm.com>
Subject: [PATCH 1/1] MdePkg/BaseRngLibDxe: Add DXE_RUNTIME_DRIVER
class to RngLib

The Raspberry Pi platform with Secure Boot enabled currently fails to
build
with error:

Module type [DXE_RUNTIME_DRIVER] is not supported by library
instance

[/home/appveyor/projects/rpi4/edk2/MdePkg/Library/DxeRngLib/DxeRngLi
b.inf]

Add the missing class to fix this issue.

Signed-off-by: Pete Batard <pete@akeo.ie>
---
MdePkg/Library/DxeRngLib/DxeRngLib.inf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.inf
b/MdePkg/Library/DxeRngLib/DxeRngLib.inf
index 68554ad21146..9c11959f8aeb 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.inf
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.inf
@@ -14,7 +14,7 @@ [Defines]
FILE_GUID = FF9F84C5-A33E-44E3-9BB5-0D654B2D4149
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
- LIBRARY_CLASS = RngLib|DXE_DRIVER UEFI_APPLICATION
UEFI_DRIVER
+ LIBRARY_CLASS = RngLib|DXE_DRIVER DXE_RUNTIME_DRIVER
UEFI_APPLICATION UEFI_DRIVER

[Packages]
MdePkg/MdePkg.dec
--
2.21.0.windows.1
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient,
please notify the sender immediately and do not disclose the contents to
any
other person, use it for any purpose, or store or copy the information in
any
medium. Thank you.




回复: [edk2-devel] [Patch V5 1/3] MinPlatformPkg: Add PCDs for Serial Terminal feature

gaoliming
 

Heng:
I see MdeModulePkg SerialDxe uses MdePkg UART PCDs. New added
SerialPortTerminalLib should match it and use the same PCD. Right? If yes,
you don't need to add new UART PCDs.

gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits ## CONSUMES

Thanks
Liming
-----邮件原件-----
发件人: bounce+27952+67278+4905953+8761045@groups.io
<bounce+27952+67278+4905953+8761045@groups.io> 代表 Heng Luo
发送时间: 2020年11月11日 14:16
收件人: devel@edk2.groups.io
抄送: Eric Dong <eric.dong@intel.com>; Chasel Chiu
<chasel.chiu@intel.com>; Nate DeSimone <nathaniel.l.desimone@intel.com>;
Liming Gao <gaoliming@byosoft.com.cn>
主题: [edk2-devel] [Patch V5 1/3] MinPlatformPkg: Add PCDs for Serial
Terminal feature

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3014

1. Add PcdSerialTerminalEnable to enable/disable Serial Terminal feature,
this feature supports console redirect after the shell is loaded.
2. Add PCDs to configure serial port.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Heng Luo <heng.luo@intel.com>
---
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec | 25
+++++++++++++++++++++++++
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | 3 ++-
2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
index 7ef189dac8..36050aa1a8 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
@@ -205,6 +205,30 @@
[PcdsDynamic, PcdsDynamicEx]


gMinPlatformPkgTokenSpaceGuid.PcdPcIoApicEnable|0x0|UINT32|0x900000
19



+ # The baud rate setting for the UART style device. A value of 0

+ # means that the device's default baud rate will be used.

+
gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalBaudRate|115200|UINT6
4|0x9000001A

+

+ # The number of data bits for the UART style device. A value

+ # of 0 means that the device's default number of data bits will be
used.

+
gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalDataBits|0x8|UINT8|0x9
000001B

+

+ # The parity setting for the UART style device.

+ # Parity 0x00 - Default Parity.

+ # Parity 0x01 - No Parity.

+ # Parity 0x02 - Even Parity.

+ # Parity 0x03 - Odd Parity.

+ # Parity 0x04 - Mark Parity.

+ # Parity 0x05 - Space Parity.

+
gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalParity|0x1|UINT8|0x900
0001C

+

+ # The number of stop bits for the UART style device.

+ # Stop Bits 0x00 - Default Stop Bits.

+ # Stop Bits 0x01 - 1 Stop Bit.

+ # Stop Bits 0x02 - 1.5 Stop Bits.

+ # Stop Bits 0x03 - 2 Stop Bits.

+
gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalStopBits|0x1|UINT8|0x9
000001D

+

[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]



##

@@ -318,3 +342,4 @@
gMinPlatformPkgTokenSpaceGuid.PcdTpm2Enable
|FALSE|BOOLEAN|0xF00000A5


gMinPlatformPkgTokenSpaceGuid.PcdSmiHandlerProfileEnable|FALSE|BOOLE
AN|0xF00000A6

gMinPlatformPkgTokenSpaceGuid.PcdPerformanceEnable
|FALSE|BOOLEAN|0xF00000A7

+ gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalEnable
|FALSE|BOOLEAN|0xF00000B0

diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
index 112ddff7d9..d0b5593817 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
@@ -1,7 +1,7 @@
## @file

# Platform description.

#

-# Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>

+# Copyright (c) 2017 - 2020, Intel Corporation. All rights reserved.<BR>

#

# SPDX-License-Identifier: BSD-2-Clause-Patent

#

@@ -44,6 +44,7 @@
gMinPlatformPkgTokenSpaceGuid.PcdTpm2Enable|FALSE

gMinPlatformPkgTokenSpaceGuid.PcdPerformanceEnable|FALSE

gMinPlatformPkgTokenSpaceGuid.PcdSmiHandlerProfileEnable|FALSE

+ gMinPlatformPkgTokenSpaceGuid.PcdSerialTerminalEnable|FALSE




##############################################################
##################

#

--
2.24.0.windows.2



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67278): https://edk2.groups.io/g/devel/message/67278
Mute This Topic: https://groups.io/mt/78177912/4905953
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[gaoliming@byosoft.com.cn]
-=-=-=-=-=-=


回复: [PATCH] MdeModulePkg DisplayEngineDxe: Correct the local variable name.

gaoliming
 

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

-----邮件原件-----
发件人: gechao@greatwall.com.cn <gechao@greatwall.com.cn>
发送时间: 2020年11月12日 9:34
收件人: devel@edk2.groups.io
抄送: dandan.bi@intel.com; eric.dong@intel.com;
gaoliming@byosoft.com.cn; gechao <gechao@greatwall.com.cn>
主题: [PATCH] MdeModulePkg DisplayEngineDxe: Correct the local variable
name.

From: gechao <gechao@greatwall.com.cn>

Signed-off-by: gechao <gechao@greatwall.com.cn>
---
.../Universal/DisplayEngineDxe/FormDisplay.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
index 3b034a1c82..a3898dc2ec 100644
--- a/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
+++ b/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c
@@ -372,7 +372,7 @@ GetWidth (
{

CHAR16 *String;

UINTN Size;

- EFI_IFR_TEXT *TestOp;

+ EFI_IFR_TEXT *TextOp;

UINT16 ReturnWidth;

FORM_DISPLAY_ENGINE_STATEMENT *Statement;



@@ -394,9 +394,9 @@ GetWidth (
// See if the second text parameter is really NULL

//

if (Statement->OpCode->OpCode == EFI_IFR_TEXT_OP) {

- TestOp = (EFI_IFR_TEXT *) Statement->OpCode;

- if (TestOp->TextTwo != 0) {

- String = GetToken (TestOp->TextTwo, gFormData->HiiHandle);

+ TextOp = (EFI_IFR_TEXT *) Statement->OpCode;

+ if (TextOp->TextTwo != 0) {

+ String = GetToken (TextOp->TextTwo, gFormData->HiiHandle);

Size = StrLen (String);

FreePool (String);

}

@@ -2166,7 +2166,7 @@ HasOptionString (
FORM_DISPLAY_ENGINE_STATEMENT *Statement;

CHAR16 *String;

UINTN Size;

- EFI_IFR_TEXT *TestOp;

+ EFI_IFR_TEXT *TextOp;



Size = 0;

Statement = MenuOption->ThisTag;

@@ -2175,9 +2175,9 @@ HasOptionString (
// See if the second text parameter is really NULL

//

if (Statement->OpCode->OpCode == EFI_IFR_TEXT_OP) {

- TestOp = (EFI_IFR_TEXT *) Statement->OpCode;

- if (TestOp->TextTwo != 0) {

- String = GetToken (TestOp->TextTwo, gFormData->HiiHandle);

+ TextOp = (EFI_IFR_TEXT *) Statement->OpCode;

+ if (TextOp->TextTwo != 0) {

+ String = GetToken (TextOp->TextTwo, gFormData->HiiHandle);

Size = StrLen (String);

FreePool (String);

}

--
2.28.0.windows.1


[PATCH] RedfishPkg: Use DSC include file

Abner Chang
 

- Include Redfish.dsc.inc in RedfishPkg.dsc. which
consolidates the necessary components in Redfish.dsc.inc.
- Remove unnecessary library instances from RedfishPkg.dsc.
- Add build option in RedfishPkg.yaml.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Peter O'Hanley <peter.ohanley@hpe.com>
---
RedfishPkg/RedfishPkg.ci.yaml | 3 ++-
RedfishPkg/RedfishPkg.dsc | 10 +---------
2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/RedfishPkg/RedfishPkg.ci.yaml b/RedfishPkg/RedfishPkg.ci.yaml
index bb3b8b6746..20c297ad22 100644
--- a/RedfishPkg/RedfishPkg.ci.yaml
+++ b/RedfishPkg/RedfishPkg.ci.yaml
@@ -63,6 +63,7 @@
},

"Defines": {
- "BLD_*_CONTINUOUS_INTEGRATION": "TRUE"
+ "BLD_*_CONTINUOUS_INTEGRATION": "TRUE",
+ "BLD_*_REDFISH_ENABLE": "TRUE"
}
}
diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc
index c6e79f5645..94e7127bc6 100644
--- a/RedfishPkg/RedfishPkg.dsc
+++ b/RedfishPkg/RedfishPkg.dsc
@@ -23,21 +23,14 @@
UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
- UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
- SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
- PostCodeLib|MdePkg/Library/BasePostCodeLibPort80/BasePostCodeLibPort80.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
- PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
- DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
- DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
- ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
RedfishPlatformHostInterfaceLib|RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibNull.inf

[LibraryClasses.ARM, LibraryClasses.AARCH64]
@@ -51,5 +44,4 @@
[Components]
RedfishPkg/Library/PlatformHostInterfaceLibNull/PlatformHostInterfaceLibNull.inf

- RedfishPkg/RestJsonStructureDxe/RestJsonStructureDxe.inf
- RedfishPkg/RedfishHostInterfaceDxe/RedfishHostInterfaceDxe.inf
+ !include RedfishPkg/Redfish.dsc.inc
--
2.17.1


Re: [NETWORK_HTTP_ENABLE PATCH 1/1] NetworkPkg: Add NETWORK_HTTP_ENABLE macro

Abner Chang
 

Ok Laszlo, I think you told me once before. :)

BTW, do you have comment on this patch because you had ever put some opinions on BZ.

