Date   

回复: 回复: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification updates

gaoliming
 

Sami:
This approach is good. For this patch set, Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>.

Thanks
Liming

-----邮件原件-----
发件人: Sami Mujawar <Sami.Mujawar@arm.com>
发送时间: 2021年6月21日 17:57
收件人: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io
抄送: Alexei Fedorov <Alexei.Fedorov@arm.com>;
ardb+tianocore@kernel.org; Matteo Carlini <Matteo.Carlini@arm.com>; Ben
Adderson <Ben.Adderson@arm.com>; Steven Price <Steven.Price@arm.com>;
Lorenzo Pieralisi <Lorenzo.Pieralisi@arm.com>; michael.d.kinney@intel.com;
zhiguang.liu@intel.com; ray.ni@intel.com; zhichao.gao@intel.com; nd
<nd@arm.com>
主题: Re: 回复: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification
updates

Hi Liming,

Please find my response inline marked [SAMI].

Regards,

Sami Mujawar

On 18/06/2021, 01:49, "gaoliming" <gaoliming@byosoft.com.cn> wrote:

Sami:
I agree this change. With this patch, will you update the existing
platform to use the matched version macro
EFI_ACPI_IO_REMAPPING_TABLE_REV0?
[SAMI] I can update the platforms in edk2-platforms as a follow-on patch. In
that case the macro EFI_ACPI_IO_REMAPPING_TABLE_REVISION can also be
removed.
Please let me know if this approach would be better, and I can send an
update.
[/SAMI]

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sami
> Mujawar
> 发送时间: 2021年6月17日 17:55
> 收件人: devel@edk2.groups.io
> 抄送: Sami Mujawar <sami.mujawar@arm.com>;
Alexei.Fedorov@arm.com;
> ardb+tianocore@kernel.org; Matteo.Carlini@arm.com;
> Ben.Adderson@arm.com; steven.price@arm.com;
> Lorenzo.Pieralisi@arm.com; michael.d.kinney@intel.com;
> gaoliming@byosoft.com.cn; zhiguang.liu@intel.com; ray.ni@intel.com;
> zhichao.gao@intel.com; nd@arm.com
> 主题: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification updates
>
> Bugzilla: 3458 - Add support IORT Rev E.b specification updates
> (https://bugzilla.tianocore.org/show_bug.cgi?id=3458)
>
> The IO Remapping Table (IORT) specification has been updated to
> rev E.b. The following updates are introduced including the errata
> to rev E and E.a:
> - increments the IORT table revision to 3.
> - updates the node definition to add an 'Identifier' field.
> - adds definition of node type 6 - Reserved Memory Range node.
> - adds definition for Memory Range Descriptors.
> - adds flag to indicate PRI support for root complexes.
> - adds flag to indicate if the root complex supports forwarding
> of PASID information on translated transactions to the SMMU.
>
> The v1 patch series:
> - Updates the IORT header file to match the Rev E.b specification.
> - Add support to parse IORT Rev E.b tables
> - Add support to generate IORT Rev E.b compliant ACPI tables
> using Dynamic Tables Framework.
>
> This v2 patch series includes all changes from v1 patch series
> except the following 2 patches have been modified to set the
> EFI_ACPI_IO_REMAPPING_TABLE_REVISION macro to Rev 0 as setting
> to Rev 3 will break existing platforms, the problem being that
> the Identifier field in the IORT nodes would not be unique.
> - MdePkg: IORT header update for IORT Rev E.b spec
> - DynamicTablesPkg: IORT generator updates for Rev E.b spec
>
> The changes can be seen at:
> https://github.com/samimujawar/edk2/tree/1527_iort_rev_eb_v2
>
> Sami Mujawar (8):
> MdePkg: Fix IORT header file include guard
> MdePkg: IORT header update for IORT Rev E.b spec
> ShellPkg: Acpiview: Abbreviate field names to preserve alignment
> ShellPkg: Acpiview: IORT parser update for IORT Rev E.b spec
> DynamicTablesPkg: IORT set reference to Id array only if present
> DynamicTablesPkg: IORT set reference to interrupt array if present
> DynamicTablesPkg: Update ArmNameSpaceObjects for IORT Rev
E.b
> DynamicTablesPkg: IORT generator updates for Rev E.b spec
>
> DynamicTablesPkg/Include/ArmNameSpaceObjects.h
> | 58 ++
> DynamicTablesPkg/Library/Acpi/Arm/AcpiIortLibArm/IortGenerator.c
> | 772 ++++++++++++++++++--
> DynamicTablesPkg/Library/Acpi/Arm/AcpiIortLibArm/IortGenerator.h
> | 5 +-
> MdePkg/Include/IndustryStandard/IoRemappingTable.h
> | 71 +-
>
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c |
> 207 +++++-
> 5 files changed, 1013 insertions(+), 100 deletions(-)
>
> --
> 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'
>
>
>
>
>



Re: [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native instruction support for X64

Christopher Zurcher
 

Yes this was discussed last year, sorry for the delay in follow-up, I was changing jobs.
The problem is that the assembly code provided by OpenSSL uses "wrt ..imagebase" which is only supported by win64, not elf64. It was requested at the time that I include the OpenSSL-provided .S files as a GCC tool chain alternative.

Thanks,
Christopher Zurcher

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Sunday, June 20, 2021 18:34
To: devel@edk2.groups.io; christopher.zurcher@outlook.com
Cc: 'Jiewen Yao' <jiewen.yao@intel.com>; 'Jian J Wang' <jian.j.wang@intel.com>; 'Xiaoyu Lu' <xiaoyux.lu@intel.com>; 'Mike Kinney' <michael.d.kinney@intel.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com>
Subject: 回复: [edk2-devel] [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native instruction support for X64

Christopher:
Nasm should support GCC tool chain. Do you meet with the problem on nasm version assembly code?
So, you have to add GAS assembly code. This topic may be discussed last year. Can you give some detail for it?

Thanks
Liming
-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Christopher
Zurcher
发送时间: 2021年6月19日 10:09
收件人: devel@edk2.groups.io
抄送: Jiewen Yao <jiewen.yao@intel.com>; Jian J Wang
<jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Mike Kinney
<michael.d.kinney@intel.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>
主题: [edk2-devel] [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native
instruction support for X64

From: Christopher Zurcher <christopher.zurcher@microsoft.com>

V6 Changes:
Add GCC-compatible version of these modifications. Supporting GCC
build
of
native OpenSSL .S files requires removal of *(COMMON) from the
/DISCARD/
section of the GCC linker script.
The VS/CLANG portion of the patch is unchanged from the
previously-approved
patchset.

V5 Changes:
Move ApiHooks.c into X64 folder
Update process_files.pl to clean architecture-specific subfolders
without
removing them
Rebased INF file to merge latest changes regarding RngLib vs.
TimerLib

V4 Changes:
Add copyright header to uefi-asm.conf
Move [Sources.X64] block to cover entire X64-specific config

V3 Changes:
Added definitions for ptrdiff_t and wchar_t to CrtLibSupport.h for
LLVM/Clang build support.
Added -UWIN32 to GCC Flags for LLVM/Clang build support.
Added missing AES GCM assembly file.

V2 Changes:
Limit scope of assembly config to SHA and AES functions.
Removed IA32 native support (reduced config was causing build
failure
and
can be added in a later patch).
Removed XMM instructions from assembly generation.
Added automatic copyright header porting for generated assembly files.

This patch adds support for building the native instruction algorithms
for the X64 architecture in OpensslLib. The process_files.pl script
was
modified
to parse the .asm file targets from the OpenSSL build config data
struct,
and
generate the necessary assembly files for the EDK2 build environment.

For the X64 variant, OpenSSL includes calls to a Windows error
handling
API,
and that function has been stubbed out in ApiHooks.c.

For all variants, a constructor is added to call the required CPUID
function
within OpenSSL to facilitate processor capability checks in the native
algorithms.

Additional native architecture variants should be simple to add by
following
the changes made for this architecture.

The OpenSSL assembly files are traditionally generated at build time
using
a
perl script. To avoid that burden on EDK2 users, these end-result
assembly files are generated during the configuration steps performed
by the
package
maintainer (through process_files.pl). The perl generator scripts
inside OpenSSL do not parse file comments as they are only meant to
create intermediate build files, so process_files.pl contains
additional hooks to preserve the copyright headers as well as clean up
tabs and line endings
to
comply with EDK2 coding standards. The resulting file headers align
with the generated .h files which are already included in the EDK2 repository.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Mike Kinney <michael.d.kinney@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Christopher Zurcher (2):
CryptoPkg/OpensslLib: Add native instruction support for X64
CryptoPkg/OpensslLib: Commit the auto-generated assembly files for
X64

BaseTools/Scripts/GccBase.lds
| 1 -
CryptoPkg/CryptoPkg.ci.yaml
| 21 +-
CryptoPkg/Library/Include/CrtLibSupport.h
| 2 +
CryptoPkg/Library/Include/openssl/opensslconf.h
| 3 -
CryptoPkg/Library/OpensslLib/OpensslLib.inf
| 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
| 44 +
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
| 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
| 653 +++
CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
| 653 +++
CryptoPkg/Library/OpensslLib/UefiAsm.conf
| 30 +
CryptoPkg/Library/OpensslLib/X64/ApiHooks.c
| 22 +
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
| 732 +++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
| 1916 ++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
| 78 +
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
| 5103 ++++++++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
| 1173 +++++
CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
| 34 +
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
| 1569 ++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
| 3137 ++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
| 2884 +++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
| 3461 +++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
| 3313 +++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
| 1938 ++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
| 491 ++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-mb-x86_64.S
| 552 +++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha1-x86_64.S
| 1719 +++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha256-x86_64.S
|
69 +
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-x86_64.S
| 4484 +++++++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/vpaes-x86_64.S
| 863 ++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/aesni-gcm-x86_64.S
| 29 +
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/ghash-x86_64.S
| 1386 ++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-mb-x86_64.S
| 2962 ++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-x86_64.S
| 2631 ++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-mb-x86_64.S
| 3286 +++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-x86_64.S
| 3097 ++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha512-x86_64.S
| 1811 +++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/x86_64cpuid.S
| 491 ++
CryptoPkg/Library/OpensslLib/process_files.pl
| 241 +-
38 files changed, 50828 insertions(+), 55 deletions(-) create mode
100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
create mode 100644 CryptoPkg/Library/OpensslLib/UefiAsm.conf
create mode 100644 CryptoPkg/Library/OpensslLib/X64/ApiHooks.c
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha1-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha256-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/vpaes-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/aesni-gcm-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/ghash-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha512-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/x86_64cpuid.S

--
2.32.0.windows.1





[PATCH v1 1/1] MdeModulePkg/BdsDxe: Update BdsEntry to use Variable Policy

Kenneth Lautner
 

From: Ken Lautner <klautner@microsoft.com>

Changed BdsEntry.c to use Variable Policy instead of Variable Lock
as Variable Lock will be Deprecated eventually

