On 7/6/21 3:54 AM, Dov Murik wrote:

From: James Bottomley <jejb@...>

Commit 96201ae7bf97 ("OvmfPkg/AmdSev/SecretDxe: make secret location
naming generic", 2020-12-15) replaced references to SEV with the generic
term Confidential Computing, but missed the file header comment. Fix
the naming in that header.

Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ashish Kalra <ashish.kalra@...>
Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Min Xu <min.m.xu@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Signed-off-by: James Bottomley <jejb@...>

Reviewed-by: Brijesh Singh <brijesh.singh@...>

thanks

Add maintainer and reviewer to RedfishClinetPkg.

Signed-off-by: Abner Chang <abner.chang@...>
Cc: Nickle Wang <nickle.wang@...>
Cc: Liming Gao <gaoliming@...>
Cc: Andrew Fish <afish@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
---
Maintainers.txt | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/Maintainers.txt b/Maintainers.txt
index e9dda5c5ca..55068c9140 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -519,6 +519,11 @@ F: RedfishPkg/
M: Abner Chang <abner.chang@...>
R: Nickle Wang <nickle.wang@...>

+RedfishClientPkg: Redfish Client related modules
+F: RedfishClientPkg/
+M: Abner Chang <abner.chang@...>
+R: Nickle Wang <nickle.wang@...>
+
SecurityPkg
F: SecurityPkg/
W: https://github.com/tianocore/tianocore.github.io/wiki/SecurityPkg
--
2.17.1

Initial commit of architecture diagrams and Readme.md

Signed-off-by: Abner Chang <abner.chang@...>
Cc: Nickle Wang <nickle.wang@...>
Cc: Liming Gao <gaoliming@...>
Cc: Andrew Fish <afish@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>
---
RedfishClientPkg/Readme.md | 180 +++++
.../Media/RedfishClientDriverStack.svg | 680 ++++++++++++++++++
2 files changed, 860 insertions(+)
create mode 100644 RedfishClientPkg/Readme.md
create mode 100644 RedfishClientPkg/Documents/Media/RedfishClientDriverStack.svg