Thanks
Abner

-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
Laszlo Ersek
Sent: Thursday, November 12, 2020 5:22 AM
To: Chang, Abner (HPS SW/FW Technologist) <abner.chang@hpe.com>;
devel@edk2.groups.io
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>; Jiaxin Wu
<jiaxin.wu@intel.com>; Siyuan Fu <siyuan.fu@intel.com>; Wang, Nickle (HPS
SW) <nickle.wang@hpe.com>; O'Hanley, Peter (EXL)
<peter.ohanley@hpe.com>
Subject: Re: [edk2-devel] [NETWORK_HTTP_ENABLE PATCH 1/1]
NetworkPkg: Add NETWORK_HTTP_ENABLE macro

On 11/11/20 14:19, Abner Chang wrote:
BZ:2917

Add NETWORK_HTTP_ENABLE macro and separate HttpDxe and
HttpUtilitiesDxe drivers from HTTP_NETWORK_HTTP_BOOT_ENABLE macro.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Peter O'Hanley <peter.ohanley@hpe.com>
---
NetworkPkg/Network.fdf.inc | 5 ++++-
NetworkPkg/NetworkComponents.dsc.inc | 5 ++++-
NetworkPkg/NetworkDefines.dsc.inc | 9 +++++++++
3 files changed, 17 insertions(+), 2 deletions(-)
(1) meta comment -- Abner, I've noticed that you keep placing expressions
related to the feature or bugfix at hand in the bracketed subject prefix. For
example, in the current case, it's "NETWORK_HTTP_ENABLE":

[NETWORK_HTTP_ENABLE PATCH 1/1] NetworkPkg: Add
NETWORK_HTTP_ENABLE macro
^^^^^^^^^^^^^^^^^^^

Please stop doing this. It is incredibly distracting. The subject prefix should
contain the following elements:

(a) If the patch is not for the main "edk2" repository, then the repository
(project) identifier. For example "edk2-wiki", "edk2-InfSpecification", "edk2-
platforms", and so on.

(b) Either the word PATCH or the word RFC.

(c) A version identifier. "v1" is usually not specified (except when the
submitter already expects having to send a v2). Sometimes the version
identifier takes the form of "v2 RESEND", when it's an identical repost of v2,
being reposted only because some people failed to receive v2 originally.

(d) the patch number within a series (zero standing for the blurb, and
altogether omitted when the series consists of a single patch).

In other words, everything we put in the subject prefix is *routing
information*. It's not *content*.

Please stop putting content in the subject prefix.



diff --git a/NetworkPkg/Network.fdf.inc b/NetworkPkg/Network.fdf.inc
index 803a0d64fd..8a662ad1de 100644
--- a/NetworkPkg/Network.fdf.inc
+++ b/NetworkPkg/Network.fdf.inc
@@ -46,10 +46,13 @@
INF NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
!endif

- !if $(NETWORK_HTTP_BOOT_ENABLE) == TRUE
+ !if ($(NETWORK_HTTP_BOOT_ENABLE) == TRUE) OR
+ ($(NETWORK_HTTP_ENABLE) == TRUE)
INF NetworkPkg/DnsDxe/DnsDxe.inf
INF NetworkPkg/HttpDxe/HttpDxe.inf
INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+ !endif
+
+ !if $(NETWORK_HTTP_BOOT_ENABLE) == TRUE
INF NetworkPkg/HttpBootDxe/HttpBootDxe.inf
!endif

diff --git a/NetworkPkg/NetworkComponents.dsc.inc
b/NetworkPkg/NetworkComponents.dsc.inc
index 40cb8ee18e..21cb62082f 100644
--- a/NetworkPkg/NetworkComponents.dsc.inc
+++ b/NetworkPkg/NetworkComponents.dsc.inc
@@ -48,10 +48,13 @@
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
!endif

- !if $(NETWORK_HTTP_BOOT_ENABLE) == TRUE
+ !if ($(NETWORK_HTTP_BOOT_ENABLE) == TRUE) OR
+ ($(NETWORK_HTTP_ENABLE) == TRUE)
NetworkPkg/DnsDxe/DnsDxe.inf
NetworkPkg/HttpDxe/HttpDxe.inf
NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf
+ !endif
+
+ !if $(NETWORK_HTTP_BOOT_ENABLE) == TRUE
NetworkPkg/HttpBootDxe/HttpBootDxe.inf
!endif

diff --git a/NetworkPkg/NetworkDefines.dsc.inc
b/NetworkPkg/NetworkDefines.dsc.inc
index a442d1b157..6f274582a8 100644
--- a/NetworkPkg/NetworkDefines.dsc.inc
+++ b/NetworkPkg/NetworkDefines.dsc.inc
@@ -15,12 +15,14 @@
# DEFINE NETWORK_IP4_ENABLE = TRUE
# DEFINE NETWORK_IP6_ENABLE = TRUE
# DEFINE NETWORK_TLS_ENABLE = TRUE
+# DEFINE NETWORK_HTTP_ENABLE = TRUE
# DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE
(2) I disagree; the default value for NETWORK_HTTP_ENABLE should be
FALSE.

Existent platforms that consume "NetworkPkg/NetworkDefines.dsc.inc", or
the higher level "Network.dsc.inc", fall in one of the following categories:

- They don't specify NETWORK_HTTP_BOOT_ENABLE at all. As a result, they
get the full HTTP stack.

- They set NETWORK_HTTP_BOOT_ENABLE explicitly to TRUE. As a result,
they get the full HTTP stack.

- They set NETWORK_HTTP_BOOT_ENABLE explicitly to FALSE. As a result,
they get *none* of the full HTTP stack. They don't get a *subset* of the
HTTP stack -- they get *none* of it.

The last bullet explains why the NETWORK_HTTP_ENABLE default should be
FALSE.


The new scenario should only be active if a platform explicitly sets *both*
NETWORK_HTTP_ENABLE=TRUE *and*
NETWORK_HTTP_BOOT_ENABLE=FALSE.


# DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
# DEFINE NETWORK_ISCSI_ENABLE = TRUE
# DEFINE NETWORK_VLAN_ENABLE = TRUE
#
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# (C) Copyright 2020 Hewlett Packard Enterprise Development LP<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -73,6 +75,13 @@
DEFINE NETWORK_TLS_ENABLE = TRUE
!endif

+!ifndef NETWORK_HTTP_ENABLE
+ #
+ # This flag is to enable or disable HTTP(S) feature.
+ #
(3) The documentation here must explain that NETWORK_HTTP_ENABLE is
ignored (it has no effect whatsoever) if NETWORK_HTTP_BOOT_ENABLE is
TRUE.

+ DEFINE NETWORK_HTTP_ENABLE = TRUE
(4) See (2), this should be FALSE.

+!endif
+
!ifndef NETWORK_HTTP_BOOT_ENABLE
#
# This flag is to enable or disable HTTP(S) boot feature.
(5) The following condition should be updated too:

!if ($(NETWORK_HTTP_BOOT_ENABLE) == TRUE) AND
($(NETWORK_TLS_ENABLE) == FALSE) AND
($(NETWORK_ALLOW_HTTP_CONNECTIONS) == FALSE)
!error "Must enable TLS to support HTTPS, or allow unsecured HTTP
connection, if NETWORK_HTTP_BOOT_ENABLE is set to TRUE!"
!endif

That's because NETWORK_ALLOW_HTTP_CONNECTIONS controls
"PcdAllowHttpConnections", and this PCD is consumed by HttpDxe as well,
not just HttpBootDxe.

Thus, the subcondition

($(NETWORK_HTTP_BOOT_ENABLE) == TRUE)

should be replaced by

(($(NETWORK_HTTP_BOOT_ENABLE) == TRUE) OR
($(NETWORK_HTTP_ENABLE) == TRUE))

because that condition describes whether HttpDxe will be included.

Specifically, the following build config should be rejected:

NETWORK_HTTP_BOOT_ENABLE = FALSE (manually set)
NETWORK_HTTP_ENABLE = TRUE (manually set)
NETWORK_TLS_ENABLE = FALSE (manually set)
NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE (default)


(6) Please update the !error message as well, accordingly:

... if NETWORK_HTTP_BOOT_ENABLE or NETWORK_HTTP_ENABLE is set to
TRUE

Thanks,
Laszlo





Re: [PATCH] IntelFsp2Pkg: Fix FSP binary rebasing issue for PE32+ image

Chiu, Chasel
 

Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>

-----Original Message-----
From: Maurice Ma <maurice.ma@intel.com>
Sent: Thursday, November 12, 2020 8:11 AM
To: devel@edk2.groups.io
Cc: Ma, Maurice <maurice.ma@intel.com>; Chiu, Chasel
<chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: [PATCH] IntelFsp2Pkg: Fix FSP binary rebasing issue for PE32+ image

Current FSP rebasing script SplitFspBin.py has support for both
PE32 and PE32+ image formats. However, while updating the ImageBase field in
the image header, it always assumed the ImageBase field is 32bit long. Since
PE32+ image format defined ImageBase as 64bit, the current script will only
update the lower 32bit value and leave the upper 32bit untouched. It does not
work well for PE32+ image that requires update in the upper 32bit ImageBase
field. The expected behavior is to update the full 64bit field. This patch
implemented this fix.