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>

Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
---
MdeModulePkg/Universal/BdsDxe/Bds.h | 1 -
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf | 3 ++-
MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 20 +++++++++++++++-----
3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/MdeModulePkg/Universal/BdsDxe/Bds.h b/MdeModulePkg/Universal/B=
dsDxe/Bds.h
index e7a9b5b4b7cb..84548041e861 100644
--- a/MdeModulePkg/Universal/BdsDxe/Bds.h
+++ b/MdeModulePkg/Universal/BdsDxe/Bds.h
@@ -17,7 +17,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
=0D
#include <Protocol/Bds.h>=0D
#include <Protocol/LoadedImage.h>=0D
-#include <Protocol/VariableLock.h>=0D
#include <Protocol/DeferredImageLoad.h>=0D
=0D
#include <Library/UefiDriverEntryPoint.h>=0D
diff --git a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf b/MdeModulePkg/Univer=
sal/BdsDxe/BdsDxe.inf
index 9310b4dccb18..5bac635def93 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+++ b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@@ -50,6 +50,7 @@
BaseMemoryLib=0D
DebugLib=0D
UefiBootManagerLib=0D
+ VariablePolicyHelperLib=0D
PlatformBootManagerLib=0D
PcdLib=0D
PrintLib=0D
@@ -77,7 +78,7 @@
[Protocols]=0D
gEfiBdsArchProtocolGuid ## PRODUCES=0D
gEfiSimpleTextInputExProtocolGuid ## CONSUMES=0D
- gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES=0D
+ gEdkiiVariablePolicyProtocolGuid ## SOMETIMES_CONSUMES=0D
gEfiDeferredImageLoadProtocolGuid ## CONSUMES=0D
=0D
[FeaturePcd]=0D
diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Univer=
sal/BdsDxe/BdsEntry.c
index 83b773a2fa5f..13c10bdc5bf8 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
+++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
@@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "Bds.h"=0D
#include "Language.h"=0D
#include "HwErrRecSupport.h"=0D
+#include <Library/VariablePolicyHelperLib.h>=0D
=0D
#define SET_BOOT_OPTION_SUPPORT_KEY_COUNT(a, c) { \=0D
(a) =3D ((a) & ~EFI_BOOT_OPTION_SUPPORT_COUNT) | (((c) << LowBitSet3=
2 (EFI_BOOT_OPTION_SUPPORT_COUNT)) & EFI_BOOT_OPTION_SUPPORT_COUNT); \=0D
@@ -670,7 +671,7 @@ BdsEntry (
EFI_STATUS Status;=0D
UINT32 BootOptionSupport;=0D
UINT16 BootTimeOut;=0D
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;=0D
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;=0D
UINTN Index;=0D
EFI_BOOT_MANAGER_LOAD_OPTION LoadOption;=0D
UINT16 *BootNext;=0D
@@ -716,12 +717,21 @@ BdsEntry (
//=0D
// Mark the read-only variables if the Variable Lock protocol exists=0D
//=0D
- Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (=
VOID **) &VariableLock);=0D
- DEBUG ((EFI_D_INFO, "[BdsDxe] Locate Variable Lock protocol - %r\n", Sta=
tus));=0D
+ Status =3D gBS->LocateProtocol(&gEdkiiVariablePolicyProtocolGuid, NULL, =
(VOID**)&VariablePolicy);=0D
+ DEBUG((DEBUG_INFO, "[BdsDxe] Locate Variable Policy protocol - %r\n", St=
atus));=0D
if (!EFI_ERROR (Status)) {=0D
for (Index =3D 0; Index < ARRAY_SIZE (mReadOnlyVariables); Index++) {=
=0D
- Status =3D VariableLock->RequestToLock (VariableLock, mReadOnlyVaria=
bles[Index], &gEfiGlobalVariableGuid);=0D
- ASSERT_EFI_ERROR (Status);=0D
+ Status =3D RegisterBasicVariablePolicy(=0D
+ VariablePolicy,=0D
+ &gEfiGlobalVariableGuid,=0D
+ mReadOnlyVariables[Index],=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_NOW=0D
+ );=0D
+ ASSERT_EFI_ERROR(Status);=0D
}=0D
}=0D
=0D
--=20
2.31.1.windows.1


Re: [PATCH RESEND v1 0/2] ArmVirtPkg: Enable PCIe support for Kvmtool

Alexandru Elisei
 

Hi Pierre,

On 6/15/21 4:21 PM, PierreGondois via groups.io wrote:
From: Pierre Gondois <Pierre.Gondois@arm.com>

PCIe support has been added to the Kvmtool virtual machine
manager. Therefore, add a PciHostBridgeUtilityLib and enable
PCIe support for Kvmtool firmware.

The patches were re-send as the devel@edk2.groups.io was not included.

The patches can be seen at: https://github.com/PierreARM/edk2/tree/1413_Enable_ArmVirt_Pci_v1
The results of the CI can be seen at: https://github.com/tianocore/edk2/pull/1718
Tested the patches with the latest version of the kvmtool PCI Express support [1],
and everything worked as expected. A summary of the tests that I ran can be found
at [1]. So you can add for the entire series:

Tested-by: Alexandru Elisei <alexandru.elisei@arm.com>

One thing of note is that applying patch #2 of this series on top of 11b1c1d4b98b
("SecurityPkg: TcgStorageOpalLib: Initialize SupportedAttributes parameter")
failed. However, building from your repo went fine, and the binary that I used for
testing was built from your repo.

[1] https://lore.kernel.org/kvm/20210621092128.11313-1-alexandru.elisei@arm.com/

Thanks,

Alex


Sami Mujawar (2):
ArmVirtPkg: Add PCIe host bridge utility lib for ArmVirtPkg
ArmVirtPkg: Enable PCIe support for Kvmtool

ArmVirtPkg/ArmVirtKvmTool.dsc | 35 ++-
ArmVirtPkg/ArmVirtKvmTool.fdf | 11 +-
.../ArmVirtPciHostBridgeUtilityLib.c | 219 ++++++++++++++++++
.../ArmVirtPciHostBridgeUtilityLib.inf | 39 ++++
4 files changed, 301 insertions(+), 3 deletions(-)
create mode 100644 ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLib/ArmVirtPciHostBridgeUtilityLib.c
create mode 100644 ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLib/ArmVirtPciHostBridgeUtilityLib.inf


[PATCH 2/2] UefiPayloadPkg: consume the BootManagerMenuFile HOB

duntan
 

Consume the BootManagerMenuFile HOB in PlatformBootManagerLib
This Lib is in UefiPayloadPkg

Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>

Signed-off-by: DunTan <dun.tan@intel.com>
---
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 5 ++++-
UefiPayloadPkg/UefiPayloadPkg.dsc | 2 +-
3 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
index fce48d26a1..afd9664959 100644
--- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
+++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
@@ -10,6 +10,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "PlatformBootManager.h"
#include "PlatformConsole.h"
#include <Protocol/PlatformBootManagerOverride.h>
+#include <Guid/BootManagerMenu.h>
+#include <Library/HobLib.h>

UNIVERSAL_PAYLOAD_PLATFORM_BOOT_MANAGER_OVERRIDE_PROTOCOL *mUniversalPayloadPlatformBootManagerOverrideInstance = NULL;

@@ -286,3 +288,52 @@ PlatformBootManagerUnableToBoot (
return;
}

+/**
+ Get/update PcdBootManagerMenuFile from GUID HOB which will be assigned in bootloader.
+
+ @retval EFI_SUCCESS The entry point is executed successfully.
+ @retval other Some error occurs.
+
+**/
+EFI_STATUS
+EFIAPI
+PlatformBootManagerLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+)
+{
+ EFI_STATUS Status;
+ UINTN Size;
+ VOID *GuidHob;
+ UNIVERSAL_PAYLOAD_GENERIC_HEADER *GenericHeader;
+ UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU *BootManagerMenuFile;
+ Status = EFI_SUCCESS;
+ GuidHob = GetFirstGuidHob (&gUniversalPayloadBootManagerMenuFileGuid);
+ //
+ // Find the buffer information and update PCDs
+ //
+ if (GuidHob == NULL) {
+ //
+ // If the HOB is not create, the default value of PcdBootManagerMenuFile will be used.
+ //
+ return EFI_SUCCESS;
+ }
+
+ GenericHeader = (UNIVERSAL_PAYLOAD_GENERIC_HEADER *) GET_GUID_HOB_DATA (GuidHob);
+ if ((sizeof (UNIVERSAL_PAYLOAD_GENERIC_HEADER) > GET_GUID_HOB_DATA_SIZE (GuidHob)) || (GenericHeader->Length > GET_GUID_HOB_DATA_SIZE (GuidHob))) {
+ return EFI_NOT_FOUND;
+ }
+ if (GenericHeader->Revision == UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_REVISION) {
+ BootManagerMenuFile = (UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU *) GET_GUID_HOB_DATA (GuidHob);
+ if (BootManagerMenuFile->Header.Length < UNIVERSAL_PAYLOAD_SIZEOF_THROUGH_FIELD (UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU, FileName)) {
+ return EFI_NOT_FOUND;
+ }
+ Size = sizeof (BootManagerMenuFile->FileName);
+ Status = PcdSetPtrS (PcdBootManagerMenuFile, &Size, &BootManagerMenuFile->FileName);
+ } else {
+ return EFI_NOT_FOUND;
+ }
+
+ ASSERT_EFI_ERROR (Status);
+ return EFI_SUCCESS;
+}
diff --git a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 600a535282..9c4943a0e0 100644
--- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -13,7 +13,7 @@
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = PlatformBootManagerLib|DXE_DRIVER
-
+ CONSTRUCTOR = PlatformBootManagerLibConstructor

#
# The following information is for reference only and not required by the build tools.
@@ -46,9 +46,11 @@
HiiLib
PrintLib
PlatformHookLib
+ HobLib

[Guids]
gEfiEndOfDxeEventGroupGuid
+ gUniversalPayloadBootManagerMenuFileGuid

[Protocols]
gEfiGenericMemTestProtocolGuid ## CONSUMES
@@ -70,3 +72,4 @@
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 21b360256b..e46b867d30 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -289,7 +289,6 @@
!endif
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
- gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }


!if $(SOURCE_DEBUG_ENABLE)
@@ -297,6 +296,7 @@
!endif

[PcdsPatchableInModule.common]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
!if $(SOURCE_DEBUG_ENABLE)
--
2.31.1.windows.1


[PATCH 1/2] UefiPayloadPkg: Add new structure for BootManagerMenuFile HOB

duntan
 

Add new structure for BootManagerMenuFile HOB in UefiPayloadPkg

Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>

Signed-off-by: DunTan <dun.tan@intel.com>
---
UefiPayloadPkg/Include/Guid/BootManagerMenu.h | 27 +++++++++++++++++++++++++++
UefiPayloadPkg/UefiPayloadPkg.dec | 3 +++
2 files changed, 30 insertions(+)

diff --git a/UefiPayloadPkg/Include/Guid/BootManagerMenu.h b/UefiPayloadPkg/Include/Guid/BootManagerMenu.h
new file mode 100644
index 0000000000..10fb874640
--- /dev/null
+++ b/UefiPayloadPkg/Include/Guid/BootManagerMenu.h
@@ -0,0 +1,27 @@
+/** @file
+ Define the structure for the Boot Manager Menu File.
+
+Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_H_
+#define UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_H_
+
+#include <Uefi.h>
+#include <UniversalPayload/UniversalPayload.h>
+
+#pragma pack (1)
+
+typedef struct {
+ UNIVERSAL_PAYLOAD_GENERIC_HEADER Header;
+ GUID FileName;
+} UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU;
+
+#pragma pack()
+
+#define UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_REVISION 1
+
+extern GUID gUniversalPayloadBootManagerMenuFileGuid;
+#endif
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dec b/UefiPayloadPkg/UefiPayloadPkg.dec
index 105e1f5a1c..850592976d 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dec
+++ b/UefiPayloadPkg/UefiPayloadPkg.dec
@@ -29,6 +29,9 @@
#
gBmpImageGuid = { 0x878AC2CC, 0x5343, 0x46F2, { 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } }

+ ##include/Guid/BootManagerMenu.h
+ gUniversalPayloadBootManagerMenuFileGuid = { 0xdf939333, 0x42fc, 0x4b2a, { 0xa5, 0x9e, 0xbb, 0xae, 0x82, 0x81, 0xfe, 0xef }}
+
gUefiSystemTableInfoGuid = {0x16c8a6d0, 0xfe8a, 0x4082, {0xa2, 0x8, 0xcf, 0x89, 0xc4, 0x29, 0x4, 0x33}}
gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}}
gUefiSerialPortInfoGuid = { 0x6c6872fe, 0x56a9, 0x4403, { 0xbb, 0x98, 0x95, 0x8d, 0x62, 0xde, 0x87, 0xf1 } }
--
2.31.1.windows.1


[PATCH 0/2] Add a new structure for BootManagerMenu HOB and consume it

duntan
 

Add a new structure for BootManagerMenu HOB in UefiPayloadPkg
Then consume the BootManagerMenuFile HOB

duntan (2):
UefiPayloadPkg: Add new structure for BootManagerMenuFile HOB
UefiPayloadPkg: consume the BootManagerMenuFile HOB

UefiPayloadPkg/Include/Guid/BootManagerMenu.h | 27 +++++++++++++++++++++++++++
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 5 ++++-
UefiPayloadPkg/UefiPayloadPkg.dec | 3 +++
UefiPayloadPkg/UefiPayloadPkg.dsc | 2 +-
5 files changed, 86 insertions(+), 2 deletions(-)
create mode 100644 UefiPayloadPkg/Include/Guid/BootManagerMenu.h

--
2.31.1.windows.1


Re: [PATCH v3] UefiPayloadPkg/UefiPayloadEntry: Improve bootloader memrange parsing

Ma, Maurice
 

Looks good to me.
Reviewed-by: Maurice Ma <maurice.ma@intel.com>

Regards
-Maurice

-----Original Message-----
From: Patrick Rudolph <patrick.rudolph@9elements.com>
Sent: Monday, June 21, 2021 1:10
To: devel@edk2.groups.io
Cc: Ma, Maurice <maurice.ma@intel.com>; Dong, Guo
<guo.dong@intel.com>; You, Benjamin <benjamin.you@intel.com>
Subject: [PATCH v3] UefiPayloadPkg/UefiPayloadEntry: Improve bootloader
memrange parsing

Currently several DXE crash due to invalid memory resource settings.
The PciHostBridgeDxe which expects the MMCONF and PCI Aperature to be
EfiMemoryMappedIO, but currently those regions are (partly) mapped as
EfiReservedMemoryType.

coreboot and slimbootloader provide an e820 compatible memory map,
which doesn't work well with EDK2 as the e820 spec is missing MMIO regions.
In e820 'reserved' could either mean "DRAM used by boot firmware" or
"MMIO in use and not detectable by OS".

