Date   

[PATCH 0/4] Add BootDiscoveryPolicyUiLib

Grzegorz Bernacki
 

This patchset extends Boot Maintenance Menu and allows to select
Boot Discovery Policy. Raspberry Pi platforms uses the variable to
connect specified class of devices on boot. This patchset also
removes efdc159e which has similar functionality.

Discussion on design can be found at:
https://edk2.groups.io/g/rfc/topic/rfc_boot_discovery_policy/82450628

Grzegorz Bernacki (3):
edk2:
MdeModulePkg: Add BootDiscoveryPolicyUiLib.
edk2-platforms:
Platform/RaspberryPi: Enable Boot Discovery Policy.
Revert "Platform/RaspberryPi: Setup option for disabling Fast Boot"

MdeModulePkg/MdeModulePkg.dec | 6 +
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf | 52 +++++++
MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h | 22 +++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c | 160 ++++++++++++++++++++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni | 18 +++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni | 29 ++++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr | 44 ++++++
Platform/RaspberryPi/RaspberryPi.dec | 2 -
Platform/RaspberryPi/RPi3/RPi3.dsc | 9 +-
Platform/RaspberryPi/RPi4/RPi4.dsc | 12 +--
Platform/RaspberryPi/RPi4/RPi4.fdf | 1 +
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf | 3 +-
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 5 +-
Platform/RaspberryPi/Include/ConfigVars.h | 12 +--
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr | 16 +---
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c | 11 +--
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c | 96 +++++++++++++++++---
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni | 10 +-
18 files changed, 431 insertions(+), 77 deletions(-)
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
create mode 100644 MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStrings.uni
create mode 100644 MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.Vfr

--
2.25.1


回复: [edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 06/22/2021 #cal-reminder

gaoliming
 

There is no new bug. So, let’s cancel this week meeting.

 

Thanks

Liming

发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 devel@edk2.groups.io Calendar
发送时间: 2021622 9:30
收件人: devel@edk2.groups.io
主题: [edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 06/22/2021 #cal-reminder

 

Reminder: TianoCore Bug Triage - APAC / NAMO

When:
06/22/2021
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d

Organizer: Liming Gao gaoliming@...

View Event

Description:

TianoCore Bug Triage - APAC / NAMO

Hosted by Liming Gao

 

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Join with a video conferencing device

teams@...

Video Conference ID: 116 062 094 0

Alternate VTC dialing instructions

Or call in (audio only)

+1 916-245-6934,,77463821#   United States, Sacramento

Phone Conference ID: 774 638 21#

Find a local number | Reset PIN

Learn More | Meeting options


Cancelled Event: TianoCore Bug Triage - APAC / NAMO - Tuesday, June 22, 2021 #cal-cancelled

devel@edk2.groups.io Calendar <noreply@...>
 

Cancelled: TianoCore Bug Triage - APAC / NAMO

This event has been cancelled.

When:
Tuesday, June 22, 2021
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d

Organizer: Liming Gao gaoliming@...

Description:

TianoCore Bug Triage - APAC / NAMO

Hosted by Liming Gao

 

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Join with a video conferencing device

teams@...

Video Conference ID: 116 062 094 0

Alternate VTC dialing instructions

Or call in (audio only)

+1 916-245-6934,,77463821#   United States, Sacramento

Phone Conference ID: 774 638 21#

Find a local number | Reset PIN

Learn More | Meeting options


Event: TianoCore Bug Triage - APAC / NAMO - 06/22/2021 #cal-reminder

devel@edk2.groups.io Calendar <noreply@...>
 

Reminder: TianoCore Bug Triage - APAC / NAMO

When:
06/22/2021
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d

Organizer: Liming Gao gaoliming@...

View Event

Description:

TianoCore Bug Triage - APAC / NAMO

Hosted by Liming Gao

 

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Join with a video conferencing device

teams@...

Video Conference ID: 116 062 094 0

Alternate VTC dialing instructions

Or call in (audio only)

+1 916-245-6934,,77463821#   United States, Sacramento

Phone Conference ID: 774 638 21#

Find a local number | Reset PIN

Learn More | Meeting options


回复: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/BdsDxe: Update BdsEntry to use Variable Policy

gaoliming
 

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Kenneth
Lautner
发送时间: 2021年6月22日 4:00
收件人: devel@edk2.groups.io
抄送: Jian J Wang <jian.j.wang@intel.com>; Hao A Wu
<hao.a.wu@intel.com>; Zhichao Gao <zhichao.gao@intel.com>; Ray Ni
<ray.ni@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>
主题: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/BdsDxe: Update BdsEntry
to use Variable Policy

From: Ken Lautner <klautner@microsoft.com>

Changed BdsEntry.c to use Variable Policy instead of Variable Lock
as Variable Lock will be Deprecated eventually

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>

Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
---
MdeModulePkg/Universal/BdsDxe/Bds.h | 1 -
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf | 3 ++-
MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 20 +++++++++++++++-----
3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/MdeModulePkg/Universal/BdsDxe/Bds.h
b/MdeModulePkg/Universal/BdsDxe/Bds.h
index e7a9b5b4b7cb..84548041e861 100644
--- a/MdeModulePkg/Universal/BdsDxe/Bds.h
+++ b/MdeModulePkg/Universal/BdsDxe/Bds.h
@@ -17,7 +17,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent


#include <Protocol/Bds.h>

#include <Protocol/LoadedImage.h>

-#include <Protocol/VariableLock.h>

#include <Protocol/DeferredImageLoad.h>



#include <Library/UefiDriverEntryPoint.h>

diff --git a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
index 9310b4dccb18..5bac635def93 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+++ b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@@ -50,6 +50,7 @@
BaseMemoryLib

DebugLib

UefiBootManagerLib

+ VariablePolicyHelperLib

PlatformBootManagerLib

PcdLib

PrintLib

@@ -77,7 +78,7 @@
[Protocols]

gEfiBdsArchProtocolGuid ## PRODUCES

gEfiSimpleTextInputExProtocolGuid ## CONSUMES

- gEdkiiVariableLockProtocolGuid ##
SOMETIMES_CONSUMES

+ gEdkiiVariablePolicyProtocolGuid ##
SOMETIMES_CONSUMES

gEfiDeferredImageLoadProtocolGuid ## CONSUMES



[FeaturePcd]

diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
index 83b773a2fa5f..13c10bdc5bf8 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
+++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
@@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "Bds.h"

#include "Language.h"

#include "HwErrRecSupport.h"

+#include <Library/VariablePolicyHelperLib.h>



#define SET_BOOT_OPTION_SUPPORT_KEY_COUNT(a, c) { \

(a) = ((a) & ~EFI_BOOT_OPTION_SUPPORT_COUNT) | (((c) <<
LowBitSet32 (EFI_BOOT_OPTION_SUPPORT_COUNT)) &
EFI_BOOT_OPTION_SUPPORT_COUNT); \

@@ -670,7 +671,7 @@ BdsEntry (
EFI_STATUS Status;

UINT32 BootOptionSupport;

UINT16 BootTimeOut;

- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;

+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;

UINTN Index;

EFI_BOOT_MANAGER_LOAD_OPTION LoadOption;

UINT16 *BootNext;

@@ -716,12 +717,21 @@ BdsEntry (
//

// Mark the read-only variables if the Variable Lock protocol exists

//

- Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL,
(VOID **) &VariableLock);

- DEBUG ((EFI_D_INFO, "[BdsDxe] Locate Variable Lock protocol - %r\n",
Status));

+ Status = gBS->LocateProtocol(&gEdkiiVariablePolicyProtocolGuid, NULL,
(VOID**)&VariablePolicy);

+ DEBUG((DEBUG_INFO, "[BdsDxe] Locate Variable Policy protocol - %r\n",
Status));

if (!EFI_ERROR (Status)) {

for (Index = 0; Index < ARRAY_SIZE (mReadOnlyVariables); Index++) {

- Status = VariableLock->RequestToLock (VariableLock,
mReadOnlyVariables[Index], &gEfiGlobalVariableGuid);

- ASSERT_EFI_ERROR (Status);

+ Status = RegisterBasicVariablePolicy(

+ VariablePolicy,

+ &gEfiGlobalVariableGuid,

+ mReadOnlyVariables[Index],

+ VARIABLE_POLICY_NO_MIN_SIZE,

+ VARIABLE_POLICY_NO_MAX_SIZE,

+ VARIABLE_POLICY_NO_MUST_ATTR,

+ VARIABLE_POLICY_NO_CANT_ATTR,

+ VARIABLE_POLICY_TYPE_LOCK_NOW

+ );

+ ASSERT_EFI_ERROR(Status);

}

}



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76813): https://edk2.groups.io/g/devel/message/76813
Mute This Topic: https://groups.io/mt/83697951/4905953
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub
[gaoliming@byosoft.com.cn]
-=-=-=-=-=-=


回复: 回复: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification updates

gaoliming
 

Sami:
This approach is good. For this patch set, Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>.

Thanks
Liming

-----邮件原件-----
发件人: Sami Mujawar <Sami.Mujawar@arm.com>
发送时间: 2021年6月21日 17:57
收件人: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io
抄送: Alexei Fedorov <Alexei.Fedorov@arm.com>;
ardb+tianocore@kernel.org; Matteo Carlini <Matteo.Carlini@arm.com>; Ben
Adderson <Ben.Adderson@arm.com>; Steven Price <Steven.Price@arm.com>;
Lorenzo Pieralisi <Lorenzo.Pieralisi@arm.com>; michael.d.kinney@intel.com;
zhiguang.liu@intel.com; ray.ni@intel.com; zhichao.gao@intel.com; nd
<nd@arm.com>
主题: Re: 回复: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification
updates

Hi Liming,

Please find my response inline marked [SAMI].