Signed-off-by: Maurice Ma <maurice.ma@intel.com>

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
---
IntelFsp2Pkg/Tools/SplitFspBin.py | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/IntelFsp2Pkg/Tools/SplitFspBin.py
b/IntelFsp2Pkg/Tools/SplitFspBin.py
index 3c0d5af1b6..24272e82af 100644
--- a/IntelFsp2Pkg/Tools/SplitFspBin.py
+++ b/IntelFsp2Pkg/Tools/SplitFspBin.py
@@ -677,8 +677,12 @@ class PeTeImage:
else: offset = self.Offset + self.DosHdr.e_lfanew offset +=
EFI_IMAGE_NT_HEADERS32.OptionalHeader.offset- offset +=
EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.offset- size =
EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.size+ if
self.PeHdr.OptionalHeader.PePlusOptHdr.Magic == 0x20b: # PE32+ image+
offset += EFI_IMAGE_OPTIONAL_HEADER32_PLUS.ImageBase.offset+
size = EFI_IMAGE_OPTIONAL_HEADER32_PLUS.ImageBase.size+ else:+
offset += EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.offset+ size =
EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.size value =
Bytes2Val(fdbin[offset:offset+size]) + delta fdbin[offset:offset+size] =
Val2Bytes(value, size)--
2.29.2.windows.1


[PATCH] IntelFsp2Pkg: Fix FSP binary rebasing issue for PE32+ image

Ma, Maurice
 

Current FSP rebasing script SplitFspBin.py has support for both
PE32 and PE32+ image formats. However, while updating the ImageBase
field in the image header, it always assumed the ImageBase field is
32bit long. Since PE32+ image format defined ImageBase as 64bit,
the current script will only update the lower 32bit value and leave
the upper 32bit untouched. It does not work well for PE32+ image
that requires update in the upper 32bit ImageBase field. The
expected behavior is to update the full 64bit field. This patch
implemented this fix.

Signed-off-by: Maurice Ma <maurice.ma@intel.com>

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
---
IntelFsp2Pkg/Tools/SplitFspBin.py | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/IntelFsp2Pkg/Tools/SplitFspBin.py b/IntelFsp2Pkg/Tools/SplitFs=
pBin.py
index 3c0d5af1b6..24272e82af 100644
--- a/IntelFsp2Pkg/Tools/SplitFspBin.py
+++ b/IntelFsp2Pkg/Tools/SplitFspBin.py
@@ -677,8 +677,12 @@ class PeTeImage:
else:=0D
offset =3D self.Offset + self.DosHdr.e_lfanew=0D
offset +=3D EFI_IMAGE_NT_HEADERS32.OptionalHeader.offset=0D
- offset +=3D EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.offset=0D
- size =3D EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.size=0D
+ if self.PeHdr.OptionalHeader.PePlusOptHdr.Magic =3D=3D 0x20b: =
# PE32+ image=0D
+ offset +=3D EFI_IMAGE_OPTIONAL_HEADER32_PLUS.ImageBase.off=
set=0D
+ size =3D EFI_IMAGE_OPTIONAL_HEADER32_PLUS.ImageBase.siz=
e=0D
+ else:=0D
+ offset +=3D EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.offset=0D
+ size =3D EFI_IMAGE_OPTIONAL_HEADER32.ImageBase.size=0D
=0D
value =3D Bytes2Val(fdbin[offset:offset+size]) + delta=0D
fdbin[offset:offset+size] =3D Val2Bytes(value, size)=0D
--=20
2.29.2.windows.1


[edk2-staging/EdkRepo] [PATCH] EdkRepo: Replace imp.reload with importlib.reload

Ashley E Desimone
 

The imp module is deprecated since Python 3.4 in favor
of importlib. This patch replaces uses of imp.reload()
with importlib.reload() and removes unused imp imports.

Cc: Ashley E Desimone <ashley.e.desimone@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Puja Pandya <puja.pandya@intel.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Prince Agyeman <prince.agyeman@intel.com>
Cc: Erik Bjorge <erik.c.bjorge@intel.com>
Signed-off-by: Ashley E Desimone <ashley.e.desimone@intel.com>
---
edkrepo/__main__.py | 4 ++--
edkrepo/edkrepo_cli.py | 1 -
edkrepo/edkrepo_entry_point.py | 4 ++--
3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/edkrepo/__main__.py b/edkrepo/__main__.py
index 115a779..2d538d3 100644
--- a/edkrepo/__main__.py
+++ b/edkrepo/__main__.py
@@ -7,7 +7,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
#

-import imp
+import importlib
import os
import sys
import site
@@ -23,7 +23,7 @@ for directory in sitepackages:
edkrepo_site_dir = edkrepo_package_path
break
else:
- imp.reload(edkrepo)
+ importlib.reload(edkrepo)
import edkrepo.edkrepo_entry_point

if __name__ == '__main__':
diff --git a/edkrepo/edkrepo_cli.py b/edkrepo/edkrepo_cli.py
index 4e7ff16..1adb63f 100644
--- a/edkrepo/edkrepo_cli.py
+++ b/edkrepo/edkrepo_cli.py
@@ -18,7 +18,6 @@ import os
import subprocess
import site
import inspect
-import imp
import importlib.util
import datetime as dt

diff --git a/edkrepo/edkrepo_entry_point.py b/edkrepo/edkrepo_entry_point.py
index dd2b36e..30d65ff 100644
--- a/edkrepo/edkrepo_entry_point.py
+++ b/edkrepo/edkrepo_entry_point.py
@@ -8,7 +8,7 @@
#

import argparse
-import imp
+import importlib
import importlib.util
import inspect
import json
@@ -37,7 +37,7 @@ for directory in sitepackages:
edkrepo_site_dir = edkrepo_package_path
break
else:
- imp.reload(edkrepo)
+ importlib.reload(edkrepo)
edkrepo_package_path = os.path.dirname(os.path.dirname(edkrepo.__file__))
for directory in sitepackages:
if edkrepo_package_path == directory:
--
2.27.0.windows.1


[edk2-staging/EdkRepo] [PATCH v1 2/2] EdkRepo: Enable use of repo cache support.

Bjorge, Erik C
 

This changes enables the local repo cache to be used when cloning
and syncing changes. The repo cache applies to submodules as well.

Cc: Ashley E Desimone <ashley.e.desimone@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Puja Pandya <puja.pandya@intel.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Prince Agyeman <prince.agyeman@intel.com>
Cc: Erik Bjorge <erik.c.bjorge@intel.com>
Signed-off-by: Erik Bjorge <erik.c.bjorge@intel.com>
---
edkrepo/commands/checkout_command.py | 3 ++-
edkrepo/commands/checkout_pin_command.py | 8 +++++++-
edkrepo/commands/clone_command.py | 15 ++++++++++++--
edkrepo/commands/sync_command.py | 12 +++++++++---
edkrepo/common/common_repo_functions.py | 25 ++++++++++++++++++++----
project_utils/submodule.py | 13 ++++++++----
6 files changed, 61 insertions(+), 15 deletions(-)

diff --git a/edkrepo/commands/checkout_command.py b/edkrepo/commands/checkout_command.py
index 0169f30..2ce26c0 100644
--- a/edkrepo/commands/checkout_command.py
+++ b/edkrepo/commands/checkout_command.py
@@ -16,6 +16,7 @@ import os
from edkrepo.commands.edkrepo_command import EdkrepoCommand, OverrideArgument
import edkrepo.commands.arguments.checkout_args as arguments
import edkrepo.commands.humble.checkout_humble as humble
+from edkrepo.common.common_cache_functions import get_repo_cache_obj
from edkrepo.common.common_repo_functions import checkout, combination_is_in_manifest
from edkrepo.common.edkrepo_exception import EdkrepoInvalidParametersException
from edkrepo.config.config_factory import get_workspace_manifest
@@ -42,6 +43,6 @@ class CheckoutCommand(EdkrepoCommand):

def run_command(self, args, config):
if combination_is_in_manifest(args.Combination, get_workspace_manifest()):
- checkout(args.Combination, args.verbose, args.override)
+ checkout(args.Combination, args.verbose, args.override, get_repo_cache_obj(config))
else:
raise EdkrepoInvalidParametersException(humble.NO_COMBO.format(args.Combination))
diff --git a/edkrepo/commands/checkout_pin_command.py b/edkrepo/commands/checkout_pin_command.py
index 1c58113..0ad1b48 100644
--- a/edkrepo/commands/checkout_pin_command.py
+++ b/edkrepo/commands/checkout_pin_command.py
@@ -14,6 +14,7 @@ from git import Repo
from edkrepo.commands.edkrepo_command import EdkrepoCommand, OverrideArgument, SourceManifestRepoArgument
import edkrepo.commands.arguments.checkout_pin_args as arguments
import edkrepo.commands.humble.checkout_pin_humble as humble
+from edkrepo.common.common_cache_functions import get_repo_cache_obj
from edkrepo.common.common_repo_functions import sparse_checkout_enabled, reset_sparse_checkout, sparse_checkout
from edkrepo.common.common_repo_functions import check_dirty_repos, checkout_repos, combinations_in_manifest
from edkrepo.common.humble import SPARSE_CHECKOUT, SPARSE_RESET, SUBMODULE_DEINIT_FAILED
@@ -21,6 +22,7 @@ from edkrepo.common.edkrepo_exception import EdkrepoInvalidParametersException,
from edkrepo.common.workspace_maintenance.manifest_repos_maintenance import list_available_manifest_repos
from edkrepo.common.workspace_maintenance.manifest_repos_maintenance import find_source_manifest_repo
from edkrepo.config.config_factory import get_workspace_path, get_workspace_manifest
+from edkrepo.config.tool_config import SUBMODULE_CACHE_REPO_NAME
from edkrepo_manifest_parser.edk_manifest import ManifestXml
from project_utils.submodule import deinit_full, maintain_submodules