Guess Top of lower usable DRAM (TOLUD) by walking the bootloader
provided memory ranges. Memory types of RAM, ACPI and ACPI NVS below
4 GiB are used to increment TOLUD and reserved memory ranges touching
TOLUD at the base are also assumed to be reserved DRAM, which increment
TOLUD.

Then mark everything reserved below TOLUD as EfiReservedMemoryType
and everything reserved above TOLUD as EfiMemoryMappedIO.

This fixes assertions seen in PciHostBridgeDxe.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
.../UefiPayloadEntry/UefiPayloadEntry.c | 190 +++++++++++++++++-
.../UefiPayloadEntry/UefiPayloadEntry.h | 10 +
2 files changed, 197 insertions(+), 3 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
index 805f5448d9..04c58f776c 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
@@ -7,10 +7,159 @@
#include "UefiPayloadEntry.h" +STATIC UINT32 mTopOfLowerUsableDram =
0;+ /** Callback function to build resource descriptor HOB This function
build a HOB based on the memory map entry info.+ It creates only
EFI_RESOURCE_MEMORY_MAPPED_IO and
EFI_RESOURCE_MEMORY_RESERVED+ resources.++ @param
MemoryMapEntry Memory map entry info got from bootloader.+
@param Params A pointer to ACPI_BOARD_INFO.++ @retval
EFI_SUCCESS Successfully build a HOB.+ @retval
EFI_INVALID_PARAMETER Invalid parameter
provided.+**/+EFI_STATUS+MemInfoCallbackMmio (+ IN
MEMROY_MAP_ENTRY *MemoryMapEntry,+ IN VOID
*Params+ )+{+ EFI_PHYSICAL_ADDRESS Base;+ EFI_RESOURCE_TYPE
Type;+ UINT64 Size;+ EFI_RESOURCE_ATTRIBUTE_TYPE
Attribue;+ ACPI_BOARD_INFO *AcpiBoardInfo;++ AcpiBoardInfo =
(ACPI_BOARD_INFO *)Params;+ if (AcpiBoardInfo == NULL) {+ return
EFI_INVALID_PARAMETER;+ }++ //+ // Skip types already handled in
MemInfoCallback+ //+ if (MemoryMapEntry->Type == E820_RAM ||
MemoryMapEntry->Type == E820_ACPI) {+ return EFI_SUCCESS;+ }++ if
(MemoryMapEntry->Base == AcpiBoardInfo->PcieBaseAddress) {+ //+ //
MMCONF is always MMIO+ //+ Type =
EFI_RESOURCE_MEMORY_MAPPED_IO;+ } else if (MemoryMapEntry->Base
< mTopOfLowerUsableDram) {+ //+ // It's in DRAM and thus must be
reserved+ //+ Type = EFI_RESOURCE_MEMORY_RESERVED;+ } else if
((MemoryMapEntry->Base < 0x100000000ULL) && (MemoryMapEntry-
Base >= mTopOfLowerUsableDram)) {+ //+ // It's not in DRAM, must be
MMIO+ //+ Type = EFI_RESOURCE_MEMORY_MAPPED_IO;+ } else {+
Type = EFI_RESOURCE_MEMORY_RESERVED;+ }++ Base =
MemoryMapEntry->Base;+ Size = MemoryMapEntry->Size;++ Attribue =
EFI_RESOURCE_ATTRIBUTE_PRESENT |+
EFI_RESOURCE_ATTRIBUTE_INITIALIZED |+
EFI_RESOURCE_ATTRIBUTE_TESTED |+
EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |+
EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |+
EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |+
EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE;++
BuildResourceDescriptorHob (Type, Attribue, (EFI_PHYSICAL_ADDRESS)Base,
Size);+ DEBUG ((DEBUG_INFO , "buildhob: base = 0x%lx, size = 0x%lx, type =
0x%x\n", Base, Size, Type));++ if (MemoryMapEntry->Type ==
E820_UNUSABLE ||+ MemoryMapEntry->Type == E820_DISABLED) {+
BuildMemoryAllocationHob (Base, Size, EfiUnusableMemory);+ } else if
(MemoryMapEntry->Type == E820_PMEM) {+ BuildMemoryAllocationHob
(Base, Size, EfiPersistentMemory);+ }++ return EFI_SUCCESS;+}+++/**+
Callback function to find TOLUD (Top of Lower Usable DRAM)++ Estimate
where TOLUD (Top of Lower Usable DRAM) resides. The exact position+
would require platform specific code.++ @param MemoryMapEntry
Memory map entry info got from bootloader.+ @param Params Not
used for now.++ @retval EFI_SUCCESS Successfully updated
mTopOfLowerUsableDram.+**/+EFI_STATUS+FindToludCallback (+ IN
MEMROY_MAP_ENTRY *MemoryMapEntry,+ IN VOID
*Params+ )+{+ //+ // This code assumes that the memory map on this x86
machine below 4GiB is continous+ // until TOLUD. In addition it assumes that
the bootloader provided memory tables have+ // no "holes" and thus the
first memory range not covered by e820 marks the end of+ // usable DRAM.
In addition it's assumed that every reserved memory region touching+ //
usable RAM is also covering DRAM, everything else that is marked reserved
thus must be+ // MMIO not detectable by bootloader/OS+ //++ //+ // Skip
memory types not RAM or reserved+ //+ if ((MemoryMapEntry->Type ==
E820_UNUSABLE) || (MemoryMapEntry->Type == E820_DISABLED) ||+
(MemoryMapEntry->Type == E820_PMEM)) {+ return EFI_SUCCESS;+ }++
//+ // Skip resources above 4GiB+ //+ if ((MemoryMapEntry->Base +
MemoryMapEntry->Size) > 0x100000000ULL) {+ return EFI_SUCCESS;+ }++
if ((MemoryMapEntry->Type == E820_RAM) || (MemoryMapEntry->Type ==
E820_ACPI) ||+ (MemoryMapEntry->Type == E820_NVS)) {+ //+ // It's
usable DRAM. Update TOLUD.+ //+ if (mTopOfLowerUsableDram <
(MemoryMapEntry->Base + MemoryMapEntry->Size)) {+
mTopOfLowerUsableDram = (UINT32)(MemoryMapEntry->Base +
MemoryMapEntry->Size);+ }+ } else {+ //+ // It might be 'reserved
DRAM' or 'MMIO'.+ //+ // If it touches usable DRAM at Base assume it's
DRAM as well,+ // as it could be bootloader installed tables, TSEG, GTT, ...+
//+ if (mTopOfLowerUsableDram == MemoryMapEntry->Base) {+
mTopOfLowerUsableDram = (UINT32)(MemoryMapEntry->Base +
MemoryMapEntry->Size);+ }+ }++ return EFI_SUCCESS;+}+++/**+
Callback function to build resource descriptor HOB++ This function build a
HOB based on the memory map entry info.+ Only add
EFI_RESOURCE_SYSTEM_MEMORY. @param MemoryMapEntry
Memory map entry info got from bootloader. @param Params Not
used for now.@@ -28,7 +177,16 @@ MemInfoCallback (
UINT64 Size; EFI_RESOURCE_ATTRIBUTE_TYPE Attribue; - Type
= (MemoryMapEntry->Type == 1) ? EFI_RESOURCE_SYSTEM_MEMORY :
EFI_RESOURCE_MEMORY_RESERVED;+ //+ // Skip everything not known to
be usable DRAM.+ // It will be added later.+ //+ if ((MemoryMapEntry-
Type != E820_RAM) && (MemoryMapEntry->Type != E820_ACPI) &&+
(MemoryMapEntry->Type != E820_NVS)) {+ return
RETURN_SUCCESS;+ }++ Type = EFI_RESOURCE_SYSTEM_MEMORY; Base
= MemoryMapEntry->Base; Size = MemoryMapEntry->Size; @@ -40,7
+198,7 @@ MemInfoCallback (
EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |
EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE; - if (Base >=
BASE_4GB ) {+ if (Base >= BASE_4GB) { // Remove tested attribute to
avoid DXE core to dispatch driver to memory above 4GB Attribue &=
~EFI_RESOURCE_ATTRIBUTE_TESTED; }@@ -48,6 +206,12 @@
MemInfoCallback (
BuildResourceDescriptorHob (Type, Attribue,
(EFI_PHYSICAL_ADDRESS)Base, Size); DEBUG ((DEBUG_INFO , "buildhob:
base = 0x%lx, size = 0x%lx, type = 0x%x\n", Base, Size, Type)); + if
(MemoryMapEntry->Type == E820_ACPI) {+ BuildMemoryAllocationHob
(Base, Size, EfiACPIReclaimMemory);+ } else if (MemoryMapEntry->Type ==
E820_NVS) {+ BuildMemoryAllocationHob (Base, Size,
EfiACPIMemoryNVS);+ }+ return RETURN_SUCCESS; } @@ -236,8 +400,19
@@ BuildHobFromBl (
EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *NewGfxDeviceInfo; //- // Parse
memory info and build memory HOBs+ // First find TOLUD+ //+ DEBUG
((DEBUG_INFO , "Guessing Top of Lower Usable DRAM:\n"));+ Status =
ParseMemoryInfo (FindToludCallback, NULL);+ if (EFI_ERROR(Status)) {+
return Status;+ }+ DEBUG ((DEBUG_INFO , "Assuming TOLUD = 0x%x\n",
mTopOfLowerUsableDram));++ //+ // Parse memory info and build memory
HOBs for Usable RAM //+ DEBUG ((DEBUG_INFO , "Building
ResourceDescriptorHobs for usable memory:\n")); Status =
ParseMemoryInfo (MemInfoCallback, NULL); if (EFI_ERROR(Status))
{ return Status;@@ -289,6 +464,15 @@ BuildHobFromBl (
DEBUG ((DEBUG_INFO, "Create acpi board info guid hob\n")); } + //+ //
Parse memory info and build memory HOBs for reserved DRAM and MMIO+
//+ DEBUG ((DEBUG_INFO , "Building ResourceDescriptorHobs for reserved
memory:\n"));+ Status = ParseMemoryInfo (MemInfoCallbackMmio,
&AcpiBoardInfo);+ if (EFI_ERROR(Status)) {+ return Status;+ }+ // //
Parse platform specific information. //diff --git
a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
index 2c84d6ed53..4fd50e47cd 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
@@ -38,6 +38,16 @@
#define GET_OCCUPIED_SIZE(ActualSize, Alignment) \ ((ActualSize) +
(((Alignment) - ((ActualSize) & ((Alignment) - 1))) & ((Alignment) - 1)))
++#define E820_RAM 1+#define E820_RESERVED 2+#define E820_ACPI
3+#define E820_NVS 4+#define E820_UNUSABLE 5+#define
E820_DISABLED 6+#define E820_PMEM 7+#define E820_UNDEFINED 8+
/** Auto-generated function that calls the library constructors for all of the
module's dependent libraries.--
2.30.2


[PATCH v4 4/4] OvmfPkg/PlatformDxe: Add support for SEV live migration.