Regards,

Sami Mujawar

On 18/06/2021, 01:49, "gaoliming" <gaoliming@byosoft.com.cn> wrote:

Sami:
I agree this change. With this patch, will you update the existing
platform to use the matched version macro
EFI_ACPI_IO_REMAPPING_TABLE_REV0?
[SAMI] I can update the platforms in edk2-platforms as a follow-on patch. In
that case the macro EFI_ACPI_IO_REMAPPING_TABLE_REVISION can also be
removed.
Please let me know if this approach would be better, and I can send an
update.
[/SAMI]

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Sami
> Mujawar
> 发送时间: 2021年6月17日 17:55
> 收件人: devel@edk2.groups.io
> 抄送: Sami Mujawar <sami.mujawar@arm.com>;
Alexei.Fedorov@arm.com;
> ardb+tianocore@kernel.org; Matteo.Carlini@arm.com;
> Ben.Adderson@arm.com; steven.price@arm.com;
> Lorenzo.Pieralisi@arm.com; michael.d.kinney@intel.com;
> gaoliming@byosoft.com.cn; zhiguang.liu@intel.com; ray.ni@intel.com;
> zhichao.gao@intel.com; nd@arm.com
> 主题: [edk2-devel] [PATCH v2 0/8] IORT Rev E.b specification updates
>
> Bugzilla: 3458 - Add support IORT Rev E.b specification updates
> (https://bugzilla.tianocore.org/show_bug.cgi?id=3458)
>
> The IO Remapping Table (IORT) specification has been updated to
> rev E.b. The following updates are introduced including the errata
> to rev E and E.a:
> - increments the IORT table revision to 3.
> - updates the node definition to add an 'Identifier' field.
> - adds definition of node type 6 - Reserved Memory Range node.
> - adds definition for Memory Range Descriptors.
> - adds flag to indicate PRI support for root complexes.
> - adds flag to indicate if the root complex supports forwarding
> of PASID information on translated transactions to the SMMU.
>
> The v1 patch series:
> - Updates the IORT header file to match the Rev E.b specification.
> - Add support to parse IORT Rev E.b tables
> - Add support to generate IORT Rev E.b compliant ACPI tables
> using Dynamic Tables Framework.
>
> This v2 patch series includes all changes from v1 patch series
> except the following 2 patches have been modified to set the
> EFI_ACPI_IO_REMAPPING_TABLE_REVISION macro to Rev 0 as setting
> to Rev 3 will break existing platforms, the problem being that
> the Identifier field in the IORT nodes would not be unique.
> - MdePkg: IORT header update for IORT Rev E.b spec
> - DynamicTablesPkg: IORT generator updates for Rev E.b spec
>
> The changes can be seen at:
> https://github.com/samimujawar/edk2/tree/1527_iort_rev_eb_v2
>
> Sami Mujawar (8):
> MdePkg: Fix IORT header file include guard
> MdePkg: IORT header update for IORT Rev E.b spec
> ShellPkg: Acpiview: Abbreviate field names to preserve alignment
> ShellPkg: Acpiview: IORT parser update for IORT Rev E.b spec
> DynamicTablesPkg: IORT set reference to Id array only if present
> DynamicTablesPkg: IORT set reference to interrupt array if present
> DynamicTablesPkg: Update ArmNameSpaceObjects for IORT Rev
E.b
> DynamicTablesPkg: IORT generator updates for Rev E.b spec
>
> DynamicTablesPkg/Include/ArmNameSpaceObjects.h
> | 58 ++
> DynamicTablesPkg/Library/Acpi/Arm/AcpiIortLibArm/IortGenerator.c
> | 772 ++++++++++++++++++--
> DynamicTablesPkg/Library/Acpi/Arm/AcpiIortLibArm/IortGenerator.h
> | 5 +-
> MdePkg/Include/IndustryStandard/IoRemappingTable.h
> | 71 +-
>
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c |
> 207 +++++-
> 5 files changed, 1013 insertions(+), 100 deletions(-)
>
> --
> 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'
>
>
>
>
>



Re: [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native instruction support for X64

Christopher Zurcher
 

Yes this was discussed last year, sorry for the delay in follow-up, I was changing jobs.
The problem is that the assembly code provided by OpenSSL uses "wrt ..imagebase" which is only supported by win64, not elf64. It was requested at the time that I include the OpenSSL-provided .S files as a GCC tool chain alternative.

Thanks,
Christopher Zurcher

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Sunday, June 20, 2021 18:34
To: devel@edk2.groups.io; christopher.zurcher@outlook.com
Cc: 'Jiewen Yao' <jiewen.yao@intel.com>; 'Jian J Wang' <jian.j.wang@intel.com>; 'Xiaoyu Lu' <xiaoyux.lu@intel.com>; 'Mike Kinney' <michael.d.kinney@intel.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com>
Subject: 回复: [edk2-devel] [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native instruction support for X64

Christopher:
Nasm should support GCC tool chain. Do you meet with the problem on nasm version assembly code?
So, you have to add GAS assembly code. This topic may be discussed last year. Can you give some detail for it?

Thanks
Liming
-----邮件原件-----
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Christopher
Zurcher
发送时间: 2021年6月19日 10:09
收件人: devel@edk2.groups.io
抄送: Jiewen Yao <jiewen.yao@intel.com>; Jian J Wang
<jian.j.wang@intel.com>; Xiaoyu Lu <xiaoyux.lu@intel.com>; Mike Kinney
<michael.d.kinney@intel.com>; Ard Biesheuvel <ard.biesheuvel@arm.com>
主题: [edk2-devel] [PATCH v6 0/2] CryptoPkg/OpensslLib: Add native
instruction support for X64

From: Christopher Zurcher <christopher.zurcher@microsoft.com>

V6 Changes:
Add GCC-compatible version of these modifications. Supporting GCC
build
of
native OpenSSL .S files requires removal of *(COMMON) from the
/DISCARD/
section of the GCC linker script.
The VS/CLANG portion of the patch is unchanged from the
previously-approved
patchset.

V5 Changes:
Move ApiHooks.c into X64 folder
Update process_files.pl to clean architecture-specific subfolders
without
removing them
Rebased INF file to merge latest changes regarding RngLib vs.
TimerLib

V4 Changes:
Add copyright header to uefi-asm.conf
Move [Sources.X64] block to cover entire X64-specific config

V3 Changes:
Added definitions for ptrdiff_t and wchar_t to CrtLibSupport.h for
LLVM/Clang build support.
Added -UWIN32 to GCC Flags for LLVM/Clang build support.
Added missing AES GCM assembly file.

V2 Changes:
Limit scope of assembly config to SHA and AES functions.
Removed IA32 native support (reduced config was causing build
failure
and
can be added in a later patch).
Removed XMM instructions from assembly generation.
Added automatic copyright header porting for generated assembly files.

This patch adds support for building the native instruction algorithms
for the X64 architecture in OpensslLib. The process_files.pl script
was
modified
to parse the .asm file targets from the OpenSSL build config data
struct,
and
generate the necessary assembly files for the EDK2 build environment.

For the X64 variant, OpenSSL includes calls to a Windows error
handling
API,
and that function has been stubbed out in ApiHooks.c.

For all variants, a constructor is added to call the required CPUID
function
within OpenSSL to facilitate processor capability checks in the native
algorithms.

Additional native architecture variants should be simple to add by
following
the changes made for this architecture.

The OpenSSL assembly files are traditionally generated at build time
using
a
perl script. To avoid that burden on EDK2 users, these end-result
assembly files are generated during the configuration steps performed
by the
package
maintainer (through process_files.pl). The perl generator scripts
inside OpenSSL do not parse file comments as they are only meant to
create intermediate build files, so process_files.pl contains
additional hooks to preserve the copyright headers as well as clean up
tabs and line endings
to
comply with EDK2 coding standards. The resulting file headers align
with the generated .h files which are already included in the EDK2 repository.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Mike Kinney <michael.d.kinney@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Christopher Zurcher (2):
CryptoPkg/OpensslLib: Add native instruction support for X64
CryptoPkg/OpensslLib: Commit the auto-generated assembly files for
X64