@@ -82,7 +84,11 @@ class CheckoutPinCommand(EdkrepoCommand):
checkout_repos(args.verbose, args.override, pin_repo_sources, workspace_path, manifest)
manifest.write_current_combo(humble.PIN_COMBO.format(args.pinfile))
finally:
- maintain_submodules(workspace_path, pin, submodule_combo, args.verbose)
+ cache_path = None
+ cache_obj = get_repo_cache_obj(config)
+ if cache_obj is not None:
+ cache_path = cache_obj.get_cache_path(SUBMODULE_CACHE_REPO_NAME)
+ maintain_submodules(workspace_path, pin, submodule_combo, args.verbose, cache_path)
if sparse_enabled:
print(SPARSE_CHECKOUT)
sparse_checkout(workspace_path, pin_repo_sources, manifest)
diff --git a/edkrepo/commands/clone_command.py b/edkrepo/commands/clone_command.py
index 8769102..56c15c9 100644
--- a/edkrepo/commands/clone_command.py
+++ b/edkrepo/commands/clone_command.py
@@ -14,6 +14,8 @@ import sys
from edkrepo.commands.edkrepo_command import EdkrepoCommand
from edkrepo.commands.edkrepo_command import SubmoduleSkipArgument, SourceManifestRepoArgument
import edkrepo.commands.arguments.clone_args as arguments
+from edkrepo.common.common_cache_functions import get_repo_cache_obj
+from edkrepo.common.common_cache_functions import add_missing_cache_repos
from edkrepo.common.common_repo_functions import clone_repos, sparse_checkout, verify_single_manifest
from edkrepo.common.common_repo_functions import update_editor_config, combinations_in_manifest
from edkrepo.common.common_repo_functions import write_included_config, write_conditional_include
@@ -28,6 +30,7 @@ from edkrepo.common.workspace_maintenance.manifest_repos_maintenance import list
from edkrepo.common.workspace_maintenance.humble.manifest_repos_maintenance_humble import PROJ_NOT_IN_REPO, SOURCE_MANIFEST_REPO_NOT_FOUND
from edkrepo_manifest_parser.edk_manifest import CiIndexXml, ManifestXml
from project_utils.submodule import maintain_submodules
+from edkrepo.config.tool_config import SUBMODULE_CACHE_REPO_NAME


class CloneCommand(EdkrepoCommand):
@@ -151,11 +154,19 @@ class CloneCommand(EdkrepoCommand):
# Set up submodule alt url config settings prior to cloning any repos
submodule_included_configs = write_included_config(manifest.remotes, manifest.submodule_alternate_remotes, local_manifest_dir)
write_conditional_include(workspace_dir, repo_sources_to_clone, submodule_included_configs)
- clone_repos(args, workspace_dir, repo_sources_to_clone, project_client_side_hooks, config, manifest)
+
+ # Determine if caching is going to be used and then clone
+ cache_obj = get_repo_cache_obj(config)
+ if cache_obj is not None:
+ add_missing_cache_repos(cache_obj, manifest, args.verbose)
+ clone_repos(args, workspace_dir, repo_sources_to_clone, project_client_side_hooks, config, manifest, cache_obj)

# Init submodules
if not args.skip_submodule:
- maintain_submodules(workspace_dir, manifest, combo_name, args.verbose)
+ cache_path = None
+ if cache_obj is not None:
+ cache_path = cache_obj.get_cache_path(SUBMODULE_CACHE_REPO_NAME)
+ maintain_submodules(workspace_dir, manifest, combo_name, args.verbose, cache_path)

# Perform a sparse checkout if requested.
use_sparse = args.sparse
diff --git a/edkrepo/commands/sync_command.py b/edkrepo/commands/sync_command.py
index c4ee330..ff48f50 100644
--- a/edkrepo/commands/sync_command.py
+++ b/edkrepo/commands/sync_command.py
@@ -32,6 +32,7 @@ from edkrepo.common.humble import MIRROR_BEHIND_PRIMARY_REPO, SYNC_NEEDS_REBASE,
from edkrepo.common.humble import SYNC_BRANCH_CHANGE_ON_LOCAL, SYNC_INCOMPATIBLE_COMBO
from edkrepo.common.humble import SYNC_REBASE_CALC_FAIL
from edkrepo.common.pathfix import get_actual_path, expanduser
+from edkrepo.common.common_cache_functions import get_repo_cache_obj
from edkrepo.common.common_repo_functions import clone_repos, sparse_checkout_enabled
from edkrepo.common.common_repo_functions import reset_sparse_checkout, sparse_checkout, verify_single_manifest
from edkrepo.common.common_repo_functions import checkout_repos, check_dirty_repos
@@ -47,6 +48,7 @@ from edkrepo.common.workspace_maintenance.manifest_repos_maintenance import list
from edkrepo.common.ui_functions import init_color_console
from edkrepo.config.config_factory import get_workspace_path, get_workspace_manifest, get_edkrepo_global_data_directory
from edkrepo.config.config_factory import get_workspace_manifest_file
+from edkrepo.config.tool_config import SUBMODULE_CACHE_REPO_NAME
from edkrepo_manifest_parser.edk_manifest import CiIndexXml, ManifestXml
from project_utils.submodule import deinit_submodules, maintain_submodules

@@ -102,7 +104,7 @@ class SyncCommand(EdkrepoCommand):
if not args.update_local_manifest:
self.__check_for_new_manifest(args, config, initial_manifest, workspace_path, global_manifest_directory)
check_dirty_repos(initial_manifest, workspace_path)
-
+
# Determine if sparse checkout needs to be disabled for this operation
sparse_settings = initial_manifest.sparse_settings
sparse_enabled = sparse_checkout_enabled(workspace_path, initial_sources)
@@ -116,7 +118,7 @@ class SyncCommand(EdkrepoCommand):
reset_sparse_checkout(workspace_path, initial_sources)

# Get the latest manifest if requested
- if args.update_local_manifest: # NOTE: hyphens in arg name replaced with underscores due to argparse
+ if args.update_local_manifest: # NOTE: hyphens in arg name replaced with underscores due to argparse
self.__update_local_manifest(args, config, initial_manifest, workspace_path, global_manifest_directory)
manifest = get_workspace_manifest()
if args.update_local_manifest:
@@ -212,7 +214,11 @@ class SyncCommand(EdkrepoCommand):

# Initialize submodules
if not args.skip_submodule:
- maintain_submodules(workspace_path, manifest, current_combo, args.verbose)
+ cache_path = None
+ cache_obj = get_repo_cache_obj(config)
+ if cache_obj is not None:
+ cache_path = cache_obj.get_cache_path(SUBMODULE_CACHE_REPO_NAME)
+ maintain_submodules(workspace_path, manifest, current_combo, args.verbose, cache_path)

# Restore sparse checkout state
if sparse_enabled:
diff --git a/edkrepo/common/common_repo_functions.py b/edkrepo/common/common_repo_functions.py
index 0d54bbf..0b72715 100644
--- a/edkrepo/common/common_repo_functions.py
+++ b/edkrepo/common/common_repo_functions.py
@@ -56,6 +56,7 @@ from project_utils.sparse import BuildInfo, process_sparse_checkout
from edkrepo.config.config_factory import get_workspace_path
from edkrepo.config.config_factory import get_workspace_manifest
from edkrepo.config.tool_config import CI_INDEX_FILE_NAME
+from edkrepo.config.tool_config import SUBMODULE_CACHE_REPO_NAME
from edkrepo.common.edkrepo_exception import EdkrepoInvalidParametersException
from edkrepo_manifest_parser.edk_manifest import CiIndexXml, ManifestXml
from edkrepo.common.edkrepo_exception import EdkrepoNotFoundException, EdkrepoGitException, EdkrepoWarningException
@@ -75,12 +76,25 @@ CLEAR_LINE = '\x1b[K'
DEFAULT_REMOTE_NAME = 'origin'
PRIMARY_REMOTE_NAME = 'primary'

-def clone_repos(args, workspace_dir, repos_to_clone, project_client_side_hooks, config, manifest):
+
+def clone_repos(args, workspace_dir, repos_to_clone, project_client_side_hooks, config, manifest, cache_obj=None):
for repo_to_clone in repos_to_clone:
local_repo_path = os.path.join(workspace_dir, repo_to_clone.root)
local_repo_url = repo_to_clone.remote_url
+ cache_path = None
+ if cache_obj is not None:
+ cache_path = cache_obj.get_cache_path(local_repo_url)
print("Cloning from: " + str(local_repo_url))
- repo = Repo.clone_from(local_repo_url, local_repo_path, progress=GitProgressHandler(), no_checkout=True)
+ if cache_path is not None:
+ print('+ Using cache at {}'.format(cache_path))
+ repo = Repo.clone_from(local_repo_url, local_repo_path,
+ progress=GitProgressHandler(),
+ reference_if_able=cache_path,
+ no_checkout=True)
+ else:
+ repo = Repo.clone_from(local_repo_url, local_repo_path,
+ progress=GitProgressHandler(),
+ no_checkout=True)
# Fetch notes
repo.remotes.origin.fetch("refs/notes/*:refs/notes/*")

@@ -476,7 +490,7 @@ def get_target_sources(combination_or_sha, manifest, workspace_path, log=None):
return ManifestXml(pin_filename).get_repo_sources(current_combo)


-def checkout(combination_or_sha, verbose=False, override=False, log=None):
+def checkout(combination_or_sha, verbose=False, override=False, log=None, cache_obj=None):
workspace_path = get_workspace_path()
manifest = get_workspace_manifest()

@@ -547,7 +561,10 @@ def checkout(combination_or_sha, verbose=False, override=False, log=None):
# Return to the initial combo, since there was an issue with cheking out the selected combo
checkout_repos(verbose, override, initial_repo_sources, workspace_path, manifest)
finally:
- maintain_submodules(workspace_path, manifest, submodule_combo, verbose)
+ cache_path = None
+ if cache_obj is not None:
+ cache_path = cache_obj.get_cache_path(SUBMODULE_CACHE_REPO_NAME)
+ maintain_submodules(workspace_path, manifest, submodule_combo, verbose, cache_path)
if sparse_enabled or sparse_diff:
print(SPARSE_CHECKOUT)
sparse_checkout(workspace_path, current_repos, manifest)
diff --git a/project_utils/submodule.py b/project_utils/submodule.py
index 3d1b620..f735125 100644
--- a/project_utils/submodule.py
+++ b/project_utils/submodule.py
@@ -61,7 +61,7 @@ def _deinit(repo, submodules=None, verbose=False):
return


-def _update(repo, submodules=None, verbose=False, recursive=False):
+def _update(repo, submodules=None, verbose=False, recursive=False, cache_path=None):
"""
Performs the update of submodules. This includes the sync and update operations.