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

Detect for KVM hypervisor and check for SEV live migration
feature support via KVM_FEATURE_CPUID, if detected setup a new
UEFI enviroment variable to indicate OVMF support for SEV
live migration.

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
OvmfPkg/Include/Guid/MemEncryptLib.h | 20 ++++
OvmfPkg/OvmfPkg.dec | 1 +
OvmfPkg/PlatformDxe/AmdSev.c | 108 ++++++++++++++++++++
OvmfPkg/PlatformDxe/Platform.c | 5 +
OvmfPkg/PlatformDxe/Platform.inf | 2 +
OvmfPkg/PlatformDxe/PlatformConfig.h | 5 +
6 files changed, 141 insertions(+)

diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h
new file mode 100644
index 0000000000..4c046ba439
--- /dev/null
+++ b/OvmfPkg/Include/Guid/MemEncryptLib.h
@@ -0,0 +1,20 @@
+/** @file
+
+ AMD Memory Encryption GUID, define a new GUID for defining
+ new UEFI enviroment variables assocaiated with SEV Memory Encryption.
+
+ Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __MEMENCRYPT_LIB_H__
+#define __MEMENCRYPT_LIB_H__
+
+#define MEMENCRYPT_GUID \
+{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
+
+extern EFI_GUID gMemEncryptGuid;
+
+#endif
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e3..e452dc8494 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -122,6 +122,7 @@
gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
+ gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}

[Ppis]
# PPI whose presence in the PPI database signals that the TPM base address
diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c
new file mode 100644
index 0000000000..3dbf17a8cd
--- /dev/null
+++ b/OvmfPkg/PlatformDxe/AmdSev.c
@@ -0,0 +1,108 @@
+/**@file
+ Detect KVM hypervisor support for SEV live migration and if
+ detected, setup a new UEFI enviroment variable indicating
+ OVMF support for SEV live migration.
+
+ Copyright (c) 2020, Advanced Micro Devices. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+//
+// The package level header files this module uses
+//
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Guid/MemEncryptLib.h>
+
+#define KVM_FEATURE_MIGRATION_CONTROL 17
+
+/**
+ Figures out if we are running inside KVM HVM and
+ KVM HVM supports SEV Live Migration feature.
+
+ @retval TRUE KVM was detected and Live Migration supported
+ @retval FALSE KVM was not detected or Live Migration not supported
+
+**/
+BOOLEAN
+KvmDetectSevLiveMigrationFeature(
+ VOID
+ )
+{
+ UINT8 Signature[13];
+ UINT32 mKvmLeaf = 0;
+ UINT32 RegEax, RegEbx, RegEcx, RegEdx;
+
+ Signature[12] = '\0';
+ for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) {
+ AsmCpuid (mKvmLeaf,
+ NULL,
+ (UINT32 *) &Signature[0],
+ (UINT32 *) &Signature[4],
+ (UINT32 *) &Signature[8]);
+
+ if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: KVM Detected, signature = %s\n",
+ __FUNCTION__,
+ Signature
+ ));
+
+ RegEax = 0x40000001;
+ RegEcx = 0;
+ AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx);
+ if (RegEax & (1 << KVM_FEATURE_MIGRATION_CONTROL)) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Live Migration feature supported\n",
+ __FUNCTION__
+ ));
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+
+ Function checks if SEV Live Migration support is available, if present then it sets
+ a UEFI enviroment variable to be queried later using Runtime services.
+
+ **/
+VOID
+AmdSevSetConfig(
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ BOOLEAN SevLiveMigrationEnabled;
+
+ SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature();
+
+ if (SevLiveMigrationEnabled) {
+ Status = gRT->SetVariable (
+ L"SevLiveMigrationEnabled",
+ &gMemEncryptGuid,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (BOOLEAN),
+ &SevLiveMigrationEnabled
+ );
+
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n",
+ __FUNCTION__,
+ Status
+ ));
+ }
+}
diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c
index f2e51960ce..f61302d98b 100644
--- a/OvmfPkg/PlatformDxe/Platform.c
+++ b/OvmfPkg/PlatformDxe/Platform.c
@@ -763,6 +763,11 @@ PlatformInit (
{
EFI_STATUS Status;

+ //
+ // Set Amd Sev configuation
+ //
+ AmdSevSetConfig();
+
ExecutePlatformConfig ();

mConfigAccess.ExtractConfig = &ExtractConfig;
diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf
index 14727c1220..2896f0a1d1 100644
--- a/OvmfPkg/PlatformDxe/Platform.inf
+++ b/OvmfPkg/PlatformDxe/Platform.inf
@@ -24,6 +24,7 @@
PlatformConfig.c
PlatformConfig.h
PlatformForms.vfr
+ AmdSev.c

[Packages]
MdePkg/MdePkg.dec
@@ -56,6 +57,7 @@
[Guids]
gEfiIfrTianoGuid
gOvmfPlatformConfigGuid
+ gMemEncryptGuid

[Depex]
gEfiHiiConfigRoutingProtocolGuid AND
diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h
index 716514da21..4f662aafa4 100644
--- a/OvmfPkg/PlatformDxe/PlatformConfig.h
+++ b/OvmfPkg/PlatformDxe/PlatformConfig.h
@@ -44,6 +44,11 @@ PlatformConfigLoad (
OUT UINT64 *OptionalElements
);

+VOID
+AmdSevSetConfig(
+ VOID
+ );
+
//
// Feature flags for OptionalElements.
//
--
2.17.1


[PATCH v4 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor page status tracking.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022..3f642ecb06 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -15,6 +15,7 @@
#include <Library/HobLib.h>
#include <Library/MemEncryptSevLib.h>
#include <Library/MemoryAllocationLib.h>
+#include <Library/MemEncryptHypercallLib.h>
#include <Library/PcdLib.h>
#include <PiPei.h>
#include <Register/Amd/Msr.h>
@@ -52,6 +53,15 @@ AmdSevEsInitialize (
PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
ASSERT_RETURN_ERROR (PcdStatus);

+ //
+ // GHCB_BASE setup during reset-vector needs to be marked as
+ // decrypted in the hypervisor page encryption bitmap.
+ //
+ SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
+ EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
+ KVM_MAP_GPA_RANGE_DECRYPTED
+ );
+
//
// Allocate GHCB and per-CPU variable pages.
// Since the pages must survive across the UEFI to OS transition
--
2.17.1


[PATCH v4 2/4] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall

Ashish Kalra
 

From: Brijesh Singh <brijesh.singh@amd.com>

By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest live migration, guest page migration and guest debugging.

Invoke hypercall via the new hypercall library.

This hypercall is used to notify hypervisor when a page is marked as
'decrypted' (i.e C-bit removed).

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 22 ++++++++++++++++++++
3 files changed, 24 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index f2e162d680..aefcd7c0f7 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -49,6 +49,7 @@
DebugLib
MemoryAllocationLib
PcdLib
+ MemEncryptHypercallLib

[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 03a78c32df..7503f56a0b 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -49,6 +49,7 @@
DebugLib
MemoryAllocationLib
PcdLib
+ MemEncryptHypercallLib

[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index c696745f9d..12b3a9fcfb 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -15,6 +15,7 @@
#include <Library/MemEncryptSevLib.h>
#include <Register/Amd/Cpuid.h>
#include <Register/Cpuid.h>
+#include <Library/MemEncryptHypercallLib.h>

#include "VirtualMemory.h"

@@ -585,6 +586,9 @@ SetMemoryEncDec (
UINT64 AddressEncMask;
BOOLEAN IsWpEnabled;
RETURN_STATUS Status;
+ UINTN Size;
+ BOOLEAN CBitChanged;
+ PHYSICAL_ADDRESS OrigPhysicalAddress;

//
// Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
@@ -636,6 +640,10 @@ SetMemoryEncDec (

Status = EFI_SUCCESS;

+ Size = Length;
+ CBitChanged = FALSE;
+ OrigPhysicalAddress = PhysicalAddress;
+
while (Length != 0)
{
//
@@ -695,6 +703,7 @@ SetMemoryEncDec (
));
PhysicalAddress += BIT30;
Length -= BIT30;
+ CBitChanged = TRUE;
} else {
//
// We must split the page
@@ -749,6 +758,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
PhysicalAddress += BIT21;
Length -= BIT21;
+ CBitChanged = TRUE;
} else {
//
// We must split up this page into 4K pages
@@ -791,6 +801,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageTableEntry->Uint64, Mode);
PhysicalAddress += EFI_PAGE_SIZE;
Length -= EFI_PAGE_SIZE;
+ CBitChanged = TRUE;
}
}
}
@@ -808,6 +819,17 @@ SetMemoryEncDec (
//
CpuFlushTlb();

+ //
+ // Notify Hypervisor on C-bit status
+ //
+ if (CBitChanged) {
+ SetMemoryEncDecHypercall3 (
+ OrigPhysicalAddress,
+ EFI_SIZE_TO_PAGES(Size),
+ KVM_MAP_GPA_RANGE_ENC_STAT(!Mode)
+ );
+ }
+
Done:
//
// Restore page table write protection, if any.
--
2.17.1


[PATCH v4 1/4] OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls.

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

Add SEV and SEV-ES hypercall abstraction library to support SEV Page
encryption/deceryption status hypercalls for SEV and SEV-ES guests.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
Maintainers.txt | 2 +
OvmfPkg/Include/Library/MemEncryptHypercallLib.h | 43 ++++++++
OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c | 37 +++++++
OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf | 42 ++++++++
OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm | 28 ++++++
OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c | 105 ++++++++++++++++++++
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfXen.dsc | 1 +
10 files changed, 261 insertions(+)