diff --git a/RedfishClientPkg/Readme.md b/RedfishClientPkg/Readme.md
new file mode 100644
index 0000000000..ce8c2f9409
--- /dev/null
+++ b/RedfishClientPkg/Readme.md
@@ -0,0 +1,180 @@
+# UEFI Redfish Client EDK2 Implementation
+
+## Introduction
+UEFI Redfish Client EDK2 solution is implemented base on
+[*EDK2 Redfish Foundation*](https://github.com/tianocore/edk2/blob/master/RedfishPkg/Readme.md),
+the implementation utilizes the EFI protocols provided by EDK2 Redfish
+Foundation to communicate with the Redfish service for creating, consuming, and
+updating the Redfish properties which are managed by firmware. This solution
+requests the instance of **EFI REST EX Protocol** through EFI Redfish Discover
+Protocol and interacts with Redfish service using **EFI REST EX Protocol** later
+on. The essential part of this implementation is to map the EDK2 HII options to
+the corresponding Redfish properties that are already defined in the standard
+Redfish schemas published by
+[*DMTF Redfish working group*](https://www.dmtf.org/standards/redfish).
+The advantage of this design is to strengthen the interoperability among the
+servers produced by different OEMs when configuring the platform through Redfish
+service. Using the properties defined in Redfish standard schema for configuring
+platform reduces the overhead of Redfish client tools to have different
+implementations in order to compliant with OEM servers. The solution also
+reduces OEM-defined proprietary BIOS Attributes that lead to the divergence of
+platform configuration namings in Redfish BIOS Attribute Registry, however,
+those different namings refer to the same platform functionality.
+
+## The Scope of UEFI Redfish Client EDK2 Implementation
+- Platform Configurable settings
+
+This is the first stage of UEFI Redfish Client EDK2 Implementation. Associate
+Redfish property with HII option.
+
+- Provisioning of Firmware Managed Platform Redfish Resource
+
+The current design of UEFI Redfish Client EDK2 Implementation can already
+support the provisioning of firmware-owned platform Redfish resource, however,
+this requires addtional support on edk2 HII. Therefore, provisioning of
+firmware managed platform Redfish resource would be the second stage.
+
+Below are the block diagrams of UEFI Redfish Client EDK2 Implementation.
+
+## <a name="[0]">EDK2 Redfish Client Implementation Diagrams</a>
+
+
+## EFI EDK2 Redfish Client Framework
+The functionality of each block in the diagrams are described in belwo sections,
+
+### EDK2 Redfish Foundation ***[[1]](#[0])***
+EDK2 Redfish Redfish Foundation provides the facilities of communicating with
+Redfish service. Such as the discovery of Redfish service, the credential to access
+Redfish service, *EFI REST EX Protocol* instance which is the transport layer to
+Redfish service, and so on. Please refer to
+[*EDK2 Redfish Foundation*](https://github.com/tianocore/edk2/blob/master/RedfishPkg/Readme.md).
+
+### Redfish Profile Simulator ***[[2]](#[0])***
+Redfish Profile Simulator is an
+[*open source project*](https://github.com/DMTF/Redfish-Profile-Simulator) on DMTF
+GitHub, which simulates the HTTP request methods (POST, PATCH, PUT, GET) on Redfish
+resource maintained by Redfish Profile Simulator. EDK2 open source uses this
+simulator for the use case when Redfish service has not been set up on the platform,
+or for the quick Redfish firmware feature development. We clone this project under
+RedfishClientPkg and maintain it by edk2 because this project has currently been
+using and updating rarely. That is easier for edk2 to add features to the simulator
+or modify the simulator to align with edk2 requirement on Redfish service, such as
+ETAG and HTTP POST support. <br>
+Another open source project of Redfish simulator is
+[*Redfish Interface Emulator*](https://github.com/DMTF/Redfish-Interface-Emulator),
+however, we don't pay much attention to this project because we have been dedicating
+to Redfish Profile Simulator since we started the UEFI Redfish EDK2 project.
+
+### EDK2 Redfish JSON Schema to C Structure Convertor ***[[3]](#[0])***
+This is the script auto-generated EDK2 drivers and libraries that provide the Redfish
+schema naming based JSON to C structure and vise versa converters. C structure is
+another representation of Redfish properties other than JSON and CSDL(XML). The higher
+layer Redfish client application can deal with C structure instead of using JSON
+library to manipulate Redfish properties. The script
+[*Redfish Schema C Struct Generator*](https://github.com/DMTF/Redfish-Schema-C-Struct-Generator)
+is still a private project on DMTF GitHub. Below is the reference of script
+auto-generated [*Redfish JSON C Struct Converter Lib*](https://github.com/changab/Redfish-JSON-C-Struct-Converter-Lib)
+libraries. The converters generated by the script are followed
+**EFI REST JSON Structure Protocol** defined in UEFI spec 2.8, section 29.7.3.
+
+### EDK2 Redfish Non-Collection ***[[4]](#[0])*** and Collection ***[[5]](#[0])*** Feature Drivers
+EDK2 Redfish feature driver is an intermediary driver that sits between **JSON Schema
+to C Structure converters** and **EFI Platform Configuration to Redfish Protocol**. The
+Redfish feature driver gets and sets the platform configuration and incorporates it with
+Redfish JSON schema C structure to manipulate Redfish JSON resources. Then applies the
+settings from Redfish service to platform configurations, or vise versa to update platform
+configurations to Redfish service. Both EDK2 Redfish Non-Collection and Collection Feature
+drivers are script auto-generated base on Redfish schema naming. The EDK2 Redfish
+Non-Collection feature driver manages the resource of specific Resdifsh resource type,
+while the EDK2 Redfish Collection feature driver manages the members which have the same
+resource type in collection resource (e.g the ComputerSystem resource and
+ComputerSystemCollection resource).
+
+### EFI Platform Config to Redfish Protocol ***[[6]](#[0])***
+EFI Platform Config to Redfish Protocol is an abstract driver that abstracts the platform
+configuration format and storage from EDK2 Redfish Feature driver. This protocol provides
+the interfaces to get and set platform configuration that format and the storage to store
+configuration are agnostic to the feature driver. The platform can provide its own EFI
+Platform Config to Redfish driver to access platform-specific configuration format and
+storage. On EDK2 open source, EFI Platform Config to Redfish Protocol accesses the
+platform configuration in EDK2 HII defined format.
+
+Below is the prototype of **EFI_PLATFORM_CONFIG_TO_REDFISH_PROTOCOL**,
+
+```C
+struct _EDKII_PLATFORM_CONFIG_TO_REDFISH_PROTOCOL {
+ EDKII_REDFISH_PLATFORM_CONFIG_GET_VALUE GetValue;
+ EDKII_REDFISH_PLATFORM_CONFIG_SET_VALUE SetValue;
+ EDKII_REDFISH_PLATFORM_CONFIG_GET_CONFIG_LANG GetConfigureLang;
+ EDKII_REDFISH_PLATFORM_CONFIG_GET_SUPPORTED_SCHEMA GetSupportedSchema;
+};
+```
+
+### Other instances of EFI Platform Config to Redfish Protocol ***[[7]](#[0])***
+For those Non-EDK2 HII-based platform configuration formats, the driver instance can
+provide its own implementation to get or set the platform configurations.
+
+### EDK2 HII VFR Form ***[[8]](#[0])***
+According to **UEFI spec 2.9 section 35.6 Form Browser Protocol**,
+**EFI_HII_REST_STYLE_FORMSET_GUID** is used on HII form to indicate that HII options
+declared in this form intend to interact with the REST architectural style. On edk2
+open source, the REST architectural style refers to the Redfish service. Besides
+**EFI_HII_REST_STYLE_FORMSET_GUID** is defined in the form scope,
+**EFI_IFR_FLAG_REST_STYLE** can be assigned to the HII options that indicate those
+options intend to interact with the REST service.
+
+### EDK2 HII UNI file ***[[9]](#[0])***
+x-uefi-redfish Configure Language is used in UNI file to associate HII option with
+the particular Redfish property. The Hii options interact with EDK2 Redfish Feature
+driver if the string of HII option is assigned with x-uefi-redfish Language as
+in below,
+
+```C
+x-uefi-redfish-$(NAMESPACE)
+where $(NAMESPACE) is the combination of Redfish ResourceTypeName and schema version.
+```
+For example, if the HII option is mapped to the property in Processor.v1_0_0.
+The x-uefi-redfish configure language is declared as below,
+```C
+x-uefi-redfish-Processor.v1_0_0
+```
+#### x-uefi-redfish Configure Language format:
+- The string declared with x-uefi-redfish configure language is a path to the property
+in Redfish resource
+- The root of path is the Redfish resource type indicated in x-uefi-redfish configure
+language
+- The path is relative to root of Redfish resource type, not related to Redfish service
+- root.
+
+#### Examples,
+```C
+Properties:
+
+#string STR_BOOT_SOURCE_OVERRIDE_ENABLED_PROMPT #language x_uefi_redfish_ComputerSystem.v1_0_0 "/Boot/BootSourceOverrideEnabled"
+#string STR_BOOT_SOURCE_OVERRIDE_MODE_PROMPT #language x_uefi_redfish_ComputerSystem.v1_0_0 "/Boot/BootSourceOverrideMode"
+#string STR_BOOT_SOURCE_OVERRIDE_TARGET_PROMPT #language x_uefi_redfish_ComputerSystem.v1_0_0 "/Boot/BootSourceOverrideTarget"
+```
+```C
+Properties in array object [NUM]:
+
+#string STR_BOOT_ORDER_1_PROMPT #language x_uefi_redfish_ComputerSystem.v1_11_0 "/Boot/BootOrder/[1]/Boot0001"
+#string STR_BOOT_ORDER_2_PROMPT #language x_uefi_redfish_ComputerSystem.v1_11_0 "/Boot/BootOrder/[2]/Boot0002"
+#string STR_BOOT_ORDER_3_PROMPT #language x_uefi_redfish_ComputerSystem.v1_11_0 "/Boot/BootOrder/[3]/Boot0003"
+```
+```C
+Properties in collection object {NUM}:
+
+#string STR_MEMORY_1_BASE_MODULE_TYPE_PROMPT #language x_uefi_redfish_Memory.v1_7_1 "/Memory/{1}/BaseModuleType"
+#string STR_MEMORY_2_BASE_MODULE_TYPE_PROMPT #language x_uefi_redfish_Memory.v1_7_1 "/Memory/{2}/BaseModuleType"
+#string STR_MEMORY_3_BASE_MODULE_TYPE_PROMPT #language x_uefi_redfish_Memory.v1_7_1 "/Memory/{3}/BaseModuleType"
+```
+
+### EDK2 Build Tool ***[[10]](#[0])***
+EDK2 Build is responsible to pull the necessary EDK2 Redfish JSON Schema to C Structure
+Convertors and EDK2 Redfish Feature drivers into edk2 build process according to the
+x-uefi-Redfish config language used in the HII VFR forms.
+
+## The Contributors
+Chang, Abner <abner.chang@...>\
+Wang, Nickle <nickle.wang@...>\
+Chen, Aaron <aaron.chen@...>
diff --git a/RedfishClientPkg/Documents/Media/RedfishClientDriverStack.svg b/RedfishClientPkg/Documents/Media/RedfishClientDriverStack.svg
new file mode 100644
index 0000000000..eb59eb9992
--- /dev/null
+++ b/RedfishClientPkg/Documents/Media/RedfishClientDriverStack.svg
@@ -0,0 +1,680 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export RedfishClientDriverStack.svg Page-2 -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+ width="12.1281in" height="9.93872in" viewBox="0 0 873.222 715.588" xml:space="preserve" color-interpolation-filters="sRGB"
+ class="st68">
+ <style type="text/css">
+ <![CDATA[
+ .st1 {fill:#ffffff;stroke:none;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st2 {fill:#ebf1df;stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st3 {fill:#ff1a1a;stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st4 {fill:#ffffff;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+ .st5 {font-size:1em}
+ .st6 {fill:none;stroke:none;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st7 {fill:#000000;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+ .st8 {fill:#dbeef3;stroke:#d8d8d8;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st9 {fill:#ffffff;font-family:Calibri;font-size:1.08334em;font-weight:bold}
+ .st10 {visibility:visible}
+ .st11 {fill:none;filter:url(#filter_3.3333334922791);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:0.4}
+ .st12 {fill:none;stroke:#bfbfbf;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st13 {fill:#000000;font-family:Arial;font-size:1.99999em;font-style:italic;font-weight:bold}
+ .st14 {marker-end:url(#mrkr2-45);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.9}
+ .st15 {fill:#000000;fill-opacity:1;stroke:#000000;stroke-opacity:1;stroke-width:0.42986425339367}
+ .st16 {fill:#000000;stroke:none;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st17 {fill:#ffffff;font-family:Arial;font-size:1.33333em;font-weight:bold}
+ .st18 {fill:#ffffff;stroke:#595959;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st19 {fill:#7f7f7f;stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st20 {fill:#ffffff;font-family:Calibri;font-size:1.08334em}
+ .st21 {fill:#000000;stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st22 {fill:#000000;font-family:Calibri;font-size:0.833336em;font-weight:bold}
+ .st23 {marker-start:url(#mrkr10-112);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.25}
+ .st24 {fill:#000000;fill-opacity:1;stroke:#000000;stroke-opacity:1;stroke-width:0.40983606557377}
+ .st25 {fill:#ffffff;stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+ .st26 {fill:#000000;fill-opacity:0.4;filter:url(#filter_3.3333334922791);stroke:#000000;stroke-dasharray:10.5,7.5;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:0.4}
+ .st27 {fill:#0070c0;stroke:#003f6c;stroke-dasharray:10.5,7.5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st28 {fill:#000000;font-family:Calibri;font-size:1.00001em;font-style:italic;font-weight:bold}
+ .st29 {fill:#ffffff;stroke:#000000;stroke-dasharray:1.68,1.2;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.24}
+ .st30 {fill:#000000;font-family:Calibri;font-size:0.833336em}
+ .st31 {fill:#ffffff;stroke:#000000;stroke-dasharray:3.5,2.5;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.5}
+ .st32 {stroke:#7f7f7f;stroke-linecap:round;stroke-linejoin:round;stroke-width:4.5}
+ .st33 {fill:#000000;fill-opacity:0.38;filter:url(#filter_3.3333334922791);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:0.38}
+ .st34 {fill:#000000;fill-opacity:0.38;stroke:#000000;stroke-opacity:0.38;stroke-width:0.22935779816514}
+ .st35 {fill:#f2f2f2;stroke:#7f7f7f;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st36 {fill:#7f7f7f;fill-opacity:1;stroke:#7f7f7f;stroke-opacity:1;stroke-width:0.22935779816514}
+ .st37 {fill:#d8d8d8;stroke:#7f7f7f;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st38 {fill:#ffffff;stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.24}
+ .st39 {fill:#000000;fill-opacity:0.4;filter:url(#filter_3.3333334922791);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:0.4}
+ .st40 {fill:#0070c0;stroke:#003f6c;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st41 {fill:#ffffff;stroke:#000000;stroke-dasharray:9.5,2.5,3.5,2.5;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.5}
+ .st42 {fill:#ffffff;stroke:#000000;stroke-dasharray:3.5,2.5,3.5,2.5,0,2.5;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.5}
+ .st43 {marker-end:url(#mrkr4-212);marker-start:url(#mrkr4-210);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:2.25}
+ .st44 {fill:#000000;fill-opacity:1;stroke:#000000;stroke-opacity:1;stroke-width:0.47169811320755}
+ .st45 {fill:#ffffff;stroke:#7f7f7f;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+ .st46 {fill:#000000;font-family:Calibri;font-size:1.16666em;font-style:italic;font-weight:bold}
+ .st47 {font-family:Arial;font-size:0.571431em;font-style:normal;font-weight:normal}
+ .st48 {font-family:Arial;font-size:0.571431em;font-style:normal}
+ .st49 {fill:#ea700d;font-family:Arial;font-size:0.571431em;font-style:normal}
+ .st50 {fill:#ffffff;stroke:#7f7f7f;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.24}
+ .st51 {fill:#d8d8d8;font-family:Calibri;font-size:0.833336em;font-style:italic;font-weight:bold}
+ .st52 {font-size:1.20001em;font-style:normal;font-weight:normal}
+ .st53 {font-size:1em;font-style:normal;font-weight:normal}
+ .st54 {fill:#f59d56;font-size:1em;font-style:normal;font-weight:normal}
+ .st55 {marker-end:url(#mrkr2-350);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:2}
+ .st56 {fill:#000000;fill-opacity:1;stroke:#000000;stroke-opacity:1;stroke-width:0.44247787610619}
+ .st57 {marker-end:url(#mrkr2-383);marker-start:url(#mrkr2-381);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:0.75}
+ .st58 {fill:#000000;fill-opacity:1;stroke:#000000;stroke-opacity:1;stroke-width:0.22935779816514}
+ .st59 {fill:#000000;font-family:Calibri;font-size:0.75em;font-style:italic;font-weight:bold}
+ .st60 {fill:#000000;font-family:Calibri;font-size:0.75em;font-weight:bold}
+ .st61 {fill:#0070c0;stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.5}
+ .st62 {fill:#595959;stroke:none;stroke-linecap:butt;stroke-width:0.75}
+ .st63 {marker-start:url(#mrkr4-405);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.25}
+ .st64 {fill:#000000;fill-opacity:1;stroke:#000000;stroke-opacity:1;stroke-width:0.3315649867374}
+ .st65 {marker-end:url(#mrkr4-411);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.25}
+ .st66 {marker-end:url(#mrkr10-430);marker-start:url(#mrkr10-112);stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.25}
+ .st67 {stroke:#000000;stroke-linecap:round;stroke-linejoin:round;stroke-width:1.25}
+ .st68 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+ ]]>