BaseTools/Scripts/GccBase.lds
| 1 -
CryptoPkg/CryptoPkg.ci.yaml
| 21 +-
CryptoPkg/Library/Include/CrtLibSupport.h
| 2 +
CryptoPkg/Library/Include/openssl/opensslconf.h
| 3 -
CryptoPkg/Library/OpensslLib/OpensslLib.inf
| 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
| 44 +
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
| 2 +-
CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
| 653 +++
CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
| 653 +++
CryptoPkg/Library/OpensslLib/UefiAsm.conf
| 30 +
CryptoPkg/Library/OpensslLib/X64/ApiHooks.c
| 22 +
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
| 732 +++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
| 1916 ++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
| 78 +
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
| 5103 ++++++++++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
| 1173 +++++
CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
| 34 +
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
| 1569 ++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
| 3137 ++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
| 2884 +++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
| 3461 +++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
| 3313 +++++++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
| 1938 ++++++++
CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
| 491 ++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-mb-x86_64.S
| 552 +++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha1-x86_64.S
| 1719 +++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha256-x86_64.S
|
69 +
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-x86_64.S
| 4484 +++++++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/vpaes-x86_64.S
| 863 ++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/aesni-gcm-x86_64.S
| 29 +
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/ghash-x86_64.S
| 1386 ++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-mb-x86_64.S
| 2962 ++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-x86_64.S
| 2631 ++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-mb-x86_64.S
| 3286 +++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-x86_64.S
| 3097 ++++++++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha512-x86_64.S
| 1811 +++++++
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/x86_64cpuid.S
| 491 ++
CryptoPkg/Library/OpensslLib/process_files.pl
| 241 +-
38 files changed, 50828 insertions(+), 55 deletions(-) create mode
100644 CryptoPkg/Library/OpensslLib/OpensslLibConstructor.c
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64.inf
create mode 100644 CryptoPkg/Library/OpensslLib/OpensslLibX64Gcc.inf
create mode 100644 CryptoPkg/Library/OpensslLib/UefiAsm.conf
create mode 100644 CryptoPkg/Library/OpensslLib/X64/ApiHooks.c
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha1-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-sha256-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/aesni-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/aes/vpaes-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/modes/aesni-gcm-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/modes/ghash-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha1-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-mb-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha256-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/sha/sha512-x86_64.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64/crypto/x86_64cpuid.nasm
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha1-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-sha256-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/aesni-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/aes/vpaes-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/aesni-gcm-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/modes/ghash-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha1-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-mb-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha256-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/sha/sha512-x86_64.S
create mode 100644
CryptoPkg/Library/OpensslLib/X64Gcc/crypto/x86_64cpuid.S

--
2.32.0.windows.1





[PATCH v1 1/1] MdeModulePkg/BdsDxe: Update BdsEntry to use Variable Policy

Kenneth Lautner
 

From: Ken Lautner <klautner@microsoft.com>

Changed BdsEntry.c to use Variable Policy instead of Variable Lock
as Variable Lock will be Deprecated eventually

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>

Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
---
MdeModulePkg/Universal/BdsDxe/Bds.h | 1 -
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf | 3 ++-
MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 20 +++++++++++++++-----
3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/MdeModulePkg/Universal/BdsDxe/Bds.h b/MdeModulePkg/Universal/B=
dsDxe/Bds.h
index e7a9b5b4b7cb..84548041e861 100644
--- a/MdeModulePkg/Universal/BdsDxe/Bds.h
+++ b/MdeModulePkg/Universal/BdsDxe/Bds.h
@@ -17,7 +17,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
=0D
#include <Protocol/Bds.h>=0D
#include <Protocol/LoadedImage.h>=0D
-#include <Protocol/VariableLock.h>=0D
#include <Protocol/DeferredImageLoad.h>=0D
=0D
#include <Library/UefiDriverEntryPoint.h>=0D
diff --git a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf b/MdeModulePkg/Univer=
sal/BdsDxe/BdsDxe.inf
index 9310b4dccb18..5bac635def93 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+++ b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@@ -50,6 +50,7 @@
BaseMemoryLib=0D
DebugLib=0D
UefiBootManagerLib=0D
+ VariablePolicyHelperLib=0D
PlatformBootManagerLib=0D
PcdLib=0D
PrintLib=0D
@@ -77,7 +78,7 @@
[Protocols]=0D
gEfiBdsArchProtocolGuid ## PRODUCES=0D
gEfiSimpleTextInputExProtocolGuid ## CONSUMES=0D
- gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES=0D
+ gEdkiiVariablePolicyProtocolGuid ## SOMETIMES_CONSUMES=0D
gEfiDeferredImageLoadProtocolGuid ## CONSUMES=0D
=0D
[FeaturePcd]=0D
diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c b/MdeModulePkg/Univer=
sal/BdsDxe/BdsEntry.c
index 83b773a2fa5f..13c10bdc5bf8 100644
--- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
+++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
@@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "Bds.h"=0D
#include "Language.h"=0D
#include "HwErrRecSupport.h"=0D
+#include <Library/VariablePolicyHelperLib.h>=0D
=0D
#define SET_BOOT_OPTION_SUPPORT_KEY_COUNT(a, c) { \=0D
(a) =3D ((a) & ~EFI_BOOT_OPTION_SUPPORT_COUNT) | (((c) << LowBitSet3=
2 (EFI_BOOT_OPTION_SUPPORT_COUNT)) & EFI_BOOT_OPTION_SUPPORT_COUNT); \=0D
@@ -670,7 +671,7 @@ BdsEntry (
EFI_STATUS Status;=0D
UINT32 BootOptionSupport;=0D
UINT16 BootTimeOut;=0D
- EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;=0D
+ EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;=0D
UINTN Index;=0D
EFI_BOOT_MANAGER_LOAD_OPTION LoadOption;=0D
UINT16 *BootNext;=0D
@@ -716,12 +717,21 @@ BdsEntry (
//=0D
// Mark the read-only variables if the Variable Lock protocol exists=0D
//=0D
- Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (=
VOID **) &VariableLock);=0D
- DEBUG ((EFI_D_INFO, "[BdsDxe] Locate Variable Lock protocol - %r\n", Sta=
tus));=0D
+ Status =3D gBS->LocateProtocol(&gEdkiiVariablePolicyProtocolGuid, NULL, =
(VOID**)&VariablePolicy);=0D
+ DEBUG((DEBUG_INFO, "[BdsDxe] Locate Variable Policy protocol - %r\n", St=
atus));=0D
if (!EFI_ERROR (Status)) {=0D
for (Index =3D 0; Index < ARRAY_SIZE (mReadOnlyVariables); Index++) {=
=0D
- Status =3D VariableLock->RequestToLock (VariableLock, mReadOnlyVaria=
bles[Index], &gEfiGlobalVariableGuid);=0D
- ASSERT_EFI_ERROR (Status);=0D
+ Status =3D RegisterBasicVariablePolicy(=0D
+ VariablePolicy,=0D
+ &gEfiGlobalVariableGuid,=0D
+ mReadOnlyVariables[Index],=0D
+ VARIABLE_POLICY_NO_MIN_SIZE,=0D
+ VARIABLE_POLICY_NO_MAX_SIZE,=0D
+ VARIABLE_POLICY_NO_MUST_ATTR,=0D
+ VARIABLE_POLICY_NO_CANT_ATTR,=0D
+ VARIABLE_POLICY_TYPE_LOCK_NOW=0D
+ );=0D
+ ASSERT_EFI_ERROR(Status);=0D
}=0D
}=0D
=0D
--=20
2.31.1.windows.1


Re: [PATCH RESEND v1 0/2] ArmVirtPkg: Enable PCIe support for Kvmtool

Alexandru Elisei
 

Hi Pierre,

On 6/15/21 4:21 PM, PierreGondois via groups.io wrote:
From: Pierre Gondois <Pierre.Gondois@arm.com>

PCIe support has been added to the Kvmtool virtual machine
manager. Therefore, add a PciHostBridgeUtilityLib and enable
PCIe support for Kvmtool firmware.

The patches were re-send as the devel@edk2.groups.io was not included.

The patches can be seen at: https://github.com/PierreARM/edk2/tree/1413_Enable_ArmVirt_Pci_v1
The results of the CI can be seen at: https://github.com/tianocore/edk2/pull/1718
Tested the patches with the latest version of the kvmtool PCI Express support [1],
and everything worked as expected. A summary of the tests that I ran can be found
at [1]. So you can add for the entire series:

Tested-by: Alexandru Elisei <alexandru.elisei@arm.com>

One thing of note is that applying patch #2 of this series on top of 11b1c1d4b98b
("SecurityPkg: TcgStorageOpalLib: Initialize SupportedAttributes parameter")
failed. However, building from your repo went fine, and the binary that I used for
testing was built from your repo.

[1] https://lore.kernel.org/kvm/20210621092128.11313-1-alexandru.elisei@arm.com/

Thanks,

Alex


Sami Mujawar (2):
ArmVirtPkg: Add PCIe host bridge utility lib for ArmVirtPkg
ArmVirtPkg: Enable PCIe support for Kvmtool

ArmVirtPkg/ArmVirtKvmTool.dsc | 35 ++-
ArmVirtPkg/ArmVirtKvmTool.fdf | 11 +-
.../ArmVirtPciHostBridgeUtilityLib.c | 219 ++++++++++++++++++
.../ArmVirtPciHostBridgeUtilityLib.inf | 39 ++++
4 files changed, 301 insertions(+), 3 deletions(-)
create mode 100644 ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLib/ArmVirtPciHostBridgeUtilityLib.c
create mode 100644 ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLib/ArmVirtPciHostBridgeUtilityLib.inf


[PATCH 2/2] UefiPayloadPkg: consume the BootManagerMenuFile HOB

duntan
 

Consume the BootManagerMenuFile HOB in PlatformBootManagerLib
This Lib is in UefiPayloadPkg

Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>

Signed-off-by: DunTan <dun.tan@intel.com>
---
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 5 ++++-
UefiPayloadPkg/UefiPayloadPkg.dsc | 2 +-
3 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
index fce48d26a1..afd9664959 100644
--- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
+++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
@@ -10,6 +10,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "PlatformBootManager.h"
#include "PlatformConsole.h"
#include <Protocol/PlatformBootManagerOverride.h>
+#include <Guid/BootManagerMenu.h>
+#include <Library/HobLib.h>