diff --git a/Maintainers.txt b/Maintainers.txt
index ea54e0b7e9..8ecc8464ba 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -449,8 +449,10 @@ F: OvmfPkg/AmdSev/
F: OvmfPkg/AmdSevDxe/
F: OvmfPkg/Include/Guid/ConfidentialComputingSecret.h
F: OvmfPkg/Include/Library/MemEncryptSevLib.h
+F: OvmfPkg/Include/Library/MemEncryptHypercallLib.h
F: OvmfPkg/IoMmuDxe/AmdSevIoMmu.*
F: OvmfPkg/Library/BaseMemEncryptSevLib/
+F: OvmfPkg/Library/MemEncryptHypercallLib/
F: OvmfPkg/Library/PlatformBootManagerLibGrub/
F: OvmfPkg/Library/VmgExitLib/
F: OvmfPkg/PlatformPei/AmdSev.c
diff --git a/OvmfPkg/Include/Library/MemEncryptHypercallLib.h b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h
new file mode 100644
index 0000000000..b241a189b6
--- /dev/null
+++ b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h
@@ -0,0 +1,43 @@
+/** @file
+
+ Define Secure Encrypted Virtualization (SEV) hypercall library.
+
+ Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _MEM_ENCRYPT_HYPERCALL_LIB_H_
+#define _MEM_ENCRYPT_HYPERCALL_LIB_H_
+
+#include <Base.h>
+
+#define KVM_HC_MAP_GPA_RANGE 12
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_4K 0
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_2M (1 << 0)
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_1G (1 << 1)
+#define KVM_MAP_GPA_RANGE_ENC_STAT(n) ((n) << 4)
+#define KVM_MAP_GPA_RANGE_ENCRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(1)
+#define KVM_MAP_GPA_RANGE_DECRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(0)
+
+/**
+ This hyercall is used to notify hypervisor when a page is marked as
+ 'decrypted' (i.e C-bit removed).
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region.
+ @param[in] Length The length of memory region
+ @param[in] Mode SetCBit or ClearCBit
+
+**/
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN UINTN PhysicalAddress,
+ IN UINTN Length,
+ IN UINTN Mode
+ );
+
+#endif
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c b/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c
new file mode 100644
index 0000000000..2e73d47ee6
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c
@@ -0,0 +1,37 @@
+/** @file
+
+ Secure Encrypted Virtualization (SEV) hypercall helper library
+
+ Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Uefi/UefiBaseType.h>
+#include <Library/BaseLib.h>
+
+/**
+ This hyercall is used to notify hypervisor when a page is marked as
+ 'decrypted' (i.e C-bit removed).
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region.
+ @param[in] Length The length of memory region
+ @param[in] Mode SetCBit or ClearCBit
+
+**/
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN PHYSICAL_ADDRESS PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Mode
+ )
+{
+ //
+ // Memory encryption bit is not accessible in 32-bit mode
+ //
+}
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
new file mode 100644
index 0000000000..a77d58a7e6
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
@@ -0,0 +1,42 @@
+## @file
+# Library provides the hypervisor helper functions for SEV guest
+#
+# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 1.25
+ BASE_NAME = MemEncryptHypercallLib
+ FILE_GUID = 86f2501e-f128-45f3-91c4-3cff31656ca8
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = MemEncryptHypercallLib
+
+#
+# The following information is for reference only and not required by the build
+# tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Packages]
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[Sources.X64]
+ X64/MemEncryptHypercallLib.c
+ X64/AsmHelperStub.nasm
+
+[Sources.IA32]
+ Ia32/MemEncryptHypercallLib.c
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ VmgExitLib
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm
new file mode 100644
index 0000000000..f29b96f9b0
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm
@@ -0,0 +1,28 @@
+DEFAULT REL
+SECTION .text
+
+; VOID
+; EFIAPI
+; SetMemoryEncDecHypercall3AsmStub (
+; IN UINT HypercallNum,
+; IN INTN Arg1,
+; IN INTN Arg2,
+; IN INTN Arg3
+; );
+global ASM_PFX(SetMemoryEncDecHypercall3AsmStub)
+ASM_PFX(SetMemoryEncDecHypercall3AsmStub):
+ ; UEFI calling conventions require RBX to
+ ; be nonvolatile/callee-saved.
+ push rbx
+ ; Copy HypercallNumber to rax
+ mov rax, rcx
+ ; Copy Arg1 to the register expected by KVM
+ mov rbx, rdx
+ ; Copy Arg2 to register expected by KVM
+ mov rcx, r8
+ ; Copy Arg2 to register expected by KVM
+ mov rdx, r9
+ ; Call VMMCALL
+ vmmcall
+ pop rbx
+ ret
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c b/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c
new file mode 100644
index 0000000000..1c09ea012b
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c
@@ -0,0 +1,105 @@
+/** @file
+
+ Secure Encrypted Virtualization (SEV) hypercall helper library
+
+ Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Uefi/UefiBaseType.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/VmgExitLib.h>
+#include <Register/Amd/Ghcb.h>
+#include <Register/Amd/Msr.h>
+#include <Library/MemEncryptSevLib.h>
+#include <Library/MemEncryptHypercallLib.h>
+
+//
+// Interface exposed by the ASM implementation of the core hypercall
+//
+//
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3AsmStub (
+ IN UINTN HypercallNum,
+ IN UINTN PhysicalAddress,
+ IN UINTN Length,
+ IN UINTN Mode
+ );
+
+STATIC
+VOID
+GhcbSetRegValid (
+ IN OUT GHCB *Ghcb,
+ IN GHCB_REGISTER Reg
+ )
+{
+ UINT32 RegIndex;
+ UINT32 RegBit;
+
+ RegIndex = Reg / 8;
+ RegBit = Reg & 0x07;
+
+ Ghcb->SaveArea.ValidBitmap[RegIndex] |= (1 << RegBit);
+}
+
+/**
+ This hyercall is used to notify hypervisor when a page is marked as
+ 'decrypted' (i.e C-bit removed).
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region.
+ @param[in] Length The length of memory region
+ @param[in] Mode SetCBit or ClearCBit
+
+**/
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN PHYSICAL_ADDRESS PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Mode
+ )
+{
+ if (MemEncryptSevEsIsEnabled ()) {
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ GHCB *Ghcb;
+ BOOLEAN InterruptState;
+ UINT64 Status;
+
+ Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+ Ghcb = Msr.Ghcb;
+
+ VmgInit (Ghcb, &InterruptState);
+
+ Ghcb->SaveArea.Rax = KVM_HC_MAP_GPA_RANGE;
+ GhcbSetRegValid (Ghcb, GhcbRax);
+ Ghcb->SaveArea.Rbx = PhysicalAddress;
+ GhcbSetRegValid (Ghcb, GhcbRbx);
+ Ghcb->SaveArea.Rcx = Pages;
+ GhcbSetRegValid (Ghcb, GhcbRcx);
+ Ghcb->SaveArea.Rdx = Mode;
+ GhcbSetRegValid (Ghcb, GhcbRdx);
+ Ghcb->SaveArea.Cpl = AsmReadCs() & 0x3;
+ GhcbSetRegValid (Ghcb, GhcbCpl);
+
+ Status = VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0);
+ if (Status) {
+ DEBUG ((DEBUG_ERROR, "SVM_EXIT_VMMCALL failed %lx\n", Status));
+ }
+ VmgDone (Ghcb, InterruptState);
+ } else {
+ SetMemoryEncDecHypercall3AsmStub (
+ KVM_HC_MAP_GPA_RANGE,
+ PhysicalAddress,
+ Pages,
+ Mode
+ );
+ }
+}
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f53efeae79..36f1d82ce7 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -176,6 +176,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3662e17f2..2a743688b4 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -180,6 +180,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a9058..eb9da51a15 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -180,6 +180,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 3c1ca6bfd4..de0c052832 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -167,6 +167,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
--
2.17.1


[PATCH v4 0/4] SEV Live Migration support for OVMF.

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest live migration, guest page migration and guest debugging.

The patch-set adds a new SEV and SEV-ES hypercall abstraction
library to support SEV Page encryption/decryption status hypercalls
for SEV and SEV-ES guests.

BaseMemEncryptSevLib invokes hypercalls via this new hypercall library.

The patch-set detects if it is running under KVM hypervisor and then
checks for SEV live migration feature support via KVM_FEATURE_CPUID,
if detected setup a new UEFI enviroment variable to indicate OVMF
support for SEV live migration.

A branch containing these patches is available here:
https://github.com/ashkalra/edk2/tree/sev_live_migration_v4

Changes since v3:
- Fix all DSC files under OvmfPkg except X64 to add support for
BaseMemEncryptLib and add NULL instance of BaseMemEncryptLib
for 32 bit platforms.
- Add the MemEncryptHypercallLib-related files to Maintainers.txt,
in section "OvmfPkg: Confidential Computing".
- Add support for the new KVM_HC_MAP_GPA_RANGE hypercall interface.
- Add patch for SEV live migration support.

Changes since v2:
- GHCB_BASE setup during reset-vector as decrypted is marked explicitly
in the hypervisor page encryption bitmap after setting the
PcdSevEsIsEnabled PCD.

Changes since v1:
- Mark GHCB_BASE setup during reset-vector as decrypted explicitly in
the hypervisor page encryption bitmap.
- Resending the series with correct shallow threading.

Ashish Kalra (3):
OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls.
OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall
OvmfPkg/PlatformDxe: Add support for SEV live migration.

Brijesh Singh (1):
OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall

Maintainers.txt | 2 +
OvmfPkg/Include/Guid/MemEncryptLib.h | 20 ++++
.../Include/Library/MemEncryptHypercallLib.h | 43 +++++++
.../DxeMemEncryptSevLib.inf | 1 +
.../PeiMemEncryptSevLib.inf | 1 +
.../X64/PeiDxeVirtualMemory.c | 22 ++++
.../Ia32/MemEncryptHypercallLib.c | 37 ++++++
.../MemEncryptHypercallLib.inf | 42 +++++++
.../X64/AsmHelperStub.nasm | 28 +++++
.../X64/MemEncryptHypercallLib.c | 105 +++++++++++++++++
OvmfPkg/OvmfPkg.dec | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfXen.dsc | 1 +
OvmfPkg/PlatformDxe/AmdSev.c | 108 ++++++++++++++++++
OvmfPkg/PlatformDxe/Platform.c | 5 +
OvmfPkg/PlatformDxe/Platform.inf | 2 +
OvmfPkg/PlatformDxe/PlatformConfig.h | 5 +
OvmfPkg/PlatformPei/AmdSev.c | 10 ++
20 files changed, 436 insertions(+)
create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h
create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c
create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c

--
2.17.1


Re: [PATCH 02/12] MdeModulePkg: Add new structure for the Universal Payload Serial Port Info

Wu, Hao A
 

-----Original Message-----
From: Liu, Zhiguang <zhiguang.liu@intel.com>
Sent: Sunday, June 20, 2021 11:47 PM
To: devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
Ni, Ray <ray.ni@intel.com>
Subject: [PATCH 02/12] MdeModulePkg: Add new structure for the Universal
Payload Serial Port Info

Add Universal Payload Serial Port Info definition header file according to
Universal Payload's documentation as below:
https://universalpayload.github.io/documentation/

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
---
MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h | 30
++++++++++++++++++++++++++++++
MdeModulePkg/MdeModulePkg.dec | 3 +++
2 files changed, 33 insertions(+)

diff --git a/MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h
b/MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h
new file mode 100644
index 0000000000..87181f7634
--- /dev/null
+++ b/MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h
@@ -0,0 +1,30 @@
+/** @file

+ This file defines the structure for serial port info.

+

+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>

+ SPDX-License-Identifier: BSD-2-Clause-Patent

+

+ @par Revision Reference:

+ - Universal Payload Specification 0.75
(https://universalpayload.github.io/documentation/)

+**/

+

+#ifndef UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_H_

+#define UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_H_

+

+#include <UniversalPayload/UniversalPayload.h>

+

+#pragma pack(1)

+typedef struct {

+ UNIVERSAL_PAYLOAD_GENERIC_HEADER Header;

+ BOOLEAN UseMmio;

+ UINT8 RegisterStride;

+ UINT32 BaudRate;

+ EFI_PHYSICAL_ADDRESS RegisterBase;

+} UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO;

+#pragma pack()

+

+#define UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_REVISION 1

+

+extern GUID gUniversalPayloadSerialPortInfoGuid;

+

+#endif // UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_H_

diff --git a/MdeModulePkg/MdeModulePkg.dec
b/MdeModulePkg/MdeModulePkg.dec
index 10602a8f79..ad84421cf3 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -422,6 +422,9 @@
## Include/UniversalPayload/ExtraData.h

gUniversalPayloadExtraDataGuid = {0x15a5baf6, 0x1c91, 0x467d, {0x9d, 0xfb,
0x31, 0x9d, 0x17, 0x8d, 0x4b, 0xb4}}



+ ## Include/UniversalPayload/SerialPortInfo.h

+ gUniversalPayloadSerialPortInfoGuid = { 0xaa7e190d, 0xbe21, 0x4409, { 0x8e,
0x67, 0xa2, 0xcd, 0xf, 0x61, 0xe1, 0x70 } }

Reviewed-by: Hao A Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu


+

[Ppis]

## Include/Ppi/AtaController.h

gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a,
0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}

--
2.16.2.windows.1


Re: [PATCH v2 1/8] MdePkg: Fix IORT header file include guard

Sami Mujawar
 

Hi Mike,

I agree the use of the include guard is not consistent across edk2 code and it may be better to fix them all at once. However, if we decide to use '#pragma once', then the edk2 coding standard specification would need to be updated first. Similarly, the ECC tool would also need to be updated.

I can drop this change for now. Please let me know how you wish to proceed.

Regards,

Sami Mujawar

On 17/06/2021, 19:19, "devel@edk2.groups.io on behalf of Michael D Kinney via groups.io" <devel@edk2.groups.io on behalf of michael.d.kinney=intel.com@groups.io> wrote:

Hi Sami,

The include guard pattern is present everywhere. No sure it makes sense to start fixing these one at a time.