+ </style>
+
+ <defs id="Markers">
+ <g id="lend2">
+ <path d="M 1 1 L 0 0 L 1 -1 L 1 1 " style="stroke:none"/>
+ </g>
+ <marker id="mrkr2-45" class="st15" refX="-2.1368421052632" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend2" transform="scale(-2.3263157894737,-2.3263157894737) "/>
+ </marker>
+ <g id="lend10">
+ <path
+ d="M 0 0.75 C -0.414214 0.75 -0.75 0.414214 -0.75 0 -0.75 -0.414214 -0.414214 -0.75 0 -0.75 0.414214 -0.75 0.75 -0.414214 0.75 0 0.75 0.414214 0.414214 0.75 0 0.75 Z "
+ style="stroke:none"/>
+ </g>
+ <marker id="mrkr10-112" class="st24" refX="1.542" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend10" transform="scale(2.44) "/>
+ </marker>
+ <g id="lend42">
+ <path
+ d="M 0 0.75 C -0.414214 0.75 -0.75 0.414214 -0.75 0 -0.75 -0.414214 -0.414214 -0.75 0 -0.75 0.414214 -0.75 0.75 -0.414214 0.75 0 0.75 0.414214 0.414214 0.75 0 0.75 Z "
+ style="stroke:none"/>
+ </g>
+ <marker id="mrkr42-163" class="st34" refX="3.27" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend42" transform="scale(4.36) "/>
+ </marker>
+ <marker id="mrkr42-167" class="st36" refX="3.27" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend42" transform="scale(4.36) "/>
+ </marker>
+ <g id="lend4">
+ <path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+ </g>
+ <marker id="mrkr4-210" class="st44" refX="4.08" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend4" transform="scale(2.12) "/>
+ </marker>
+ <marker id="mrkr4-212" class="st44" refX="-4.08" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend4" transform="scale(-2.12,-2.12) "/>
+ </marker>
+ <marker id="mrkr2-350" class="st56" refX="-2.08" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend2" transform="scale(-2.26,-2.26) "/>
+ </marker>
+ <marker id="mrkr2-381" class="st58" refX="3.88" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend2" transform="scale(4.36) "/>
+ </marker>
+ <marker id="mrkr2-383" class="st58" refX="-3.88" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend2" transform="scale(-4.36,-4.36) "/>
+ </marker>
+ <marker id="mrkr4-405" class="st64" refX="5.744" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend4" transform="scale(3.016) "/>
+ </marker>
+ <marker id="mrkr4-411" class="st64" refX="-6.032" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend4" transform="scale(-3.016,-3.016) "/>
+ </marker>
+ <marker id="mrkr10-430" class="st24" refX="-1.542" orient="auto" markerUnits="strokeWidth" overflow="visible">
+ <use xlink:href="#lend10" transform="scale(-2.44,-2.44) "/>
+ </marker>
+ </defs>
+ <defs id="Filters">
+ <filter id="filter_3.3333334922791">
+ <feGaussianBlur stdDeviation="3.3333334922791"/>
+ </filter>
+ </defs>
+ <g>
+ <title>VBackground-1</title>
+ <g id="shape1-1">
+ <title>Solid</title>
+ <rect x="0" y="0" width="873.222" height="715.588" class="st1"/>
+ </g>
+ </g>
+ <g>
+ <title>Page-2</title>
+ <g id="shape52-3" transform="translate(336.222,-197.713)">
+ <title>Rectangle.52</title>
+ <rect x="0" y="598.588" width="495" height="117" class="st2"/>
+ </g>
+ <g id="group5-5" transform="translate(772.722,-60.4625)">
+ <title>Can</title>
+ <desc>Redfish Service</desc>
+ <g id="shape6-6">
+ <title>Sheet.6</title>
+ <path d="M0 704.34 A26.4375 11.25 -180 1 0 52.88 704.34 L52.88 663.84 L0 663.84 L0 704.34 Z" class="st3"/>
+ </g>
+ <g id="shape5-8">
+ <ellipse cx="26.4375" cy="663.838" rx="26.4375" ry="11.25" class="st3"/>
+ <text x="7.83" y="693.59" class="st4">Redfish <tspan x="8.6" dy="1.2em" class="st5">Service</tspan></text> </g>
+ </g>
+ <g id="shape8-12" transform="translate(746.847,-24.4625)">
+ <title>Sheet.8</title>
+ <desc>Redfish Profile Simulator On Network</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="17.62" y="693.09" class="st7">Redfish Profile <tspan x="21.08" dy="1em" class="st5">Simulator On </tspan><tspan
+ x="32.24" dy="1em" class="st5">Network</tspan></text> </g>
+ <g id="shape10-17" transform="translate(408.222,-82.9625)">
+ <title>Sheet.10</title>
+ <desc>EFI REST EX</desc>
+ <rect x="0" y="679.588" width="261" height="36" class="st8"/>
+ <text x="99.8" y="700.84" class="st9">EFI REST EX </text> </g>
+ <g id="shape12-20" transform="translate(57.2224,-197.713)">
+ <title>Rectangle</title>
+ <rect x="0" y="598.588" width="234" height="117" class="st2"/>
+ </g>
+ <g id="shape13-22" transform="translate(30.2224,-24.4625)">
+ <title>Rounded Rectangle.76</title>
+ <g id="shadow13-23" transform="matrix(1.02,0,0,1.02,-6.84,-13.2318)" class="st10">
+ <path d="M9 715.59 L675 715.59 A8.99985 8.99985 -180 0 0 684 706.59 L684 616.59 A8.99985 8.99985 -180 0 0 675 607.59
+ L9 607.59 A8.99985 8.99985 -180 0 0 0 616.59 L0 706.59 A8.99985 8.99985 -180 0 0 9 715.59 Z"
+ class="st11"/>
+ </g>
+ <path d="M9 715.59 L675 715.59 A8.99985 8.99985 -180 0 0 684 706.59 L684 616.59 A8.99985 8.99985 -180 0 0 675 607.59
+ L9 607.59 A8.99985 8.99985 -180 0 0 0 616.59 L0 706.59 A8.99985 8.99985 -180 0 0 9 715.59 Z" class="st12"/>
+ </g>
+ <g id="shape16-27" transform="translate(75.2224,-82.9625)">
+ <title>Sheet.16</title>
+ <desc>EFI REST JSON to C Structure</desc>
+ <rect x="0" y="679.588" width="261" height="36" class="st8"/>
+ <text x="53.89" y="700.84" class="st9">EFI REST JSON to C Structure</text> </g>
+ <g id="shape17-30" transform="translate(408.222,-37.9625)">
+ <title>Sheet.17</title>
+ <desc>EFI Network Stack</desc>
+ <rect x="0" y="679.588" width="261" height="36" class="st8"/>
+ <text x="81.72" y="700.84" class="st9">EFI Network Stack</text> </g>
+ <g id="shape18-33" transform="translate(75.2224,-37.9625)">
+ <title>Sheet.18</title>
+ <desc>EFI Redfish Discover Protocl</desc>
+ <rect x="0" y="679.588" width="261" height="36" class="st8"/>
+ <text x="55.56" y="700.84" class="st9">EFI Redfish Discover Protocl</text> </g>
+ <g id="shape19-36" transform="translate(291.222,-51.4625)">
+ <title>Sheet.19</title>
+ <desc>EDKII Redfish Foundation</desc>
+ <rect x="0" y="670.588" width="184" height="45" class="st6"/>
+ <text x="12.66" y="685.89" class="st13">EDKII Redfish <tspan x="26.69" dy="1.2em" class="st5">Foundation</tspan></text> </g>
+ <g id="shape20-40" transform="translate(904.308,1335.5) rotate(-19.179) scale(1,-1)">
+ <title>Curve connect 1</title>
+ <path d="M0 715.59 A42.4531 42.4531 0 0 1 54.79 715.59 A42.4531 42.4531 -180 0 0 106.06 718.26 L106.35 718.04"
+ class="st14"/>
+ </g>
+ <g id="shape21-46" transform="translate(18.9724,-139.213)">
+ <title>Sheet.21</title>
+ <desc>EDKII Redfish Client</desc>
+ <rect x="0" y="211.588" width="24.75" height="504" class="st16"/>
+ <text x="-10.85" y="-540.93" writing-mode="tb-rl" transform="rotate(180)" class="st17">EDKII Redfish Client</text> </g>
+ <g id="shape24-49" transform="translate(111.222,-253.963)">
+ <title>Sheet.24</title>
+ <rect x="0" y="670.588" width="153" height="45" class="st18"/>
+ </g>
+ <g id="shape25-51" transform="translate(84.2224,-240.463)">
+ <title>Sheet.25</title>
+ <rect x="0" y="670.588" width="153" height="45" class="st18"/>
+ </g>
+ <g id="shape26-53" transform="translate(75.2224,-226.963)">
+ <title>Sheet.26</title>
+ <desc>Script-generated Redfish JSON schema to C Structure convertor</desc>
+ <rect x="0" y="670.588" width="153" height="45" class="st19"/>
+ <text x="11.2" y="683.34" class="st20">Script-generated Redfish <tspan x="29.22" dy="1em" class="st5">JSON schema to C </tspan><tspan
+ x="24.45" dy="1em" class="st5">Structure convertor</tspan></text> </g>
+ <g id="shape28-58" transform="translate(241.722,-267.463)">
+ <title>Sheet.28</title>
+ <ellipse cx="1.6875" cy="713.9" rx="1.6875" ry="1.6875" class="st21"/>
+ </g>
+ <g id="shape29-60" transform="translate(245.66,-272.525)">
+ <title>Sheet.29</title>
+ <ellipse cx="1.6875" cy="713.9" rx="1.6875" ry="1.6875" class="st21"/>
+ </g>
+ <g id="shape30-62" transform="translate(250.16,-277.588)">
+ <title>Sheet.30</title>
+ <ellipse cx="1.6875" cy="713.9" rx="1.6875" ry="1.6875" class="st21"/>
+ </g>
+ <g id="shape31-64" transform="translate(178.722,-204.463)">
+ <title>Sheet.31</title>
+ <desc>ComputerSystem</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="18.16" y="704.59" class="st22">ComputerSystem</text> </g>
+ <g id="shape32-67" transform="translate(201.222,-220.213)">
+ <title>Sheet.32</title>
+ <desc>BootOption</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="29.69" y="704.59" class="st22">BootOption</text> </g>
+ <g id="shape33-70" transform="translate(210.222,-233.713)">
+ <title>Sheet.33</title>
+ <desc>Memory</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="36.21" y="704.59" class="st22">Memory</text> </g>
+ <g id="shape34-73" transform="translate(385.722,-247.213)">
+ <title>Sheet.34</title>
+ <rect x="0" y="670.588" width="153" height="45" class="st18"/>
+ </g>
+ <g id="shape35-75" transform="translate(358.722,-233.713)">
+ <title>Sheet.35</title>
+ <rect x="0" y="670.588" width="153" height="45" class="st18"/>
+ </g>
+ <g id="shape36-77" transform="translate(349.722,-220.213)">
+ <title>Sheet.36</title>
+ <desc>Script-generated EDK2 Redfish Feature Driver</desc>
+ <rect x="0" y="670.588" width="153" height="45" class="st19"/>
+ <text x="16.96" y="689.84" class="st20">Script-generated EDK2 <tspan x="17.33" dy="1em" class="st5">Redfish Feature Driver</tspan></text> </g>
+ <g id="shape40-81" transform="translate(453.222,-197.713)">
+ <title>Sheet.40</title>
+ <desc>ComputerSystem</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="18.16" y="704.59" class="st22">ComputerSystem</text> </g>
+ <g id="shape41-84" transform="translate(475.722,-213.463)">
+ <title>Sheet.41</title>
+ <desc>BootOption</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="29.69" y="704.59" class="st22">BootOption</text> </g>
+ <g id="shape42-87" transform="translate(493.722,-226.963)">
+ <title>Sheet.42</title>
+ <desc>Memory</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="36.21" y="704.59" class="st22">Memory</text> </g>
+ <g id="shape43-90" transform="translate(608.472,-249.463)">
+ <title>Sheet.43</title>
+ <rect x="0" y="670.588" width="153" height="45" class="st18"/>
+ </g>
+ <g id="shape46-92" transform="translate(738.972,-262.963)">
+ <title>Sheet.46</title>
+ <ellipse cx="1.6875" cy="713.9" rx="1.6875" ry="1.6875" class="st21"/>
+ </g>
+ <g id="shape47-94" transform="translate(742.91,-268.025)">
+ <title>Sheet.47</title>
+ <ellipse cx="1.6875" cy="713.9" rx="1.6875" ry="1.6875" class="st21"/>
+ </g>
+ <g id="shape48-96" transform="translate(747.41,-273.088)">
+ <title>Sheet.48</title>
+ <ellipse cx="1.6875" cy="713.9" rx="1.6875" ry="1.6875" class="st21"/>
+ </g>
+ <g id="shape49-98" transform="translate(660.222,-199.963)">
+ <title>Sheet.49</title>
+ <desc>ComputerSystemCollection</desc>
+ <rect x="0" y="688.588" width="123.75" height="27" class="st6"/>
+ <text x="5.3" y="704.59" class="st22">ComputerSystemCollection</text> </g>
+ <g id="shape50-101" transform="translate(720.972,-215.713)">
+ <title>Sheet.50</title>
+ <desc>BootOptionCollection</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="8.96" y="704.59" class="st22">BootOptionCollection</text> </g>
+ <g id="shape51-104" transform="translate(732.222,-229.213)">
+ <title>Sheet.51</title>
+ <desc>MemoryCollection</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="15.48" y="704.59" class="st22">MemoryCollection</text> </g>
+ <g id="shape56-107" transform="translate(515.651,-269.34) rotate(-1.84761)">
+ <title>Curve connect 2.56</title>
+ <path d="M1.08 713.99 L1.29 713.7 A41.432 41.432 0 0 1 69.79 715.59" class="st23"/>
+ </g>
+ <g id="shape57-113" transform="translate(581.472,-235.963)">
+ <title>Sheet.57</title>
+ <rect x="0" y="670.588" width="153" height="45" class="st18"/>
+ </g>
+ <g id="shape59-115" transform="translate(291.222,-242.713)">
+ <title>1-D double</title>
+ <path d="M13.5 693.99 L13.5 688.59 L0 702.09 L13.5 715.59 L13.5 710.19 L31.5 710.19 L31.5 715.59 L45 702.09 L31.5 688.59
+ L31.5 693.99 L13.5 693.99 Z" class="st25"/>
+ </g>
+ <g id="shape64-117" transform="translate(619.722,-467.713)">
+ <title>Sheet.64</title>
+ <desc>EFI PLATFORM_CONFIG_TO_REDFISH_PROTOCOL</desc>
+ <g id="shadow64-118" transform="matrix(1.02,0,0,1.02,-1.98,-13.8618)" class="st10">
+ <path d="M0 715.59 L198 715.59 L198 670.59 L0 670.59 L0 715.59 Z" class="st26"/>
+ </g>
+ <path d="M0 715.59 L198 715.59 L198 670.59 L0 670.59 L0 715.59 Z" class="st27"/>
+ <text x="91.2" y="683.34" class="st20">EFI <tspan x="6.13" dy="1em" class="st5">PLATFORM</tspan>_CONFIG_TO_REDFISH_<tspan
+ x="69.84" dy="1em" class="st5">PROTOCOL</tspan></text> </g>
+ <g id="shape65-125" transform="translate(511.722,-445.213)">
+ <title>Sheet.65</title>
+ <desc>EFI PLATFORM_CONFIG_TO_REDFISH_PROTOCOL</desc>
+ <g id="shadow65-126" transform="matrix(1.02,0,0,1.02,-1.98,-13.8618)" class="st10">
+ <path d="M0 715.59 L198 715.59 L198 670.59 L0 670.59 L0 715.59 Z" class="st26"/>
+ </g>
+ <path d="M0 715.59 L198 715.59 L198 670.59 L0 670.59 L0 715.59 Z" class="st27"/>
+ <text x="91.2" y="683.34" class="st20">EFI <tspan x="6.13" dy="1em" class="st5">PLATFORM</tspan>_CONFIG_TO_REDFISH_<tspan
+ x="69.84" dy="1em" class="st5">PROTOCOL</tspan></text> </g>
+ <g id="shape67-133" transform="translate(536.472,-593.713)">
+ <title>Sheet.67</title>
+ <desc>Other Platform-specific Implementations</desc>
+ <rect x="0" y="688.588" width="243" height="27" class="st6"/>
+ <text x="20.02" y="705.09" class="st28">Other Platform-specific Implementations</text> </g>
+ <g id="group71-136" transform="translate(567.972,-530.713)">
+ <title>Can.71</title>
+ <desc>EFI Variable/ FW Storage</desc>
+ <g id="shape72-137">
+ <title>Sheet.72</title>
+ <path d="M0 709.29 A29.25 6.3 -180 1 0 58.5 709.29 L58.5 658.89 L0 658.89 L0 709.29 Z" class="st29"/>
+ </g>
+ <g id="shape71-139">
+ <ellipse cx="29.25" cy="658.888" rx="29.25" ry="6.3" class="st29"/>
+ <text x="23.25" y="675.09" class="st30">EFI <tspan x="10.54" dy="1.2em" class="st5">Variable</tspan>/ <tspan
+ x="5.79" dy="1.2em" class="st5">FW Storage</tspan></text> </g>
+ </g>
+ <g id="group73-144" transform="translate(687.222,-530.713)">
+ <title>Can.73</title>
+ <desc>Other Storage</desc>
+ <g id="shape74-145">
+ <title>Sheet.74</title>
+ <path d="M0 709.29 A29.25 6.3 -180 1 0 58.5 709.29 L58.5 658.89 L0 658.89 L0 709.29 Z" class="st29"/>
+ </g>
+ <g id="shape73-147">
+ <ellipse cx="29.25" cy="658.888" rx="29.25" ry="6.3" class="st29"/>
+ <text x="17.41" y="681.09" class="st30">Other <tspan x="13.66" dy="1.2em" class="st5">Storage</tspan></text> </g>
+ </g>
+ <g id="shape76-151" transform="translate(1306.06,184.875) rotate(90)">
+ <title>1-D double.76</title>
+ <path d="M6.75 704.79 L6.75 702.09 L0 708.84 L6.75 715.59 L6.75 712.89 L33.75 712.89 L33.75 715.59 L40.5 708.84 L33.75
+ 702.09 L33.75 704.79 L6.75 704.79 Z" class="st31"/>
+ </g>
+ <g id="shape77-153" transform="translate(1425.31,184.875) rotate(90)">
+ <title>1-D double.77</title>
+ <path d="M6.75 704.79 L6.75 702.09 L0 708.84 L6.75 715.59 L6.75 712.89 L11.25 712.89 L11.25 715.59 L18 708.84 L11.25
+ 702.09 L11.25 704.79 L6.75 704.79 Z" class="st31"/>
+ </g>
+ <g id="shape78-155" transform="translate(21.2224,-139.213)">
+ <title>Sheet.78</title>
+ <path d="M0 715.59 L810 715.59" class="st32"/>
+ </g>
+ <g id="group80-158" transform="translate(-173.49,382.875) rotate(-90)">
+ <title>Folded Corner</title>
+ <g id="shape80-159">
+ <g id="shadow80-160" transform="matrix(1.02,0,0,1.02,-3.105,-9.45175)" class="st10">
+ <path d="M0 715.59 L278.62 715.59 L310.5 688.27 L310.5 229.59 L0 229.59 L0 715.59 Z" class="st33"/>
+ </g>
+ <path d="M0 715.59 L278.62 715.59 L310.5 688.27 L310.5 229.59 L0 229.59 L0 715.59 Z" class="st35"/>
+ </g>
+ <g id="shape81-168" transform="translate(278.625,0)">
+ <title>Sheet.81</title>
+ <g id="shadow81-169" transform="matrix(1.02,0,0,1.02,-0.6375,-14.3117)" class="st10">
+ <path d="M0 715.59 L31.88 688.27 L4.87 684.09 L0 715.59 Z" class="st33"/>
+ </g>
+ <path d="M0 715.59 L31.88 688.27 L4.87 684.09 L0 715.59 Z" class="st37"/>
+ </g>
+ </g>
+ <g id="group82-175" transform="translate(432.972,-530.713)">
+ <title>Can.69</title>
+ <desc>EDK2 HII Database</desc>
+ <g id="shape83-176">
+ <title>Sheet.83</title>
+ <path d="M0 709.29 A29.25 6.3 -180 1 0 58.5 709.29 L58.5 658.89 L0 658.89 L0 709.29 Z" class="st38"/>
+ </g>
+ <g id="shape82-178">
+ <ellipse cx="29.25" cy="658.888" rx="29.25" ry="6.3" class="st38"/>
+ <text x="11.84" y="681.09" class="st30">EDK2 HII <tspan x="10.24" dy="1.2em" class="st5">Database</tspan></text> </g>
+ </g>
+ <g id="shape84-182" transform="translate(390.222,-429.463)">
+ <title>Sheet.84</title>
+ <desc>EFI PLATFORM_CONFIG_TO_REDFISH_PROTOCOL</desc>
+ <g id="shadow84-183" transform="matrix(1.02,0,0,1.02,-1.44,-13.8618)" class="st10">
+ <rect x="0" y="670.588" width="144" height="45" class="st39"/>
+ </g>
+ <rect x="0" y="670.588" width="144" height="45" class="st40"/>
+ <text x="64.2" y="683.34" class="st20">EFI <tspan x="4.73" dy="1em" class="st5">PLATFORM</tspan>_CONFIG_TO_<tspan
+ x="17.24" dy="1em" class="st5">REDFISH</tspan>_PROTOCOL</text> </g>
+ <g id="shape85-190" transform="translate(1171.06,184.875) rotate(90)">
+ <title>1-D double.75</title>