@@ -82,6 +82,8 @@ def _update(repo, submodules=None, verbose=False, recursive=False):
cmd = ['git', 'submodule', 'update', '--init']
if recursive:
cmd.append('--recursive')
+ if cache_path is not None:
+ cmd.extend(['--reference', cache_path])
output_data = repo.git.execute(cmd, with_extended_output=True, with_stdout=True)
display_git_output(output_data, verbose)
else:
@@ -99,6 +101,8 @@ def _update(repo, submodules=None, verbose=False, recursive=False):
cmd = ['git', 'submodule', 'update', '--init']
if sub.recursive:
cmd.append('--recursive')
+ if cache_path is not None:
+ cmd.extend(['--reference', cache_path])
cmd.extend(['--', sub.path])
output_data = repo.git.execute(cmd, with_extended_output=True, with_stdout=True)
display_git_output(output_data, verbose)
@@ -269,7 +273,7 @@ def deinit_submodules(workspace, start_manifest, start_combo,
_deinit(repo, deinit_list, verbose)


-def maintain_submodules(workspace, manifest, combo_name, verbose=False):
+def maintain_submodules(workspace, manifest, combo_name, verbose=False, cache_path=None):
"""
Updates the submodules for a specific repo.

@@ -277,6 +281,7 @@ def maintain_submodules(workspace, manifest, combo_name, verbose=False):
manifest - The manifest parser object for the project.
combo_name - The combination name to use for submodule maintenance.
verbose - Enable verbose messages.
+ cache_path - Path to the submodule cache repo. A value of None indicates that no cache repo exists.
"""
# Process each repo that may have submodules enabled
print(strings.SUBMOD_INIT_UPDATE)
@@ -303,9 +308,9 @@ def maintain_submodules(workspace, manifest, combo_name, verbose=False):

# Perform sync/update
if len(repo_subs) == 0:
- _update(repo, None, verbose)
+ _update(repo, None, verbose, cache_path=cache_path)
else:
- _update(repo, repo_subs, verbose)
+ _update(repo, repo_subs, verbose, cache_path=cache_path)


if __name__ == '__main__':
--
2.21.0.windows.1


[edk2-staging/EdkRepo] [PATCH v1 1/2] EdkRepo: Add cache command

Bjorge, Erik C
 

Adds a module to add a repo cache and mange it. Also adds a command
to manage the repo cache from EdkRepo. No other commands use the
functionality at this point.

Cc: Ashley E Desimone <ashley.e.desimone@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Puja Pandya <puja.pandya@intel.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Prince Agyeman <prince.agyeman@intel.com>
Cc: Erik Bjorge <erik.c.bjorge@intel.com>
Signed-off-by: Erik Bjorge <erik.c.bjorge@intel.com>
---
edkrepo/commands/arguments/cache_args.py | 19 ++
edkrepo/commands/cache_command.py | 118 ++++++++++++
edkrepo/commands/humble/cache_humble.py | 17 ++
edkrepo/common/common_cache_functions.py | 41 +++++
edkrepo/common/edkrepo_exception.py | 3 +
edkrepo/config/config_factory.py | 14 +-
edkrepo/config/tool_config.py | 5 +-
project_utils/cache.py | 224 +++++++++++++++++++++++
project_utils/project_utils_strings.py | 11 ++
9 files changed, 448 insertions(+), 4 deletions(-)
create mode 100644 edkrepo/commands/arguments/cache_args.py
create mode 100644 edkrepo/commands/cache_command.py
create mode 100644 edkrepo/commands/humble/cache_humble.py
create mode 100644 edkrepo/common/common_cache_functions.py
create mode 100644 project_utils/cache.py

diff --git a/edkrepo/commands/arguments/cache_args.py b/edkrepo/commands/arguments/cache_args.py
new file mode 100644
index 0000000..0080536
--- /dev/null
+++ b/edkrepo/commands/arguments/cache_args.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+#
+## @file
+# cache_args.py
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+''' Contains the help and description strings for arguments in the
+cache command meta data.
+'''
+COMMAND_DESCRIPTION = ('Manages local caching support for project repos. The goal of this feature '
+ 'is to improve clone performance')
+COMMAND_ENABLE_HELP = 'Enables caching support on the system.'
+COMMAND_DISABLE_HELP = 'Disables caching support on the system.'
+COMMAND_UPDATE_HELP = 'Update the repo cache for all cached projects.'
+COMMAND_INFO_HELP = 'Display the current cache information.'
+COMMAND_PROJECT_HELP = 'Project to add to the cache.'
diff --git a/edkrepo/commands/cache_command.py b/edkrepo/commands/cache_command.py
new file mode 100644
index 0000000..9f0d6e9
--- /dev/null
+++ b/edkrepo/commands/cache_command.py
@@ -0,0 +1,118 @@
+#!/usr/bin/env python3
+#
+## @file
+# cache_command.py
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+import edkrepo.commands.arguments.cache_args as arguments
+from edkrepo.commands.edkrepo_command import EdkrepoCommand
+from edkrepo.commands.edkrepo_command import SourceManifestRepoArgument
+from edkrepo.commands.humble.cache_humble import CACHE_ENABLED, CACHE_FETCH, CACHE_INFO
+from edkrepo.commands.humble.cache_humble import CACHE_INFO_LINE, PROJECT_NOT_FOUND, NO_INSTANCE
+from edkrepo.commands.humble.cache_humble import UNABLE_TO_LOAD_MANIFEST, UNABLE_TO_PARSE_MANIFEST
+from edkrepo.common.common_cache_functions import add_missing_cache_repos
+from edkrepo.common.common_cache_functions import get_repo_cache_obj
+from edkrepo.common.edkrepo_exception import EdkrepoCacheException
+from edkrepo.common.workspace_maintenance.manifest_repos_maintenance import find_project_in_all_indices
+from edkrepo.config.config_factory import get_workspace_manifest
+from edkrepo_manifest_parser.edk_manifest import ManifestXml
+
+
+class CacheCommand(EdkrepoCommand):
+ def __init__(self):
+ super().__init__()
+
+ def get_metadata(self):
+ metadata = {}
+ metadata['name'] = 'cache'
+ metadata['help-text'] = arguments.COMMAND_DESCRIPTION
+ args = []
+ metadata['arguments'] = args
+ args.append({'name': 'enable',
+ 'positional': False,
+ 'required': False,
+ 'help-text': arguments.COMMAND_ENABLE_HELP})
+ args.append({'name': 'disable',
+ 'positional': False,
+ 'required': False,
+ 'help-text': arguments.COMMAND_DISABLE_HELP})
+ args.append({'name': 'update',
+ 'positional': False,
+ 'required': False,
+ 'help-text': arguments.COMMAND_UPDATE_HELP})
+ args.append({'name': 'info',
+ 'positional': False,
+ 'required': False,
+ 'help-text': arguments.COMMAND_INFO_HELP})
+ args.append({'name': 'project',
+ 'positional': True,
+ 'required': False,
+ 'help-text': arguments.COMMAND_PROJECT_HELP})
+ args.append(SourceManifestRepoArgument)
+ return metadata
+
+ def run_command(self, args, config):
+ # Process enable disable requests
+ if args.disable:
+ config['user_cfg_file'].set_caching_state(False)
+ elif args.enable:
+ config['user_cfg_file'].set_caching_state(True)
+
+ # Get the current state now that we have processed enable/disable
+ cache_state = config['user_cfg_file'].caching_state
+ print(CACHE_ENABLED.format(cache_state))
+ if not cache_state:
+ return
+
+ # State is enabled so make sure cache directory exists
+ cache_obj = get_repo_cache_obj(config)
+
+ # Check to see if a manifest was provided and add any missing remotes
+ manifest = None
+ if args.project is not None:
+ manifest = _get_manifest(args.project, config, args.source_manifest_repo)
+ else:
+ try:
+ manifest = get_workspace_manifest()
+ except Exception:
+ pass
+
+ # If manifest is provided attempt to add any remotes that do not exist
+ if manifest is not None:
+ add_missing_cache_repos(cache_obj, manifest, True)
+
+ # Display all the cache information
+ if args.info:
+ print(CACHE_INFO)
+ info = cache_obj.get_cache_info(args.verbose)
+ for item in info:
+ print(CACHE_INFO_LINE.format(item.path, item.remote, item.url))
+
+ # Do an update if requested
+ if args.update:
+ print(CACHE_FETCH)
+ cache_obj.update_cache(verbose=True)
+
+ # Close the cache repos
+ cache_obj.close(args.verbose)
+
+
+def _get_manifest(project, config, source_manifest_repo=None):
+ try:
+ manifest_repo, source_cfg, manifest_path = find_project_in_all_indices(
+ project,
+ config['cfg_file'],
+ config['user_cfg_file'],
+ PROJECT_NOT_FOUND.format(project),
+ NO_INSTANCE.format(project),
+ source_manifest_repo)
+ except Exception:
+ raise EdkrepoCacheException(UNABLE_TO_LOAD_MANIFEST)
+ try:
+ manifest = ManifestXml(manifest_path)
+ except Exception:
+ raise EdkrepoCacheException(UNABLE_TO_PARSE_MANIFEST)
+ return manifest
diff --git a/edkrepo/commands/humble/cache_humble.py b/edkrepo/commands/humble/cache_humble.py
new file mode 100644
index 0000000..4f318ac
--- /dev/null
+++ b/edkrepo/commands/humble/cache_humble.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+#
+## @file
+# cache_humble.py
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+CACHE_ENABLED = 'Caching Enabled: {}'
+CACHE_INFO = 'Cache Information:'
+CACHE_INFO_LINE = '+ {}\n {} ({})'
+CACHE_FETCH = 'Fetching all remotes... (this could take a while)'
+PROJECT_NOT_FOUND = 'Project {} does not exist'
+NO_INSTANCE = 'Unable to determine instance to use for {}'
+UNABLE_TO_LOAD_MANIFEST = 'Unable to load manifest file.'
+UNABLE_TO_PARSE_MANIFEST = 'Failed to parse manifest file.'
diff --git a/edkrepo/common/common_cache_functions.py b/edkrepo/common/common_cache_functions.py
new file mode 100644
index 0000000..84bd3ed
--- /dev/null
+++ b/edkrepo/common/common_cache_functions.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+#
+## @file
+# common_cache_functions.py
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+import os
+
+from edkrepo.config.config_factory import get_edkrepo_global_data_directory
+from edkrepo.config.tool_config import SUBMODULE_CACHE_REPO_NAME
+from project_utils.cache import RepoCache
+
+
+def get_global_cache_directory(config):
+ if config['user_cfg_file'].caching_state:
+ return os.path.join(get_edkrepo_global_data_directory(), '.cache')
+ return None
+
+
+def get_repo_cache_obj(config):
+ cache_obj = None
+ cache_directory = get_global_cache_directory(config)
+ if cache_directory is not None:
+ cache_obj = RepoCache(cache_directory)
+ cache_obj.open()
+ return cache_obj
+
+
+def add_missing_cache_repos(cache_obj, manifest, verbose=False):
+ print('Adding and fetching new remotes... (this could take a while)')
+ for remote in manifest.remotes:
+ cache_obj.add_repo(url=remote.url, verbose=verbose)
+ alt_submodules = manifest.submodule_alternate_remotes
+ if alt_submodules:
+ print('Adding and fetching new submodule remotes... (this could also take a while)')
+ cache_obj.add_repo(name=SUBMODULE_CACHE_REPO_NAME, verbose=verbose)
+ for alt in alt_submodules:
+ cache_obj.add_remote(alt.alternate_url, SUBMODULE_CACHE_REPO_NAME, verbose)
diff --git a/edkrepo/common/edkrepo_exception.py b/edkrepo/common/edkrepo_exception.py
index a56e709..b3f2300 100644
--- a/edkrepo/common/edkrepo_exception.py
+++ b/edkrepo/common/edkrepo_exception.py
@@ -98,3 +98,6 @@ class EdkrepoGitConfigSetupException(EdkrepoException):
def __init__(self, message):
super().__init__(message, 131)