The #pragma once may be a better long term solution and may improve build times slightly.

https://en.wikipedia.org/wiki/Pragma_once

Best regards,

Mike

-----Original Message-----
> From: Sami Mujawar <sami.mujawar@arm.com>
> Sent: Thursday, June 17, 2021 2:56 AM
> To: devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Alexei.Fedorov@arm.com; ardb+tianocore@kernel.org; Matteo.Carlini@arm.com;
> Ben.Adderson@arm.com; Kinney, Michael D <michael.d.kinney@intel.com>; gaoliming@byosoft.com.cn; Liu, Zhiguang
> <zhiguang.liu@intel.com>; Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>; nd@arm.com
> Subject: [PATCH v2 1/8] MdePkg: Fix IORT header file include guard
>
> According to section 5.3.5, EDK II C Coding Standards Specification
> (https://edk2-docs.gitbook.io/edk-ii-c-coding-standards-specification)
> the header file guard names must not be prefixed with underscores as
> they are reserved for compiler implementation.
>
> Therefore, fix the header file include guard as per the specification
> guidelines.
>
> Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
> ---
>
> Notes:
> v2:
> - No code change since v1. Re-sending with v2 series. [SAMI]
>
> MdePkg/Include/IndustryStandard/IoRemappingTable.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/MdePkg/Include/IndustryStandard/IoRemappingTable.h b/MdePkg/Include/IndustryStandard/IoRemappingTable.h
> index 90504e3a6715be7facc6450c6ff0e1eab92cd3c7..731217441438a00dd5ff0bedf2010598d48d6dbf 100644
> --- a/MdePkg/Include/IndustryStandard/IoRemappingTable.h
> +++ b/MdePkg/Include/IndustryStandard/IoRemappingTable.h
> @@ -9,8 +9,8 @@
> SPDX-License-Identifier: BSD-2-Clause-Patent
> **/
>
> -#ifndef __IO_REMAPPING_TABLE_H__
> -#define __IO_REMAPPING_TABLE_H__
> +#ifndef IO_REMAPPING_TABLE_H_
> +#define IO_REMAPPING_TABLE_H_
>
> #include <IndustryStandard/Acpi.h>
>
> --
> 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'


Re: [PATCH v3 8/8] MdeModulePkg: Use SecureBootVariableLib in PlatformVarCleanupLib.

Grzegorz Bernacki
 

Hi,

I moved CreateTimeBasedPayload() to AuthVariableLib, but then I cannot
use it in SecureBootConfigDxe, cause AuthVariableLib does not support
DXE_DRIVER.
So:
- having that function only in AuthVariableLib does not work
- having that function only in SecureBootVariableLib, causes a lot of
changes in platform DSCs files and also causes MdeModulePkg to be
depended on SecurityPkg

Right now I tend to roll back the changes related to
CreateTimeBasedPayload() and just let the modules to have its own copy
of that function. What do you think?
thanks,
greg

pt., 18 cze 2021 o 10:03 Grzegorz Bernacki via groups.io
<gjb=semihalf.com@groups.io> napisał(a):


Hi,

Thanks for the comment, I will move that function to AuthVariableLib.
greg

czw., 17 cze 2021 o 04:35 gaoliming <gaoliming@byosoft.com.cn> napisał(a):

Grzegorz:
MdeModulePkg is generic base package. It should not depend on SecurityPkg.

I agree CreateTimeBasedPayload() is the generic API. It can be shared in
the different modules.
I propose to add it into MdeModulePkg AuthVariableLib.

Thanks
Liming
-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Grzegorz
Bernacki
发送时间: 2021年6月14日 17:43
收件人: devel@edk2.groups.io
抄送: leif@nuviainc.com; ardb+tianocore@kernel.org;
Samer.El-Haj-Mahmoud@arm.com; sunny.Wang@arm.com;
mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com;
jian.j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com;
sami.mujawar@arm.com; afish@apple.com; ray.ni@intel.com;
jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org;
thomas.abraham@arm.com; chasel.chiu@intel.com;
nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn;
eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie;
Grzegorz Bernacki <gjb@semihalf.com>
主题: [edk2-devel] [PATCH v3 8/8] MdeModulePkg: Use
SecureBootVariableLib in PlatformVarCleanupLib.

This commits removes CreateTimeBasedPayload() function from
PlatformVarCleanupLib and uses exactly the same function from
SecureBootVariableLib.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
---
MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf |
2 +
MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
| 1 +
MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
| 84 --------------------
3 files changed, 3 insertions(+), 84 deletions(-)

diff --git
a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
index 8d5db826a0..493d03e1d8 100644
---
a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
+++
b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
@@ -34,6 +34,7 @@
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec

[LibraryClasses]
UefiBootServicesTableLib
@@ -44,6 +45,7 @@
PrintLib
MemoryAllocationLib
HiiLib
+ SecureBootVariableLib

[Guids]
gEfiIfrTianoGuid ## SOMETIMES_PRODUCES ##
GUID
diff --git a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
index c809a7086b..94fbc7d2a4 100644
--- a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
+++ b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
@@ -18,6 +18,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/MemoryAllocationLib.h>
#include <Library/HiiLib.h>
#include <Library/PlatformVarCleanupLib.h>
+#include <Library/SecureBootVariableLib.h>

#include <Protocol/Variable.h>
#include <Protocol/VarCheck.h>
diff --git
a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
index 3875d614bb..204f1e00ad 100644
--- a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
+++ b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
@@ -319,90 +319,6 @@ DestroyUserVariableNode (
}
}

-/**
- Create a time based data payload by concatenating the
EFI_VARIABLE_AUTHENTICATION_2
- descriptor with the input data. NO authentication is required in this
function.
-
- @param[in, out] DataSize On input, the size of Data buffer in
bytes.
- On output, the size of data
returned in Data
- buffer in bytes.
- @param[in, out] Data On input, Pointer to data buffer to
be wrapped or
- pointer to NULL to wrap an
empty payload.
- On output, Pointer to the new
payload date buffer allocated from pool,
- it's caller's responsibility to free
the memory after using it.
-
- @retval EFI_SUCCESS Create time based payload
successfully.
- @retval EFI_OUT_OF_RESOURCES There are not enough memory
resourses to create time based payload.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval Others Unexpected error happens.
-
-**/
-EFI_STATUS
-CreateTimeBasedPayload (
- IN OUT UINTN *DataSize,
- IN OUT UINT8 **Data
- )
-{
- EFI_STATUS Status;
- UINT8 *NewData;
- UINT8 *Payload;
- UINTN PayloadSize;
- EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;
- UINTN DescriptorSize;
- EFI_TIME Time;
-
- if (Data == NULL || DataSize == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // At user physical presence, the variable does not need to be signed
but
the
- // parameters to the SetVariable() call still need to be prepared as
authenticated
- // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor
without certificate
- // data in it.
- //
- Payload = *Data;
- PayloadSize = *DataSize;
-
- DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2,
AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
- NewData = (UINT8 *) AllocateZeroPool (DescriptorSize + PayloadSize);
- if (NewData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- if ((Payload != NULL) && (PayloadSize != 0)) {
- CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
- }
-
- DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
-
- ZeroMem (&Time, sizeof (EFI_TIME));
- Status = gRT->GetTime (&Time, NULL);
- if (EFI_ERROR (Status)) {
- FreePool (NewData);
- return Status;
- }
- Time.Pad1 = 0;
- Time.Nanosecond = 0;
- Time.TimeZone = 0;
- Time.Daylight = 0;
- Time.Pad2 = 0;
- CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME));
-
- DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF
(WIN_CERTIFICATE_UEFI_GUID, CertData);
- DescriptorData->AuthInfo.Hdr.wRevision = 0x0200;
- DescriptorData->AuthInfo.Hdr.wCertificateType =
WIN_CERT_TYPE_EFI_GUID;
- CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
-
- if (Payload != NULL) {
- FreePool (Payload);
- }
-
- *DataSize = DescriptorSize + PayloadSize;
- *Data = NewData;
- return EFI_SUCCESS;
-}
-
/**
Create a counter based data payload by concatenating the
EFI_VARIABLE_AUTHENTICATION
descriptor with the input data. NO authentication is required in this
function.
--
2.25.1














Re: 回复: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification updates

Sami Mujawar
 

Hi Liming,

Please find my response inline marked [SAMI].

Regards,

Sami Mujawar

On 18/06/2021, 01:49, "gaoliming" <gaoliming@byosoft.com.cn> wrote:

Sami:
I agree this change. With this patch, will you update the existing
platform to use the matched version macro EFI_ACPI_IO_REMAPPING_TABLE_REV0?
[SAMI] I can update the platforms in edk2-platforms as a follow-on patch. In that case the macro EFI_ACPI_IO_REMAPPING_TABLE_REVISION can also be removed.
Please let me know if this approach would be better, and I can send an update.
[/SAMI]

Thanks
Liming

-----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sami
> Mujawar
> 发送时间: 2021年6月17日 17:55
> 收件人: devel@edk2.groups.io
> 抄送: Sami Mujawar <sami.mujawar@arm.com>; Alexei.Fedorov@arm.com;
> ardb+tianocore@kernel.org; Matteo.Carlini@arm.com;
> Ben.Adderson@arm.com; steven.price@arm.com;
> Lorenzo.Pieralisi@arm.com; michael.d.kinney@intel.com;
> gaoliming@byosoft.com.cn; zhiguang.liu@intel.com; ray.ni@intel.com;
> zhichao.gao@intel.com; nd@arm.com
> 主题: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification updates
>
> Bugzilla: 3458 - Add support IORT Rev E.b specification updates
> (https://bugzilla.tianocore.org/show_bug.cgi?id=3458)
>
> The IO Remapping Table (IORT) specification has been updated to
> rev E.b. The following updates are introduced including the errata
> to rev E and E.a:
> - increments the IORT table revision to 3.
> - updates the node definition to add an 'Identifier' field.
> - adds definition of node type 6 - Reserved Memory Range node.
> - adds definition for Memory Range Descriptors.
> - adds flag to indicate PRI support for root complexes.
> - adds flag to indicate if the root complex supports forwarding
> of PASID information on translated transactions to the SMMU.
>
> The v1 patch series:
> - Updates the IORT header file to match the Rev E.b specification.
> - Add support to parse IORT Rev E.b tables
> - Add support to generate IORT Rev E.b compliant ACPI tables
> using Dynamic Tables Framework.
>
> This v2 patch series includes all changes from v1 patch series
> except the following 2 patches have been modified to set the
> EFI_ACPI_IO_REMAPPING_TABLE_REVISION macro to Rev 0 as setting
> to Rev 3 will break existing platforms, the problem being that
> the Identifier field in the IORT nodes would not be unique.
> - MdePkg: IORT header update for IORT Rev E.b spec
> - DynamicTablesPkg: IORT generator updates for Rev E.b spec
>
> The changes can be seen at:
> https://github.com/samimujawar/edk2/tree/1527_iort_rev_eb_v2
>
> Sami Mujawar (8):
> MdePkg: Fix IORT header file include guard
> MdePkg: IORT header update for IORT Rev E.b spec
> ShellPkg: Acpiview: Abbreviate field names to preserve alignment
> ShellPkg: Acpiview: IORT parser update for IORT Rev E.b spec
> DynamicTablesPkg: IORT set reference to Id array only if present
> DynamicTablesPkg: IORT set reference to interrupt array if present
> DynamicTablesPkg: Update ArmNameSpaceObjects for IORT Rev E.b
> DynamicTablesPkg: IORT generator updates for Rev E.b spec
>
> DynamicTablesPkg/Include/ArmNameSpaceObjects.h
> | 58 ++
> DynamicTablesPkg/Library/Acpi/Arm/AcpiIortLibArm/IortGenerator.c
> | 772 ++++++++++++++++++--
> DynamicTablesPkg/Library/Acpi/Arm/AcpiIortLibArm/IortGenerator.h
> | 5 +-
> MdePkg/Include/IndustryStandard/IoRemappingTable.h
> | 71 +-
> ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c |
> 207 +++++-
> 5 files changed, 1013 insertions(+), 100 deletions(-)
>
> --
> 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'
>
>
>
>
>


[PATCH v3] UefiPayloadPkg/UefiPayloadEntry: Improve bootloader memrange parsing

Patrick Rudolph
 

Currently several DXE crash due to invalid memory resource settings.
The PciHostBridgeDxe which expects the MMCONF and PCI Aperature
to be EfiMemoryMappedIO, but currently those regions are (partly)
mapped as EfiReservedMemoryType.

coreboot and slimbootloader provide an e820 compatible memory map,
which doesn't work well with EDK2 as the e820 spec is missing MMIO regions.
In e820 'reserved' could either mean "DRAM used by boot firmware" or "MMIO
in use and not detectable by OS".