+ <path d="M6.75 704.79 L6.75 702.09 L0 708.84 L6.75 715.59 L6.75 712.89 L49.5 712.89 L49.5 715.59 L56.25 708.84 L49.5
+ 702.09 L49.5 704.79 L6.75 704.79 Z" class="st38"/>
+ </g>
+ <g id="shape86-192" transform="translate(1164.31,286.125) rotate(90)">
+ <title>1-D double.68</title>
+ <g id="shadow86-193" transform="matrix(1.02,0,0,1.02,-1.1475,-14.0418)" class="st10">
+ <path d="M13.5 693.99 L13.5 688.59 L0 702.09 L13.5 715.59 L13.5 710.19 L101.25 710.19 L101.25 715.59 L114.75 702.09
+ L101.25 688.59 L101.25 693.99 L13.5 693.99 Z" class="st39"/>
+ </g>
+ <path d="M13.5 693.99 L13.5 688.59 L0 702.09 L13.5 715.59 L13.5 710.19 L101.25 710.19 L101.25 715.59 L114.75 702.09 L101.25
+ 688.59 L101.25 693.99 L13.5 693.99 Z" class="st38"/>
+ </g>
+ <g id="shape87-197" transform="translate(27.9724,-616.213)">
+ <title>Sheet.87</title>
+ <desc>EDK2 Open Source Implementation</desc>
+ <rect x="0" y="688.588" width="243" height="27" class="st6"/>
+ <text x="34.39" y="705.09" class="st28">EDK2 Open Source Implementation</text> </g>
+ <g id="shape88-200" transform="translate(1312.81,270.375) rotate(90)">
+ <title>1-D double.88</title>
+ <path d="M13.5 693.99 L13.5 688.59 L0 702.09 L13.5 715.59 L13.5 710.19 L117 710.19 L117 715.59 L130.5 702.09 L117 688.59
+ L117 693.99 L13.5 693.99 Z" class="st41"/>
+ </g>
+ <g id="shape89-202" transform="translate(1434.31,247.875) rotate(90)">
+ <title>1-D double.89</title>
+ <path d="M13.5 693.99 L13.5 688.59 L0 702.09 L13.5 715.59 L13.5 710.19 L139.5 710.19 L139.5 715.59 L153 702.09 L139.5
+ 688.59 L139.5 693.99 L13.5 693.99 Z" class="st42"/>
+ </g>
+ <g id="shape90-204" transform="translate(838.629,252.112) rotate(68.1986)">
+ <title>Curve connect 1.61</title>
+ <path d="M7.53 720.84 L7.83 721.04 A30.61 30.61 -180 0 0 42.41 715.59 A30.61 30.61 0 0 1 76.99 710.13 L77.29 710.34"
+ class="st43"/>
+ </g>
+ <g id="shape91-213" transform="translate(-37.5816,162.844) rotate(-60.2551) scale(-1,1)">
+ <title>Curve connect 1.62</title>
+ <path d="M7.67 720.62 L7.98 720.82 A34.3918 34.3918 -180 0 0 45.35 715.59 A34.3918 34.3918 0 0 1 82.72 710.35 L83.03
+ 710.55" class="st43"/>
+ </g>
+ <g id="shape94-220" transform="translate(488.651,-255.84) rotate(-1.84761)">
+ <title>Curve connect 2.54</title>
+ <path d="M1.08 713.99 L1.29 713.7 A41.432 41.432 0 0 1 69.79 715.59" class="st23"/>
+ </g>
+ <g id="shape96-225" transform="translate(572.472,-222.463)">
+ <title>Sheet.96</title>
+ <desc>Script-generated EDK2 Redfish Collection Driver</desc>
+ <rect x="0" y="670.588" width="153" height="45" class="st19"/>
+ <text x="16.96" y="689.84" class="st20">Script-generated EDK2 <tspan x="11.39" dy="1em" class="st5">Redfish Collection Driver</tspan></text> </g>
+ <g id="shape98-229" transform="translate(67.3474,-420.463)">
+ <title>Rounded Rectangle.98</title>
+ <desc>EDK2 HII UNI file #string STR_OPTION_A #language x-uefi-redfi...</desc>
+ <path d="M7.73 715.59 L266.77 715.59 A7.73227 7.73227 -180 0 0 274.5 707.86 L274.5 637.82 A7.73227 7.73227 -180 0 0 266.77
+ 630.09 L7.73 630.09 A7.73227 7.73227 -180 0 0 -0 637.82 L0 707.86 A7.73227 7.73227 -180 0 0 7.73 715.59
+ Z" class="st45"/>
+ <text x="4" y="646.69" class="st46">EDK2 HII UNI file<tspan x="4" dy="1.425em" class="st47">#</tspan><tspan
+ class="st47">string </tspan><tspan class="st48">STR</tspan><tspan class="st48">_</tspan><tspan class="st48">OPTION</tspan><tspan
+ class="st48">_</tspan><tspan class="st48">A</tspan><tspan class="st47"> </tspan><tspan class="st47">#</tspan><tspan
+ class="st47">language </tspan><tspan class="st48">x</tspan><tspan class="st48">-</tspan><tspan class="st48">uefi</tspan><tspan
+ class="st48">-</tspan><tspan class="st48">redfish</tspan><tspan class="st48">-</tspan><tspan class="st48">SCHEMA</tspan><tspan
+ class="st48">.</tspan><tspan class="st48">VERSION</tspan><tspan class="st47"> </tspan><tspan class="st48"> </tspan><tspan
+ x="4" dy="1.2em" class="st49">“</tspan><tspan class="st49">/</tspan><tspan class="st49">SCHEMA</tspan><tspan
+ class="st49">/</tspan><tspan class="st49">PropertyA</tspan><tspan class="st48">” </tspan><tspan
+ class="st47"> </tspan><tspan x="4" dy="1.2em" class="st47">#</tspan><tspan class="st47">string</tspan><tspan
+ class="st48"> </tspan><tspan class="st48">STR</tspan><tspan class="st48">_</tspan><tspan class="st48">OPTION</tspan><tspan
+ class="st48">_</tspan><tspan class="st48">B</tspan><tspan class="st47"> </tspan><tspan class="st47">#</tspan><tspan
+ class="st47">language</tspan><tspan class="st48"> </tspan><tspan class="st48">x</tspan><tspan class="st48">-</tspan><tspan
+ class="st48">uefi</tspan><tspan class="st48">-</tspan><tspan class="st48">redfish</tspan><tspan
+ class="st48">-</tspan><tspan class="st48">SCHEMA</tspan><tspan class="st48">.</tspan><tspan class="st48">VERSION</tspan><tspan
+ class="st47"> </tspan><tspan class="st49"> </tspan><tspan x="4" dy="1.2em" class="st49">“</tspan><tspan
+ class="st49">/</tspan><tspan class="st49">SCHEMA</tspan><tspan class="st49">/</tspan><tspan class="st49">PropertyB</tspan><tspan
+ class="st49">” </tspan><tspan x="4" dy="1.2em" class="st47">#</tspan><tspan class="st47">string </tspan><tspan
+ class="st48">STR</tspan><tspan class="st48">_</tspan><tspan class="st48">OPTION</tspan><tspan class="st48">_</tspan><tspan
+ class="st47">C </tspan><tspan class="st47">#</tspan><tspan class="st47">language</tspan><tspan
+ class="st48"> </tspan><tspan class="st48">x</tspan><tspan class="st48">-</tspan><tspan class="st48">uefi</tspan><tspan
+ class="st48">-</tspan><tspan class="st48">redfish</tspan><tspan class="st48">-</tspan><tspan class="st48">SCHEMA</tspan><tspan
+ class="st48">.</tspan><tspan class="st48">VERSION</tspan><tspan class="st47"> </tspan><tspan class="st49"> </tspan><tspan
+ x="4" dy="1.312em" class="st49">“</tspan><tspan class="st49">/</tspan><tspan class="st49">SCHEMA</tspan><tspan
+ class="st49">/</tspan><tspan class="st49">PropertyC</tspan><tspan class="st49">”</tspan></text> </g>
+ <g id="shape100-316" transform="translate(171.972,-550.963)">
+ <title>Rounded Rectangle.100</title>
+ <desc>EDK2 HII VFR Form Option A Enabled Option B Disabled Option C...</desc>
+ <path d="M4.5 715.59 L148.5 715.59 A4.49993 4.49993 -180 0 0 153 711.09 L153 664.96 A4.49993 4.49993 -180 0 0 148.5 660.46
+ L4.5 660.46 A4.49993 4.49993 -180 0 0 0 664.96 L0 711.09 A4.49993 4.49993 -180 0 0 4.5 715.59 Z"
+ class="st50"/>
+ <text x="37.65" y="671.66" class="st51">EDK2 HII VFR Form<tspan x="24.37" dy="1.6em" class="st52">Option A Enabled </tspan><tspan
+ x="24.6" dy="0.8em" class="st52">Option B Disabled </tspan><tspan x="24.4" dy="0.8em" class="st52">Option C </tspan><tspan
+ class="st52">0</tspan><tspan class="st52">x</tspan><tspan class="st52">16</tspan></text> </g>
+ <g id="shape101-325" transform="translate(147.222,-539.713)">
+ <title>Rounded Rectangle.101</title>
+ <desc>EDK2 HII VFR Form Option A Enabled Option B Disabled Option C...</desc>
+ <path d="M4.5 715.59 L148.5 715.59 A4.49993 4.49993 -180 0 0 153 711.09 L153 664.96 A4.49993 4.49993 -180 0 0 148.5 660.46
+ L4.5 660.46 A4.49993 4.49993 -180 0 0 0 664.96 L0 711.09 A4.49993 4.49993 -180 0 0 4.5 715.59 Z"
+ class="st50"/>
+ <text x="37.65" y="671.66" class="st51">EDK2 HII VFR Form<tspan x="24.37" dy="1.6em" class="st52">Option A Enabled </tspan><tspan
+ x="24.6" dy="0.8em" class="st52">Option B Disabled </tspan><tspan x="24.4" dy="0.8em" class="st52">Option C </tspan><tspan
+ class="st52">0</tspan><tspan class="st52">x</tspan><tspan class="st52">16</tspan></text> </g>
+ <g id="shape102-334" transform="translate(129.222,-526.213)">
+ <title>Rounded Rectangle</title>
+ <desc>EDK2 HII VFR Form Option A Enabled Option B Disabled Option C...</desc>
+ <path d="M4.5 715.59 L148.5 715.59 A4.49993 4.49993 -180 0 0 153 711.09 L153 664.96 A4.49993 4.49993 -180 0 0 148.5 660.46
+ L4.5 660.46 A4.49993 4.49993 -180 0 0 0 664.96 L0 711.09 A4.49993 4.49993 -180 0 0 4.5 715.59 Z"
+ class="st50"/>
+ <text x="29.88" y="671.66" class="st28">EDK2 HII VFR Form<tspan x="24.37" dy="1.6em" class="st53">Option A </tspan><tspan
+ class="st54">Enabled </tspan><tspan x="24.6" dy="0.8em" class="st53">Option B </tspan><tspan
+ class="st54">Disabled </tspan><tspan x="24.4" dy="0.8em" class="st53">Option C </tspan><tspan
+ class="st54">0</tspan><tspan class="st54">x</tspan><tspan class="st54">16</tspan></text> </g>
+ <g id="shape110-345" transform="translate(503.938,-444.613) rotate(13.0919)">
+ <title>Curve connect 1.110</title>
+ <path d="M0 715.59 A11.592 11.592 0 0 1 22.97 715.59 A13.4718 13.4718 -180 0 0 48.31 719.9 L48.42 719.56" class="st55"/>
+ </g>
+ <g id="shape122-351" transform="translate(41.4724,-96.4625)">
+ <title>Sheet.122</title>
+ <desc>[1]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[1]</text> </g>
+ <g id="shape123-354" transform="translate(746.847,-100.963)">
+ <title>Sheet.123</title>
+ <desc>[2]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[2]</text> </g>
+ <g id="shape124-357" transform="translate(68.4724,-278.713)">
+ <title>Sheet.124</title>
+ <desc>[3]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[3]</text> </g>
+ <g id="shape125-360" transform="translate(338.472,-269.713)">
+ <title>Sheet.125</title>
+ <desc>[4]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[4]</text> </g>
+ <g id="shape126-363" transform="translate(761.472,-269.713)">
+ <title>Sheet.126</title>
+ <desc>[5]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[5]</text> </g>
+ <g id="shape127-366" transform="translate(390.222,-476.713)">
+ <title>Sheet.127</title>
+ <desc>[6]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[6]</text> </g>
+ <g id="shape128-369" transform="translate(123.597,-579.088)">
+ <title>Sheet.128</title>
+ <desc>[8]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[8]</text> </g>
+ <g id="shape129-372" transform="translate(62.8474,-501.463)">
+ <title>Sheet.129</title>
+ <desc>[9]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[9]</text> </g>
+ <g id="shape132-375" transform="translate(583.722,1233.46) rotate(180)">
+ <title>Curve connect 2.132</title>
+ <path d="M2.78 714.72 L3.12 714.61 A681.188 681.188 0 0 1 406.38 714.61 L406.72 714.72" class="st57"/>
+ </g>
+ <g id="shape133-384" transform="translate(238.347,-157.213)">
+ <title>Sheet.133</title>
+ <desc>Script-generated EDK2 Redfish client driver/library based on ...</desc>
+ <rect x="0" y="688.588" width="261" height="27" class="st1"/>
+ <text x="11.21" y="699.84" class="st59">Script-generated EDK2 Redfish client driver/library based on the <tspan
+ x="45.23" dy="1em" class="st5">standard Redfish schemas </tspan>published by DMTF</text> </g>
+ <g id="shape134-388" transform="translate(21.2224,-679.775)">
+ <title>Rectangle.134</title>
+ <rect x="0" y="703.213" width="24.75" height="12.375" class="st2"/>
+ </g>
+ <g id="shape135-390" transform="translate(41.4724,-670.213)">
+ <title>Sheet.135</title>
+ <desc>Script-generated code</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="12.79" y="704.34" class="st60">Script-generated code</text> </g>
+ <g id="shape137-393" transform="translate(21.2224,-661.213)">
+ <title>Rectangle.137</title>
+ <rect x="0" y="703.213" width="24.75" height="12.375" class="st61"/>
+ </g>
+ <g id="shape138-395" transform="translate(43.7224,-652.213)">
+ <title>Sheet.138</title>
+ <desc>UEFI/EDK2 open source</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="9.97" y="704.34" class="st60">UEFI/EDK2 open source</text> </g>
+ <g id="shape140-398" transform="translate(281.66,-341.784)">
+ <title>Configure</title>
+ <path d="M41.27 698.83 C40.4 698.46 37.61 697.28 37.61 697.28 L37.79 694.96 L37.94 693.01 L37.69 689.29 L39.53 688.23
+ C39.53 688.23 40.46 687.84 41.33 687.49 C40.71 685.96 40.45 685.33 39.82 683.81 C38.94 684.17 36.06 685.35
+ 36.06 685.35 L34.63 683.57 C33.94 682.7 33.09 681.89 32.02 681.06 L30.33 679.75 L31.01 677.68 C31.01 677.68
+ 31.41 676.7 31.79 675.77 C30.27 675.14 29.64 674.88 28.12 674.26 C27.72 675.23 26.52 678.17 26.52 678.17
+ L24.28 677.95 C23.14 677.83 21.96 677.86 20.77 678.02 L18.64 678.3 L17.65 676.35 C17.65 676.35 17.21 675.31
+ 16.78 674.31 C15.27 674.95 14.64 675.21 13.13 675.85 C13.58 676.92 14.85 679.93 14.85 679.93 L13.12 681.37
+ C12.3 682.05 11.54 682.85 10.79 683.83 L9.49 685.52 L7.41 684.86 C7.41 684.86 6.28 684.4 5.17 683.96 C4.56
+ 685.49 4.31 686.12 3.69 687.65 C4.82 688.1 7.84 689.31 7.84 689.31 C7.84 689.31 7.65 692.73 7.63 693 C7.65
+ 693.25 7.7 694.01 7.7 694.03 C7.7 694.03 7.87 695.84 7.87 695.84 L6.79 696.82 C6.46 697.15 6.34 697.24 3.64
+ 698.3 C4.24 699.84 4.49 700.47 5.08 702.01 C6.21 701.57 9.36 700.34 9.36 700.34 L10.99 702.57 C11.49 703.19
+ 12.18 703.89 13.04 704.61 L14.63 705.96 L13.93 707.96 C13.93 707.96 13.45 709.08 12.97 710.2 C14.47 710.85
+ 15.1 711.12 16.61 711.77 C17.05 710.74 18.36 707.71 18.36 707.71 L20.65 708.03 C21.73 708.19 22.89 708.21
+ 24.1 708.1 L26.18 707.92 L27.11 709.84 C27.11 709.84 27.53 710.9 27.94 711.93 C29.47 711.32 30.1 711.07
+ 31.63 710.45 C31.25 709.51 30.04 706.48 30.04 706.48 L32.32 704.83 C32.97 704.31 33.71 703.56 34.48 702.62
+ L35.81 701 L37.85 701.7 C37.85 701.7 38.82 702.1 39.73 702.49 C40.37 700.97 40.64 700.34 41.27 698.83 ZM40.58
+ 695.32 C40.58 695.32 40.57 695.4 40.56 695.47 C40.95 695.64 44.96 697.33 44.96 697.33 L41.23 706.17 C41.23
+ 706.17 37.13 704.45 36.75 704.28 C36.7 704.34 36.65 704.41 36.65 704.41 C35.76 705.49 34.89 706.37 33.97
+ 707.11 C33.97 707.11 33.67 707.33 33.46 707.47 C33.62 707.88 35.28 712.02 35.28 712.02 L26.38 715.59 C26.38
+ 715.59 24.65 711.28 24.5 710.89 C24.42 710.9 24.34 710.9 24.34 710.9 C22.91 711.03 21.54 711 20.25 710.82
+ C20.25 710.82 20.17 710.8 20.09 710.79 C19.93 711.19 18.08 715.47 18.08 715.47 L9.27 711.66 C9.27 711.66
+ 11.18 707.25 11.34 706.86 C11.29 706.81 11.22 706.76 11.22 706.76 C10.23 705.92 9.41 705.09 8.72 704.23
+ C8.72 704.23 8.51 703.94 8.37 703.75 C7.96 703.9 3.49 705.65 3.49 705.65 L0 696.71 C0 696.71 4.8 694.83
+ 4.8 694.83 C4.8 694.83 4.88 694.8 4.95 694.78 C4.92 694.54 4.89 694.21 4.89 694.21 L4.82 693.02 C4.82 693.02
+ 4.9 691.52 4.92 691.17 C4.54 691.02 0.04 689.21 0.04 689.21 L3.6 680.3 C3.6 680.3 8.06 682.09 8.46 682.25
+ C8.51 682.18 8.56 682.12 8.56 682.12 C9.43 680.98 10.34 680.02 11.33 679.2 C11.33 679.2 11.39 679.15 11.45
+ 679.11 C11.29 678.72 9.45 674.35 9.45 674.35 L18.29 670.62 C18.29 670.62 20.07 674.85 20.24 675.25 C20.31
+ 675.24 20.39 675.23 20.39 675.23 C21.8 675.04 23.2 675.01 24.56 675.15 C24.56 675.15 24.63 675.16 24.71
+ 675.16 C24.87 674.78 26.59 670.59 26.59 670.59 L35.46 674.23 C35.46 674.23 33.77 678.34 33.61 678.74 C33.67
+ 678.78 33.74 678.83 33.74 678.83 C34.99 679.8 35.99 680.77 36.82 681.8 C36.82 681.8 36.88 681.88 36.94 681.95
+ C37.33 681.79 41.35 680.14 41.35 680.14 L45 689.02 C45 689.02 40.99 690.67 40.6 690.83 C40.61 690.9 40.62
+ 690.98 40.62 690.98 C40.71 691.76 40.75 692.41 40.75 693.01 C40.75 693.7 40.7 694.43 40.58 695.32 ZM26.56
+ 697.76 C29.16 695.67 29.58 691.87 27.5 689.26 C25.42 686.65 21.62 686.23 19.01 688.31 C16.41 690.4 15.98
+ 694.2 18.07 696.81 C20.15 699.42 23.95 699.84 26.56 697.76 ZM23.76 684.23 C26.11 684.49 28.22 685.65 29.7
+ 687.5 C32.75 691.32 32.12 696.9 28.31 699.95 C26.47 701.43 24.16 702.1 21.8 701.84 C19.45 701.58 17.34 700.41
+ 15.87 698.56 C14.57 696.94 13.93 694.98 13.93 693.04 C13.93 690.44 15.07 687.86 17.25 686.12 C19.1 684.64
+ 21.41 683.97 23.76 684.23 Z" class="st62"/>
+ </g>
+ <g id="shape145-400" transform="translate(323.911,1069.28) scale(1,-1)">
+ <title>Side to top/bottom.145</title>
+ <path d="M7.18 715.59 L7.54 715.59 L96.69 715.59 L96.69 668.4" class="st63"/>
+ </g>
+ <g id="shape146-406" transform="translate(204.597,-382.144)">
+ <title>Bottom to top fixed 2</title>
+ <path d="M0 677.27 L0 697.59 L99.14 697.59 L99.14 708.05" class="st65"/>
+ </g>
+ <g id="shape150-412" transform="translate(281.66,1070.51) rotate(180)">
+ <title>Side to top/bottom</title>
+ <path d="M7.18 715.59 L7.54 715.59 L107.44 715.59 L107.44 669.64" class="st63"/>
+ </g>
+ <g id="shape152-417" transform="translate(173.097,-359.713)">
+ <title>Sheet.152</title>
+ <desc>[10]</desc>
+ <rect x="0" y="688.588" width="45" height="27" class="st6"/>
+ <text x="12.52" y="705.09" class="st7">[10]</text> </g>
+ <g id="shape153-420" transform="translate(186.597,-359.713)">
+ <title>Sheet.153</title>
+ <desc>EDK2 Build Tool</desc>
+ <rect x="0" y="688.588" width="108" height="27" class="st6"/>
+ <text x="21.18" y="704.59" class="st22">EDK2 Build Tool</text> </g>
+ <g id="shape95-423" transform="translate(479.651,-242.34) rotate(-1.84761)">
+ <title>Curve connect 2</title>
+ <path d="M1.08 713.99 L1.29 713.7 A41.432 41.432 0 0 1 68.5 713.7 L68.7 713.99" class="st66"/>
+ </g>
+ <g id="shape154-431" transform="translate(546.597,-607.213)">
+ <title>Sheet.154</title>
+ <desc>[7]</desc>
+ <rect x="0" y="688.588" width="24.75" height="27" class="st6"/>
+ <text x="5.44" y="705.09" class="st7">[7]</text> </g>
+ <g id="shape155-434" transform="translate(919.083,249.319) rotate(-86.8202) scale(1,-1)">
+ <title>Curve connect 1.155</title>
+ <path d="M0 715.59 A6.2366 6.2366 0 0 1 11.73 715.59 A4.54475 4.54475 -180 0 0 20.28 715.59" class="st67"/>
+ </g>
+ </g>
+</svg>
--
2.17.1