UNIVERSAL_PAYLOAD_PLATFORM_BOOT_MANAGER_OVERRIDE_PROTOCOL *mUniversalPayloadPlatformBootManagerOverrideInstance = NULL;

@@ -286,3 +288,52 @@ PlatformBootManagerUnableToBoot (
return;
}

+/**
+ Get/update PcdBootManagerMenuFile from GUID HOB which will be assigned in bootloader.
+
+ @retval EFI_SUCCESS The entry point is executed successfully.
+ @retval other Some error occurs.
+
+**/
+EFI_STATUS
+EFIAPI
+PlatformBootManagerLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+)
+{
+ EFI_STATUS Status;
+ UINTN Size;
+ VOID *GuidHob;
+ UNIVERSAL_PAYLOAD_GENERIC_HEADER *GenericHeader;
+ UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU *BootManagerMenuFile;
+ Status = EFI_SUCCESS;
+ GuidHob = GetFirstGuidHob (&gUniversalPayloadBootManagerMenuFileGuid);
+ //
+ // Find the buffer information and update PCDs
+ //
+ if (GuidHob == NULL) {
+ //
+ // If the HOB is not create, the default value of PcdBootManagerMenuFile will be used.
+ //
+ return EFI_SUCCESS;
+ }
+
+ GenericHeader = (UNIVERSAL_PAYLOAD_GENERIC_HEADER *) GET_GUID_HOB_DATA (GuidHob);
+ if ((sizeof (UNIVERSAL_PAYLOAD_GENERIC_HEADER) > GET_GUID_HOB_DATA_SIZE (GuidHob)) || (GenericHeader->Length > GET_GUID_HOB_DATA_SIZE (GuidHob))) {
+ return EFI_NOT_FOUND;
+ }
+ if (GenericHeader->Revision == UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_REVISION) {
+ BootManagerMenuFile = (UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU *) GET_GUID_HOB_DATA (GuidHob);
+ if (BootManagerMenuFile->Header.Length < UNIVERSAL_PAYLOAD_SIZEOF_THROUGH_FIELD (UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU, FileName)) {
+ return EFI_NOT_FOUND;
+ }
+ Size = sizeof (BootManagerMenuFile->FileName);
+ Status = PcdSetPtrS (PcdBootManagerMenuFile, &Size, &BootManagerMenuFile->FileName);
+ } else {
+ return EFI_NOT_FOUND;
+ }
+
+ ASSERT_EFI_ERROR (Status);
+ return EFI_SUCCESS;
+}
diff --git a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 600a535282..9c4943a0e0 100644
--- a/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -13,7 +13,7 @@
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = PlatformBootManagerLib|DXE_DRIVER
-
+ CONSTRUCTOR = PlatformBootManagerLibConstructor

#
# The following information is for reference only and not required by the build tools.
@@ -46,9 +46,11 @@
HiiLib
PrintLib
PlatformHookLib
+ HobLib

[Guids]
gEfiEndOfDxeEventGroupGuid
+ gUniversalPayloadBootManagerMenuFileGuid

[Protocols]
gEfiGenericMemTestProtocolGuid ## CONSUMES
@@ -70,3 +72,4 @@
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultStopBits
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 21b360256b..e46b867d30 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -289,7 +289,6 @@
!endif
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
- gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }


!if $(SOURCE_DEBUG_ENABLE)
@@ -297,6 +296,7 @@
!endif

[PcdsPatchableInModule.common]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
!if $(SOURCE_DEBUG_ENABLE)
--
2.31.1.windows.1


[PATCH 1/2] UefiPayloadPkg: Add new structure for BootManagerMenuFile HOB

duntan
 

Add new structure for BootManagerMenuFile HOB in UefiPayloadPkg

Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>

Signed-off-by: DunTan <dun.tan@intel.com>
---
UefiPayloadPkg/Include/Guid/BootManagerMenu.h | 27 +++++++++++++++++++++++++++
UefiPayloadPkg/UefiPayloadPkg.dec | 3 +++
2 files changed, 30 insertions(+)

diff --git a/UefiPayloadPkg/Include/Guid/BootManagerMenu.h b/UefiPayloadPkg/Include/Guid/BootManagerMenu.h
new file mode 100644
index 0000000000..10fb874640
--- /dev/null
+++ b/UefiPayloadPkg/Include/Guid/BootManagerMenu.h
@@ -0,0 +1,27 @@
+/** @file
+ Define the structure for the Boot Manager Menu File.
+
+Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_H_
+#define UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_H_
+
+#include <Uefi.h>
+#include <UniversalPayload/UniversalPayload.h>
+
+#pragma pack (1)
+
+typedef struct {
+ UNIVERSAL_PAYLOAD_GENERIC_HEADER Header;
+ GUID FileName;
+} UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU;
+
+#pragma pack()
+
+#define UNIVERSAL_PAYLOAD_BOOT_MANAGER_MENU_REVISION 1
+
+extern GUID gUniversalPayloadBootManagerMenuFileGuid;
+#endif
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dec b/UefiPayloadPkg/UefiPayloadPkg.dec
index 105e1f5a1c..850592976d 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dec
+++ b/UefiPayloadPkg/UefiPayloadPkg.dec
@@ -29,6 +29,9 @@
#
gBmpImageGuid = { 0x878AC2CC, 0x5343, 0x46F2, { 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } }

+ ##include/Guid/BootManagerMenu.h
+ gUniversalPayloadBootManagerMenuFileGuid = { 0xdf939333, 0x42fc, 0x4b2a, { 0xa5, 0x9e, 0xbb, 0xae, 0x82, 0x81, 0xfe, 0xef }}
+
gUefiSystemTableInfoGuid = {0x16c8a6d0, 0xfe8a, 0x4082, {0xa2, 0x8, 0xcf, 0x89, 0xc4, 0x29, 0x4, 0x33}}
gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}}
gUefiSerialPortInfoGuid = { 0x6c6872fe, 0x56a9, 0x4403, { 0xbb, 0x98, 0x95, 0x8d, 0x62, 0xde, 0x87, 0xf1 } }
--
2.31.1.windows.1


[PATCH 0/2] Add a new structure for BootManagerMenu HOB and consume it

duntan
 

Add a new structure for BootManagerMenu HOB in UefiPayloadPkg
Then consume the BootManagerMenuFile HOB

duntan (2):
UefiPayloadPkg: Add new structure for BootManagerMenuFile HOB
UefiPayloadPkg: consume the BootManagerMenuFile HOB

UefiPayloadPkg/Include/Guid/BootManagerMenu.h | 27 +++++++++++++++++++++++++++
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManager.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
UefiPayloadPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 5 ++++-
UefiPayloadPkg/UefiPayloadPkg.dec | 3 +++
UefiPayloadPkg/UefiPayloadPkg.dsc | 2 +-
5 files changed, 86 insertions(+), 2 deletions(-)
create mode 100644 UefiPayloadPkg/Include/Guid/BootManagerMenu.h

--
2.31.1.windows.1


Re: [PATCH v3] UefiPayloadPkg/UefiPayloadEntry: Improve bootloader memrange parsing

Ma, Maurice
 

Looks good to me.
Reviewed-by: Maurice Ma <maurice.ma@intel.com>

Regards
-Maurice

-----Original Message-----
From: Patrick Rudolph <patrick.rudolph@9elements.com>
Sent: Monday, June 21, 2021 1:10
To: devel@edk2.groups.io
Cc: Ma, Maurice <maurice.ma@intel.com>; Dong, Guo
<guo.dong@intel.com>; You, Benjamin <benjamin.you@intel.com>
Subject: [PATCH v3] UefiPayloadPkg/UefiPayloadEntry: Improve bootloader
memrange parsing

Currently several DXE crash due to invalid memory resource settings.
The PciHostBridgeDxe which expects the MMCONF and PCI Aperature to be
EfiMemoryMappedIO, but currently those regions are (partly) mapped as
EfiReservedMemoryType.

coreboot and slimbootloader provide an e820 compatible memory map,
which doesn't work well with EDK2 as the e820 spec is missing MMIO regions.
In e820 'reserved' could either mean "DRAM used by boot firmware" or
"MMIO in use and not detectable by OS".

Guess Top of lower usable DRAM (TOLUD) by walking the bootloader
provided memory ranges. Memory types of RAM, ACPI and ACPI NVS below
4 GiB are used to increment TOLUD and reserved memory ranges touching
TOLUD at the base are also assumed to be reserved DRAM, which increment
TOLUD.

Then mark everything reserved below TOLUD as EfiReservedMemoryType
and everything reserved above TOLUD as EfiMemoryMappedIO.