+class EdkrepoCacheException(EdkrepoException):
+ def __init__(self, message):
+ super().__init__(message, 132)
diff --git a/edkrepo/config/config_factory.py b/edkrepo/config/config_factory.py
index fe69460..3680c0b 100644
--- a/edkrepo/config/config_factory.py
+++ b/edkrepo/config/config_factory.py
@@ -225,10 +225,20 @@ class GlobalUserConfig(BaseConfig):
self.filename = os.path.join(get_edkrepo_global_data_directory(), "edkrepo_user.cfg")
self.prop_list = [
CfgProp('scm', 'mirror_geo', 'geo', 'none', False),
- CfgProp('send-review', 'max-patch-set', 'max_patch_set', '10', False)
- ]
+ CfgProp('send-review', 'max-patch-set', 'max_patch_set', '10', False),
+ CfgProp('caching', 'enable-caching', 'enable_caching_text', 'false', False)]
super().__init__(self.filename, get_edkrepo_global_data_directory(), False)

+ @property
+ def caching_state(self):
+ return self.enable_caching_text.lower() == 'true'
+
+ def set_caching_state(self, enable):
+ if enable:
+ self.enable_caching_text = 'true'
+ else:
+ self.enable_caching_text = 'false'
+
@property
def max_patch_set_int(self):
try:
diff --git a/edkrepo/config/tool_config.py b/edkrepo/config/tool_config.py
index eee1326..81f4ddf 100644
--- a/edkrepo/config/tool_config.py
+++ b/edkrepo/config/tool_config.py
@@ -1,10 +1,11 @@
#!/usr/bin/env python3
#
## @file
-# tool)config.py
+# tool_config.py
#
# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#

-CI_INDEX_FILE_NAME = 'CiIndex.xml'
\ No newline at end of file
+CI_INDEX_FILE_NAME = 'CiIndex.xml'
+SUBMODULE_CACHE_REPO_NAME = 'submodule-cache'
diff --git a/project_utils/cache.py b/project_utils/cache.py
new file mode 100644
index 0000000..8efd411
--- /dev/null
+++ b/project_utils/cache.py
@@ -0,0 +1,224 @@
+#!/usr/bin/env python3
+#
+## @file
+# cache.py
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+from collections import namedtuple
+import os
+import shutil
+
+from git import Repo
+
+from edkrepo.common.progress_handler import GitProgressHandler
+from project_utils.project_utils_strings import CACHE_ADD_REMOTE, CACHE_ADDING_REPO, CACHE_CHECK_ROOT_DIR
+from project_utils.project_utils_strings import CACHE_FAILED_TO_CLOSE, CACHE_FAILED_TO_OPEN, CACHE_FETCH_REMOTE
+from project_utils.project_utils_strings import CACHE_REMOTE_EXISTS, CACHE_REMOVE_REPO, CACHE_REPO_EXISTS
+
+CacheInfo = namedtuple('CacheInfo', ['path', 'remote', 'url'])
+
+
+class RepoCache(object):
+ """
+ Provides basic management of a cache repo.
+ """
+ def __init__(self, path):
+ self._cache_root_path = path
+ self._repos = {}
+
+ def _create_name(self, url_or_name):
+ """
+ Used to create consistent repo and remote names
+ """
+ dir_name = url_or_name.split('/')[-1]
+ if not dir_name.endswith('.git'):
+ dir_name += '.git'
+ return dir_name
+
+ def _get_repo_path(self, dir_name):
+ return os.path.join(self._cache_root_path, dir_name)
+
+ def _get_repo(self, dir_name):
+ """
+ Returns the git repo object for the cache repo.
+
+ Raises FileNotFoundError if the cache directory does not exist.
+ Raises IOError if the repo cannot be opened
+ """
+ repo_path = self._get_repo_path(dir_name)
+ if not os.path.isdir(repo_path):
+ raise FileNotFoundError
+ try:
+ repo = Repo(repo_path)
+ except Exception:
+ raise IOError
+ return repo
+
+ def _get_cache_dirs(self):
+ if not os.path.isdir(self._cache_root_path):
+ raise FileNotFoundError
+ return [x for x in os.listdir(self._cache_root_path) if os.path.isdir(self._get_repo_path(x))]
+
+ def _add_and_fetch_remote(self, repo, remote_name, url, verbose=False):
+ if verbose:
+ print(CACHE_ADD_REMOTE.format(remote_name, url))
+ repo.create_remote(remote_name, url)
+ if verbose:
+ print(CACHE_FETCH_REMOTE.format(remote_name, url))
+ repo.remotes[remote_name].fetch(progress=GitProgressHandler())
+
+ def open(self, verbose=False):
+ """
+ Opens all cache repos.
+
+ Raises FileNotFoundError if the cache directory does not exist.
+ """
+ if not self._repos:
+ if not os.path.isdir(self._cache_root_path):
+ if verbose:
+ print(CACHE_CHECK_ROOT_DIR.format(self._cache_root_path))
+ os.makedirs(self._cache_root_path)
+
+ for dir_name in self._get_cache_dirs():
+ try:
+ self._repos[dir_name] = self._get_repo(dir_name)
+ except Exception:
+ if verbose:
+ print(CACHE_FAILED_TO_OPEN.format(dir_name))
+
+ def close(self, verbose=False):
+ """
+ Closes all cache repos.
+ """
+ for dir_name in self._repos:
+ try:
+ self._repos[dir_name].close()
+ except Exception:
+ if verbose:
+ print(CACHE_FAILED_TO_CLOSE.format(dir_name))
+ self._repos = {}
+
+ def get_cache_path(self, url_or_name):
+ dir_name = self._create_name(url_or_name)
+ if dir_name not in self._repos:
+ return None
+ return self._get_repo_path(dir_name)
+
+ def get_cache_info(self, verbose=False):
+ """
+ Returns a list of remotes currently configured in the cache.
+
+ Raises FileNotFoundError if the cache repo is not open.
+ """
+ ret_val = []
+ for dir_name in self._repos:
+ for remote in self._repos[dir_name].remotes:
+ ret_val.append(CacheInfo(self._get_repo_path(dir_name), remote.name, remote.url))
+ return ret_val
+
+ def delete_cache_root(self, verbose=False):
+ """
+ Deletes the cache root directory and all caches.
+ """
+ if os.path.isdir(self._cache_root_path):
+ if self._repos:
+ self.close()
+ shutil.rmtree(self._cache_root_path, ignore_errors=True)
+
+ def add_repo(self, url=None, name=None, verbose=False):
+ """
+ Adds a repo to the cache if it does not already exist.
+
+ """
+ remote_name = None
+ if url is None and name is None:
+ raise ValueError
+ elif name is not None:
+ dir_name = self._create_name(name)
+ else:
+ dir_name = self._create_name(url)
+ if url is not None:
+ remote_name = self._create_name(url)
+ repo_path = self._get_repo_path(dir_name)
+
+ if dir_name in self._repos:
+ if verbose:
+ print(CACHE_REPO_EXISTS.format(dir_name))
+ else:
+ if verbose:
+ print(CACHE_ADDING_REPO.format(dir_name))
+ os.makedirs(repo_path)
+ self._repos[dir_name] = Repo.init(repo_path, bare=True)
+
+ if remote_name is not None and remote_name not in self._repos[dir_name].remotes:
+ self._add_and_fetch_remote(self._get_repo(dir_name), remote_name, url)
+ return dir_name
+
+ def remove_repo(self, url=None, name=None, verbose=False):
+ """
+ Removes a remote from the cache repo if it exists
+
+ Raises FileNotFoundError if the cache repo is not open.
+ """
+ if url is None and name is None:
+ raise ValueError
+ elif name is not None:
+ dir_name = self._create_name(name)
+ else:
+ dir_name = self._create_name(url)
+ if dir_name not in self._repos:
+ return
+ if verbose:
+ print(CACHE_REMOVE_REPO.format(dir_name))
+ self._repos.pop(dir_name).close()
+ shutil.rmtree(os.path.join(self._cache_root_path, dir_name), ignore_errors=True)
+
+ def add_remote(self, url, name, verbose=False):
+ remote_name = self._create_name(url)
+ dir_name = self._create_name(name)
+ if dir_name not in self._repos:
+ raise ValueError
+ repo = self._get_repo(dir_name)
+ if remote_name in repo.remotes:
+ if verbose:
+ print(CACHE_REMOTE_EXISTS.format(remote_name))
+ return
+ self._add_and_fetch_remote(repo, remote_name, url, verbose)
+
+ def remove_remote(self, url, name, verbose=False):
+ remote_name = self._create_name(url)
+ dir_name = self._create_name(name)
+ if dir_name not in self._repos:
+ raise ValueError
+ repo = self._get_repo(dir_name)
+ if remote_name not in repo.remotes:
+ raise IndexError
+ repo.remove_remote(repo.remotes[remote_name])
+
+ def update_cache(self, url_or_name=None, verbose=False):
+ if not self._repos:
+ raise FileNotFoundError
+ repo_dirs = self._repos.keys()
+
+ if url_or_name is not None:
+ dir_name = self._create_name(url_or_name)
+ if dir_name in self._repos:
+ repo_dirs = [dir_name]
+ else:
+ return
+
+ for dir_name in repo_dirs:
+ try:
+ repo = self._get_repo(dir_name)
+ except Exception:
+ print(CACHE_FAILED_TO_OPEN.format(dir_name))
+ continue
+ for remote in repo.remotes:
+ if verbose:
+ print(CACHE_FETCH_REMOTE.format(dir_name, remote.url))
+ remote.fetch(progress=GitProgressHandler())
+
+ def clean_cache(self, verbose=False):
+ raise NotImplementedError
diff --git a/project_utils/project_utils_strings.py b/project_utils/project_utils_strings.py
index 33c22d2..1547978 100644
--- a/project_utils/project_utils_strings.py
+++ b/project_utils/project_utils_strings.py
@@ -22,3 +22,14 @@ SUBMOD_DEINIT_PATH = 'Submodule deinit: {}'
SUBMOD_SYNC_PATH = 'Submodule sync: {}'
SUBMOD_UPDATE_PATH = 'Submodule update: {}'
SUBMOD_EXCEPTION = '- Exception: {}'
+
+# Caching support strings
+CACHE_ADD_REMOTE = '+ Adding remote {} ({})'
+CACHE_FETCH_REMOTE = '+ Fetching data for {} ({})'
+CACHE_CHECK_ROOT_DIR = '+ Creating cache root directory: {}'
+CACHE_FAILED_TO_OPEN = '- Failed to open cache: {}'
+CACHE_FAILED_TO_CLOSE = '- Failed to close cache: {}'
+CACHE_REPO_EXISTS = '- Repo {} already exists.'
+CACHE_ADDING_REPO = '+ Adding cache repo {}'
+CACHE_REMOVE_REPO = '- Removing cache repo: {}'
+CACHE_REMOTE_EXISTS = '- Remote {} already exists.'
--
2.21.0.windows.1