This is the first commit of RedfishClientPkg. Readme and diagrams
are created to delineate EDK2 Redfish Client implementation.

Signed-off-by: Abner Chang <abner.chang@...>
Cc: Nickle Wang <nickle.wang@...>
Cc: Liming Gao <gaoliming@...>
Cc: Andrew Fish <afish@...>
Cc: Leif Lindholm <leif@...>
Cc: Michael D Kinney <michael.d.kinney@...>

Abner Chang (2):
RedfishClientPkg: Initial commit
edk2: Update Maintainers.txt

RedfishClientPkg/Readme.md | 180 +++++
Maintainers.txt | 5 +
.../Media/RedfishClientDriverStack.svg | 680 ++++++++++++++++++
3 files changed, 865 insertions(+)
create mode 100644 RedfishClientPkg/Readme.md
create mode 100644 RedfishClientPkg/Documents/Media/RedfishClientDriverStack.svg

--
2.17.1

Reviewed-by: Sai Chaganty <rangasai.v.chaganty@...>

To follow the TCG CRB protocol specification, on every CRB TPM command
completion the TPM should return to Idle state, regardless of the
CRB Idle Bypass capability reported by the TPM device.

See: TCG PC Client Device Driver Design Principles for TPM 2.0,
Version 1.0, Rev 0.27

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Jiewen Yao <jiewen.yao@...>
---
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
index f1f8091683..34e3874a5b 100644
--- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
+++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
@@ -310,7 +310,7 @@ PtpCrbTpmCommand (
// Command completed, but buffer is not enough
//
Status = EFI_BUFFER_TOO_SMALL;
- goto GoReady_Exit;
+ goto GoIdle_Exit;
}
*SizeOut = TpmOutSize;
//
@@ -328,16 +328,6 @@ PtpCrbTpmCommand (
DEBUG ((EFI_D_VERBOSE, "\n"));
);

-GoReady_Exit:
- //
- // Goto Ready State if command is completed successfully and TPM support IdleBypass
- // If not supported. flow down to GoIdle
- //
- if (GetCachedIdleByPass () == 1) {
- MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY);
- return Status;
- }
-
//
// Do not wait for state transition for TIMEOUT_C
// This function will try to wait 2 TIMEOUT_C at the beginning in next call.
--
2.31.1.windows.1

On Mon, 12 Jul 2021 at 13:17, Jon Nettleton <jon@...> wrote:

On Mon, Jul 12, 2021 at 12:52 PM Marcin Wojtas <mw@...> wrote:

Hi,

wt., 29 cze 2021 o 16:17 Marcin Wojtas <mw@...> napisał(a):

Hi Leif,

pon., 14 cze 2021 o 23:55 Leif Lindholm <leif@...> napisał(a):

Hi Marcin,

On Sun, Jun 13, 2021 at 20:16:27 +0200, Marcin Wojtas wrote:

Hi,

The MDIO ACPI binding has been established and merged to the
Linux tree,

Congratulations! :)

Is FreeBSD expected to follow suit?

There's no driver yet, but once it's finally created I will make sure
it supports ACPI properly.

hence it is now possible to update the ACPI
description of the platforms that base on the Marvell SoCs.

For convenience, the code is exposed in the public github branch:
https://github.com/semihalf-wojtas-marcin/edk2-platforms/commits/acpi-mdio-r20210613
There is also MacchiatoBin firmware binary avaialable for testing:
https://drive.google.com/file/d/1eigP_aeM4wYQpEaLAlQzs3IN_w1-kQr0

I'm looking forward to the comments or remarks.

The patches themselves look straightforward enough.
I *would* prefer some tested-by, for these sources rather than the
binary, before merging though.

I have some our patches queued, that are blocked by this patchset. In
case no time is found for external testers - if this may help to get
it pushed through, please see below logs from the next-20210628 tag
and unchanged firmware. All network ports of MacchiatoBin and
CN913x-DB work properly, with full 1G/10G PHY support via X/MDIO
interfaces:

MacchiatoBin
# uname -a
Linux buildroot 5.13.0-rc7-next-20210628 #6 SMP PREEMPT Tue Jun 29
09:14:07 CEST 2021 aarch64 GNU/Linux
# dmesg | grep MRVL0101
[ 1.829659] mv88x3340 MRVL0101:00-mii:00: Firmware version 0.3.3.0
[ 1.839622] mv88x3340 MRVL0101:00-mii:08: Firmware version 0.3.3.0
[ 2.748351] mvpp2 MRVL0110:00 eth1: PHY [MRVL0101:00-mii:00] driver
[mv88x3340] (irq=POLL)
[ 2.767479] mvpp2 MRVL0110:01 eth2: PHY [MRVL0101:00-mii:08] driver
[mv88x3340] (irq=POLL)
# dmesg | grep MRVL0100
[ 2.919424] mvpp2 MRVL0110:01 eth3: PHY [MRVL0100:00-mii:00] driver
[Marvell 88E1510] (irq=POLL)
# dmesg | grep mvpp2
[...]
[ 2.748351] mvpp2 MRVL0110:00 eth1: PHY [MRVL0101:00-mii:00] driver
[mv88x3340] (irq=POLL)
[ 2.756701] mvpp2 MRVL0110:00 eth1: configuring for phy/10gbase-r link mode
[ 2.767479] mvpp2 MRVL0110:01 eth2: PHY [MRVL0101:00-mii:08] driver
[mv88x3340] (irq=POLL)
[ 2.775834] mvpp2 MRVL0110:01 eth2: configuring for phy/10gbase-r link mode
[ 2.919424] mvpp2 MRVL0110:01 eth3: PHY [MRVL0100:00-mii:00] driver
[Marvell 88E1510] (irq=POLL)
[ 2.928285] mvpp2 MRVL0110:01 eth3: configuring for phy/sgmii link mode
[ 2.936351] mvpp2 MRVL0110:01 eth4: configuring for
inband/2500base-x link mode
[ 5.987259] mvpp2 MRVL0110:01 eth3: Link is Up - 1Gbps/Full - flow
control off
#

CN913x-DB
# uname -a
Linux buildroot 5.13.0-rc7-next-20210628 #6 SMP PREEMPT Tue Jun 29
09:14:07 CEST 2021 aarch64 GNU/Linux
# dmesg | grep MRVL0100
[ 2.621201] mvpp2 MRVL0110:00 eth2: PHY [MRVL0100:00-mii:00] driver
[Marvell 88E1510] (irq=POLL)
[ 2.741199] mvpp2 MRVL0110:00 eth3: PHY [MRVL0100:00-mii:01] driver
[Marvell 88E1510] (irq=POLL)
# dmesg | grep mvpp2
[...]
[ 2.544917] mvpp2 MRVL0110:00 eth1: configuring for
inband/10gbase-r link mode
[ 2.552480] mvpp2 MRVL0110:00 eth1: Link is Up - 10Gbps/Full - flow
control rx
[ 2.621201] mvpp2 MRVL0110:00 eth2: PHY [MRVL0100:00-mii:00] driver
[Marvell 88E1510] (irq=POLL)
[ 2.630060] mvpp2 MRVL0110:00 eth2: configuring for phy/rgmii-id link mode
[ 2.741199] mvpp2 MRVL0110:00 eth3: PHY [MRVL0100:00-mii:01] driver
[Marvell 88E1510] (irq=POLL)
[ 2.750056] mvpp2 MRVL0110:00 eth3: configuring for phy/rgmii-id link mode
[ 2.810169] mvpp2 MRVL0110:01 eth4: configuring for
inband/10gbase-r link mode
[ 2.817471] mvpp2 MRVL0110:01 eth4: Link is Up - 10Gbps/Full - flow
control rx
[ 5.693231] mvpp2 MRVL0110:00 eth2: Link is Up - 1Gbps/Full - flow
control off
[ 10.840942] mvpp2 MRVL0110:00 eth1: Link is Down
[ 10.864124] mvpp2 MRVL0110:01 eth4: Link is Down
#

Both platforms were have been additionally tested by Greg, do you have
any comments/objections to merging this patchset?

Thanks,
Marcin

You can add my Tested-by as well. Finally got time over the weekend
to verify on all my Marvell platforms this effects.

Thanks all. I will get to this shortly - apologies for the delay.

On Fri, 16 Jul 2021 at 13:50, Samer El-Haj-Mahmoud
<Samer.El-Haj-Mahmoud@...> wrote:

Series Reviewed-By: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@...>

Does this series depend on core EDK2 changes, and if so, have they
been merged already?

-----Original Message-----
From: Grzegorz Bernacki <gjb@...>
Sent: Wednesday, July 14, 2021 9:21 AM
To: devel@edk2.groups.io
Cc: leif@...; ardb+tianocore@...; Samer El-Haj-Mahmoud
<Samer.El-Haj-Mahmoud@...>; Sunny Wang <Sunny.Wang@...>;
mw@...; upstream@...; pete@...;
jian.j.wang@...; hao.a.wu@...; dandan.bi@...;
eric.dong@...; Grzegorz Bernacki <gjb@...>
Subject: [edk2-platforms PATCH v3 0/2] Add BootDiscoveryPolicyUiLib

This patchset extends Boot Maintenance Menu and allows to select
Boot Discovery Policy. Raspberry Pi platforms uses the variable to
connect specified class of devices on boot. This patchset also
removes efdc159e which has similar functionality.