This fixes assertions seen in PciHostBridgeDxe.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
.../UefiPayloadEntry/UefiPayloadEntry.c | 190 +++++++++++++++++-
.../UefiPayloadEntry/UefiPayloadEntry.h | 10 +
2 files changed, 197 insertions(+), 3 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
index 805f5448d9..04c58f776c 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c
@@ -7,10 +7,159 @@
#include "UefiPayloadEntry.h" +STATIC UINT32 mTopOfLowerUsableDram =
0;+ /** Callback function to build resource descriptor HOB This function
build a HOB based on the memory map entry info.+ It creates only
EFI_RESOURCE_MEMORY_MAPPED_IO and
EFI_RESOURCE_MEMORY_RESERVED+ resources.++ @param
MemoryMapEntry Memory map entry info got from bootloader.+
@param Params A pointer to ACPI_BOARD_INFO.++ @retval
EFI_SUCCESS Successfully build a HOB.+ @retval
EFI_INVALID_PARAMETER Invalid parameter
provided.+**/+EFI_STATUS+MemInfoCallbackMmio (+ IN
MEMROY_MAP_ENTRY *MemoryMapEntry,+ IN VOID
*Params+ )+{+ EFI_PHYSICAL_ADDRESS Base;+ EFI_RESOURCE_TYPE
Type;+ UINT64 Size;+ EFI_RESOURCE_ATTRIBUTE_TYPE
Attribue;+ ACPI_BOARD_INFO *AcpiBoardInfo;++ AcpiBoardInfo =
(ACPI_BOARD_INFO *)Params;+ if (AcpiBoardInfo == NULL) {+ return
EFI_INVALID_PARAMETER;+ }++ //+ // Skip types already handled in
MemInfoCallback+ //+ if (MemoryMapEntry->Type == E820_RAM ||
MemoryMapEntry->Type == E820_ACPI) {+ return EFI_SUCCESS;+ }++ if
(MemoryMapEntry->Base == AcpiBoardInfo->PcieBaseAddress) {+ //+ //
MMCONF is always MMIO+ //+ Type =
EFI_RESOURCE_MEMORY_MAPPED_IO;+ } else if (MemoryMapEntry->Base
< mTopOfLowerUsableDram) {+ //+ // It's in DRAM and thus must be
reserved+ //+ Type = EFI_RESOURCE_MEMORY_RESERVED;+ } else if
((MemoryMapEntry->Base < 0x100000000ULL) && (MemoryMapEntry-
Base >= mTopOfLowerUsableDram)) {+ //+ // It's not in DRAM, must be
MMIO+ //+ Type = EFI_RESOURCE_MEMORY_MAPPED_IO;+ } else {+
Type = EFI_RESOURCE_MEMORY_RESERVED;+ }++ Base =
MemoryMapEntry->Base;+ Size = MemoryMapEntry->Size;++ Attribue =
EFI_RESOURCE_ATTRIBUTE_PRESENT |+
EFI_RESOURCE_ATTRIBUTE_INITIALIZED |+
EFI_RESOURCE_ATTRIBUTE_TESTED |+
EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |+
EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |+
EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |+
EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE;++
BuildResourceDescriptorHob (Type, Attribue, (EFI_PHYSICAL_ADDRESS)Base,
Size);+ DEBUG ((DEBUG_INFO , "buildhob: base = 0x%lx, size = 0x%lx, type =
0x%x\n", Base, Size, Type));++ if (MemoryMapEntry->Type ==
E820_UNUSABLE ||+ MemoryMapEntry->Type == E820_DISABLED) {+
BuildMemoryAllocationHob (Base, Size, EfiUnusableMemory);+ } else if
(MemoryMapEntry->Type == E820_PMEM) {+ BuildMemoryAllocationHob
(Base, Size, EfiPersistentMemory);+ }++ return EFI_SUCCESS;+}+++/**+
Callback function to find TOLUD (Top of Lower Usable DRAM)++ Estimate
where TOLUD (Top of Lower Usable DRAM) resides. The exact position+
would require platform specific code.++ @param MemoryMapEntry
Memory map entry info got from bootloader.+ @param Params Not
used for now.++ @retval EFI_SUCCESS Successfully updated
mTopOfLowerUsableDram.+**/+EFI_STATUS+FindToludCallback (+ IN
MEMROY_MAP_ENTRY *MemoryMapEntry,+ IN VOID
*Params+ )+{+ //+ // This code assumes that the memory map on this x86
machine below 4GiB is continous+ // until TOLUD. In addition it assumes that
the bootloader provided memory tables have+ // no "holes" and thus the
first memory range not covered by e820 marks the end of+ // usable DRAM.
In addition it's assumed that every reserved memory region touching+ //
usable RAM is also covering DRAM, everything else that is marked reserved
thus must be+ // MMIO not detectable by bootloader/OS+ //++ //+ // Skip
memory types not RAM or reserved+ //+ if ((MemoryMapEntry->Type ==
E820_UNUSABLE) || (MemoryMapEntry->Type == E820_DISABLED) ||+
(MemoryMapEntry->Type == E820_PMEM)) {+ return EFI_SUCCESS;+ }++
//+ // Skip resources above 4GiB+ //+ if ((MemoryMapEntry->Base +
MemoryMapEntry->Size) > 0x100000000ULL) {+ return EFI_SUCCESS;+ }++
if ((MemoryMapEntry->Type == E820_RAM) || (MemoryMapEntry->Type ==
E820_ACPI) ||+ (MemoryMapEntry->Type == E820_NVS)) {+ //+ // It's
usable DRAM. Update TOLUD.+ //+ if (mTopOfLowerUsableDram <
(MemoryMapEntry->Base + MemoryMapEntry->Size)) {+
mTopOfLowerUsableDram = (UINT32)(MemoryMapEntry->Base +
MemoryMapEntry->Size);+ }+ } else {+ //+ // It might be 'reserved
DRAM' or 'MMIO'.+ //+ // If it touches usable DRAM at Base assume it's
DRAM as well,+ // as it could be bootloader installed tables, TSEG, GTT, ...+
//+ if (mTopOfLowerUsableDram == MemoryMapEntry->Base) {+
mTopOfLowerUsableDram = (UINT32)(MemoryMapEntry->Base +
MemoryMapEntry->Size);+ }+ }++ return EFI_SUCCESS;+}+++/**+
Callback function to build resource descriptor HOB++ This function build a
HOB based on the memory map entry info.+ Only add
EFI_RESOURCE_SYSTEM_MEMORY. @param MemoryMapEntry
Memory map entry info got from bootloader. @param Params Not
used for now.@@ -28,7 +177,16 @@ MemInfoCallback (
UINT64 Size; EFI_RESOURCE_ATTRIBUTE_TYPE Attribue; - Type
= (MemoryMapEntry->Type == 1) ? EFI_RESOURCE_SYSTEM_MEMORY :
EFI_RESOURCE_MEMORY_RESERVED;+ //+ // Skip everything not known to
be usable DRAM.+ // It will be added later.+ //+ if ((MemoryMapEntry-
Type != E820_RAM) && (MemoryMapEntry->Type != E820_ACPI) &&+
(MemoryMapEntry->Type != E820_NVS)) {+ return
RETURN_SUCCESS;+ }++ Type = EFI_RESOURCE_SYSTEM_MEMORY; Base
= MemoryMapEntry->Base; Size = MemoryMapEntry->Size; @@ -40,7
+198,7 @@ MemInfoCallback (
EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |
EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE; - if (Base >=
BASE_4GB ) {+ if (Base >= BASE_4GB) { // Remove tested attribute to
avoid DXE core to dispatch driver to memory above 4GB Attribue &=
~EFI_RESOURCE_ATTRIBUTE_TESTED; }@@ -48,6 +206,12 @@
MemInfoCallback (
BuildResourceDescriptorHob (Type, Attribue,
(EFI_PHYSICAL_ADDRESS)Base, Size); DEBUG ((DEBUG_INFO , "buildhob:
base = 0x%lx, size = 0x%lx, type = 0x%x\n", Base, Size, Type)); + if
(MemoryMapEntry->Type == E820_ACPI) {+ BuildMemoryAllocationHob
(Base, Size, EfiACPIReclaimMemory);+ } else if (MemoryMapEntry->Type ==
E820_NVS) {+ BuildMemoryAllocationHob (Base, Size,
EfiACPIMemoryNVS);+ }+ return RETURN_SUCCESS; } @@ -236,8 +400,19
@@ BuildHobFromBl (
EFI_PEI_GRAPHICS_DEVICE_INFO_HOB *NewGfxDeviceInfo; //- // Parse
memory info and build memory HOBs+ // First find TOLUD+ //+ DEBUG
((DEBUG_INFO , "Guessing Top of Lower Usable DRAM:\n"));+ Status =
ParseMemoryInfo (FindToludCallback, NULL);+ if (EFI_ERROR(Status)) {+
return Status;+ }+ DEBUG ((DEBUG_INFO , "Assuming TOLUD = 0x%x\n",
mTopOfLowerUsableDram));++ //+ // Parse memory info and build memory
HOBs for Usable RAM //+ DEBUG ((DEBUG_INFO , "Building
ResourceDescriptorHobs for usable memory:\n")); Status =
ParseMemoryInfo (MemInfoCallback, NULL); if (EFI_ERROR(Status))
{ return Status;@@ -289,6 +464,15 @@ BuildHobFromBl (
DEBUG ((DEBUG_INFO, "Create acpi board info guid hob\n")); } + //+ //
Parse memory info and build memory HOBs for reserved DRAM and MMIO+
//+ DEBUG ((DEBUG_INFO , "Building ResourceDescriptorHobs for reserved
memory:\n"));+ Status = ParseMemoryInfo (MemInfoCallbackMmio,
&AcpiBoardInfo);+ if (EFI_ERROR(Status)) {+ return Status;+ }+ // //
Parse platform specific information. //diff --git
a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
index 2c84d6ed53..4fd50e47cd 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
@@ -38,6 +38,16 @@
#define GET_OCCUPIED_SIZE(ActualSize, Alignment) \ ((ActualSize) +
(((Alignment) - ((ActualSize) & ((Alignment) - 1))) & ((Alignment) - 1)))
++#define E820_RAM 1+#define E820_RESERVED 2+#define E820_ACPI
3+#define E820_NVS 4+#define E820_UNUSABLE 5+#define
E820_DISABLED 6+#define E820_PMEM 7+#define E820_UNDEFINED 8+
/** Auto-generated function that calls the library constructors for all of the
module's dependent libraries.--
2.30.2


[PATCH v4 4/4] OvmfPkg/PlatformDxe: Add support for SEV live migration.