[edk2-staging/EdkRepo] [PATCH v1 0/2] Adding local repo cache support

Bjorge, Erik C
 

Adding local repo cache support to improve clone times.

Cc: Ashley E Desimone <ashley.e.desimone@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Puja Pandya <puja.pandya@intel.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Prince Agyeman <prince.agyeman@intel.com>
Cc: Erik Bjorge <erik.c.bjorge@intel.com>
Signed-off-by: Erik Bjorge <erik.c.bjorge@intel.com>

Erik Bjorge (2):
EdkRepo: Add cache command
EdkRepo: Enable use of repo cache support.

edkrepo/commands/arguments/cache_args.py | 19 ++
edkrepo/commands/cache_command.py | 118 ++++++++++++
edkrepo/commands/checkout_command.py | 3 +-
edkrepo/commands/checkout_pin_command.py | 8 +-
edkrepo/commands/clone_command.py | 15 +-
edkrepo/commands/humble/cache_humble.py | 17 ++
edkrepo/commands/sync_command.py | 12 +-
edkrepo/common/common_cache_functions.py | 41 +++++
edkrepo/common/common_repo_functions.py | 25 ++-
edkrepo/common/edkrepo_exception.py | 3 +
edkrepo/config/config_factory.py | 14 +-
edkrepo/config/tool_config.py | 5 +-
project_utils/cache.py | 224 +++++++++++++++++++++++
project_utils/project_utils_strings.py | 11 ++
project_utils/submodule.py | 13 +-
15 files changed, 509 insertions(+), 19 deletions(-)
create mode 100644 edkrepo/commands/arguments/cache_args.py
create mode 100644 edkrepo/commands/cache_command.py
create mode 100644 edkrepo/commands/humble/cache_humble.py
create mode 100644 edkrepo/common/common_cache_functions.py
create mode 100644 project_utils/cache.py

--
2.21.0.windows.1


[PATCH] SecurityPkg: Add RPMC Index to the RpmcLib

Nishant Mistry <nishant.c.mistry@...>
 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

The re-design requires multiple RPMC counter usages.
The consumer will be capable of selecting amongst multiple counters.

Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
---
SecurityPkg/Include/Library/RpmcLib.h | 6 +++++-
SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Library/RpmcLib.h
index 5882bfae2f..3c15bce1ce 100644
--- a/SecurityPkg/Include/Library/RpmcLib.h
+++ b/SecurityPkg/Include/Library/RpmcLib.h
@@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/**
Requests the monotonic counter from the designated RPMC counter.

+ @param[in] CounterIndex The RPMC index
@param[out] CounterValue A pointer to a buffer to store the RPMC value.

@retval EFI_SUCCESS The operation completed successfully.
@@ -23,12 +24,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
RequestMonotonicCounter (
+ IN UINT8 CounterIndex,
OUT UINT32 *CounterValue
);

/**
Increments the monotonic counter in the SPI flash device by 1.

+ @param[in] CounterIndex The RPMC index
+
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter.
@retval EFI_UNSUPPORTED The operation is un-supported.
@@ -36,7 +40,7 @@ RequestMonotonicCounter (
EFI_STATUS
EFIAPI
IncrementMonotonicCounter (
- VOID
+ IN UINT8 CounterIndex
);

#endif
diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
index e1dd09eb10..697e493a7c 100644
--- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
+++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
@@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
/**
Requests the monotonic counter from the designated RPMC counter.

+ @param[in] CounterIndex The RPMC index
@param[out] CounterValue A pointer to a buffer to store the RPMC value.

@retval EFI_SUCCESS The operation completed successfully.
@@ -21,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
RequestMonotonicCounter (
+ IN UINT8 CounterIndex,
OUT UINT32 *CounterValue
)
{
@@ -31,6 +33,8 @@ RequestMonotonicCounter (
/**
Increments the monotonic counter in the SPI flash device by 1.

+ @param[in] CounterIndex The RPMC index
+
@retval EFI_SUCCESS The operation completed successfully.
@retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter.
@retval EFI_UNSUPPORTED The operation is un-supported.
@@ -38,7 +42,7 @@ RequestMonotonicCounter (
EFI_STATUS
EFIAPI
IncrementMonotonicCounter (
- VOID
+ IN UINT8 CounterIndex
)
{
ASSERT (FALSE);
--
2.16.2.windows.1


Re: [edk2-test] [PATCH 0/3] Fixes to SctPkg/build.sh

Grant Likely
 

Whole patch series looks good to me.

Reviewed-by: Grant Likely <grant.likely@...>


Re: [PATCH v2 0/1] UefiPayloadPkg: Set default PciBaseSize on Ia32

Patrick Rudolph <patrick.rudolph@...>
 

Hi Guo,
Thanks for the review! I have no objections against your plan. We'll rebase our patches once it has landed in master.
Having the CI building UefiPayloadPkg would be great to prevent regressions in the future.

Kind Regards,
Patrick Rudolph
B.Sc. Electrical Engineering
System Firmware Developer


9elements GmbH, Kortumstraße 19-21, 44787 Bochum, Germany

Sitz der Gesellschaft: Bochum
Handelsregister: Amtsgericht Bochum, HRB 17519
Geschäftsführung: Sebastian Deutsch, Eray Basar


Am Di., 10. Nov. 2020 um 20:28 Uhr schrieb Dong, Guo <guo.dong@...>:

 

Hi Marcello,

 

The patch passed all checks now .https://github.com/tianocore/edk2/pull/1109

And I just send the patch out for code review. Please comments if you have question.

 

I briefly reviewed your secureboot work, both BlSMMStoreDxe.inf and  SecureBootEnrollDefaultKeys are DXE driver, I don’t see any dependency to PEI.

And here is my though for the overall flow for the default key enrollment:

  1. Bootloader pass the NVS variable region to UEFI payload via HOB
    1. Bootloader might provision the default keys in variable region.
  2. UEFI payload retrieve the variable region from HOB.
    1. This could be done via a PlatformSupportLib instance, or add to ParseLib.
  3. UEFI payload BlSupportDxe modules could set variable related PCDs if the variable HOB found.
  4. UEFI payload FVB driver or a new driver (SecureBootEnrollDefaultKeys in your case) could check if variable region is initialized. UEFI payload could setup the default Keys only when the variable region is not initialized. This should only happens once if the bootloader doesn’t provision default keys.
  5. Use the EDKII variable driver should work.

Feel free to contact me if you want to discuss it further.

 

Thanks,

Guo

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Marcello Sylvester Bauer
Sent: Tuesday, November 10, 2020 6:24 AM
To: Dong, Guo <guo.dong@...>
Cc: devel@edk2.groups.io; Ma, Maurice <maurice.ma@...>; patrick.rudolph@...; You, Benjamin <benjamin.you@...>
Subject: Re: [edk2-devel] [PATCH v2 0/1] UefiPayloadPkg: Set default PciBaseSize on Ia32

 

Hi Guo,

 

> Removing the PEI phase could simplify the UEFI payload, the PEI FV will be replaced by a single UefiPayloadEntry module which only does minimal work and passes control to DXE core. So we don’t need have a PEI core and other PEI modules in UEFI payload. It would reduce payload size and improve the boot performance.

 

Okay, this makes very much sense. Is there an approximate estimate of when it will be finished? It would be great if we could still merge this patch anyway somehow. 