Discussion on design can be found at:
https://edk2.groups.io/g/rfc/topic/rfc_boot_discovery_policy/82450628

Changes since v1:
- make 'Connect All' (0x2) default value for PcdBootDiscoveryPolicy
- initialize BootDiscoveryPolicy variable in platform code, if not found

Changes since v2:
- add missing local variable initialization

Grzegorz Bernacki (3):
edk2:
MdeModulePkg: Add BootDiscoveryPolicyUiLib.
edk2-platform:
Platform/RaspberryPi: Enable Boot Discovery Policy.
Revert "Platform/RaspberryPi: Setup option for disabling Fast Boot"

Platform/RaspberryPi/RaspberryPi.dec | 2 -
Platform/RaspberryPi/RPi3/RPi3.dsc | 9 +-
Platform/RaspberryPi/RPi4/RPi4.dsc | 12 +--
Platform/RaspberryPi/RPi4/RPi4.fdf | 1 +
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.inf | 3 +-

Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBootManager
Lib.inf | 6 +-
Platform/RaspberryPi/Include/ConfigVars.h | 12 +--
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.vfr | 16 +--
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxe.c | 11 +--
Platform/RaspberryPi/Library/PlatformBootManagerLib/PlatformBm.c |
102 +++++++++++++++++---
Platform/RaspberryPi/Drivers/ConfigDxe/ConfigDxeHii.uni | 10 +-
MdeModulePkg/MdeModulePkg.dec | 6 +
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
| 52 +++++++
MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h | 22
+++
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c
| 160 ++++++++++++++++++++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni
| 18 +++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStri
ngs.uni | 29 ++++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.
Vfr | 44 ++++++
18 files changed, 438 insertions(+), 77 deletions(-)
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.inf
create mode 100644 MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.c
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.uni
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibStri
ngs.uni
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLibVfr.
Vfr
--
2.25.1

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

On Fri, 16 Jul 2021 at 14:00, Samer El-Haj-Mahmoud
<Samer.El-Haj-Mahmoud@...> wrote:

The v6 of this series seems to have all the necessary Reviewed-By (and some Tested-By) of all parts, except the following platform specific parts. Could we get help from maintainers to review these please?

Much appreciated!

- ArmVirtPkg : https://edk2.groups.io/g/devel/message/77772
- ArmPlatformPkg: https://edk2.groups.io/g/devel/message/77775

For ARM / OVMF packages:

Acked-by: Ard Biesheuvel <ardb@...>

- EmulatorPkg: https://edk2.groups.io/g/devel/message/77773
- Intel Platforms (Platform/Intel/QuarkPlatformPkg, Platform/Intel/MinPlatformPkg, Platform/Intel/Vlv2TbltDevicePkg): https://edk2.groups.io/g/devel/message/77781

Thanks,
--Samer

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Grzegorz Bernacki via groups.io
Sent: Wednesday, July 14, 2021 8:30 AM
To: devel@edk2.groups.io
Cc: leif@...; ardb+tianocore@...; Samer El-Haj-Mahmoud
<Samer.El-Haj-Mahmoud@...>; Sunny Wang
<Sunny.Wang@...>; mw@...; upstream@...;
jiewen.yao@...; jian.j.wang@...; min.m.xu@...;
lersek@...; Sami Mujawar <Sami.Mujawar@...>;
afish@...; ray.ni@...; jordan.l.justen@...;
rebecca@...; grehan@...; Thomas Abraham
<thomas.abraham@...>; chasel.chiu@...;
nathaniel.l.desimone@...; gaoliming@...;
eric.dong@...; michael.d.kinney@...; zailiang.sun@...;
yi.qian@...; graeme@...; rad@...;
pete@...; Grzegorz Bernacki <gjb@...>
Subject: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys

This patchset adds support for initialization of default
Secure Boot variables based on keys content embedded in
flash binary. This feature is active only if Secure Boot
is enabled and DEFAULT_KEY is defined. The patchset
consist also application to enroll keys from default
variables and secure boot menu change to allow user
to reset key content to default values.
Discussion on design can be found at:
https://edk2.groups.io/g/rfc/topic/82139806#600

Built with:
GCC
- RISC-V (U500, U540) [requires fixes in dsc to build]
- Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg,
EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32))
- ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4)

RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be built,
will be post on edk2 maillist later

VS2019
- Intel (OvmfPkgX64)

Test with:
GCC5/RPi4
VS2019/OvmfX64 (requires changes to enable feature)

Tests:
1. Try to enroll key in incorrect format.
2. Enroll with only PKDefault keys specified.
3. Enroll with all keys specified.
4. Enroll when keys are enrolled.
5. Reset keys values.
6. Running signed & unsigned app after enrollment.

Changes since v1:
- change names:
SecBootVariableLib => SecureBootVariableLib
SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe
SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp
- change name of function CheckSetupMode to GetSetupMode
- remove ShellPkg dependecy from EnrollFromDefaultKeysApp
- rebase to master

Changes since v2:
- fix coding style for functions headers in SecureBootVariableLib.h
- add header to SecureBootDefaultKeys.fdf.inc
- remove empty line spaces in SecureBootDefaultKeysDxe files
- revert FAIL macro in EnrollFromDefaultKeysApp
- remove functions duplicates and add SecureBootVariableLib
to platforms which used it

Changes since v3:
- move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
- leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
- fix typo in guid description

Changes since v4:
- reorder patches to make it bisectable
- split commits related to more than one platform
- move edk2-platform commits to separate patchset

Changes since v5:
- split SecureBootVariableLib into SecureBootVariableLib and
SecureBootVariableProvisionLib

Grzegorz Bernacki (11):
SecurityPkg: Create SecureBootVariableLib.
SecurityPkg: Create library for enrolling Secure Boot variables.
ArmVirtPkg: add SecureBootVariableLib class resolution
OvmfPkg: add SecureBootVariableLib class resolution
EmulatorPkg: add SecureBootVariableLib class resolution
SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.
ArmPlatformPkg: Create include file for default key content.
SecurityPkg: Add SecureBootDefaultKeysDxe driver
SecurityPkg: Add EnrollFromDefaultKeys application.
SecurityPkg: Add new modules to Security package.
SecurityPkg: Add option to reset secure boot keys.

SecurityPkg/SecurityPkg.dec | 14 +
ArmVirtPkg/ArmVirt.dsc.inc | 2 +
EmulatorPkg/EmulatorPkg.dsc | 2 +
OvmfPkg/Bhyve/BhyveX64.dsc | 2 +
OvmfPkg/OvmfPkgIa32.dsc | 2 +
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
OvmfPkg/OvmfPkgX64.dsc | 2 +
SecurityPkg/SecurityPkg.dsc | 5 +
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
| 48 ++
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
| 80 +++

SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.inf | 80 +++

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gDxe.inf | 3 +

SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.inf | 46 ++
SecurityPkg/Include/Library/SecureBootVariableLib.h | 153
++++++
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
| 134 +++++

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gNvData.h | 2 +

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
g.vfr | 6 +
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
| 110 +++++
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
| 511 ++++++++++++++++++++

SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.c | 491 +++++++++++++++++++

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gImpl.c | 344 ++++++-------

SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.c | 69 +++
ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70
+++
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
| 17 +

SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.uni | 16 +

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gStrings.uni | 4 +

SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.uni | 16 +
27 files changed, 2043 insertions(+), 188 deletions(-)
create mode 100644
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
create mode 100644
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.inf
create mode 100644
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.inf
create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h
create mode 100644
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
create mode 100644
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
create mode 100644
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.c
create mode 100644
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.c
create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
create mode 100644
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.uni
create mode 100644
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.uni

--
2.25.1

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

On Fri, 16 Jul 2021 at 19:25, Ard Biesheuvel <ardb@...> wrote:

On Mon, 5 Jul 2021 at 12:06, Jianyong Wu <jianyong.wu@...> wrote:

Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that
runs on top of KVM. Cloud Hypervisor is implemented in Rust and is based
on the rust-vmm crates. See [1] to find more.

To support UEFI, Cloud Hypervisor is introduced here.
There are 2 parts to be considered to do this enablement, that is:
1. specific ACPI service implementation compared with qemu, there is no
device like Fw-cfg, so we have no elegant way to get the RSDP address.
A specific ACPI implementation is introduced here.

2. build configuration file for Cloud Hypervisor

Change log:

v3 to v4:
(1) remove Tpm support in dsc file
(2) refine Acpi table install code base on Sami's comments in v3

v2 to v3:
(1) reuse qemu's memory initialization lib as they are in nearly the same
memory laout.
(2) split Acpi implemetation into PlatformHasAcpi and
InstallAcpiTable.
(3) remove lots of dependencies from qemu like "*Fwcfg*" lib.
(4) lots of code cleanup work to let it more approach to edk2 code
style.

[1] https://github.com/cloud-hypervisor/cloud-hypervisor

Jianyong Wu (3):
Acpi: reimplement PlatformHasAcpi for Cloud Hypervisor
Acpi: Install Acpi tables for Cloud hypervisor
ArmVirtCloudHv: support Cloud Hypervisor in edk2

Sami, any thoughts on this code?

... or did you already merge the entire series? (My mailbox is
overflowing a bit after 4 weeks of vacation :-))

ArmVirtPkg/ArmVirtPkg.dec | 6 +
ArmVirtPkg/ArmVirtCloudHv.dsc | 364 ++++++++++++++++++
ArmVirtPkg/ArmVirtCloudHv.fdf | 258 +++++++++++++
.../CloudHvAcpiPlatformDxe.inf | 47 +++
.../CloudHvHasAcpiDtDxe.inf | 43 +++
.../CloudHvAcpiPlatformDxe/CloudHvAcpi.c | 155 ++++++++
.../CloudHvHasAcpiDtDxe.c | 69 ++++
7 files changed, 942 insertions(+)
create mode 100644 ArmVirtPkg/ArmVirtCloudHv.dsc
create mode 100644 ArmVirtPkg/ArmVirtCloudHv.fdf
create mode 100644 ArmVirtPkg/CloudHvAcpiPlatformDxe/CloudHvAcpiPlatformDxe.inf
create mode 100644 ArmVirtPkg/CloudHvPlatformHasAcpiDtDxe/CloudHvHasAcpiDtDxe.inf
create mode 100644 ArmVirtPkg/CloudHvAcpiPlatformDxe/CloudHvAcpi.c
create mode 100644 ArmVirtPkg/CloudHvPlatformHasAcpiDtDxe/CloudHvHasAcpiDtDxe.c

--
2.17.1

On Mon, 5 Jul 2021 at 12:06, Jianyong Wu <jianyong.wu@...> wrote:

Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that
runs on top of KVM. Cloud Hypervisor is implemented in Rust and is based
on the rust-vmm crates. See [1] to find more.

To support UEFI, Cloud Hypervisor is introduced here.
There are 2 parts to be considered to do this enablement, that is:
1. specific ACPI service implementation compared with qemu, there is no
device like Fw-cfg, so we have no elegant way to get the RSDP address.
A specific ACPI implementation is introduced here.

2. build configuration file for Cloud Hypervisor

Change log:

v3 to v4:
(1) remove Tpm support in dsc file
(2) refine Acpi table install code base on Sami's comments in v3

v2 to v3:
(1) reuse qemu's memory initialization lib as they are in nearly the same
memory laout.
(2) split Acpi implemetation into PlatformHasAcpi and
InstallAcpiTable.
(3) remove lots of dependencies from qemu like "*Fwcfg*" lib.
(4) lots of code cleanup work to let it more approach to edk2 code
style.

[1] https://github.com/cloud-hypervisor/cloud-hypervisor

Jianyong Wu (3):
Acpi: reimplement PlatformHasAcpi for Cloud Hypervisor
Acpi: Install Acpi tables for Cloud hypervisor
ArmVirtCloudHv: support Cloud Hypervisor in edk2

Sami, any thoughts on this code?

ArmVirtPkg/ArmVirtPkg.dec | 6 +
ArmVirtPkg/ArmVirtCloudHv.dsc | 364 ++++++++++++++++++
ArmVirtPkg/ArmVirtCloudHv.fdf | 258 +++++++++++++
.../CloudHvAcpiPlatformDxe.inf | 47 +++
.../CloudHvHasAcpiDtDxe.inf | 43 +++
.../CloudHvAcpiPlatformDxe/CloudHvAcpi.c | 155 ++++++++
.../CloudHvHasAcpiDtDxe.c | 69 ++++
7 files changed, 942 insertions(+)
create mode 100644 ArmVirtPkg/ArmVirtCloudHv.dsc
create mode 100644 ArmVirtPkg/ArmVirtCloudHv.fdf
create mode 100644 ArmVirtPkg/CloudHvAcpiPlatformDxe/CloudHvAcpiPlatformDxe.inf
create mode 100644 ArmVirtPkg/CloudHvPlatformHasAcpiDtDxe/CloudHvHasAcpiDtDxe.inf
create mode 100644 ArmVirtPkg/CloudHvAcpiPlatformDxe/CloudHvAcpi.c
create mode 100644 ArmVirtPkg/CloudHvPlatformHasAcpiDtDxe/CloudHvHasAcpiDtDxe.c

--
2.17.1

On Tue, 6 Jul 2021 at 10:55, Dov Murik <dovmurik@...> wrote:

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457

Booting with SEV prevented the loading of kernel, initrd, and kernel
command-line via QEMU fw_cfg interface because they arrive from the VMM
which is untrusted in SEV.

However, in some cases the kernel, initrd, and cmdline are not secret
but should not be modified by the host. In such a case, we want to
verify inside the trusted VM that the kernel, initrd, and cmdline are
indeed the ones expected by the Guest Owner, and only if that is the
case go on and boot them up (removing the need for grub inside OVMF in
that mode).

This patch series reserves an area in MEMFD (previously the last 1KB of
the launch secret page) which will contain the
hashes of these three blobs (kernel, initrd, cmdline), each under its
own GUID entry. This tables of hashes is populated by QEMU before
launch, and encrypted as part of the initial VM memory; this makes sure
theses hashes are part of the SEV measurement (which has to be approved
by the Guest Owner for secret injection, for example). Note that this
requires QEMU support [1].

OVMF parses the table of hashes populated by QEMU (patch 5), and as it
reads the fw_cfg blobs from QEMU, it will verify each one against the
expected hash (kernel and initrd verifiers are introduced in patch 6,
and command-line verifier is introduced in patches 7+8). This is all
done inside the trusted VM context. If all the hashes are correct, boot
of the kernel is allowed to continue.

Any attempt by QEMU to modify the kernel, initrd, cmdline (including
dropping one of them), or to modify the OVMF code that verifies those
hashes, will cause the initial SEV measurement to change and therefore
will be detectable by the Guest Owner during launch before secret
injection.