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

Detect for KVM hypervisor and check for SEV live migration
feature support via KVM_FEATURE_CPUID, if detected setup a new
UEFI enviroment variable to indicate OVMF support for SEV
live migration.

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
OvmfPkg/Include/Guid/MemEncryptLib.h | 20 ++++
OvmfPkg/OvmfPkg.dec | 1 +
OvmfPkg/PlatformDxe/AmdSev.c | 108 ++++++++++++++++++++
OvmfPkg/PlatformDxe/Platform.c | 5 +
OvmfPkg/PlatformDxe/Platform.inf | 2 +
OvmfPkg/PlatformDxe/PlatformConfig.h | 5 +
6 files changed, 141 insertions(+)

diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/MemEncryptLib.h
new file mode 100644
index 0000000000..4c046ba439
--- /dev/null
+++ b/OvmfPkg/Include/Guid/MemEncryptLib.h
@@ -0,0 +1,20 @@
+/** @file
+
+ AMD Memory Encryption GUID, define a new GUID for defining
+ new UEFI enviroment variables assocaiated with SEV Memory Encryption.
+
+ Copyright (c) 2020, AMD Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __MEMENCRYPT_LIB_H__
+#define __MEMENCRYPT_LIB_H__
+
+#define MEMENCRYPT_GUID \
+{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}
+
+extern EFI_GUID gMemEncryptGuid;
+
+#endif
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e3..e452dc8494 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -122,6 +122,7 @@
gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
+ gMemEncryptGuid = {0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}}

[Ppis]
# PPI whose presence in the PPI database signals that the TPM base address
diff --git a/OvmfPkg/PlatformDxe/AmdSev.c b/OvmfPkg/PlatformDxe/AmdSev.c
new file mode 100644
index 0000000000..3dbf17a8cd
--- /dev/null
+++ b/OvmfPkg/PlatformDxe/AmdSev.c
@@ -0,0 +1,108 @@
+/**@file
+ Detect KVM hypervisor support for SEV live migration and if
+ detected, setup a new UEFI enviroment variable indicating
+ OVMF support for SEV live migration.
+
+ Copyright (c) 2020, Advanced Micro Devices. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+//
+// The package level header files this module uses
+//
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Guid/MemEncryptLib.h>
+
+#define KVM_FEATURE_MIGRATION_CONTROL 17
+
+/**
+ Figures out if we are running inside KVM HVM and
+ KVM HVM supports SEV Live Migration feature.
+
+ @retval TRUE KVM was detected and Live Migration supported
+ @retval FALSE KVM was not detected or Live Migration not supported
+
+**/
+BOOLEAN
+KvmDetectSevLiveMigrationFeature(
+ VOID
+ )
+{
+ UINT8 Signature[13];
+ UINT32 mKvmLeaf = 0;
+ UINT32 RegEax, RegEbx, RegEcx, RegEdx;
+
+ Signature[12] = '\0';
+ for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) {
+ AsmCpuid (mKvmLeaf,
+ NULL,
+ (UINT32 *) &Signature[0],
+ (UINT32 *) &Signature[4],
+ (UINT32 *) &Signature[8]);
+
+ if (!AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0")) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: KVM Detected, signature = %s\n",
+ __FUNCTION__,
+ Signature
+ ));
+
+ RegEax = 0x40000001;
+ RegEcx = 0;
+ AsmCpuid (0x40000001, &RegEax, &RegEbx, &RegEcx, &RegEdx);
+ if (RegEax & (1 << KVM_FEATURE_MIGRATION_CONTROL)) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Live Migration feature supported\n",
+ __FUNCTION__
+ ));
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+
+ Function checks if SEV Live Migration support is available, if present then it sets
+ a UEFI enviroment variable to be queried later using Runtime services.
+
+ **/
+VOID
+AmdSevSetConfig(
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ BOOLEAN SevLiveMigrationEnabled;
+
+ SevLiveMigrationEnabled = KvmDetectSevLiveMigrationFeature();
+
+ if (SevLiveMigrationEnabled) {
+ Status = gRT->SetVariable (
+ L"SevLiveMigrationEnabled",
+ &gMemEncryptGuid,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof (BOOLEAN),
+ &SevLiveMigrationEnabled
+ );
+
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n",
+ __FUNCTION__,
+ Status
+ ));
+ }
+}
diff --git a/OvmfPkg/PlatformDxe/Platform.c b/OvmfPkg/PlatformDxe/Platform.c
index f2e51960ce..f61302d98b 100644
--- a/OvmfPkg/PlatformDxe/Platform.c
+++ b/OvmfPkg/PlatformDxe/Platform.c
@@ -763,6 +763,11 @@ PlatformInit (
{
EFI_STATUS Status;

+ //
+ // Set Amd Sev configuation
+ //
+ AmdSevSetConfig();
+
ExecutePlatformConfig ();

mConfigAccess.ExtractConfig = &ExtractConfig;
diff --git a/OvmfPkg/PlatformDxe/Platform.inf b/OvmfPkg/PlatformDxe/Platform.inf
index 14727c1220..2896f0a1d1 100644
--- a/OvmfPkg/PlatformDxe/Platform.inf
+++ b/OvmfPkg/PlatformDxe/Platform.inf
@@ -24,6 +24,7 @@
PlatformConfig.c
PlatformConfig.h
PlatformForms.vfr
+ AmdSev.c

[Packages]
MdePkg/MdePkg.dec
@@ -56,6 +57,7 @@
[Guids]
gEfiIfrTianoGuid
gOvmfPlatformConfigGuid
+ gMemEncryptGuid

[Depex]
gEfiHiiConfigRoutingProtocolGuid AND
diff --git a/OvmfPkg/PlatformDxe/PlatformConfig.h b/OvmfPkg/PlatformDxe/PlatformConfig.h
index 716514da21..4f662aafa4 100644
--- a/OvmfPkg/PlatformDxe/PlatformConfig.h
+++ b/OvmfPkg/PlatformDxe/PlatformConfig.h
@@ -44,6 +44,11 @@ PlatformConfigLoad (
OUT UINT64 *OptionalElements
);

+VOID
+AmdSevSetConfig(
+ VOID
+ );
+
//
// Feature flags for OptionalElements.
//
--
2.17.1


[PATCH v4 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor page status tracking.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
OvmfPkg/PlatformPei/AmdSev.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022..3f642ecb06 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -15,6 +15,7 @@
#include <Library/HobLib.h>
#include <Library/MemEncryptSevLib.h>
#include <Library/MemoryAllocationLib.h>
+#include <Library/MemEncryptHypercallLib.h>
#include <Library/PcdLib.h>
#include <PiPei.h>
#include <Register/Amd/Msr.h>
@@ -52,6 +53,15 @@ AmdSevEsInitialize (
PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
ASSERT_RETURN_ERROR (PcdStatus);

+ //
+ // GHCB_BASE setup during reset-vector needs to be marked as
+ // decrypted in the hypervisor page encryption bitmap.
+ //
+ SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),
+ EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
+ KVM_MAP_GPA_RANGE_DECRYPTED
+ );
+
//
// Allocate GHCB and per-CPU variable pages.
// Since the pages must survive across the UEFI to OS transition
--
2.17.1


[PATCH v4 2/4] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall

Ashish Kalra
 

From: Brijesh Singh <brijesh.singh@amd.com>

By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest live migration, guest page migration and guest debugging.

Invoke hypercall via the new hypercall library.

This hypercall is used to notify hypervisor when a page is marked as
'decrypted' (i.e C-bit removed).

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 22 ++++++++++++++++++++
3 files changed, 24 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index f2e162d680..aefcd7c0f7 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -49,6 +49,7 @@
DebugLib
MemoryAllocationLib
PcdLib
+ MemEncryptHypercallLib

[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 03a78c32df..7503f56a0b 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -49,6 +49,7 @@
DebugLib
MemoryAllocationLib
PcdLib
+ MemEncryptHypercallLib

[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index c696745f9d..12b3a9fcfb 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -15,6 +15,7 @@
#include <Library/MemEncryptSevLib.h>
#include <Register/Amd/Cpuid.h>
#include <Register/Cpuid.h>
+#include <Library/MemEncryptHypercallLib.h>

#include "VirtualMemory.h"

@@ -585,6 +586,9 @@ SetMemoryEncDec (
UINT64 AddressEncMask;
BOOLEAN IsWpEnabled;
RETURN_STATUS Status;
+ UINTN Size;
+ BOOLEAN CBitChanged;
+ PHYSICAL_ADDRESS OrigPhysicalAddress;

//
// Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
@@ -636,6 +640,10 @@ SetMemoryEncDec (

Status = EFI_SUCCESS;

+ Size = Length;
+ CBitChanged = FALSE;
+ OrigPhysicalAddress = PhysicalAddress;
+
while (Length != 0)
{
//
@@ -695,6 +703,7 @@ SetMemoryEncDec (
));
PhysicalAddress += BIT30;
Length -= BIT30;
+ CBitChanged = TRUE;
} else {
//
// We must split the page
@@ -749,6 +758,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
PhysicalAddress += BIT21;
Length -= BIT21;
+ CBitChanged = TRUE;
} else {
//
// We must split up this page into 4K pages
@@ -791,6 +801,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageTableEntry->Uint64, Mode);
PhysicalAddress += EFI_PAGE_SIZE;
Length -= EFI_PAGE_SIZE;
+ CBitChanged = TRUE;
}
}
}
@@ -808,6 +819,17 @@ SetMemoryEncDec (
//
CpuFlushTlb();

+ //
+ // Notify Hypervisor on C-bit status
+ //
+ if (CBitChanged) {
+ SetMemoryEncDecHypercall3 (
+ OrigPhysicalAddress,
+ EFI_SIZE_TO_PAGES(Size),
+ KVM_MAP_GPA_RANGE_ENC_STAT(!Mode)
+ );
+ }
+
Done:
//
// Restore page table write protection, if any.
--
2.17.1


[PATCH v4 1/4] OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls.