 

> I don’t know how your upcoming patches and your secureboot works in UEFI payload PEI. I could take a look and give comments if you have the change list.

It is still WIP but could be adapted: https://github.com/9elements/edk2/tree/feature/secureboot

Thanks,
Marcello



 

On Tue, Nov 10, 2020 at 5:14 AM Dong, Guo <guo.dong@...> wrote:

 

Hi Marcello,

 

Removing the PEI phase could simplify the UEFI payload, the PEI FV will be replaced by a single UefiPayloadEntry module which only does minimal work and passes control to DXE core. So we don’t need have a PEI core and other PEI modules in UEFI payload. It would reduce payload size and improve the boot performance.

 

I don’t know how your upcoming patches and your secureboot works in UEFI payload PEI. I could take a look and give comments if you have the change list.

 

Thank you to point out the failure. I will update the patch and create a PR.

 

Thanks,

Guo

 

From: Marcello Sylvester Bauer <marcello.bauer@...>
Sent: Monday, November 9, 2020 3:47 AM
To: Dong, Guo <guo.dong@...>
Cc: devel@edk2.groups.io; Ma, Maurice <maurice.ma@...>; patrick.rudolph@...; You, Benjamin <benjamin.you@...>
Subject: Re: [edk2-devel] [PATCH v2 0/1] UefiPayloadPkg: Set default PciBaseSize on Ia32

 

Hi Guo,

 

Sounds good to remove the IA32 target and stick to a single DSC file. However, Is there an advantage to remove the PEI phase? It breaks many of our upcoming patches, which currently rely on the PEI phase (e.g. SecureBoot support).

In addition to the failed PatchCheck, it does not build on Linux gcc: https://github.com/9elements/edk2/runs/1373473040

thanks,
Marcello

 

On Sat, Oct 24, 2020 at 12:36 AM Dong, Guo <guo.dong@...> wrote:

 

Hi Marcello,

 

It looks there is issue for the CI tool to complete all the checks. So I just closed this PR.

 

And I just created another PR https://github.com/tianocore/edk2/pull/1046 to remove PEI phase from UEFI payload.

If the new patch is approved, we don’t need this patch to update DSC file.

In the new patch, UEFI payload would use a single DSC file to support X64, IA32X64 and possibly IA32 build.

Please have a look at that PR and let me know if you have any comments.

 

Thanks,

Guo

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guo Dong
Sent: Thursday, October 22, 2020 7:49 PM
To: Marcello Sylvester Bauer <marcello.bauer@...>; Ma, Maurice <maurice.ma@...>
Cc: devel@edk2.groups.io; patrick.rudolph@...; You, Benjamin <benjamin.you@...>
Subject: Re: [edk2-devel] [PATCH v2 0/1] UefiPayloadPkg: Set default PciBaseSize on Ia32

 

 

Hi Marcello,

 

Sorry for late response. I created a pull request https://github.com/tianocore/edk2/pull/1044 to merge this patch 2 hours ago.

Hopefully it could be merged soon after all the checks.

 

Thanks,

Guo

 

From: Marcello Sylvester Bauer <marcello.bauer@...>
Sent: Thursday, October 22, 2020 1:25 AM
To: Ma, Maurice <maurice.ma@...>
Cc: devel@edk2.groups.io; patrick.rudolph@...; Dong, Guo <guo.dong@...>; You, Benjamin <benjamin.you@...>
Subject: Re: [PATCH v2 0/1] UefiPayloadPkg: Set default PciBaseSize on Ia32

 

Hi,

As already mentioned, this patch fixes the current master build for the UefiPayloadPkgIa32 platform.
Is it possible to merge this change soon?

 

Sorry for the circumstances.


thanks,
Marcello

On Tue, Oct 13, 2020 at 9:02 PM Ma, Maurice <maurice.ma@...> wrote:

Reviewed-by:
Maurice Ma <maurice.ma@...>

> -----Original Message-----
> From: Marcello Sylvester Bauer <marcello.bauer@...>
> Sent: Tuesday, October 13, 2020 6:34
> To: devel@edk2.groups.io
> Cc: Marcello Sylvester Bauer <marcello.bauer@...>;
> patrick.rudolph@...; Ma, Maurice <maurice.ma@...>; Dong,
> Guo <guo.dong@...>; You, Benjamin <benjamin.you@...>
> Subject: [PATCH v2 0/1] UefiPayloadPkg: Set default PciBaseSize on Ia32
>
> This commit fix UefiPayloadPkgIa32 build in master.
>
> In commit 8028b2907e20b21cd7d69639a36ac82a77c81dc1 I did forget to set
> the default value for PcdPciExpressBaseSize on Ia32 Targets. This patch does
> insert it afterwards. It would be great if it could be merged asap.
>
> PS: I added the Ia32 target to our CI to avoid this issue in future. Sorry for the
> misfortune.
>
> v2:
>   * Remove no longer required build-time PcdPciExpressBaseAddress
>
> Branch: https://github.com/9elements/edk2/tree/fix/UefiPayloadPkgIa32_V2
> PR:     https://github.com/tianocore/edk2/pull/1008
>
> Marcello Sylvester Bauer (1):
>   UefiPayloadPkg: Set default PciBaseSize on Ia32
>
>  UefiPayloadPkg/UefiPayloadPkgIa32.dsc | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> --
> 2.28.0


 

--

[Marcello Sylvester Bauer] 

 

9elements Agency GmbH, Kortumstraße 19-21, 44787 Bochum, Germany

 

Sitz der Gesellschaft: Bochum

Handelsregister: Amtsgericht Bochum, HRB 17519

Geschäftsführung: Sebastian Deutsch, Eray Basar


 

--

[Marcello Sylvester Bauer] 

 

9elements Agency GmbH, Kortumstraße 19-21, 44787 Bochum, Germany

 

Sitz der Gesellschaft: Bochum

Handelsregister: Amtsgericht Bochum, HRB 17519

Geschäftsführung: Sebastian Deutsch, Eray Basar


 

--

[Marcello Sylvester Bauer] 

 

9elements Agency GmbH, Kortumstraße 19-21, 44787 Bochum, Germany

 

Sitz der Gesellschaft: Bochum

Handelsregister: Amtsgericht Bochum, HRB 17519

Geschäftsführung: Sebastian Deutsch, Eray Basar


Re: : Query regarding IsTextShdr inside Basetools

Laszlo Ersek
 

On 11/11/20 23:40, Laszlo Ersek wrote:
Ard, Liming,

can you please take a look?

Thanks!
Laszlo
Darn, I used Liming's old email address. Correcting it now. Sorry!

Laszlo


On 11/10/20 14:07, Mukesh Ojha wrote:
Hi All,

I have a doubt about the check we have put inside IsTextShdr() .

STATIC
BOOLEAN
IsTextShdr (
  Elf_Shdr *Shdr
  )
{
  return (BOOLEAN) ((Shdr->sh_flags & (SHF_WRITE | SHF_ALLOC)) ==
SHF_ALLOC);
}


We are observing one issue where while generate EFI using GenFW in EDK2
because test/data section offset is different than calculated
mCoffSectionsOffset when scanning sections.
I run GenFW with a failure dll in my local after adding some logs into
GenFW. and found that “mCoffSectionsOffset” for data section seems not
to have expected value due to
“.note.gnu.property” size. Because compiled dll has “.note.gnu.property”
section with alloc flag and GenFW thinks that it’s a text section if
alloc flag is set.
So its size is added to the mCoffSectionsOffset.

Could you please give us an advice whether we can fix IsTextShdr()
function like below ?


--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -229,7 +229,7 @@ IsTextShdr (
   Elf_Shdr *Shdr
   )
{
-  return (BOOLEAN) ((Shdr->sh_flags & (SHF_WRITE | SHF_ALLOC)) ==
SHF_ALLOC);
+  return (BOOLEAN) ((Shdr->sh_flags & (SHF_EXECINSTR | SHF_WRITE |
SHF_ALLOC)) == (SHF_ALLOC | SHF_EXECINSTR));^


Thanks,
Mukesh





Re: : Query regarding IsTextShdr inside Basetools

Laszlo Ersek
 

Ard, Liming,

can you please take a look?

Thanks!
Laszlo

On 11/10/20 14:07, Mukesh Ojha wrote:
Hi All,

I have a doubt about the check we have put inside IsTextShdr() .

STATIC
BOOLEAN
IsTextShdr (
  Elf_Shdr *Shdr
  )
{
  return (BOOLEAN) ((Shdr->sh_flags & (SHF_WRITE | SHF_ALLOC)) ==
SHF_ALLOC);
}


We are observing one issue where while generate EFI using GenFW in EDK2
because test/data section offset is different than calculated
mCoffSectionsOffset when scanning sections.
I run GenFW with a failure dll in my local after adding some logs into
GenFW. and found that “mCoffSectionsOffset” for data section seems not
to have expected value due to
“.note.gnu.property” size. Because compiled dll has “.note.gnu.property”
section with alloc flag and GenFW thinks that it’s a text section if
alloc flag is set.
So its size is added to the mCoffSectionsOffset.

Could you please give us an advice whether we can fix IsTextShdr()
function like below ?


--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -229,7 +229,7 @@ IsTextShdr (
   Elf_Shdr *Shdr
   )
{
-  return (BOOLEAN) ((Shdr->sh_flags & (SHF_WRITE | SHF_ALLOC)) ==
SHF_ALLOC);
+  return (BOOLEAN) ((Shdr->sh_flags & (SHF_EXECINSTR | SHF_WRITE |
SHF_ALLOC)) == (SHF_ALLOC | SHF_EXECINSTR));^


Thanks,
Mukesh





Re: [PATCH v1 1/1] UefiCpuPkg: Clean up save state boundary checks and comments.

Laszlo Ersek
 

On 11/11/20 17:20, Mark Wilson wrote:
I've been swamped and finally getting back to this. I'll update the subject line as suggested.

As far as unrelated cosmetic changes, I can just drop them from this. I don't like having a separate commit just for some cosmetic changes such as spacing.
Dropping the whitespace modifications is OK.

Thanks!
Laszlo

16761 - 16780 of 84031