Guess Top of lower usable DRAM (TOLUD) by walking the bootloader provided
memory ranges. Memory types of RAM, ACPI and ACPI NVS below 4 GiB are used
to increment TOLUD and reserved memory ranges touching TOLUD at the base
are also assumed to be reserved DRAM, which increment TOLUD.

Then mark everything reserved below TOLUD as EfiReservedMemoryType and
everything reserved above TOLUD as EfiMemoryMappedIO.

This fixes assertions seen in PciHostBridgeDxe.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
.../UefiPayloadEntry/UefiPayloadEntry.c | 190 +++++++++++++++++-
.../UefiPayloadEntry/UefiPayloadEntry.h | 10 +
2 files changed, 197 insertions(+), 3 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c b/UefiPaylo=
adPkg/UefiPayloadEntry/UefiPayloadEntry.c
index 805f5448d9..04c58f776c 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
@@ -7,10 +7,159 @@
=0D
#include "UefiPayloadEntry.h"=0D
=0D
+STATIC UINT32 mTopOfLowerUsableDram =3D 0;=0D
+=0D
/**=0D
Callback function to build resource descriptor HOB=0D
=0D
This function build a HOB based on the memory map entry info.=0D
+ It creates only EFI_RESOURCE_MEMORY_MAPPED_IO and EFI_RESOURCE_MEMORY_R=
ESERVED=0D
+ resources.=0D
+=0D
+ @param MemoryMapEntry Memory map entry info got from bootloader=
.=0D
+ @param Params A pointer to ACPI_BOARD_INFO.=0D
+=0D
+ @retval EFI_SUCCESS Successfully build a HOB.=0D
+ @retval EFI_INVALID_PARAMETER Invalid parameter provided.=0D
+**/=0D
+EFI_STATUS=0D
+MemInfoCallbackMmio (=0D
+ IN MEMROY_MAP_ENTRY *MemoryMapEntry,=0D
+ IN VOID *Params=0D
+ )=0D
+{=0D
+ EFI_PHYSICAL_ADDRESS Base;=0D
+ EFI_RESOURCE_TYPE Type;=0D
+ UINT64 Size;=0D
+ EFI_RESOURCE_ATTRIBUTE_TYPE Attribue;=0D
+ ACPI_BOARD_INFO *AcpiBoardInfo;=0D
+=0D
+ AcpiBoardInfo =3D (ACPI_BOARD_INFO *)Params;=0D
+ if (AcpiBoardInfo =3D=3D NULL) {=0D
+ return EFI_INVALID_PARAMETER;=0D
+ }=0D
+=0D
+ //=0D
+ // Skip types already handled in MemInfoCallback=0D
+ //=0D
+ if (MemoryMapEntry->Type =3D=3D E820_RAM || MemoryMapEntry->Type =3D=3D =
E820_ACPI) {=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+=0D
+ if (MemoryMapEntry->Base =3D=3D AcpiBoardInfo->PcieBaseAddress) {=0D
+ //=0D
+ // MMCONF is always MMIO=0D
+ //=0D
+ Type =3D EFI_RESOURCE_MEMORY_MAPPED_IO;=0D
+ } else if (MemoryMapEntry->Base < mTopOfLowerUsableDram) {=0D
+ //=0D
+ // It's in DRAM and thus must be reserved=0D
+ //=0D
+ Type =3D EFI_RESOURCE_MEMORY_RESERVED;=0D
+ } else if ((MemoryMapEntry->Base < 0x100000000ULL) && (MemoryMapEntry->B=
ase >=3D mTopOfLowerUsableDram)) {=0D
+ //=0D
+ // It's not in DRAM, must be MMIO=0D
+ //=0D
+ Type =3D EFI_RESOURCE_MEMORY_MAPPED_IO;=0D
+ } else {=0D
+ Type =3D EFI_RESOURCE_MEMORY_RESERVED;=0D
+ }=0D
+=0D
+ Base =3D MemoryMapEntry->Base;=0D
+ Size =3D MemoryMapEntry->Size;=0D
+=0D
+ Attribue =3D EFI_RESOURCE_ATTRIBUTE_PRESENT |=0D
+ EFI_RESOURCE_ATTRIBUTE_INITIALIZED |=0D
+ EFI_RESOURCE_ATTRIBUTE_TESTED |=0D
+ EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |=0D
+ EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |=0D
+ EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |=0D
+ EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE;=0D
+=0D
+ BuildResourceDescriptorHob (Type, Attribue, (EFI_PHYSICAL_ADDRESS)Base, =
Size);=0D
+ DEBUG ((DEBUG_INFO , "buildhob: base =3D 0x%lx, size =3D 0x%lx, type =3D=
0x%x\n", Base, Size, Type));=0D
+=0D
+ if (MemoryMapEntry->Type =3D=3D E820_UNUSABLE ||=0D
+ MemoryMapEntry->Type =3D=3D E820_DISABLED) {=0D
+ BuildMemoryAllocationHob (Base, Size, EfiUnusableMemory);=0D
+ } else if (MemoryMapEntry->Type =3D=3D E820_PMEM) {=0D
+ BuildMemoryAllocationHob (Base, Size, EfiPersistentMemory);=0D
+ }=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Callback function to find TOLUD (Top of Lower Usable DRAM)=0D
+=0D
+ Estimate where TOLUD (Top of Lower Usable DRAM) resides. The exact posi=
tion=0D
+ would require platform specific code.=0D
+=0D
+ @param MemoryMapEntry Memory map entry info got from bootloader=
.=0D
+ @param Params Not used for now.=0D
+=0D
+ @retval EFI_SUCCESS Successfully updated mTopOfLowerUsableDra=
m.=0D
+**/=0D
+EFI_STATUS=0D
+FindToludCallback (=0D
+ IN MEMROY_MAP_ENTRY *MemoryMapEntry,=0D
+ IN VOID *Params=0D
+ )=0D
+{=0D
+ //=0D
+ // This code assumes that the memory map on this x86 machine below 4GiB =
is continous=0D
+ // until TOLUD. In addition it assumes that the bootloader provided memo=
ry tables have=0D
+ // no "holes" and thus the first memory range not covered by e820 marks =
the end of=0D
+ // usable DRAM. In addition it's assumed that every reserved memory regi=
on touching=0D
+ // usable RAM is also covering DRAM, everything else that is marked rese=
rved thus must be=0D
+ // MMIO not detectable by bootloader/OS=0D
+ //=0D
+=0D
+ //=0D
+ // Skip memory types not RAM or reserved=0D
+ //=0D
+ if ((MemoryMapEntry->Type =3D=3D E820_UNUSABLE) || (MemoryMapEntry->Type=
=3D=3D E820_DISABLED) ||=0D
+ (MemoryMapEntry->Type =3D=3D E820_PMEM)) {=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+=0D
+ //=0D
+ // Skip resources above 4GiB=0D
+ //=0D
+ if ((MemoryMapEntry->Base + MemoryMapEntry->Size) > 0x100000000ULL) {=0D
+ return EFI_SUCCESS;=0D
+ }=0D
+=0D
+ if ((MemoryMapEntry->Type =3D=3D E820_RAM) || (MemoryMapEntry->Type =3D=
=3D E820_ACPI) ||=0D
+ (MemoryMapEntry->Type =3D=3D E820_NVS)) {=0D
+ //=0D
+ // It's usable DRAM. Update TOLUD.=0D
+ //=0D
+ if (mTopOfLowerUsableDram < (MemoryMapEntry->Base + MemoryMapEntry->Si=
ze)) {=0D
+ mTopOfLowerUsableDram =3D (UINT32)(MemoryMapEntry->Base + MemoryMapE=
ntry->Size);=0D
+ }=0D
+ } else {=0D
+ //=0D
+ // It might be 'reserved DRAM' or 'MMIO'.=0D
+ //=0D
+ // If it touches usable DRAM at Base assume it's DRAM as well,=0D
+ // as it could be bootloader installed tables, TSEG, GTT, ...=0D
+ //=0D
+ if (mTopOfLowerUsableDram =3D=3D MemoryMapEntry->Base) {=0D
+ mTopOfLowerUsableDram =3D (UINT32)(MemoryMapEntry->Base + MemoryMapE=
ntry->Size);=0D
+ }=0D
+ }=0D
+=0D
+ return EFI_SUCCESS;=0D
+}=0D
+=0D
+=0D
+/**=0D
+ Callback function to build resource descriptor HOB=0D
+=0D
+ This function build a HOB based on the memory map entry info.=0D
+ Only add EFI_RESOURCE_SYSTEM_MEMORY.=0D
=0D
@param MemoryMapEntry Memory map entry info got from bootloader=
.=0D
@param Params Not used for now.=0D
@@ -28,7 +177,16 @@ MemInfoCallback (
UINT64 Size;=0D
EFI_RESOURCE_ATTRIBUTE_TYPE Attribue;=0D
=0D
- Type =3D (MemoryMapEntry->Type =3D=3D 1) ? EFI_RESOURCE_SYSTEM_MEMORY=
: EFI_RESOURCE_MEMORY_RESERVED;=0D
+ //=0D
+ // Skip everything not known to be usable DRAM.=0D
+ // It will be added later.=0D
+ //=0D
+ if ((MemoryMapEntry->Type !=3D E820_RAM) && (MemoryMapEntry->Type !=3D E=
820_ACPI) &&=0D
+ (MemoryMapEntry->Type !=3D E820_NVS)) {=0D
+ return RETURN_SUCCESS;=0D
+ }=0D
+=0D
+ Type =3D EFI_RESOURCE_SYSTEM_MEMORY;=0D
Base =3D MemoryMapEntry->Base;=0D
Size =3D MemoryMapEntry->Size;=0D
=0D
@@ -40,7 +198,7 @@ MemInfoCallback (
EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |=0D
EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE;=0D
=0D
- if (Base >=3D BASE_4GB ) {=0D
+ if (Base >=3D BASE_4GB) {=0D
// Remove tested attribute to avoid DXE core to dispatch driver to mem=
ory above 4GB=0D
Attribue &=3D ~EFI_RESOURCE_ATTRIBUTE_TESTED;=0D
}=0D
@@ -48,6 +206,12 @@ MemInfoCallback (
BuildResourceDescriptorHob (Type, Attribue, (EFI_PHYSICAL_ADDRESS)Base, =
Size);=0D
DEBUG ((DEBUG_INFO , "buildhob: base =3D 0x%lx, size =3D 0x%lx, type =3D=
0x%x\n", Base, Size, Type));=0D
=0D
+ if (MemoryMapEntry->Type =3D=3D E820_ACPI) {=0D
+ BuildMemoryAllocationHob (Base, Size, EfiACPIReclaimMemory);=0D
+ } else if (MemoryMapEntry->Type =3D=3D E820_NVS) {=0D
+ BuildMemoryAllocationHob (Base, Size, EfiACPIMemoryNVS);=0D
+ }=0D
+=0D
return RETURN_SUCCESS;=0D
}=0D
=0D
@@ -236,8 +400,19 @@ BuildHobFromBl (
EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *NewGfxDeviceInfo;=0D
=0D
//=0D
- // Parse memory info and build memory HOBs=0D
+ // First find TOLUD=0D
+ //=0D
+ DEBUG ((DEBUG_INFO , "Guessing Top of Lower Usable DRAM:\n"));=0D
+ Status =3D ParseMemoryInfo (FindToludCallback, NULL);=0D
+ if (EFI_ERROR(Status)) {=0D
+ return Status;=0D
+ }=0D
+ DEBUG ((DEBUG_INFO , "Assuming TOLUD =3D 0x%x\n", mTopOfLowerUsableDram)=
);=0D
+=0D
+ //=0D
+ // Parse memory info and build memory HOBs for Usable RAM=0D
//=0D
+ DEBUG ((DEBUG_INFO , "Building ResourceDescriptorHobs for usable memory:=
\n"));=0D
Status =3D ParseMemoryInfo (MemInfoCallback, NULL);=0D
if (EFI_ERROR(Status)) {=0D
return Status;=0D
@@ -289,6 +464,15 @@ BuildHobFromBl (
DEBUG ((DEBUG_INFO, "Create acpi board info guid hob\n"));=0D
}=0D
=0D
+ //=0D
+ // Parse memory info and build memory HOBs for reserved DRAM and MMIO=0D
+ //=0D
+ DEBUG ((DEBUG_INFO , "Building ResourceDescriptorHobs for reserved memor=
y:\n"));=0D
+ Status =3D ParseMemoryInfo (MemInfoCallbackMmio, &AcpiBoardInfo);=0D
+ if (EFI_ERROR(Status)) {=0D
+ return Status;=0D
+ }=0D
+=0D
//=0D
// Parse platform specific information.=0D
//=0D
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h b/UefiPaylo=
adPkg/UefiPayloadEntry/UefiPayloadEntry.h
index 2c84d6ed53..4fd50e47cd 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
@@ -38,6 +38,16 @@
#define GET_OCCUPIED_SIZE(ActualSize, Alignment) \=0D
((ActualSize) + (((Alignment) - ((ActualSize) & ((Alignment) - 1))) & ((=
Alignment) - 1)))=0D
=0D
+=0D
+#define E820_RAM 1=0D
+#define E820_RESERVED 2=0D
+#define E820_ACPI 3=0D
+#define E820_NVS 4=0D
+#define E820_UNUSABLE 5=0D
+#define E820_DISABLED 6=0D
+#define E820_PMEM 7=0D
+#define E820_UNDEFINED 8=0D
+=0D
/**=0D
Auto-generated function that calls the library constructors for all of t=
he module's=0D
dependent libraries.=0D
--=20
2.30.2