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

Add SEV and SEV-ES hypercall abstraction library to support SEV Page
encryption/deceryption status hypercalls for SEV and SEV-ES guests.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
Maintainers.txt | 2 +
OvmfPkg/Include/Library/MemEncryptHypercallLib.h | 43 ++++++++
OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c | 37 +++++++
OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf | 42 ++++++++
OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm | 28 ++++++
OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c | 105 ++++++++++++++++++++
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfXen.dsc | 1 +
10 files changed, 261 insertions(+)

diff --git a/Maintainers.txt b/Maintainers.txt
index ea54e0b7e9..8ecc8464ba 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -449,8 +449,10 @@ F: OvmfPkg/AmdSev/
F: OvmfPkg/AmdSevDxe/
F: OvmfPkg/Include/Guid/ConfidentialComputingSecret.h
F: OvmfPkg/Include/Library/MemEncryptSevLib.h
+F: OvmfPkg/Include/Library/MemEncryptHypercallLib.h
F: OvmfPkg/IoMmuDxe/AmdSevIoMmu.*
F: OvmfPkg/Library/BaseMemEncryptSevLib/
+F: OvmfPkg/Library/MemEncryptHypercallLib/
F: OvmfPkg/Library/PlatformBootManagerLibGrub/
F: OvmfPkg/Library/VmgExitLib/
F: OvmfPkg/PlatformPei/AmdSev.c
diff --git a/OvmfPkg/Include/Library/MemEncryptHypercallLib.h b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h
new file mode 100644
index 0000000000..b241a189b6
--- /dev/null
+++ b/OvmfPkg/Include/Library/MemEncryptHypercallLib.h
@@ -0,0 +1,43 @@
+/** @file
+
+ Define Secure Encrypted Virtualization (SEV) hypercall library.
+
+ Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _MEM_ENCRYPT_HYPERCALL_LIB_H_
+#define _MEM_ENCRYPT_HYPERCALL_LIB_H_
+
+#include <Base.h>
+
+#define KVM_HC_MAP_GPA_RANGE 12
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_4K 0
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_2M (1 << 0)
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_1G (1 << 1)
+#define KVM_MAP_GPA_RANGE_ENC_STAT(n) ((n) << 4)
+#define KVM_MAP_GPA_RANGE_ENCRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(1)
+#define KVM_MAP_GPA_RANGE_DECRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(0)
+
+/**
+ This hyercall is used to notify hypervisor when a page is marked as
+ 'decrypted' (i.e C-bit removed).
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region.
+ @param[in] Length The length of memory region
+ @param[in] Mode SetCBit or ClearCBit
+
+**/
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN UINTN PhysicalAddress,
+ IN UINTN Length,
+ IN UINTN Mode
+ );
+
+#endif
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c b/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c
new file mode 100644
index 0000000000..2e73d47ee6
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c
@@ -0,0 +1,37 @@
+/** @file
+
+ Secure Encrypted Virtualization (SEV) hypercall helper library
+
+ Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Uefi/UefiBaseType.h>
+#include <Library/BaseLib.h>
+
+/**
+ This hyercall is used to notify hypervisor when a page is marked as
+ 'decrypted' (i.e C-bit removed).
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region.
+ @param[in] Length The length of memory region
+ @param[in] Mode SetCBit or ClearCBit
+
+**/
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN PHYSICAL_ADDRESS PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Mode
+ )
+{
+ //
+ // Memory encryption bit is not accessible in 32-bit mode
+ //
+}
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
new file mode 100644
index 0000000000..a77d58a7e6
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
@@ -0,0 +1,42 @@
+## @file
+# Library provides the hypervisor helper functions for SEV guest
+#
+# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 1.25
+ BASE_NAME = MemEncryptHypercallLib
+ FILE_GUID = 86f2501e-f128-45f3-91c4-3cff31656ca8
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = MemEncryptHypercallLib
+
+#
+# The following information is for reference only and not required by the build
+# tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Packages]
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ UefiCpuPkg/UefiCpuPkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[Sources.X64]
+ X64/MemEncryptHypercallLib.c
+ X64/AsmHelperStub.nasm
+
+[Sources.IA32]
+ Ia32/MemEncryptHypercallLib.c
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
+ VmgExitLib
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm
new file mode 100644
index 0000000000..f29b96f9b0
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm
@@ -0,0 +1,28 @@
+DEFAULT REL
+SECTION .text
+
+; VOID
+; EFIAPI
+; SetMemoryEncDecHypercall3AsmStub (
+; IN UINT HypercallNum,
+; IN INTN Arg1,
+; IN INTN Arg2,
+; IN INTN Arg3
+; );
+global ASM_PFX(SetMemoryEncDecHypercall3AsmStub)
+ASM_PFX(SetMemoryEncDecHypercall3AsmStub):
+ ; UEFI calling conventions require RBX to
+ ; be nonvolatile/callee-saved.
+ push rbx
+ ; Copy HypercallNumber to rax
+ mov rax, rcx
+ ; Copy Arg1 to the register expected by KVM
+ mov rbx, rdx
+ ; Copy Arg2 to register expected by KVM
+ mov rcx, r8
+ ; Copy Arg2 to register expected by KVM
+ mov rdx, r9
+ ; Call VMMCALL
+ vmmcall
+ pop rbx
+ ret
diff --git a/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c b/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c
new file mode 100644
index 0000000000..1c09ea012b
--- /dev/null
+++ b/OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c
@@ -0,0 +1,105 @@
+/** @file
+
+ Secure Encrypted Virtualization (SEV) hypercall helper library
+
+ Copyright (c) 2020, AMD Incorporated. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Uefi/UefiBaseType.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/VmgExitLib.h>
+#include <Register/Amd/Ghcb.h>
+#include <Register/Amd/Msr.h>
+#include <Library/MemEncryptSevLib.h>
+#include <Library/MemEncryptHypercallLib.h>
+
+//
+// Interface exposed by the ASM implementation of the core hypercall
+//
+//
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3AsmStub (
+ IN UINTN HypercallNum,
+ IN UINTN PhysicalAddress,
+ IN UINTN Length,
+ IN UINTN Mode
+ );
+
+STATIC
+VOID
+GhcbSetRegValid (
+ IN OUT GHCB *Ghcb,
+ IN GHCB_REGISTER Reg
+ )
+{
+ UINT32 RegIndex;
+ UINT32 RegBit;
+
+ RegIndex = Reg / 8;
+ RegBit = Reg & 0x07;
+
+ Ghcb->SaveArea.ValidBitmap[RegIndex] |= (1 << RegBit);
+}
+
+/**
+ This hyercall is used to notify hypervisor when a page is marked as
+ 'decrypted' (i.e C-bit removed).
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region.
+ @param[in] Length The length of memory region
+ @param[in] Mode SetCBit or ClearCBit
+
+**/
+
+VOID
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN PHYSICAL_ADDRESS PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Mode
+ )
+{
+ if (MemEncryptSevEsIsEnabled ()) {
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ GHCB *Ghcb;
+ BOOLEAN InterruptState;
+ UINT64 Status;
+
+ Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+ Ghcb = Msr.Ghcb;
+
+ VmgInit (Ghcb, &InterruptState);
+
+ Ghcb->SaveArea.Rax = KVM_HC_MAP_GPA_RANGE;
+ GhcbSetRegValid (Ghcb, GhcbRax);
+ Ghcb->SaveArea.Rbx = PhysicalAddress;
+ GhcbSetRegValid (Ghcb, GhcbRbx);
+ Ghcb->SaveArea.Rcx = Pages;
+ GhcbSetRegValid (Ghcb, GhcbRcx);
+ Ghcb->SaveArea.Rdx = Mode;
+ GhcbSetRegValid (Ghcb, GhcbRdx);
+ Ghcb->SaveArea.Cpl = AsmReadCs() & 0x3;
+ GhcbSetRegValid (Ghcb, GhcbCpl);
+
+ Status = VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0);
+ if (Status) {
+ DEBUG ((DEBUG_ERROR, "SVM_EXIT_VMMCALL failed %lx\n", Status));
+ }
+ VmgDone (Ghcb, InterruptState);
+ } else {
+ SetMemoryEncDecHypercall3AsmStub (
+ KVM_HC_MAP_GPA_RANGE,
+ PhysicalAddress,
+ Pages,
+ Mode
+ );
+ }
+}
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f53efeae79..36f1d82ce7 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -176,6 +176,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3662e17f2..2a743688b4 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -180,6 +180,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a9058..eb9da51a15 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -180,6 +180,7 @@
VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 3c1ca6bfd4..de0c052832 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -167,6 +167,7 @@
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+ MemEncryptHypercallLib|OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
--
2.17.1


[PATCH v4 0/4] SEV Live Migration support for OVMF.