Relevant part of OVMF serial log during boot with AmdSevX86 build and QEMU with
-kernel/-initrd/-append:

...
SevHashesBlobVerifierLibConstructor: found injected hashes table in secure location
Select Item: 0x17
Select Item: 0x8
FetchBlob: loading 7379328 bytes for "kernel"
Select Item: 0x18
Select Item: 0x11
VerifyBlob: Found GUID 4DE79437-ABD2-427F-B835-D5B172D2045B in table
VerifyBlob: Hash comparison succeeded for entry 'kernel'
Select Item: 0xB
FetchBlob: loading 12483878 bytes for "initrd"
Select Item: 0x12
VerifyBlob: Found GUID 44BAF731-3A2F-4BD7-9AF1-41E29169781D in table
VerifyBlob: Hash comparison succeeded for entry 'initrd'
Select Item: 0x14
FetchBlob: loading 86 bytes for "cmdline"
Select Item: 0x15
VerifyBlob: Found GUID 97D02DD8-BD20-4C94-AA78-E7714D36AB2A in table
VerifyBlob: Hash comparison succeeded for entry 'cmdline'
...

The patch series is organized as follows:

1: Simple comment fix in adjacent area in the code.
2: Use GenericQemuLoadImageLib to gain one location for fw_cfg blob
fetching.
3: Allow the (previously blocked) usage of -kernel in AmdSevX64.
4-7: Add BlobVerifierLib with null implementation and use it in the correct
location in QemuKernelLoaderFsDxe.
8-9: Reserve memory for hashes table, declare this area in the reset vector.
10-11: Add the secure implementation SevHashesBlobVerifierLib and use it in
AmdSevX64 builds.

[1] https://lore.kernel.org/qemu-devel/20210624102040.2015280-1-dovmurik@linux.ibm.com/

Code is at
https://github.com/confidential-containers-demo/edk2/tree/sev-hashes-v2

v2 changes:
- Use the last 1KB of the existing SEV launch secret page for hashes table
(instead of reserving a whole new MEMFD page).
- Build on top of commit cf203024745f ("OvmfPkg/GenericQemuLoadImageLib: Read
cmdline from QemuKernelLoaderFs", 2021-06-28) to have a single location in
which all of kernel/initrd/cmdline are fetched from QEMU.
- Use static linking of the two BlobVerifierLib implemenatations.
- Reorganize series.

v1: https://edk2.groups.io/g/devel/message/75567

Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Jordan Justen <jordan.l.justen@...>
Cc: Ashish Kalra <ashish.kalra@...>
Cc: Brijesh Singh <brijesh.singh@...>
Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Min Xu <min.m.xu@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Leif Lindholm <leif@...>
Cc: Sami Mujawar <sami.mujawar@...>

Anyone on the cc list care to review this?

Dov Murik (8):
OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds
OvmfPkg: add library class BlobVerifierLib with null implementation
OvmfPkg: add NullBlobVerifierLib to DSC
ArmVirtPkg: add NullBlobVerifierLib to DSC
OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg
OvmfPkg/AmdSev/SecretPei: build hob for full page
OvmfPkg: add SevHashesBlobVerifierLib
OvmfPkg/AmdSev: Enforce hash verification of kernel blobs

James Bottomley (3):
OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming
OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg
OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes

OvmfPkg/OvmfPkg.dec | 9 +
ArmVirtPkg/ArmVirtQemu.dsc | 5 +-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +-
OvmfPkg/AmdSev/AmdSevX64.dsc | 9 +-
OvmfPkg/OvmfPkgIa32.dsc | 5 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +-
OvmfPkg/OvmfPkgX64.dsc | 5 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 5 +-
OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf | 27 +++
OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifierLib.inf | 36 ++++
OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.inf | 2 +
OvmfPkg/ResetVector/ResetVector.inf | 2 +
OvmfPkg/Include/Library/BlobVerifierLib.h | 38 ++++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h | 11 ++
OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 2 +-
OvmfPkg/AmdSev/SecretPei/SecretPei.c | 9 +-
OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c | 34 ++++
OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifier.c | 199 ++++++++++++++++++++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c | 5 +
OvmfPkg/Library/{PlatformBootManagerLib => PlatformBootManagerLibGrub}/QemuKernel.c | 0
OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +
OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 20 ++
OvmfPkg/ResetVector/ResetVector.nasmb | 2 +
23 files changed, 434 insertions(+), 10 deletions(-)
create mode 100644 OvmfPkg/Library/BlobVerifierLib/NullBlobVerifierLib.inf
create mode 100644 OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifierLib.inf
create mode 100644 OvmfPkg/Include/Library/BlobVerifierLib.h
create mode 100644 OvmfPkg/Library/BlobVerifierLib/NullBlobVerifier.c
create mode 100644 OvmfPkg/Library/BlobVerifierLib/SevHashesBlobVerifier.c
copy OvmfPkg/Library/{PlatformBootManagerLib => PlatformBootManagerLibGrub}/QemuKernel.c (100%)

--
2.25.1

On Wed, 7 Jul 2021 at 19:14, Philippe Mathieu-Daudé <philmd@...> wrote:

On 7/6/21 5:57 PM, Laszlo Ersek wrote:

On 07/06/21 11:49, Philippe Mathieu-Daudé wrote:

From: Philippe Mathieu-Daude <philmd@...>

The "Shell Embedded Boot Loader" description (added in
commit 6f5872b1f401) does not add any value, remove it.

Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ardb+tianocore@...>
Cc: Leif Lindholm <leif@...>
Cc: Sami Mujawar <sami.mujawar@...>
Cc: Julien Grall <julien@...>
Suggested-by: Laszlo Ersek <lersek@...>
Signed-off-by: Philippe Mathieu-Daude <philmd@...>
---
ArmVirtPkg/ArmVirt.dsc.inc | 2 +-
ArmVirtPkg/ArmVirtKvmTool.fdf | 2 +-
ArmVirtPkg/ArmVirtXen.fdf | 2 +-
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index d9abadbe708c..e17238e63803 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -376,7 +376,7 @@ [Components.common]
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf

#
- # UEFI application (Shell Embedded Boot Loader)
+ # UEFI application
#
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
<PcdsFixedAtBuild>
diff --git a/ArmVirtPkg/ArmVirtKvmTool.fdf b/ArmVirtPkg/ArmVirtKvmTool.fdf
index 076155199905..8ad67233dc90 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.fdf
+++ b/ArmVirtPkg/ArmVirtKvmTool.fdf
@@ -174,7 +174,7 @@ [FV.FvMain]
INF OvmfPkg/VirtioRngDxe/VirtioRng.inf

#
- # UEFI application (Shell Embedded Boot Loader)
+ # UEFI application
#
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
diff --git a/ArmVirtPkg/ArmVirtXen.fdf b/ArmVirtPkg/ArmVirtXen.fdf
index 8fbbc2313aff..bab4af446cfb 100644
--- a/ArmVirtPkg/ArmVirtXen.fdf
+++ b/ArmVirtPkg/ArmVirtXen.fdf
@@ -178,7 +178,7 @@ [FV.FvMain]
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

#
- # UEFI application (Shell Embedded Boot Loader)
+ # UEFI application
#
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 5b1d10057545..5ecde9233951 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -100,7 +100,7 @@ [FV.FvMain]
INF OvmfPkg/VirtioRngDxe/VirtioRng.inf

#
- # UEFI application (Shell Embedded Boot Loader)
+ # UEFI application
#
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf

I'm really sorry Phil, but even the new comment looks just super weird
to me. I've grepped the edk2 codebase for
"ShellPkg/Application/Shell/Shell.inf", and looked at the leading
context (approx. 30 lines) near every match -- and now I actually think
we don't need *any* comments here.

Yes I agree.

So do I.

I mean we could say "UEFI Shell
Application", but is that really helpful? I have no idea.

I'll let other ArmVirtPkg reviewers comment on this.

Thanks
Laszlo

On Fri, 16 Jul 2021 at 17:00, Kinney, Michael D
<michael.d.kinney@...> wrote:

Hi Ard,

I see you were involved in the OS side changes.

Can you explain what is required for the FW <-> OS interface with respect to Load File Protocol and this media device path node.

What happens if this media device path node is not present? What breaks?

Trying to figure out if this is a required interop feature (MdePkg candidate) or an EDK II specific extension (MdeModulePkg candidate).

Let me give some context first:

Linux distro boot generally relies on an initial ramdisk (initrd)
which is provided by the loader, and which contains additional kernel
modules (for storage and netwerk, for instance), and the initial user
space startup code, ie., the code which brings up the user space side
of the entire OS.

Before we introduced this media path, the only way for a EFI pre-OS
loader (such as GRUB) to provide this initrd was to copy it into DRAM
somewhere, and use a arch-specific method of passing the DRAM address
and size to the OS (x86 uses struct bootparam, whereas ARM uses device
tree). It also requires knowledge on the part of GRUB regarding which
parts of DRAM are suitable for holding an initrd image. For measured
boot scenarios, it may be an advantage not to have the initrd linger
in DRAM for longer that necessary, and we actually intend to measure
the initrd loaded via the new method right after it has been loaded
this way.

To avoid extending this to other architectures such as RISC-V, I
decided to introduce a special vendor media path for Linux initrd
images, which GRUB et al can implement, which provides the initrd
image when the OS loader that consumes it asks for it.

So for Linux on x86 or ARM, this is optional, given that support for
the old method is not going away any time soon. For RISC-V, I
suggested that only the new method be implemented, but I am not sure
what the status is there. Note that many embedded style systems don't
use GRUB, and may not use initrds to begin with. OTOH, U-Boot also
implements support for the Linux initrd vendor media path, and work is
ongoing to add measured boot support as well.

In any case, I don't have a strong preference where this should live,
as long as it is in a generic place where all architectures can use
it.

--
Ard.

Hi Ard,

I see you were involved in the OS side changes.

Can you explain what is required for the FW <-> OS interface with respect to Load File Protocol and this media device path node.

What happens if this media device path node is not present? What breaks?

Trying to figure out if this is a required interop feature (MdePkg candidate) or an EDK II specific extension (MdeModulePkg candidate).

Thanks,

Mike

On 7/8/21 9:08 AM, Ashish Kalra wrote:

From: Ashish Kalra <ashish.kalra@...>

Mark the SEC GHCB page (that is mapped as unencrypted in
ResetVector code) in the hypervisor page status tracking.

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Signed-off-by: Ashish Kalra <ashish.kalra@...>
---
OvmfPkg/PlatformPei/AmdSev.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022..1ec0de48fe 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -52,6 +52,15 @@ AmdSevEsInitialize (
PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
ASSERT_RETURN_ERROR (PcdStatus);

+ //
+ // GHCB_BASE setup during reset-vector needs to be marked as

s/GHCB_BASE/The SEC Ghcb/

+ // decrypted in the hypervisor page encryption bitmap.

Is the "hypervisor page encryption bitmap" valid anymore? This gets passed
up to userspace now, right?

You should go through all the patches to be sure you aren't talking about
a bitmap anymore and just state that you're updating the encryption state
with the hypervisor.

+ //
+ SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase),

The first argument needs to be moved down to a line of its own and
indented like the following arguments.

+ EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)),
+ KVM_MAP_GPA_RANGE_DECRYPTED

Ah, now I see this #define used, but you should be passing a 0 or 1,
right? This happens to evaluate to 0, but it's the wrong way to call this
function.

Thanks,
Tom

+ );
+
//
// Allocate GHCB and per-CPU variable pages.
// Since the pages must survive across the UEFI to OS transition

On 7/8/21 9:08 AM, Ashish Kalra wrote:

From: Ashish Kalra <ashish.kalra@...>

The subject isn't correct since the #VC handler already supports
hypercalls. It should say something like "Make the #VC handler aware of
the encryption state change hypercall" or "Update the #VC handler to
support the encryption state change hypercall" or something like that.

Make the VC handler hypercall aware by adding support
to compare the hypercall number and add the additional
register values used by hypercall in the GHCB.

Also mark the SEC GHCB page (that is mapped as
unencrypted in ResetVector code) in the hypervisor
guest page status tracking.

This part of the commit message shoudn't be here any more.

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Signed-off-by: Ashish Kalra <ashish.kalra@...>
---
OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
index 41b0c8cc53..7f69bfab5f 100644
--- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
+++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
@@ -1171,6 +1171,15 @@ VmmCallExit (
Ghcb->SaveArea.Cpl = (UINT8) (Regs->Cs & 0x3);
VmgSetOffsetValid (Ghcb, GhcbCpl);

Add a comment that this hypercall requires these extra registers so you
are explicitly adding them.

Thanks,
Tom

+ if (Regs->Rax == KVM_HC_MAP_GPA_RANGE) {
+ Ghcb->SaveArea.Rbx = Regs->Rbx;
+ VmgSetOffsetValid (Ghcb, GhcbRbx);
+ Ghcb->SaveArea.Rcx = Regs->Rcx;
+ VmgSetOffsetValid (Ghcb, GhcbRcx);
+ Ghcb->SaveArea.Rdx = Regs->Rdx;
+ VmgSetOffsetValid (Ghcb, GhcbRdx);
+ }
+
Status = VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0);
if (Status != 0) {
return Status;

On 7/8/21 9:07 AM, Ashish Kalra wrote:

From: Ashish Kalra <ashish.kalra@...>

The patch subject is a bit confusing. Something more like "Add API to
issue hypercall on page encryption state change" or similar, since this is
issued for changes to shared and private, not just shared.

By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest live migration, guest page migration and guest debugging.

This hypercall is used to notify hypervisor when the page's
encryption state changes.

This is a large patch. It looks like this should be split into a few patches.
- one patch for the MemEncryptSevLiveMigrationIsEnabled() API
- one patch for the SetMemoryEncDecHypercall3() API
- one patch to make use of the SetMemoryEncDecHypercall3() API.

Cc: Jordan Justen <jordan.l.justen@...>
Cc: Laszlo Ersek <lersek@...>
Cc: Ard Biesheuvel <ard.biesheuvel@...>
Signed-off-by: Brijesh Singh <brijesh.singh@...>
Signed-off-by: Ashish Kalra <ashish.kalra@...>
---
OvmfPkg/Include/Library/MemEncryptSevLib.h | 69 ++++++++++++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 39 +++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 27 ++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c | 51 +++++++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 39 +++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 38 +++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm | 33 ++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 54 +++++++++++++++
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 22 ++++++-
11 files changed, 373 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index 76d06c206c..c2b2a99a08 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -90,6 +90,18 @@ MemEncryptSevIsEnabled (
VOID
);

+/**
+ Returns a boolean to indicate whether SEV live migration is enabled.
+
+ @retval TRUE SEV live migration is enabled
+ @retval FALSE SEV live migration is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevLiveMigrationIsEnabled (
+ VOID
+ );
+
/**
This function clears memory encryption bit for the memory region specified by
BaseAddress and NumPages from the current page table context.
@@ -222,4 +234,61 @@ MemEncryptSevClearMmioPageEncMask (
IN UINTN NumPages
);

+/**
+ This hypercall is used to notify hypervisor when the page's encryption
+ state changes.
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region. The PhysicalAddress is
+ expected to be PAGE_SIZE aligned.
+ @param[in] Pages Number of pages in memory region.
+ @param[in] Status Encrypted(1) or Decrypted(0).
+
+@retval RETURN_SUCCESS Hypercall returned success.