回复: [edk2][PATCH V3] MdePkg : Add IPMI Macro and Structure Defintions to resolve build errors

gaoliming
 

Thanks for you update.

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

Thanks
Liming
-----邮件原件-----
发件人: manickavasakam karpagavinayagam <manickavasakamk@ami.com>
发送时间: 2021年6月18日 23:38
收件人: devel@edk2.groups.io
抄送: isaac.w.oram@intel.com; nathaniel.l.desimone@intel.com;
Felixp@ami.com; Harikrishnad@ami.com; manishj@ami.com;
zacharyb@ami.com; manickavasakamk@ami.com;
gaoliming@byosoft.com.cn
主题: [edk2][PATCH V3] MdePkg : Add IPMI Macro and Structure Defintions
to resolve build errors

Build error reported for missing structures
IPMI_SET_BOOT_OPTIONS_RESPONSE,
EFI_IPMI_MSG_GET_BMC_EXEC_RSP and
macros EFI_FIRMWARE_GET_BMC_EXECUTION_CONTEXT
EFI_FIRMWARE_BMC_IN_FULL_RUNTIME/EFI_FIRMWARE_BMC_IN_FORCE
D_UPDATE_MODE
when using
edk2-platforms\Features\Intel\OutOfBandManagement\IpmiFeaturePkg

MdePkg : Rename IPMI Macro and Structure Defintions

Rename the EFI_IPMI_MSG_GET_BMC_EXEC_RSPB,
EFI_FIRMWARE_GET_BMC_EXECUTION_CONTEXT
EFI_FIRMWARE_BMC_IN_FORCED_UPDATE_MODE to
IPMI_MSG_GET_BMC_EXEC_RSPB,IPMI_GET_BMC_EXECUTION_CONTEXT
IPMI_BMC_IN_FORCED_UPDATE_MODE

Notes:
V1 :
Rename the EFI_IPMI_MSG_GET_BMC_EXEC_RSPB,
EFI_FIRMWARE_GET_BMC_EXECUTION_CONTEXT
EFI_FIRMWARE_BMC_IN_FORCED_UPDATE_MODE to
IPMI_MSG_GET_BMC_EXEC_RSPB,IPMI_GET_BMC_EXECUTION_CONTEXT
IPMI_BMC_IN_FORCED_UPDATE_MODE

V2:

Remove 0001-MdePkg-Add-IPMI-Macro-and-Structure-Defintions-to-re.patch

V3:

Add Signed-off-by information

Signed-off-by: Manickavasakam Karpagavinayagam
<manickavasakamk@ami.com>
---
.../IndustryStandard/IpmiNetFnChassis.h | 4 ++++
.../IndustryStandard/IpmiNetFnFirmware.h | 18
++++++++++++++++++
2 files changed, 22 insertions(+)

diff --git a/MdePkg/Include/IndustryStandard/IpmiNetFnChassis.h
b/MdePkg/Include/IndustryStandard/IpmiNetFnChassis.h
index 79db55523d..d7cdd3a865 100644
--- a/MdePkg/Include/IndustryStandard/IpmiNetFnChassis.h
+++ b/MdePkg/Include/IndustryStandard/IpmiNetFnChassis.h
@@ -186,6 +186,10 @@ typedef struct {
UINT8 ParameterData[0];

} IPMI_SET_BOOT_OPTIONS_REQUEST;



+typedef struct {

+ UINT8 CompletionCode:8;

+} IPMI_SET_BOOT_OPTIONS_RESPONSE;

+

//

// Definitions for Get System Boot options command

//

diff --git a/MdePkg/Include/IndustryStandard/IpmiNetFnFirmware.h
b/MdePkg/Include/IndustryStandard/IpmiNetFnFirmware.h
index 2d892dbd5a..c4cbe2349b 100644
--- a/MdePkg/Include/IndustryStandard/IpmiNetFnFirmware.h
+++ b/MdePkg/Include/IndustryStandard/IpmiNetFnFirmware.h
@@ -17,4 +17,22 @@
// All Firmware commands and their structure definitions to follow here

//



+//
----------------------------------------------------------------------------
------------

+// Definitions for Get BMC Execution Context

+//
----------------------------------------------------------------------------
------------

+#define IPMI_GET_BMC_EXECUTION_CONTEXT 0x23

+

+//

+// Constants and Structure definitions for "Get Device ID" command to
follow here

+//

+typedef struct {

+ UINT8 CurrentExecutionContext;

+ UINT8 PartitionPointer;

+} IPMI_MSG_GET_BMC_EXEC_RSP;

+

+//

+// Current Execution Context responses

+//

+#define IPMI_BMC_IN_FORCED_UPDATE_MODE 0x11

+

#endif

--
2.25.0.windows.1


Please consider the environment before printing this email.

The information contained in this message may be confidential and
proprietary to American Megatrends (AMI). This communication is intended
to be read only by the individual or entity to whom it is addressed or by
their
designee. If the reader of this message is not the intended recipient, you
are
on notice that any distribution of this message, in any form, is strictly
prohibited. Please promptly notify the sender by reply e-mail or by
telephone at 770-246-8600, and then delete or destroy all copies of the
transmission.


回复: [edk2-devel] [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native instruction support for X64

gaoliming
 

Christopher:
Nasm should support GCC tool chain. Do you meet with the problem on nasm
version assembly code?
So, you have to add GAS assembly code. This topic may be discussed last
year. Can you give some detail for it?

Thanks
Liming
-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Christopher
Zurcher
发送时间: 2021年6月19日 10:09
收件人: devel@edk2.groups.io
抄送: Jiewen Yao <jiewen.yao@intel.com>; Jian J Wang
<jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Mike Kinney
<michael.d.kinney@intel.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>
主题: [edk2-devel] [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native
instruction support for X64

From: Christopher Zurcher <christopher.zurcher@microsoft.com>

V6 Changes:
Add GCC-compatible version of these modifications. Supporting GCC build
of
native OpenSSL .S files requires removal of *(COMMON) from the
/DISCARD/
section of the GCC linker script.
The VS/CLANG portion of the patch is unchanged from the
previously-approved
patchset.

V5 Changes:
Move ApiHooks.c into X64 folder
Update process_files.pl to clean architecture-specific subfolders
without
removing them
Rebased INF file to merge latest changes regarding RngLib vs. TimerLib

V4 Changes:
Add copyright header to uefi-asm.conf
Move [Sources.X64] block to cover entire X64-specific config

V3 Changes:
Added definitions for ptrdiff_t and wchar_t to CrtLibSupport.h for
LLVM/Clang build support.
Added -UWIN32 to GCC Flags for LLVM/Clang build support.
Added missing AES GCM assembly file.

V2 Changes:
Limit scope of assembly config to SHA and AES functions.
Removed IA32 native support (reduced config was causing build failure
and
can be added in a later patch).
Removed XMM instructions from assembly generation.
Added automatic copyright header porting for generated assembly files.

This patch adds support for building the native instruction algorithms for
the X64 architecture in OpensslLib. The process_files.pl script was
modified
to parse the .asm file targets from the OpenSSL build config data struct,
and
generate the necessary assembly files for the EDK2 build environment.

For the X64 variant, OpenSSL includes calls to a Windows error handling
API,
and that function has been stubbed out in ApiHooks.c.

For all variants, a constructor is added to call the required CPUID
function
within OpenSSL to facilitate processor capability checks in the native
algorithms.

Additional native architecture variants should be simple to add by
following
the changes made for this architecture.

The OpenSSL assembly files are traditionally generated at build time using
a
perl script. To avoid that burden on EDK2 users, these end-result assembly
files are generated during the configuration steps performed by the
package
maintainer (through process_files.pl). The perl generator scripts inside
OpenSSL do not parse file comments as they are only meant to create
intermediate build files, so process_files.pl contains additional hooks to
preserve the copyright headers as well as clean up tabs and line endings
to
comply with EDK2 coding standards. The resulting file headers align with
the generated .h files which are already included in the EDK2 repository.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Mike Kinney <michael.d.kinney@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Christopher Zurcher (2):
CryptoPkg/OpensslLib: Add native instruction support for X64
CryptoPkg/OpensslLib: Commit the auto-generated assembly files for X64

BaseTools/Scripts/GccBase.lds
| 1 -
CryptoPkg/CryptoPkg.ci.yaml
| 21 +-
CryptoPkg/Library/Include/CrtLibSupport.h
| 2 +
CryptoPkg/Library/Include/openssl/opensslconf.h
| 3 -
CryptoPkg/Library/OpensslLib/OpensslLib.inf
| 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
| 44 +
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
| 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
| 653 +++
CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
| 653 +++
CryptoPkg/Library/OpensslLib/UefiAsm.conf
| 30 +
CryptoPkg/Library/OpensslLib/X64/ApiHooks.c
| 22 +
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
| 732 +++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
| 1916 ++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
| 78 +
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
| 5103 ++++++++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
| 1173 +++++
CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
| 34 +
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
| 1569 ++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
| 3137 ++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
| 2884 +++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
| 3461 +++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
| 3313 +++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
| 1938 ++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
| 491 ++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-mb-x86_64.S
| 552 +++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha1-x86_64.S
| 1719 +++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha256-x86_64.S |
69 +
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-x86_64.S
| 4484 +++++++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/vpaes-x86_64.S
| 863 ++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/aesni-gcm-x86_64.S
| 29 +
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/ghash-x86_64.S
| 1386 ++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-mb-x86_64.S
| 2962 ++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-x86_64.S
| 2631 ++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-mb-x86_64.S
| 3286 +++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-x86_64.S
| 3097 ++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha512-x86_64.S
| 1811 +++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/x86_64cpuid.S
| 491 ++
CryptoPkg/Library/OpensslLib/process_files.pl
| 241 +-
38 files changed, 50828 insertions(+), 55 deletions(-)
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
create mode 100644 CryptoPkg/Library/OpensslLib/UefiAsm.conf
create mode 100644 CryptoPkg/Library/OpensslLib/X64/ApiHooks.c
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha1-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha256-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/vpaes-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/aesni-gcm-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/ghash-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha512-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/x86_64cpuid.S

--
2.32.0.windows.1




5841 - 5860 of 82581