Ashish Kalra
 

From: Ashish Kalra <ashish.kalra@amd.com>

By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest live migration, guest page migration and guest debugging.

The patch-set adds a new SEV and SEV-ES hypercall abstraction
library to support SEV Page encryption/decryption status hypercalls
for SEV and SEV-ES guests.

BaseMemEncryptSevLib invokes hypercalls via this new hypercall library.

The patch-set detects if it is running under KVM hypervisor and then
checks for SEV live migration feature support via KVM_FEATURE_CPUID,
if detected setup a new UEFI enviroment variable to indicate OVMF
support for SEV live migration.

A branch containing these patches is available here:
https://github.com/ashkalra/edk2/tree/sev_live_migration_v4

Changes since v3:
- Fix all DSC files under OvmfPkg except X64 to add support for
BaseMemEncryptLib and add NULL instance of BaseMemEncryptLib
for 32 bit platforms.
- Add the MemEncryptHypercallLib-related files to Maintainers.txt,
in section "OvmfPkg: Confidential Computing".
- Add support for the new KVM_HC_MAP_GPA_RANGE hypercall interface.
- Add patch for SEV live migration support.

Changes since v2:
- GHCB_BASE setup during reset-vector as decrypted is marked explicitly
in the hypervisor page encryption bitmap after setting the
PcdSevEsIsEnabled PCD.

Changes since v1:
- Mark GHCB_BASE setup during reset-vector as decrypted explicitly in
the hypervisor page encryption bitmap.
- Resending the series with correct shallow threading.

Ashish Kalra (3):
OvmfPkg/MemEncryptHypercallLib: add library to support SEV hypercalls.
OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall
OvmfPkg/PlatformDxe: Add support for SEV live migration.

Brijesh Singh (1):
OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall

Maintainers.txt | 2 +
OvmfPkg/Include/Guid/MemEncryptLib.h | 20 ++++
.../Include/Library/MemEncryptHypercallLib.h | 43 +++++++
.../DxeMemEncryptSevLib.inf | 1 +
.../PeiMemEncryptSevLib.inf | 1 +
.../X64/PeiDxeVirtualMemory.c | 22 ++++
.../Ia32/MemEncryptHypercallLib.c | 37 ++++++
.../MemEncryptHypercallLib.inf | 42 +++++++
.../X64/AsmHelperStub.nasm | 28 +++++
.../X64/MemEncryptHypercallLib.c | 105 +++++++++++++++++
OvmfPkg/OvmfPkg.dec | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfXen.dsc | 1 +
OvmfPkg/PlatformDxe/AmdSev.c | 108 ++++++++++++++++++
OvmfPkg/PlatformDxe/Platform.c | 5 +
OvmfPkg/PlatformDxe/Platform.inf | 2 +
OvmfPkg/PlatformDxe/PlatformConfig.h | 5 +
OvmfPkg/PlatformPei/AmdSev.c | 10 ++
20 files changed, 436 insertions(+)
create mode 100644 OvmfPkg/Include/Guid/MemEncryptLib.h
create mode 100644 OvmfPkg/Include/Library/MemEncryptHypercallLib.h
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/Ia32/MemEncryptHypercallLib.c
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/MemEncryptHypercallLib.inf
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/AsmHelperStub.nasm
create mode 100644 OvmfPkg/Library/MemEncryptHypercallLib/X64/MemEncryptHypercallLib.c
create mode 100644 OvmfPkg/PlatformDxe/AmdSev.c

--
2.17.1


Re: [PATCH 02/12] MdeModulePkg: Add new structure for the Universal Payload Serial Port Info

Wu, Hao A
 

-----Original Message-----
From: Liu, Zhiguang <zhiguang.liu@intel.com>
Sent: Sunday, June 20, 2021 11:47 PM
To: devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
Ni, Ray <ray.ni@intel.com>
Subject: [PATCH 02/12] MdeModulePkg: Add new structure for the Universal
Payload Serial Port Info

Add Universal Payload Serial Port Info definition header file according to
Universal Payload's documentation as below:
https://universalpayload.github.io/documentation/

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
---
MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h | 30
++++++++++++++++++++++++++++++
MdeModulePkg/MdeModulePkg.dec | 3 +++
2 files changed, 33 insertions(+)

diff --git a/MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h
b/MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h
new file mode 100644
index 0000000000..87181f7634
--- /dev/null
+++ b/MdeModulePkg/Include/UniversalPayload/SerialPortInfo.h
@@ -0,0 +1,30 @@
+/** @file

+ This file defines the structure for serial port info.

+

+ Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>

+ SPDX-License-Identifier: BSD-2-Clause-Patent

+

+ @par Revision Reference:

+ - Universal Payload Specification 0.75
(https://universalpayload.github.io/documentation/)

+**/

+

+#ifndef UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_H_

+#define UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_H_

+

+#include <UniversalPayload/UniversalPayload.h>

+

+#pragma pack(1)

+typedef struct {

+ UNIVERSAL_PAYLOAD_GENERIC_HEADER Header;

+ BOOLEAN UseMmio;

+ UINT8 RegisterStride;

+ UINT32 BaudRate;

+ EFI_PHYSICAL_ADDRESS RegisterBase;

+} UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO;

+#pragma pack()

+

+#define UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_REVISION 1

+

+extern GUID gUniversalPayloadSerialPortInfoGuid;

+

+#endif // UNIVERSAL_PAYLOAD_SERIAL_PORT_INFO_H_

diff --git a/MdeModulePkg/MdeModulePkg.dec
b/MdeModulePkg/MdeModulePkg.dec
index 10602a8f79..ad84421cf3 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -422,6 +422,9 @@
## Include/UniversalPayload/ExtraData.h

gUniversalPayloadExtraDataGuid = {0x15a5baf6, 0x1c91, 0x467d, {0x9d, 0xfb,
0x31, 0x9d, 0x17, 0x8d, 0x4b, 0xb4}}



+ ## Include/UniversalPayload/SerialPortInfo.h

+ gUniversalPayloadSerialPortInfoGuid = { 0xaa7e190d, 0xbe21, 0x4409, { 0x8e,
0x67, 0xa2, 0xcd, 0xf, 0x61, 0xe1, 0x70 } }

Reviewed-by: Hao A Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu


+

[Ppis]

## Include/Ppi/AtaController.h

gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a,
0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}

--
2.16.2.windows.1


Re: [PATCH v2 1/8] MdePkg: Fix IORT header file include guard

Sami Mujawar
 

Hi Mike,

I agree the use of the include guard is not consistent across edk2 code and it may be better to fix them all at once. However, if we decide to use '#pragma once', then the edk2 coding standard specification would need to be updated first. Similarly, the ECC tool would also need to be updated.

I can drop this change for now. Please let me know how you wish to proceed.

Regards,

Sami Mujawar

On 17/06/2021, 19:19, "devel@edk2.groups.io on behalf of Michael D Kinney via groups.io" <devel@edk2.groups.io on behalf of michael.d.kinney=intel.com@groups.io> wrote:

Hi Sami,

The include guard pattern is present everywhere. No sure it makes sense to start fixing these one at a time.

The #pragma once may be a better long term solution and may improve build times slightly.

https://en.wikipedia.org/wiki/Pragma_once

Best regards,

Mike

-----Original Message-----
> From: Sami Mujawar <sami.mujawar@arm.com>
> Sent: Thursday, June 17, 2021 2:56 AM
> To: devel@edk2.groups.io
> Cc: Sami Mujawar <sami.mujawar@arm.com>; Alexei.Fedorov@arm.com; ardb+tianocore@kernel.org; Matteo.Carlini@arm.com;
> Ben.Adderson@arm.com; Kinney, Michael D <michael.d.kinney@intel.com>; gaoliming@byosoft.com.cn; Liu, Zhiguang
> <zhiguang.liu@intel.com>; Ni, Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>; nd@arm.com
> Subject: [PATCH v2 1/8] MdePkg: Fix IORT header file include guard
>
> According to section 5.3.5, EDK II C Coding Standards Specification
> (https://edk2-docs.gitbook.io/edk-ii-c-coding-standards-specification)
> the header file guard names must not be prefixed with underscores as
> they are reserved for compiler implementation.
>
> Therefore, fix the header file include guard as per the specification
> guidelines.
>
> Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
> ---
>
> Notes:
> v2:
> - No code change since v1. Re-sending with v2 series. [SAMI]
>
> MdePkg/Include/IndustryStandard/IoRemappingTable.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/MdePkg/Include/IndustryStandard/IoRemappingTable.h b/MdePkg/Include/IndustryStandard/IoRemappingTable.h
> index 90504e3a6715be7facc6450c6ff0e1eab92cd3c7..731217441438a00dd5ff0bedf2010598d48d6dbf 100644
> --- a/MdePkg/Include/IndustryStandard/IoRemappingTable.h
> +++ b/MdePkg/Include/IndustryStandard/IoRemappingTable.h
> @@ -9,8 +9,8 @@
> SPDX-License-Identifier: BSD-2-Clause-Patent
> **/
>
> -#ifndef __IO_REMAPPING_TABLE_H__
> -#define __IO_REMAPPING_TABLE_H__
> +#ifndef IO_REMAPPING_TABLE_H_
> +#define IO_REMAPPING_TABLE_H_
>
> #include <IndustryStandard/Acpi.h>
>
> --
> 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'

4041 - 4060 of 80786