It looks like RETURN_UNSUPPORTED is also possible.

+**/
+RETURN_STATUS
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN UINTN PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Status
+ );
+
+#define KVM_HC_MAP_GPA_RANGE 12
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_4K 0
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_2M BIT0
+#define KVM_MAP_GPA_RANGE_PAGE_SZ_1G BIT1
+#define KVM_MAP_GPA_RANGE_ENC_STAT(n) ((n) << 4)
+#define KVM_MAP_GPA_RANGE_ENCRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(1)
+#define KVM_MAP_GPA_RANGE_DECRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(0)

You define these but don't use them (and you should).

+
+#define KVM_FEATURE_MIGRATION_CONTROL BIT17
+
+/**
+ Figures out if we are running inside KVM HVM and
+ KVM HVM supports SEV Live Migration feature.
+
+ @retval TRUE SEV live migration is supported.
+ @retval FALSE SEV live migration is not supported.
+**/
+BOOLEAN
+EFIAPI
+KvmDetectSevLiveMigrationFeature(
+ VOID
+ );
+
+/**
+ Interface exposed by the ASM implementation of the core hypercall
+
+ @retval Hypercall returned status.
+**/
+UINTN
+EFIAPI
+SetMemoryEncDecHypercall3AsmStub (
+ IN UINTN HypercallNum,
+ IN UINTN PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Attributes
+ );
+
#endif // _MEM_ENCRYPT_SEV_LIB_H_
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index f2e162d680..0c28afadee 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -38,6 +38,7 @@
X64/PeiDxeVirtualMemory.c
X64/VirtualMemory.c
X64/VirtualMemory.h
+ X64/AsmHelperStub.nasm

[Sources.IA32]
Ia32/MemEncryptSevLib.c
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
index 2816f859a0..ead754cd7b 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
@@ -20,6 +20,8 @@
STATIC BOOLEAN mSevStatus = FALSE;
STATIC BOOLEAN mSevEsStatus = FALSE;
STATIC BOOLEAN mSevStatusChecked = FALSE;
+STATIC BOOLEAN mSevLiveMigrationStatus = FALSE;
+STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE;

STATIC UINT64 mSevEncryptionMask = 0;
STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
@@ -87,6 +89,24 @@ InternalMemEncryptSevStatus (
mSevStatusChecked = TRUE;
}

+/**
+ Figures out if we are running inside KVM HVM and
+ KVM HVM supports SEV Live Migration feature.
+**/
+STATIC
+VOID
+EFIAPI
+InternalDetectSevLiveMigrationFeature(
+ VOID
+ )
+{
+ if (KvmDetectSevLiveMigrationFeature()) {
+ mSevLiveMigrationStatus = TRUE;
+ }
+
+ mSevLiveMigrationStatusChecked = TRUE;
+}
+
/**
Returns a boolean to indicate whether SEV-ES is enabled.

@@ -125,6 +145,25 @@ MemEncryptSevIsEnabled (
return mSevStatus;
}

+/**
+ Returns a boolean to indicate whether SEV live migration is enabled.
+
+ @retval TRUE SEV live migration is enabled
+ @retval FALSE SEV live migration is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevLiveMigrationIsEnabled (
+ VOID
+ )
+{
+ if (!mSevLiveMigrationStatusChecked) {
+ InternalDetectSevLiveMigrationFeature ();
+ }
+
+ return mSevLiveMigrationStatus;
+}
+
/**
Returns the SEV encryption mask.

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
index be260e0d10..62392309fe 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
@@ -136,3 +136,30 @@ MemEncryptSevClearMmioPageEncMask (
//
return RETURN_UNSUPPORTED;
}
+
+/**
+ This hyercall is used to notify hypervisor when the page's encryption
+ state changes.
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region. The physical address is
+ expected to be PAGE_SIZE aligned.
+ @param[in] Pages Number of Pages in the memory region.
+ @param[in] Status Encrypted(1) or Decrypted(0).
+
+@retval RETURN_SUCCESS Hypercall returned success.
+**/
+RETURN_STATUS
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN UINTN PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Status
+ )
+{
+ //
+ // Memory encryption bit is not accessible in 32-bit mode
+ //
+ return RETURN_UNSUPPORTED;
+}
+
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c
index b4a9f464e2..0c9f7e17ba 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c
@@ -61,3 +61,54 @@ MemEncryptSevLocateInitialSmramSaveStateMapPages (

return RETURN_SUCCESS;
}
+
+/**
+ Figures out if we are running inside KVM HVM and
+ KVM HVM supports SEV Live Migration feature.
+
+ @retval TRUE SEV live migration is supported.
+ @retval FALSE SEV live migration is not supported.
+**/
+BOOLEAN
+EFIAPI
+KvmDetectSevLiveMigrationFeature(
+ VOID
+ )
+{
+ CHAR8 Signature[13];
+ UINT32 mKvmLeaf;
+ UINT32 RegEax, RegEbx, RegEcx, RegEdx;
+
+ Signature[12] = '\0';
+ for (mKvmLeaf = 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf += 0x100) {
+ AsmCpuid (mKvmLeaf,
+ NULL,
+ (UINT32 *) &Signature[0],
+ (UINT32 *) &Signature[4],
+ (UINT32 *) &Signature[8]);
+
+ if (AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0") == 0) {
+ DEBUG ((
+ DEBUG_INFO,
+ "%a: KVM Detected, signature = %s\n",
+ __FUNCTION__,
+ Signature
+ ));
+
+ RegEax = mKvmLeaf + 1;
+ RegEcx = 0;
+ AsmCpuid (mKvmLeaf + 1, &RegEax, &RegEbx, &RegEcx, &RegEdx);
+ if ((RegEax & KVM_FEATURE_MIGRATION_CONTROL) != 0) {
+ DEBUG ((
+ DEBUG_INFO,
+ "%a: Live Migration feature supported\n",
+ __FUNCTION__
+ ));
+
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 03a78c32df..3233ca7979 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -38,6 +38,7 @@
X64/PeiDxeVirtualMemory.c
X64/VirtualMemory.c
X64/VirtualMemory.h
+ X64/AsmHelperStub.nasm

[Sources.IA32]
Ia32/MemEncryptSevLib.c
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index e2fd109d12..9db6c2ef71 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -20,6 +20,8 @@
STATIC BOOLEAN mSevStatus = FALSE;
STATIC BOOLEAN mSevEsStatus = FALSE;
STATIC BOOLEAN mSevStatusChecked = FALSE;
+STATIC BOOLEAN mSevLiveMigrationStatus = FALSE;
+STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE;

STATIC UINT64 mSevEncryptionMask = 0;
STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
@@ -87,6 +89,24 @@ InternalMemEncryptSevStatus (
mSevStatusChecked = TRUE;
}

+/**
+ Figures out if we are running inside KVM HVM and
+ KVM HVM supports SEV Live Migration feature.
+**/
+STATIC
+VOID
+EFIAPI
+InternalDetectSevLiveMigrationFeature(
+ VOID
+ )
+{
+ if (KvmDetectSevLiveMigrationFeature()) {
+ mSevLiveMigrationStatus = TRUE;
+ }
+
+ mSevLiveMigrationStatusChecked = TRUE;
+}
+
/**
Returns a boolean to indicate whether SEV-ES is enabled.

@@ -125,6 +145,25 @@ MemEncryptSevIsEnabled (
return mSevStatus;
}

+/**
+ Returns a boolean to indicate whether SEV live migration is enabled.
+
+ @retval TRUE SEV live migration is enabled
+ @retval FALSE SEV live migration is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevLiveMigrationIsEnabled (
+ VOID
+ )
+{
+ if (!mSevLiveMigrationStatusChecked) {
+ InternalDetectSevLiveMigrationFeature ();
+ }
+
+ return mSevLiveMigrationStatus;
+}
+
/**
Returns the SEV encryption mask.

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
index 56d8f3f318..b926c7b786 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
@@ -100,6 +100,44 @@ MemEncryptSevIsEnabled (
return Msr.Bits.SevBit ? TRUE : FALSE;
}

+/**
+ Interface exposed by the ASM implementation of the core hypercall
+
+ @retval Hypercall returned status.
+**/
+UINTN
+EFIAPI
+SetMemoryEncDecHypercall3AsmStub (
+ IN UINTN HypercallNum,
+ IN UINTN PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Attributes
+ )
+{
+ //
+ // Not used in SEC phase.
+ //
+ return RETURN_UNSUPPORTED;
+}
+
+/**
+ Returns a boolean to indicate whether SEV live migration is enabled.
+
+ @retval TRUE SEV live migration is enabled
+ @retval FALSE SEV live migration is not enabled
+**/
+BOOLEAN
+EFIAPI
+MemEncryptSevLiveMigrationIsEnabled (
+ VOID
+ )
+{
+ //
+ // Not used in SEC phase.
+ //
+ return FALSE;
+}
+
/**
Returns the SEV encryption mask.

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm
new file mode 100644
index 0000000000..c7c11f77f1
--- /dev/null
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm
@@ -0,0 +1,33 @@
+/** @file
+
+ ASM helper stub to invoke hypercall
+
+ Copyright (c) 2021, AMD Incorporated. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+DEFAULT REL
+SECTION .text
+
+; UINTN
+; EFIAPI
+; SetMemoryEncDecHypercall3AsmStub (
+; IN UINTN HypercallNum,
+; IN UINTN Arg1,
+; IN UINTN Arg2,
+; IN UINTN Arg3
+; );
+global ASM_PFX(SetMemoryEncDecHypercall3AsmStub)
+ASM_PFX(SetMemoryEncDecHypercall3AsmStub):
+ ; UEFI calling conventions require RBX to
+ ; be nonvolatile/callee-saved.
+ push rbx
+ mov rax, rcx ; Copy HypercallNumber to rax
+ mov rbx, rdx ; Copy Arg1 to the register expected by KVM
+ mov rcx, r8 ; Copy Arg2 to register expected by KVM
+ mov rdx, r9 ; Copy Arg2 to register expected by KVM
+ vmmcall ; Call VMMCALL
+ pop rbx
+ ret
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c
index a57e8fd37f..57447e69dc 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c
@@ -143,3 +143,57 @@ MemEncryptSevClearMmioPageEncMask (
);

}
+
+/**
+ This hyercall is used to notify hypervisor when the page's encryption
+ state changes.
+
+ @param[in] PhysicalAddress The physical address that is the start address
+ of a memory region. The physical address is
+ expected to be PAGE_SIZE aligned.
+ @param[in] Pages Number of Pages in the memory region.
+ @param[in] Status Encrypted(1) or Decrypted(0).
+
+@retval RETURN_SUCCESS Hypercall returned success.

I see RETURN_NO_MAPPING also, so you'll need to update the retvals everywhere.

+**/
+RETURN_STATUS
+EFIAPI
+SetMemoryEncDecHypercall3 (
+ IN UINTN PhysicalAddress,
+ IN UINTN Pages,
+ IN UINTN Status
+ )
+{
+ RETURN_STATUS Ret;
+ INTN Error;

Should be UINTN.

+
+ Ret = RETURN_UNSUPPORTED;
+
+ if (MemEncryptSevLiveMigrationIsEnabled ()) {
+ Ret = EFI_SUCCESS;

RETURN_SUCCESS since Ret is type RETURN_STATUS.

+ //
+ // The encryption bit is set/clear on the smallest page size, hence
+ // use the 4k page size in MAP_GPA_RANGE hypercall below.
+ // Also, the hypercall expects the guest physical address to be
+ // page-aligned.
+ //
+ Error = SetMemoryEncDecHypercall3AsmStub (
+ KVM_HC_MAP_GPA_RANGE,
+ (PhysicalAddress & (~(EFI_PAGE_SIZE-1))),
+ Pages,
+ KVM_MAP_GPA_RANGE_PAGE_SZ_4K | KVM_MAP_GPA_RANGE_ENC_STAT(Status)

Status is UINTN, but is passed from an enum variable. If for any reason
that enum should change in the future, this may break. So you should fixup
your call to explicitly pass 0 or 1 and then you can safely use that value
here.

Maybe add an "ASSERT (Status == 0 || Status == 1)" to catch bad input values.

+ );
+
+ if (Error != 0) {
+ DEBUG ((DEBUG_ERROR,
+ "SetMemoryEncDecHypercall3 failed, Phys = %Lx, Pages = %Ld, Err = %Ld\n",
+ PhysicalAddress,
+ Pages,
+ (INT64)Error));
+
+ Ret = RETURN_NO_MAPPING;
+ }
+ }
+
+ return Ret;
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index c696745f9d..0b1588a4c1 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -536,7 +536,6 @@ EnableReadOnlyPageWriteProtect (
AsmWriteCr0 (AsmReadCr0() | BIT16);
}

-
/**
This function either sets or clears memory encryption bit for the memory
region specified by PhysicalAddress and Length from the current page table
@@ -585,6 +584,9 @@ SetMemoryEncDec (
UINT64 AddressEncMask;
BOOLEAN IsWpEnabled;
RETURN_STATUS Status;
+ UINTN Size;
+ BOOLEAN CBitChanged;
+ PHYSICAL_ADDRESS OrigPhysicalAddress;

//
// Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
@@ -636,6 +638,10 @@ SetMemoryEncDec (

Status = EFI_SUCCESS;

+ Size = Length;
+ CBitChanged = FALSE;
+ OrigPhysicalAddress = PhysicalAddress;
+
while (Length != 0)
{
//
@@ -695,6 +701,7 @@ SetMemoryEncDec (
));
PhysicalAddress += BIT30;
Length -= BIT30;
+ CBitChanged = TRUE;
} else {
//
// We must split the page
@@ -749,6 +756,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
PhysicalAddress += BIT21;
Length -= BIT21;
+ CBitChanged = TRUE;
} else {
//
// We must split up this page into 4K pages
@@ -791,6 +799,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageTableEntry->Uint64, Mode);
PhysicalAddress += EFI_PAGE_SIZE;
Length -= EFI_PAGE_SIZE;
+ CBitChanged = TRUE;
}
}
}
@@ -808,6 +817,17 @@ SetMemoryEncDec (
//
CpuFlushTlb();

+ //
+ // Notify Hypervisor on C-bit status
+ //
+ if (CBitChanged) {
+ Status = SetMemoryEncDecHypercall3 (
+ OrigPhysicalAddress,
+ EFI_SIZE_TO_PAGES(Size),
+ !Mode

"Mode" is a MAP_RANGE_MODE enum that is local to this file. So you need to
either move this to a common header file so you can use it with
SetMemoryEncDecHypercall3() or set a 0 or 1 based on Mode and pass that.

Thanks,
Tom

+ );
+ }
+
Done:
//
// Restore page table write protection, if any.